kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
apiserver/pkg/server/options/server_run_options_test.go

313 lines
11 KiB
Go
Raw Blame History

/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package options
import (
"fmt"
"strings"
"testing"
"time"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
netutils "k8s.io/utils/net"
)
func TestServerRunOptionsValidate(t *testing.T) {
testCases := []struct {
name string
testOptions *ServerRunOptions
expectErr string
}{
{
name: "Test when MaxRequestsInFlight is negative value",
testOptions: &ServerRunOptions{
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
MaxRequestsInFlight: -400,
MaxMutatingRequestsInFlight: 200,
RequestTimeout: time.Duration(2) * time.Minute,
MinRequestTimeout: 1800,
JSONPatchMaxCopyBytes: 10 * 1024 * 1024,
MaxRequestBodyBytes: 10 * 1024 * 1024,
},
expectErr: "--max-requests-inflight can not be negative value",
},
{
name: "Test when MaxMutatingRequestsInFlight is negative value",
testOptions: &ServerRunOptions{
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
MaxRequestsInFlight: 400,
MaxMutatingRequestsInFlight: -200,
RequestTimeout: time.Duration(2) * time.Minute,
MinRequestTimeout: 1800,
JSONPatchMaxCopyBytes: 10 * 1024 * 1024,
MaxRequestBodyBytes: 10 * 1024 * 1024,
},
expectErr: "--max-mutating-requests-inflight can not be negative value",
},
{
name: "Test when RequestTimeout is negative value",
testOptions: &ServerRunOptions{
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
MaxRequestsInFlight: 400,
MaxMutatingRequestsInFlight: 200,
RequestTimeout: -time.Duration(2) * time.Minute,
MinRequestTimeout: 1800,
JSONPatchMaxCopyBytes: 10 * 1024 * 1024,
MaxRequestBodyBytes: 10 * 1024 * 1024,
},
expectErr: "--request-timeout can not be negative value",
},
{
name: "Test when MinRequestTimeout is negative value",
testOptions: &ServerRunOptions{
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
MaxRequestsInFlight: 400,
MaxMutatingRequestsInFlight: 200,
RequestTimeout: time.Duration(2) * time.Minute,
MinRequestTimeout: -1800,
JSONPatchMaxCopyBytes: 10 * 1024 * 1024,
MaxRequestBodyBytes: 10 * 1024 * 1024,
},
expectErr: "--min-request-timeout can not be negative value",
},
{
name: "Test when JSONPatchMaxCopyBytes is negative value",
testOptions: &ServerRunOptions{
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
MaxRequestsInFlight: 400,
MaxMutatingRequestsInFlight: 200,
RequestTimeout: time.Duration(2) * time.Minute,
MinRequestTimeout: 1800,
JSONPatchMaxCopyBytes: -10 * 1024 * 1024,
MaxRequestBodyBytes: 10 * 1024 * 1024,
},
expectErr: "ServerRunOptions.JSONPatchMaxCopyBytes can not be negative value",
},
{
name: "Test when MaxRequestBodyBytes is negative value",
testOptions: &ServerRunOptions{
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
MaxRequestsInFlight: 400,
MaxMutatingRequestsInFlight: 200,
RequestTimeout: time.Duration(2) * time.Minute,
MinRequestTimeout: 1800,
JSONPatchMaxCopyBytes: 10 * 1024 * 1024,
MaxRequestBodyBytes: -10 * 1024 * 1024,
},
expectErr: "ServerRunOptions.MaxRequestBodyBytes can not be negative value",
},
{
name: "Test when LivezGracePeriod is negative value",
testOptions: &ServerRunOptions{
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
MaxRequestsInFlight: 400,
MaxMutatingRequestsInFlight: 200,
RequestTimeout: time.Duration(2) * time.Minute,
MinRequestTimeout: 1800,
JSONPatchMaxCopyBytes: 10 * 1024 * 1024,
MaxRequestBodyBytes: 10 * 1024 * 1024,
LivezGracePeriod: -time.Second,
},
expectErr: "--livez-grace-period can not be a negative value",
},
{
name: "Test when MinimalShutdownDuration is negative value",
testOptions: &ServerRunOptions{
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
MaxRequestsInFlight: 400,
MaxMutatingRequestsInFlight: 200,
RequestTimeout: time.Duration(2) * time.Minute,
MinRequestTimeout: 1800,
JSONPatchMaxCopyBytes: 10 * 1024 * 1024,
MaxRequestBodyBytes: 10 * 1024 * 1024,
ShutdownDelayDuration: -time.Second,
},
expectErr: "--shutdown-delay-duration can not be negative value",
},
{
name: "Test when HSTSHeaders is valid",
testOptions: &ServerRunOptions{
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"},
HSTSDirectives: []string{"fakevalue", "includeSubDomains", "preload"},
MaxRequestsInFlight: 400,
MaxMutatingRequestsInFlight: 200,
RequestTimeout: time.Duration(2) * time.Minute,
MinRequestTimeout: 1800,
JSONPatchMaxCopyBytes: 10 * 1024 * 1024,
MaxRequestBodyBytes: 10 * 1024 * 1024,
},
expectErr: "--strict-transport-security-directives invalid, allowed values: max-age=expireTime, includeSubDomains, preload. see https://tools.ietf.org/html/rfc6797#section-6.1 for more information",
},
{
name: "Test when ServerRunOptions is valid",
testOptions: &ServerRunOptions{
AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"),
CorsAllowedOriginList: []string{"^10.10.10.100$", "^10.10.10.200$"},
HSTSDirectives: []string{"max-age=31536000", "includeSubDomains", "preload"},
MaxRequestsInFlight: 400,
MaxMutatingRequestsInFlight: 200,
RequestTimeout: time.Duration(2) * time.Minute,
MinRequestTimeout: 1800,
JSONPatchMaxCopyBytes: 10 * 1024 * 1024,
MaxRequestBodyBytes: 10 * 1024 * 1024,
},
},
}
for _, testcase := range testCases {
t.Run(testcase.name, func(t *testing.T) {
errs := testcase.testOptions.Validate()
if len(testcase.expectErr) != 0 && !strings.Contains(utilerrors.NewAggregate(errs).Error(), testcase.expectErr) {
t.Errorf("got err: %v, expected err: %s", errs, testcase.expectErr)
}
if len(testcase.expectErr) == 0 && len(errs) != 0 {
t.Errorf("got err: %s, expected err nil", errs)
}
})
}
}
func TestValidateCorsAllowedOriginList(t *testing.T) {
tests := []struct {
regexp [][]string
errShouldContain string
}{
{
regexp: [][]string{
{}, // empty list, the cluster operator wants to disable CORS
{`^http://foo.com$`},
{`^http://foo.com`}, // valid, because we relaxed the validation
{`://foo.com$`},
{`//foo.com$`},
{`^http://foo.com(:|$)`},
{`://foo.com(:|$)`},
{`//foo.com(:|$)`},
{`(^foo.com$)`},
{`^http://foo.com$`, `//bar.com(:|$)`},
},
errShouldContain: "",
},
{
// empty string, indicates that the cluster operator
// specified --cors-allowed-origins=""
regexp: [][]string{
{`^http://foo.com$`, ``},
},
errShouldContain: "empty value in --cors-allowed-origins",
},
{
regexp: [][]string{
{`^foo.com`},
{`//foo.com`},
{`foo.com$`},
{`foo.com(:|$)`},
},
errShouldContain: "regular expression does not pin to start/end of host in the origin header",
},
{
regexp: [][]string{
{`^http://foo.com$`, `^foo.com`}, // one good followed by a bad one
},
errShouldContain: "regular expression does not pin to start/end of host in the origin header",
},
}
for _, test := range tests {
for _, regexp := range test.regexp {
t.Run(fmt.Sprintf("regexp/%s", regexp), func(t *testing.T) {
options := NewServerRunOptions()
if errs := options.Validate(); len(errs) != 0 {
t.Fatalf("wrong test setup: %#v", errs)
}
options.CorsAllowedOriginList = regexp
errsGot := options.Validate()
switch {
case len(test.errShouldContain) == 0:
if len(errsGot) != 0 {
t.Errorf("expected no error, but got: %v", errsGot)
}
default:
if len(errsGot) == 0 ||
!strings.Contains(utilerrors.NewAggregate(errsGot).Error(), test.errShouldContain) {
t.Errorf("expected error to contain: %s, but got: %v", test.errShouldContain, errsGot)
}
}
})
}
}
}
func TestServerRunOptionsWithShutdownWatchTerminationGracePeriod(t *testing.T) {
tests := []struct {
name string
optionsFn func() *ServerRunOptions
errShouldContain string
}{
{
name: "default should be valid",
optionsFn: func() *ServerRunOptions {
return NewServerRunOptions()
},
},
{
name: "negative not allowed",
optionsFn: func() *ServerRunOptions {
o := NewServerRunOptions()
o.ShutdownWatchTerminationGracePeriod = -time.Second
return o
},
errShouldContain: "shutdown-watch-termination-grace-period, if provided, can not be a negative value",
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
options := test.optionsFn()
errsGot := options.Validate()
switch {
case len(test.errShouldContain) == 0:
if len(errsGot) != 0 {
t.Errorf("expected no error, but got: %v", errsGot)
}
default:
if len(errsGot) == 0 ||
!strings.Contains(utilerrors.NewAggregate(errsGot).Error(), test.errShouldContain) {
t.Errorf("expected error to contain: %s, but got: %v", test.errShouldContain, errsGot)
}
}
})
}
t.Run("default should be zero", func(t *testing.T) {
options := NewServerRunOptions()
if options.ShutdownWatchTerminationGracePeriod != time.Duration(0) {
t.Errorf("expected default of ShutdownWatchTerminationGracePeriod to be zero, but got: %s", options.ShutdownWatchTerminationGracePeriod)
}
})
}
Reference in New Issue View Git Blame Copy Permalink