Skip to content

Commit 779d761

Browse files
enjenj
committed
Update tests to handle RemoteRequestHeaderUID
Signed-off-by: Monis Khan <[email protected]>
1 parent a051b06 commit 779d761

File tree

8 files changed

+206
-42
lines changed

8 files changed

+206
-42
lines changed

pkg/controlplane/controller/clusterauthenticationtrust/cluster_authentication_trust_controller_test.go

Lines changed: 147 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -30,11 +30,14 @@ import (
3030
"k8s.io/apimachinery/pkg/util/dump"
3131
"k8s.io/apimachinery/pkg/util/validation/field"
3232
"k8s.io/apiserver/pkg/authentication/request/headerrequest"
33+
"k8s.io/apiserver/pkg/features"
3334
"k8s.io/apiserver/pkg/server/dynamiccertificates"
35+
utilfeature "k8s.io/apiserver/pkg/util/feature"
3436
"k8s.io/client-go/kubernetes/fake"
3537
corev1listers "k8s.io/client-go/listers/core/v1"
3638
clienttesting "k8s.io/client-go/testing"
3739
"k8s.io/client-go/tools/cache"
40+
featuregatetesting "k8s.io/component-base/featuregate/testing"
3841
)
3942

4043
var (
@@ -95,6 +98,7 @@ func TestWriteClientCAs(t *testing.T) {
9598
preexistingObjs []runtime.Object
9699
expectedConfigMaps map[string]*corev1.ConfigMap
97100
expectCreate bool
101+
uidGate bool
98102
}{
99103
{
100104
name: "basic",
@@ -107,6 +111,32 @@ func TestWriteClientCAs(t *testing.T) {
107111
RequestHeaderCA: anotherRandomCAProvider,
108112
RequestHeaderAllowedNames: headerrequest.StaticStringSlice{"first", "second"},
109113
},
114+
expectedConfigMaps: map[string]*corev1.ConfigMap{
115+
"extension-apiserver-authentication": {
116+
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
117+
Data: map[string]string{
118+
"client-ca-file": string(someRandomCA),
119+
"requestheader-username-headers": `["alfa","bravo","charlie"]`,
120+
"requestheader-group-headers": `["delta"]`,
121+
"requestheader-extra-headers-prefix": `["echo","foxtrot"]`,
122+
"requestheader-client-ca-file": string(anotherRandomCA),
123+
"requestheader-allowed-names": `["first","second"]`,
124+
},
125+
},
126+
},
127+
expectCreate: true,
128+
},
129+
{
130+
name: "basic with feature gate",
131+
clusterAuthInfo: ClusterAuthenticationInfo{
132+
ClientCA: someRandomCAProvider,
133+
RequestHeaderUsernameHeaders: headerrequest.StaticStringSlice{"alfa", "bravo", "charlie"},
134+
RequestHeaderUIDHeaders: headerrequest.StaticStringSlice{"golf", "hotel", "india"},
135+
RequestHeaderGroupHeaders: headerrequest.StaticStringSlice{"delta"},
136+
RequestHeaderExtraHeaderPrefixes: headerrequest.StaticStringSlice{"echo", "foxtrot"},
137+
RequestHeaderCA: anotherRandomCAProvider,
138+
RequestHeaderAllowedNames: headerrequest.StaticStringSlice{"first", "second"},
139+
},
110140
expectedConfigMaps: map[string]*corev1.ConfigMap{
111141
"extension-apiserver-authentication": {
112142
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
@@ -122,6 +152,7 @@ func TestWriteClientCAs(t *testing.T) {
122152
},
123153
},
124154
expectCreate: true,
155+
uidGate: true,
125156
},
126157
{
127158
name: "skip extension-apiserver-authentication",
@@ -134,7 +165,6 @@ func TestWriteClientCAs(t *testing.T) {
134165
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
135166
Data: map[string]string{
136167
"requestheader-username-headers": `[]`,
137-
"requestheader-uid-headers": `[]`,
138168
"requestheader-group-headers": `[]`,
139169
"requestheader-extra-headers-prefix": `[]`,
140170
"requestheader-client-ca-file": string(anotherRandomCA),
@@ -169,7 +199,6 @@ func TestWriteClientCAs(t *testing.T) {
169199
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
170200
Data: map[string]string{
171201
"requestheader-username-headers": `[]`,
172-
"requestheader-uid-headers": `[]`,
173202
"requestheader-group-headers": `[]`,
174203
"requestheader-extra-headers-prefix": `[]`,
175204
"requestheader-client-ca-file": string(anotherRandomCA),
@@ -205,7 +234,6 @@ func TestWriteClientCAs(t *testing.T) {
205234
name: "overwrite extension-apiserver-authentication requestheader",
206235
clusterAuthInfo: ClusterAuthenticationInfo{
207236
RequestHeaderUsernameHeaders: headerrequest.StaticStringSlice{},
208-
RequestHeaderUIDHeaders: headerrequest.StaticStringSlice{},
209237
RequestHeaderGroupHeaders: headerrequest.StaticStringSlice{},
210238
RequestHeaderExtraHeaderPrefixes: headerrequest.StaticStringSlice{},
211239
RequestHeaderCA: anotherRandomCAProvider,
@@ -216,7 +244,6 @@ func TestWriteClientCAs(t *testing.T) {
216244
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
217245
Data: map[string]string{
218246
"requestheader-username-headers": `[]`,
219-
"requestheader-uid-headers": `[]`,
220247
"requestheader-group-headers": `[]`,
221248
"requestheader-extra-headers-prefix": `[]`,
222249
"requestheader-client-ca-file": string(someRandomCA),
@@ -229,7 +256,6 @@ func TestWriteClientCAs(t *testing.T) {
229256
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
230257
Data: map[string]string{
231258
"requestheader-username-headers": `[]`,
232-
"requestheader-uid-headers": `[]`,
233259
"requestheader-group-headers": `[]`,
234260
"requestheader-extra-headers-prefix": `[]`,
235261
"requestheader-client-ca-file": string(someRandomCA) + string(anotherRandomCA),
@@ -260,7 +286,6 @@ func TestWriteClientCAs(t *testing.T) {
260286
name: "skip on no change",
261287
clusterAuthInfo: ClusterAuthenticationInfo{
262288
