add test case of cert builder (fluid-cloudnative#1042)

* add test case of cert Signed-off-by: yangyuliufeng <[email protected]> * prepare the test environment Signed-off-by: yangyuliufeng <[email protected]>
zhang-x-z · Nov 2, 2021 · cf8b24d · cf8b24d
1 parent 25a3555
commit cf8b24d
Show file tree

Hide file tree

Showing 3 changed files with 202 additions and 7 deletions.
diff --git a/pkg/common/webhook.go b/pkg/common/webhook.go
@@ -10,7 +10,7 @@ const (
 	WebhookServiceName     = "fluid-pod-admission-webhook"
 	WebhookSchedulePodPath = "mutate-fluid-io-v1alpha1-schedulepod"
 
-	// this file comes from tools/certificate.sh
+	// CertificationGenerateFile comes from tools/certificate.sh
 	CertificationGenerateFile = "/usr/local/bin/certificate.sh"
 )
 

diff --git a/pkg/webhook/certificate_builder.go b/pkg/webhook/certificate_builder.go
@@ -43,7 +43,7 @@ func NewCertificateBuilder(c client.Client, log logr.Logger) *CertificateBuilder
 	return ch
 }
 
-// use service name and namespace generate webhook caBundle
+// BuildAndSyncCABundle use service name and namespace generate webhook caBundle
 // and patch the caBundle to MutatingWebhookConfiguration
 func (c *CertificateBuilder) BuildAndSyncCABundle(svcName, webhookName, cerPath string) error {
 
@@ -61,7 +61,7 @@ func (c *CertificateBuilder) BuildAndSyncCABundle(svcName, webhookName, cerPath
 	return c.PatchCABundle(webhookName, ca)
 }
 
-// use shell script to generate the caBundle
+// genCA use shell script to generate the caBundle
 func (c *CertificateBuilder) genCA(ns, svc, certFile, certPath string) ([]byte, error) {
 
 	genCertCmd := fmt.Sprintf(genCertFormat, certFile, svc, ns, certPath)
@@ -86,7 +86,7 @@ func (c *CertificateBuilder) genCA(ns, svc, certFile, certPath string) ([]byte,
 	return ca, nil
 }
 
-// patch the caBundle to MutatingWebhookConfiguration
+// PatchCABundle patch the caBundle to MutatingWebhookConfiguration
 func (c *CertificateBuilder) PatchCABundle(webHookName string, ca []byte) error {
 
 	var m v1beta1.MutatingWebhookConfiguration

diff --git a/pkg/webhook/certificate_builder_test.go b/pkg/webhook/certificate_builder_test.go
@@ -15,13 +15,134 @@ limitations under the License.
 package webhook
 
 import (
+	"context"
+	"github.com/fluid-cloudnative/fluid/pkg/common"
+	"k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/types"
 	"os"
-	"testing"
-
+	"os/exec"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+	"testing"
+)
+
+var (
+	testScheme *runtime.Scheme
+	log = ctrl.Log.WithName("test")
 )
 
+func init() {
+	testScheme = runtime.NewScheme()
+	_ = v1.AddToScheme(testScheme)
+	// prepare the shell script
+	cmd := exec.Command("cp", "../../tools/certificate.sh", "/usr/local/bin/certificate.sh")
+	stdout, err := cmd.Output()
+	if err != nil {
+		log.Error(err, "fail to prepare the shell script", "output", stdout)
+	}
+}
+
+func TestNewCertificateBuilder(t *testing.T) {
+	c := fake.NewFakeClient()
+	cb := NewCertificateBuilder(c, log)
+	if cb.log != log {
+		t.Errorf("fail to new the CertificateBuilder because log is not coincident")
+	}
+	if cb.Client != c {
+		t.Errorf("fail to new the CertificateBuilder because client is not coincident")
+	}
+}
+
+func TestBuildAndSyncCABundle(t *testing.T) {
+	var webhookName = "webhookName"
+	var caBundles = [][]byte{
+		{3, 5, 54, 34},
+		{3, 8 ,54, 4},
+		{35, 5 ,54, 4},
+	}
+	var testMutatingWebhookConfiguration = &v1beta1.MutatingWebhookConfiguration{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: webhookName,
+		},
+		Webhooks: []v1beta1.MutatingWebhook{
+			{
+				Name: "webhook1",
+				ClientConfig: v1beta1.WebhookClientConfig{
+					CABundle: caBundles[0],
+				},
+			},
+			{
+				Name: "webhook2",
+				ClientConfig: v1beta1.WebhookClientConfig{
+					CABundle: caBundles[1],
+				},
+			},
+			{
+				Name: "webhook3",
+				ClientConfig: v1beta1.WebhookClientConfig{
+					CABundle: caBundles[2],
+				},
+			},
+		},
+	}
+	// create dir
+	certPath := "/tmp/fluid/certs"
+	if err := os.MkdirAll(certPath, 0700); err != nil {
+		t.Errorf("fail to create path, path:%s,err:%v", certPath, err)
+	}
+	if err := os.Setenv(common.MyPodNamespace, "default"); err != nil {
+		t.Errorf("fail to set env of path, path:%s,err:%v", certPath, err)
+	}
+
+	testCases := map[string]struct {
+		lengthCheck int
+		ns          string
+		svc         string
+	}{
+		"test build and sync ca case 1": {
+			lengthCheck: 1000,
+			ns:          "fluid-system",
+			svc:         "fluid-pod-admission-webhook",
+		},
+	}
+	testScheme.AddKnownTypes(schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"}, testMutatingWebhookConfiguration)
+	client := fake.NewFakeClientWithScheme(testScheme, testMutatingWebhookConfiguration)
+	cb := NewCertificateBuilder(client, log)
+	for index, item := range testCases {
+		err := cb.BuildAndSyncCABundle(item.svc, webhookName, certPath)
+		if err != nil {
+			t.Errorf("fail to build and sync ca, err:%v", err)
+		}
+		var mc v1beta1.MutatingWebhookConfiguration
+		err = client.Get(context.TODO(), types.NamespacedName{Name: webhookName}, &mc)
+		if err != nil {
+			t.Errorf("%s cannot paas because fail to get MutatingWebhookConfiguration", index)
+			continue
+		}
+		for i := range mc.Webhooks {
+			if len(mc.Webhooks[i].ClientConfig.CABundle) < item.lengthCheck {
+				t.Errorf("%s generate certification failed, ns:%s,svc:%s,want greater than %v,got:%v",
+					index,
+					item.ns,
+					item.svc,
+					item.lengthCheck,
+					len(mc.Webhooks[i].ClientConfig.CABundle),
+				)
+				continue
+			}
+			if len(mc.Webhooks[i].ClientConfig.CABundle) == len(caBundles[i]) {
+				t.Errorf("%s cannot paas because have not pathced MutatingWebhookConfiguration", index)
+			}
+
+		}
+
+	}
+}
+
 func TestGenCA(t *testing.T) {
 
