Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
976b23d4
Commit
976b23d4
authored
Jan 23, 2025
by
Brad Davidson
Committed by
Brad Davidson
Jan 23, 2025
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update tests
Also add an ordinal to subtests so its easier to figure out which one is failing Signed-off-by:
Brad Davidson
<
brad.davidson@rancher.com
>
parent
29a5739b
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
155 additions
and
113 deletions
+155
-113
handlers_test.go
pkg/server/handlers/handlers_test.go
+155
-113
No files found.
pkg/server/handlers/handlers_test.go
View file @
976b23d4
...
@@ -46,12 +46,12 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -46,12 +46,12 @@ func Test_UnitHandlers(t *testing.T) {
genericFailures
:=
[]
sub
{
genericFailures
:=
[]
sub
{
{
{
name
:
"anonymous"
,
name
:
"
000
anonymous"
,
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusForbidden
)
return
HaveHTTPStatus
(
http
.
StatusForbidden
)
},
},
},
{
},
{
name
:
"bad basic"
,
name
:
"
001
bad basic"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"server"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"server"
,
control
.
AgentToken
)
},
},
...
@@ -59,7 +59,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -59,7 +59,7 @@ func Test_UnitHandlers(t *testing.T) {
return
HaveHTTPStatus
(
http
.
StatusUnauthorized
)
return
HaveHTTPStatus
(
http
.
StatusUnauthorized
)
},
},
},
{
},
{
name
:
"valid cert but untrusted CA"
,
name
:
"
002
valid cert but untrusted CA"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ServerCA
,
control
.
Runtime
.
ServerCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ServerCA
,
control
.
Runtime
.
ServerCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -71,7 +71,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -71,7 +71,7 @@ func Test_UnitHandlers(t *testing.T) {
return
HaveHTTPStatus
(
http
.
StatusUnauthorized
)
return
HaveHTTPStatus
(
http
.
StatusUnauthorized
)
},
},
},
{
},
{
name
:
"valid cert but no RBAC"
,
name
:
"
003
valid cert but no RBAC"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:monitoring"
,
CommonName
:
"system:monitoring"
,
...
@@ -107,7 +107,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -107,7 +107,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/serving-kubelet.crt"
,
path
:
"/v1-k3s/serving-kubelet.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic but missing headers"
,
name
:
"
100
valid basic but missing headers"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
...
@@ -116,7 +116,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -116,7 +116,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but missing headers"
,
name
:
"
101
valid cert but missing headers"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -129,7 +129,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -129,7 +129,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but wrong node name"
,
name
:
"
102
valid cert but wrong node name"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -144,7 +144,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -144,7 +144,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but nonexistent node"
,
name
:
"
103
valid cert but nonexistent node"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"nonexistent"
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"nonexistent"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -159,18 +159,21 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -159,18 +159,21 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic legacy key"
,
name
:
"
104
valid basic legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
ContainSubstring
(
"PRIVATE KEY"
)),
)
},
},
},
},
sub
{
sub
{
name
:
"valid cert legacy key"
,
name
:
"
105
valid cert legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -181,11 +184,14 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -181,11 +184,14 @@ func Test_UnitHandlers(t *testing.T) {
})
})
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
ContainSubstring
(
"PRIVATE KEY"
)),
)
},
},
},
},
sub
{
sub
{
name
:
"valid basic legacy key deferred local password"
,
name
:
"
106
valid basic legacy key deferred local password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -200,7 +206,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -200,7 +206,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert legacy key deferred local password"
,
name
:
"
107
valid cert legacy key deferred local password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -219,7 +225,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -219,7 +225,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic different node"
,
name
:
"
108
valid basic different node"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -230,7 +236,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -230,7 +236,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic bad node password"
,
name
:
"
109
valid basic bad node password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -246,7 +252,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -246,7 +252,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/serving-kubelet.crt"
,
path
:
"/v1-k3s/serving-kubelet.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic client key but bad password"
,
name
:
"
200
valid basic client key but bad password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -254,11 +260,14 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -254,11 +260,14 @@ func Test_UnitHandlers(t *testing.T) {
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
Not
(
ContainSubstring
(
"PRIVATE KEY"
))),
)
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key"
,
name
:
"
201
valid cert client key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -270,11 +279,14 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -270,11 +279,14 @@ func Test_UnitHandlers(t *testing.T) {
})
})
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
Not
(
ContainSubstring
(
"PRIVATE KEY"
))),
)
},
},
},
},
sub
{
sub
{
name
:
"valid basic client key but bad password"
,
name
:
"
203
valid basic client key but bad password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -282,11 +294,11 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -282,11 +294,11 @@ func Test_UnitHandlers(t *testing.T) {
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
Status
ServiceUnavailable
)
return
HaveHTTPStatus
(
http
.
