Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
e5fc73a4
Commit
e5fc73a4
authored
Feb 07, 2017
by
Andy Goldstein
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Switch CSR controller to use shared informer
parent
74cf0484
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
291 additions
and
58 deletions
+291
-58
certificates.go
cmd/kube-controller-manager/app/certificates.go
+1
-2
BUILD
pkg/controller/certificates/BUILD
+13
-4
certificate_controller.go
pkg/controller/certificates/certificate_controller.go
+56
-52
certificate_controller_test.go
pkg/controller/certificates/certificate_controller_test.go
+221
-0
No files found.
cmd/kube-controller-manager/app/certificates.go
View file @
e5fc73a4
...
@@ -31,11 +31,10 @@ func startCSRController(ctx ControllerContext) (bool, error) {
...
@@ -31,11 +31,10 @@ func startCSRController(ctx ControllerContext) (bool, error) {
if
!
ctx
.
AvailableResources
[
schema
.
GroupVersionResource
{
Group
:
"certificates.k8s.io"
,
Version
:
"v1beta1"
,
Resource
:
"certificatesigningrequests"
}]
{
if
!
ctx
.
AvailableResources
[
schema
.
GroupVersionResource
{
Group
:
"certificates.k8s.io"
,
Version
:
"v1beta1"
,
Resource
:
"certificatesigningrequests"
}]
{
return
false
,
nil
return
false
,
nil
}
}
resyncPeriod
:=
ResyncPeriod
(
&
ctx
.
Options
)()
c
:=
ctx
.
ClientBuilder
.
ClientOrDie
(
"certificate-controller"
)
c
:=
ctx
.
ClientBuilder
.
ClientOrDie
(
"certificate-controller"
)
certController
,
err
:=
certcontroller
.
NewCertificateController
(
certController
,
err
:=
certcontroller
.
NewCertificateController
(
c
,
c
,
resyncPeriod
,
ctx
.
NewInformerFactory
.
Certificates
()
.
V1beta1
()
.
CertificateSigningRequests
()
,
ctx
.
Options
.
ClusterSigningCertFile
,
ctx
.
Options
.
ClusterSigningCertFile
,
ctx
.
Options
.
ClusterSigningKeyFile
,
ctx
.
Options
.
ClusterSigningKeyFile
,
certcontroller
.
NewGroupApprover
(
ctx
.
Options
.
ApproveAllKubeletCSRsForGroup
),
certcontroller
.
NewGroupApprover
(
ctx
.
Options
.
ApproveAllKubeletCSRsForGroup
),
...
...
pkg/controller/certificates/BUILD
View file @
e5fc73a4
...
@@ -21,19 +21,19 @@ go_library(
...
@@ -21,19 +21,19 @@ go_library(
deps = [
deps = [
"//pkg/apis/certificates/v1beta1:go_default_library",
"//pkg/apis/certificates/v1beta1:go_default_library",
"//pkg/client/clientset_generated/clientset:go_default_library",
"//pkg/client/clientset_generated/clientset:go_default_library",
"//pkg/client/legacylisters:go_default_library",
"//pkg/client/informers/informers_generated/certificates/v1beta1:go_default_library",
"//pkg/client/listers/certificates/v1beta1:go_default_library",
"//pkg/controller:go_default_library",
"//pkg/controller:go_default_library",
"//vendor:github.com/cloudflare/cfssl/config",
"//vendor:github.com/cloudflare/cfssl/config",
"//vendor:github.com/cloudflare/cfssl/helpers",
"//vendor:github.com/cloudflare/cfssl/helpers",
"//vendor:github.com/cloudflare/cfssl/signer",
"//vendor:github.com/cloudflare/cfssl/signer",
"//vendor:github.com/cloudflare/cfssl/signer/local",
"//vendor:github.com/cloudflare/cfssl/signer/local",
"//vendor:github.com/golang/glog",
"//vendor:github.com/golang/glog",
"//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
"//vendor:k8s.io/apimachinery/pkg/api/errors",
"//vendor:k8s.io/apimachinery/pkg/runtime",
"//vendor:k8s.io/apimachinery/pkg/util/runtime",
"//vendor:k8s.io/apimachinery/pkg/util/runtime",
"//vendor:k8s.io/apimachinery/pkg/util/wait",
"//vendor:k8s.io/apimachinery/pkg/util/wait",
"//vendor:k8s.io/apimachinery/pkg/watch",
"//vendor:k8s.io/client-go/kubernetes/typed/core/v1",
"//vendor:k8s.io/client-go/kubernetes/typed/core/v1",
"//vendor:k8s.io/client-go/pkg/api",
"//vendor:k8s.io/client-go/tools/cache",
"//vendor:k8s.io/client-go/tools/cache",
"//vendor:k8s.io/client-go/tools/record",
"//vendor:k8s.io/client-go/tools/record",
"//vendor:k8s.io/client-go/util/workqueue",
"//vendor:k8s.io/client-go/util/workqueue",
...
