apiserver: use the identity value in the apiserver identity hash
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
This commit is contained in:
Andrew Sy Kim
@@ -27,6 +27,8 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/onsi/ginkgo/v2"
|
||||
"golang.org/x/crypto/cryptobyte"
|
||||
|
||||
v1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
@@ -124,7 +126,17 @@ var _ = SIGDescribe("kube-apiserver identity [Feature:APIServerIdentity]", func(
|
||||
hostname, err := getControlPlaneHostname(ctx, &node)
|
||||
framework.ExpectNoError(err)
|
||||
|
||||
hash := sha256.Sum256([]byte(hostname))
|
||||
b := cryptobyte.NewBuilder(nil)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes([]byte(hostname))
|
||||
})
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes([]byte("kube-apiserver"))
|
||||
})
|
||||
|
||||
hashData, err := b.Bytes()
|
||||
framework.ExpectNoError(err)
|
||||
hash := sha256.Sum256(hashData)
|
||||
leaseName := "apiserver-" + strings.ToLower(base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(hash[:16]))
|
||||
|
||||
lease, err := client.CoordinationV1().Leases(metav1.NamespaceSystem).Get(context.TODO(), leaseName, metav1.GetOptions{})
|
||||
|
||||
@@ -26,6 +26,8 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/cryptobyte"
|
||||
|
||||
coordinationv1 "k8s.io/api/coordination/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
@@ -45,8 +47,20 @@ const (
|
||||
testLeaseName = "apiserver-lease-test"
|
||||
)
|
||||
|
||||
func expectedAPIServerIdentity(hostname string) string {
|
||||
hash := sha256.Sum256([]byte(hostname))
|
||||
func expectedAPIServerIdentity(t *testing.T, hostname string) string {
|
||||
b := cryptobyte.NewBuilder(nil)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes([]byte(hostname))
|
||||
})
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes([]byte("kube-apiserver"))
|
||||
})
|
||||
hashData, err := b.Bytes()
|
||||
if err != nil {
|
||||
t.Fatalf("error building hash data for apiserver identity: %v", err)
|
||||
}
|
||||
|
||||
hash := sha256.Sum256(hashData)
|
||||
return "apiserver-" + strings.ToLower(base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(hash[:16]))
|
||||
}
|
||||
|
||||
@@ -84,8 +98,8 @@ func TestCreateLeaseOnStart(t *testing.T) {
|
||||
}
|
||||
|
||||
lease := leases.Items[0]
|
||||
if lease.Name != expectedAPIServerIdentity(hostname) {
|
||||
return false, fmt.Errorf("unexpected apiserver identity, got: %v, expected: %v", lease.Name, expectedAPIServerIdentity(hostname))
|
||||
if lease.Name != expectedAPIServerIdentity(t, hostname) {
|
||||
return false, fmt.Errorf("unexpected apiserver identity, got: %v, expected: %v", lease.Name, expectedAPIServerIdentity(t, hostname))
|
||||
}
|
||||
|
||||
if lease.Labels[corev1.LabelHostname] != hostname {
|
||||
|
||||
Reference in New Issue
Block a user