Commit 976b23d4 authored by Brad Davidson's avatar Brad Davidson Committed by Brad Davidson

Update tests

Also add an ordinal to subtests so its easier to figure out which one is failing Signed-off-by: 's avatarBrad Davidson <brad.davidson@rancher.com>
parent 29a5739b
...@@ -46,12 +46,12 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -46,12 +46,12 @@ func Test_UnitHandlers(t *testing.T) {
genericFailures := []sub{ genericFailures := []sub{
{ {
name: "anonymous", name: "000 anonymous",
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusForbidden) return HaveHTTPStatus(http.StatusForbidden)
}, },
}, { }, {
name: "bad basic", name: "001 bad basic",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("server", control.AgentToken) req.SetBasicAuth("server", control.AgentToken)
}, },
...@@ -59,7 +59,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -59,7 +59,7 @@ func Test_UnitHandlers(t *testing.T) {
return HaveHTTPStatus(http.StatusUnauthorized) return HaveHTTPStatus(http.StatusUnauthorized)
}, },
}, { }, {
name: "valid cert but untrusted CA", name: "002 valid cert but untrusted CA",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ServerCA, control.Runtime.ServerCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ServerCA, control.Runtime.ServerCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -71,7 +71,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -71,7 +71,7 @@ func Test_UnitHandlers(t *testing.T) {
return HaveHTTPStatus(http.StatusUnauthorized) return HaveHTTPStatus(http.StatusUnauthorized)
}, },
}, { }, {
name: "valid cert but no RBAC", name: "003 valid cert but no RBAC",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:monitoring", CommonName: "system:monitoring",
...@@ -107,7 +107,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -107,7 +107,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/serving-kubelet.crt", path: "/v1-k3s/serving-kubelet.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic but missing headers", name: "100 valid basic but missing headers",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
...@@ -116,7 +116,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -116,7 +116,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but missing headers", name: "101 valid cert but missing headers",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -129,7 +129,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -129,7 +129,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but wrong node name", name: "102 valid cert but wrong node name",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -144,7 +144,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -144,7 +144,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but nonexistent node", name: "103 valid cert but nonexistent node",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", "nonexistent") req.Header.Add("k3s-Node-Name", "nonexistent")
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -159,18 +159,21 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -159,18 +159,21 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic legacy key", name: "104 valid basic legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(ContainSubstring("PRIVATE KEY")),
)
}, },
}, },
sub{ sub{
name: "valid cert legacy key", name: "105 valid cert legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -181,11 +184,14 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -181,11 +184,14 @@ func Test_UnitHandlers(t *testing.T) {
}) })
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(ContainSubstring("PRIVATE KEY")),
)
}, },
}, },
sub{ sub{
name: "valid basic legacy key deferred local password", name: "106 valid basic legacy key deferred local password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -200,7 +206,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -200,7 +206,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert legacy key deferred local password", name: "107 valid cert legacy key deferred local password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -219,7 +225,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -219,7 +225,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic different node", name: "108 valid basic different node",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Name", "k3s-agent-1")
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -230,7 +236,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -230,7 +236,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic bad node password", name: "109 valid basic bad node password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Name", "k3s-agent-1")
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -246,7 +252,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -246,7 +252,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/serving-kubelet.crt", path: "/v1-k3s/serving-kubelet.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic client key but bad password", name: "200 valid basic client key but bad password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -254,11 +260,14 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -254,11 +260,14 @@ func Test_UnitHandlers(t *testing.T) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
)
}, },
}, },
sub{ sub{
name: "valid cert client key", name: "201 valid cert client key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -270,11 +279,14 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -270,11 +279,14 @@ func Test_UnitHandlers(t *testing.T) {
}) })
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
)
}, },
}, },
sub{ sub{
name: "valid basic client key but bad password", name: "203 valid basic client key but bad password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -282,11 +294,11 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -282,11 +294,11 @@ func Test_UnitHandlers(t *testing.T) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return HaveHTTPStatus(http.StatusForbidden)
}, },
}, },
sub{ sub{
name: "valid cert client key but bad password", name: "204 valid cert client key but bad password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -298,11 +310,11 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -298,11 +310,11 @@ func Test_UnitHandlers(t *testing.T) {
}) })
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return HaveHTTPStatus(http.StatusForbidden)
}, },
}, },
sub{ sub{
name: "valid basic client key but bad deferred local password", name: "205 valid basic client key but bad deferred local password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -315,7 +327,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -315,7 +327,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert client key but bad deferred local password", name: "206 valid cert client key but bad deferred local password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -350,7 +362,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -350,7 +362,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/serving-kubelet.crt", path: "/v1-k3s/serving-kubelet.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic but missing headers", name: "300 valid basic but missing headers",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
...@@ -359,7 +371,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -359,7 +371,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but missing headers", name: "301 valid cert but missing headers",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -372,7 +384,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -372,7 +384,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but wrong node name", name: "302 valid cert but wrong node name",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -387,7 +399,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -387,7 +399,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but nonexistent node", name: "303 valid cert but nonexistent node",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", "nonexistent") req.Header.Add("k3s-Node-Name", "nonexistent")
