From 7df93be2ab3f23846bf2d83b3f9e6874f53afa6c Mon Sep 17 00:00:00 2001 From: Gareth Smith Date: Tue, 28 Nov 2017 15:39:39 +0000 Subject: [PATCH] Use a temporary directory for the APIServer's certs While doing that we found that we needed to refactor the fakes to handle command line arguments which are not known up front; we do this by using regular expresseions. --- pkg/framework/test/apiserver.go | 27 ++++++++++++---- .../test/assets/fakeapiserver/apiserver.go | 31 ++++++++++--------- pkg/framework/test/assets/fakeetcd/etcd.go | 22 +++++++------ 3 files changed, 50 insertions(+), 30 deletions(-) diff --git a/pkg/framework/test/apiserver.go b/pkg/framework/test/apiserver.go index 482470b55..7079d29fe 100644 --- a/pkg/framework/test/apiserver.go +++ b/pkg/framework/test/apiserver.go @@ -5,6 +5,7 @@ import ( "os/exec" "time" + "github.com/onsi/gomega" "github.com/onsi/gomega/gbytes" "github.com/onsi/gomega/gexec" ) @@ -12,18 +13,30 @@ import ( // APIServer knows how to run a kubernetes apiserver. Set it up with the path to a precompiled binary. type APIServer struct { // The path to the apiserver binary - Path string - EtcdURL string - session *gexec.Session - stdOut *gbytes.Buffer - stdErr *gbytes.Buffer + Path string + EtcdURL string + session *gexec.Session + stdOut *gbytes.Buffer + stdErr *gbytes.Buffer + certDirManager certDirManager +} + +type certDirManager interface { + Create() (string, error) + Destroy() error } // Start starts the apiserver, and returns a gexec.Session. To stop it again, call Terminate and Wait on that session. func (s *APIServer) Start() error { + s.certDirManager = NewTempDirManager() s.stdOut = gbytes.NewBuffer() s.stdErr = gbytes.NewBuffer() + certDir, err := s.certDirManager.Create() + if err != nil { + return err + } + args := []string{ "--authorization-mode=Node,RBAC", "--runtime-config=admissionregistration.k8s.io/v1alpha1", @@ -35,13 +48,13 @@ func (s *APIServer) Start() error { "--insecure-port=8080", "--storage-backend=etcd3", fmt.Sprintf("--etcd-servers=%s", s.EtcdURL), + fmt.Sprintf("--cert-dir=%s", certDir), } detectedStart := s.stdErr.Detect("Serving insecurely on 127.0.0.1:8080") timedOut := time.After(20 * time.Second) command := exec.Command(s.Path, args...) - var err error s.session, err = gexec.Start(command, s.stdOut, s.stdErr) if err != nil { return err @@ -59,6 +72,8 @@ func (s *APIServer) Start() error { func (s *APIServer) Stop() { if s.session != nil { s.session.Terminate().Wait(20 * time.Second) + err := s.certDirManager.Destroy() + gomega.Expect(err).NotTo(gomega.HaveOccurred()) } } diff --git a/pkg/framework/test/assets/fakeapiserver/apiserver.go b/pkg/framework/test/assets/fakeapiserver/apiserver.go index d9d2fc33a..47bbf8b7e 100644 --- a/pkg/framework/test/assets/fakeapiserver/apiserver.go +++ b/pkg/framework/test/assets/fakeapiserver/apiserver.go @@ -3,21 +3,24 @@ package main import ( "fmt" "os" + "regexp" "time" ) func main() { - expectedArgs := []string{ - "--authorization-mode=Node,RBAC", - "--runtime-config=admissionregistration.k8s.io/v1alpha1", - "--v=3", "--vmodule=", - "--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,SecurityContextDeny,DefaultStorageClass,DefaultTolerationSeconds,GenericAdmissionWebhook,ResourceQuota", - "--admission-control-config-file=", - "--bind-address=0.0.0.0", - "--insecure-bind-address=127.0.0.1", - "--insecure-port=8080", - "--storage-backend=etcd3", - "--etcd-servers=the etcd url", + expectedArgs := []*regexp.Regexp{ + regexp.MustCompile("^--authorization-mode=Node,RBAC$"), + regexp.MustCompile("^--runtime-config=admissionregistration.k8s.io/v1alpha1$"), + regexp.MustCompile("^--v=3$"), + regexp.MustCompile("^--vmodule=$"), + regexp.MustCompile("^--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,SecurityContextDeny,DefaultStorageClass,DefaultTolerationSeconds,GenericAdmissionWebhook,ResourceQuota$"), + regexp.MustCompile("^--admission-control-config-file=$"), + regexp.MustCompile("^--bind-address=0.0.0.0$"), + regexp.MustCompile("^--insecure-bind-address=127.0.0.1$"), + regexp.MustCompile("^--insecure-port=8080$"), + regexp.MustCompile("^--storage-backend=etcd3$"), + regexp.MustCompile("^--etcd-servers=the etcd url$"), + regexp.MustCompile("^--cert-dir=.*"), } numExpectedArgs := len(expectedArgs) numGivenArgs := len(os.Args) - 1 @@ -27,10 +30,10 @@ func main() { os.Exit(2) } - for i, arg := range expectedArgs { + for i, argRegexp := range expectedArgs { givenArg := os.Args[i+1] - if arg != givenArg { - fmt.Printf("Expected arg %s, got arg %s\n", arg, givenArg) + if !argRegexp.MatchString(givenArg) { + fmt.Printf("Expected arg '%s' to match '%s'\n", givenArg, argRegexp.String()) os.Exit(1) } } diff --git a/pkg/framework/test/assets/fakeetcd/etcd.go b/pkg/framework/test/assets/fakeetcd/etcd.go index b0535c4b6..d06704ce9 100644 --- a/pkg/framework/test/assets/fakeetcd/etcd.go +++ b/pkg/framework/test/assets/fakeetcd/etcd.go @@ -3,17 +3,19 @@ package main import ( "fmt" "os" + "regexp" "time" ) func main() { - expectedArgs := []string{ - "--debug", - "--advertise-client-urls", - "our etcd url", - "--listen-client-urls", - "our etcd url", - "--data-dir", + expectedArgs := []*regexp.Regexp{ + regexp.MustCompile("^--debug$"), + regexp.MustCompile("^--advertise-client-urls$"), + regexp.MustCompile("^our etcd url$"), + regexp.MustCompile("^--listen-client-urls$"), + regexp.MustCompile("^our etcd url$"), + regexp.MustCompile("^--data-dir$"), + regexp.MustCompile("^.+"), } numExpectedArgs := len(expectedArgs) numGivenArgs := len(os.Args) - 1 @@ -23,10 +25,10 @@ func main() { os.Exit(2) } - for i, arg := range expectedArgs { + for i, argRegexp := range expectedArgs { givenArg := os.Args[i+1] - if arg != givenArg { - fmt.Printf("Expected arg %s, got arg %s\n", arg, givenArg) + if !argRegexp.MatchString(givenArg) { + fmt.Printf("Expected arg '%s' to match '%s'\n", givenArg, argRegexp.String()) os.Exit(1) } }