Merge pull request #60 from dlorenc/remove_weave
Add tests for the certificate generation code, and only generate if the IPs don't match.pull/62/head
dlorenc
commit
09c1b40537
|
|
@ -56,8 +56,12 @@ func init() {
|
|||
|
||||
func SetupServer(s *localkube.LocalkubeServer) {
|
||||
|
||||
err := s.GenerateCerts()
|
||||
hostIP, err := s.GetHostIP()
|
||||
if err != nil {
|
||||
fmt.Println("Error getting host IP!")
|
||||
panic(err)
|
||||
}
|
||||
if err := s.GenerateCerts(hostIP); err != nil {
|
||||
fmt.Println("Failed to create certificates!")
|
||||
panic(err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,10 @@ limitations under the License.
|
|||
package localkube
|
||||
|
||||
import (
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"path"
|
||||
|
||||
|
|
@ -82,20 +85,52 @@ func (lk LocalkubeServer) GetHostIP() (net.IP, error) {
|
|||
return utilnet.ChooseBindAddress(net.ParseIP("0.0.0.0"))
|
||||
}
|
||||
|
||||
func (lk LocalkubeServer) GenerateCerts() error {
|
||||
func (lk LocalkubeServer) loadCert(path string) (*x509.Certificate, error) {
|
||||
contents, err := ioutil.ReadFile(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
decoded, _ := pem.Decode(contents)
|
||||
if decoded == nil {
|
||||
return nil, fmt.Errorf("Unable to decode certificate.")
|
||||
}
|
||||
|
||||
if util.CanReadFile(lk.GetPublicKeyCertPath()) && util.CanReadFile(lk.GetPrivateKeyCertPath()) {
|
||||
return x509.ParseCertificate(decoded.Bytes)
|
||||
}
|
||||
|
||||
func (lk LocalkubeServer) shouldGenerateCerts(hostIP net.IP) bool {
|
||||
if !(util.CanReadFile(lk.GetPublicKeyCertPath()) &&
|
||||
util.CanReadFile(lk.GetPrivateKeyCertPath())) {
|
||||
fmt.Println("Regenerating certs because the files aren't readable.")
|
||||
return true
|
||||
}
|
||||
|
||||
cert, err := lk.loadCert(lk.GetPublicKeyCertPath())
|
||||
if err != nil {
|
||||
fmt.Println("Regenerating certs because there was an error loading the certificate: ", err)
|
||||
return true
|
||||
}
|
||||
|
||||
for _, certIP := range cert.IPAddresses {
|
||||
if certIP.Equal(hostIP) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
fmt.Printf(
|
||||
"Regenerating certs because the IP didn't match. Got %s, expected %s",
|
||||
cert.IPAddresses, hostIP)
|
||||
return true
|
||||
}
|
||||
|
||||
func (lk LocalkubeServer) GenerateCerts(hostIP net.IP) error {
|
||||
|
||||
if !lk.shouldGenerateCerts(hostIP) {
|
||||
fmt.Println("Using these existing certs: ", lk.GetPublicKeyCertPath(), lk.GetPrivateKeyCertPath())
|
||||
return nil
|
||||
}
|
||||
|
||||
alternateIPs := []net.IP{lk.ServiceClusterIPRange.IP}
|
||||
alternateDNS := []string{fmt.Sprintf("%s.%s", "kubernetes.default.svc", lk.DNSDomain), "kubernetes.default.svc", "kubernetes.default", "kubernetes"}
|
||||
hostIP, err := lk.GetHostIP()
|
||||
if err != nil {
|
||||
fmt.Println("Failed to get host IP: ", err)
|
||||
return err
|
||||
}
|
||||
|
||||
if err := utilcrypto.GenerateSelfSignedCert(hostIP.String(), lk.GetPublicKeyCertPath(), lk.GetPrivateKeyCertPath(), alternateIPs, alternateDNS); err != nil {
|
||||
fmt.Println("Failed to create certs: ", err)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,123 @@
|
|||
/*
|
||||
Copyright 2016 The Kubernetes Authors All rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package localkube
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"k8s.io/minikube/pkg/minikube/tests"
|
||||
)
