MCPcopy
hub / github.com/kubernetes/client-go / TestTLSCredentials

Function TestTLSCredentials

plugin/pkg/client/auth/exec/exec_test.go:619–714  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

617}
618
619func TestTLSCredentials(t *testing.T) {
620 now := time.Now()
621
622 certPool := x509.NewCertPool()
623 cert, key := genClientCert(t)
624 if !certPool.AppendCertsFromPEM(cert) {
625 t.Fatal("failed to add client cert to CertPool")
626 }
627
628 server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
629 fmt.Fprintln(w, "ok")
630 }))
631 server.TLS = &tls.Config{
632 ClientAuth: tls.RequireAndVerifyClientCert,
633 ClientCAs: certPool,
634 }
635 server.StartTLS()
636 defer server.Close()
637
638 a, err := newAuthenticator(newCache(), &api.ExecConfig{
639 Command: "./testdata/test-plugin.sh",
640 APIVersion: "client.authentication.k8s.io/v1alpha1",
641 })
642 if err != nil {
643 t.Fatal(err)
644 }
645 var output *clientauthentication.ExecCredential
646 a.environ = func() []string {
647 data, err := runtime.Encode(codecs.LegacyCodec(a.group), output)
648 if err != nil {
649 t.Fatal(err)
650 }
651 return []string{"TEST_OUTPUT=" + string(data)}
652 }
653 a.now = func() time.Time { return now }
654 a.stderr = ioutil.Discard
655
656 // We're not interested in server's cert, this test is about client cert.
657 tc := &transport.Config{TLS: transport.TLSConfig{Insecure: true}}
658 if err := a.UpdateTransportConfig(tc); err != nil {
659 t.Fatal(err)
660 }
661
662 get := func(t *testing.T, desc string, wantErr bool) {
663 t.Run(desc, func(t *testing.T) {
664 tlsCfg, err := transport.TLSConfigFor(tc)
665 if err != nil {
666 t.Fatal("TLSConfigFor:", err)
667 }
668 client := http.Client{
669 Transport: &http.Transport{TLSClientConfig: tlsCfg},
670 }
671 resp, err := client.Get(server.URL)
672 switch {
673 case err != nil && !wantErr:
674 t.Errorf("got client.Get error: %q, want nil", err)
675 case err == nil && wantErr:
676 t.Error("got nil client.Get error, want non-nil")

Callers

nothing calls this directly

Calls 13

TLSConfigForFunction · 0.92
genClientCertFunction · 0.85
newAuthenticatorFunction · 0.85
newCacheFunction · 0.85
UpdateTransportConfigMethod · 0.80
NowMethod · 0.65
CloseMethod · 0.65
RunMethod · 0.65
GetMethod · 0.65
ErrorfMethod · 0.65
ErrorMethod · 0.65
AddMethod · 0.65

Tested by

no test coverage detected