Status
Forbidden
)
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key but bad password"
,
name
:
"
204
valid cert client key but bad password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -298,11 +310,11 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -298,11 +310,11 @@ func Test_UnitHandlers(t *testing.T) {
})
})
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
Status
ServiceUnavailable
)
return
HaveHTTPStatus
(
http
.
Status
Forbidden
)
},
},
},
},
sub
{
sub
{
name
:
"valid basic client key but bad deferred local password"
,
name
:
"
205
valid basic client key but bad deferred local password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -315,7 +327,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -315,7 +327,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key but bad deferred local password"
,
name
:
"
206
valid cert client key but bad deferred local password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -350,7 +362,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -350,7 +362,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/serving-kubelet.crt"
,
path
:
"/v1-k3s/serving-kubelet.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic but missing headers"
,
name
:
"
300
valid basic but missing headers"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
...
@@ -359,7 +371,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -359,7 +371,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but missing headers"
,
name
:
"
301
valid cert but missing headers"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -372,7 +384,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -372,7 +384,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but wrong node name"
,
name
:
"
302
valid cert but wrong node name"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -387,7 +399,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -387,7 +399,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but nonexistent node"
,
name
:
"
303
valid cert but nonexistent node"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"nonexistent"
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"nonexistent"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -402,18 +414,21 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -402,18 +414,21 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic legacy key"
,
name
:
"
304
valid basic legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
ContainSubstring
(
"PRIVATE KEY"
)),
)
},
},
},
},
sub
{
sub
{
name
:
"valid cert legacy key"
,
name
:
"
305
valid cert legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -424,11 +439,14 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -424,11 +439,14 @@ func Test_UnitHandlers(t *testing.T) {
})
})
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
ContainSubstring
(
"PRIVATE KEY"
)),
)
},
},
},
},
sub
{
sub
{
name
:
"valid basic legacy key deferred local password"
,
name
:
"
306
valid basic legacy key deferred local password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -443,7 +461,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -443,7 +461,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert legacy key deferred local password"
,
name
:
"
307
valid cert legacy key deferred local password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -462,7 +480,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -462,7 +480,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic different node"
,
name
:
"
308
valid basic different node"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -473,7 +491,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -473,7 +491,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic bad node password"
,
name
:
"
309
valid basic bad node password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -489,7 +507,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -489,7 +507,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/serving-kubelet.crt"
,
path
:
"/v1-k3s/serving-kubelet.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic client key but bad password"
,
name
:
"
400
valid basic client key but bad password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -497,11 +515,14 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -497,11 +515,14 @@ func Test_UnitHandlers(t *testing.T) {
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
Not
(
ContainSubstring
(
"PRIVATE KEY"
))),
)
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key"
,
name
:
"
401
valid cert client key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -513,11 +534,14 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -513,11 +534,14 @@ func Test_UnitHandlers(t *testing.T) {
})
})
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
Not
(
ContainSubstring
(
"PRIVATE KEY"
))),
)
},
},
},
},
sub
{
sub
{
name
:
"valid basic client key but bad password"
,
name
:
"
402
valid basic client key but bad password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -525,11 +549,11 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -525,11 +549,11 @@ func Test_UnitHandlers(t *testing.T) {
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
Status
ServiceUnavailable
)
return
HaveHTTPStatus
(
http
.
Status
Forbidden
)
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key but bad password"
,
name
:
"
403
valid cert client key but bad password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -541,11 +565,11 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -541,11 +565,11 @@ func Test_UnitHandlers(t *testing.T) {
})
})
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
Status
ServiceUnavailable
)
return
HaveHTTPStatus
(
http
.
Status
Forbidden
)
},
},
},
},
sub
{
sub
{
name
:
"valid basic client key but bad deferred local password"
,
name
:
"
404
valid basic client key but bad deferred local password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -558,7 +582,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -558,7 +582,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key but bad deferred local password"
,
name
:
"
405
valid cert client key but bad deferred local password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -589,7 +613,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -589,7 +613,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/serving-kubelet.crt"
,
path
:
"/v1-k3s/serving-kubelet.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic but missing headers"
,
name
:
"
500
valid basic but missing headers"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
...