RequestHeaderUsernameHeaders: headerrequest.StaticStringSlice{},
263-
RequestHeaderUIDHeaders: headerrequest.StaticStringSlice{},
264289
RequestHeaderGroupHeaders: headerrequest.StaticStringSlice{},
265290
RequestHeaderExtraHeaderPrefixes: headerrequest.StaticStringSlice{},
266291
RequestHeaderCA: anotherRandomCAProvider,
@@ -271,7 +296,6 @@ func TestWriteClientCAs(t *testing.T) {
271296
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
272297
Data: map[string]string{
273298
"requestheader-username-headers": `[]`,
274-
"requestheader-uid-headers": `[]`,
275299
"requestheader-group-headers": `[]`,
276300
"requestheader-extra-headers-prefix": `[]`,
277301
"requestheader-client-ca-file": string(anotherRandomCA),
@@ -282,10 +306,126 @@ func TestWriteClientCAs(t *testing.T) {
282306
expectedConfigMaps: map[string]*corev1.ConfigMap{},
283307
expectCreate: false,
284308
},
309+
{
310+
name: "drop uid without feature gate",
311+
clusterAuthInfo: ClusterAuthenticationInfo{
312+
RequestHeaderUsernameHeaders: headerrequest.StaticStringSlice{},
313+
RequestHeaderUIDHeaders: headerrequest.StaticStringSlice{"panda"},
314+
RequestHeaderGroupHeaders: headerrequest.StaticStringSlice{},
315+
RequestHeaderExtraHeaderPrefixes: headerrequest.StaticStringSlice{},
316+
RequestHeaderCA: anotherRandomCAProvider,
317+
RequestHeaderAllowedNames: headerrequest.StaticStringSlice{},
318+
},
319+
preexistingObjs: []runtime.Object{
320+
&corev1.ConfigMap{
321+
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
322+
Data: map[string]string{
323+
"requestheader-username-headers": `[]`,
324+
"requestheader-uid-headers": `["snorlax"]`,
325+
"requestheader-group-headers": `[]`,
326+
"requestheader-extra-headers-prefix": `[]`,
327+
"requestheader-client-ca-file": string(anotherRandomCA),
328+
"requestheader-allowed-names": `[]`,
329+
},
330+
},
331+
},
332+
expectedConfigMaps: map[string]*corev1.ConfigMap{
333+
"extension-apiserver-authentication": {
334+
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
335+
Data: map[string]string{
336+
"requestheader-username-headers": `[]`,
337+
"requestheader-group-headers": `[]`,
338+
"requestheader-extra-headers-prefix": `[]`,
339+
"requestheader-client-ca-file": string(anotherRandomCA),
340+
"requestheader-allowed-names": `[]`,
341+
},
342+
},
343+
},
344+
expectCreate: false,
345+
},
346+
{
347+
name: "add uid with feature gate",
348+
clusterAuthInfo: ClusterAuthenticationInfo{
349+
RequestHeaderUsernameHeaders: headerrequest.StaticStringSlice{},
350+
RequestHeaderUIDHeaders: headerrequest.StaticStringSlice{"panda"},
351+
RequestHeaderGroupHeaders: headerrequest.StaticStringSlice{},
352+
RequestHeaderExtraHeaderPrefixes: headerrequest.StaticStringSlice{},
353+
RequestHeaderCA: anotherRandomCAProvider,
354+
RequestHeaderAllowedNames: headerrequest.StaticStringSlice{},
355+
},
356+
preexistingObjs: []runtime.Object{
357+
&corev1.ConfigMap{
358+
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
359+
Data: map[string]string{
360+
"requestheader-username-headers": `[]`,
361+
"requestheader-group-headers": `[]`,
362+
"requestheader-extra-headers-prefix": `[]`,
363+
"requestheader-client-ca-file": string(anotherRandomCA),
364+
"requestheader-allowed-names": `[]`,
365+
},
366+
},
367+
},
368+
expectedConfigMaps: map[string]*corev1.ConfigMap{
369+
"extension-apiserver-authentication": {
370+
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
371+
Data: map[string]string{
372+
"requestheader-username-headers": `[]`,
373+
"requestheader-uid-headers": `["panda"]`,
374+
"requestheader-group-headers": `[]`,
375+
"requestheader-extra-headers-prefix": `[]`,
376+
"requestheader-client-ca-file": string(anotherRandomCA),
377+
"requestheader-allowed-names": `[]`,
378+
},
379+
},
380+
},
381+
expectCreate: false,
382+
uidGate: true,
383+
},
384+
{
385+
name: "append uid with feature gate",
386+
clusterAuthInfo: ClusterAuthenticationInfo{
387+
RequestHeaderUsernameHeaders: headerrequest.StaticStringSlice{},
388+
RequestHeaderUIDHeaders: headerrequest.StaticStringSlice{"panda"},
389+
RequestHeaderGroupHeaders: headerrequest.StaticStringSlice{},
390+
RequestHeaderExtraHeaderPrefixes: headerrequest.StaticStringSlice{},
391+
RequestHeaderCA: anotherRandomCAProvider,
392+
RequestHeaderAllowedNames: headerrequest.StaticStringSlice{},
393+
},
394+
preexistingObjs: []runtime.Object{
395+
&corev1.ConfigMap{
396+
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
397+
Data: map[string]string{
398+
"requestheader-username-headers": `[]`,
399+
"requestheader-uid-headers": `["snorlax"]`,
400+
"requestheader-group-headers": `[]`,
401+
"requestheader-extra-headers-prefix": `[]`,
402+
"requestheader-client-ca-file": string(anotherRandomCA),
403+
"requestheader-allowed-names": `[]`,
404+
},
405+
},
406+
},
407+
expectedConfigMaps: map[string]*corev1.ConfigMap{
408+
"extension-apiserver-authentication": {
409+
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
410+
Data: map[string]string{
411+
"requestheader-username-headers": `[]`,
412+
"requestheader-uid-headers": `["snorlax","panda"]`,
413+
"requestheader-group-headers": `[]`,
414+
"requestheader-extra-headers-prefix": `[]`,
415+
"requestheader-client-ca-file": string(anotherRandomCA),
416+
"requestheader-allowed-names": `[]`,
417+
},
418+
},
419+
},
420+
expectCreate: false,
421+
uidGate: true,
422+
},
285423
}
286424

287425
for _, test := range tests {
288426
t.Run(test.name, func(t *testing.T) {
427+
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.RemoteRequestHeaderUID, test.uidGate)
428+
289429
client := fake.NewSimpleClientset(test.preexistingObjs...)
290430
configMapIndexer := cache.NewIndexer(cache.MetaNamespaceKeyFunc, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc})
291431
for _, obj := range test.preexistingObjs {
@@ -341,7 +481,6 @@ func TestWriteConfigMapDeleted(t *testing.T) {
341481
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
342482
Data: map[string]string{
343483
"requestheader-username-headers": `[]`,
344-
"requestheader-uid-headers": `[]`,
345484
"requestheader-group-headers": `[]`,
346485
"requestheader-extra-headers-prefix": `[]`,
347486
"requestheader-client-ca-file": string(anotherRandomCA),

staging/src/k8s.io/component-base/featuregate/testing/feature_gate.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ func SetFeatureGateEmulationVersionDuringTest(tb TB, gate featuregate.FeatureGat
9999
detectParallelOverrideCleanup := detectParallelOverrideEmulationVersion(tb, ver)
100100
originalEmuVer := gate.(featuregate.MutableVersionedFeatureGate).EmulationVersion()
101101
if err := gate.(featuregate.MutableVersionedFeatureGate).SetEmulationVersion(ver); err != nil {
102-
tb.Fatalf("failed to set emulation version to %s during test", ver.String())
102+
tb.Fatalf("failed to set emulation version to %s during test: %v", ver.String(), err)
103103
}
104104
tb.Cleanup(func() {
105105
tb.Helper()

0 commit comments

Comments
 (0)