Skip to content

Commit cb2c6de

Browse files
dkoshkindkoshkin
committed
test: additional cases for image registry CA
1 parent 6f8b4fb commit cb2c6de

File tree

1 file changed

+83
-9
lines changed

1 file changed

+83
-9
lines changed

pkg/handlers/generic/mutation/mirrors/inject_test.go

Lines changed: 83 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,6 @@ import (
2424
const (
2525
validMirrorCASecretName = "myregistry-mirror-cacert"
2626
validMirrorNoCASecretName = "myregistry-mirror-no-cacert"
27-
//nolint:gosec // Does not contain hard coded credentials.
28-
cpRegistryAsMirrorCreds = "kubeadmControlPlaneRegistryAsMirrorCreds"
29-
//nolint:gosec // Does not contain hard coded credentials.
30-
workerRegistryAsMirrorCreds = "kubeadmConfigTemplateRegistryAsMirrorCreds"
3127
)
3228

3329
func TestMirrorsPatch(t *testing.T) {
@@ -93,7 +89,7 @@ var _ = Describe("Generate Global mirror patches", func() {
9389
v1alpha1.GlobalMirrorVariableName,
9490
),
9591
},
96-
RequestItem: request.NewKubeadmControlPlaneTemplateRequest("", cpRegistryAsMirrorCreds),
92+
RequestItem: request.NewKubeadmControlPlaneTemplateRequestItem(""),
9793
ExpectedPatchMatchers: []capitest.JSONPatchMatcher{
9894
{
9995
Operation: "add",
@@ -128,7 +124,7 @@ var _ = Describe("Generate Global mirror patches", func() {
128124
v1alpha1.GlobalMirrorVariableName,
129125
),
130126
},
131-
RequestItem: request.NewKubeadmControlPlaneTemplateRequest("", cpRegistryAsMirrorCreds),
127+
RequestItem: request.NewKubeadmControlPlaneTemplateRequestItem(""),
132128
ExpectedPatchMatchers: []capitest.JSONPatchMatcher{
133129
{
134130
Operation: "add",
@@ -145,7 +141,42 @@ var _ = Describe("Generate Global mirror patches", func() {
145141
},
146142
},
147143
{
148-
Name: "files added in KubeadmConfigTemplate for registry mirror wihthout CA certificate secret",
144+
Name: "files added in KubeadmControlPlaneTemplate for image registry with CA Certificate secret",
145+
Vars: []runtimehooksv1.Variable{
146+
capitest.VariableWithValue(
147+
v1alpha1.ClusterConfigVariableName,
148+
[]v1alpha1.ImageRegistry{{
149+
URL: "https://registry.example.com",
150+
Credentials: &v1alpha1.RegistryCredentials{
151+
SecretRef: &v1alpha1.LocalObjectReference{
152+
Name: validMirrorCASecretName,
153+
},
154+
},
155+
}},
156+
v1alpha1.ImageRegistriesVariableName,
157+
),
158+
},
159+
RequestItem: request.NewKubeadmControlPlaneTemplateRequestItem(""),
160+
ExpectedPatchMatchers: []capitest.JSONPatchMatcher{
161+
{
162+
Operation: "add",
163+
Path: "/spec/template/spec/kubeadmConfigSpec/files",
164+
ValueMatcher: gomega.HaveExactElements(
165+
gomega.HaveKeyWithValue(
166+
"path", "/etc/containerd/certs.d/_default/hosts.toml",
167+
),
168+
gomega.HaveKeyWithValue(
169+
"path", "/etc/certs/registry.example.com.pem",
170+
),
171+
gomega.HaveKeyWithValue(
172+
"path", "/etc/caren/containerd/patches/registry-config.toml",
173+
),
174+
),
175+
},
176+
},
177+
},
178+
{
179+
Name: "files added in KubeadmConfigTemplate for registry mirror without CA certificate secret",
149180
Vars: []runtimehooksv1.Variable{
150181
capitest.VariableWithValue(
151182
v1alpha1.ClusterConfigVariableName,
@@ -203,7 +234,7 @@ var _ = Describe("Generate Global mirror patches", func() {
203234
},
204235
),
205236
},
206-
RequestItem: request.NewKubeadmConfigTemplateRequest("", workerRegistryAsMirrorCreds),
237+
RequestItem: request.NewKubeadmConfigTemplateRequestItem(""),
207238
ExpectedPatchMatchers: []capitest.JSONPatchMatcher{
208239
{
209240
Operation: "add",
@@ -246,7 +277,47 @@ var _ = Describe("Generate Global mirror patches", func() {
246277
},
247278
),
248279
},
249-
RequestItem: request.NewKubeadmConfigTemplateRequest("", workerRegistryAsMirrorCreds),
280+
RequestItem: request.NewKubeadmConfigTemplateRequestItem(""),
281+
ExpectedPatchMatchers: []capitest.JSONPatchMatcher{
282+
{
283+
Operation: "add",
284+
Path: "/spec/template/spec/files",
285+
ValueMatcher: gomega.HaveExactElements(
286+
gomega.HaveKeyWithValue(
287+
"path", "/etc/containerd/certs.d/_default/hosts.toml",
288+
),
289+
gomega.HaveKeyWithValue(
290+
"path", "/etc/caren/containerd/patches/registry-config.toml",
291+
),
292+
),
293+
},
294+
},
295+
},
296+
{
297+
Name: "files added in KubeadmConfigTemplate for image registry with secret for CA certificate",
298+
Vars: []runtimehooksv1.Variable{
299+
capitest.VariableWithValue(
300+
v1alpha1.ClusterConfigVariableName,
301+
[]v1alpha1.ImageRegistry{{
302+
URL: "https://registry.example.com",
303+
Credentials: &v1alpha1.RegistryCredentials{
304+
SecretRef: &v1alpha1.LocalObjectReference{
305+
Name: validMirrorCASecretName,
306+
},
307+
},
308+
}},
309+
v1alpha1.ImageRegistriesVariableName,
310+
),
311+
capitest.VariableWithValue(
312+
"builtin",
313+
map[string]any{
314+
"machineDeployment": map[string]any{
315+
"class": names.SimpleNameGenerator.GenerateName("worker-"),
316+
},
317+
},
318+
),
319+
},
320+
RequestItem: request.NewKubeadmConfigTemplateRequestItem(""),
250321
ExpectedPatchMatchers: []capitest.JSONPatchMatcher{
251322
{
252323
Operation: "add",
@@ -255,6 +326,9 @@ var _ = Describe("Generate Global mirror patches", func() {
255326
gomega.HaveKeyWithValue(
256327
"path", "/etc/containerd/certs.d/_default/hosts.toml",
257328
),
329+
gomega.HaveKeyWithValue(
330+
"path", "/etc/certs/registry.example.com.pem",
331+
),
258332
gomega.HaveKeyWithValue(
259333
"path", "/etc/caren/containerd/patches/registry-config.toml",
260334
),

0 commit comments

Comments
 (0)