 	testCases := map[string]struct {
@@ -45,7 +166,7 @@ func TestGenCA(t *testing.T) {
 	}
 
 	c := fake.NewFakeClient()
-	cb := NewCertificateBuilder(c, ctrl.Log.WithName("test"))
+	cb := NewCertificateBuilder(c, log)
 
 	for index, item := range testCases {
 		ca, _ := cb.genCA(item.ns, item.svc, certExeFile, certPath)
@@ -66,3 +187,77 @@ func TestGenCA(t *testing.T) {
 		t.Errorf("fail to recycle file, path:%s,err:%v", certPath, err)
 	}
 }
+
+func TestPatchCABundle(t *testing.T) {
+	var webhookName = "webhookName"
+	testCases := map[string]struct {
+		ca          []byte
+	}{
+		"test case 1": {
+			ca: []byte{1, 2, 3},
+		},
+		"test case 2": {
+			ca: []byte{2, 3, 4},
+		},
+		"test case 3": {
+			ca: []byte{3, 4, 5},
+		},
+	}
+
+	var testMutatingWebhookConfiguration = &v1beta1.MutatingWebhookConfiguration{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: webhookName,
+		},
+		Webhooks: []v1beta1.MutatingWebhook{
+			{
+				Name: "webhook1",
+				ClientConfig: v1beta1.WebhookClientConfig{
+					CABundle: []byte{3, 5 ,54, 34},
+				},
+			},
+			{
+				Name: "webhook2",
+				ClientConfig: v1beta1.WebhookClientConfig{
+					CABundle: []byte{3, 8 ,54, 4},
+				},
+			},
+			{
+				Name: "webhook3",
+				ClientConfig: v1beta1.WebhookClientConfig{
+					CABundle: []byte{35, 5 ,54, 4},
+				},
+			},
+		},
+	}
+
+	testScheme.AddKnownTypes(schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"}, testMutatingWebhookConfiguration)
+	client := fake.NewFakeClientWithScheme(testScheme, testMutatingWebhookConfiguration)
+
+	for index, item := range testCases {
+		cb := NewCertificateBuilder(client, log)
+		err := cb.PatchCABundle(webhookName, item.ca)
+		if err != nil {
+			t.Errorf("%s cannot paas because fail to patch MutatingWebhookConfiguration", index)
+			continue
+		}
+		var mc v1beta1.MutatingWebhookConfiguration
+		err = client.Get(context.TODO(), types.NamespacedName{Name: webhookName}, &mc)
+		if err != nil {
+			t.Errorf("%s cannot paas because fail to get MutatingWebhookConfiguration", index)
+			continue
+		}
+		for i := range mc.Webhooks {
+			if len(mc.Webhooks[i].ClientConfig.CABundle) != len(item.ca) {
+				t.Errorf("%s cannot paas because fail to mutate CABundle ofmMutatingWebhookConfiguration", index)
+				continue
+			}
+			for j := range item.ca {
+				if mc.Webhooks[i].ClientConfig.CABundle[j] != item.ca[j] {
+					t.Errorf("%s cannot paas because fail to mutate CABundle ofmMutatingWebhookConfiguration", index)
+					continue
+				}
+			}
+
+		}
+	}
+}