|
||||
|
||||
var testIP = net.ParseIP("1.2.3.4")
|
||||
|
||||
func TestGenerateCerts(t *testing.T) {
|
||||
tempDir := tests.MakeTempDir()
|
||||
defer os.RemoveAll(tempDir)
|
||||
os.Mkdir(filepath.Join(tempDir, "certs"), 0777)
|
||||
|
||||
_, ipRange, _ := net.ParseCIDR("10.0.0.0/24")
|
||||
lk := LocalkubeServer{
|
||||
LocalkubeDirectory: tempDir,
|
||||
ServiceClusterIPRange: *ipRange,
|
||||
}
|
||||
|
||||
if err := lk.GenerateCerts(testIP); err != nil {
|
||||
t.Fatalf("Unexpected error generating certs: %s", err)
|
||||
}
|
||||
|
||||
for _, f := range []string{"apiserver.crt", "apiserver.key"} {
|
||||
p := filepath.Join(tempDir, "certs", f)
|
||||
_, err := os.Stat(p)
|
||||
if os.IsNotExist(err) {
|
||||
t.Fatalf("Certificate not created: %s", p)
|
||||
}
|
||||
}
|
||||
cert, err := lk.loadCert(filepath.Join(tempDir, "certs", "apiserver.crt"))
|
||||
if err != nil {
|
||||
t.Fatalf("Error parsing cert: %s", err)
|
||||
}
|
||||
if !cert.IPAddresses[0].Equal(testIP) {
|
||||
t.Fatalf("IP mismatch: %s != %s.", cert.IPAddresses[0], testIP)
|
||||
}
|
||||
}
|
||||
|
||||
func TestShouldGenerateCertsNoFiles(t *testing.T) {
|
||||
lk := LocalkubeServer{LocalkubeDirectory: "baddir"}
|
||||
if !lk.shouldGenerateCerts(testIP) {
|
||||
t.Fatalf("No certs exist, we should generate.")
|
||||
}
|
||||
}
|
||||
|
||||
func TestShouldGenerateCertsOneFile(t *testing.T) {
|
||||
tempDir := tests.MakeTempDir()
|
||||
defer os.RemoveAll(tempDir)
|
||||
os.Mkdir(filepath.Join(tempDir, "certs"), 0777)
|
||||
ioutil.WriteFile(filepath.Join(tempDir, "certs", "apiserver.crt"), []byte(""), 0644)
|
||||
lk := LocalkubeServer{LocalkubeDirectory: tempDir}
|
||||
if !lk.shouldGenerateCerts(testIP) {
|
||||
t.Fatalf("Not all certs exist, we should generate.")
|
||||
}
|
||||
}
|
||||
|
||||
func TestShouldGenerateCertsBadFiles(t *testing.T) {
|
||||
tempDir := tests.MakeTempDir()
|
||||
defer os.RemoveAll(tempDir)
|
||||
os.Mkdir(filepath.Join(tempDir, "certs"), 0777)
|
||||
for _, f := range []string{"apiserver.crt", "apiserver.key"} {
|
||||
ioutil.WriteFile(filepath.Join(tempDir, "certs", f), []byte(""), 0644)
|
||||
}
|
||||
lk := LocalkubeServer{LocalkubeDirectory: tempDir}
|
||||
if !lk.shouldGenerateCerts(testIP) {
|
||||
t.Fatalf("Certs are badly formatted, we should generate.")
|
||||
}
|
||||
}
|
||||
|
||||
func TestShouldGenerateCertsMismatchedIP(t *testing.T) {
|
||||
tempDir := tests.MakeTempDir()
|
||||
defer os.RemoveAll(tempDir)
|
||||
os.Mkdir(filepath.Join(tempDir, "certs"), 0777)
|
||||
|
||||
_, ipRange, _ := net.ParseCIDR("10.0.0.0/24")
|
||||
lk := LocalkubeServer{
|
||||
LocalkubeDirectory: tempDir,
|
||||
ServiceClusterIPRange: *ipRange,
|
||||
}
|
||||
lk.GenerateCerts(testIP)
|
||||
if !lk.shouldGenerateCerts(net.ParseIP("4.3.2.1")) {
|
||||
t.Fatalf("IPs don't match, we should generate.")
|
||||
}
|
||||
}
|
||||
|
||||
func TestShouldNotGenerateCerts(t *testing.T) {
|
||||
tempDir := tests.MakeTempDir()
|
||||
defer os.RemoveAll(tempDir)
|
||||
os.Mkdir(filepath.Join(tempDir, "certs"), 0777)
|
||||
|
||||
_, ipRange, _ := net.ParseCIDR("10.0.0.0/24")
|
||||
lk := LocalkubeServer{
|
||||
LocalkubeDirectory: tempDir,
|
||||
ServiceClusterIPRange: *ipRange,
|
||||
}
|
||||
lk.GenerateCerts(testIP)
|
||||
if lk.shouldGenerateCerts(testIP) {
|
||||
t.Fatalf("IPs match, we should not generate.")
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue