diff --git a/.golangci.yaml b/.golangci.yaml index d9fe3728..f4ba5936 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,20 +1,9 @@ issues: exclude-rules: - linters: - - unused - errorlint - - staticcheck - - goprintffuncname - prealloc - - gofmt - gosec - - ginkgolinter - - ineffassign - - unconvert - - errcheck - - gocritic - - nilerr - - wastedassign text: ".*" linters: # Explicitly define all enabled linters diff --git a/cmd/app/options/options.go b/cmd/app/options/options.go index e23826fc..c93d4883 100644 --- a/cmd/app/options/options.go +++ b/cmd/app/options/options.go @@ -28,7 +28,6 @@ import ( "k8s.io/client-go/rest" cliflag "k8s.io/component-base/cli/flag" "k8s.io/klog/v2" - "k8s.io/klog/v2/klogr" _ "k8s.io/client-go/plugin/pkg/client/auth" ) @@ -83,8 +82,10 @@ func (o *Options) Prepare(cmd *cobra.Command) *Options { func (o *Options) Complete() error { klog.InitFlags(nil) - log := klogr.New() - flag.Set("v", o.logLevel) + log := klog.TODO() + if err := flag.Set("v", o.logLevel); err != nil { + return fmt.Errorf("failed to set log level: %s", err) + } o.Logr = log var err error @@ -107,8 +108,6 @@ func (o *Options) addFlags(cmd *cobra.Command) { o.addAppFlags(nfs.FlagSet("App")) o.kubeConfigFlags = genericclioptions.NewConfigFlags(true) o.kubeConfigFlags.AddFlags(nfs.FlagSet("Kubernetes")) - cmd.MarkPersistentFlagRequired("node-id") - cmd.MarkPersistentFlagRequired("endpoint") usageFmt := "Usage:\n %s\n" cmd.SetUsageFunc(func(cmd *cobra.Command) error { @@ -135,9 +134,15 @@ func (o *Options) addAppFlags(fs *pflag.FlagSet) { fs.StringVar(&o.NodeID, "node-id", "", "The name of the node which is hosting this driver instance.") + if err := cobra.MarkFlagRequired(fs, "node-id"); err != nil { + panic(err) + } fs.StringVar(&o.Endpoint, "endpoint", "", "The endpoint that the driver will connect to the Kubelet.") + if err := cobra.MarkFlagRequired(fs, "endpoint"); err != nil { + panic(err) + } fs.StringVar(&o.DriverName, "driver-name", "csi.cert-manager.io", "The name of this CSI driver which will be shared with the Kubelet.") diff --git a/pkg/apis/defaults/defaults.go b/pkg/apis/defaults/defaults.go index 532f4cf6..cf69cf2b 100644 --- a/pkg/apis/defaults/defaults.go +++ b/pkg/apis/defaults/defaults.go @@ -53,8 +53,8 @@ func SetDefaultAttributes(attrOriginal map[string]string) (map[string]string, er } func setDefaultIfEmpty(attr map[string]string, k, v string) { - if len(attr[string(k)]) == 0 { - attr[string(k)] = v + if len(attr[k]) == 0 { + attr[k] = v } } diff --git a/pkg/apis/validation/validation_test.go b/pkg/apis/validation/validation_test.go index ba705f91..79bae924 100644 --- a/pkg/apis/validation/validation_test.go +++ b/pkg/apis/validation/validation_test.go @@ -27,11 +27,6 @@ import ( ) func Test_ValidateAttributes(t *testing.T) { - type vaT struct { - attr map[string]string - expError error - } - tests := map[string]struct { attr map[string]string expErr field.ErrorList diff --git a/pkg/keystore/pkcs12/pkcs12.go b/pkg/keystore/pkcs12/pkcs12.go index 3c2aa68c..c0ae1087 100644 --- a/pkg/keystore/pkcs12/pkcs12.go +++ b/pkg/keystore/pkcs12/pkcs12.go @@ -18,7 +18,6 @@ package pkcs12 import ( "crypto" - "crypto/rand" "errors" "fmt" @@ -60,7 +59,7 @@ func create(password string, pk crypto.PrivateKey, chainPEM []byte) ([]byte, err return nil, errors.New("no certificates decoded in certificate chain") } - pfx, err := pkcs12.Encode(rand.Reader, pk, chain[0], chain[1:], password) + pfx, err := pkcs12.LegacyRC2.Encode(pk, chain[0], chain[1:], password) if err != nil { return nil, fmt.Errorf("failed to encode the PKCS12 certificate chain file: %v", err) } diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index bfeeec7f..797d6495 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -17,6 +17,7 @@ limitations under the License. package framework import ( + "context" "time" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" @@ -133,12 +134,16 @@ func (f *Framework) AfterEach() { return } + cleanupCtx := context.Background() + cleanupCtx, cancel := context.WithTimeout(cleanupCtx, 5*time.Minute) + defer cancel() + By("Deleting test namespace") - err := f.DeleteKubeNamespace(f.Namespace.Name) + err := f.DeleteKubeNamespace(cleanupCtx, f.Namespace.Name) Expect(err).NotTo(HaveOccurred()) By("Waiting