func TestOverlappingRCs(t *testing.T) {
client := client.NewOrDie(&client.Config{Host: "", Version: testapi.Version()})
for i := 0; i < 5; i++ {
manager := NewReplicationManager(client, 10)
manager.podStoreSynced = alwaysReady
// Create 10 rcs, shuffled them randomly and insert them into the rc manager's store
var controllers []*api.ReplicationController
for j := 1; j < 10; j++ {
controllerSpec := newReplicationController(1)
controllerSpec.CreationTimestamp = util.Date(2014, time.December, j, 0, 0, 0, 0, time.Local)
controllerSpec.Name = string(util.NewUUID())
controllers = append(controllers, controllerSpec)
}
shuffledControllers := shuffle(controllers)
for j := range shuffledControllers {
manager.rcStore.Store.Add(shuffledControllers[j])
}
// Add a pod and make sure only the oldest rc is synced
pods := newPodList(nil, 1, api.PodPending, controllers[0])
rcKey := getKey(controllers[0], t)
manager.addPod(&pods.Items[0])
queueRC, _ := manager.queue.Get()
if queueRC != rcKey {
t.Fatalf("Expected to find key %v in queue, found %v", rcKey, queueRC)
}
}
}
func testPodWithVolume(path string, source *api.EmptyDirVolumeSource) *api.Pod {
podName := "pod-" + string(util.NewUUID())
return &api.Pod{
TypeMeta: api.TypeMeta{
Kind: "Pod",
APIVersion: latest.Version,
},
ObjectMeta: api.ObjectMeta{
Name: podName,
},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: containerName,
Image: "kubernetes/mounttest:0.1",
VolumeMounts: []api.VolumeMount{
{
Name: volumeName,
MountPath: path,
},
},
},
},
Volumes: []api.Volume{
{
Name: volumeName,
VolumeSource: api.VolumeSource{
EmptyDir: source,
},
},
},
},
}
}
func (v *VolumeOptions) Complete(f *clientcmd.Factory, cmd *cobra.Command, out io.Writer) error {
clientConfig, err := f.ClientConfig()
if err != nil {
return err
}
v.OutputVersion = kcmdutil.OutputVersion(cmd, clientConfig.Version)
cmdNamespace, err := f.DefaultNamespace()
if err != nil {
return err
}
mapper, typer := f.Object()
v.DefaultNamespace = cmdNamespace
v.Writer = out
v.Mapper = mapper
v.Typer = typer
v.RESTClientFactory = f.Factory.RESTClient
v.UpdatePodSpecForObject = f.UpdatePodSpecForObject
if v.Add && len(v.Name) == 0 {
v.Name = string(kutil.NewUUID())
if len(v.Output) == 0 {
fmt.Fprintf(v.Writer, "Generated volume name: %s\n", v.Name)
}
}
// In case of volume source ignore the default volume type
if len(v.AddOpts.Source) > 0 {
v.AddOpts.Type = ""
}
return nil
}
// Create registers the given ReplicationController.
func (rs *REST) Create(ctx api.Context, obj runtime.Object) (<-chan apiserver.RESTResult, error) {
controller, ok := obj.(*api.ReplicationController)
if !ok {
return nil, fmt.Errorf("not a replication controller: %#v", obj)
}
if !api.ValidNamespace(ctx, &controller.ObjectMeta) {
return nil, errors.NewConflict("controller", controller.Namespace, fmt.Errorf("Controller.Namespace does not match the provided context"))
}
if len(controller.Name) == 0 {
controller.Name = util.NewUUID().String()
}
if errs := validation.ValidateReplicationController(controller); len(errs) > 0 {
return nil, errors.NewInvalid("replicationController", controller.Name, errs)
}
api.FillObjectMetaSystemFields(ctx, &controller.ObjectMeta)
return apiserver.MakeAsync(func() (runtime.Object, error) {
err := rs.registry.CreateController(ctx, controller)
if err != nil {
return nil, err
}
return rs.registry.GetController(ctx, controller.Name)
}), nil
}
//TODO: To merge this with the emptyDir tests, we can make source a lambda.
func testPodWithHostVol(path string, source *api.HostPathVolumeSource) *api.Pod {
podName := "pod-" + string(util.NewUUID())
return &api.Pod{
TypeMeta: api.TypeMeta{
Kind: "Pod",
APIVersion: latest.Version,
},
ObjectMeta: api.ObjectMeta{
Name: podName,
},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: containerName,
Image: "gcr.io/google_containers/mounttest:0.2",
VolumeMounts: []api.VolumeMount{
{
Name: volumeName,
MountPath: path,
},
},
},
},
RestartPolicy: api.RestartPolicyNever,
Volumes: mount(source),
},
}
}
// Create a Secret object
func (rs *REST) Create(ctx api.Context, obj runtime.Object) (runtime.Object, error) {
secret, ok := obj.(*api.Secret)
if !ok {
return nil, fmt.Errorf("invalid object type")
}
if !api.ValidNamespace(ctx, &secret.ObjectMeta) {
return nil, errors.NewConflict("secret", secret.Namespace, fmt.Errorf("Secret.Namespace does not match the provided context"))
}
if len(secret.Name) == 0 {
secret.Name = string(util.NewUUID())
}
if errs := validation.ValidateSecret(secret); len(errs) > 0 {
return nil, errors.NewInvalid("secret", secret.Name, errs)
}
api.FillObjectMetaSystemFields(ctx, &secret.ObjectMeta)
err := rs.registry.CreateWithName(ctx, secret.Name, secret)
if err != nil {
return nil, err
}
return rs.registry.Get(ctx, secret.Name)
}
// Create registers the given ReplicationController.
func (rs *REST) Create(ctx api.Context, obj runtime.Object) (<-chan apiserver.RESTResult, error) {
controller, ok := obj.(*api.ReplicationController)
if !ok {
return nil, fmt.Errorf("not a replication controller: %#v", obj)
}
if !api.ValidNamespace(ctx, &controller.ObjectMeta) {
return nil, errors.NewConflict("controller", controller.Namespace, fmt.Errorf("Controller.Namespace does not match the provided context"))
}
if len(controller.Name) == 0 {
controller.Name = util.NewUUID().String()
}
// Pod Manifest ID should be assigned by the pod API
controller.DesiredState.PodTemplate.DesiredState.Manifest.ID = ""
if errs := validation.ValidateReplicationController(controller); len(errs) > 0 {
return nil, errors.NewInvalid("replicationController", controller.Name, errs)
}
controller.CreationTimestamp = util.Now()
return apiserver.MakeAsync(func() (runtime.Object, error) {
err := rs.registry.CreateController(ctx, controller)
if err != nil {
return nil, err
}
return rs.registry.GetController(ctx, controller.Name)
}), nil
}
// testHostIP tests that a pod gets a host IP
func testHostIP(c *client.Client, pod *api.Pod) {
ns := "e2e-test-" + string(util.NewUUID())
podClient := c.Pods(ns)
By("creating pod")
defer podClient.Delete(pod.Name)
_, err := podClient.Create(pod)
if err != nil {
Fail(fmt.Sprintf("Failed to create pod: %v", err))
}
By("ensuring that pod is running and has a hostIP")
// Wait for the pods to enter the running state. Waiting loops until the pods
// are running so non-running pods cause a timeout for this test.
err = waitForPodRunningInNamespace(c, pod.Name, ns)
Expect(err).NotTo(HaveOccurred())
// Try to make sure we get a hostIP for each pod.
