mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-11-02 03:08:15 +00:00
use the ClusterTrustBundles beta API
This commit is contained in:
Stanislav Láznička
@@ -23,7 +23,7 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
certificatesv1alpha1 "k8s.io/api/certificates/v1alpha1"
|
||||
certificatesv1beta1 "k8s.io/api/certificates/v1beta1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/component-base/metrics/legacyregistry"
|
||||
"k8s.io/component-base/metrics/testutil"
|
||||
@@ -50,7 +50,7 @@ clustertrustbundle_publisher_sync_total{code="200"} 1
|
||||
},
|
||||
{
|
||||
desc: "kube api error",
|
||||
err: apierrors.NewNotFound(certificatesv1alpha1.Resource("clustertrustbundle"), "test.test:testSigner:something"),
|
||||
err: apierrors.NewNotFound(certificatesv1beta1.Resource("clustertrustbundle"), "test.test:testSigner:something"),
|
||||
metrics: []string{
|
||||
"clustertrustbundle_publisher_sync_total",
|
||||
},
|
||||
|
||||
@@ -23,7 +23,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
certificatesv1alpha1 "k8s.io/api/certificates/v1alpha1"
|
||||
certificatesv1beta1 "k8s.io/api/certificates/v1beta1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/fields"
|
||||
@@ -31,9 +31,9 @@ import (
|
||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
"k8s.io/apiserver/pkg/server/dynamiccertificates"
|
||||
certinformers "k8s.io/client-go/informers/certificates/v1alpha1"
|
||||
certinformers "k8s.io/client-go/informers/certificates/v1beta1"
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
certlisters "k8s.io/client-go/listers/certificates/v1alpha1"
|
||||
certlisters "k8s.io/client-go/listers/certificates/v1beta1"
|
||||
"k8s.io/client-go/tools/cache"
|
||||
"k8s.io/client-go/util/workqueue"
|
||||
"k8s.io/klog/v2"
|
||||
@@ -174,11 +174,11 @@ func (p *ClusterTrustBundlePublisher) syncClusterTrustBundle(ctx context.Context
|
||||
|
||||
bundle, err := p.ctbLister.Get(bundleName)
|
||||
if apierrors.IsNotFound(err) {
|
||||
_, err = p.client.CertificatesV1alpha1().ClusterTrustBundles().Create(ctx, &certificatesv1alpha1.ClusterTrustBundle{
|
||||
_, err = p.client.CertificatesV1beta1().ClusterTrustBundles().Create(ctx, &certificatesv1beta1.ClusterTrustBundle{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: bundleName,
|
||||
},
|
||||
Spec: certificatesv1alpha1.ClusterTrustBundleSpec{
|
||||
Spec: certificatesv1beta1.ClusterTrustBundleSpec{
|
||||
SignerName: p.signerName,
|
||||
TrustBundle: caBundle,
|
||||
},
|
||||
@@ -186,7 +186,7 @@ func (p *ClusterTrustBundlePublisher) syncClusterTrustBundle(ctx context.Context
|
||||
} else if err == nil && bundle.Spec.TrustBundle != caBundle {
|
||||
bundle = bundle.DeepCopy()
|
||||
bundle.Spec.TrustBundle = caBundle
|
||||
_, err = p.client.CertificatesV1alpha1().ClusterTrustBundles().Update(ctx, bundle, metav1.UpdateOptions{})
|
||||
_, err = p.client.CertificatesV1beta1().ClusterTrustBundles().Update(ctx, bundle, metav1.UpdateOptions{})
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
@@ -205,7 +205,7 @@ func (p *ClusterTrustBundlePublisher) syncClusterTrustBundle(ctx context.Context
|
||||
continue
|
||||
}
|
||||
|
||||
if err := p.client.CertificatesV1alpha1().ClusterTrustBundles().Delete(ctx, bundleObject.Name, metav1.DeleteOptions{}); err != nil && !apierrors.IsNotFound(err) {
|
||||
if err := p.client.CertificatesV1beta1().ClusterTrustBundles().Delete(ctx, bundleObject.Name, metav1.DeleteOptions{}); err != nil && !apierrors.IsNotFound(err) {
|
||||
klog.FromContext(ctx).Error(err, "failed to remove a cluster trust bundle", "bundleName", bundleObject.Name)