@@ -56,6 +56,7 @@ filegroup(
...
@@ -56,6 +56,7 @@ filegroup(
go_test(
go_test(
name = "go_default_test",
name = "go_default_test",
srcs = [
srcs = [
"certificate_controller_test.go",
"cfssl_signer_test.go",
"cfssl_signer_test.go",
"groupapprove_test.go",
"groupapprove_test.go",
],
],
...
@@ -68,6 +69,14 @@ go_test(
...
@@ -68,6 +69,14 @@ go_test(
tags = ["automanaged"],
tags = ["automanaged"],
deps = [
deps = [
"//pkg/apis/certificates/v1beta1:go_default_library",
"//pkg/apis/certificates/v1beta1:go_default_library",
"//pkg/client/clientset_generated/clientset/fake:go_default_library",
"//pkg/client/informers/informers_generated:go_default_library",
"//pkg/controller:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
"//vendor:k8s.io/apimachinery/pkg/runtime",
"//vendor:k8s.io/apimachinery/pkg/util/wait",
"//vendor:k8s.io/client-go/tools/cache",
"//vendor:k8s.io/client-go/util/cert",
"//vendor:k8s.io/client-go/util/cert",
"//vendor:k8s.io/client-go/util/cert/triple",
],
],
)
)
pkg/controller/certificates/certificate_controller.go
View file @
e5fc73a4
...
@@ -20,18 +20,18 @@ import (
...
@@ -20,18 +20,18 @@ import (
"fmt"
"fmt"
"time"
"time"
metav1
"k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/runtime"
utilruntime
"k8s.io/apimachinery/pkg/util/runtime"
utilruntime
"k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/apimachinery/pkg/watch"
v1core
"k8s.io/client-go/kubernetes/typed/core/v1"
v1core
"k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/pkg/api"
"k8s.io/client-go/tools/cache"
"k8s.io/client-go/tools/cache"
"k8s.io/client-go/tools/record"
"k8s.io/client-go/tools/record"
"k8s.io/client-go/util/workqueue"
"k8s.io/client-go/util/workqueue"
certificates
"k8s.io/kubernetes/pkg/apis/certificates/v1beta1"
certificates
"k8s.io/kubernetes/pkg/apis/certificates/v1beta1"
"k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
"k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
"k8s.io/kubernetes/pkg/client/legacylisters"
certificatesinformers
"k8s.io/kubernetes/pkg/client/informers/informers_generated/certificates/v1beta1"
certificateslisters
"k8s.io/kubernetes/pkg/client/listers/certificates/v1beta1"
"k8s.io/kubernetes/pkg/controller"
"k8s.io/kubernetes/pkg/controller"
"github.com/golang/glog"
"github.com/golang/glog"
...
@@ -52,9 +52,8 @@ type Signer interface {
...
@@ -52,9 +52,8 @@ type Signer interface {
type
CertificateController
struct
{
type
CertificateController
struct
{
kubeClient
clientset
.
Interface
kubeClient
clientset
.
Interface
// CSR framework and store
csrLister
certificateslisters
.
CertificateSigningRequestLister
csrController
cache
.
Controller
csrsSynced
cache
.
InformerSynced
csrStore
listers
.
StoreToCertificateRequestLister
syncHandler
func
(
csrKey
string
)
error
syncHandler
func
(
csrKey
string
)
error
...
@@ -64,7 +63,7 @@ type CertificateController struct {
...
@@ -64,7 +63,7 @@ type CertificateController struct {
queue
workqueue
.
RateLimitingInterface
queue
workqueue
.
RateLimitingInterface
}
}
func
NewCertificateController
(
kubeClient
clientset
.
Interface
,
syncPeriod
time
.
