Test fixup

This commit fixed the unit tests such that "make test" passes. It does not add any new tests, and only modifies TestInitKey to test initKeyRegistry instead. It does not test any new functionality. This commit also removes the redundant newKey function since generatePrivateKeyAndCert does the same job.
adevhammer · Feb 19, 2019 · 93a7441 · 93a7441
1 parent e51c8fe
commit 93a7441
Show file tree

Hide file tree

Showing 8 changed files with 144 additions and 129 deletions.
diff --git a/cmd/controller/funcs.go b/cmd/controller/funcs.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
 	"errors"
@@ -97,19 +96,6 @@ func generateNewKeyName(client kubernetes.Interface, namespace string, generateN
 	return "", errors.New("Failed to generate new key name not in use")
 }
 
-func generatePrivateKeyAndCert(keySize int) (*rsa.PrivateKey, *x509.Certificate, error) {
-	r := rand.Reader
-	privKey, err := rsa.GenerateKey(r, keySize)
-	if err != nil {
-		return nil, nil, err
-	}
-	cert, err := signKey(r, privKey)
-	if err != nil {
-		return nil, nil, err
-	}
-	return privKey, cert, nil
-}
-
 func writeKeyToKube(client kubernetes.Interface, key *rsa.PrivateKey, cert *x509.Certificate, namespace, keyName string) error {
 	secret := v1.Secret{
 		ObjectMeta: metav1.ObjectMeta{

diff --git a/cmd/controller/keys.go b/cmd/controller/keys.go
@@ -15,8 +15,9 @@ import (
 	certUtil "k8s.io/client-go/util/cert"
 )
 
-func newKey(r io.Reader) (*rsa.PrivateKey, *x509.Certificate, error) {
-	privKey, err := rsa.GenerateKey(r, *keySize)
+func generatePrivateKeyAndCert(keySize int) (*rsa.PrivateKey, *x509.Certificate, error) {
+	r := rand.Reader
+	privKey, err := rsa.GenerateKey(r, keySize)
 	if err != nil {
 		return nil, nil, err
 	}

diff --git a/cmd/controller/keys_test.go b/cmd/controller/keys_test.go
@@ -0,0 +1,104 @@
+package main
+
+import (
+	"crypto/rsa"
+	"crypto/x509"
+	"io"
+	mathrand "math/rand"
+	"reflect"
+	"testing"
+
+	"k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes/fake"
+	certUtil "k8s.io/client-go/util/cert"
+)
+
+// This is omg-not safe for real crypto use!
+func testRand() io.Reader {
+	return mathrand.New(mathrand.NewSource(42))
+}
+
+func TestReadKey(t *testing.T) {
+	rand := testRand()
+
+	key, err := rsa.GenerateKey(rand, 512)
+	if err != nil {
+		t.Fatalf("Failed to generate test key: %v", err)
+	}
+
+	cert, err := signKey(rand, key)
+	if err != nil {
+		t.Fatalf("Failed to self-sign key: %v", err)
+	}
+
+	secret := v1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "mykey",
+			Namespace: "myns",
+		},
+		Data: map[string][]byte{
+			v1.TLSPrivateKeyKey: certUtil.EncodePrivateKeyPEM(key),
+			v1.TLSCertKey:       certUtil.EncodeCertPEM(cert),
+		},
+		Type: v1.SecretTypeTLS,
+	}
+
+	client := fake.NewSimpleClientset(&secret)
+
+	key2, _, err := readKey(client, "myns", "mykey")
+	if err != nil {
+		t.Errorf("readKey() failed with: %v", err)
+	}
+
+	t.Logf("actions: %v", client.Actions())
+
+	if !reflect.DeepEqual(key, key2) {
+		t.Errorf("Fetched key != original key: %v != %v", key, key2)
+	}
+}
+
+func TestWriteKey(t *testing.T) {
+	rand := testRand()
+	key, err := rsa.GenerateKey(rand, 512)
+	if err != nil {
+		t.Fatalf("Failed to generate test key: %v", err)
+	}
+
+	cert, err := signKey(rand, key)
+	if err != nil {
+		t.Fatalf("signKey failed: %v", err)
+	}
+
+	client := fake.NewSimpleClientset()
+
+	if err := writeKey(client, key, []*x509.Certificate{cert}, "myns", "mykey"); err != nil {
+		t.Errorf("writeKey() failed with: %v", err)
+	}
+
+	t.Logf("actions: %v", client.Actions())
+
+	if a := findAction(client, "create", "secrets"); a == nil {
+		t.Errorf("writeKey didn't create a secret")
+	} else if a.GetNamespace() != "myns" {
+		t.Errorf("writeKey() created key in wrong namespace!")
+	}
+}
+
+func TestSignKey(t *testing.T) {
+	rand := testRand()
+
+	key, err := rsa.GenerateKey(rand, 512)
+	if err != nil {
+		t.Fatalf("Failed to generate test key: %v", err)
+	}
+
+	cert, err := signKey(rand, key)
+	if err != nil {
+		t.Errorf("signKey() returned error: %v", err)
+	}
+
+	if !reflect.DeepEqual(cert.PublicKey, &key.PublicKey) {
+		t.Errorf("cert pubkey != original pubkey")
+	}
+}
diff --git a/cmd/controller/main.go b/cmd/controller/main.go
@@ -56,7 +56,7 @@ func initKeyRegistry(client kubernetes.Interface, r io.Reader, namespace, listNa
 		if errors.IsNotFound(err) {
 			log.Printf("Keyname list %s/%s not found, generating new keyname list", namespace, listName)
 
-			privKey, cert, err := newKey(r)
+			privKey, cert, err := generatePrivateKeyAndCert(*keySize)
 			if err != nil {
 				return nil, err
 			}
@@ -88,7 +88,7 @@ func initBlacklist(client kubernetes.Interface, r io.Reader, registry *KeyRegist
 	if err != nil {
 		if errors.IsNotFound(err) {
 			log.Printf("Blacklist name %s/%s not found, generating a new blacklist", namespace, blacklistName)
-			privkey, cert, err := newKey(r)
+			privkey, cert, err := generatePrivateKeyAndCert(*keySize)
 			if err != nil {
 				return nil, err
 			}

diff --git a/cmd/controller/main_test.go b/cmd/controller/main_test.go
@@ -1,18 +1,11 @@
 package main
 
 import (
-	"crypto/rsa"
-	"crypto/x509"
-	"io"
-	mathrand "math/rand"
 	"reflect"
 	"testing"
 
-	"k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes/fake"
 	ktesting "k8s.io/client-go/testing"
-	certUtil "k8s.io/client-go/util/cert"
 )
 
 func findAction(fake *fake.Clientset, verb, resource string) ktesting.Action {
@@ -28,100 +21,11 @@ func hasAction(fake *fake.Clientset, verb, resource string) bool {
 	return findAction(fake, verb, resource) != nil
 }
 
-// This is omg-not safe for real crypto use!
-func testRand() io.Reader {
-	return mathrand.New(mathrand.NewSource(42))
-}
-
-func TestReadKey(t *testing.T) {
-	rand := testRand()
-
-	key, err := rsa.GenerateKey(rand, 512)
-	if err != nil {
-		t.Fatalf("Failed to generate test key: %v", err)
-	}
-
-	cert, err := signKey(rand, key)
-	if err != nil {
-		t.Fatalf("Failed to self-sign key: %v", err)
-	}
-
-	secret := v1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      "mykey",
-			Namespace: "myns",
-		},
-		Data: map[string][]byte{
-			v1.TLSPrivateKeyKey: certUtil.EncodePrivateKeyPEM(key),
-			v1.TLSCertKey:       certUtil.EncodeCertPEM(cert),
-		},
-		Type: v1.SecretTypeTLS,
-	}
-
-	client := fake.NewSimpleClientset(&secret)
-
-	key2, _, err := readKey(client, "myns", "mykey")
-	if err != nil {
-		t.Errorf("readKey() failed with: %v", err)
-	}
-
-	t.Logf("actions: %v", client.Actions())
-
-	if !reflect.DeepEqual(key, key2) {
-		t.Errorf("Fetched key != original key: %v != %v", key, key2)
-	}
-}
-
-func TestWriteKey(t *testing.T) {
-	rand := testRand()
-	key, err := rsa.GenerateKey(rand, 512)
-	if err != nil {
-		t.Fatalf("Failed to generate test key: %v", err)
-	}
-
-	cert, err := signKey(rand, key)
-	if err != nil {
-		t.Fatalf("signKey failed: %v", err)
-	}
-
-	client := fake.NewSimpleClientset()
-
-	if err := writeKey(client, key, []*x509.Certificate{cert}, "myns", "mykey"); err != nil {
-		t.Errorf("writeKey() failed with: %v", err)
-	}
-
-	t.Logf("actions: %v", client.Actions())
-
-	if a := findAction(client, "create", "secrets"); a == nil {
-		t.Errorf("writeKey didn't create a secret")
-	} else if a.GetNamespace() != "myns" {
-		t.Errorf("writeKey() created key in wrong namespace!")
-	}
-}
-
-func TestSignKey(t *testing.T) {
-	rand := testRand()
-
-	key, err := rsa.GenerateKey(rand, 512)
-	if err != nil {
-		t.Fatalf("Failed to generate test key: %v", err)
-	}
-
-	cert, err := signKey(rand, key)
-	if err != nil {
-		t.Errorf("signKey() returned error: %v", err)
-	}
-
-	if !reflect.DeepEqual(cert.PublicKey, &key.PublicKey) {
-		t.Errorf("cert pubkey != original pubkey")
-	}
-}
-
-func TestInitKey(t *testing.T) {
+func TestInitKeyRegistry(t *testing.T) {
 	rand := testRand()
 	client := fake.NewSimpleClientset()
 
-	key, certs, err := initKey(client, rand, 1024, "testns", "testkey")
+	registry, err := initKeyRegistry(client, rand, "testns", "testkeylist")
 	if err != nil {
 		t.Fatalf("initKey returned err: %v", err)
 	}
@@ -132,16 +36,12 @@ func TestInitKey(t *testing.T) {
 
 	client.ClearActions()
 
-	key2, certs2, err := initKey(client, rand, 1024, "testns", "testkey")
+	registry2, err := initKeyRegistry(client, rand, "testns", "testkeylist")
 	if err != nil {
 		t.Fatalf("initKey returned err: %v", err)
 	}
 
-	if !reflect.DeepEqual(key, key2) {
+	if !reflect.DeepEqual(registry, registry2) {
 		t.Errorf("Failed to find same key")
 	}
-
-	if !reflect.DeepEqual(certs, certs2) {
-		t.Errorf("Failed to find same certs")
-	}
 }
diff --git a/cmd/kubeseal/main_test.go b/cmd/kubeseal/main_test.go
@@ -104,7 +104,7 @@ func TestOpenCertFile(t *testing.T) {
 		*certFile = ""
 	}()
 
-	f, err := openCert()
+	f, _, err := openCert()
 	if err != nil {
 		t.Fatalf("Error reading test cert file: %v", err)
 	}
@@ -148,7 +148,7 @@ func TestSeal(t *testing.T) {
 	t.Logf("input is: %s", string(inbuf.Bytes()))
 
 	outbuf := bytes.Buffer{}
-	if err := seal(&inbuf, &outbuf, scheme.Codecs, key); err != nil {
+	if err := seal(&inbuf, &outbuf, scheme.Codecs, key, "keyname"); err != nil {
 		t.Fatalf("seal() returned error: %v", err)
 	}
 

diff --git a/pkg/apis/sealed-secrets/v1alpha1/sealedsecret_test.go b/pkg/apis/sealed-secrets/v1alpha1/sealedsecret_test.go
@@ -188,7 +188,7 @@ func TestSealRoundTrip(t *testing.T) {
 		},
 	}
 
-	ssecret, err := NewSealedSecret(codecs, &key.PublicKey, &secret)
+	ssecret, err := NewSealedSecret(codecs, "keyname", &key.PublicKey, &secret)
 	if err != nil {
 		t.Fatalf("NewSealedSecret returned error: %v", err)
 	}
@@ -229,7 +229,7 @@ func TestSealRoundTripWithClusterWide(t *testing.T) {
 		},
 	}
 
-	ssecret, err := NewSealedSecret(codecs, &key.PublicKey, &secret)
+	ssecret, err := NewSealedSecret(codecs, "keyname", &key.PublicKey, &secret)
 	if err != nil {
 		t.Fatalf("NewSealedSecret returned error: %v", err)
 	}
@@ -270,7 +270,7 @@ func TestSealRoundTripWithMisMatchClusterWide(t *testing.T) {
 		},
 	}
 
-	ssecret, err := NewSealedSecret(codecs, &key.PublicKey, &secret)
+	ssecret, err := NewSealedSecret(codecs, "keyname", &key.PublicKey, &secret)
 	if err != nil {
 		t.Fatalf("NewSealedSecret returned error: %v", err)
 	}
@@ -309,7 +309,7 @@ func TestSealRoundTripWithNamespaceWide(t *testing.T) {
 		},
 	}
 
-	ssecret, err := NewSealedSecret(codecs, &key.PublicKey, &secret)
+	ssecret, err := NewSealedSecret(codecs, "keyname", &key.PublicKey, &secret)
 	if err != nil {
 		t.Fatalf("NewSealedSecret returned error: %v", err)
 	}
@@ -350,7 +350,7 @@ func TestSealRoundTripWithMisMatchNamespaceWide(t *testing.T) {
 		},
 	}
 
-	ssecret, err := NewSealedSecret(codecs, &key.PublicKey, &secret)
+	ssecret, err := NewSealedSecret(codecs, "keyname", &key.PublicKey, &secret)
 	if err != nil {
 		t.Fatalf("NewSealedSecret returned error: %v", err)
 	}

diff --git a/pkg/client/listers/.gitignore b/pkg/client/listers/.gitignore
@@ -0,0 +1,24 @@
+# Binaries for programs and plugins
+*.exe
+*.dll
+*.so
+*.dylib
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
+.glide/
+
+/controller
+/kubeseal
+/controller.image
+/*-static
+/controller.yaml
+/sealedsecret-crd.yaml
+/docker/controller
+*.iml
+.idea