|
||||
deletionError = err
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ import (
|
||||
cryptorand "crypto/rand"
|
||||
"testing"
|
||||
|
||||
certificatesv1alpha1 "k8s.io/api/certificates/v1alpha1"
|
||||
certificatesv1beta1 "k8s.io/api/certificates/v1beta1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apiserver/pkg/server/dynamiccertificates"
|
||||
@@ -44,7 +44,7 @@ func TestCTBPublisherSync(t *testing.T) {
|
||||
|
||||
createAction := expectAction[clienttesting.CreateAction](t, filteredActions[0], "create")
|
||||
|
||||
ctb, ok := createAction.GetObject().(*certificatesv1alpha1.ClusterTrustBundle)
|
||||
ctb, ok := createAction.GetObject().(*certificatesv1beta1.ClusterTrustBundle)
|
||||
if !ok {
|
||||
t.Fatalf("expected ClusterTrustBundle create, got %v", createAction.GetObject())
|
||||
}
|
||||
@@ -63,7 +63,7 @@ func TestCTBPublisherSync(t *testing.T) {
|
||||
|
||||
updateAction := expectAction[clienttesting.UpdateAction](t, filteredActions[0], "update")
|
||||
|
||||
ctb, ok := updateAction.GetObject().(*certificatesv1alpha1.ClusterTrustBundle)
|
||||
ctb, ok := updateAction.GetObject().(*certificatesv1beta1.ClusterTrustBundle)
|
||||
if !ok {
|
||||
t.Fatalf("expected ClusterTrustBundle update, got %v", updateAction.GetObject())
|
||||
}
|
||||
@@ -109,19 +109,19 @@ func TestCTBPublisherSync(t *testing.T) {
|
||||
{
|
||||
name: "no CTBs for the current signer exist",
|
||||
existingCTBs: []runtime.Object{
|
||||
&certificatesv1alpha1.ClusterTrustBundle{
|
||||
&certificatesv1beta1.ClusterTrustBundle{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "nosigner",
|
||||
},
|
||||
Spec: certificatesv1alpha1.ClusterTrustBundleSpec{
|
||||
Spec: certificatesv1beta1.ClusterTrustBundleSpec{
|
||||
TrustBundle: "somedatahere",
|
||||
},
|
||||
},
|
||||
&certificatesv1alpha1.ClusterTrustBundle{
|
||||
&certificatesv1beta1.ClusterTrustBundle{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "signer:one",
|
||||
},
|
||||
Spec: certificatesv1alpha1.ClusterTrustBundleSpec{
|
||||
Spec: certificatesv1beta1.ClusterTrustBundleSpec{
|
||||
SignerName: "signer",
|
||||
TrustBundle: "signerdata",
|
||||
},
|
||||
@@ -132,11 +132,11 @@ func TestCTBPublisherSync(t *testing.T) {
|
||||
{
|
||||
name: "CTB for the signer exists with different content",
|
||||
existingCTBs: []runtime.Object{
|
||||
&certificatesv1alpha1.ClusterTrustBundle{
|
||||
&certificatesv1beta1.ClusterTrustBundle{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: testBundleName,
|
||||
},
|
||||
Spec: certificatesv1alpha1.ClusterTrustBundleSpec{
|
||||
Spec: certificatesv1beta1.ClusterTrustBundleSpec{
|
||||
SignerName: testSignerName,
|
||||
TrustBundle: "olddata",
|
||||
},
|
||||
@@ -147,20 +147,20 @@ func TestCTBPublisherSync(t *testing.T) {
|
||||
{
|
||||
name: "multiple CTBs for the signer",
|
||||
existingCTBs: []runtime.Object{
|
||||
&certificatesv1alpha1.ClusterTrustBundle{
|
||||
&certificatesv1beta1.ClusterTrustBundle{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: testBundleName,
|
||||
},
|
||||
Spec: certificatesv1alpha1.ClusterTrustBundleSpec{
|
||||
Spec: certificatesv1beta1.ClusterTrustBundleSpec{
|
||||
SignerName: testSignerName,
|
||||
TrustBundle: string(testCAProvider.CurrentCABundleContent()),
|
||||
},
|
||||
},
|
||||
&certificatesv1alpha1.ClusterTrustBundle{
|
||||
&certificatesv1beta1.ClusterTrustBundle{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "test.test/testSigner:name2",
|
||||
},
|
||||
Spec: certificatesv1alpha1.ClusterTrustBundleSpec{
|
||||
Spec: certificatesv1beta1.ClusterTrustBundleSpec{
|
||||
SignerName: testSignerName,
|
||||
TrustBundle: string(testCAProvider.CurrentCABundleContent()),
|
||||
},
|
||||
@@ -171,20 +171,20 @@ func TestCTBPublisherSync(t *testing.T) {
|
||||
{
|
||||
name: "multiple CTBs for the signer - the one with the proper name needs changing",
|
||||
existingCTBs: []runtime.Object{
|
||||
&certificatesv1alpha1.ClusterTrustBundle{
|
||||
&certificatesv1beta1.ClusterTrustBundle{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: testBundleName,
|
||||
},
|
||||
Spec: certificatesv1alpha1.ClusterTrustBundleSpec{
|
||||
Spec: certificatesv1beta1.ClusterTrustBundleSpec{
|
||||
SignerName: testSignerName,
|
||||
TrustBundle: "olddata",
|
||||
},
|
||||
},
|
||||
&certificatesv1alpha1.ClusterTrustBundle{
|
||||
&certificatesv1beta1.ClusterTrustBundle{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "test.test/testSigner:name2",
|
||||
},
|
||||
Spec: certificatesv1alpha1.ClusterTrustBundleSpec{
|
||||
Spec: certificatesv1beta1.ClusterTrustBundleSpec{
|
||||
SignerName: testSignerName,
|
||||
TrustBundle: string(testCAProvider.CurrentCABundleContent()),
|
||||
},
|
||||
@@ -202,11 +202,11 @@ func TestCTBPublisherSync(t *testing.T) {
|
||||
{
|
||||
name: "another CTB with a different name exists for the signer",
|
||||
existingCTBs: []runtime.Object{
|
||||
&certificatesv1alpha1.ClusterTrustBundle{
|
||||
&certificatesv1beta1.ClusterTrustBundle{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "test.test/testSigner:preexisting",
|
||||
},
|
||||
Spec: certificatesv1alpha1.ClusterTrustBundleSpec{
|
||||
Spec: certificatesv1beta1.ClusterTrustBundleSpec{
|
||||
SignerName: testSignerName,
|
||||
TrustBundle: string(testCAProvider.CurrentCABundleContent()),
|
||||
},
|
||||
@@ -224,28 +224,28 @@ func TestCTBPublisherSync(t *testing.T) {
|
||||
{
|
||||
name: "CTB at the correct state - noop",
|
||||
existingCTBs: []runtime.Object{
|
||||
&certificatesv1alpha1.ClusterTrustBundle{
|
||||
&certificatesv1beta1.ClusterTrustBundle{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "nosigner",
|
||||
},
|
||||
Spec: certificatesv1alpha1.ClusterTrustBundleSpec{
|
||||
Spec: certificatesv1beta1.ClusterTrustBundleSpec{
|
||||
TrustBundle: "somedatahere",
|
||||
},
|
||||
},
|
||||
&certificatesv1alpha1.ClusterTrustBundle{
|
||||
&certificatesv1beta1.ClusterTrustBundle{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "signer:one",
|
||||
},
|
||||
Spec: certificatesv1alpha1.ClusterTrustBundleSpec{
|
||||
Spec: certificatesv1beta1.ClusterTrustBundleSpec{
|
||||
SignerName: "signer",
|
||||
TrustBundle: "signerdata",
|
||||
},
|
||||
},
|
||||
&certificatesv1alpha1.ClusterTrustBundle{
|
||||
&certificatesv1beta1.ClusterTrustBundle{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: testBundleName,
|
||||
},
|
||||
Spec: certificatesv1alpha1.ClusterTrustBundleSpec{
|
||||
Spec: certificatesv1beta1.ClusterTrustBundleSpec{
|
||||
SignerName: testSignerName,
|
||||
TrustBundle: string(testCAProvider.CurrentCABundleContent()),
|
||||
},
|
||||
@@ -297,9 +297,9 @@ func fakeKubeClientSetWithCTBList(t *testing.T, signerName string, ctbs ...runti
|
||||
return false, nil, nil
|
||||
}
|
||||
|
||||
retList := &certificatesv1alpha1.ClusterTrustBundleList{}
|
||||
retList := &certificatesv1beta1.ClusterTrustBundleList{}
|
||||
for _, ctb := range ctbs {
|
||||
ctbObj, ok := ctb.(*certificatesv1alpha1.ClusterTrustBundle)
|
||||
ctbObj, ok := ctb.(*certificatesv1beta1.ClusterTrustBundle)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user