for test namespace to no longer exist") - err = f.WaitForKubeNamespaceNotExist(f.Namespace.Name) + err = f.WaitForKubeNamespaceNotExist(cleanupCtx, f.Namespace.Name) Expect(err).NotTo(HaveOccurred()) } diff --git a/test/e2e/framework/helper/certificaterequest.go b/test/e2e/framework/helper/certificaterequest.go index f2e49dbb..83922915 100644 --- a/test/e2e/framework/helper/certificaterequest.go +++ b/test/e2e/framework/helper/certificaterequest.go @@ -36,37 +36,35 @@ import ( // WaitForCertificateRequestReady waits for the CertificateRequest resources to // enter a Ready state. -func (h *Helper) WaitForCertificateRequestsReady(pod *corev1.Pod, timeout time.Duration) ([]*cmapi.CertificateRequest, error) { +func (h *Helper) WaitForCertificateRequestsReady(ctx context.Context, pod *corev1.Pod, timeout time.Duration) ([]*cmapi.CertificateRequest, error) { var crs []*cmapi.CertificateRequest - err := wait.PollImmediate(time.Second/4, timeout, - func() (bool, error) { - crList, err := h.CMClient.CertmanagerV1().CertificateRequests(pod.Namespace).List(context.TODO(), metav1.ListOptions{}) - if err != nil { - return false, err - } + err := wait.PollUntilContextTimeout(ctx, time.Second/4, timeout, true, func(ctx context.Context) (bool, error) { + crList, err := h.CMClient.CertmanagerV1().CertificateRequests(pod.Namespace).List(ctx, metav1.ListOptions{}) + if err != nil { + return false, err + } - crs, err = h.findCertificateRequests(crList.Items, pod.UID) - if err != nil { - log.Logf("Cannot find CertificateRequests for pod, waiting...") - return false, nil - } + crs, err = h.findCertificateRequests(crList.Items, pod.UID) + if err != nil { + log.Logf("Cannot find CertificateRequests for pod, waiting...") + return false, nil // nolint:nilerr // We want to ignore this error and wait for the CRs to be created + } - for _, cr := range crs { - isReady := apiutil.CertificateRequestHasCondition(cr, cmapi.CertificateRequestCondition{ - Type: cmapi.CertificateRequestConditionReady, - Status: cmmeta.ConditionTrue, - }) - if !isReady { - log.Logf("Expected CertificateRequest for Pod %s/%s to have Ready condition 'true' but it has: %v", - pod.Namespace, pod.Name, cr.Status.Conditions) - return false, nil - } + for _, cr := range crs { + isReady := apiutil.CertificateRequestHasCondition(cr, cmapi.CertificateRequestCondition{ + Type: cmapi.CertificateRequestConditionReady, + Status: cmmeta.ConditionTrue, + }) + if !isReady { + log.Logf("Expected CertificateRequest for Pod %s/%s to have Ready condition 'true' but it has: %v", + pod.Namespace, pod.Name, cr.Status.Conditions) + return false, nil } + } - return true, nil - }, - ) + return true, nil + }) if err != nil { return nil, err } @@ -89,10 +87,10 @@ func (h *Helper) FindCertificateRequestsReady(crs []cmapi.CertificateRequest, po return podCRs, nil } -func (h *Helper) WaitForCertificateRequestDeletion(namespace, name string, timeout time.Duration) error { +func (h *Helper) WaitForCertificateRequestDeletion(ctx context.Context, namespace, name string, timeout time.Duration) error { log.Logf("Waiting for CertificateRequest to be deleted %s/%s", namespace, name) - err := wait.PollImmediate(time.Second/2, timeout, func() (bool, error) { - cr, err := h.CMClient.CertmanagerV1().CertificateRequests(namespace).Get(context.TODO(), name, metav1.GetOptions{}) + err := wait.PollUntilContextTimeout(ctx, time.Second/2, timeout, true, func(ctx context.Context) (bool, error) { + cr, err := h.CMClient.CertmanagerV1().CertificateRequests(namespace).Get(ctx, name, metav1.GetOptions{}) if k8sErrors.IsNotFound(err) { return true, nil } @@ -107,7 +105,9 @@ func (h *Helper) WaitForCertificateRequestDeletion(namespace, name string, timeo return false, nil }) if err != nil { - h.Kubectl(namespace).DescribeResource("certificaterequest", name) + if err := h.Kubectl(namespace).DescribeResource("certificaterequest", name); err != nil { + log.Logf("helper: failed to describe CertificateRequest %s/%s: %v", namespace, name, err) + } return err } diff --git a/test/e2e/framework/helper/pod.go b/test/e2e/framework/helper/pod.go index 319f9155..cb8857b8 100644 --- a/test/e2e/framework/helper/pod.go +++ b/test/e2e/framework/helper/pod.go @@ -37,7 +37,7 @@ import ( "github.com/cert-manager/csi-driver/test/e2e/framework/log" ) -func (h *Helper) CertificateKeyInPodPath(namespace, podName, containerName, mountPath string, +func (h *Helper) CertificateKeyInPodPath(ctx context.Context, namespace, podName, containerName, mountPath string, attr map[string]string) ([]byte, []byte, error) { certPath, ok := attr[csiapi.CertFileKey] if !ok { @@ -51,12 +51,12 @@ func (h *Helper) CertificateKeyInPodPath(namespace, podName, containerName, moun } keyPath = filepath.Join(mountPath, keyPath) - certData, err := h.ReadFilePathFromContainer(namespace, podName, containerName, certPath) + certData, err := h.ReadFilePathFromContainer(ctx, namespace, podName, containerName, certPath) if err != nil { return nil, nil, fmt.Errorf("failed to read cert data from pod: %s", err) } - keyData, err := h.ReadFilePathFromContainer(namespace, podName, containerName, keyPath) + keyData, err := h.ReadFilePathFromContainer(ctx, namespace, podName, containerName, keyPath) if err != nil { return nil, nil, fmt.Errorf("failed to read key data from pod: %s", err) } @@ -93,7 +93,7 @@ func (h *Helper) CertificateKeyMatch(cr *cmapi.CertificateRequest, certData, key return nil } -func (h *Helper) ReadFilePathFromContainer(namespace, podName, containerName, path string) ([]byte, error) { +func (h *Helper) ReadFilePathFromContainer(ctx context.Context, namespace, podName, containerName, path string) ([]byte, error) { coreclient, err := corev1client.NewForConfig(h.RestConfig) if err != nil { return nil, fmt.Errorf("failed to build core client form rest config: %s", err) @@ -124,7 +124,7 @@ func (h *Helper) ReadFilePathFromContainer(namespace, podName, containerName, pa } execOut, execErr := new(bytes.Buffer), new(bytes.Buffer) - err = exec.Stream(remotecommand.StreamOptions{ + err = exec.StreamWithContext(ctx, remotecommand.StreamOptions{ Stdout: execOut, Stderr: execErr, Tty: false, @@ -136,11 +136,11 @@ func (h *Helper) ReadFilePathFromContainer(namespace, podName, containerName, pa return execOut.Bytes(), nil } -func (h *Helper) WaitForPodReady(namespace, name string, timeout time.Duration) error { +func (h *Helper) WaitForPodReady(ctx context.Context, namespace, name string, timeout time.Duration) error { log.Logf("Waiting for Pod to become ready %s/%s", namespace, name) - err := wait.PollImmediate(time.Second/2, timeout, func() (bool, error) { - pod, err := h.KubeClient.CoreV1().Pods(namespace).Get(context.TODO(), name, metav1.GetOptions{}) + err := wait.PollUntilContextTimeout(ctx, time.Second/2, timeout, true, func(ctx context.Context) (bool, error) { + pod, err := h.KubeClient.CoreV1().Pods(namespace).Get(ctx, name, metav1.GetOptions{}) if err != nil { return false, err } @@ -163,17 +163,19 @@ func (h *Helper) WaitForPodReady(namespace, name string, timeout time.Duration) return true, nil }) if err != nil { - h.Kubectl(namespace).DescribeResource("pod", name) + if err := h.Kubectl(namespace).DescribeResource("pod", name); err != nil { + log.Logf("helper: failed to describe Pod %s/%s: %v", namespace, name, err) + } return err } return nil } -func (h *Helper) WaitForPodDeletion(namespace, name string, timeout time.Duration) error { +func (h *Helper) WaitForPodDeletion(ctx context.Context, namespace, name string, timeout time.Duration) error { log.Logf("Waiting for Pod to be deleted %s/%s", namespace, name) - err := wait.PollImmediate(time.Second/2, timeout, func() (bool, error) { - pod, err := h.KubeClient.CoreV1().Pods(namespace).Get(context.TODO(), name, metav1.GetOptions{}) + err := wait.PollUntilContextTimeout(ctx, time.Second/2, timeout, true, func(ctx context.Context) (bool, error) { + pod, err := h.KubeClient.CoreV1().Pods(namespace).Get(ctx, name, metav1.GetOptions{}) if k8sErrors.IsNotFound(err) { return true, nil } @@ -188,7 +190,9 @@ func (h *Helper) WaitForPodDeletion(namespace, name string, timeout time.Duratio return false, nil }) if err != nil { - h.Kubectl(namespace).DescribeResource("pod", name) + if err := h.Kubectl(namespace).DescribeResource("pod", name); err != nil { + log.Logf("helper: failed to describe Pod %s/%s: %v", namespace, name, err) + } return err } diff --git a/test/e2e/framework/log/log.go b/test/e2e/framework/log/log.go index 3233637a..8e799782 100644 --- a/test/e2e/framework/log/log.go +++ b/test/e2e/framework/log/log.go @@ -29,10 +29,10 @@ func nowStamp() string { return time.Now().Format(time.StampMilli) } -func log(level string, format string, args ...interface{}) { +func logf(level string, format string, args ...interface{}) { fmt.Fprintf(Writer, nowStamp()+": "+level+": "+format+"\n", args...) } func Logf(format string, args ...interface{}) { - log("INFO", format, args...) + logf("INFO", format, args...) } diff --git a/test/e2e/framework/testenv.go b/test/e2e/framework/testenv.go index ae84c4c6..322b9017 100644 --- a/test/e2e/framework/testenv.go +++ b/test/e2e/framework/testenv.go @@ -28,7 +28,6 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/client-go/kubernetes" ) // Defines methods that help provision test environments @@ -181,25 +180,22 @@ func (f *Framework) CreateCAClusterIssuer(baseName string) (cmmeta.ObjectReferen } // DeleteKubeNamespace will delete a namespace resource -func (f *Framework) DeleteKubeNamespace(namespace string) error { - return f.KubeClientSet.CoreV1().Namespaces().Delete(context.TODO(), namespace, metav1.DeleteOptions{}) +func (f *Framework) DeleteKubeNamespace(ctx context.Context, namespace string) error { + return f.KubeClientSet.CoreV1().Namespaces().Delete(ctx, namespace, metav1.DeleteOptions{}) } // WaitForKubeNamespaceNotExist will wait for the namespace with the given name // to not exist for up to 2 minutes. -func (f *Framework) WaitForKubeNamespaceNotExist(namespace string) error { - return wait.PollImmediate(Poll, time.Minute*2, namespaceNotExist(f.KubeClientSet, namespace)) -} - -func namespaceNotExist(c kubernetes.Interface, namespace string) wait.ConditionFunc { - return func() (bool, error) { - _, err := c.CoreV1().Namespaces().Get(context.TODO(), namespace, metav1.GetOptions{}) +func (f *Framework) WaitForKubeNamespaceNotExist(ctx context.Context, namespace string) error { + return wait.PollUntilContextTimeout(ctx, time.Second, time.Minute*2, true, func(ctx context.Context) (bool, error) { + _, err := f.KubeClientSet.CoreV1().Namespaces().Get(ctx, namespace, metav1.GetOptions{}) if apierrors.IsNotFound(err) { return true, nil } + if err != nil { return false, err } return false, nil - } + }) } diff --git a/test/e2e/suite/cases/annotations.go b/test/e2e/suite/cases/annotations.go index 9d318fb4..291cb8df 100644 --- a/test/e2e/suite/cases/annotations.go +++ b/test/e2e/suite/cases/annotations.go @@ -52,14 +52,14 @@ var _ = framework.CasesDescribe("Should set extra attributes as annotations on t Expect(err).NotTo(HaveOccurred()) By("Waiting for Pod to become ready") - err = f.Helper().WaitForPodReady(f.Namespace.Name, testPod.Name, time.Minute) + err = f.Helper().WaitForPodReady(context.TODO(), f.Namespace.Name, testPod.Name, time.Minute) Expect(err).NotTo(HaveOccurred()) testPod, err = f.KubeClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), testPod.Name, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) By("Ensure the corresponding CertificateRequest should exist with the correct spec") - crs, err := f.Helper().WaitForCertificateRequestsReady(testPod, time.Second) + crs, err := f.Helper().WaitForCertificateRequestsReady(context.TODO(), testPod, time.Second) Expect(err).NotTo(HaveOccurred()) err = util.CertificateRequestMatchesSpec(crs[0], testVolume.CSI.VolumeAttributes) @@ -71,7 +71,7 @@ var _ = framework.CasesDescribe("Should set extra attributes as annotations on t Expect(crs[0].Annotations["custom.group.io/custom-key"]).Should(Equal("custom-value")) By("Ensure the certificate key pair exists in the pod and matches that in the CertificateRequest") - certData, keyData, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, testPod.Name, "test-container-1", "/tls", + certData, keyData, err := f.Helper().CertificateKeyInPodPath(context.TODO(), f.Namespace.Name, testPod.Name, "test-container-1", "/tls", testVolume.CSI.VolumeAttributes) Expect(err).NotTo(HaveOccurred()) diff --git a/test/e2e/suite/cases/fsgroup.go b/test/e2e/suite/cases/fsgroup.go index b08a0c20..2f6ff8f6 100644 --- a/test/e2e/suite/cases/fsgroup.go +++ b/test/e2e/suite/cases/fsgroup.go @@ -22,7 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/cert-manager/csi-driver/test/e2e/framework" "github.com/cert-manager/csi-driver/test/e2e/util" @@ -41,7 +41,7 @@ var _ = framework.CasesDescribe("Should pick-up correct FSGroup on Pods", func() }) testPod.Spec.Containers[0].SecurityContext = &corev1.SecurityContext{ - RunAsGroup: pointer.Int64(2000), + RunAsGroup: ptr.To(int64(2000)), } By("Creating Pod") @@ -49,11 +49,11 @@ var _ = framework.CasesDescribe("Should pick-up correct FSGroup on Pods", func() Expect(err).NotTo(HaveOccurred()) By("Waiting for Pod to become ready") - err = f.Helper().WaitForPodReady(f.Namespace.Name, testPod.Name, time.Minute) + err = f.Helper().WaitForPodReady(context.TODO(), f.Namespace.Name, testPod.Name, time.Minute) Expect(err).NotTo(HaveOccurred()) By("Ensure the corresponding CertificateRequest should exist with the correct spec") - crs, err := f.Helper().WaitForCertificateRequestsReady(testPod, time.Second) + crs, err := f.Helper().WaitForCertificateRequestsReady(context.TODO(), testPod, time.Second) Expect(err).NotTo(HaveOccurred()) err = util.CertificateRequestMatchesSpec(crs[0], testVolume.CSI.VolumeAttributes) @@ -61,7 +61,7 @@ var _ = framework.CasesDescribe("Should pick-up correct FSGroup on Pods", func() Expect(crs).To(HaveLen(1)) By("Ensure the certificate key pair exists in the pod and can be read by the pod") - certData, keyData, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, testPod.Name, "test-container-1", "/tls", + certData, keyData, err := f.Helper().CertificateKeyInPodPath(context.TODO(), f.Namespace.Name, testPod.Name, "test-container-1", "/tls", testVolume.CSI.VolumeAttributes) Expect(err).NotTo(HaveOccurred()) diff --git a/test/e2e/suite/cases/keyencoding.go b/test/e2e/suite/cases/keyencoding.go index 6a032aaf..8fa6f9f9 100644 --- a/test/e2e/suite/cases/keyencoding.go +++ b/test/e2e/suite/cases/keyencoding.go @@ -40,14 +40,14 @@ var _ = framework.CasesDescribe("Should set the key encoding correctly", func() Expect(err).NotTo(HaveOccurred()) By("Waiting for Pod to become ready") - err = f.Helper().WaitForPodReady(f.Namespace.Name, testPod.Name, time.Minute) + err = f.Helper().WaitForPodReady(context.TODO(), f.Namespace.Name, testPod.Name, time.Minute) Expect(err).NotTo(HaveOccurred()) testPod, err = f.KubeClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), testPod.Name, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) By("Ensure the corresponding CertificateRequest should exist with the correct spec") - crs, err := f.Helper().WaitForCertificateRequestsReady(testPod, time.Second) + crs, err := f.Helper().WaitForCertificateRequestsReady(context.TODO(), testPod, time.Second) Expect(err).NotTo(HaveOccurred()) err = util.CertificateRequestMatchesSpec(crs[0], testVolume.CSI.VolumeAttributes) @@ -55,14 +55,14 @@ var _ = framework.CasesDescribe("Should set the key encoding correctly", func() Expect(crs).To(HaveLen(1)) By("Extracting private key data from Pod VolumeMount") - _, keyData, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, testPod.Name, "test-container-1", "/tls", + _, keyData, err := f.Helper().CertificateKeyInPodPath(context.TODO(), f.Namespace.Name, testPod.Name, "test-container-1", "/tls", testVolume.CSI.VolumeAttributes) Expect(err).NotTo(HaveOccurred()) block, rest := pem.Decode(keyData) Expect(block).ToNot(BeNil()) - Expect(rest).Should(HaveLen(0)) + Expect(rest).Should(BeEmpty()) return block } diff --git a/test/e2e/suite/cases/pkcs12.go b/test/e2e/suite/cases/pkcs12.go index 0959f3ae..371e9766 100644 --- a/test/e2e/suite/cases/pkcs12.go +++ b/test/e2e/suite/cases/pkcs12.go @@ -49,22 +49,22 @@ var _ = framework.CasesDescribe("Should write keystore pkcs12 file correctly", f Expect(err).NotTo(HaveOccurred()) By("Waiting for Pod to become ready") - err = f.Helper().WaitForPodReady(f.Namespace.Name, testPod.Name, time.Minute) + err = f.Helper().WaitForPodReady(context.TODO(), f.Namespace.Name, testPod.Name, time.Minute) Expect(err).NotTo(HaveOccurred()) testPod, err = f.KubeClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), testPod.Name, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) - _, err = f.Helper().WaitForCertificateRequestsReady(testPod, time.Second) + _, err = f.Helper().WaitForCertificateRequestsReady(context.TODO(), testPod, time.Second) Expect(err).NotTo(HaveOccurred()) By("Extracting certificate and private