NK-31: Added tests for CA extraction from clientset

webhooks/registration.go

@@ -1,7 +1,6 @@
 package webhooks
 import (
 	"io/ioutil"
-	"encoding/base64"
 
 	rest "k8s.io/client-go/rest"
 	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -55,7 +54,7 @@ func constructWebhookConfig(config *rest.Config) *adm.MutatingWebhookConfigurati
 						Name: webhookServiceName,
 						Path: &webhookPath,
 					},
-					CABundle: extractCA(config),
+					CABundle: ExtractCA(config),
 				},
 				Rules: []adm.RuleWithOperations {
 					adm.RuleWithOperations {
@@ -80,19 +79,18 @@ func constructWebhookConfig(config *rest.Config) *adm.MutatingWebhookConfigurati
 	}
 }
 
-func extractCA(config *rest.Config) (result []byte) {
-	
-	if config.TLSClientConfig.CAData != nil {
-		return config.TLSClientConfig.CAData
-	} else {
+func ExtractCA(config *rest.Config) (result []byte) {
 	fileName := config.TLSClientConfig.CAFile
-		bytes, err := ioutil.ReadFile(fileName)
+
+    if fileName != "" {
+		result, err := ioutil.ReadFile(fileName)
 		
 		if err != nil {
 			return nil
 		}
 
-		base64.StdEncoding.Encode(result, bytes)
-		return
+		return result
+	} else {
+		return config.TLSClientConfig.CAData
 	}
 }

webhooks/registration_test.go

@@ -0,0 +1,65 @@
+package webhooks_test
+import (
+	"gotest.tools/assert"
+	"io/ioutil"
+	"testing"
+	"bytes"
+
+	"github.com/nirmata/kube-policy/webhooks"
+
+	rest "k8s.io/client-go/rest"
+)
+
+func TestExtractCA_EmptyBundle(t *testing.T) {
+    CAFile := "resources/CAFile"
+
+	config := &rest.Config {
+		TLSClientConfig: rest.TLSClientConfig {
+			CAData: nil,
+            CAFile: CAFile,
+		},
+	}
+
+	expected, err := ioutil.ReadFile(CAFile)
+	assert.Assert(t, err == nil)
+	actual := webhooks.ExtractCA(config)
+    assert.Assert(t, bytes.Equal(expected, actual))
+}
+
+func TestExtractCA_EmptyCAFile(t *testing.T) {
+    CABundle := []byte(`LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1ETXhPVEUwTURjd05Gb1hEVEk1TURNeE5qRTBNRGN3TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTStQClVLVmExcm9tQndOZzdqNnBBSGo5TDQ4RVJpdEplRzRXM1pUYmNMNWNKbnVTQmFsc1h1TWpQTGZmbUV1VEZIdVAKenRqUlBEUHcreEg1d3VTWFF2U0tIaXF2VE1pUm9DSlJFa09sQXpIa1dQM0VrdnUzNzRqZDVGV3Q3NEhnRk91cApIZ1ZwdUxPblczK2NDVE5iQ3VkeDFMVldRbGgwQzJKbm1Lam5uS1YrTkxzNFJVaVk1dk91ekpuNHl6QldLRjM2CmJLZ3ZDOVpMWlFSM3dZcnJNZWllYzBnWVY2VlJtaGgxSjRDV3V1UWd0ckM2d2NJanFWZFdEUlJyNHFMdEtDcDIKQVNIZmNieitwcEdHblJ5Z2FzcWNJdnpiNUVwV3NIRGtHRStUUW5WQ0JmTmsxN0NEOTZBQ1pmRWVybzEvWE16MgpRbzZvcUE0dnF5ZkdWWVU5RVZFQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFNWFVpUVJpdUc4cGdzcHMrZTdGZWdCdEJOZEcKZlFUdHVLRWFUZ0U0RjQwamJ3UmdrN25DTHlsSHgvRG04aVRRQmsyWjR4WnNuY0huRys4SkwrckRLdlJBSE5iVQpsYnpReXA1V3FwdjdPcThwZ01wU0o5bTdVY3BGZmRVZkorNW43aXFnTGdMb3lhNmtRVTR2Rk0yTE1rWjI5NVpxCmVId0hnREo5Z3IwWGNyOWM1L2tRdkxFc2Z2WU5QZVhuamNyWXlDb2JNcVduSElxeVd3cHM1VTJOaGgraXhSZEIKbzRRL3RJS04xOU93WGZBaVc5SENhNzZMb3ZXaUhPU2UxVnFzK1h1N1A5ckx4eW1vQm91aFcxVmZ0bUo5Qy9vTAp3cFVuNnlXRCttY0tkZ3J5QTFjTWJ4Q281bUd6YTNLaFk1QTd5eDQ1cThkSEIzTWU4d0FCam1wWEs0ST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=`)
+
+	config := &rest.Config {
+		TLSClientConfig: rest.TLSClientConfig {
+			CAData: CABundle,
+            CAFile: "",
+		},
+	}
+
+	actual := webhooks.ExtractCA(config)
+    assert.Assert(t, bytes.Equal(CABundle, actual))
+}
+
+func TestExtractCA_EmptyConfig(t *testing.T) {
+	config := &rest.Config {
+		TLSClientConfig: rest.TLSClientConfig {
+			CAData: nil,
+            CAFile: "",
+		},
+	}
+
+	actual := webhooks.ExtractCA(config)
+    assert.Assert(t, actual == nil)
+}
+
+func TestExtractCA_InvalidFile(t *testing.T) {
+	config := &rest.Config {
+		TLSClientConfig: rest.TLSClientConfig {
+			CAData: nil,
+            CAFile: "somenonexistingfile",
+		},
+	}
+
+	actual := webhooks.ExtractCA(config)
+    assert.Assert(t, actual == nil)
+}

