Skip to content

Commit

Permalink
test: Add skip TLS certificate verification case
Browse files Browse the repository at this point in the history
  • Loading branch information
mayooot committed Dec 24, 2024
1 parent 1660b36 commit ac71185
Showing 1 changed file with 121 additions and 1 deletion.
122 changes: 121 additions & 1 deletion cmd/add_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -351,7 +351,7 @@ func TestAddToLocal(t *testing.T) {
}

// Test AddToLocal function
err = AddToLocal(newConfig, tempFile.Name(), "", true, false, []string{"context"}, []string{})
err = AddToLocal(newConfig, tempFile.Name(), "", true, false, []string{"context"}, []string{}, false)
if err != nil {
t.Fatalf("Failed to add to local: %v", err)
}
Expand Down Expand Up @@ -447,3 +447,123 @@ func TestGenerateContextName(t *testing.T) {
})
}
}

func TestAddToLocal_InsecureSkipTLSVerify(t *testing.T) {
oldCfg := clientcmdapi.Config{
Contexts: map[string]*clientcmdapi.Context{
"old-context": {AuthInfo: "old-user", Cluster: "old-cluster"},
},
AuthInfos: map[string]*clientcmdapi.AuthInfo{
"old-user": {},
},
Clusters: map[string]*clientcmdapi.Cluster{
"old-cluster": {Server: "https://old.example.org"},
},
CurrentContext: "old-context",
}

oldFile, err := os.CreateTemp("", "old-kubeconfig-*.yaml")
if err != nil {
t.Fatalf("failed to create temp file for old config: %v", err)
}
defer os.Remove(oldFile.Name())
defer oldFile.Close()

if err := clientcmd.WriteToFile(oldCfg, oldFile.Name()); err != nil {
t.Fatalf("failed to write old config to file: %v", err)
}

cfgFile = oldFile.Name()

newCfg := &clientcmdapi.Config{
Clusters: map[string]*clientcmdapi.Cluster{
"test-cluster": {
Server: "https://test.example.org",
CertificateAuthority: "/fake/ca/path",
CertificateAuthorityData: []byte("fake-ca-data"),
InsecureSkipTLSVerify: false,
},
},
AuthInfos: map[string]*clientcmdapi.AuthInfo{
"test-authinfo": {Token: "test-token"},
},
Contexts: map[string]*clientcmdapi.Context{
"test-context": {
AuthInfo: "test-authinfo",
Cluster: "test-cluster",
Namespace: "test-namespace",
},
},
CurrentContext: "test-context",
}

tests := []struct {
name string
insecureSkipTLSVerify bool
wantInsecureSkipTLS bool
wantCertificateAuthNil bool
}{
{
name: "InsecureSkipTLSVerify=false",
insecureSkipTLSVerify: false,
wantInsecureSkipTLS: false,
wantCertificateAuthNil: false, // dont clear CA
},
{
name: "InsecureSkipTLSVerify=true",
insecureSkipTLSVerify: true,
wantInsecureSkipTLS: true,
wantCertificateAuthNil: true, // will clear CA
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if err := clientcmd.WriteToFile(oldCfg, oldFile.Name()); err != nil {
t.Fatalf("failed to re-write old config to file: %v", err)
}

err = AddToLocal(
newCfg.DeepCopy(),
"fake-path",
"",
true,
false,
[]string{"context"},
[]string{},
tt.insecureSkipTLSVerify,
)
if err != nil {
t.Fatalf("AddToLocal() failed: %v", err)
}

merged, err := clientcmd.LoadFromFile(oldFile.Name())
if err != nil {
t.Fatalf("failed to load config from file: %v", err)
}

cluster, ok := merged.Clusters["test-cluster"]
if !ok {
t.Fatalf("cluster 'test-cluster' not found in merged config")
}

if cluster.InsecureSkipTLSVerify != tt.wantInsecureSkipTLS {
t.Errorf("got InsecureSkipTLSVerify=%v, want %v",
cluster.InsecureSkipTLSVerify, tt.wantInsecureSkipTLS)
}

if tt.wantCertificateAuthNil {
if cluster.CertificateAuthority != "" || len(cluster.CertificateAuthorityData) != 0 {
t.Errorf("CertificateAuthority/CertificateAuthorityData not cleared, got path=%q data=%q",
cluster.CertificateAuthority, string(cluster.CertificateAuthorityData))
}
} else {
if cluster.CertificateAuthority != "/fake/ca/path" ||
string(cluster.CertificateAuthorityData) != "fake-ca-data" {
t.Errorf("CertificateAuthority/CertificateAuthorityData changed unexpectedly, got path=%q data=%q",
cluster.CertificateAuthority, string(cluster.CertificateAuthorityData))
}
}
})
}
}

0 comments on commit ac71185

Please sign in to comment.