From 14a9e9f3fad8423e7cb3e5e67062b40de7550d38 Mon Sep 17 00:00:00 2001 From: Manuel Alejandro de Brito Fontes Date: Thu, 28 Mar 2019 20:43:18 -0300 Subject: [PATCH] Update dependencies client-go to release-11.0 and kubernetes-1.14.0 --- cmd/plugin/main.go | 2 +- .../ingress/controller/store/store_test.go | 8 +- internal/net/ssl/ssl_test.go | 104 ++++++++++++++++-- test/e2e/e2e.go | 2 +- test/e2e/framework/deployment.go | 6 +- test/e2e/framework/grpc_fortune_teller.go | 6 +- test/e2e/framework/influxdb.go | 6 +- test/e2e/framework/k8s.go | 7 +- test/e2e/settings/pod_security_policy.go | 2 +- test/e2e/status/update.go | 6 +- 10 files changed, 116 insertions(+), 33 deletions(-) diff --git a/cmd/plugin/main.go b/cmd/plugin/main.go index deea59b51..f3a809715 100644 --- a/cmd/plugin/main.go +++ b/cmd/plugin/main.go @@ -47,7 +47,7 @@ func main() { } // Respect some basic kubectl flags like --namespace - flags := genericclioptions.NewConfigFlags() + flags := genericclioptions.NewConfigFlags(true) flags.AddFlags(rootCmd.PersistentFlags()) rootCmd.AddCommand(ingresses.CreateCommand(flags)) diff --git a/internal/ingress/controller/store/store_test.go b/internal/ingress/controller/store/store_test.go index 584296757..a8f8a2a64 100644 --- a/internal/ingress/controller/store/store_test.go +++ b/internal/ingress/controller/store/store_test.go @@ -245,7 +245,7 @@ func TestStore(t *testing.T) { // Secret takes a bit to update time.Sleep(3 * time.Second) - err = clientSet.Extensions().Ingresses(ni.Namespace).Delete(ni.Name, &metav1.DeleteOptions{}) + err = clientSet.ExtensionsV1beta1().Ingresses(ni.Namespace).Delete(ni.Name, &metav1.DeleteOptions{}) if err != nil { t.Errorf("error creating ingress: %v", err) } @@ -803,13 +803,13 @@ func deleteConfigMap(cm, ns string, clientSet kubernetes.Interface, t *testing.T func ensureIngress(ingress *extensions.Ingress, clientSet kubernetes.Interface, t *testing.T) *extensions.Ingress { t.Helper() - ing, err := clientSet.Extensions().Ingresses(ingress.Namespace).Update(ingress) + ing, err := clientSet.ExtensionsV1beta1().Ingresses(ingress.Namespace).Update(ingress) if err != nil { if k8sErrors.IsNotFound(err) { t.Logf("Ingress %v not found, creating", ingress) - ing, err = clientSet.Extensions().Ingresses(ingress.Namespace).Create(ingress) + ing, err = clientSet.ExtensionsV1beta1().Ingresses(ingress.Namespace).Create(ingress) if err != nil { t.Fatalf("error creating ingress %+v: %v", ingress, err) } @@ -828,7 +828,7 @@ func ensureIngress(ingress *extensions.Ingress, clientSet kubernetes.Interface, func deleteIngress(ingress *extensions.Ingress, clientSet kubernetes.Interface, t *testing.T) { t.Helper() - err := clientSet.Extensions().Ingresses(ingress.Namespace).Delete(ingress.Name, &metav1.DeleteOptions{}) + err := clientSet.ExtensionsV1beta1().Ingresses(ingress.Namespace).Delete(ingress.Name, &metav1.DeleteOptions{}) if err != nil { t.Errorf("failed to delete ingress %+v: %v", ingress, err) diff --git a/internal/net/ssl/ssl_test.go b/internal/net/ssl/ssl_test.go index fa07b505c..83dd07f00 100644 --- a/internal/net/ssl/ssl_test.go +++ b/internal/net/ssl/ssl_test.go @@ -18,9 +18,17 @@ package ssl import ( "bytes" + "crypto" + "crypto/rand" + cryptorand "crypto/rand" "crypto/rsa" "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "errors" "fmt" + "math" + "math/big" "testing" "time" @@ -36,7 +44,7 @@ func generateRSACerts(host string) (*keyPair, *keyPair, error) { return nil, nil, err } - key, err := certutil.NewPrivateKey() + key, err := newPrivateKey() if err != nil { return nil, nil, fmt.Errorf("unable to create a server private key: %v", err) } @@ -45,7 +53,7 @@ func generateRSACerts(host string) (*keyPair, *keyPair, error) { CommonName: host, Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, } - cert, err := certutil.NewSignedCert(config, key, ca.Cert, ca.Key) + cert, err := newSignedCert(config, key, ca.Cert, ca.Key) if err != nil { return nil, nil, fmt.Errorf("unable to sign the server certificate: %v", err) } @@ -66,8 +74,8 @@ func TestStoreSSLCertOnDisk(t *testing.T) { name := fmt.Sprintf("test-%v", time.Now().UnixNano()) - c := certutil.EncodeCertPEM(cert.Cert) - k := certutil.EncodePrivateKeyPEM(cert.Key) + c := encodeCertPEM(cert.Cert) + k := encodePrivateKeyPEM(cert.Key) sslCert, err := CreateSSLCert(c, k) if err != nil { @@ -102,9 +110,9 @@ func TestCACert(t *testing.T) { name := fmt.Sprintf("test-%v", time.Now().UnixNano()) - c := certutil.EncodeCertPEM(cert.Cert) - k := certutil.EncodePrivateKeyPEM(cert.Key) - ca := certutil.EncodeCertPEM(CA.Cert) + c := encodeCertPEM(cert.Cert) + k := encodePrivateKeyPEM(cert.Key) + ca := encodeCertPEM(CA.Cert) sslCert, err := CreateSSLCert(c, k) if err != nil { @@ -151,7 +159,7 @@ func TestConfigureCACert(t *testing.T) { if err != nil { t.Fatalf("unexpected error creating SSL certificate: %v", err) } - c := certutil.EncodeCertPEM(ca.Cert) + c := encodeCertPEM(ca.Cert) sslCert, err := CreateCACert(c) if err != nil { @@ -187,8 +195,8 @@ func TestCreateSSLCert(t *testing.T) { t.Fatalf("unexpected error creating SSL certificate: %v", err) } - c := certutil.EncodeCertPEM(cert.Cert) - k := certutil.EncodePrivateKeyPEM(cert.Key) + c := encodeCertPEM(cert.Cert) + k := encodePrivateKeyPEM(cert.Key) sslCert, err := CreateSSLCert(c, k) if err != nil { @@ -219,7 +227,7 @@ type keyPair struct { } func newCA(name string) (*keyPair, error) { - key, err := certutil.NewPrivateKey() + key, err := newPrivateKey() if err != nil { return nil, fmt.Errorf("unable to create a private key for a new CA: %v", err) } @@ -271,3 +279,77 @@ func TestIsValidHostname(t *testing.T) { } } } + +const ( + duration365d = time.Hour * 24 * 365 + rsaKeySize = 2048 +) + +// newPrivateKey creates an RSA private key +func newPrivateKey() (*rsa.PrivateKey, error) { + return rsa.GenerateKey(cryptorand.Reader, rsaKeySize) +} + +// newSignedCert creates a signed certificate using the given CA certificate and key +func newSignedCert(cfg certutil.Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error) { + serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64)) + if err != nil { + return nil, err + } + if len(cfg.CommonName) == 0 { + return nil, errors.New("must specify a CommonName") + } + if len(cfg.Usages) == 0 { + return nil, errors.New("must specify at least one ExtKeyUsage") + } + + certTmpl := x509.Certificate{ + Subject: pkix.Name{ + CommonName: cfg.CommonName, + Organization: cfg.Organization, + }, + DNSNames: cfg.AltNames.DNSNames, + IPAddresses: cfg.AltNames.IPs, + SerialNumber: serial, + NotBefore: caCert.NotBefore, + NotAfter: time.Now().Add(duration365d).UTC(), + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + ExtKeyUsage: cfg.Usages, + } + certDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &certTmpl, caCert, key.Public(), caKey) + if err != nil { + return nil, err + } + return x509.ParseCertificate(certDERBytes) +} + +// encodePublicKeyPEM returns PEM-encoded public data +func encodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error) { + der, err := x509.MarshalPKIXPublicKey(key) + if err != nil { + return []byte{}, err + } + block := pem.Block{ + Type: "PUBLIC KEY", + Bytes: der, + } + return pem.EncodeToMemory(&block), nil +} + +// encodePrivateKeyPEM returns PEM-encoded private key data +func encodePrivateKeyPEM(key *rsa.PrivateKey) []byte { + block := pem.Block{ + Type: "RSA PRIVATE KEY", + Bytes: x509.MarshalPKCS1PrivateKey(key), + } + return pem.EncodeToMemory(&block) +} + +// encodeCertPEM returns PEM-endcoded certificate data +func encodeCertPEM(cert *x509.Certificate) []byte { + block := pem.Block{ + Type: certutil.CertificateBlockType, + Bytes: cert.Raw, + } + return pem.EncodeToMemory(&block) +} diff --git a/test/e2e/e2e.go b/test/e2e/e2e.go index 215371f13..54caf7568 100644 --- a/test/e2e/e2e.go +++ b/test/e2e/e2e.go @@ -23,7 +23,7 @@ import ( "github.com/onsi/ginkgo" "github.com/onsi/ginkgo/config" "github.com/onsi/gomega" - "k8s.io/apiserver/pkg/util/logs" + "k8s.io/component-base/logs" // required _ "k8s.io/client-go/plugin/pkg/client/auth" diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index 2884da3fe..ae677c01e 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -19,8 +19,8 @@ package framework import ( . "github.com/onsi/gomega" + appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" - extensions "k8s.io/api/extensions/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" ) @@ -68,12 +68,12 @@ func (f *Framework) NewDeployment(name, image string, port int32, replicas int32 }, } - deployment := &extensions.Deployment{ + deployment := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: f.Namespace, }, - Spec: extensions.DeploymentSpec{ + Spec: appsv1.DeploymentSpec{ Replicas: NewInt32(replicas), Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{ diff --git a/test/e2e/framework/grpc_fortune_teller.go b/test/e2e/framework/grpc_fortune_teller.go index 2293ddf5f..7cab3e026 100644 --- a/test/e2e/framework/grpc_fortune_teller.go +++ b/test/e2e/framework/grpc_fortune_teller.go @@ -19,8 +19,8 @@ package framework import ( . "github.com/onsi/gomega" + appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" - extensions "k8s.io/api/extensions/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/util/intstr" @@ -35,12 +35,12 @@ func (f *Framework) NewGRPCFortuneTellerDeployment() { // NewNewGRPCFortuneTellerDeploymentWithReplicas creates a new deployment of the // fortune teller image in a particular namespace. Number of replicas is configurable func (f *Framework) NewNewGRPCFortuneTellerDeploymentWithReplicas(replicas int32) { - deployment := &extensions.Deployment{ + deployment := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Name: "fortune-teller", Namespace: f.Namespace, }, - Spec: extensions.DeploymentSpec{ + Spec: appsv1.DeploymentSpec{ Replicas: NewInt32(replicas), Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{ diff --git a/test/e2e/framework/influxdb.go b/test/e2e/framework/influxdb.go index dfb441a66..81c5ff656 100644 --- a/test/e2e/framework/influxdb.go +++ b/test/e2e/framework/influxdb.go @@ -19,8 +19,8 @@ package framework import ( . "github.com/onsi/gomega" + appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" - extensions "k8s.io/api/extensions/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" ) @@ -73,12 +73,12 @@ func (f *Framework) NewInfluxDBDeployment() { Expect(cm).NotTo(BeNil(), "expected a configmap but none returned") - deployment := &extensions.Deployment{ + deployment := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Name: "influxdb-svc", Namespace: f.Namespace, }, - Spec: extensions.DeploymentSpec{ + Spec: appsv1.DeploymentSpec{ Replicas: NewInt32(1), Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{ diff --git a/test/e2e/framework/k8s.go b/test/e2e/framework/k8s.go index de0acd06a..c30a958b7 100644 --- a/test/e2e/framework/k8s.go +++ b/test/e2e/framework/k8s.go @@ -23,6 +23,7 @@ import ( . "github.com/onsi/gomega" + appsv1 "k8s.io/api/apps/v1" api "k8s.io/api/core/v1" core "k8s.io/api/core/v1" extensions "k8s.io/api/extensions/v1beta1" @@ -108,11 +109,11 @@ func (f *Framework) EnsureService(service *core.Service) *core.Service { } // EnsureDeployment creates a Deployment object or returns it if it already exists. -func (f *Framework) EnsureDeployment(deployment *extensions.Deployment) (*extensions.Deployment, error) { - d, err := f.KubeClientSet.Extensions().Deployments(deployment.Namespace).Update(deployment) +func (f *Framework) EnsureDeployment(deployment *appsv1.Deployment) (*appsv1.Deployment, error) { + d, err := f.KubeClientSet.AppsV1().Deployments(deployment.Namespace).Update(deployment) if err != nil { if k8sErrors.IsNotFound(err) { - return f.KubeClientSet.Extensions().Deployments(deployment.Namespace).Create(deployment) + return f.KubeClientSet.AppsV1().Deployments(deployment.Namespace).Create(deployment) } return nil, err } diff --git a/test/e2e/settings/pod_security_policy.go b/test/e2e/settings/pod_security_policy.go index eec563e61..58cd227c0 100644 --- a/test/e2e/settings/pod_security_policy.go +++ b/test/e2e/settings/pod_security_policy.go @@ -43,7 +43,7 @@ var _ = framework.IngressNginxDescribe("[Serial] Pod Security Policies", func() BeforeEach(func() { psp := createPodSecurityPolicy() - _, err := f.KubeClientSet.Extensions().PodSecurityPolicies().Create(psp) + _, err := f.KubeClientSet.ExtensionsV1beta1().PodSecurityPolicies().Create(psp) if !k8sErrors.IsAlreadyExists(err) { Expect(err).NotTo(HaveOccurred(), "creating Pod Security Policy") } diff --git a/test/e2e/status/update.go b/test/e2e/status/update.go index c28122a0f..6d9345d5a 100644 --- a/test/e2e/status/update.go +++ b/test/e2e/status/update.go @@ -87,11 +87,11 @@ var _ = framework.IngressNginxDescribe("Status Update [Status]", func() { err = cmd.Process.Kill() Expect(err).NotTo(HaveOccurred(), "unexpected error terminating kubectl proxy") - ing, err = f.KubeClientSet.Extensions().Ingresses(f.Namespace).Get(host, metav1.GetOptions{}) + ing, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.Namespace).Get(host, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred(), "unexpected error getting %s/%v Ingress", f.Namespace, host) ing.Status.LoadBalancer.Ingress = []apiv1.LoadBalancerIngress{} - _, err = f.KubeClientSet.Extensions().Ingresses(f.Namespace).UpdateStatus(ing) + _, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.Namespace).UpdateStatus(ing) Expect(err).NotTo(HaveOccurred(), "unexpected error cleaning Ingress status") time.Sleep(10 * time.Second) @@ -110,7 +110,7 @@ var _ = framework.IngressNginxDescribe("Status Update [Status]", func() { }() err = wait.Poll(10*time.Second, framework.DefaultTimeout, func() (done bool, err error) { - ing, err = f.KubeClientSet.Extensions().Ingresses(f.Namespace).Get(host, metav1.GetOptions{}) + ing, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.Namespace).Get(host, metav1.GetOptions{}) if err != nil { return false, nil }