diff --git a/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigSourcePrecedenceTest.java b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigSourcePrecedenceTest.java new file mode 100644 index 00000000000..c401589e5ef --- /dev/null +++ b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigSourcePrecedenceTest.java @@ -0,0 +1,220 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client; + +import io.fabric8.kubernetes.client.utils.Utils; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Nested; +import org.junit.jupiter.api.Test; + +import static org.assertj.core.api.AssertionsForClassTypes.assertThat; + +class ConfigSourcePrecedenceTest { + + @Nested + @DisplayName("kubeconfig") + class KubeConfigSource { + @BeforeEach + void setUp() { + System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, Utils.filePath(ConfigTest.class.getResource("/test-kubeconfig"))); + } + + @Test + @DisplayName("no other source provided, use kubeconfig attributes in Config") + void whenNoOtherSourceProvided_thenUseKubeConfig() { + // Given + Config config = new ConfigBuilder().build(); + + // When + Then + assertThat(config) + .hasFieldOrPropertyWithValue("masterUrl", "https://172.28.128.4:8443/") + .hasFieldOrPropertyWithValue("namespace", "testns") + .hasFieldOrPropertyWithValue("autoOAuthToken", "token"); + } + + @Nested + @DisplayName("user configuration overrides KubeConfig attributes") + class UserConfigurationOverKubeConfig extends UserConfigurationViaConfigBuilder { + } + + @Test + @DisplayName("System Properties configured, then give precedence to System Properties") + void whenSystemPropertiesUsedForSomeFields_thenSystemPropertiesGivenPrecedence() { + try { + // Given + System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "https://user-configuration-override:8443"); + System.setProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY, "namespace-overridden"); + System.setProperty(Config.KUBERNETES_OAUTH_TOKEN_SYSTEM_PROPERTY, "token-overridden"); + + // When + Config config = new ConfigBuilder().build(); + + // Then + assertThat(config) + .hasFieldOrPropertyWithValue("masterUrl", "https://user-configuration-override:8443/") + .hasFieldOrPropertyWithValue("namespace", "namespace-overridden") + .hasFieldOrPropertyWithValue("autoOAuthToken", "token-overridden"); + } finally { + System.clearProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY); + System.clearProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY); + System.clearProperty(Config.KUBERNETES_OAUTH_TOKEN_SYSTEM_PROPERTY); + } + } + + @Test + @DisplayName("Service Account files provided, then do NOT use it") + void whenServiceAccountPropertyConfigured_thenDoNotUseIt() { + try { + // Given + System.setProperty(Config.KUBERNETES_SERVICE_HOST_PROPERTY, "10.96.0.1"); + System.setProperty(Config.KUBERNETES_SERVICE_PORT_PROPERTY, "443"); + System.setProperty(Config.KUBERNETES_AUTH_SERVICEACCOUNT_TOKEN_FILE_SYSTEM_PROPERTY, + Utils.filePath(ConfigTest.class.getResource("/test-serviceaccount/token"))); + System.setProperty(Config.KUBERNETES_NAMESPACE_FILE, Utils.filePath(ConfigTest.class.getResource("/test-namespace"))); + Config config = new ConfigBuilder().build(); + + // When + Then + assertThat(config) + .hasFieldOrPropertyWithValue("masterUrl", "https://172.28.128.4:8443/") + .hasFieldOrPropertyWithValue("namespace", "testns") + .hasFieldOrPropertyWithValue("autoOAuthToken", "token"); + } finally { + System.clearProperty(Config.KUBERNETES_SERVICE_HOST_PROPERTY); + System.clearProperty(Config.KUBERNETES_SERVICE_PORT_PROPERTY); + System.clearProperty(Config.KUBERNETES_AUTH_SERVICEACCOUNT_TOKEN_FILE_SYSTEM_PROPERTY); + System.clearProperty(Config.KUBERNETES_NAMESPACE_FILE); + } + } + } + + @Nested + @DisplayName("In Cluster mounted ServiceAccount") + class MountedServiceAccountSource { + @BeforeEach + void setUp() { + System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, "/dev/null"); + System.setProperty(Config.KUBERNETES_SERVICE_HOST_PROPERTY, "10.96.0.1"); + System.setProperty(Config.KUBERNETES_SERVICE_PORT_PROPERTY, "443"); + System.setProperty(Config.KUBERNETES_AUTH_SERVICEACCOUNT_TOKEN_FILE_SYSTEM_PROPERTY, + Utils.filePath(ConfigTest.class.getResource("/test-serviceaccount/token"))); + System.setProperty(Config.KUBERNETES_NAMESPACE_FILE, Utils.filePath(ConfigTest.class.getResource("/test-namespace"))); + } + + @Test + @DisplayName("no other source provided, use ServiceAccount attributes in Config") + void whenNoOtherSourceProvided_thenUseServiceAccount() { + // Given + Config config = new ConfigBuilder().build(); + + // When + Then + assertThat(config) + .hasFieldOrPropertyWithValue("masterUrl", "https://10.96.0.1:443/") + .hasFieldOrPropertyWithValue("namespace", "testnsfrompath") + .extracting(Config::getAutoOAuthToken) + .asString() + .contains("token-from-mounted-serviceaccount"); + } + + @Nested + @DisplayName("user configuration overrides ServiceAccount's Config attributes") + class UserConfigurationOverServiceAccount extends UserConfigurationViaConfigBuilder { + } + + @Test + @DisplayName("System Properties configured, then give precedence to System Properties") + void whenSystemPropertiesUsedForSomeFields_thenSystemPropertiesGivenPrecedence() { + try { + System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "https://user-configuration-override:8443"); + System.setProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY, "namespace-overridden"); + System.setProperty(Config.KUBERNETES_OAUTH_TOKEN_SYSTEM_PROPERTY, "token-overridden"); + Config config = new ConfigBuilder().build(); + + // When + Then + assertThat(config) + .hasFieldOrPropertyWithValue("masterUrl", "https://user-configuration-override:8443/") + .hasFieldOrPropertyWithValue("namespace", "namespace-overridden") + .hasFieldOrPropertyWithValue("autoOAuthToken", "token-overridden"); + } finally { + System.clearProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY); + System.clearProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY); + System.clearProperty(Config.KUBERNETES_OAUTH_TOKEN_SYSTEM_PROPERTY); + } + } + + @AfterEach + void tearDown() { + System.clearProperty(Config.KUBERNETES_SERVICE_HOST_PROPERTY); + System.clearProperty(Config.KUBERNETES_SERVICE_PORT_PROPERTY); + System.clearProperty(Config.KUBERNETES_AUTH_SERVICEACCOUNT_TOKEN_FILE_SYSTEM_PROPERTY); + System.clearProperty(Config.KUBERNETES_NAMESPACE_FILE); + System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILE); + } + } + + @Nested + @DisplayName("System Properties") + class SystemPropertiesSource { + @BeforeEach + void setUp() { + System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "https://user-configuration-override:8443"); + System.setProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY, "namespace-overridden"); + System.setProperty(Config.KUBERNETES_OAUTH_TOKEN_SYSTEM_PROPERTY, "token-overridden"); + } + + @Test + @DisplayName("when no other sources configured, then read from System properties") + void whenNoOtherSourceProvided_thenUseSystemProperties() { + assertThat(new ConfigBuilder().build()) + .hasFieldOrPropertyWithValue("masterUrl", "https://user-configuration-override:8443/") + .hasFieldOrPropertyWithValue("namespace", "namespace-overridden") + .hasFieldOrPropertyWithValue("autoOAuthToken", "token-overridden"); + } + + @Nested + @DisplayName("User configuration overrides Config attributes configured via System Properties") + class UserConfigurationOverSystemProperties extends UserConfigurationViaConfigBuilder { + } + + @AfterEach + void tearDown() { + System.clearProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY); + System.clearProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY); + System.clearProperty(Config.KUBERNETES_OAUTH_TOKEN_SYSTEM_PROPERTY); + } + } + + private abstract static class UserConfigurationViaConfigBuilder { + @SuppressWarnings("unused") + @Test + @DisplayName("User configuration via builder given most precedence") + void whenUserConfigurationOverridesSomeFields_thenUserConfigurationGivenPrecedence() { + // Given + Config config = new ConfigBuilder() + .withMasterUrl("https://user-configuration-override:8443") + .withNamespace("namespace-overridden") + .withAutoOAuthToken("token-overridden") + .build(); + + // When + Then + assertThat(config) + .hasFieldOrPropertyWithValue("masterUrl", "https://user-configuration-override:8443/") + .hasFieldOrPropertyWithValue("namespace", "namespace-overridden") + .hasFieldOrPropertyWithValue("autoOAuthToken", "token-overridden"); + } + } +} diff --git a/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigTest.java b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigTest.java index 51ccf348c9d..e25ba42e092 100644 --- a/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigTest.java +++ b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigTest.java @@ -17,11 +17,16 @@ import io.fabric8.kubernetes.api.model.ExecConfig; import io.fabric8.kubernetes.api.model.ExecConfigBuilder; +import io.fabric8.kubernetes.api.model.NamedContext; +import io.fabric8.kubernetes.api.model.NamedContextBuilder; import io.fabric8.kubernetes.client.http.TlsVersion; import io.fabric8.kubernetes.client.lib.FileSystem; import io.fabric8.kubernetes.client.utils.Utils; +import org.assertj.core.api.InstanceOfAssertFactories; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.condition.EnabledOnOs; @@ -39,14 +44,6 @@ import java.util.Objects; import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertArrayEquals; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; -import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertNotSame; -import static org.junit.jupiter.api.Assertions.assertNull; -import static org.junit.jupiter.api.Assertions.assertSame; -import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.condition.OS.WINDOWS; class ConfigTest { @@ -128,6 +125,13 @@ public void setUp() { System.getProperties().remove(Config.KUBERNETES_SERVICE_PORT_PROPERTY); System.getProperties().remove(Config.KUBERNETES_IMPERSONATE_USERNAME); System.getProperties().remove(Config.KUBERNETES_IMPERSONATE_GROUP); + System.getProperties().remove(Config.KUBERNETES_WEBSOCKET_PING_INTERVAL_SYSTEM_PROPERTY); + System.getProperties().remove(Config.KUBERNETES_CONNECTION_TIMEOUT_SYSTEM_PROPERTY); + System.getProperties().remove(Config.KUBERNETES_SCALE_TIMEOUT_SYSTEM_PROPERTY); + System.getProperties().remove(Config.KUBERNETES_HTTPS_PROXY); + System.getProperties().remove(Config.KUBERNETES_NO_PROXY); + System.getProperties().remove(Config.KUBERNETES_PROXY_USERNAME); + System.getProperties().remove(Config.KUBERNETES_PROXY_PASSWORD); } @AfterEach @@ -135,189 +139,288 @@ public void tearDown() { setUp(); } - @Test - void testWithSystemProperties() { - System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "http://somehost:80"); - System.setProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY, "testns"); - - System.setProperty(Config.KUBERNETES_OAUTH_TOKEN_SYSTEM_PROPERTY, "token"); - System.setProperty(Config.KUBERNETES_AUTH_BASIC_USERNAME_SYSTEM_PROPERTY, "user"); - System.setProperty(Config.KUBERNETES_AUTH_BASIC_PASSWORD_SYSTEM_PROPERTY, "pass"); - System.setProperty(Config.KUBERNETES_TRUST_CERT_SYSTEM_PROPERTY, "true"); - System.setProperty(Config.KUBERNETES_DISABLE_HOSTNAME_VERIFICATION_SYSTEM_PROPERTY, "true"); - System.setProperty(Config.KUBERNETES_CA_CERTIFICATE_FILE_SYSTEM_PROPERTY, "/path/to/cert"); - System.setProperty(Config.KUBERNETES_CA_CERTIFICATE_DATA_SYSTEM_PROPERTY, "cacertdata"); - System.setProperty(Config.KUBERNETES_CLIENT_CERTIFICATE_FILE_SYSTEM_PROPERTY, "/path/to/clientcert"); - System.setProperty(Config.KUBERNETES_CLIENT_CERTIFICATE_DATA_SYSTEM_PROPERTY, "clientcertdata"); - System.setProperty(Config.KUBERNETES_CLIENT_KEY_FILE_SYSTEM_PROPERTY, "/path/to/clientkey"); - System.setProperty(Config.KUBERNETES_CLIENT_KEY_DATA_SYSTEM_PROPERTY, "clientkeydata"); - System.setProperty(Config.KUBERNETES_CLIENT_KEY_ALGO_SYSTEM_PROPERTY, "algo"); - System.setProperty(Config.KUBERNETES_CLIENT_KEY_PASSPHRASE_SYSTEM_PROPERTY, "passphrase"); - System.setProperty(Config.KUBERNETES_CLIENT_KEY_FILE_SYSTEM_PROPERTY, "/path/to/clientkey"); - System.setProperty(Config.KUBERNETES_MAX_CONCURRENT_REQUESTS, "120"); - System.setProperty(Config.KUBERNETES_MAX_CONCURRENT_REQUESTS_PER_HOST, "20"); - System.setProperty(Config.KUBERNETES_WATCH_RECONNECT_INTERVAL_SYSTEM_PROPERTY, "5000"); - System.setProperty(Config.KUBERNETES_WATCH_RECONNECT_LIMIT_SYSTEM_PROPERTY, "5"); - System.setProperty(Config.KUBERNETES_REQUEST_TIMEOUT_SYSTEM_PROPERTY, "5000"); - System.setProperty(Config.KUBERNETES_HTTP_PROXY, "httpProxy"); - - System.setProperty(Config.KUBERNETES_TLS_VERSIONS, "TLSv1.2,TLSv1.1"); + @Nested + @DisplayName("System Properties Configured") + class SystemPropertiesConfigured { + @BeforeEach + void setUp() { + setKubernetesClientConfigSystemProperties(); + } - System.setProperty(Config.KUBERNETES_TRUSTSTORE_FILE_PROPERTY, "/path/to/truststore"); - System.setProperty(Config.KUBERNETES_TRUSTSTORE_PASSPHRASE_PROPERTY, "truststorePassphrase"); - System.setProperty(Config.KUBERNETES_KEYSTORE_FILE_PROPERTY, "/path/to/keystore"); - System.setProperty(Config.KUBERNETES_KEYSTORE_PASSPHRASE_PROPERTY, "keystorePassphrase"); + @Test + @DisplayName("no args Config constructor, should load from properties") + void zeroArgumentConstructor_whenInvoked_shouldLoadFromProperties() { + assertConfig(new Config(), "http://somehost:80/", "testns", true); + } - System.setProperty(Config.KUBERNETES_UPLOAD_REQUEST_TIMEOUT_SYSTEM_PROPERTY, "600000"); + @Test + @DisplayName("ConfigBuilder, should load from properties") + void configBuilder_whenInvoked_shouldLoadFromProperties() { + assertConfig(new ConfigBuilder().build(), "http://somehost:80/", "testns", true); + } - Config config = new Config(); - assertConfig(config, true); + @Test + @DisplayName("ConfigBuilder, with builder methods, should override properties") + void configBuilder_withBuilderMethods_shouldOverrideFieldsConfiguredViaProperties() { + Config config = new ConfigBuilder() + .withMasterUrl("http://somehost-via-builder:80") + .withNamespace("testns-via-builder") + .build(); - config = new ConfigBuilder().build(); - assertConfig(config, true); + assertConfig(config, "http://somehost-via-builder:80/", "testns-via-builder", true); + } } - @Test - void testWithBuilder() { - Config config = new ConfigBuilder() - .withMasterUrl("http://somehost:80") - .withApiVersion("v1") - .withNamespace("testns") - .withOauthToken("token") - .withUsername("user") - .withPassword("pass") - .withTrustCerts(true) - .withDisableHostnameVerification(true) - .withCaCertFile("/path/to/cert") - .withCaCertData("cacertdata") - .withClientCertFile("/path/to/clientcert") - .withClientCertData("clientcertdata") - .withClientKeyFile("/path/to/clientkey") - .withClientKeyData("clientkeydata") - .withClientKeyAlgo("algo") - .withClientKeyPassphrase("passphrase") - .withMaxConcurrentRequests(120) - .withMaxConcurrentRequestsPerHost(20) - .withWatchReconnectInterval(5000) - .withWatchReconnectLimit(5) - .withRequestTimeout(5000) - .withUploadRequestTimeout(600000) - .withHttpProxy("httpProxy") - .withTlsVersions(TlsVersion.TLS_1_2, TlsVersion.TLS_1_1) - .withTrustStoreFile("/path/to/truststore") - .withTrustStorePassphrase("truststorePassphrase") - .withKeyStoreFile("/path/to/keystore") - .withKeyStorePassphrase("keystorePassphrase") - .build(); + @Nested + @DisplayName("ConfigBuilder") + class BuilderConfigured { + @Test + @DisplayName("when fields configured via builder, then fields get most precedence") + void testWithBuilder() { + Config config = new ConfigBuilder() + .withMasterUrl("http://somehost:80") + .withApiVersion("v1") + .withNamespace("testns") + .withOauthToken("token") + .withUsername("user") + .withPassword("pass") + .withTrustCerts(true) + .withDisableHostnameVerification(true) + .withCaCertFile("/path/to/cert") + .withCaCertData("cacertdata") + .withClientCertFile("/path/to/clientcert") + .withClientCertData("clientcertdata") + .withClientKeyFile("/path/to/clientkey") + .withClientKeyData("clientkeydata") + .withClientKeyAlgo("algo") + .withClientKeyPassphrase("passphrase") + .withMaxConcurrentRequests(120) + .withMaxConcurrentRequestsPerHost(20) + .withWatchReconnectInterval(5000) + .withWatchReconnectLimit(5) + .withRequestTimeout(5000) + .withUploadRequestTimeout(600000) + .withHttpProxy("httpProxy") + .withHttpsProxy("httpsProxy") + .withProxyUsername("proxyUsername") + .withProxyPassword("proxyPassword") + .withNoProxy("no-proxy-url1.io", "no-proxy-url2.io") + .withTlsVersions(TlsVersion.TLS_1_2, TlsVersion.TLS_1_1) + .withTrustStoreFile("/path/to/truststore") + .withTrustStorePassphrase("truststorePassphrase") + .withKeyStoreFile("/path/to/keystore") + .withKeyStorePassphrase("keystorePassphrase") + .withHttp2Disable(false) + .withWebsocketPingInterval(1000L) + .withConnectionTimeout(1000) + .withScaleTimeout(1000L) + .build(); + + assertConfig(config, "http://somehost:80/", "testns", false); + } - assertConfig(config, false); - } + @Test + @DisplayName("no additional config, should use default value for webSocketPingInterval") + void shouldHonorDefaultWebsocketPingInterval() { + Config config = new ConfigBuilder().build(); - @Test - void testWithBuilderAndSystemProperties() { - System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "http://tobeoverriden:80"); - System.setProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY, "tobeoverriden"); + assertThat(config.getWebsocketPingInterval()) + .isEqualTo(30000L); + } + } - System.setProperty(Config.KUBERNETES_OAUTH_TOKEN_SYSTEM_PROPERTY, "token"); - System.setProperty(Config.KUBERNETES_AUTH_BASIC_USERNAME_SYSTEM_PROPERTY, "user"); - System.setProperty(Config.KUBERNETES_AUTH_BASIC_PASSWORD_SYSTEM_PROPERTY, "pass"); - System.setProperty(Config.KUBERNETES_TRUST_CERT_SYSTEM_PROPERTY, "true"); - System.setProperty(Config.KUBERNETES_DISABLE_HOSTNAME_VERIFICATION_SYSTEM_PROPERTY, "true"); - System.setProperty(Config.KUBERNETES_CA_CERTIFICATE_FILE_SYSTEM_PROPERTY, "/path/to/cert"); - System.setProperty(Config.KUBERNETES_CA_CERTIFICATE_DATA_SYSTEM_PROPERTY, "cacertdata"); - System.setProperty(Config.KUBERNETES_CLIENT_CERTIFICATE_FILE_SYSTEM_PROPERTY, "/path/to/clientcert"); - System.setProperty(Config.KUBERNETES_CLIENT_CERTIFICATE_DATA_SYSTEM_PROPERTY, "clientcertdata"); - System.setProperty(Config.KUBERNETES_CLIENT_KEY_FILE_SYSTEM_PROPERTY, "/path/to/clientkey"); - System.setProperty(Config.KUBERNETES_CLIENT_KEY_DATA_SYSTEM_PROPERTY, "clientkeydata"); - System.setProperty(Config.KUBERNETES_CLIENT_KEY_ALGO_SYSTEM_PROPERTY, "algo"); - System.setProperty(Config.KUBERNETES_CLIENT_KEY_PASSPHRASE_SYSTEM_PROPERTY, "passphrase"); - System.setProperty(Config.KUBERNETES_CLIENT_KEY_FILE_SYSTEM_PROPERTY, "/path/to/clientkey"); - System.setProperty(Config.KUBERNETES_MAX_CONCURRENT_REQUESTS, "120"); - System.setProperty(Config.KUBERNETES_MAX_CONCURRENT_REQUESTS_PER_HOST, "20"); - System.setProperty(Config.KUBERNETES_WATCH_RECONNECT_INTERVAL_SYSTEM_PROPERTY, "5000"); - System.setProperty(Config.KUBERNETES_WATCH_RECONNECT_LIMIT_SYSTEM_PROPERTY, "5"); - System.setProperty(Config.KUBERNETES_REQUEST_TIMEOUT_SYSTEM_PROPERTY, "5000"); - System.setProperty(Config.KUBERNETES_HTTP_PROXY, "httpProxy"); + @Nested + @DisplayName("Inside Kubernetes cluster") + class InCluster { + @BeforeEach + void setUp() { + System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, "/dev/null"); + } - System.setProperty(Config.KUBERNETES_TLS_VERSIONS, "TLSv1.2,TLSv1.1"); + @Test + void testMasterUrlWithServiceAccount() { + try { + System.setProperty(Config.KUBERNETES_SERVICE_HOST_PROPERTY, "10.0.0.1"); + System.setProperty(Config.KUBERNETES_SERVICE_PORT_PROPERTY, "443"); + Config config = Config.autoConfigure(null); + assertThat(config) + .hasFieldOrPropertyWithValue("masterUrl", "https://10.0.0.1:443/") + .hasFieldOrPropertyWithValue("file", null); + } finally { + System.clearProperty(Config.KUBERNETES_SERVICE_HOST_PROPERTY); + System.clearProperty(Config.KUBERNETES_SERVICE_PORT_PROPERTY); + } + } - System.setProperty(Config.KUBERNETES_TRUSTSTORE_FILE_PROPERTY, "/path/to/truststore"); - System.setProperty(Config.KUBERNETES_TRUSTSTORE_PASSPHRASE_PROPERTY, "truststorePassphrase"); - System.setProperty(Config.KUBERNETES_KEYSTORE_FILE_PROPERTY, "/path/to/keystore"); - System.setProperty(Config.KUBERNETES_KEYSTORE_PASSPHRASE_PROPERTY, "keystorePassphrase"); + @Test + void testAutoConfig() { + Config config = Config.autoConfigure(null); + assertThat(config) + .hasFieldOrPropertyWithValue("file", null) + .hasFieldOrPropertyWithValue("autoConfigure", true); + + // ensure that refresh creates a new instance + Config refresh = config.refresh(); + assertThat(refresh) + .isNotSameAs(config) + .hasFieldOrPropertyWithValue("file", null) + .hasFieldOrPropertyWithValue("autoConfigure", true); + } - System.setProperty(Config.KUBERNETES_UPLOAD_REQUEST_TIMEOUT_SYSTEM_PROPERTY, "600000"); + @Test + void testMasterUrlWithServiceAccountIPv6() { + try { + System.setProperty(Config.KUBERNETES_SERVICE_HOST_PROPERTY, "2001:db8:1f70::999:de8:7648:6e8"); + System.setProperty(Config.KUBERNETES_SERVICE_PORT_PROPERTY, "443"); + Config config = Config.autoConfigure(null); + assertThat(config) + .hasFieldOrPropertyWithValue("masterUrl", "https://[2001:db8:1f70::999:de8:7648:6e8]:443/") + .hasFieldOrPropertyWithValue("file", null); + } finally { + System.clearProperty(Config.KUBERNETES_SERVICE_HOST_PROPERTY); + System.clearProperty(Config.KUBERNETES_SERVICE_PORT_PROPERTY); + } + } - Config config = new ConfigBuilder() - .withMasterUrl("http://somehost:80") - .withNamespace("testns") - .build(); + @Test + @DisplayName("when ServiceAccount token file provided, then use it as autoOAuthToken") + void whenServiceAccountTokenPathProvided_thenUseThatToken() { + try { + // Given + System.setProperty(Config.KUBERNETES_AUTH_SERVICEACCOUNT_TOKEN_FILE_SYSTEM_PROPERTY, + Utils.filePath(ConfigTest.class.getResource("/test-serviceaccount/token"))); + // When + Config config = new ConfigBuilder().build(); + // Then + assertThat(config.getAutoOAuthToken()).contains("token-from-mounted-serviceaccount"); + } finally { + System.clearProperty(Config.KUBERNETES_AUTH_SERVICEACCOUNT_TOKEN_FILE_SYSTEM_PROPERTY); + } + } - assertConfig(config, true); - } + @Test + @DisplayName("when ServiceAccount certificate file provided, then use it as caCertFile") + void whenServiceAccountCertFilePathProvided_thenUseThatToken() { + try { + // Given + String certFilePath = Utils.filePath(ConfigTest.class.getResource("/test-serviceaccount/ca.crt")); + System.setProperty(Config.KUBERNETES_CA_CERTIFICATE_FILE_SYSTEM_PROPERTY, certFilePath); + // When + Config config = new ConfigBuilder().build(); + // Then + assertThat(config.getCaCertFile()).isEqualTo(certFilePath); + } finally { + System.clearProperty(Config.KUBERNETES_CA_CERTIFICATE_FILE_SYSTEM_PROPERTY); + } + } - @Test - void testMasterUrlWithServiceAccount() { - System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, "/dev/null"); - System.setProperty(Config.KUBERNETES_SERVICE_HOST_PROPERTY, "10.0.0.1"); - System.setProperty(Config.KUBERNETES_SERVICE_PORT_PROPERTY, "443"); - Config config = Config.autoConfigure(null); - assertNotNull(config); - assertEquals("https://10.0.0.1:443/", config.getMasterUrl()); - assertEquals(null, config.getFile()); + @Test + @DisplayName("when kubernetes.tryNamespacePath=false, then do NOT read ServiceAccount files") + void whenTryNamespacePathDisabled_thenDoNotUseServiceAccountAttributes() { + try { + // Given + System.setProperty(Config.KUBERNETES_AUTH_TRYSERVICEACCOUNT_SYSTEM_PROPERTY, "false"); + System.setProperty(Config.KUBERNETES_AUTH_SERVICEACCOUNT_TOKEN_FILE_SYSTEM_PROPERTY, + Utils.filePath(ConfigTest.class.getResource("/test-serviceaccount/token"))); + // When + Config config = new ConfigBuilder().build(); + // Then + assertThat(config.getAutoOAuthToken()).isNull(); + } finally { + System.clearProperty(Config.KUBERNETES_AUTH_TRYSERVICEACCOUNT_SYSTEM_PROPERTY); + } + } } - @Test - void testAutoConfig() { - System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, "/dev/null"); - Config config = Config.autoConfigure(null); - assertNotNull(config); - assertNull(config.getFile()); - assertTrue(config.getAutoConfigure()); + @Nested + @DisplayName("kubeconfig present") + class KubeConfigPresent { + @BeforeEach + void setUp() { + System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_FILE); + } - // ensure that refresh creates a new instance - Config refresh = config.refresh(); - assertNotSame(config, refresh); - assertNull(refresh.getFile()); - assertTrue(refresh.getAutoConfigure()); - } + @Test + @DisplayName("new Config() should auto configure from kubeconfig") + void noArgConstructor_shouldAutoConfigureFromKubeConfig() { + assertThat(new Config()) + .isNotNull() + .hasFieldOrPropertyWithValue("masterUrl", "https://172.28.128.4:8443/") + .hasFieldOrPropertyWithValue("namespace", "testns") + .hasFieldOrPropertyWithValue("autoOAuthToken", "token") + .satisfies(c -> assertThat(c.getCaCertFile()).endsWith("testns/ca.pem".replace("/", File.separator))) + .satisfies(c -> assertThat(new File(c.getCaCertFile())).isAbsolute()) + .hasFieldOrPropertyWithValue("file", new File(TEST_KUBECONFIG_FILE)); + } - @Test - void testMasterUrlWithServiceAccountIPv6() { - System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, "/dev/null"); - System.setProperty(Config.KUBERNETES_SERVICE_HOST_PROPERTY, "2001:db8:1f70::999:de8:7648:6e8"); - System.setProperty(Config.KUBERNETES_SERVICE_PORT_PROPERTY, "443"); - Config config = Config.autoConfigure(null); - assertNotNull(config); - assertEquals("https://[2001:db8:1f70::999:de8:7648:6e8]:443/", config.getMasterUrl()); - assertEquals(null, config.getFile()); - } + @Test + @DisplayName("Config.autoConfigure with overridden context") + void testOverrideContext() { + assertThat(Config.autoConfigure("production/172-28-128-4:8443/root")) + .isNotNull() + .hasFieldOrPropertyWithValue("masterUrl", "https://172.28.128.4:8443/") + .hasFieldOrPropertyWithValue("namespace", "production") + .hasFieldOrPropertyWithValue("autoOAuthToken", "supertoken") + .satisfies(c -> assertThat(c.getCaCertFile()).endsWith("testns/ca.pem".replace("/", File.separator))) + .satisfies(c -> assertThat(new File(c.getCaCertFile())).isAbsolute()); + } - @Test - void testWithKubeConfig() { - System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_FILE); - Config config = new Config(); - assertNotNull(config); + @Test + @DisplayName("override via system property should get more precedence over kubeconfig") + void testOverrideViaSystemProperties() { + // Given + System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "http://somehost:80"); + + // When + Then + assertThat(new Config()) + .isNotNull() + .hasFieldOrPropertyWithValue("masterUrl", "http://somehost:80/") + .hasFieldOrPropertyWithValue("namespace", "testns") + .hasFieldOrPropertyWithValue("autoOAuthToken", "token") + .hasFieldOrPropertyWithValue("file", new File(TEST_KUBECONFIG_FILE)) + .satisfies(c -> assertThat(new File(c.getCaCertFile())).isAbsolute()); + } - assertEquals("https://172.28.128.4:8443/", config.getMasterUrl()); - assertEquals("testns", config.getNamespace()); - assertEquals("token", config.getAutoOAuthToken()); - assertTrue(config.getCaCertFile().endsWith("testns/ca.pem".replace("/", File.separator))); - assertTrue(new File(config.getCaCertFile()).isAbsolute()); - assertEquals(new File(TEST_KUBECONFIG_FILE), config.getFile()); + @Test + void testSystemPropertiesAndBuilderGetMorePrecedenceOverKubeconfig() { + System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "http://somehost:80"); + + Config config = new ConfigBuilder() + .withNamespace("testns2") + .build(); + assertThat(config) + .isNotNull() + .hasFieldOrPropertyWithValue("masterUrl", "http://somehost:80/") + .hasFieldOrPropertyWithValue("namespace", "testns2") + .hasFieldOrPropertyWithValue("autoOAuthToken", "token"); + } } - @Test - void testWithKubeConfigAndOverrideContext() { - System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_FILE); - Config config = Config.autoConfigure("production/172-28-128-4:8443/root"); - assertNotNull(config); + @Nested + @DisplayName("load fromKubeConfig") + class FromKubeConfig { + @Test + @DisplayName("standard kubeconfig file") + void testFromKubeconfigContent() throws IOException { + final Config config = Config.fromKubeconfig(prepareKubeConfigYamlFrom(TEST_KUBECONFIG_FILE)); + assertThat(config) + .hasFieldOrPropertyWithValue("masterUrl", "https://172.28.128.4:8443/") + .hasFieldOrPropertyWithValue("autoConfigure", false) + .hasFieldOrPropertyWithValue("file", null) + .isSameAs(config.refresh()); + } - assertEquals("https://172.28.128.4:8443/", config.getMasterUrl()); - assertEquals("production", config.getNamespace()); - assertEquals("supertoken", config.getAutoOAuthToken()); - assertTrue(config.getCaCertFile().endsWith("testns/ca.pem".replace("/", File.separator))); - assertTrue(new File(config.getCaCertFile()).isAbsolute()); + @Test + @DisplayName("kubeconfig with EC Private Data in client key") + void testFromKubeconfigKeyAlgo() throws IOException { + final Config config = Config.fromKubeconfig(prepareKubeConfigYamlFrom(TEST_EC_KUBECONFIG_FILE)); + assertThat(config.getClientKeyAlgo()).isEqualTo("EC"); + } + + private String prepareKubeConfigYamlFrom(String filePath) throws IOException { + File configFile = new File(filePath); + return String.join(System.lineSeparator(), Files.readAllLines(configFile.toPath())); + } } @Test @@ -325,61 +428,13 @@ void testWithMultipleKubeConfigAndOverrideContext() { System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_FILE + File.pathSeparator + "some-other-file"); Config config = Config.autoConfigure("production/172-28-128-4:8443/root"); - assertNotNull(config); - - assertEquals("https://172.28.128.4:8443/", config.getMasterUrl()); - assertEquals("production", config.getNamespace()); - assertEquals("supertoken", config.getAutoOAuthToken()); - assertTrue(config.getCaCertFile().endsWith("testns/ca.pem".replace("/", File.separator))); - assertTrue(new File(config.getCaCertFile()).isAbsolute()); - } - - @Test - void testWithKubeConfigAndSystemProperties() { - System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_FILE); - System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "http://somehost:80"); - - Config config = new Config(); - assertNotNull(config); - assertEquals("http://somehost:80/", config.getMasterUrl()); - assertEquals("testns", config.getNamespace()); - assertEquals("token", config.getAutoOAuthToken()); - assertEquals(new File(TEST_KUBECONFIG_FILE), config.getFile()); - } - - @Test - void testWithKubeConfigAndSytemPropertiesAndBuilder() { - System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_FILE); - System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "http://somehost:80"); - - Config config = new ConfigBuilder() - .withNamespace("testns2") - .build(); - - assertNotNull(config); - assertEquals("http://somehost:80/", config.getMasterUrl()); - assertEquals("token", config.getAutoOAuthToken()); - assertEquals("testns2", config.getNamespace()); - } - - @Test - void testFromKubeconfigContent() throws IOException { - File configFile = new File(TEST_KUBECONFIG_FILE); - final String configYAML = String.join("\n", Files.readAllLines(configFile.toPath())); - final Config config = Config.fromKubeconfig(configYAML); - assertEquals("https://172.28.128.4:8443/", config.getMasterUrl()); - - assertFalse(config.getAutoConfigure()); - assertNull(config.getFile()); - assertSame(config, config.refresh()); - } - - @Test - void testFromKubeconfigKeyAlgo() throws IOException { - File configFile = new File(TEST_EC_KUBECONFIG_FILE); - final String configYAML = String.join("\n", Files.readAllLines(configFile.toPath())); - final Config config = Config.fromKubeconfig(configYAML); - assertEquals("EC", config.getClientKeyAlgo()); + assertThat(config) + .isNotNull() + .hasFieldOrPropertyWithValue("masterUrl", "https://172.28.128.4:8443/") + .hasFieldOrPropertyWithValue("namespace", "production") + .hasFieldOrPropertyWithValue("autoOAuthToken", "supertoken") + .satisfies(c -> assertThat(c.getCaCertFile()).endsWith("testns/ca.pem".replace("/", File.separator))) + .satisfies(c -> assertThat(new File(c.getCaCertFile())).isAbsolute()); } @Test @@ -389,9 +444,10 @@ void testWithNamespacePath() { System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "http://somehost:80"); Config config = new