Skip to content

Commit bc9a268

Browse files
committed
certcontroller: update unit tests
1 parent 7f8380f commit bc9a268

File tree

1 file changed

+77
-2
lines changed

1 file changed

+77
-2
lines changed

pkg/controller/certrotation/certrotation_controller_test.go

Lines changed: 77 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import (
1212
"github.com/stretchr/testify/require"
1313

1414
configv1 "github.com/openshift/api/config/v1"
15+
configinformers "github.com/openshift/client-go/config/informers/externalversions"
1516
"github.com/openshift/library-go/pkg/operator/certrotation"
1617
corev1 "k8s.io/api/core/v1"
1718
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -43,12 +44,14 @@ type fixture struct {
4344
maoSecretLister []*corev1.Secret
4445
mcoSecretLister []*corev1.Secret
4546
mcoConfigMapLister []*corev1.ConfigMap
47+
infraLister []*configv1.Infrastructure
4648

4749
objects []runtime.Object
4850
configObjects []runtime.Object
4951
machineObjects []runtime.Object
5052
aroObjects []runtime.Object
5153
k8sI kubeinformers.SharedInformerFactory
54+
infraInformer configinformers.SharedInformerFactory
5255

5356
controller *CertRotationController
5457
}
@@ -80,14 +83,15 @@ func (f *fixture) newController() *CertRotationController {
8083
Status: configv1.InfrastructureStatus{
8184
ControlPlaneTopology: configv1.HighlyAvailableTopologyMode,
8285
PlatformStatus: platformStatus,
83-
APIServerInternalURL: "test-url"},
86+
APIServerInternalURL: "https://10.0.0.1:6443"},
8487
})
8588

8689
f.kubeClient = fake.NewSimpleClientset(f.objects...)
8790
f.configClient = fakeconfigv1client.NewSimpleClientset(f.configObjects...)
8891
f.machineClient = fakemachineclientset.NewSimpleClientset(f.machineObjects...)
8992
f.aroClient = fakearoclientset.NewSimpleClientset(f.aroObjects...)
9093
f.k8sI = kubeinformers.NewSharedInformerFactory(f.kubeClient, noResyncPeriodFunc())
94+
f.infraInformer = configinformers.NewSharedInformerFactory(f.configClient, noResyncPeriodFunc())
9195

9296
for _, secret := range f.maoSecretLister {
9397
f.k8sI.Core().V1().Secrets().Informer().GetIndexer().Add(secret)
@@ -101,7 +105,12 @@ func (f *fixture) newController() *CertRotationController {
101105
f.k8sI.Core().V1().ConfigMaps().Informer().GetIndexer().Add(configMap)
102106
}
103107

104-
c, err := New(f.kubeClient, f.configClient, f.machineClient, f.aroClient, f.k8sI.Core().V1().Secrets(), f.k8sI.Core().V1().Secrets(), f.k8sI.Core().V1().ConfigMaps())
108+
for _, infra := range f.configObjects {
109+
f.infraInformer.Config().V1().Infrastructures().Informer().GetIndexer().Add(infra)
110+
f.infraLister = append(f.infraLister, infra.(*configv1.Infrastructure))
111+
}
112+
113+
c, err := New(f.kubeClient, f.configClient, f.machineClient, f.aroClient, f.k8sI.Core().V1().Secrets(), f.k8sI.Core().V1().Secrets(), f.k8sI.Core().V1().ConfigMaps(), f.infraInformer.Config().V1().Infrastructures())
105114
require.NoError(f.t, err)
106115

107116
c.StartInformers()
@@ -164,6 +173,72 @@ func (f *fixture) verifyAROIPInTLSCertificate(t *testing.T, expectedIP string) {
164173
t.Logf("Successfully verified ARO IP %s is present in TLS certificate", expectedIP)
165174
}
166175

176+
func TestInfraUpdateTriggersCertResync(t *testing.T) {
177+
f := newFixture(t)
178+
f.objects = append(f.objects, getGoodMAOSecret("test-user-data"))
179+
f.maoSecretLister = append(f.maoSecretLister, getGoodMAOSecret("test-user-data"))
180+
f.machineObjects = append(f.machineObjects, getMachineSet("test-machine"))
181+
182+
f.controller = f.newController()
183+
184+
// Perform initial sync to create initial certificates
185+
f.runController()
186+
187+
// Update the Infrastructure object with a new APIServerInternalURL
188+
infraObj := &configv1.Infrastructure{
189+
ObjectMeta: metav1.ObjectMeta{
190+
Name: "cluster",
191+
},
192+
Status: configv1.InfrastructureStatus{
193+
ControlPlaneTopology: configv1.HighlyAvailableTopologyMode,
194+
APIServerInternalURL: "https://10.0.0.2:6443", // Changed from 10.0.0.1 to 10.0.0.2
195+
},
196+
}
197+
198+
// Update the Infrastructure object
199+
_, err := f.configClient.ConfigV1().Infrastructures().Update(context.TODO(), infraObj, metav1.UpdateOptions{})
200+
require.NoError(t, err)
201+
202+
// Update the informer with the new Infrastructure object
203+
f.infraInformer.Config().V1().Infrastructures().Informer().GetIndexer().Update(infraObj)
204+
205+
// Trigger the sync after Infrastructure update
206+
f.syncListers(t)
207+
f.runController()
208+
209+
// Verify that the TLS certificate was regenerated with the new hostname
210+
tlsSecret, err := f.kubeClient.CoreV1().Secrets(ctrlcommon.MCONamespace).Get(context.TODO(), ctrlcommon.MachineConfigServerTLSSecretName, metav1.GetOptions{})
211+
require.NoError(t, err)
212+
require.NotNil(t, tlsSecret)
213+
214+
// Verify certificate contains new hostname
215+
certData, exists := tlsSecret.Data["tls.crt"]
216+
require.True(t, exists, "TLS certificate should exist in secret")
217+
require.NotEmpty(t, certData, "TLS certificate data should not be empty")
218+
219+
// Decode and parse certificate
220+
block, _ := pem.Decode(certData)
221+
require.NotNil(t, block, "Should be able to decode PEM certificate")
222+
223+
cert, err := x509.ParseCertificate(block.Bytes)
224+
require.NoError(t, err, "Should be able to parse TLS certificate")
225+
226+
// Verify the new hostname is in the certificate's DNS names
227+
expectedHostname := "10.0.0.2"
228+
found := false
229+
for _, dnsName := range cert.DNSNames {
230+
if dnsName == expectedHostname {
231+
found = true
232+
break
233+
}
234+
}
235+
require.True(t, found, "New hostname %s should be present in certificate DNS names", expectedHostname)
236+
t.Logf("Successfully verified hostname %s is present in TLS certificate after Infrastructure update", expectedHostname)
237+
238+
// Verify that user data secrets were updated (should be 1 total update)
239+
f.verifyUserDataSecretUpdateCount(1)
240+
}
241+
167242
func TestMCSCARotation(t *testing.T) {
168243
tests := []struct {
169244
name string

0 commit comments

Comments
 (0)