diff --git a/pkg/controllers/status/cluster_status_controller_test.go b/pkg/controllers/status/cluster_status_controller_test.go index 499ddd8a6fe2..ead499eb8c5e 100644 --- a/pkg/controllers/status/cluster_status_controller_test.go +++ b/pkg/controllers/status/cluster_status_controller_test.go @@ -32,6 +32,28 @@ import ( "github.com/karmada-io/karmada/pkg/util/helper" ) +// copy from go/src/net/http/internal/testcert/testcert.go +var testCA = []byte(`-----BEGIN CERTIFICATE----- +MIIDOTCCAiGgAwIBAgIQSRJrEpBGFc7tNb1fb5pKFzANBgkqhkiG9w0BAQsFADAS +MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw +MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA6Gba5tHV1dAKouAaXO3/ebDUU4rvwCUg/CNaJ2PT5xLD4N1Vcb8r +bFSW2HXKq+MPfVdwIKR/1DczEoAGf/JWQTW7EgzlXrCd3rlajEX2D73faWJekD0U +aUgz5vtrTXZ90BQL7WvRICd7FlEZ6FPOcPlumiyNmzUqtwGhO+9ad1W5BqJaRI6P +YfouNkwR6Na4TzSj5BrqUfP0FwDizKSJ0XXmh8g8G9mtwxOSN3Ru1QFc61Xyeluk +POGKBV/q6RBNklTNe0gI8usUMlYyoC7ytppNMW7X2vodAelSu25jgx2anj9fDVZu +h7AXF5+4nJS4AAt0n1lNY7nGSsdZas8PbQIDAQABo4GIMIGFMA4GA1UdDwEB/wQE +AwICpDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBStsdjh3/JCXXYlQryOrL4Sh7BW5TAuBgNVHREEJzAlggtleGFtcGxlLmNv +bYcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAxWGI +5NhpF3nwwy/4yB4i/CwwSpLrWUa70NyhvprUBC50PxiXav1TeDzwzLx/o5HyNwsv +cxv3HdkLW59i/0SlJSrNnWdfZ19oTcS+6PtLoVyISgtyN6DpkKpdG1cOkW3Cy2P2 ++tK/tKHRP1Y/Ra0RiDpOAmqn0gCOFGz8+lqDIor/T7MTpibL3IxqWfPrvfVRHL3B +grw/ZQTTIVjjh4JBSW3WyWgNo/ikC1lrVxzl4iPUGptxT36Cr7Zk2Bsg0XqwbOvK +5d+NTDREkSnUbie4GeutujmX3Dsx88UiV6UY/4lHJa6I5leHUNOHahRbpbWeOfs/ +WkBKOclmOV2xlTVuPw== +-----END CERTIFICATE-----`) + func TestClusterStatusController_Reconcile(t *testing.T) { tests := []struct { name string @@ -123,16 +145,13 @@ func generateClusterClient(APIEndpoint string) *util.ClusterClient { &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: APIEndpoint, - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, + APIEndpoint: APIEndpoint, + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, }, }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, - Data: map[string][]byte{ - clusterv1alpha1.SecretTokenKey: []byte("token"), - }, + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}, }).Build() clusterClientSet, _ := util.NewClusterClientSet("test", hostClient, nil) clusterClient.KubeClient = clusterClientSet.KubeClient @@ -160,14 +179,17 @@ func TestClusterStatusController_syncClusterStatus(t *testing.T) { cluster := &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: server.URL, - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, - ProxyURL: "http://1.1.1.1", + APIEndpoint: server.URL, + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, + ProxyURL: "http://1.1.1.1", }, } + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}, + } c := &ClusterStatusController{ - Client: fake.NewClientBuilder().WithScheme(gclient.NewSchema()).WithStatusSubresource(cluster).Build(), + Client: fake.NewClientBuilder().WithScheme(gclient.NewSchema()).WithStatusSubresource(cluster, secret).Build(), GenericInformerManager: genericmanager.GetInstance(), TypedInformerManager: typedmanager.GetInstance(), ClusterSuccessThreshold: metav1.Duration{ @@ -202,14 +224,17 @@ func TestClusterStatusController_syncClusterStatus(t *testing.T) { cluster := &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: server.URL, - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, - ProxyURL: "http://1.1.1.2", + APIEndpoint: server.URL, + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, + ProxyURL: "http://1.1.1.2", }, } + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}, + } c := &ClusterStatusController{ - Client: fake.NewClientBuilder().WithScheme(gclient.NewSchema()).WithStatusSubresource(cluster).Build(), + Client: fake.NewClientBuilder().WithScheme(gclient.NewSchema()).WithStatusSubresource(cluster, secret).Build(), GenericInformerManager: genericmanager.GetInstance(), TypedInformerManager: typedmanager.GetInstance(), ClusterSuccessThreshold: metav1.Duration{ @@ -247,14 +272,17 @@ func TestClusterStatusController_syncClusterStatus(t *testing.T) { cluster := &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: server.URL, - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, - ProxyURL: "http://1.1.1.1", + APIEndpoint: server.URL, + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, + ProxyURL: "http://1.1.1.1", }, } + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}, + } c := &ClusterStatusController{ - Client: fake.NewClientBuilder().WithScheme(gclient.NewSchema()).WithStatusSubresource(cluster).Build(), + Client: fake.NewClientBuilder().WithScheme(gclient.NewSchema()).WithStatusSubresource(cluster, secret).Build(), GenericInformerManager: genericmanager.GetInstance(), TypedInformerManager: typedmanager.GetInstance(), ClusterSuccessThreshold: metav1.Duration{ diff --git a/pkg/controllers/status/work_status_controller_test.go b/pkg/controllers/status/work_status_controller_test.go index 90c55ddcc902..9ff13d14e266 100644 --- a/pkg/controllers/status/work_status_controller_test.go +++ b/pkg/controllers/status/work_status_controller_test.go @@ -68,9 +68,8 @@ func TestWorkStatusController_Reconcile(t *testing.T) { &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: "cluster"}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: "https://127.0.0.1", - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, + APIEndpoint: "https://127.0.0.1", + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, }, Status: clusterv1alpha1.ClusterStatus{ Conditions: []metav1.Condition{ @@ -83,7 +82,7 @@ func TestWorkStatusController_Reconcile(t *testing.T) { }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, - Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token")}, + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}, }).Build(), InformerManager: genericmanager.GetInstance(), PredicateFunc: helper.NewClusterPredicateOnAgent("test"), @@ -779,9 +778,8 @@ func TestWorkStatusController_getSingleClusterManager(t *testing.T) { &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: "cluster"}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: "https://127.0.0.1", - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, + APIEndpoint: "https://127.0.0.1", + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, }, Status: clusterv1alpha1.ClusterStatus{ Conditions: []metav1.Condition{ @@ -794,7 +792,7 @@ func TestWorkStatusController_getSingleClusterManager(t *testing.T) { }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, - Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token")}, + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}, }).Build() } diff --git a/pkg/util/membercluster_client_test.go b/pkg/util/membercluster_client_test.go index 7fd4f342ecc6..f7de754ab493 100644 --- a/pkg/util/membercluster_client_test.go +++ b/pkg/util/membercluster_client_test.go @@ -164,16 +164,14 @@ func TestNewClusterClientSet(t *testing.T) { &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: "https://127.0.0.1", - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, - ProxyURL: "://", + APIEndpoint: "https://127.0.0.1", + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, + ProxyURL: "://", }, }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, - Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token")}, - }).Build(), + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}}).Build(), clientOption: &ClientOption{QPS: 100, Burst: 200}, }, wantErr: true, @@ -186,15 +184,14 @@ func TestNewClusterClientSet(t *testing.T) { &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: "https://127.0.0.1", - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, - ProxyURL: "http://1.1.1.1", + APIEndpoint: "https://127.0.0.1", + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, + ProxyURL: "http://1.1.1.1", }, }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, - Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token")}, + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}, }).Build(), clientOption: &ClientOption{QPS: 100, Burst: 200}, }, @@ -247,16 +244,13 @@ func TestNewClusterClientSet_ClientWorks(t *testing.T) { &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: clusterName}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: s.URL, - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, + APIEndpoint: s.URL, + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, }, }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, - Data: map[string][]byte{ - clusterv1alpha1.SecretTokenKey: []byte("token"), - }, + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}, }).Build() clusterClient, err := NewClusterClientSet(clusterName, hostClient, nil) @@ -376,14 +370,13 @@ func TestNewClusterDynamicClientSet(t *testing.T) { &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: "https://127.0.0.1", - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, + APIEndpoint: "https://127.0.0.1", + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, }, }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, - Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token")}, + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}, }).Build(), }, wantErr: false, @@ -396,15 +389,14 @@ func TestNewClusterDynamicClientSet(t *testing.T) { &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: "https://127.0.0.1", - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, - ProxyURL: "://", + APIEndpoint: "https://127.0.0.1", + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, + ProxyURL: "://", }, }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, - Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token")}, + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}, }).Build(), }, wantErr: true, @@ -417,15 +409,14 @@ func TestNewClusterDynamicClientSet(t *testing.T) { &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: "https://127.0.0.1", - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, - ProxyURL: "http://1.1.1.1", + APIEndpoint: "https://127.0.0.1", + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, + ProxyURL: "http://1.1.1.1", }, }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, - Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token")}, + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}, }).Build(), }, wantErr: false, @@ -477,16 +468,13 @@ func TestNewClusterDynamicClientSet_ClientWorks(t *testing.T) { &clusterv1alpha1.Cluster{ ObjectMeta: metav1.ObjectMeta{Name: clusterName}, Spec: clusterv1alpha1.ClusterSpec{ - APIEndpoint: s.URL, - SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, - InsecureSkipTLSVerification: true, + APIEndpoint: s.URL, + SecretRef: &clusterv1alpha1.LocalSecretReference{Namespace: "ns1", Name: "secret1"}, }, }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "secret1"}, - Data: map[string][]byte{ - clusterv1alpha1.SecretTokenKey: []byte("token"), - }, + Data: map[string][]byte{clusterv1alpha1.SecretTokenKey: []byte("token"), clusterv1alpha1.SecretCADataKey: testCA}, }).Build() clusterClient, err := NewClusterDynamicClientSet(clusterName, hostClient)