Duration
,
caCertFile
,
caKeyFile
string
,
approver
AutoApprover
)
(
*
CertificateController
,
error
)
{
func
NewCertificateController
(
kubeClient
clientset
.
Interface
,
csrInformer
certificatesinformers
.
CertificateSigningRequestInformer
,
caCertFile
,
caKeyFile
string
,
approver
AutoApprover
)
(
*
CertificateController
,
error
)
{
// Send events to the apiserver
// Send events to the apiserver
eventBroadcaster
:=
record
.
NewBroadcaster
()
eventBroadcaster
:=
record
.
NewBroadcaster
()
eventBroadcaster
.
StartLogging
(
glog
.
Infof
)
eventBroadcaster
.
StartLogging
(
glog
.
Infof
)
...
@@ -83,47 +82,37 @@ func NewCertificateController(kubeClient clientset.Interface, syncPeriod time.Du
...
@@ -83,47 +82,37 @@ func NewCertificateController(kubeClient clientset.Interface, syncPeriod time.Du
}
}
// Manage the addition/update of certificate requests
// Manage the addition/update of certificate requests
cc
.
csrStore
.
Store
,
cc
.
csrController
=
cache
.
NewInformer
(
csrInformer
.
Informer
()
.
AddEventHandler
(
cache
.
ResourceEventHandlerFuncs
{
&
cache
.
ListWatch
{
AddFunc
:
func
(
obj
interface
{})
{
ListFunc
:
func
(
options
metav1
.
ListOptions
)
(
runtime
.
Object
,
error
)
{
csr
:=
obj
.
(
*
certificates
.
CertificateSigningRequest
)
return
cc
.
kubeClient
.
Certificates
()
.
CertificateSigningRequests
()
.
List
(
options
)
glog
.
V
(
4
)
.
Infof
(
"Adding certificate request %s"
,
csr
.
Name
)
},
cc
.
enqueueCertificateRequest
(
obj
)
WatchFunc
:
func
(
options
metav1
.
ListOptions
)
(
watch
.
Interface
,
error
)
{
return
cc
.
kubeClient
.
Certificates
()
.
CertificateSigningRequests
()
.
Watch
(
options
)
},
},
},
&
certificates
.
CertificateSigningRequest
{},
UpdateFunc
:
func
(
old
,
new
interface
{})
{
syncPeriod
,
oldCSR
:=
old
.
(
*
certificates
.
CertificateSigningRequest
)
cache
.
ResourceEventHandlerFuncs
{
glog
.
V
(
4
)
.
Infof
(
"Updating certificate request %s"
,
oldCSR
.
Name
)
AddFunc
:
func
(
obj
interface
{})
{
cc
.
enqueueCertificateRequest
(
new
)
csr
:=
obj
.
(
*
certificates
.
CertificateSigningRequest
)
},
glog
.
V
(
4
)
.
Infof
(
"Adding certificate request %s"
,
csr
.
Name
)
DeleteFunc
:
func
(
obj
interface
{})
{
cc
.
enqueueCertificateRequest
(
obj
)
csr
,
ok
:=
obj
.
(
*
certificates
.
CertificateSigningRequest
)
},
if
!
ok
{
UpdateFunc
:
func
(
old
,
new
interface
{})
{
tombstone
,
ok
:=
obj
.
(
cache
.
DeletedFinalStateUnknown
)
oldCSR
:=
old
.
(
*
certificates
.
CertificateSigningRequest
)
if
!
ok
{
glog
.
V
(
4
)
.
Infof
(
"Updating certificate request %s"
,
oldCSR
.
Name
)
glog
.
V
(
2
)
.
Infof
(
"Couldn't get object from tombstone %#v"
,
obj
)
cc
.
enqueueCertificateRequest
(
new
)
return
},
}
DeleteFunc
:
func
(
obj
interface
{})
{
csr
,
ok
=
tombstone
.
Obj
.
(
*
certificates
.
CertificateSigningRequest
)
csr
,
ok
:=
obj
.
(
*
certificates
.
CertificateSigningRequest
)
if
!
ok
{
if
!
ok
{
tombstone
,
ok
:=
obj
.
(
cache
.
DeletedFinalStateUnknown
)
glog
.
V
(
2
)
.
Infof
(
"Tombstone contained object that is not a CSR: %#v"
,
obj
)
if
!
ok
{
return
glog
.
V
(
2
)
.