key") - certPEM, pkPEM, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, testPod.Name, "test-container-1", "/tls", + certPEM, pkPEM, err := f.Helper().CertificateKeyInPodPath(context.TODO(), f.Namespace.Name, testPod.Name, "test-container-1", "/tls", testVolume.CSI.VolumeAttributes) Expect(err).NotTo(HaveOccurred()) By("Extracting PKCS12 file from Pod VolumeMount") - pkcs12File, err := f.Helper().ReadFilePathFromContainer(f.Namespace.Name, testPod.Name, "test-container-1", "/tls/foo.p12") + pkcs12File, err := f.Helper().ReadFilePathFromContainer(context.TODO(), f.Namespace.Name, testPod.Name, "test-container-1", "/tls/foo.p12") Expect(err).NotTo(HaveOccurred()) pkcs12pk, pkcs12cert, _, err := pkcs12.DecodeChain(pkcs12File, "a-random-password") diff --git a/test/e2e/suite/cases/renew.go b/test/e2e/suite/cases/renew.go index 4c5f9fba..ee472f7e 100644 --- a/test/e2e/suite/cases/renew.go +++ b/test/e2e/suite/cases/renew.go @@ -40,14 +40,14 @@ var _ = framework.CasesDescribe("Normal certificate renew behaviour", func() { defer deletePod(f, pod) By("Wait for certificate to be renewed twice but keep the same private key throughout") - cert, key, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name, "/tls", attr) + cert, key, err := f.Helper().CertificateKeyInPodPath(context.TODO(), f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name, "/tls", attr) Expect(err).NotTo(HaveOccurred()) for i := 0; i < 2; i++ { By(fmt.Sprintf("Wait for certificate to be renewed %d", i+1)) Eventually(func() bool { By("Testing pod for new certificate file") - newCert, newKey, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name, "/tls", attr) + newCert, newKey, err := f.Helper().CertificateKeyInPodPath(context.TODO(), f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name, "/tls", attr) Expect(err).NotTo(HaveOccurred()) if !bytes.Equal(cert, newCert) { @@ -70,14 +70,14 @@ var _ = framework.CasesDescribe("Normal certificate renew behaviour", func() { defer deletePod(f, pod) By("Wait for certificate to be renewed and have a new private key") - cert, key, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name, "/tls", attr) + cert, key, err := f.Helper().CertificateKeyInPodPath(context.TODO(), f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name, "/tls", attr) Expect(err).NotTo(HaveOccurred()) for i := 0; i < 2; i++ { By(fmt.Sprintf("Wait for certificate to be renewed %d", i+1)) Eventually(func() bool { By("Testing pod for new certificate file") - newCert, newKey, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name, "/tls", attr) + newCert, newKey, err := f.Helper().CertificateKeyInPodPath(context.TODO(), f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name, "/tls", attr) Expect(err).NotTo(HaveOccurred()) if !bytes.Equal(cert, newCert) { @@ -97,14 +97,14 @@ var _ = framework.CasesDescribe("Normal certificate renew behaviour", func() { defer deletePod(f, pod) By("Wait for certificate to be renewed and have a new private key") - cert, key, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name, "/tls", attr) + cert, key, err := f.Helper().CertificateKeyInPodPath(context.TODO(), f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name, "/tls", attr) Expect(err).NotTo(HaveOccurred()) for i := 0; i < 2; i++ { By(fmt.Sprintf("Wait for certificate to be renewed %d", i+1)) Eventually(func() bool { By("Testing pod for new certificate file") - newCert, newKey, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name, "/tls", attr) + newCert, newKey, err := f.Helper().CertificateKeyInPodPath(context.TODO(), f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name, "/tls", attr) Expect(err).NotTo(HaveOccurred()) if !bytes.Equal(cert, newCert) { @@ -140,14 +140,14 @@ func newRenewingTestPod(f *framework.Framework, extraAttributes map[string]strin Expect(err).NotTo(HaveOccurred()) By("Waiting for Pod to become ready") - err = f.Helper().WaitForPodReady(f.Namespace.Name, testPod.Name, time.Minute) + err = f.Helper().WaitForPodReady(context.TODO(), f.Namespace.Name, testPod.Name, time.Minute) Expect(err).NotTo(HaveOccurred()) testPod, err = f.KubeClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), testPod.Name, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) By("Ensure the corresponding CertificateRequest should