Merge pull request kosmos-io#720 from qiuwei68/feature_unittests

test:add test case for kubenest util

Author: duanmengkk

go.mod

@@ -26,7 +26,6 @@ require (
 	github.com/spf13/cobra v1.6.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.12.0
-	github.com/stretchr/testify v1.8.1
 	github.com/vishvananda/netlink v1.2.1-beta.2.0.20220630165224-c591ada0fb2b
 	golang.org/x/sys v0.12.0
 	golang.org/x/term v0.12.0
@@ -140,7 +139,6 @@ require (
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/projectcalico/go-json v0.0.0-20161128004156-6219dc7339ba // indirect
 	github.com/projectcalico/go-yaml-wrapper v0.0.0-20191112210931-090425220c54 // indirect
 	github.com/prometheus/client_golang v1.14.0 // indirect
@@ -151,6 +149,7 @@ require (
 	github.com/spf13/afero v1.9.2 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/stoewer/go-strcase v1.2.0 // indirect
+	github.com/stretchr/testify v1.9.0 // indirect
 	github.com/subosito/gotenv v1.3.0 // indirect
 	github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect

go.sum

@@ -1387,8 +1387,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
@@ -1398,8 +1398,9 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.3.0 h1:mjC+YW8QpAdXibNi+vNWgzmgBH4+5l5dCXv8cNysBLI=
 github.com/subosito/gotenv v1.3.0/go.mod h1:YzJjq/33h7nrwdY+iHMhEOEEbW0ovIz0tB6t6PwAXzs=