Infof
(
"Couldn't get object from tombstone %#v"
,
obj
)
return
}
csr
,
ok
=
tombstone
.
Obj
.
(
*
certificates
.
CertificateSigningRequest
)
if
!
ok
{
glog
.
V
(
2
)
.
Infof
(
"Tombstone contained object that is not a CSR: %#v"
,
obj
)
return
}
}
}
glog
.
V
(
4
)
.
Infof
(
"Deleting certificate request %s"
,
csr
.
Name
)
}
cc
.
enqueueCertificateRequest
(
obj
)
glog
.
V
(
4
)
.
Infof
(
"Deleting certificate request %s"
,
csr
.
Name
)
},
cc
.
enqueueCertificateRequest
(
obj
)
},
},
)
})
cc
.
csrLister
=
csrInformer
.
Lister
()
cc
.
csrsSynced
=
csrInformer
.
Informer
()
.
HasSynced
cc
.
syncHandler
=
cc
.
maybeSignCertificate
cc
.
syncHandler
=
cc
.
maybeSignCertificate
return
cc
,
nil
return
cc
,
nil
}
}
...
@@ -133,9 +122,13 @@ func (cc *CertificateController) Run(workers int, stopCh <-chan struct{}) {
...
@@ -133,9 +122,13 @@ func (cc *CertificateController) Run(workers int, stopCh <-chan struct{}) {
defer
utilruntime
.
HandleCrash
()
defer
utilruntime
.
HandleCrash
()
defer
cc
.
queue
.
ShutDown
()
defer
cc
.
queue
.
ShutDown
()
go
cc
.
csrController
.
Run
(
stopCh
)
glog
.
Infof
(
"Starting certificate controller manager"
)
glog
.
Infof
(
"Starting certificate controller manager"
)
if
!
cache
.
WaitForCacheSync
(
stopCh
,
cc
.
csrsSynced
)
{
utilruntime
.
HandleError
(
fmt
.
Errorf
(
"timed out waiting for caches to sync"
))
return
}
for
i
:=
0
;
i
<
workers
;
i
++
{
for
i
:=
0
;
i
<
workers
;
i
++
{
go
wait
.
Until
(
cc
.
worker
,
time
.
Second
,
stopCh
)
go
wait
.
Until
(
cc
.
worker
,
time
.
Second
,
stopCh
)
}
}
...
@@ -186,15 +179,26 @@ func (cc *CertificateController) maybeSignCertificate(key string) error {
...
@@ -186,15 +179,26 @@ func (cc *CertificateController) maybeSignCertificate(key string) error {
defer
func
()
{
defer
func
()
{
glog
.
V
(
4
)
.
Infof
(
"Finished syncing certificate request %q (%v)"
,
key
,
time
.
Now
()
.
Sub
(
startTime
))
glog
.
V
(
4
)
.
Infof
(
"Finished syncing certificate request %q (%v)"
,
key
,
time
.
Now
()
.
Sub
(
startTime
))
}()
}()
obj
,
exists
,
err
:=
cc
.
csrStore
.
Store
.
GetByKey
(
key
)
csr
,
err
:=
cc
.
csrLister
.
Get
(
key
)
if
errors
.
IsNotFound
(
err
)
{
glog
.
V
(
3
)
.
Infof
(
"csr has been deleted: %v"
,
key
)
return
nil
}
if
err
!=
nil
{
if
err
!=
nil
{
return
err
return
err
}
}
if
!
exists
{
glog
.
V
(
3
)
.
Infof
(
"csr has been deleted: %v"
,
key
)
if
csr
.
Status
.
Certificate
!=
nil
{
// no need to do anything because it already has a cert
return
nil
return
nil
}
}
csr
:=
obj
.
(
*
certificates
.
CertificateSigningRequest
)
// need to operate on a copy so we don't mutate the csr in the shared cache
copy
,
err
:=
api
.
Scheme
.
DeepCopy
(
csr
)
if
err
!=
nil
{
return
err
}
csr
=
copy
.
(
*
certificates
.
CertificateSigningRequest
)
if
cc
.
approver
!=
nil
{
if
cc
.
approver
!=
nil
{
csr
,
err
=
cc
.
approver
.
AutoApprove
(
csr
)
csr
,
err
=
cc
.
approver
.
AutoApprove
(
csr
)
...
@@ -212,7 +216,7 @@ func (cc *CertificateController) maybeSignCertificate(key string) error {
...
