djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Parse out ports from impersonation proxy endpoint config

Browse Source 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
This commit is contained in:
Ryan Richard 2021-02-26 15:01:38 -08:00 committed by Margo Crawford
parent 41e4a74b57
commit f1eeae8c71
2 changed files with 42 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
internal/controller/impersonatorconfig/impersonator_config.go
View File

@ -13,6 +13,7 @@ import (
"fmt" "fmt"
"net" "net"
"net/http" "net/http"
"strings"
"sync" "sync"
"time" "time"
@ -491,12 +492,12 @@ func (c *impersonatorConfigController) findDesiredTLSCertificateName(config *imp
} }
func (c *impersonatorConfigController) findTLSCertificateNameFromEndpointConfig(config *impersonator.Config) (net.IP, string, bool, error) { func (c *impersonatorConfigController) findTLSCertificateNameFromEndpointConfig(config *impersonator.Config) (net.IP, string, bool, error) {
// TODO Endpoint could have a port number in it, which we should parse out and ignore for this purpose endpointWithoutPort := strings.Split(config.Endpoint, ":")[0]
parsedAsIP := net.ParseIP(config.Endpoint) parsedAsIP := net.ParseIP(endpointWithoutPort)
if parsedAsIP != nil { if parsedAsIP != nil {
return parsedAsIP, "", true, nil return parsedAsIP, "", true, nil
} }
return nil, config.Endpoint, true, nil return nil, endpointWithoutPort, true, nil
} }
func (c *impersonatorConfigController) findTLSCertificateNameFromLoadBalancer() (net.IP, string, bool, error) { func (c *impersonatorConfigController) findTLSCertificateNameFromLoadBalancer() (net.IP, string, bool, error) {

38
internal/controller/impersonatorconfig/impersonator_config_test.go
View File

@ -1210,6 +1210,44 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
}) })
}) })
when("endpoint is IP address with a port", func() {
const fakeIpWithPort = "127.0.0.1:3000"
it.Before(func() {
configMapYAML := fmt.Sprintf("{mode: enabled, endpoint: %s}", fakeIpWithPort)
addImpersonatorConfigMapToTracker(configMapResourceName, configMapYAML, kubeInformerClient)
addNodeWithRoleToTracker("worker", kubeAPIClient)
})
it("starts the impersonator, generates a valid cert for the hostname", func() {
startInformersAndController()
r.NoError(runControllerSync())
r.Len(kubeAPIClient.Actions(), 2)
requireNodesListed(kubeAPIClient.Actions()[0])
ca := requireTLSSecretWasCreated(kubeAPIClient.Actions()[1])
// Check that the server is running and that TLS certs that are being served are are for fakeIpWithPort.
requireTLSServerIsRunning(ca, fakeIpWithPort, map[string]string{fakeIpWithPort: testServerAddr()})
})
})
when("endpoint is hostname with a port", func() {
const fakeHostnameWithPort = "fake.example.com:3000"
it.Before(func() {
configMapYAML := fmt.Sprintf("{mode: enabled, endpoint: %s}", fakeHostnameWithPort)
addImpersonatorConfigMapToTracker(configMapResourceName, configMapYAML, kubeInformerClient)
addNodeWithRoleToTracker("worker", kubeAPIClient)
})
it("starts the impersonator, generates a valid cert for the hostname", func() {
startInformersAndController()
r.NoError(runControllerSync())
r.Len(kubeAPIClient.Actions(), 2)
requireNodesListed(kubeAPIClient.Actions()[0])
ca := requireTLSSecretWasCreated(kubeAPIClient.Actions()[1])
// Check that the server is running and that TLS certs that are being served are are for fakeHostnameWithPort.
requireTLSServerIsRunning(ca, fakeHostnameWithPort, map[string]string{fakeHostnameWithPort: testServerAddr()})
})
})
when("switching from ip address endpoint to hostname endpoint and back to ip address", func() { when("switching from ip address endpoint to hostname endpoint and back to ip address", func() {
const fakeHostname = "fake.example.com" const fakeHostname = "fake.example.com"
const fakeIP = "127.0.0.42" const fakeIP = "127.0.0.42"