hostIPTimeout := 2 * time.Minute
t := time.Now()
for {
p, err := podClient.Get(pod.Name)
Expect(err).NotTo(HaveOccurred())
if p.Status.HostIP != "" {
Logf("Pod %s has hostIP: %s", p.Name, p.Status.HostIP)
break
}
if time.Since(t) >= hostIPTimeout {
Failf("Gave up waiting for hostIP of pod %s after %v seconds",
p.Name, time.Since(t).Seconds())
}
Logf("Retrying to get the hostIP of pod %s", p.Name)
time.Sleep(5 * time.Second)
}
}
func testPDPod(diskName, targetHost string, readOnly bool) *api.Pod {
pod := &api.Pod{
TypeMeta: api.TypeMeta{
Kind: "Pod",
APIVersion: latest.Version,
},
ObjectMeta: api.ObjectMeta{
Name: "pd-test-" + string(util.NewUUID()),
},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: "testpd",
Image: "gcr.io/google_containers/busybox",
Command: []string{"sleep", "600"},
VolumeMounts: []api.VolumeMount{
{
Name: "testpd",
MountPath: "/testpd",
},
},
},
},
NodeName: targetHost,
},
}
if testContext.Provider == "gce" || testContext.Provider == "gke" {
pod.Spec.Volumes = []api.Volume{
{
Name: "testpd",
VolumeSource: api.VolumeSource{
GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{
PDName: diskName,
FSType: "ext4",
ReadOnly: readOnly,
},
},
},
}
} else if testContext.Provider == "aws" {
pod.Spec.Volumes = []api.Volume{
{
Name: "testpd",
VolumeSource: api.VolumeSource{
AWSElasticBlockStore: &api.AWSElasticBlockStoreVolumeSource{
VolumeID: diskName,
FSType: "ext4",
ReadOnly: readOnly,
},
},
},
}
} else {
panic("Unknown provider: " + testContext.Provider)
}
return pod
}
func getService(servicePorts []api.ServicePort) *api.Service {
return &api.Service{
ObjectMeta: api.ObjectMeta{
Name: string(util.NewUUID()), Namespace: ns},
Spec: api.ServiceSpec{
Ports: servicePorts,
},
}
}
func createDNSPod(namespace, probeCmd string) *api.Pod {
pod := &api.Pod{
TypeMeta: api.TypeMeta{
Kind: "Pod",
APIVersion: latest.Version,
},
ObjectMeta: api.ObjectMeta{
Name: "dns-test-" + string(util.NewUUID()),
Namespace: namespace,
},
Spec: api.PodSpec{
Volumes: []api.Volume{
{
Name: "results",
VolumeSource: api.VolumeSource{
EmptyDir: &api.EmptyDirVolumeSource{},
},
},
},
Containers: []api.Container{
// TODO: Consider scraping logs instead of running a webserver.
{
Name: "webserver",
Image: "gcr.io/google_containers/test-webserver",
Ports: []api.ContainerPort{
{
Name: "http",
ContainerPort: 80,
},
},
VolumeMounts: []api.VolumeMount{
{
Name: "results",
MountPath: "/results",
},
},
},
{
Name: "querier",
Image: "gcr.io/google_containers/dnsutils",
Command: []string{"sh", "-c", probeCmd},
VolumeMounts: []api.VolumeMount{
{
Name: "results",
MountPath: "/results",
},
},
},
},
},
}
return pod
}
func getUniqueName(basename string, existingNames *util.StringSet) string {
if !existingNames.Has(basename) {
return basename
}
for i := 0; i < 100; i++ {
trialName := fmt.Sprintf("%v-%d", basename, i)
if !existingNames.Has(trialName) {
return trialName
}
}
return string(util.NewUUID())
}
func runLivenessTest(c *client.Client, podDescr *api.Pod, expectRestart bool) {
ns := "e2e-test-" + string(util.NewUUID())
_, err := createNamespaceIfDoesNotExist(c, ns)
expectNoError(err, fmt.Sprintf("creating namespace %s", ns))
By(fmt.Sprintf("Creating pod %s in namespace %s", podDescr.Name, ns))
_, err = c.Pods(ns).Create(podDescr)
expectNoError(err, fmt.Sprintf("creating pod %s", podDescr.Name))
// At the end of the test, clean up by removing the pod.
defer func() {
By("deleting the pod")
c.Pods(ns).Delete(podDescr.Name, nil)
}()
// Wait until the pod is not pending. (Here we need to check for something other than
// 'Pending' other than checking for 'Running', since when failures occur, we go to
// 'Terminated' which can cause indefinite blocking.)
expectNoError(waitForPodNotPending(c, ns, podDescr.Name),
fmt.Sprintf("starting pod %s in namespace %s", podDescr.Name, ns))
By(fmt.Sprintf("Started pod %s in namespace %s", podDescr.Name, ns))
// Check the pod's current state and verify that restartCount is present.