Config(); - assertNotNull(config); - assertEquals("http://somehost:80/", config.getMasterUrl()); - assertEquals("testnsfrompath", config.getNamespace()); + assertThat(config) + .isNotNull() + .hasFieldOrPropertyWithValue("masterUrl", "http://somehost:80/") + .hasFieldOrPropertyWithValue("namespace", "testnsfrompath"); } @Test @@ -401,9 +457,10 @@ void testWithNonExistingNamespacePath() { System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "http://somehost:80"); Config config = new Config(); - assertNotNull(config); - assertEquals("http://somehost:80/", config.getMasterUrl()); - assertNull(config.getNamespace()); + assertThat(config) + .isNotNull() + .hasFieldOrPropertyWithValue("masterUrl", "http://somehost:80/") + .hasFieldOrPropertyWithValue("namespace", null); } @Test @@ -413,25 +470,29 @@ void testWithNamespacePathAndSystemProperties() { System.setProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY, "testns"); Config config = new Config(); - assertNotNull(config); - assertEquals("http://somehost:80/", config.getMasterUrl()); - assertEquals("testns", config.getNamespace()); + assertThat(config) + .isNotNull() + .hasFieldOrPropertyWithValue("masterUrl", "http://somehost:80/") + .hasFieldOrPropertyWithValue("namespace", "testns"); } @Test void testWithKubeConfigAndNoContext() { System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_NO_CURRENT_CONTEXT_FILE); Config config = new Config(); - assertNotNull(config); - assertNull(config.getCurrentContext()); - assertEquals(3, config.getContexts().size()); - assertEquals(Config.DEFAULT_MASTER_URL + "/", config.getMasterUrl()); - assertNull(config.getNamespace()); + assertThat(config) + .isNotNull() + .hasFieldOrPropertyWithValue("currentContext", null) + .hasFieldOrPropertyWithValue("namespace", null) + .hasFieldOrPropertyWithValue("masterUrl", Config.DEFAULT_MASTER_URL + "/") + .extracting(Config::getContexts) + .asInstanceOf(InstanceOfAssertFactories.list(NamedContext.class)) + .hasSize(3); } @Test - void testWithNamespacePathAndSytemPropertiesAndBuilder() { + void testWithNamespacePathAndSystemPropertiesAndBuilder() { System.setProperty(Config.KUBERNETES_NAMESPACE_FILE, TEST_NAMESPACE_FILE); System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "http://somehost:80"); System.setProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY, "tobeoverriden"); @@ -440,9 +501,9 @@ void testWithNamespacePathAndSytemPropertiesAndBuilder() { .withNamespace("testns2") .build(); - assertNotNull(config); - assertEquals("http://somehost:80/", config.getMasterUrl()); - assertEquals("testns2", config.getNamespace()); + assertThat(config) + .hasFieldOrPropertyWithValue("masterUrl", "http://somehost:80/") + .hasFieldOrPropertyWithValue("namespace", "testns2"); } @Test @@ -454,9 +515,11 @@ void testWithCustomHeader() { .withCustomHeaders(customHeaders) .build(); - assertNotNull(config); - assertNotNull(config.getCustomHeaders()); - assertEquals(2, config.getCustomHeaders().size()); + assertThat(config) + .isNotNull() + .extracting(Config::getCustomHeaders) + .asInstanceOf(InstanceOfAssertFactories.MAP) + .hasSize(2); } @Test @@ -473,10 +536,11 @@ void shouldSetImpersonateUsernameAndGroupFromSystemProperty() { .withImpersonateExtras(extras) .build(); - assertEquals("a", config.getImpersonateUsername()); - assertArrayEquals(new String[] { "group" }, config.getImpersonateGroups()); - assertEquals(Collections.singletonList("d"), config.getImpersonateExtras().get("c")); - + assertThat(config) + .hasFieldOrPropertyWithValue("requestConfig.impersonateUsername", "a") + .hasFieldOrPropertyWithValue("requestConfig.impersonateGroups", new String[] { "group" }) + .hasFieldOrPropertyWithValue("requestConfig.impersonateExtras", + Collections.singletonMap("c", Collections.singletonList("d"))); } @Test @@ -491,8 +555,9 @@ void honorClientAuthenticatorCommands() throws Exception { } Config config = Config.autoConfigure(null); - assertNotNull(config); - assertEquals("HELLO WORLD", config.getAutoOAuthToken()); + assertThat(config) + .isNotNull() + .hasFieldOrPropertyWithValue("autoOAuthToken", "HELLO WORLD"); } @Test @@ -506,8 +571,8 @@ void should_accept_client_authentication_commands_with_null_args() throws Except } Config config = Config.autoConfigure(null); - assertNotNull(config); - assertEquals("HELLO", config.getAutoOAuthToken()); + assertThat(config) + .hasFieldOrPropertyWithValue("autoOAuthToken", "HELLO"); } finally { System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILE); } @@ -524,9 +589,9 @@ void testClientAuthenticationWithCert() throws Exception { } Config config = Config.autoConfigure(null); - assertNotNull(config); - assertEquals("CERT DATA", config.getClientCertData()); - assertEquals("KEY DATA", config.getClientKeyData()); + assertThat(config) + .hasFieldOrPropertyWithValue("clientCertData", "CERT DATA") + .hasFieldOrPropertyWithValue("clientKeyData", "KEY DATA"); } finally { System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILE); } @@ -543,9 +608,9 @@ void testClientAuthenticationWithCertAndECInvalid() throws Exception { } Config config = Config.autoConfigure(null); - assertNotNull(config); - assertNull(config.getClientCertData()); - assertNull(config.getClientKeyData()); + assertThat(config) + .hasFieldOrPropertyWithValue("clientCertData", null) + .hasFieldOrPropertyWithValue("clientKeyData", null); } finally { System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILE); } @@ -563,8 +628,9 @@ void should_accept_client_authentication_commands_args_with_spaces() throws Exce } Config config = Config.autoConfigure(null); - assertNotNull(config); - assertEquals("HELLO W O R L D", config.getAutoOAuthToken()); + assertThat(config) + .isNotNull() + .hasFieldOrPropertyWithValue("autoOAuthToken", "HELLO W O R L D"); } finally { System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILE); } @@ -582,8 +648,9 @@ void should_accept_client_authentication_commands_with_spaces() throws Exception } Config config = Config.autoConfigure(null); - assertNotNull(config); - assertEquals("HELLO WORLD", config.getAutoOAuthToken()); + assertThat(config) + .isNotNull() + .hasFieldOrPropertyWithValue("autoOAuthToken", "HELLO WORLD"); } finally { System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILE); } @@ -598,14 +665,7 @@ void shouldBeUsedTokenSuppliedByProvider() { // this is mostly a configuration error, and // the provider does not modify the oauthtoken field - assertEquals("oauthToken", config.getOauthToken()); - } - - @Test - void shouldHonorDefaultWebsocketPingInterval() { - Config config = new ConfigBuilder().build(); - - assertEquals(30000L, config.getWebsocketPingInterval()); + assertThat(config.getOauthToken()).isEqualTo("oauthToken"); } @Test @@ -613,10 +673,10 @@ void testKubeConfigWithAuthConfigProvider() throws URISyntaxException { System.setProperty("kubeconfig", new File(getClass().getResource("/test-kubeconfig").toURI()).getAbsolutePath()); Config config = Config.autoConfigure("production/172-28-128-4:8443/mmosley"); - assertEquals("https://172.28.128.4:8443/", config.getMasterUrl()); - assertEquals( - "eyJraWQiOiJDTj1vaWRjaWRwLnRyZW1vbG8ubGFuLCBPVT1EZW1vLCBPPVRybWVvbG8gU2VjdXJpdHksIEw9QXJsaW5ndG9uLCBTVD1WaXJnaW5pYSwgQz1VUy1DTj1rdWJlLWNhLTEyMDIxNDc5MjEwMzYwNzMyMTUyIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL29pZGNpZHAudHJlbW9sby5sYW46ODQ0My9hdXRoL2lkcC9PaWRjSWRQIiwiYXVkIjoia3ViZXJuZXRlcyIsImV4cCI6MTQ4MzU0OTUxMSwianRpIjoiMm96US15TXdFcHV4WDlHZUhQdy1hZyIsImlhdCI6MTQ4MzU0OTQ1MSwibmJmIjoxNDgzNTQ5MzMxLCJzdWIiOiI0YWViMzdiYS1iNjQ1LTQ4ZmQtYWIzMC0xYTAxZWU0MWUyMTgifQ.w6p4J_6qQ1HzTG9nrEOrubxIMb9K5hzcMPxc9IxPx2K4xO9l-oFiUw93daH3m5pluP6K7eOE6txBuRVfEcpJSwlelsOsW8gb8VJcnzMS9EnZpeA0tW_p-mnkFc3VcfyXuhe5R3G7aa5d8uHv70yJ9Y3-UhjiN9EhpMdfPAoEB9fYKKkJRzF7utTTIPGrSaSU6d2pcpfYKaxIwePzEkT4DfcQthoZdy9ucNvvLoi1DIC-UocFD8HLs8LYKEqSxQvOcvnThbObJ9af71EwmuE21fO5KzMW20KtAeget1gnldOosPtz1G5EwvaQ401-RPQzPGMVBld0_zMCAwZttJ4knw", - config.getAutoOAuthToken()); + assertThat(config) + .hasFieldOrPropertyWithValue("masterUrl", "https://172.28.128.4:8443/") + .hasFieldOrPropertyWithValue("autoOAuthToken", + "eyJraWQiOiJDTj1vaWRjaWRwLnRyZW1vbG8ubGFuLCBPVT1EZW1vLCBPPVRybWVvbG8gU2VjdXJpdHksIEw9QXJsaW5ndG9uLCBTVD1WaXJnaW5pYSwgQz1VUy1DTj1rdWJlLWNhLTEyMDIxNDc5MjEwMzYwNzMyMTUyIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL29pZGNpZHAudHJlbW9sby5sYW46ODQ0My9hdXRoL2lkcC9PaWRjSWRQIiwiYXVkIjoia3ViZXJuZXRlcyIsImV4cCI6MTQ4MzU0OTUxMSwianRpIjoiMm96US15TXdFcHV4WDlHZUhQdy1hZyIsImlhdCI6MTQ4MzU0OTQ1MSwibmJmIjoxNDgzNTQ5MzMxLCJzdWIiOiI0YWViMzdiYS1iNjQ1LTQ4ZmQtYWIzMC0xYTAxZWU0MWUyMTgifQ.w6p4J_6qQ1HzTG9nrEOrubxIMb9K5hzcMPxc9IxPx2K4xO9l-oFiUw93daH3m5pluP6K7eOE6txBuRVfEcpJSwlelsOsW8gb8VJcnzMS9EnZpeA0tW_p-mnkFc3VcfyXuhe5R3G7aa5d8uHv70yJ9Y3-UhjiN9EhpMdfPAoEB9fYKKkJRzF7utTTIPGrSaSU6d2pcpfYKaxIwePzEkT4DfcQthoZdy9ucNvvLoi1DIC-UocFD8HLs8LYKEqSxQvOcvnThbObJ9af71EwmuE21fO5KzMW20KtAeget1gnldOosPtz1G5EwvaQ401-RPQzPGMVBld0_zMCAwZttJ4knw"); } @Test @@ -653,45 +713,110 @@ void testEmptyConfig() { .satisfies(e -> assertThat(e.getUserAgent()).isNotNull()); } - private void assertConfig(Config config, boolean autoToken) { - assertNotNull(config); - assertTrue(config.isTrustCerts()); - assertTrue(config.isDisableHostnameVerification()); - assertEquals("http://somehost:80/", config.getMasterUrl()); - assertEquals("testns", config.getNamespace()); + @Test + void deprecatedOldConfigConstructor() { + Config config = new Config("https://api.example.testing:6443", "v1", "ns1", true, true, + "ca.crt", "certificate-authority-data", "client.crt", "client-authority-data", "client-key.crt", + "client-key-data", "EC", "client-key-passphrase", "test-user", "secret", "sha256~secret", "sha256~auto-token", + 500, 5, 5000, 5000, 0, 100000, 10000, 5, 10, "http://proxy-url", "https://proxy-url", + new String[] { "https://noproxy-url1" }, Collections.emptyMap(), "fabric8-kubernetes-client/ConfigTest", + new TlsVersion[] { TlsVersion.TLS_1_3 }, 10000L, "proxy-username", "proxy-password", "truststore.jks", + "truststore-password", "k8s.keystore", "keystore-password", "jane.doe@example.com", new String[] { "developers" }, + Collections.singletonMap("scope", Arrays.asList("view", "development"))); + + assertThat(config) + .hasFieldOrPropertyWithValue("autoConfigure", false) + .hasFieldOrPropertyWithValue("apiVersion", "v1") + .hasFieldOrPropertyWithValue("namespace", "ns1") + .hasFieldOrPropertyWithValue("masterUrl", "https://api.example.testing:6443/") + .hasFieldOrPropertyWithValue("contexts", Collections.emptyList()) + .hasFieldOrPropertyWithValue("caCertFile", "ca.crt") + .hasFieldOrPropertyWithValue("caCertData", "certificate-authority-data") + .hasFieldOrPropertyWithValue("clientCertFile", "client.crt") + .hasFieldOrPropertyWithValue("clientCertData", "client-authority-data") + .hasFieldOrPropertyWithValue("clientKeyFile", "client-key.crt") + .hasFieldOrPropertyWithValue("clientKeyData", "client-key-data") + .hasFieldOrPropertyWithValue("clientKeyPassphrase", "client-key-passphrase") + .hasFieldOrPropertyWithValue("username", "test-user") + .hasFieldOrPropertyWithValue("password", "secret") + .hasFieldOrPropertyWithValue("oauthToken", "sha256~secret") + .hasFieldOrPropertyWithValue("autoOAuthToken", "sha256~auto-token") + .hasFieldOrPropertyWithValue("httpProxy", "http://proxy-url") + .hasFieldOrPropertyWithValue("httpsProxy", "https://proxy-url") + .hasFieldOrPropertyWithValue("noProxy", new String[] { "https://noproxy-url1" }) + .hasFieldOrPropertyWithValue("proxyUsername", "proxy-username") + .hasFieldOrPropertyWithValue("proxyPassword", "proxy-password") + .hasFieldOrPropertyWithValue("trustStoreFile", "truststore.jks") + .hasFieldOrPropertyWithValue("trustStorePassphrase", "truststore-password") + .hasFieldOrPropertyWithValue("keyStoreFile", "k8s.keystore") + .hasFieldOrPropertyWithValue("keyStorePassphrase", "keystore-password") + .hasFieldOrPropertyWithValue("maxConcurrentRequests", 5) + .hasFieldOrPropertyWithValue("maxConcurrentRequestsPerHost", 10) + .hasFieldOrPropertyWithValue("trustCerts", true) + .hasFieldOrPropertyWithValue("disableHostnameVerification", true) + .hasFieldOrPropertyWithValue("clientKeyAlgo", "EC") + .hasFieldOrPropertyWithValue("clientKeyPassphrase", "client-key-passphrase") + .hasFieldOrPropertyWithValue("watchReconnectInterval", 500) + .hasFieldOrPropertyWithValue("watchReconnectLimit", 5) + .hasFieldOrPropertyWithValue("connectionTimeout", 5000) + .hasFieldOrPropertyWithValue("requestTimeout", 5000) + .hasFieldOrPropertyWithValue("scaleTimeout", 100000L) + .hasFieldOrPropertyWithValue("loggingInterval", 10000) + .hasFieldOrPropertyWithValue("websocketPingInterval", 10000L) + .hasFieldOrPropertyWithValue("uploadRequestTimeout", 120000) + .hasFieldOrPropertyWithValue("impersonateUsername", "jane.doe@example.com") + .satisfies(e -> assertThat(e.getImpersonateGroups()).containsExactly("developers")) + .hasFieldOrPropertyWithValue("impersonateExtras", + Collections.singletonMap("scope", Arrays.asList("view", "development"))) + .hasFieldOrPropertyWithValue("http2Disable", false) + .hasFieldOrPropertyWithValue("tlsVersions", new TlsVersion[] { TlsVersion.TLS_1_3 }) + .satisfies(e -> assertThat(e.getUserAgent()).isEqualTo("fabric8-kubernetes-client/ConfigTest")); + } + + private void