// This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. //nolint:dupl package secrets_test import ( "context" "log" "net/url" "sync" "testing" "time" "github.com/cosi-project/runtime/pkg/controller/runtime" "github.com/cosi-project/runtime/pkg/resource" "github.com/cosi-project/runtime/pkg/state" "github.com/cosi-project/runtime/pkg/state/impl/inmem" "github.com/cosi-project/runtime/pkg/state/impl/namespaced" "github.com/stretchr/testify/suite" "github.com/talos-systems/crypto/x509" "github.com/talos-systems/go-retry/retry" secretsctrl "github.com/talos-systems/talos/internal/app/machined/pkg/controllers/secrets" "github.com/talos-systems/talos/pkg/logging" "github.com/talos-systems/talos/pkg/machinery/config/types/v1alpha1" "github.com/talos-systems/talos/pkg/machinery/resources/config" "github.com/talos-systems/talos/pkg/machinery/resources/secrets" ) type KubeletSuite struct { suite.Suite state state.State runtime *runtime.Runtime wg sync.WaitGroup ctx context.Context //nolint:containedctx ctxCancel context.CancelFunc } func (suite *KubeletSuite) SetupTest() { suite.ctx, suite.ctxCancel = context.WithTimeout(context.Background(), 3*time.Minute) suite.state = state.WrapCore(namespaced.NewState(inmem.Build)) var err error suite.runtime, err = runtime.NewRuntime(suite.state, logging.Wrap(log.Writer())) suite.Require().NoError(err) suite.Require().NoError(suite.runtime.RegisterController(&secretsctrl.KubeletController{})) suite.startRuntime() } func (suite *KubeletSuite) startRuntime() { suite.wg.Add(1) go func() { defer suite.wg.Done() suite.Assert().NoError(suite.runtime.Run(suite.ctx)) }() } func (suite *KubeletSuite) TestReconcile() { u, err := url.Parse("https://foo:6443") suite.Require().NoError(err) ca, err := x509.NewSelfSignedCertificateAuthority(x509.RSA(false)) suite.Require().NoError(err) k8sCA := x509.NewCertificateAndKeyFromCertificateAuthority(ca) cfg := config.NewMachineConfig( &v1alpha1.Config{ ConfigVersion: "v1alpha1", MachineConfig: &v1alpha1.MachineConfig{}, ClusterConfig: &v1alpha1.ClusterConfig{ ControlPlane: &v1alpha1.ControlPlaneConfig{ Endpoint: &v1alpha1.Endpoint{ URL: u, }, }, ClusterCA: k8sCA, BootstrapToken: "abc.def", }, }, ) suite.Require().NoError(suite.state.Create(suite.ctx, cfg)) suite.Assert().NoError( retry.Constant(10*time.Second, retry.WithUnits(100*time.Millisecond)).Retry( func() error { kubeletSecrets, err := suite.state.Get( suite.ctx, resource.NewMetadata( secrets.NamespaceName, secrets.KubeletType, secrets.KubeletID, resource.VersionUndefined, ), ) if err != nil { if state.IsNotFoundError(err) { return retry.ExpectedError(err) } return err } spec := kubeletSecrets.(*secrets.Kubelet).TypedSpec() suite.Assert().Equal("https://foo:6443", spec.Endpoint.String()) suite.Assert().Equal(k8sCA, spec.CA) suite.Assert().Equal("abc", spec.BootstrapTokenID) suite.Assert().Equal("def", spec.BootstrapTokenSecret) return nil }, ), ) } func (suite *KubeletSuite) TearDownTest() { suite.T().Log("tear down") suite.ctxCancel() suite.wg.Wait() } func TestKubeletSuite(t *testing.T) { suite.Run(t, new(KubeletSuite)) }