github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fba69f7eb9
kubernetes/test/e2e/lifecycle/bootstrap/bootstrap_token_cleaner.go
Sergiusz Urbaniak 1495c9f2cd
test/e2e/*: default existing tests to privileged pod security policy 
This is to ensure that all existing tests don't break when defaulting
the pod security policy to restricted in the e2e test framework.
2022-04-05 08:41:12 +02:00

88 lines
2.9 KiB
Go
Raw Blame History

/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package bootstrap
import (
"context"
"time"
"github.com/onsi/ginkgo"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
clientset "k8s.io/client-go/kubernetes"
bootstrapapi "k8s.io/cluster-bootstrap/token/api"
"k8s.io/kubernetes/test/e2e/framework"
"k8s.io/kubernetes/test/e2e/lifecycle"
admissionapi "k8s.io/pod-security-admission/api"
)
var secretNeedClean string
var _ = lifecycle.SIGDescribe("[Feature:BootstrapTokens]", func() {
var c clientset.Interface
f := framework.NewDefaultFramework("bootstrap-token-cleaner")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() {
c = f.ClientSet
})
ginkgo.AfterEach(func() {
if len(secretNeedClean) > 0 {
ginkgo.By("delete the bootstrap token secret")
err := c.CoreV1().Secrets(metav1.NamespaceSystem).Delete(context.TODO(), secretNeedClean, metav1.DeleteOptions{})
secretNeedClean = ""
framework.ExpectNoError(err)
}
})
ginkgo.It("should delete the token secret when the secret expired", func() {
ginkgo.By("create a new expired bootstrap token secret")
tokenID, err := GenerateTokenID()
framework.ExpectNoError(err)
tokenSecret, err := GenerateTokenSecret()
framework.ExpectNoError(err)
secret := newTokenSecret(tokenID, tokenSecret)
addSecretExpiration(secret, TimeStringFromNow(-time.Hour))
_, err = c.CoreV1().Secrets(metav1.NamespaceSystem).Create(context.TODO(), secret, metav1.CreateOptions{})
framework.ExpectNoError(err)
ginkgo.By("wait for the bootstrap token secret be deleted")
err = WaitForBootstrapTokenSecretToDisappear(c, tokenID)
framework.ExpectNoError(err)
})
ginkgo.It("should not delete the token secret when the secret is not expired", func() {
ginkgo.By("create a new expired bootstrap token secret")
tokenID, err := GenerateTokenID()
framework.ExpectNoError(err)
tokenSecret, err := GenerateTokenSecret()
framework.ExpectNoError(err)
secret := newTokenSecret(tokenID, tokenSecret)
addSecretExpiration(secret, TimeStringFromNow(time.Hour))
_, err = c.CoreV1().Secrets(metav1.NamespaceSystem).Create(context.TODO(), secret, metav1.CreateOptions{})
secretNeedClean = bootstrapapi.BootstrapTokenSecretPrefix + tokenID
framework.ExpectNoError(err)
ginkgo.By("wait for the bootstrap token secret not be deleted")
err = WaitForBootstrapTokenSecretNotDisappear(c, tokenID, 20*time.Second)
framework.ExpectNoError(err)
})
})
Reference in New Issue View Git Blame Copy Permalink