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -402,18 +414,21 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -402,18 +414,21 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic legacy key", name: "304 valid basic legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(ContainSubstring("PRIVATE KEY")),
)
}, },
}, },
sub{ sub{
name: "valid cert legacy key", name: "305 valid cert legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -424,11 +439,14 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -424,11 +439,14 @@ func Test_UnitHandlers(t *testing.T) {
}) })
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(ContainSubstring("PRIVATE KEY")),
)
}, },
}, },
sub{ sub{
name: "valid basic legacy key deferred local password", name: "306 valid basic legacy key deferred local password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -443,7 +461,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -443,7 +461,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert legacy key deferred local password", name: "307 valid cert legacy key deferred local password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -462,7 +480,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -462,7 +480,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic different node", name: "308 valid basic different node",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Name", "k3s-agent-1")
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -473,7 +491,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -473,7 +491,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic bad node password", name: "309 valid basic bad node password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Name", "k3s-agent-1")
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -489,7 +507,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -489,7 +507,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/serving-kubelet.crt", path: "/v1-k3s/serving-kubelet.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic client key but bad password", name: "400 valid basic client key but bad password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -497,11 +515,14 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -497,11 +515,14 @@ func Test_UnitHandlers(t *testing.T) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
)
}, },
}, },
sub{ sub{
name: "valid cert client key", name: "401 valid cert client key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -513,11 +534,14 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -513,11 +534,14 @@ func Test_UnitHandlers(t *testing.T) {
}) })
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
)
}, },
}, },
sub{ sub{
name: "valid basic client key but bad password", name: "402 valid basic client key but bad password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -525,11 +549,11 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -525,11 +549,11 @@ func Test_UnitHandlers(t *testing.T) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return HaveHTTPStatus(http.StatusForbidden)
}, },
}, },
sub{ sub{
name: "valid cert client key but bad password", name: "403 valid cert client key but bad password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -541,11 +565,11 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -541,11 +565,11 @@ func Test_UnitHandlers(t *testing.T) {
}) })
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return HaveHTTPStatus(http.StatusForbidden)
}, },
}, },
sub{ sub{
name: "valid basic client key but bad deferred local password", name: "404 valid basic client key but bad deferred local password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -558,7 +582,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -558,7 +582,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert client key but bad deferred local password", name: "405 valid cert client key but bad deferred local password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -589,7 +613,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -589,7 +613,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/serving-kubelet.crt", path: "/v1-k3s/serving-kubelet.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic but missing headers", name: "500 valid basic but missing headers",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
...@@ -598,7 +622,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -598,7 +622,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but missing headers", name: "501 valid cert but missing headers",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -611,7 +635,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -611,7 +635,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but wrong node name", name: "502 valid cert but wrong node name",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -626,7 +650,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -626,7 +650,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but nonexistent node", name: "503 valid cert but nonexistent node",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", "nonexistent") req.Header.Add("k3s-Node-Name", "nonexistent")
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -641,18 +665,21 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -641,18 +665,21 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic legacy key", name: "504 valid basic legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(ContainSubstring("PRIVATE KEY")),
)
}, },
}, },
sub{ sub{
name: "valid cert legacy key", name: "505 valid cert legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -663,11 +690,14 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -663,11 +690,14 @@ func Test_UnitHandlers(t *testing.T) {
}) })
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(ContainSubstring("PRIVATE KEY")),
)
}, },
}, },
sub{ sub{
name: "valid basic legacy key deferred local password", name: "506 valid basic legacy key deferred local password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -682,7 +712,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -682,7 +712,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert legacy key deferred local password", name: "507 valid cert legacy key deferred local password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -701,7 +731,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -701,7 +731,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic different node", name: "508 valid basic different node",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Name", "k3s-agent-1")
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -712,7 +742,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -712,7 +742,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic bad node password", name: "509 valid basic bad node password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Name", "k3s-agent-1")
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -728,7 +758,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -728,7 +758,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/serving-kubelet.crt", path: "/v1-k3s/serving-kubelet.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic client key but bad password", name: "600 valid basic client key but bad password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -736,11 +766,14 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -736,11 +766,14 @@ func Test_UnitHandlers(t *testing.T) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
)
}, },
}, },
sub{ sub{
name: "valid cert client key", name: "601 valid cert client key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -752,11 +785,14 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -752,11 +785,14 @@ func Test_UnitHandlers(t *testing.T) {
}) })
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
)
}, },
}, },
sub{ sub{
name: "valid basic client key but bad password", name: "602 valid basic client key but bad password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -764,11 +800,14 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -764,11 +800,14 @@ func Test_UnitHandlers(t *testing.T) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
)
}, },
}, },
sub{ sub{
name: "valid cert client key but bad password", name: "603 valid cert client key but bad password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -780,11 +819,14 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -780,11 +819,14 @@ func Test_UnitHandlers(t *testing.T) {
}) })
}, },
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return HaveHTTPStatus(http.StatusServiceUnavailable) return And(
HaveHTTPStatus(http.StatusOK),
HaveHTTPBody(Not(ContainSubstring("PRIVATE KEY"))),
)
}, },
}, },
sub{ sub{
name: "valid basic client key but bad deferred local password", name: "604 valid basic client key but bad deferred local password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -800,7 +842,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -800,7 +842,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert client key but bad deferred local password", name: "605 valid cert client key but bad deferred local password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -834,7 +876,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -834,7 +876,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/serving-kubelet.crt", path: "/v1-k3s/serving-kubelet.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic but missing headers", name: "700 valid basic but missing headers",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
...@@ -843,7 +885,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -843,7 +885,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but missing headers", name: "701 valid cert but missing headers",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -856,7 +898,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -856,7 +898,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but wrong node name", name: "702 valid cert but wrong node name",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -871,7 +913,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -871,7 +913,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but nonexistent node", name: "703 valid cert but nonexistent node",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", "nonexistent") req.Header.Add("k3s-Node-Name", "nonexistent")
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -886,7 +928,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -886,7 +928,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic legacy key", name: "704 valid basic legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -900,7 +942,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -900,7 +942,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert legacy key", name: "705 valid cert legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -918,7 +960,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -918,7 +960,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic different node", name: "706 valid basic different node",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Name", "k3s-agent-1")
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -932,7 +974,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -932,7 +974,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic bad node password", name: "707 valid basic bad node password",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", "k3s-agent-1") req.Header.Add("k3s-Node-Name", "k3s-agent-1")
req.Header.Add("k3s-Node-Password", "invalid-password") req.Header.Add("k3s-Node-Password", "invalid-password")
...@@ -950,7 +992,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -950,7 +992,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/serving-kubelet.crt", path: "/v1-k3s/serving-kubelet.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic client key", name: "800 valid basic client key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -965,7 +1007,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -965,7 +1007,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert client key", name: "801 valid cert client key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -989,7 +1031,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -989,7 +1031,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/client-kubelet.crt", path: "/v1-k3s/client-kubelet.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic but missing headers", name: "900 valid basic but missing headers",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
...@@ -998,7 +1040,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -998,7 +1040,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert but missing headers", name: "901 valid cert but missing headers",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -1011,7 +1053,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1011,7 +1053,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid basic legacy key", name: "902 valid basic legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -1025,7 +1067,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1025,7 +1067,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert legacy key", name: "903 valid cert legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -1048,7 +1090,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1048,7 +1090,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/client-kubelet.crt", path: "/v1-k3s/client-kubelet.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic client key", name: "A00 valid basic client key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -1063,7 +1105,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1063,7 +1105,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert client key", name: "A01 valid cert client key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.Header.Add("k3s-Node-Name", control.ServerNodeName) req.Header.Add("k3s-Node-Name", control.ServerNodeName)
req.Header.Add("k3s-Node-Password", "password") req.Header.Add("k3s-Node-Password", "password")
...@@ -1089,7 +1131,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1089,7 +1131,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/client-kube-proxy.crt", path: "/v1-k3s/client-kube-proxy.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic legacy key", name: "B00 valid basic legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
...@@ -1101,7 +1143,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1101,7 +1143,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert legacy key", name: "B01 valid cert legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -1122,7 +1164,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1122,7 +1164,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/client-kube-proxy.crt", path: "/v1-k3s/client-kube-proxy.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic client key", name: "C00 valid basic client key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withCertificateRequest(req) withCertificateRequest(req)
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
...@@ -1135,7 +1177,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1135,7 +1177,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert client key", name: "C01 valid cert client key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withCertificateRequest(req) withCertificateRequest(req)
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
...@@ -1157,7 +1199,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1157,7 +1199,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/client-k3s-controller.crt", path: "/v1-k3s/client-k3s-controller.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic legacy key", name: "D00 valid basic legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