@@ -212,7 +216,7 @@ func (cc *CertificateController) maybeSignCertificate(key string) error {
// 2. Generate a signed certificate
// 2. Generate a signed certificate
// 3. Update the Status subresource
// 3. Update the Status subresource
if
cc
.
signer
!=
nil
&&
csr
.
Status
.
Certificate
==
nil
&&
IsCertificateRequestApproved
(
csr
)
{
if
cc
.
signer
!=
nil
&&
IsCertificateRequestApproved
(
csr
)
{
csr
,
err
:=
cc
.
signer
.
Sign
(
csr
)
csr
,
err
:=
cc
.
signer
.
Sign
(
csr
)
if
err
!=
nil
{
if
err
!=
nil
{
return
fmt
.
Errorf
(
"error auto signing csr: %v"
,
err
)
return
fmt
.
Errorf
(
"error auto signing csr: %v"
,
err
)
...
...
pkg/controller/certificates/certificate_controller_test.go
0 → 100644
View file @
e5fc73a4
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package
certificates
import
(
"bytes"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"io/ioutil"
"os"
"testing"
"time"
metav1
"k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/tools/cache"
"k8s.io/client-go/util/cert"
"k8s.io/client-go/util/cert/triple"
certificates
"k8s.io/kubernetes/pkg/apis/certificates/v1beta1"
"k8s.io/kubernetes/pkg/client/clientset_generated/clientset/fake"
informers
"k8s.io/kubernetes/pkg/client/informers/informers_generated"
"k8s.io/kubernetes/pkg/controller"
)
type
testController
struct
{
*
CertificateController
certFile
string
keyFile
string
csrStore
cache
.
Store
informerFactory
informers
.
SharedInformerFactory
approver
*
fakeAutoApprover
}
func
alwaysReady
()
bool
{
return
true
}
func
newController
(
csrs
...
runtime
.
Object
)
(
*
testController
,
error
)
{
client
:=
fake
.
NewSimpleClientset
(
csrs
...
)
informerFactory
:=
informers
.
NewSharedInformerFactory
(
nil
,
client
,
controller
.
NoResyncPeriodFunc
())
certFile
,
keyFile
,
err
:=
createTestCertFiles
()
if
err
!=
nil
{
return
nil
,
err
}
approver
:=
&
fakeAutoApprover
{
make
(
chan
*
certificates
.
CertificateSigningRequest
,
1
)}
controller
,
err
:=
NewCertificateController
(
client
,
informerFactory
.
Certificates
()
.
V1beta1
()
.
CertificateSigningRequests
(),
certFile
,
keyFile
,
approver
,
)
if
err
!=
nil
{
return
nil
,
err
}
controller
.
csrsSynced
=
alwaysReady
return
&
testController
{
controller
,
certFile
,
keyFile
,
informerFactory
.
Certificates
()
.
V1beta1
()
.
CertificateSigningRequests
()
.
Informer
()
.
GetStore
(),
informerFactory
,
approver
,
},
nil
}
func
(
c
*
testController
)
cleanup
()
{
os
.
Remove
(
c
.
certFile
)
os
.
Remove
(
c
.
keyFile
)
}
func
createTestCertFiles
()
(
string
,
string
,
error
)
{
keyPair
,
err
:=
triple
.
NewCA
(
"test-ca"
)
if
err
!=
nil
{
return
""
,
""
,
err
}
// Generate cert
certBuffer
:=
bytes
.
Buffer
{}
if
err
:=
pem
.
Encode
(
&
certBuffer
,
&
pem
.
Block
{
Type
:
"CERTIFICATE"
,
Bytes
:
keyPair
.
Cert
.
Raw
});
err
!=
nil
{
return
""
,
""
,
err
}
// Generate key
keyBuffer
:=
bytes
.
Buffer
{}
if
err
:=
pem
.
Encode
(
&
keyBuffer
,
&
pem
.
Block
{
Type
:
"RSA PRIVATE KEY"
,
Bytes
:
x509
.
MarshalPKCS1PrivateKey
(
keyPair
.
Key
)});
err
!=
nil
{
return
""
,
""
,
err
}
dir
,
err
:=
ioutil
.
TempDir
(
""
,
""
)
if
err
!=
nil
{
return
""
,
""
,
err
}
certFile
,
err
:=
ioutil
.
