Move the Certification Test to Validate Cluster

Signed-off-by: est-suse <esteban.esquivel@suse.com>
k3s-io · May 5, 2023 · 1c16f5b · 1c16f5b
1 parent e1e98bc
commit 1c16f5b
Showing 1 changed file with 42 additions and 1 deletion.
diff --git a/tests/e2e/validatecluster/validatecluster_test.go b/tests/e2e/validatecluster/validatecluster_test.go
@@ -4,6 +4,7 @@ import (
 	"flag"
 	"fmt"
 	"os"
+	"regexp"
 	"strings"
 	"testing"
 
@@ -99,7 +100,7 @@ var _ = Describe("Verify Create", Ordered, func() {
 
 			clusterip, _ := e2e.FetchClusterIP(kubeConfigFile, "nginx-clusterip-svc", false)
 			cmd := "curl -L --insecure http://" + clusterip + "/name.html"
-			fmt.Println(cmd)
+			fmt.Println("cluster-ip ESTEBAN", cmd, "kubeConfigFile:", kubeConfigFile)
 			for _, nodeName := range serverNodeNames {
 				Eventually(func(g Gomega) {
 					res, err := e2e.RunCmdOnNode(cmd, nodeName)
@@ -203,13 +204,16 @@ var _ = Describe("Verify Create", Ordered, func() {
 
 			Eventually(func(g Gomega) {
 				cmd := "kubectl get pods dnsutils --kubeconfig=" + kubeConfigFile
+				fmt.Println("ESTEBAN DNS ACESS", cmd)
 				res, err := e2e.RunCommand(cmd)
+				fmt.Println("ESTEBAN DNS ACESS RES", res)
 				g.Expect(err).NotTo(HaveOccurred(), "failed cmd: "+cmd+" result: "+res)
 				g.Expect(res).Should(ContainSubstring("dnsutils"))
 			}, "420s", "2s").Should(Succeed())
 
 			Eventually(func(g Gomega) {
 				cmd := "kubectl --kubeconfig=" + kubeConfigFile + " exec -i -t dnsutils -- nslookup kubernetes.default"
+
 				res, err := e2e.RunCommand(cmd)
 				g.Expect(err).NotTo(HaveOccurred(), "failed cmd: "+cmd+" result: "+res)
 				g.Expect(res).Should(ContainSubstring("kubernetes.default.svc.cluster.local"))
@@ -313,6 +317,43 @@ var _ = Describe("Verify Create", Ordered, func() {
 				g.Expect(res).Should(ContainSubstring("local-path-test"))
 			}, "180s", "2s").Should(Succeed())
 		})
+
+		It("Verifies Certificate Rotation", func() {
+			const grepCert = "sudo ls -lt /var/lib/rancher/k3s/server/ | grep tls"
+			var expectResult = []string{"client-ca.crt", "client-ca.key", "client-ca.nochain.crt", "dynamic-cert.json", "peer-ca.crt",
+				"peer-ca.key", "server-ca.crt", "server-ca.key", "request-header-ca.crt", "request-header-ca.key", "server-ca.crt", "server-ca.key",
+				"server-ca.nochain.crt", "service.current.key", "service.key", "apiserver-loopback-client__.crt", "apiserver-loopback-client__.key", "",
+			}
+
+			var finalResult string
+			var finalErr error
+			errStop := e2e.StopCluster(serverNodeNames)
+			Expect(errStop).NotTo(HaveOccurred(), "Server not stop correctly")
+			errRotate := e2e.RotateCertificate(serverNodeNames)
+			Expect(errRotate).NotTo(HaveOccurred(), "Certificate not rotate correctly")
+			errStart := e2e.StartCluster(serverNodeNames)
+			Expect(errStart).NotTo(HaveOccurred(), "Server not start correctly")
+
+			for _, nodeName := range serverNodeNames {
+				grCert, errGrep := e2e.RunCmdOnNode(grepCert, nodeName)
+				Expect(errGrep).NotTo(HaveOccurred(), "Certificate not created correctly")
+				re := regexp.MustCompile("tls-[0-9]+")
+				tls := re.FindAllString(grCert, -1)[0]
+				final := fmt.Sprintf("sudo diff -sr /var/lib/rancher/k3s/server/tls/ /var/lib/rancher/k3s/server/%s/"+
+					"| grep -i identical | cut -f4 -d ' ' | xargs basename -a \n", tls)
+				finalResult, finalErr = e2e.RunCmdOnNode(final, nodeName)
+				Expect(finalErr).NotTo(HaveOccurred(), "Final Certification does not created correctly")
+			}
+			if len(agentNodeNames) > 0 {
+				errRestartAgent := e2e.RestartCluster(agentNodeNames)
+				Expect(errRestartAgent).NotTo(HaveOccurred(), "Restart Agent not happened correctly")
+			}
+			finalCert := strings.Replace(finalResult, "\n", ",", -1)
+			finalCertArray := strings.Split(finalCert, ",")
+			Expect((finalCertArray)).Should((Equal(expectResult)), "Final certification does not match the expected results")
+
+		})
+
 	})
 })