...@@ -1169,7 +1211,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1169,7 +1211,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert legacy key", name: "D01 valid cert legacy key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -1190,7 +1232,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1190,7 +1232,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/client-k3s-controller.crt", path: "/v1-k3s/client-k3s-controller.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic client key", name: "E00 valid basic client key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withCertificateRequest(req) withCertificateRequest(req)
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
...@@ -1203,7 +1245,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1203,7 +1245,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert client key", name: "E01 valid cert client key",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withCertificateRequest(req) withCertificateRequest(req)
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
...@@ -1225,7 +1267,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1225,7 +1267,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/client-ca.crt", path: "/v1-k3s/client-ca.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic", name: "F00 valid basic",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
...@@ -1238,7 +1280,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1238,7 +1280,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert", name: "F01 valid cert",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -1260,7 +1302,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1260,7 +1302,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/server-ca.crt", path: "/v1-k3s/server-ca.crt",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic", name: "G00 valid basic",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
...@@ -1273,7 +1315,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1273,7 +1315,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert", name: "G01 valid cert",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -1295,7 +1337,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1295,7 +1337,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/apiservers", path: "/v1-k3s/apiservers",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic", name: "G00 valid basic",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
...@@ -1307,7 +1349,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1307,7 +1349,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert", name: "G01 valid cert",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -1328,7 +1370,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1328,7 +1370,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/config", path: "/v1-k3s/config",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic", name: "H00 valid basic",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
...@@ -1340,7 +1382,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1340,7 +1382,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert", name: "H01 valid cert",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -1361,7 +1403,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1361,7 +1403,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/readyz", path: "/v1-k3s/readyz",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic", name: "I00 valid basic",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("node", control.AgentToken) req.SetBasicAuth("node", control.AgentToken)
}, },
...@@ -1373,7 +1415,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1373,7 +1415,7 @@ func Test_UnitHandlers(t *testing.T) {
}, },
}, },
sub{ sub{
name: "valid cert", name: "I01 valid cert",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -1396,7 +1438,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1396,7 +1438,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/connect", path: "/v1-k3s/connect",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid cert", name: "J00 valid cert",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{ withNewClientCert(req, control.Runtime.ClientCA, control.Runtime.ClientCAKey, control.Runtime.ClientKubeletKey, certutil.Config{
CommonName: "system:node:" + control.ServerNodeName, CommonName: "system:node:" + control.ServerNodeName,
...@@ -1416,7 +1458,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1416,7 +1458,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/encrypt/status", path: "/v1-k3s/encrypt/status",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic", name: "K00 valid basic",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("server", control.Token) req.SetBasicAuth("server", control.Token)
}, },
...@@ -1430,7 +1472,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1430,7 +1472,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/encrypt/config", path: "/v1-k3s/encrypt/config",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic", name: "L00 valid basic",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("server", control.Token) req.SetBasicAuth("server", control.Token)
}, },
...@@ -1444,7 +1486,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1444,7 +1486,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/cert/cacerts", path: "/v1-k3s/cert/cacerts",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic", name: "M00 valid basic",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("server", control.Token) req.SetBasicAuth("server", control.Token)
}, },
...@@ -1458,7 +1500,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1458,7 +1500,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/server-bootstrap", path: "/v1-k3s/server-bootstrap",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic", name: "N00 valid basic",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("server", control.Token) req.SetBasicAuth("server", control.Token)
}, },
...@@ -1475,7 +1517,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1475,7 +1517,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/v1-k3s/token", path: "/v1-k3s/token",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid basic", name: "O00 valid basic",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
req.SetBasicAuth("server", control.Token) req.SetBasicAuth("server", control.Token)
}, },
...@@ -1491,7 +1533,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1491,7 +1533,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/", path: "/",
subs: append(genericFailures, subs: append(genericFailures,
sub{ sub{
name: "valid cert", name: "P00 valid cert",
prepare: func(control *config.Control, req *http.Request) { prepare: func(control *config.Control, req *http.Request) {
withClientCert(req, control.Runtime.ClientKubeAPICert) withClientCert(req, control.Runtime.ClientKubeAPICert)
}, },
...@@ -1507,7 +1549,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1507,7 +1549,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/ping", path: "/ping",
subs: []sub{ subs: []sub{
{ {
name: "anonymous", name: "Q00 anonymous",
match: func(_ *config.Control) types.GomegaMatcher { match: func(_ *config.Control) types.GomegaMatcher {
return And( return And(
HaveHTTPStatus(http.StatusOK), HaveHTTPStatus(http.StatusOK),
...@@ -1521,7 +1563,7 @@ func Test_UnitHandlers(t *testing.T) { ...@@ -1521,7 +1563,7 @@ func Test_UnitHandlers(t *testing.T) {
path: "/cacerts", path: "/cacerts",
subs: []sub{ subs: []sub{
{ {
name: "anonymous", name: "R00 anonymous",
match: func(control *config.Control) types.GomegaMatcher { match: func(control *config.Control) types.GomegaMatcher {
certs, _ := os.ReadFile(control.Runtime.ServerCA) certs, _ := os.ReadFile(control.Runtime.ServerCA)
return And( return And(
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment