apiserver: use the identity value in the apiserver identity hash

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
2023-01-13 15:49:30 -05:00
parent fb066a883d
commit a7de3e15a5
4 changed files with 67 additions and 20 deletions
--- a/test/integration/controlplane/apiserver_identity_test.go
+++ b/test/integration/controlplane/apiserver_identity_test.go
@@ -26,6 +26,8 @@ import (
 	"testing"
 	"time"

+	"golang.org/x/crypto/cryptobyte"
+
 	coordinationv1 "k8s.io/api/coordination/v1"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -45,8 +47,20 @@ const (
 	testLeaseName = "apiserver-lease-test"
 )

-func expectedAPIServerIdentity(hostname string) string {
-	hash := sha256.Sum256([]byte(hostname))
+func expectedAPIServerIdentity(t *testing.T, hostname string) string {
+	b := cryptobyte.NewBuilder(nil)
+	b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+		b.AddBytes([]byte(hostname))
+	})
+	b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+		b.AddBytes([]byte("kube-apiserver"))
+	})
+	hashData, err := b.Bytes()
+	if err != nil {
+		t.Fatalf("error building hash data for apiserver identity: %v", err)
+	}
+
+	hash := sha256.Sum256(hashData)
 	return "apiserver-" + strings.ToLower(base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(hash[:16]))
 }

@@ -84,8 +98,8 @@ func TestCreateLeaseOnStart(t *testing.T) {
 		}

 		lease := leases.Items[0]
-		if lease.Name != expectedAPIServerIdentity(hostname) {
-			return false, fmt.Errorf("unexpected apiserver identity, got: %v, expected: %v", lease.Name, expectedAPIServerIdentity(hostname))
+		if lease.Name != expectedAPIServerIdentity(t, hostname) {
+			return false, fmt.Errorf("unexpected apiserver identity, got: %v, expected: %v", lease.Name, expectedAPIServerIdentity(t, hostname))
 		}

 		if lease.Labels[corev1.LabelHostname] != hostname {