TempFile
(
dir
,
"cert"
)
if
err
!=
nil
{
return
""
,
""
,
err
}
keyFile
,
err
:=
ioutil
.
TempFile
(
dir
,
"key"
)
if
err
!=
nil
{
return
""
,
""
,
err
}
_
,
err
=
certFile
.
Write
(
certBuffer
.
Bytes
())
if
err
!=
nil
{
return
""
,
""
,
err
}
certFile
.
Close
()
_
,
err
=
keyFile
.
Write
(
keyBuffer
.
Bytes
())
if
err
!=
nil
{
return
""
,
""
,
err
}
keyFile
.
Close
()
return
certFile
.
Name
(),
keyFile
.
Name
(),
nil
}
type
fakeAutoApprover
struct
{
csr
chan
*
certificates
.
CertificateSigningRequest
}
func
(
f
*
fakeAutoApprover
)
AutoApprove
(
csr
*
certificates
.
CertificateSigningRequest
)
(
*
certificates
.
CertificateSigningRequest
,
error
)
{
csr
.
Status
.
Conditions
=
append
(
csr
.
Status
.
Conditions
,
certificates
.
CertificateSigningRequestCondition
{
Type
:
certificates
.
CertificateApproved
,
Reason
:
"test reason"
,
Message
:
"test message"
,
})
f
.
csr
<-
csr
return
csr
,
nil
}
// TODO flesh this out to cover things like not being able to find the csr in the cache, not
// auto-approving, etc.
func
TestCertificateController
(
t
*
testing
.
T
)
{
csrKey
,
err
:=
cert
.
NewPrivateKey
()
if
err
!=
nil
{
t
.
Fatalf
(
"error creating private key for csr: %v"
,
err
)
}
subject
:=
&
pkix
.
Name
{
Organization
:
[]
string
{
"test org"
},
CommonName
:
"test cn"
,
}
csrBytes
,
err
:=
cert
.
MakeCSR
(
csrKey
,
subject
,
nil
,
nil
)
if
err
!=
nil
{
t
.
Fatalf
(
"error creating csr: %v"
,
err
)
}
csr
:=
&
certificates
.
CertificateSigningRequest
{
ObjectMeta
:
metav1
.
ObjectMeta
{
Name
:
"test-csr"
,
},
Spec
:
certificates
.
CertificateSigningRequestSpec
{
Request
:
csrBytes
,
Usages
:
[]
certificates
.
KeyUsage
{
certificates
.
UsageDigitalSignature
,
certificates
.
UsageKeyEncipherment
,
certificates
.
UsageClientAuth
,
},
},
}
controller
,
err
:=
newController
(
csr
)
if
err
!=
nil
{
t
.
Fatalf
(
"error creating controller: %v"
,
err
)
}
defer
controller
.
cleanup
()
received
:=
make
(
chan
struct
{})
controllerSyncHandler
:=
controller
.
syncHandler
controller
.
syncHandler
=
func
(
key
string
)
error
{
defer
close
(
received
)
return
controllerSyncHandler
(
key
)
}
stopCh
:=
make
(
chan
struct
{})
defer
close
(
stopCh
)
go
controller
.
Run
(
1
,
stopCh
)
go
controller
.
informerFactory
.
Start
(
stopCh
)
select
{
case
<-
received
:
case
<-
time
.
After
(
wait
.
ForeverTestTimeout
)
:
t
.
Errorf
(
"timed out"
)
}
csr
=
<-
controller
.
approver
.
csr
if
e
,
a
:=
1
,
len
(
csr
.
Status
.
Conditions
);
e
!=
a
{
t
.
Fatalf
(
"expected %d status condition, got %d"
,
e
,
a
)
}
if
e
,
a
:=
certificates
.
CertificateApproved
,
csr
.
Status
.
Conditions
[
0
]
.
Type
;
e
!=
a
{
t
.
Errorf
(
"type: expected %v, got %v"
,
e
,
a
)
}
if
e
,
a
:=
"test reason"
,
csr
.
Status
.
Conditions
[
0
]
.
Reason
;
e
!=
a
{
t
.
Errorf
(
"reason: expected %v, got %v"
,
e
,
a
)
}
if
e
,
a
:=
"test message"
,
csr
.
Status
.
Conditions
[
0
]
.
Message
;
e
!=
a
{
t
.
Errorf
(
"message: expected %v, got %v"
,
e
,
a
)
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment