(t *testing.T)
| 617 | } |
| 618 | |
| 619 | func TestTLSCredentials(t *testing.T) { |
| 620 | now := time.Now() |
| 621 | |
| 622 | certPool := x509.NewCertPool() |
| 623 | cert, key := genClientCert(t) |
| 624 | if !certPool.AppendCertsFromPEM(cert) { |
| 625 | t.Fatal("failed to add client cert to CertPool") |
| 626 | } |
| 627 | |
| 628 | server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 629 | fmt.Fprintln(w, "ok") |
| 630 | })) |
| 631 | server.TLS = &tls.Config{ |
| 632 | ClientAuth: tls.RequireAndVerifyClientCert, |
| 633 | ClientCAs: certPool, |
| 634 | } |
| 635 | server.StartTLS() |
| 636 | defer server.Close() |
| 637 | |
| 638 | a, err := newAuthenticator(newCache(), &api.ExecConfig{ |
| 639 | Command: "./testdata/test-plugin.sh", |
| 640 | APIVersion: "client.authentication.k8s.io/v1alpha1", |
| 641 | }) |
| 642 | if err != nil { |
| 643 | t.Fatal(err) |
| 644 | } |
| 645 | var output *clientauthentication.ExecCredential |
| 646 | a.environ = func() []string { |
| 647 | data, err := runtime.Encode(codecs.LegacyCodec(a.group), output) |
| 648 | if err != nil { |
| 649 | t.Fatal(err) |
| 650 | } |
| 651 | return []string{"TEST_OUTPUT=" + string(data)} |
| 652 | } |
| 653 | a.now = func() time.Time { return now } |
| 654 | a.stderr = ioutil.Discard |
| 655 | |
| 656 | // We're not interested in server's cert, this test is about client cert. |
| 657 | tc := &transport.Config{TLS: transport.TLSConfig{Insecure: true}} |
| 658 | if err := a.UpdateTransportConfig(tc); err != nil { |
| 659 | t.Fatal(err) |
| 660 | } |
| 661 | |
| 662 | get := func(t *testing.T, desc string, wantErr bool) { |
| 663 | t.Run(desc, func(t *testing.T) { |
| 664 | tlsCfg, err := transport.TLSConfigFor(tc) |
| 665 | if err != nil { |
| 666 | t.Fatal("TLSConfigFor:", err) |
| 667 | } |
| 668 | client := http.Client{ |
| 669 | Transport: &http.Transport{TLSClientConfig: tlsCfg}, |
| 670 | } |
| 671 | resp, err := client.Get(server.URL) |
| 672 | switch { |
| 673 | case err != nil && !wantErr: |
| 674 | t.Errorf("got client.Get error: %q, want nil", err) |
| 675 | case err == nil && wantErr: |
| 676 | t.Error("got nil client.Get error, want non-nil") |
nothing calls this directly
no test coverage detected