pkg/kubenest/util/cert/certs_test.go

@@ -0,0 +1,273 @@
+package cert
+
+import (
+	"crypto/x509"
+	"net"
+	"testing"
+	"time"
+
+	"github.com/kosmos.io/kosmos/pkg/kubenest/constants"
+)
+
+func TestCertConfig_defaultPublicKeyAlgorithm(t *testing.T) {
+	// 测试场景 1：PublicKeyAlgorithm 未设置，应该设置为 x509.RSA
+	config := &CertConfig{
+		PublicKeyAlgorithm: x509.UnknownPublicKeyAlgorithm,
+	}
+	config.defaultPublicKeyAlgorithm()
+	if config.PublicKeyAlgorithm != x509.RSA {
+		t.Errorf("expected PublicKeyAlgorithm to be x509.RSA, got %v", config.PublicKeyAlgorithm)
+	}
+
+	// 测试场景 2：PublicKeyAlgorithm 已设置，不应更改
+	config = &CertConfig{
+		PublicKeyAlgorithm: x509.ECDSA,
+	}
+	config.defaultPublicKeyAlgorithm()
+	if config.PublicKeyAlgorithm != x509.ECDSA {
+		t.Errorf("expected PublicKeyAlgorithm to remain x509.ECDSA, got %v", config.PublicKeyAlgorithm)
+	}
+}
+
+func TestCertConfig_defaultNotAfter(t *testing.T) {
+	// 测试场景 1：NotAfter 未设置，应该自动设置为当前时间加上常量值
+	config := &CertConfig{
+		NotAfter: nil,
+	}
+	config.defaultNotAfter()
+	expectedNotAfter := time.Now().Add(constants.CertificateValidity)
+	if config.NotAfter == nil || config.NotAfter.Sub(expectedNotAfter) > time.Second {
+		t.Errorf("expected NotAfter to be %v, got %v", expectedNotAfter, config.NotAfter)
+	}
+
+	// 测试场景 2：NotAfter 已设置，不应更改
+	expectedTime := time.Now().Add(24 * time.Hour)
+	config = &CertConfig{
+		NotAfter: &expectedTime,
+	}
+	config.defaultNotAfter()
+	if config.NotAfter != &expectedTime {
+		t.Errorf("expected NotAfter to remain %v, got %v", expectedTime, config.NotAfter)
+	}
+}
+
+func TestGetDefaultCertList(t *testing.T) {
+	certList := GetDefaultCertList()
+
+	// 确认返回的 CertConfig 列表包含预期数量的配置
+	expectedCertCount := 9
+	if len(certList) != expectedCertCount {
+		t.Fatalf("expected %d certs, but got %d", expectedCertCount, len(certList))
+	}
+
+	// 验证每个 CertConfig 的 Name 是否符合预期
+	expectedNames := []string{
+		constants.CaCertAndKeyName,               // CA cert
+		constants.VirtualClusterCertAndKeyName,   // Admin cert
+		constants.ApiserverCertAndKeyName,        // Apiserver cert
+		constants.FrontProxyCaCertAndKeyName,     // Front proxy CA cert
+		constants.FrontProxyClientCertAndKeyName, // Front proxy client cert
+		constants.EtcdCaCertAndKeyName,           // ETCD CA cert
+		constants.EtcdServerCertAndKeyName,       // ETCD server cert
+		constants.EtcdClientCertAndKeyName,       // ETCD client cert
+		constants.ProxyServerCertAndKeyName,      // Proxy server cert
+	}
+
+	for i, certConfig := range certList {
+		if certConfig.Name != expectedNames[i] {
+			t.Errorf("expected cert name %s, but got %s", expectedNames[i], certConfig.Name)
+		}
+	}
+}
+
+func TestVirtualClusterProxyServer(t *testing.T) {
+	certConfig := VirtualClusterProxyServer()
+
+	// 验证 certConfig 的各项配置
+	if certConfig.Name != constants.ProxyServerCertAndKeyName {
+		t.Errorf("expected Name to be %s, but got %s", constants.ProxyServerCertAndKeyName, certConfig.Name)
+	}
+	if certConfig.CAName != constants.CaCertAndKeyName {
+		t.Errorf("expected CAName to be %s, but got %s", constants.CaCertAndKeyName, certConfig.CAName)
+	}
+	if certConfig.Config.CommonName != "virtualCluster-proxy-server" {
+		t.Errorf("expected CommonName to be virtualCluster-proxy-server, but got %s", certConfig.Config.CommonName)
+	}
+	expectedUsages := []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}
+	if len(certConfig.Config.Usages) != len(expectedUsages) {
+		t.Errorf("expected %d usages, but got %d", len(expectedUsages), len(certConfig.Config.Usages))
+	}
+	for i, usage := range certConfig.Config.Usages {
+		if usage != expectedUsages[i] {
+			t.Errorf("expected usage %v, but got %v", expectedUsages[i], usage)
+		}
+	}
+}
+
+func TestVirtualClusterCertEtcdCA(t *testing.T) {
+	certConfig := VirtualClusterCertEtcdCA()
+
+	// 验证 certConfig 的各项配置
+	if certConfig.Name != constants.EtcdCaCertAndKeyName {
+		t.Errorf("expected Name to be %s, but got %s", constants.EtcdCaCertAndKeyName, certConfig.Name)
+	}
+	if certConfig.Config.CommonName != "virtualcluster-etcd-ca" {
+		t.Errorf("expected CommonName to be virtualcluster-etcd-ca, but got %s", certConfig.Config.CommonName)
+	}
+}
+
+// Test VirtualClusterCertEtcdServer
+func TestVirtualClusterCertEtcdServer(t *testing.T) {
+	certConfig := VirtualClusterCertEtcdServer()
+
+	// 验证 certConfig 的各项配置
+	if certConfig.Name != constants.EtcdServerCertAndKeyName {
+		t.Errorf("expected Name to be %s, but got %s", constants.EtcdServerCertAndKeyName, certConfig.Name)
+	}
+	if certConfig.CAName != constants.EtcdCaCertAndKeyName {
+		t.Errorf("expected CAName to be %s, but got %s", constants.EtcdCaCertAndKeyName, certConfig.CAName)
+	}
+	if certConfig.Config.CommonName != "virtualCluster-etcd-server" {
+		t.Errorf("expected CommonName to be virtualCluster-etcd-server, but got %s", certConfig.Config.CommonName)
+	}
+	expectedUsages := []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}
+	if len(certConfig.Config.Usages) != len(expectedUsages) {
+		t.Errorf("expected %d usages, but got %d", len(expectedUsages), len(certConfig.Config.Usages))
+	}
+	for i, usage := range certConfig.Config.Usages {
+		if usage != expectedUsages[i] {
+			t.Errorf("expected usage %v, but got %v", expectedUsages[i], usage)
+		}
+	}
+}
+
+// Test VirtualClusterCertEtcdClient
+func TestVirtualClusterCertEtcdClient(t *testing.T) {
+	certConfig := VirtualClusterCertEtcdClient()
+
+	// 验证 certConfig 的各项配置
+	if certConfig.Name != constants.EtcdClientCertAndKeyName {
+		t.Errorf("expected Name to be %s, but got %s", constants.EtcdClientCertAndKeyName, certConfig.Name)
+	}
+	if certConfig.CAName != constants.EtcdCaCertAndKeyName {
+		t.Errorf("expected CAName to be %s, but got %s", constants.EtcdCaCertAndKeyName, certConfig.CAName)
+	}
+	if certConfig.Config.CommonName != "virtualCluster-etcd-client" {
+		t.Errorf("expected CommonName to be virtualCluster-etcd-client, but got %s", certConfig.Config.CommonName)
+	}
+	expectedUsages := []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}
+	if len(certConfig.Config.Usages) != len(expectedUsages) {
+		t.Errorf("expected %d usages, but got %d", len(expectedUsages), len(certConfig.Config.Usages))
+	}
+}
+
+// Test VirtualClusterCertFrontProxyCA
+func TestVirtualClusterCertFrontProxyCA(t *testing.T) {
+	certConfig := VirtualClusterCertFrontProxyCA()
+
+	// 验证 certConfig 的各项配置
+	if certConfig.Name != constants.FrontProxyCaCertAndKeyName {
+		t.Errorf("expected Name to be %s, but got %s", constants.FrontProxyCaCertAndKeyName, certConfig.Name)
+	}
+	if certConfig.Config.CommonName != "front-proxy-ca" {
+		t.Errorf("expected CommonName to be front-proxy-ca, but got %s", certConfig.Config.CommonName)
+	}
+}
+
+// Test VirtualClusterFrontProxyClient
+func TestVirtualClusterFrontProxyClient(t *testing.T) {
+	certConfig := VirtualClusterFrontProxyClient()
+
+	// 验证 certConfig 的各项配置
+	if certConfig.Name != constants.FrontProxyClientCertAndKeyName {
+		t.Errorf("expected Name to be %s, but got %s", constants.FrontProxyClientCertAndKeyName, certConfig.Name)
+	}
+	if certConfig.CAName != constants.FrontProxyCaCertAndKeyName {
+		t.Errorf("expected CAName to be %s, but got %s", constants.FrontProxyCaCertAndKeyName, certConfig.CAName)
+	}
+	if certConfig.Config.CommonName != "front-proxy-client" {
+		t.Errorf("expected CommonName to be front-proxy-client, but got %s", certConfig.Config.CommonName)
+	}
+	expectedUsages := []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
+	if len(certConfig.Config.Usages) != len(expectedUsages) {
+		t.Errorf("expected %d usages, but got %d", len(expectedUsages), len(certConfig.Config.Usages))
+	}
+	for i, usage := range certConfig.Config.Usages {
+		if usage != expectedUsages[i] {
+			t.Errorf("expected usage %v, but got %v", expectedUsages[i], usage)
+		}
+	}
+}
+
+// Test VirtualClusterCertApiserver
+func TestVirtualClusterCertApiserver(t *testing.T) {
+	certConfig := VirtualClusterCertApiserver()
+
+	// 验证 certConfig 的各项配置
+	if certConfig.Name != constants.ApiserverCertAndKeyName {
+		t.Errorf("expected Name to be %s, but got %s", constants.ApiserverCertAndKeyName, certConfig.Name)
+	}
+	if certConfig.CAName != constants.CaCertAndKeyName {
+		t.Errorf("expected CAName to be %s, but got %s", constants.CaCertAndKeyName, certConfig.CAName)
+	}
+	if certConfig.Config.CommonName != "virtualCluster-apiserver" {
+		t.Errorf("expected CommonName to be virtualCluster-apiserver, but got %s", certConfig.Config.CommonName)
+	}
+	expectedUsages := []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+	if len(certConfig.Config.Usages) != len(expectedUsages) {
+		t.Errorf("expected %d usages, but got %d", len(expectedUsages), len(certConfig.Config.Usages))
+	}
+	for i, usage := range certConfig.Config.Usages {
+		if usage != expectedUsages[i] {
+			t.Errorf("expected usage %v, but got %v", expectedUsages[i], usage)
+		}
+	}
+}
+
+// Test etcdServerAltNamesMutator
+func TestEtcdServerAltNamesMutator(t *testing.T) {
+	cfg := &AltNamesMutatorConfig{
+		Name:      "test",
+		Namespace: "default",
+		ClusterIPs: []string{
+			"10.96.0.1",
+			"10.96.0.2",
+		},
+	}
+
+	altNames, err := etcdServerAltNamesMutator(cfg)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	// 验证 DNS 名称
+	expectedDNSNames := []string{
+		"localhost",
+		"test.default.svc.cluster.local",
+		"*.test.default.svc.cluster.local",
+	}
+	if len(altNames.DNSNames) != len(expectedDNSNames) {
+		t.Fatalf("expected %d DNS names, but got %d", len(expectedDNSNames), len(altNames.DNSNames))
+	}
+	for i, dns := range altNames.DNSNames {
+		if dns != expectedDNSNames[i] {
+			t.Errorf("expected DNS name %s, but got %s", expectedDNSNames[i], dns)
+		}
+	}
+
+	// 验证 IP 地址
+	expectedIPs := []net.IP{
+		net.ParseIP("::1"),
+		net.IPv4(127, 0, 0, 1),
+		net.ParseIP("10.96.0.1"),
+		net.ParseIP("10.96.0.2"),
+	}
+	if len(altNames.IPs) != len(expectedIPs) {
+		t.Fatalf("expected %d IPs, but got %d", len(expectedIPs), len(altNames.IPs))
+	}
+	for i, ip := range altNames.IPs {
+		if !ip.Equal(expectedIPs[i]) {
+			t.Errorf("expected IP %v, but got %v", expectedIPs[i], ip)
+		}
+	}
+}