diff --git a/pkg/karmadactl/cmdinit/cert/cert_test.go b/pkg/karmadactl/cmdinit/cert/cert_test.go index a7b3ba573..92a783f30 100644 --- a/pkg/karmadactl/cmdinit/cert/cert_test.go +++ b/pkg/karmadactl/cmdinit/cert/cert_test.go @@ -17,25 +17,42 @@ limitations under the License. package cert import ( + "crypto/sha256" "fmt" + "io" "net" "os" + "path/filepath" "testing" "time" certutil "k8s.io/client-go/util/cert" + "k8s.io/klog/v2" "github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/utils" ) const ( - TestCertsTmp = "./test-certs-tmp" - TestCaCertPath = "./test-certs-tmp/ca.crt" - TestCaKeyPath = "./test-certs-tmp/ca.key" + TestCertsTmp = "./test-certs-tmp-without-ca-certificate" //nolint + TestCertsTmpWithArg = "./test-certs-tmp-with-ca-certificate" //nolint + TestCaCertPath = "./test-certs-tmp-without-ca-certificate/ca.crt" //nolint + TestCaKeyPath = "./test-certs-tmp-without-ca-certificate/ca.key" //nolint ) +var certFiles = []string{ + "apiserver.crt", "apiserver.key", + "ca.crt", "ca.key", + "etcd-ca.crt", "etcd-ca.key", + "etcd-client.crt", "etcd-client.key", + "etcd-server.crt", "etcd-server.key", + "front-proxy-ca.crt", "front-proxy-ca.key", + "front-proxy-client.crt", "front-proxy-client.key", + "karmada.crt", "karmada.key", +} + func TestGenCerts(t *testing.T) { defer os.RemoveAll(TestCertsTmp) + defer os.RemoveAll(TestCertsTmpWithArg) notAfter := time.Now().Add(Duration365d * 10).UTC() namespace := "kube-karmada" @@ -71,7 +88,7 @@ func TestGenCerts(t *testing.T) { fmt.Sprintf("*.%s.svc", namespace), } if hostName, err := os.Hostname(); err != nil { - fmt.Println("Failed to get the current hostname.", err) + klog.Warningf("Failed to get the current hostname, error message: %s.", err) } else { karmadaDNS = append(karmadaDNS, hostName) } @@ -81,7 +98,7 @@ func TestGenCerts(t *testing.T) { internetIP, err := utils.InternetIP() if err != nil { - fmt.Println("Failed to obtain internet IP. ", err) + klog.Warningf("Failed to obtain internet IP, error message: %s.", err) } else { ips = append(ips, internetIP) } @@ -106,7 +123,68 @@ func TestGenCerts(t *testing.T) { if err := GenCerts(TestCertsTmp, "", "", etcdServerCertConfig, etcdClientCertCfg, karmadaCertCfg, apiserverCertCfg, frontProxyClientCertCfg); err != nil { t.Fatal(err) } - if err := GenCerts(TestCertsTmp, TestCaCertPath, TestCaKeyPath, etcdServerCertConfig, etcdClientCertCfg, karmadaCertCfg, apiserverCertCfg, frontProxyClientCertCfg); err != nil { - fmt.Println(err) + if err := checkCertFiles(TestCertsTmp, certFiles); err != nil { + t.Fatal(err) + } else { + klog.Infof("All certificate files are present without CA certificates address parameter exists") + } + + if err := GenCerts(TestCertsTmpWithArg, TestCaCertPath, TestCaKeyPath, etcdServerCertConfig, etcdClientCertCfg, karmadaCertCfg, apiserverCertCfg, frontProxyClientCertCfg); err != nil { + t.Fatal(err) + } + if err := checkCertFiles(TestCertsTmpWithArg, certFiles); err != nil { + t.Fatal(err) + } else { + klog.Infof("All certificate files are present with CA certificates address parameter exists") + } + + if ok, err := compareCertFilesInDirs(TestCertsTmp, TestCertsTmpWithArg, "ca.crt"); !ok || err != nil { + t.Fatal(err) + } else { + klog.Infof("The certificate files in the two directories are the same") } } + +func checkCertFiles(path string, files []string) error { + for _, file := range files { + filePath := filepath.Join(path, file) + if _, err := os.Stat(filePath); err != nil { + return fmt.Errorf("cert file not found: %s,error message: %s", filePath, err.Error()) + } + } + return nil +} + +// compareFiles compares two files to see if they are the same +func compareFiles(file1, file2 string) (bool, error) { + f1, err := os.Open(file1) + if err != nil { + return false, fmt.Errorf("failed to open file %s: %v", file1, err) + } + defer f1.Close() + + f2, err := os.Open(file2) + if err != nil { + return false, fmt.Errorf("failed to open file %s: %v", file2, err) + } + defer f2.Close() + + hash1 := sha256.New() + hash2 := sha256.New() + + if _, err := io.Copy(hash1, f1); err != nil { + return false, fmt.Errorf("failed to read file %s: %v", file1, err) + } + if _, err := io.Copy(hash2, f2); err != nil { + return false, fmt.Errorf("failed to read file %s: %v", file2, err) + } + + return string(hash1.Sum(nil)) == string(hash2.Sum(nil)), nil +} + +// compareCertFilesInDirs compares specific files in two directories to check if they are the same +func compareCertFilesInDirs(dir1, dir2, filename string) (bool, error) { + file1 := filepath.Join(dir1, filename) + file2 := filepath.Join(dir2, filename) + return compareFiles(file1, file2) +}