@@ -598,7 +622,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -598,7 +622,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but missing headers"
,
name
:
"
501
valid cert but missing headers"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -611,7 +635,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -611,7 +635,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but wrong node name"
,
name
:
"
502
valid cert but wrong node name"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -626,7 +650,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -626,7 +650,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but nonexistent node"
,
name
:
"
503
valid cert but nonexistent node"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"nonexistent"
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"nonexistent"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -641,18 +665,21 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -641,18 +665,21 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic legacy key"
,
name
:
"
504
valid basic legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
ContainSubstring
(
"PRIVATE KEY"
)),
)
},
},
},
},
sub
{
sub
{
name
:
"valid cert legacy key"
,
name
:
"
505
valid cert legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -663,11 +690,14 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -663,11 +690,14 @@ func Test_UnitHandlers(t *testing.T) {
})
})
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
ContainSubstring
(
"PRIVATE KEY"
)),
)
},
},
},
},
sub
{
sub
{
name
:
"valid basic legacy key deferred local password"
,
name
:
"
506
valid basic legacy key deferred local password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -682,7 +712,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -682,7 +712,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert legacy key deferred local password"
,
name
:
"
507
valid cert legacy key deferred local password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -701,7 +731,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -701,7 +731,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic different node"
,
name
:
"
508
valid basic different node"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -712,7 +742,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -712,7 +742,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic bad node password"
,
name
:
"
509
valid basic bad node password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -728,7 +758,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -728,7 +758,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/serving-kubelet.crt"
,
path
:
"/v1-k3s/serving-kubelet.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic client key but bad password"
,
name
:
"
600
valid basic client key but bad password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -736,11 +766,14 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -736,11 +766,14 @@ func Test_UnitHandlers(t *testing.T) {
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
Not
(
ContainSubstring
(
"PRIVATE KEY"
))),
)
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key"
,
name
:
"
601
valid cert client key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -752,11 +785,14 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -752,11 +785,14 @@ func Test_UnitHandlers(t *testing.T) {
})
})
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
Not
(
ContainSubstring
(
"PRIVATE KEY"
))),
)
},
},
},
},
sub
{
sub
{
name
:
"valid basic client key but bad password"
,
name
:
"
602
valid basic client key but bad password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -764,11 +800,14 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -764,11 +800,14 @@ func Test_UnitHandlers(t *testing.T) {
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
Not
(
ContainSubstring
(
"PRIVATE KEY"
))),
)
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key but bad password"
,
name
:
"
603
valid cert client key but bad password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -780,11 +819,14 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -780,11 +819,14 @@ func Test_UnitHandlers(t *testing.T) {
})
})
},
},
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
HaveHTTPStatus
(
http
.
StatusServiceUnavailable
)
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPBody
(
Not
(
ContainSubstring
(
"PRIVATE KEY"
))),
)
},
},
},
},
sub
{
sub
{
name
:
"valid basic client key but bad deferred local password"
,
name
:
"
604
valid basic client key but bad deferred local password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -800,7 +842,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -800,7 +842,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key but bad deferred local password"
,
name
:
"
605
valid cert client key but bad deferred local password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -834,7 +876,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -834,7 +876,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/serving-kubelet.crt"
,
path
:
"/v1-k3s/serving-kubelet.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic but missing headers"
,
name
:
"
700
valid basic but missing headers"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
...
@@ -843,7 +885,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -843,7 +885,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but missing headers"
,
name
:
"
701
valid cert but missing headers"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -856,7 +898,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -856,7 +898,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but wrong node name"
,
name
:
"
702
valid cert but wrong node name"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -871,7 +913,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -871,7 +913,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but nonexistent node"
,
name
:
"
703
valid cert but nonexistent node"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"nonexistent"
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"nonexistent"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -886,7 +928,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -886,7 +928,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic legacy key"
,
name
:
"
704
valid basic legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -900,7 +942,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -900,7 +942,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert legacy key"
,
name
:
"
705
valid cert legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -918,7 +960,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -918,7 +960,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic different node"
,
name
:
"
706
valid basic different node"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -932,7 +974,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -932,7 +974,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic bad node password"
,
name
:
"
707
valid basic bad node password"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
"k3s-agent-1"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"invalid-password"
)
...
@@ -950,7 +992,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -950,7 +992,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/serving-kubelet.crt"
,
path
:
"/v1-k3s/serving-kubelet.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic client key"
,
name
:
"
800
valid basic client key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -965,7 +1007,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -965,7 +1007,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key"
,
name
:
"
801
valid cert client key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -989,7 +1031,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -989,7 +1031,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/client-kubelet.crt"
,
path
:
"/v1-k3s/client-kubelet.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic but missing headers"
,
name
:
"
900
valid basic but missing headers"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
...
@@ -998,7 +1040,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -998,7 +1040,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert but missing headers"
,
name
:
"
901
valid cert but missing headers"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -1011,7 +1053,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1011,7 +1053,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid basic legacy key"
,
name
:
"
902
valid basic legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -1025,7 +1067,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1025,7 +1067,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert legacy key"
,
name
:
"
903
valid cert legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -1048,7 +1090,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1048,7 +1090,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/client-kubelet.crt"
,
path
:
"/v1-k3s/client-kubelet.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic client key"
,
name
:
"
A00
valid basic client key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -1063,7 +1105,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1063,7 +1105,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key"
,
name
:
"
A01
valid cert client key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Name"
,
control
.
ServerNodeName
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
req
.
Header
.
Add
(
"k3s-Node-Password"
,
"password"
)
...
@@ -1089,7 +1131,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1089,7 +1131,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/client-kube-proxy.crt"
,
path
:
"/v1-k3s/client-kube-proxy.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic legacy key"
,
name
:
"
B00
valid basic legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
...
@@ -1101,7 +1143,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1101,7 +1143,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert legacy key"
,
name
:
"
B01
valid cert legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -1122,7 +1164,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1122,7 +1164,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/client-kube-proxy.crt"
,
path
:
"/v1-k3s/client-kube-proxy.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic client key"
,
name
:
"
C00
valid basic client key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withCertificateRequest
(
req
)
withCertificateRequest
(
req
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
...
@@ -1135,7 +1177,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1135,7 +1177,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key"
,
name
:
"
C01
valid cert client key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withCertificateRequest
(
req
)
withCertificateRequest
(
req
)
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
...
@@ -1157,7 +1199,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1157,7 +1199,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/client-k3s-controller.crt"
,
path
:
"/v1-k3s/client-k3s-controller.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic legacy key"
,
name
:
"
D00
valid basic legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
...
@@ -1169,7 +1211,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1169,7 +1211,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert legacy key"
,
name
:
"
D01
valid cert legacy key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -1190,7 +1232,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1190,7 +1232,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/client-k3s-controller.crt"
,
path
:
"/v1-k3s/client-k3s-controller.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic client key"
,
name
:
"
E00
valid basic client key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withCertificateRequest
(
req
)
withCertificateRequest
(
req
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
...
@@ -1203,7 +1245,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1203,7 +1245,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert client key"
,
name
:
"
E01
valid cert client key"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withCertificateRequest
(
req
)
withCertificateRequest
(
req
)
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
...
@@ -1225,7 +1267,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1225,7 +1267,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/client-ca.crt"
,
path
:
"/v1-k3s/client-ca.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic"
,
name
:
"
F00
valid basic"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
...
@@ -1238,7 +1280,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1238,7 +1280,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert"
,
name
:
"
F01
valid cert"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -1260,7 +1302,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1260,7 +1302,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/server-ca.crt"
,
path
:
"/v1-k3s/server-ca.crt"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic"
,
name
:
"
G00
valid basic"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
...
@@ -1273,7 +1315,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1273,7 +1315,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert"
,
name
:
"
G01
valid cert"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -1295,7 +1337,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1295,7 +1337,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/apiservers"
,
path
:
"/v1-k3s/apiservers"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic"
,
name
:
"
G00
valid basic"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
...
@@ -1307,7 +1349,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1307,7 +1349,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert"
,
name
:
"
G01
valid cert"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -1328,7 +1370,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1328,7 +1370,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/config"
,
path
:
"/v1-k3s/config"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic"
,
name
:
"
H00
valid basic"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
...
@@ -1340,7 +1382,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1340,7 +1382,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert"
,
name
:
"
H01
valid cert"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -1361,7 +1403,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1361,7 +1403,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/readyz"
,
path
:
"/v1-k3s/readyz"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic"
,
name
:
"
I00
valid basic"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
req
.
SetBasicAuth
(
"node"
,
control
.
AgentToken
)
},
},
...
@@ -1373,7 +1415,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1373,7 +1415,7 @@ func Test_UnitHandlers(t *testing.T) {
},
},
},
},
sub
{
sub
{
name
:
"valid cert"
,
name
:
"
I01
valid cert"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -1396,7 +1438,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1396,7 +1438,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/connect"
,
path
:
"/v1-k3s/connect"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid cert"
,
name
:
"
J00
valid cert"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
withNewClientCert
(
req
,
control
.
Runtime
.
ClientCA
,
control
.
Runtime
.
ClientCAKey
,
control
.
Runtime
.
ClientKubeletKey
,
certutil
.
Config
{
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
CommonName
:
"system:node:"
+
control
.
ServerNodeName
,
...
@@ -1416,7 +1458,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1416,7 +1458,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/encrypt/status"
,
path
:
"/v1-k3s/encrypt/status"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic"
,
name
:
"
K00
valid basic"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"server"
,
control
.
Token
)
req
.
SetBasicAuth
(
"server"
,
control
.
Token
)
},
},
...
@@ -1430,7 +1472,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1430,7 +1472,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/encrypt/config"
,
path
:
"/v1-k3s/encrypt/config"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic"
,
name
:
"
L00
valid basic"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"server"
,
control
.
Token
)
req
.
SetBasicAuth
(
"server"
,
control
.
Token
)
},
},
...
@@ -1444,7 +1486,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1444,7 +1486,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/cert/cacerts"
,
path
:
"/v1-k3s/cert/cacerts"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic"
,
name
:
"
M00
valid basic"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"server"
,
control
.
Token
)
req
.
SetBasicAuth
(
"server"
,
control
.
Token
)
},
},
...
@@ -1458,7 +1500,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1458,7 +1500,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/server-bootstrap"
,
path
:
"/v1-k3s/server-bootstrap"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic"
,
name
:
"
N00
valid basic"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"server"
,
control
.
Token
)
req
.
SetBasicAuth
(
"server"
,
control
.
Token
)
},
},
...
@@ -1475,7 +1517,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1475,7 +1517,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/v1-k3s/token"
,
path
:
"/v1-k3s/token"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid basic"
,
name
:
"
O00
valid basic"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
req
.
SetBasicAuth
(
"server"
,
control
.
Token
)
req
.
SetBasicAuth
(
"server"
,
control
.
Token
)
},
},
...
@@ -1491,7 +1533,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1491,7 +1533,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/"
,
path
:
"/"
,
subs
:
append
(
genericFailures
,
subs
:
append
(
genericFailures
,
sub
{
sub
{
name
:
"valid cert"
,
name
:
"
P00
valid cert"
,
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
prepare
:
func
(
control
*
config
.
Control
,
req
*
http
.
Request
)
{
withClientCert
(
req
,
control
.
Runtime
.
ClientKubeAPICert
)
withClientCert
(
req
,
control
.
Runtime
.
ClientKubeAPICert
)
},
},
...
@@ -1507,7 +1549,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1507,7 +1549,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/ping"
,
path
:
"/ping"
,
subs
:
[]
sub
{
subs
:
[]
sub
{
{
{
name
:
"anonymous"
,
name
:
"
Q00
anonymous"
,
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
_
*
config
.
Control
)
types
.
GomegaMatcher
{
return
And
(
return
And
(
HaveHTTPStatus
(
http
.
StatusOK
),
HaveHTTPStatus
(
http
.
StatusOK
),
...
@@ -1521,7 +1563,7 @@ func Test_UnitHandlers(t *testing.T) {
...
@@ -1521,7 +1563,7 @@ func Test_UnitHandlers(t *testing.T) {
path
:
"/cacerts"
,
path
:
"/cacerts"
,
subs
:
[]
sub
{
subs
:
[]
sub
{
{
{
name
:
"anonymous"
,
name
:
"
R00
anonymous"
,
match
:
func
(
control
*
config
.
Control
)
types
.
GomegaMatcher
{
match
:
func
(
control
*
config
.
Control
)
types
.
GomegaMatcher
{
certs
,
_
:=
os
.
ReadFile
(
control
.
Runtime
.
ServerCA
)
certs
,
_
:=
os
.
ReadFile
(
control
.
Runtime
.
ServerCA
)
return
And
(
return
And
(
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment