Adds IPv6 test cases to kubeadm certs and validation pkgs.

2017-06-13 18:16:42 -07:00
parent 6a644c25f8
commit d1633727ec
2 changed files with 101 additions and 72 deletions
--- a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
@@ -152,21 +152,26 @@ func TestValidateAPIServerCertSANs(t *testing.T) {

 func TestValidateIPFromString(t *testing.T) {
 	var tests = []struct {
+		name     string
 		ip       string
 		expected bool
 	}{
-		{"", false},           // not valid
-		{"1234", false},       // not valid
-		{"1.2", false},        // not valid
-		{"1.2.3.4/16", false}, // not valid
-		{"1.2.3.4", true},     // valid
-		{"16.0.1.1", true},    // valid
+		{"invalid missing address", "", false},
+		{"invalid missing decimal points in IPv4 address", "1234", false},
+		{"invalid incomplete IPv4 address", "1.2", false},
+		{"invalid IPv4 CIDR provided instead of IPv4 address", "1.2.3.4/16", false},
+		{"valid IPv4 address", "1.2.3.4", true},
+		{"valid IPv6 address", "2001:db8::1", true},
+		{"invalid IPv6 CIDR provided instead of IPv6 address", "2001:db8::1/64", false},
+		{"invalid hex character in IPv6 address", "2001:xb8::", false},
+		{"invalid use of colons in IPv6 address", "2001::db8::", false},
 	}
 	for _, rt := range tests {
 		actual := ValidateIPFromString(rt.ip, nil)
 		if (len(actual) == 0) != rt.expected {
 			t.Errorf(
-				"failed ValidateIPFromString:\n\texpected: %t\n\t  actual: %t",
+				"%s test case failed:\n\texpected: %t\n\t  actual: %t",
+				rt.name,
 				rt.expected,
 				(len(actual) == 0),
 			)
@@ -176,22 +181,27 @@ func TestValidateIPFromString(t *testing.T) {

 func TestValidateIPNetFromString(t *testing.T) {
 	var tests = []struct {
+		name     string
 		subnet   string
 		minaddrs int64
 		expected bool
 	}{
-		{"", 0, false},              // not valid
-		{"1234", 0, false},          // not valid
-		{"abc", 0, false},           // not valid
-		{"1.2.3.4", 0, false},       // ip not valid
-		{"10.0.0.16/29", 10, false}, // valid, but too small. At least 10 addrs needed
-		{"10.0.0.16/12", 10, true},  // valid
+		{"invalid missing CIDR", "", 0, false},
+		{"invalid CIDR missing decimal points in IPv4 address and / mask", "1234", 0, false},
+		{"invalid CIDR use of letters instead of numbers and / mask", "abc", 0, false},
+		{"invalid IPv4 address provided instead of CIDR representation", "1.2.3.4", 0, false},
+		{"invalid IPv6 address provided instead of CIDR representation", "2001:db8::1", 0, false},
+		{"valid, but IPv4 CIDR too small. At least 10 addresses needed", "10.0.0.16/29", 10, false},
+		{"valid, but IPv6 CIDR too small. At least 10 addresses needed", "2001:db8::/125", 10, false},
+		{"valid IPv4 CIDR", "10.0.0.16/12", 10, true},
+		{"valid IPv6 CIDR", "2001:db8::/98", 10, true},
 	}
 	for _, rt := range tests {
 		actual := ValidateIPNetFromString(rt.subnet, rt.minaddrs, nil)
 		if (len(actual) == 0) != rt.expected {
 			t.Errorf(
-				"failed ValidateIPNetFromString:\n\texpected: %t\n\t  actual: %t",
+				"%s test case failed :\n\texpected: %t\n\t  actual: %t",
+				rt.name,
 				rt.expected,
 				(len(actual) == 0),
 			)
@@ -202,11 +212,14 @@ func TestValidateIPNetFromString(t *testing.T) {
 func TestValidateMasterConfiguration(t *testing.T) {
 	nodename := "valid-nodename"
 	var tests = []struct {
+		name     string
 		s        *kubeadm.MasterConfiguration
 		expected bool
 	}{
-		{&kubeadm.MasterConfiguration{}, false},
-		{&kubeadm.MasterConfiguration{
+		{"invalid missing master configuration",
+			&kubeadm.MasterConfiguration{}, false},
+		{"invalid missing token with IPv4 service subnet",
+			&kubeadm.MasterConfiguration{
 				AuthorizationModes: []string{"Node", "RBAC"},
 				Networking: kubeadm.Networking{
 					ServiceSubnet: "10.96.0.1/12",
@@ -215,7 +228,28 @@ func TestValidateMasterConfiguration(t *testing.T) {
 				CertificatesDir: "/some/cert/dir",
 				NodeName:        nodename,
 			}, false},
-		{&kubeadm.MasterConfiguration{
+		{"invalid missing token with IPv6 service subnet",
+			&kubeadm.MasterConfiguration{
+				AuthorizationModes: []string{"Node", "RBAC"},
+				Networking: kubeadm.Networking{
+					ServiceSubnet: "2001:db8::1/98",
+					DNSDomain:     "cluster.local",
+				},
+				CertificatesDir: "/some/cert/dir",
+				NodeName:        nodename,
+			}, false},
+		{"invalid missing node name",
+			&kubeadm.MasterConfiguration{
+				AuthorizationModes: []string{"Node", "RBAC"},
+				Networking: kubeadm.Networking{
+					ServiceSubnet: "10.96.0.1/12",
+					DNSDomain:     "cluster.local",
+				},
+				CertificatesDir: "/some/other/cert/dir",
+				Token:           "abcdef.0123456789abcdef",
+			}, false},
+		{"valid master configuration with IPv4 service subnet",
+			&kubeadm.MasterConfiguration{
 				AuthorizationModes: []string{"Node", "RBAC"},
 				Networking: kubeadm.Networking{
 					ServiceSubnet: "10.96.0.1/12",
@@ -225,19 +259,11 @@ func TestValidateMasterConfiguration(t *testing.T) {
 				Token:           "abcdef.0123456789abcdef",
 				NodeName:        nodename,
 			}, true},
-		{&kubeadm.MasterConfiguration{
+		{"valid master configuration using IPv6 service subnet",
+			&kubeadm.MasterConfiguration{
 				AuthorizationModes: []string{"Node", "RBAC"},
 				Networking: kubeadm.Networking{
-				ServiceSubnet: "2001:db8::/98",
-				DNSDomain:     "cluster.local",
-			},
-			CertificatesDir: "/some/cert/dir",
-			NodeName:        nodename,
-		}, false},
-		{&kubeadm.MasterConfiguration{
-			AuthorizationModes: []string{"Node", "RBAC"},
-			Networking: kubeadm.Networking{
-				ServiceSubnet: "2001:db8::/98",
+					ServiceSubnet: "2001:db8::1/98",
 					DNSDomain:     "cluster.local",
 				},
 				CertificatesDir: "/some/other/cert/dir",
@@ -249,7 +275,8 @@ func TestValidateMasterConfiguration(t *testing.T) {
 		actual := ValidateMasterConfiguration(rt.s)
 		if (len(actual) == 0) != rt.expected {
 			t.Errorf(
-				"failed ValidateMasterConfiguration:\n\texpected: %t\n\t  actual: %t",
+				"%s test case failed:\n\texpected: %t\n\t  actual: %t",
+				rt.name,
 				rt.expected,
 				(len(actual) == 0),
 			)
--- a/cmd/kubeadm/app/phases/certs/certs_test.go
+++ b/cmd/kubeadm/app/phases/certs/certs_test.go
@@ -37,9 +37,10 @@ func TestNewCACertAndKey(t *testing.T) {
 func TestNewAPIServerCertAndKey(t *testing.T) {
 	hostname := "valid-hostname"

-	advertiseIP := "1.2.3.4"
+	advertiseAddresses := []string{"1.2.3.4", "1:2:3::4"}
+	for _, addr := range advertiseAddresses {
 		cfg := &kubeadmapi.MasterConfiguration{
-		API:        kubeadmapi.API{AdvertiseAddress: advertiseIP},
+			API:        kubeadmapi.API{AdvertiseAddress: addr},
 			Networking: kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
 			NodeName:   "valid-hostname",
 		}
@@ -56,10 +57,11 @@ func TestNewAPIServerCertAndKey(t *testing.T) {
 		for _, DNSName := range []string{hostname, "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster.local"} {
 			assertHasDNSNames(t, apiServerCert, DNSName)
 		}
-	for _, IPAddress := range []string{"10.96.0.1", advertiseIP} {
+		for _, IPAddress := range []string{"10.96.0.1", addr} {
 			assertHasIPAddresses(t, apiServerCert, net.ParseIP(IPAddress))
 		}
 	}
+}

 func TestNewAPIServerKubeletClientCertAndKey(t *testing.T) {
 	caCert, caKey, err := NewCACertAndKey()