webhooks/resources/CAFile

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
+cm5ldGVzMB4XDTE5MDMxOTE0MDcwNFoXDTI5MDMxNjE0MDcwNFowFTETMBEGA1UE
+AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+P
+UKVa1romBwNg7j6pAHj9L48ERitJeG4W3ZTbcL5cJnuSBalsXuMjPLffmEuTFHuP
+ztjRPDPw+xH5wuSXQvSKHiqvTMiRoCJREkOlAzHkWP3Ekvu374jd5FWt74HgFOup
+HgVpuLOnW3+cCTNbCudx1LVWQlh0C2JnmKjnnKV+NLs4RUiY5vOuzJn4yzBWKF36
+bKgvC9ZLZQR3wYrrMeiec0gYV6VRmhh1J4CWuuQgtrC6wcIjqVdWDRRr4qLtKCp2
+ASHfcbz+ppGGnRygasqcIvzb5EpWsHDkGE+TQnVCBfNk17CD96ACZfEero1/XMz2
+Qo6oqA4vqyfGVYU9EVECAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAMXUiQRiuG8pgsps+e7FegBtBNdG
+fQTtuKEaTgE4F40jbwRgk7nCLylHx/Dm8iTQBk2Z4xZsncHnG+8JL+rDKvRAHNbU
+lbzQyp5Wqpv7Oq8pgMpSJ9m7UcpFfdUfJ+5n7iqgLgLoya6kQU4vFM2LMkZ295Zq
+eHwHgDJ9gr0Xcr9c5/kQvLEsfvYNPeXnjcrYyCobMqWnHIqyWwps5U2Nhh+ixRdB
+o4Q/tIKN19OwXfAiW9HCa76LovWiHOSe1Vqs+Xu7P9rLxymoBouhW1VftmJ9C/oL
+wpUn6yWD+mcKdgryA1cMbxCo5mGza3KhY5A7yx45q8dHB3Me8wABjmpXK4I=
+-----END CERTIFICATE-----