By("checking the pod's current state and verifying that restartCount is present")
pod, err := c.Pods(ns).Get(podDescr.Name)
expectNoError(err, fmt.Sprintf("getting pod %s in namespace %s", podDescr.Name, ns))
initialRestartCount := api.GetExistingContainerStatus(pod.Status.ContainerStatuses, "liveness").RestartCount
By(fmt.Sprintf("Initial restart count of pod %s is %d", podDescr.Name, initialRestartCount))
// Wait for at most 48 * 5 = 240s = 4 minutes until restartCount is incremented
restarts := false
for i := 0; i < 48; i++ {
// Wait until restartCount is incremented.
time.Sleep(5 * time.Second)
pod, err = c.Pods(ns).Get(podDescr.Name)
expectNoError(err, fmt.Sprintf("getting pod %s", podDescr.Name))
restartCount := api.GetExistingContainerStatus(pod.Status.ContainerStatuses, "liveness").RestartCount
By(fmt.Sprintf("Restart count of pod %s in namespace %s is now %d", podDescr.Name, ns, restartCount))
if restartCount > initialRestartCount {
By(fmt.Sprintf("Restart count of pod %s in namespace %s increased from %d to %d during the test", podDescr.Name, ns, initialRestartCount, restartCount))
restarts = true
break
}
}
if restarts != expectRestart {
Fail(fmt.Sprintf("pod %s in namespace %s - expected restarts: %v, found restarts: %v", podDescr.Name, ns, expectRestart, restarts))
}
}
func makePodSpec(readinessProbe, livenessProbe *api.Probe) *api.Pod {
pod := &api.Pod{
ObjectMeta: api.ObjectMeta{Name: "nginx-" + string(util.NewUUID())},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: "nginx",
Image: "nginx",
LivenessProbe: livenessProbe,
ReadinessProbe: readinessProbe,
},
},
},
}
return pod
}
func makePodSpec(readinessProbe, livenessProbe *api.Probe) *api.Pod {
pod := &api.Pod{
ObjectMeta: api.ObjectMeta{Name: "test-webserver-" + string(util.NewUUID())},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: "test-webserver",
Image: "gcr.io/google_containers/test-webserver",
LivenessProbe: livenessProbe,
ReadinessProbe: readinessProbe,
},
},
},
}
return pod
}
func GetBootstrapPolicy() *authorizationapi.ClusterPolicy {
policy := &authorizationapi.ClusterPolicy{
ObjectMeta: kapi.ObjectMeta{
Name: authorizationapi.PolicyName,
CreationTimestamp: util.Now(),
UID: util.NewUUID(),
},
LastModified: util.Now(),
Roles: make(map[string]*authorizationapi.ClusterRole),
}
roles := bootstrappolicy.GetBootstrapClusterRoles()
for i := range roles {
policy.Roles[roles[i].Name] = &roles[i]
}
return policy
}
// Return a prototypical entrypoint test pod
func entrypointTestPod() *api.Pod {
podName := "client-containers-" + string(util.NewUUID())
return &api.Pod{
ObjectMeta: api.ObjectMeta{
Name: podName,
},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: testContainerName,
Image: "gcr.io/google_containers/eptest:0.1",
},
},
RestartPolicy: api.RestartPolicyNever,
},
}
}
func GetBootstrapPolicyBinding() *authorizationapi.ClusterPolicyBinding {
policyBinding := &authorizationapi.ClusterPolicyBinding{
ObjectMeta: kapi.ObjectMeta{
Name: ":Default",
CreationTimestamp: util.Now(),
UID: util.NewUUID(),
},
LastModified: util.Now(),
RoleBindings: make(map[string]*authorizationapi.ClusterRoleBinding),
}
bindings := bootstrappolicy.GetBootstrapClusterRoleBindings()
for i := range bindings {
policyBinding.RoleBindings[bindings[i].Name] = &bindings[i]
}
return policyBinding
}
func NewWebserverTest(client *client.Client, namespace string, serviceName string) *WebserverTest {
t := &WebserverTest{}
t.Client = client
t.Namespace = namespace
t.ServiceName = serviceName
t.TestId = t.ServiceName + "-" + string(util.NewUUID())
t.Labels = map[string]string{
"testid": t.TestId,
}
t.rcs = make(map[string]bool)
t.services = make(map[string]bool)
t.name = "webserver"
t.image = "gcr.io/google_containers/test-webserver"
return t
}
func createPD() (string, error) {
if testContext.Provider == "gce" {
pdName := fmt.Sprintf("%s-%s", testContext.prefix, string(util.NewUUID()))
zone := testContext.CloudConfig.Zone
// TODO: make this hit the compute API directly instread of shelling out to gcloud.
err := exec.Command("gcloud", "compute", "--project="+testContext.CloudConfig.ProjectID, "disks", "create", "--zone="+zone, "--size=10GB", pdName).Run()
if err != nil {
return "", err
}
return pdName, nil
} else {
volumes, ok := testContext.CloudConfig.Provider.(aws_cloud.Volumes)
if !ok {
return "", fmt.Errorf("Provider does not support volumes")
}
volumeOptions := &aws_cloud.VolumeOptions{}
volumeOptions.CapacityMB = 10 * 1024
return volumes.CreateVolume(volumeOptions)
}
}
func newReplicationController(replicas int) *api.ReplicationController {
rc := &api.ReplicationController{
TypeMeta: api.TypeMeta{APIVersion: testapi.Version()},
ObjectMeta: api.ObjectMeta{
UID: util.NewUUID(),
Name: "foobar",
Namespace: api.NamespaceDefault,
ResourceVersion: "18",
},
Spec: api.ReplicationControllerSpec{
Replicas: replicas,
Selector: map[string]string{"foo": "bar"},
Template: &api.PodTemplateSpec{
ObjectMeta: api.ObjectMeta{
Labels: map[string]string{
"name": "foo",
"type": "production",
},
},
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo/bar",
TerminationMessagePath: api.TerminationMessagePathDefault,
ImagePullPolicy: api.PullIfNotPresent,
SecurityContext: securitycontext.ValidSecurityContextWithContainerDefaults(),
},
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSDefault,
NodeSelector: map[string]string{
"baz": "blah",
},
},
},
},
}
return rc
}
// CreatePodForImage creates a Pod for the given image name. The dockerImageReference
// must be full docker pull spec.
func CreatePodForImage(dockerImageReference string) *kapi.Pod {
podName := namer.GetPodName("test-pod", string(kutil.NewUUID()))
return &kapi.Pod{
TypeMeta: kapi.TypeMeta{
Kind: "Pod",
APIVersion: "v1",
},
ObjectMeta: kapi.ObjectMeta{
Name: podName,
Labels: map[string]string{"name": podName},
},
Spec: kapi.PodSpec{
Containers: []kapi.Container{
{
Name: podName,
Image: dockerImageReference,
},
},
RestartPolicy: kapi.RestartPolicyNever,
},
}
}
func (rs *REST) Create(ctx api.Context, obj runtime.Object) (<-chan apiserver.RESTResult, error) {
pod := obj.(*api.Pod)
if !api.ValidNamespace(ctx, &pod.ObjectMeta) {
return nil, errors.NewConflict("pod", pod.Namespace, fmt.Errorf("Pod.Namespace does not match the provided context"))
}
pod.DesiredState.Manifest.UUID = util.NewUUID().String()
if len(pod.Name) == 0 {
pod.Name = pod.DesiredState.Manifest.UUID
}
pod.DesiredState.Manifest.ID = pod.Name
if errs := validation.ValidatePod(pod); len(errs) > 0 {
return nil, errors.NewInvalid("pod", pod.Name, errs)
}
pod.CreationTimestamp = util.Now()
return apiserver.MakeAsync(func() (runtime.Object, error) {
if err := rs.registry.CreatePod(ctx, pod); err != nil {
return nil, err
}
return rs.registry.GetPod(ctx, pod.Name)
}), nil
}
probeCmd := "for i in `seq 1 600`; do "
for _, name := range namesToResolve {
probeCmd += fmt.Sprintf("wget -O /dev/null %s && echo OK > /results/%s;", name, name)
}
probeCmd += "sleep 1; done"
// Run a pod which probes DNS and exposes the results by HTTP.
By("creating a pod to probe DNS")
pod := &api.Pod{
TypeMeta: api.TypeMeta{
Kind: "Pod",
APIVersion: latest.Version,
},
ObjectMeta: api.ObjectMeta{
Name: "dns-test-" + string(util.NewUUID()),
},
Spec: api.PodSpec{
Volumes: []api.Volume{
{
Name: "results",
VolumeSource: api.VolumeSource{
EmptyDir: &api.EmptyDirVolumeSource{},
},
},
},
Containers: []api.Container{
{
Name: "webserver",
Image: "gcr.io/google_containers/test-webserver",
VolumeMounts: []api.VolumeMount{
Expect(nodeCount).NotTo(BeZero())
totalPodCapacity = 0
for _, node := range nodes.Items {
podCapacity, found := node.Status.Capacity["pods"]
Expect(found).To(Equal(true))
totalPodCapacity += podCapacity.Value()
}
err = deleteTestingNS(c)
expectNoError(err)
nsForTesting, err := createTestingNS("maxp", c)
ns = nsForTesting.Name
expectNoError(err)
uuid = string(util.NewUUID())
})
AfterEach(func() {
rc, err := c.ReplicationControllers(ns).Get(RCName)
if err == nil && rc.Spec.Replicas != 0 {
By("Cleaning up the replication controller")
err := DeleteRC(c, ns, RCName)
expectNoError(err)
}
By(fmt.Sprintf("Destroying namespace for this suite %v", ns))
if err := c.Namespaces().Delete(ns); err != nil {
Failf("Couldn't delete ns %s", err)
}
})
Logf("Retrying to get the hostIP of pod %s", p.Name)
time.Sleep(5 * time.Second)
}
}
var _ = Describe("Pods", func() {
var c *client.Client
BeforeEach(func() {
var err error
c, err = loadClient()
expectNoError(err)
})
PIt("should get a host IP", func() {
name := "pod-hostip-" + string(util.NewUUID())
testHostIP(c, &api.Pod{
ObjectMeta: api.ObjectMeta{
Name: name,
},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: "test",
Image: "gcr.io/google_containers/pause",
},
},
},
})
})
It("should be submitted and removed", func() {
func TestOAuthLDAP(t *testing.T) {
var (
randomSuffix = string(kutil.NewUUID())
providerName = "myldapprovider"
bindDN = "uid=admin,ou=company,ou=" + randomSuffix
bindPassword = "******" + randomSuffix
searchDN = "ou=company,ou=" + randomSuffix
searchAttr = "myuid" + randomSuffix
searchScope = "one" // must be "one","sub", or "base"
searchFilter = "(myAttr=myValue)" // must be a valid LDAP filter format
nameAttr1 = "missing-name-attr"
nameAttr2 = "a-display-name" + randomSuffix
idAttr1 = "missing-id-attr"
idAttr2 = "dn" // "dn" is a special value, so don't add a random suffix to make sure we handle it correctly
emailAttr1 = "missing-attr"
emailAttr2 = "c-mail" + randomSuffix
loginAttr1 = "missing-attr"
loginAttr2 = "d-mylogin" + randomSuffix
myUserUID = "myuser"
myUserName = "******"
myUserEmail = "*****@*****.**"
myUserDN = searchAttr + "=" + myUserUID + "," + searchDN
myUserPassword = "******" + randomSuffix
)
expectedAttributes := [][]byte{}
for _, attr := range kutil.NewStringSet(searchAttr, nameAttr1, nameAttr2, idAttr1, idAttr2, emailAttr1, emailAttr2, loginAttr1, loginAttr2).List() {
expectedAttributes = append(expectedAttributes, []byte(attr))
}
expectedSearchRequest := ldapserver.SearchRequest{
BaseObject: []byte(searchDN),
Scope: ldapserver.SearchRequestSingleLevel,
DerefAliases: 0,
SizeLimit: 2,
TimeLimit: 0,
TypesOnly: false,
Attributes: expectedAttributes,
Filter: fmt.Sprintf("(&%s(%s=%s))", searchFilter, searchAttr, myUserUID),
}
// Start LDAP server
ldapAddress, err := testutil.FindAvailableBindAddress(8389, 8400)
if err != nil {
t.Fatalf("could not allocate LDAP bind address: %v", err)
}
ldapServer := testutil.NewTestLDAPServer()
ldapServer.SetPassword(bindDN, bindPassword)
ldapServer.Start(ldapAddress)
defer ldapServer.Stop()
masterOptions, err := testutil.DefaultMasterOptions()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
masterOptions.OAuthConfig.IdentityProviders[0] = configapi.IdentityProvider{
Name: providerName,
UseAsChallenger: true,
UseAsLogin: true,
Provider: runtime.EmbeddedObject{
&configapi.LDAPPasswordIdentityProvider{
URL: fmt.Sprintf("ldap://%s/%s?%s?%s?%s", ldapAddress, searchDN, searchAttr, searchScope, searchFilter),
BindDN: bindDN,
BindPassword: bindPassword,
Insecure: true,
CA: "",
Attributes: configapi.LDAPAttributes{
ID: []string{idAttr1, idAttr2},
PreferredUsername: []string{loginAttr1, loginAttr2},
Name: []string{nameAttr1, nameAttr2},
Email: []string{emailAttr1, emailAttr2},
},
},
},
}
clusterAdminKubeConfig, err := testutil.StartConfiguredMaster(masterOptions)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
// Use the server and CA info
anonConfig := kclient.Config{}
anonConfig.Host = clusterAdminClientConfig.Host
anonConfig.CAFile = clusterAdminClientConfig.CAFile
anonConfig.CAData = clusterAdminClientConfig.CAData
// Make sure we can't authenticate as a missing user
ldapServer.ResetRequests()
if _, err := tokencmd.RequestToken(&anonConfig, nil, myUserUID, myUserPassword); err == nil {
t.Error("Expected error, got none")
}
if len(ldapServer.BindRequests) != 1 {
t.Error("Expected a single bind request for the search phase, got %d:\n%#v", len(ldapServer.BindRequests), ldapServer.BindRequests)
}
if len(ldapServer.SearchRequests) != 1 {
t.Error("Expected a single search request, got %d:\n%#v", len(ldapServer.BindRequests), ldapServer.BindRequests)
}
// Add user
ldapServer.SetPassword(myUserDN, myUserPassword)
ldapServer.AddSearchResult(myUserDN, map[string]string{emailAttr2: myUserEmail, nameAttr2: myUserName, loginAttr2: myUserUID})
// Make sure we can't authenticate with a bad password
ldapServer.ResetRequests()
if _, err := tokencmd.RequestToken(&anonConfig, nil, myUserUID, "badpassword"); err == nil {
t.Error("Expected error, got none")
}
if len(ldapServer.BindRequests) != 2 {
t.Error("Expected a bind request for the search phase and a failed bind request for the auth phase, got %d:\n%#v", len(ldapServer.BindRequests), ldapServer.BindRequests)
}
if len(ldapServer.SearchRequests) != 1 {
t.Error("Expected a single search request, got %d:\n%#v", len(ldapServer.BindRequests), ldapServer.BindRequests)
}
// Make sure we can get a token with a good password
ldapServer.ResetRequests()
accessToken, err := tokencmd.RequestToken(&anonConfig, nil, myUserUID, myUserPassword)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if len(accessToken) == 0 {
t.Errorf("Expected access token, got none")
}
if len(ldapServer.BindRequests) != 2 {
t.Error("Expected a bind request for the search phase and a failed bind request for the auth phase, got %d:\n%#v", len(ldapServer.BindRequests), ldapServer.BindRequests)
}
if len(ldapServer.SearchRequests) != 1 {
t.Error("Expected a single search request, got %d:\n%#v", len(ldapServer.BindRequests), ldapServer.BindRequests)
}
if !reflect.DeepEqual(expectedSearchRequest.BaseObject, ldapServer.SearchRequests[0].BaseObject) {
t.Errorf("Expected search base DN\n\t%#v\ngot\n\t%#v",
string(expectedSearchRequest.BaseObject),
string(ldapServer.SearchRequests[0].BaseObject),
)
}
if !reflect.DeepEqual(expectedSearchRequest.Filter, ldapServer.SearchRequests[0].Filter) {
t.Errorf("Expected search filter\n\t%#v\ngot\n\t%#v",
string(expectedSearchRequest.Filter),
string(ldapServer.SearchRequests[0].Filter),
)
}
{
expectedAttrs := []string{}
for _, a := range expectedSearchRequest.Attributes {
expectedAttrs = append(expectedAttrs, string(a))
}
actualAttrs := []string{}
for _, a := range ldapServer.SearchRequests[0].Attributes {
actualAttrs = append(actualAttrs, string(a))
}
if !reflect.DeepEqual(expectedAttrs, actualAttrs) {
t.Errorf("Expected search attributes\n\t%#v\ngot\n\t%#v", expectedAttrs, actualAttrs)
}
}
// Make sure we can use the token, and it represents who we expect
userConfig := anonConfig
userConfig.BearerToken = accessToken
userClient, err := client.New(&userConfig)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
user, err := userClient.Users().Get("~")
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if user.Name != myUserUID {
t.Fatalf("Expected %s as the user, got %v", myUserUID, user)
}
// Make sure the identity got created and contained the mapped attributes
identity, err := clusterAdminClient.Identities().Get(fmt.Sprintf("%s:%s", providerName, myUserDN))
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if identity.ProviderUserName != myUserDN {
t.Error("Expected %q, got %q", myUserDN, identity.ProviderUserName)
}
if v := identity.Extra[authapi.IdentityDisplayNameKey]; v != myUserName {
t.Error("Expected %q, got %q", myUserName, v)
}
if v := identity.Extra[authapi.IdentityPreferredUsernameKey]; v != myUserUID {
t.Error("Expected %q, got %q", myUserUID, v)
}
if v := identity.Extra[authapi.IdentityEmailKey]; v != myUserEmail {
t.Error("Expected %q, got %q", myUserEmail, v)
}
}
var err error
c, err = loadClient()
Expect(err).NotTo(HaveOccurred())
})
It("should be sent by kubelets and the scheduler about pods scheduling and running", func() {
provider := testContext.provider
if len(provider) > 0 && provider != "gce" && provider != "gke" && provider != "aws" {
By(fmt.Sprintf("skipping TestKubeletSendsEvent on cloud provider %s", provider))
return
}
podClient := c.Pods(api.NamespaceDefault)
By("creating the pod")
name := "send-events-" + string(util.NewUUID())
value := strconv.Itoa(time.Now().Nanosecond())
pod := &api.Pod{
ObjectMeta: api.ObjectMeta{
Name: name,
Labels: map[string]string{
"name": "foo",
"time": value,
},
},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: "p",
Image: "kubernetes/serve_hostname",
Ports: []api.ContainerPort{{ContainerPort: 80}},
podsPerNode int
timeout time.Duration
}
deleteTests := []DeleteTest{
{podsPerNode: 10, timeout: 1 * time.Minute},
}
for _, itArg := range deleteTests {
name := fmt.Sprintf(
"kubelet should be able to delete %d pods per node in %v.", itArg.podsPerNode, itArg.timeout)
It(name, func() {
totalPods := itArg.podsPerNode * numNodes
By(fmt.Sprintf("Creating a RC of %d pods and wait until all pods of this RC are running", totalPods))
rcName := fmt.Sprintf("cleanup%d-%s", totalPods, string(util.NewUUID()))
Expect(RunRC(RCConfig{
Client: framework.Client,
Name: rcName,
Namespace: framework.Namespace.Name,
Image: "gcr.io/google_containers/pause:go",
Replicas: totalPods,
})).NotTo(HaveOccurred())
// Perform a sanity check so that we know all desired pods are
// running on the nodes according to kubelet. The timeout is set to
// only 30 seconds here because RunRC already waited for all pods to
// transition to the running status.
Expect(waitTillNPodsRunningOnNodes(framework.Client, nodeNames, rcName, framework.Namespace.Name, totalPods,
time.Second*30)).NotTo(HaveOccurred())
logOneTimeResourceUsageSummary(framework.Client, nodeNames.List(), cpuIntervalInSeconds)
package e2e
import (
"fmt"
"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
. "github.com/onsi/ginkgo"
)
var _ = Describe("Secrets", func() {
f := NewFramework("secrets")
It("should be consumable from pods", func() {
name := "secret-test-" + string(util.NewUUID())
volumeName := "secret-volume"
volumeMountPath := "/etc/secret-volume"
secret := &api.Secret{
ObjectMeta: api.ObjectMeta{
Namespace: f.Namespace.Name,
Name: name,
},
Data: map[string][]byte{
"data-1": []byte("value-1\n"),
"data-2": []byte("value-2\n"),
"data-3": []byte("value-3\n"),
},
}