exist with the correct spec") - crs, err := f.Helper().WaitForCertificateRequestsReady(testPod, time.Second) + crs, err := f.Helper().WaitForCertificateRequestsReady(context.TODO(), testPod, time.Second) Expect(err).NotTo(HaveOccurred()) Expect(crs).To(HaveLen(1)) diff --git a/test/e2e/suite/cases/stress.go b/test/e2e/suite/cases/stress.go index 10d759dc..e6825d85 100644 --- a/test/e2e/suite/cases/stress.go +++ b/test/e2e/suite/cases/stress.go @@ -18,10 +18,8 @@ package cases import ( "context" - "fmt" "time" - cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -53,14 +51,14 @@ var _ = framework.CasesDescribe("Normal CSI behaviour", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Pod to become ready") - err = f.Helper().WaitForPodReady(f.Namespace.Name, testPod.Name, time.Minute) + err = f.Helper().WaitForPodReady(context.TODO(), f.Namespace.Name, testPod.Name, time.Minute) Expect(err).NotTo(HaveOccurred()) testPod, err = f.KubeClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), testPod.Name, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) By("Ensure the corresponding CertificateRequests should exist with the correct spec") - crs, err := f.Helper().WaitForCertificateRequestsReady(testPod, time.Second) + crs, err := f.Helper().WaitForCertificateRequestsReady(context.TODO(), testPod, time.Second) Expect(err).NotTo(HaveOccurred()) Expect(crs).To(HaveLen(1)) @@ -68,7 +66,7 @@ var _ = framework.CasesDescribe("Normal CSI behaviour", func() { Expect(err).NotTo(HaveOccurred()) By("Ensure the certificate key pair exists in the pod and matches that in the CertificateRequest") - certData, keyData, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, testPod.Name, "test-container-1", "/tls", + certData, keyData, err := f.Helper().CertificateKeyInPodPath(context.TODO(), f.Namespace.Name, testPod.Name, "test-container-1", "/tls", testVolume.CSI.VolumeAttributes) Expect(err).NotTo(HaveOccurred()) @@ -84,57 +82,8 @@ func deletePod(f *framework.Framework, pod *corev1.Pod) { err := f.KubeClientSet.CoreV1().Pods(f.Namespace.Name).Delete(context.TODO(), pod.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) - err = f.Helper().WaitForPodDeletion(pod.Namespace, pod.Name, time.Second*90) + err = f.Helper().WaitForPodDeletion(context.TODO(), pod.Namespace, pod.Name, time.Second*90) Expect(err).NotTo(HaveOccurred()) By("Pod Deleted " + pod.Name) } - -func testPod(f *framework.Framework, pod *corev1.Pod) { - By(fmt.Sprintf("Ensuring corresponding CertificateRequests exists with the correct spec: %s/%s", pod.Namespace, pod.Name)) - - attributesMap := make(map[string]*map[string]string) - - // Not all defined volumes will be mounted. This means that the - // NodePublishVolume will not be called and therefore no - // CertificateRequest will be created. This is by design. - for _, vol := range pod.Spec.Volumes { - // Ignore non csi volumes - if vol.VolumeSource.CSI == nil { - continue - } - - attributesMap[vol.Name] = &vol.CSI.VolumeAttributes - } - - crs, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).List(context.TODO(), metav1.ListOptions{}) - Expect(err).NotTo(HaveOccurred()) - - for _, container := range pod.Spec.Containers { - By(fmt.Sprintf("Ensure the certificate key pairs exists in the pod's container and matches that in the CertificateRequest: %s/%s:%s", pod.Namespace, pod.Name, container.Name)) - for _, vol := range container.VolumeMounts { - // Ignore non csi volumes - if _, ok := attributesMap[vol.Name]; !ok { - continue - } - - crs, err := f.Helper().FindCertificateRequestsReady(crs.Items, pod) - Expect(err).NotTo(HaveOccurred()) - - var matchedCR *cmapi.CertificateRequest - for _, cr := range crs { - if err = util.CertificateRequestMatchesSpec(cr, *attributesMap[vol.Name]); err == nil { - matchedCR = cr - break - } - } - Expect(matchedCR).ShouldNot(BeNil(), "expected one CertificateRequest to match the volume spec") - - certData, keyData, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, pod.Name, container.Name, vol.MountPath, - *attributesMap[vol.Name]) - - err = f.Helper().CertificateKeyMatch(matchedCR, certData, keyData) - Expect(err).NotTo(HaveOccurred()) - } - } -} diff --git a/test/e2e/suite/cases/usages.go b/test/e2e/suite/cases/usages.go index e432574e..e0895c19 100644 --- a/test/e2e/suite/cases/usages.go +++ b/test/e2e/suite/cases/usages.go @@ -51,14 +51,14 @@ var _ = framework.CasesDescribe("Should set key usages correctly", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Pod to become ready") - err = f.Helper().WaitForPodReady(f.Namespace.Name, testPod.Name, time.Minute) + err = f.Helper().WaitForPodReady(context.TODO(), f.Namespace.Name, testPod.Name, time.Minute) Expect(err).NotTo(HaveOccurred()) testPod, err = f.KubeClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), testPod.Name, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) By("Ensure the corresponding CertificateRequest should exist with the correct spec") - crs, err := f.Helper().WaitForCertificateRequestsReady(testPod, time.Second) + crs, err := f.Helper().WaitForCertificateRequestsReady(context.TODO(), testPod, time.Second) Expect(err).NotTo(HaveOccurred()) err = util.CertificateRequestMatchesSpec(crs[0], testVolume.CSI.VolumeAttributes) @@ -66,7 +66,7 @@ var _ = framework.CasesDescribe("Should set key usages correctly", func() { Expect(crs).To(HaveLen(1)) By("Ensure the certificate key pair exists in the pod and matches that in the CertificateRequest") - certData, keyData, err := f.Helper().CertificateKeyInPodPath(f.Namespace.Name, testPod.Name, "test-container-1", "/tls", + certData, keyData, err := f.Helper().CertificateKeyInPodPath(context.TODO(), f.Namespace.Name, testPod.Name, "test-container-1", "/tls", testVolume.CSI.VolumeAttributes) Expect(err).NotTo(HaveOccurred()) diff --git a/test/e2e/suite/cases/util.go b/test/e2e/suite/cases/util.go index d19cda67..96ff46ba 100644 --- a/test/e2e/suite/cases/util.go +++ b/test/e2e/suite/cases/util.go @@ -19,7 +19,7 @@ package cases import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/cert-manager/csi-driver/test/e2e/framework" ) @@ -30,7 +30,7 @@ func basePod(f *framework.Framework, csiAttributes map[string]string) (corev1.Vo VolumeSource: corev1.VolumeSource{ CSI: &corev1.CSIVolumeSource{ Driver: "csi.cert-manager.io", - ReadOnly: pointer.Bool(true), + ReadOnly: ptr.To(true), VolumeAttributes: csiAttributes, }, }, @@ -43,7 +43,7 @@ func basePod(f *framework.Framework, csiAttributes map[string]string) (corev1.Vo }, Spec: corev1.PodSpec{ Containers: []corev1.Container{ - corev1.Container{ + { Name: "test-container-1", Image: "busybox", Command: []string{"sleep", "10000"}, diff --git a/test/e2e/suite/cases/variables.go b/test/e2e/suite/cases/variables.go index 995afcc4..b3972715 100644 --- a/test/e2e/suite/cases/variables.go +++ b/test/e2e/suite/cases/variables.go @@ -49,14 +49,14 @@ var _ = framework.CasesDescribe("Should correctly substitute out SANs with varia Expect(err).NotTo(HaveOccurred()) By("Waiting for Pod to become ready") - err = f.Helper().WaitForPodReady(f.Namespace.Name, testPod.Name, time.Minute) + err = f.Helper().WaitForPodReady(context.TODO(), f.Namespace.Name, testPod.Name, time.Minute) Expect(err).NotTo(HaveOccurred()) testPod, err = f.KubeClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), testPod.Name, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) By("Ensure the corresponding CertificateRequest should exist with the correct spec") - crs, err := f.Helper().WaitForCertificateRequestsReady(testPod, time.Second) + crs, err := f.Helper().WaitForCertificateRequestsReady(context.TODO(), testPod, time.Second) Expect(err).NotTo(HaveOccurred()) Expect(crs).To(HaveLen(1)) return testPod, crs[0] diff --git a/test/e2e/util/metadata.go b/test/e2e/util/metadata.go index b083e032..ea3f0471 100644 --- a/test/e2e/util/metadata.go +++ b/test/e2e/util/metadata.go @@ -33,11 +33,9 @@ func CertificateRequestMatchesSpec(cr *cmapi.CertificateRequest, attr map[string issuerName, ok := attr[csiapi.IssuerNameKey] if !ok { errs = append(errs, fmt.Sprintf("required %q not in volume attributes present", csiapi.IssuerNameKey)) - } else { - if issuerName != cr.Spec.IssuerRef.Name { - errs = append(errs, fmt.Sprintf("expected IssuerRef.Name to equal %q, got %q", - issuerName, cr.Spec.IssuerRef.Name)) - } + } else if issuerName != cr.Spec.IssuerRef.Name { + errs = append(errs, fmt.Sprintf("expected IssuerRef.Name to equal %q, got %q", + issuerName, cr.Spec.IssuerRef.Name)) } issuerKind, ok := attr[csiapi.IssuerKindKey]