k3s/tests/docker/cacerts/cacerts_test.go

package main

import (
	"flag"
	"fmt"
	"os"
	"path/filepath"
	"strings"
	"testing"

	"github.com/k3s-io/k3s/tests"
	"github.com/k3s-io/k3s/tests/docker"
	. "github.com/onsi/ginkgo/v2"
	. "github.com/onsi/gomega"
)

var k3sImage = flag.String("k3sImage", "", "The k3s image used to provision containers")
var ci = flag.Bool("ci", false, "running on CI, forced cleanup")
var config *docker.TestConfig
var testID string

func Test_DockerCACerts(t *testing.T) {
	flag.Parse()
	RegisterFailHandler(Fail)
	RunSpecs(t, "CA Certs Docker Test Suite")
}

var _ = Describe("CA Certs Tests", Ordered, func() {

	Context("Setup Cluster", func() {
		// TODO determine if the below is still true
		// This test runs in docker mounting the docker socket,
		// so we can't directly mount files into the test containers. Instead we have to
		// run a dummy container with a volume, copy files into that volume, and then
		// share it with the other containers that need the file.
		It("should configure CA certs", func() {
			var err error
			config, err = docker.NewTestConfig(*k3sImage)
			Expect(err).NotTo(HaveOccurred())
			Expect(os.MkdirAll(filepath.Join(config.TestDir, "pause"), 0755)).To(Succeed())

			testID = filepath.Base(config.TestDir)
			pauseName := fmt.Sprintf("k3s-pause-%s", strings.ToLower(testID))
			tlsMount := fmt.Sprintf("--mount type=volume,src=%s,dst=/var/lib/rancher/k3s/server/tls", pauseName)
			cmd := fmt.Sprintf("docker run -d --name %s --hostname %s %s rancher/mirrored-pause:3.6",
				pauseName, pauseName, tlsMount)
			_, err = tests.RunCommand(cmd)
			Expect(err).NotTo(HaveOccurred())

			dataDir := filepath.Join(config.TestDir, "pause/k3s")
			cmd = fmt.Sprintf("DATA_DIR=%s ../../../contrib/util/generate-custom-ca-certs.sh", dataDir)
			_, err = tests.RunCommand(cmd)
			Expect(err).NotTo(HaveOccurred())

			cmd = fmt.Sprintf("docker cp %s %s:/var/lib/rancher", dataDir, pauseName)
			_, err = tests.RunCommand(cmd)
			Expect(err).NotTo(HaveOccurred())

			// Set SERVER_ARGS to include the custom CA certs
			os.Setenv("SERVER_DOCKER_ARGS", tlsMount)
		})

		It("should provision servers and agents", func() {
			Expect(config.ProvisionServers(1)).To(Succeed())
			Expect(config.ProvisionAgents(1)).To(Succeed())
			Eventually(func() error {
				return tests.CheckDefaultDeployments(config.KubeconfigFile)
			}, "120s", "5s").Should(Succeed())
		})
	})

	Context("Verify Custom CA Certs", func() {
		It("should have custom CA certs", func() {
			// Add your custom CA certs verification logic here
			// Example: Check if the custom CA certs are present in the server container
			for _, server := range config.Servers {
				cmd := fmt.Sprintf("docker exec %s ls /var/lib/rancher/k3s/server/tls", server.Name)
				output, err := tests.RunCommand(cmd)
				Expect(err).NotTo(HaveOccurred(), "failed to list custom CA certs: %v", err)
				Expect(output).To(ContainSubstring("ca.crt"))
			}
		})
	})
})

var failed bool
var _ = AfterEach(func() {
	failed = failed || CurrentSpecReport().Failed()
})

var _ = AfterSuite(func() {
	if failed {
		AddReportEntry("describe", docker.DescribeNodesAndPods(config))
		AddReportEntry("docker-containers", docker.ListContainers())
		AddReportEntry("docker-logs", docker.TailDockerLogs(1000, append(config.Servers, config.Agents...)))
	}
	if config != nil && !failed {
		config.Cleanup()
		cmd := fmt.Sprintf("docker stop k3s-pause-%s", testID)
		_, err := tests.RunCommand(cmd)
		Expect(err).NotTo(HaveOccurred())
		cmd = fmt.Sprintf("docker rm -v k3s-pause-%s", testID)
		_, err = tests.RunCommand(cmd)
		Expect(err).NotTo(HaveOccurred())
		cmd = fmt.Sprintf("docker volume rm k3s-pause-%s", testID)
		_, err = tests.RunCommand(cmd)
		Expect(err).NotTo(HaveOccurred())
	}

})