assertConfig(Config config, String masterUrl, String namespace, boolean autoToken) { + assertThat(config) + .isNotNull() + .hasFieldOrPropertyWithValue("trustCerts", true) + .hasFieldOrPropertyWithValue("disableHostnameVerification", true) + .hasFieldOrPropertyWithValue("masterUrl", masterUrl) + .hasFieldOrPropertyWithValue("namespace", namespace) + .hasFieldOrPropertyWithValue("username", "user") + .hasFieldOrPropertyWithValue("password", "pass") + .hasFieldOrPropertyWithValue("caCertFile", "/path/to/cert") + .hasFieldOrPropertyWithValue("caCertData", "cacertdata") + .hasFieldOrPropertyWithValue("clientCertFile", "/path/to/clientcert") + .hasFieldOrPropertyWithValue("clientCertData", "clientcertdata") + .hasFieldOrPropertyWithValue("clientKeyFile", "/path/to/clientkey") + .hasFieldOrPropertyWithValue("clientKeyData", "clientkeydata") + .hasFieldOrPropertyWithValue("clientKeyAlgo", "algo") + .hasFieldOrPropertyWithValue("clientKeyPassphrase", "passphrase") + .hasFieldOrPropertyWithValue("httpProxy", "httpProxy") + .hasFieldOrPropertyWithValue("watchReconnectInterval", 5000) + .hasFieldOrPropertyWithValue("watchReconnectLimit", 5) + .hasFieldOrPropertyWithValue("requestTimeout", 5000) + .hasFieldOrPropertyWithValue("requestConfig.uploadRequestTimeout", 600000) + .hasFieldOrPropertyWithValue("tlsVersions", new TlsVersion[] { TlsVersion.TLS_1_2, TlsVersion.TLS_1_1 }) + .hasFieldOrPropertyWithValue("trustStoreFile", "/path/to/truststore") + .hasFieldOrPropertyWithValue("trustStorePassphrase", "truststorePassphrase") + .hasFieldOrPropertyWithValue("keyStoreFile", "/path/to/keystore") + .hasFieldOrPropertyWithValue("keyStorePassphrase", "keystorePassphrase") + .hasFieldOrPropertyWithValue("maxConcurrentRequests", 120) + .hasFieldOrPropertyWithValue("maxConcurrentRequestsPerHost", 20) + .hasFieldOrPropertyWithValue("websocketPingInterval", 1000L) + .hasFieldOrPropertyWithValue("connectionTimeout", 1000) + .hasFieldOrPropertyWithValue("scaleTimeout", 1000L) + .hasFieldOrPropertyWithValue("watchReconnectInterval", 5000) + .hasFieldOrPropertyWithValue("http2Disable", false) + .hasFieldOrPropertyWithValue("httpsProxy", "httpsProxy") + .hasFieldOrPropertyWithValue("proxyUsername", "proxyUsername") + .hasFieldOrPropertyWithValue("proxyPassword", "proxyPassword") + .hasFieldOrPropertyWithValue("noProxy", new String[] { "no-proxy-url1.io", "no-proxy-url2.io" }); + if (autoToken) { - assertEquals("token", config.getAutoOAuthToken()); + assertThat(config.getAutoOAuthToken()).isEqualTo("token"); } else { - assertEquals("token", config.getOauthToken()); + assertThat(config.getOauthToken()).isEqualTo("token"); } - assertEquals("user", config.getUsername()); - assertEquals("pass", config.getPassword()); - assertEquals("/path/to/cert", config.getCaCertFile()); - assertEquals("cacertdata", config.getCaCertData()); - assertEquals("/path/to/clientcert", config.getClientCertFile()); - assertEquals("clientcertdata", config.getClientCertData()); - - assertEquals("/path/to/clientkey", config.getClientKeyFile()); - assertEquals("clientkeydata", config.getClientKeyData()); - assertEquals("algo", config.getClientKeyAlgo()); - assertEquals("passphrase", config.getClientKeyPassphrase()); - - assertEquals("httpProxy", config.getHttpProxy()); - - assertEquals(5000, config.getWatchReconnectInterval()); - assertEquals(5, config.getWatchReconnectLimit()); - assertEquals(5000, config.getRequestTimeout()); - assertEquals(600000, config.getRequestConfig().getUploadRequestTimeout()); - - assertArrayEquals(new TlsVersion[] { TlsVersion.TLS_1_2, TlsVersion.TLS_1_1 }, config.getTlsVersions()); - - assertEquals("/path/to/truststore", config.getTrustStoreFile()); - assertEquals("truststorePassphrase", config.getTrustStorePassphrase()); - assertEquals("/path/to/keystore", config.getKeyStoreFile()); - assertEquals("keystorePassphrase", config.getKeyStorePassphrase()); - - assertEquals(120, config.getMaxConcurrentRequests()); - assertEquals(20, config.getMaxConcurrentRequestsPerHost()); } @Test @@ -699,7 +824,7 @@ void testGetAuthenticatorCommandFromExecConfig() throws IOException { // Given File commandFolder = Files.createTempDirectory("test").toFile(); File commandFile = new File(commandFolder, "aws"); - boolean isNewFileCreated = commandFile.createNewFile(); + Files.createFile(commandFile.toPath()); String systemPathValue = getTestPathValue(commandFolder); ExecConfig execConfig = new ExecConfigBuilder() .withApiVersion("client.authentication.k8s.io/v1alpha1") @@ -712,18 +837,14 @@ void testGetAuthenticatorCommandFromExecConfig() throws IOException { systemPathValue); // Then - assertTrue(isNewFileCreated); - assertNotNull(processBuilderArgs); - assertEquals(3, processBuilderArgs.size()); + assertThat(processBuilderArgs) + .isNotNull() + .hasSize(3); assertPlatformPrefixes(processBuilderArgs); List commandParts = Arrays.asList(processBuilderArgs.get(2).split(" ")); - assertEquals(commandFile.getAbsolutePath(), commandParts.get(0)); - assertEquals("--region", commandParts.get(1)); - assertEquals("us-west2", commandParts.get(2)); - assertEquals("eks", commandParts.get(3)); - assertEquals("get-token", commandParts.get(4)); - assertEquals("--cluster-name", commandParts.get(5)); - assertEquals("api-eks.example.com", commandParts.get(6)); + assertThat(commandParts) + .containsExactly(commandFile.getAbsolutePath(), "--region", "us-west2", "eks", + "get-token", "--cluster-name", "api-eks.example.com"); } @Test @@ -744,16 +865,18 @@ void testGetAuthenticatorCommandFromExecConfigNullArgs() throws IOException { execConfigNoArgs, null, systemPathValue); // Then - assertNotNull(processBuilderArgs); - assertEquals(3, processBuilderArgs.size()); + assertThat(processBuilderArgs) + .isNotNull() + .hasSize(3) + .satisfies(pb -> assertThat(pb.get(2)).isEqualTo(commandFile.getPath())); assertPlatformPrefixes(processBuilderArgs); - assertEquals(commandFile.getPath(), processBuilderArgs.get(2)); } private void assertPlatformPrefixes(List processBuilderArgs) { List platformArgsExpected = Utils.getCommandPlatformPrefix(); - assertEquals(platformArgsExpected.get(0), processBuilderArgs.get(0)); - assertEquals(platformArgsExpected.get(1), processBuilderArgs.get(1)); + assertThat(processBuilderArgs) + .satisfies(p -> assertThat(p.get(0)).isEqualTo(platformArgsExpected.get(0))) + .satisfies(p -> assertThat(p.get(1)).isEqualTo(platformArgsExpected.get(1))); } private String getTestPathValue(File commandFolder) { @@ -775,12 +898,12 @@ void getHomeDir_shouldUseHomedriveHomepathOnWindows_WhenHomeEnvVariableIsNotSet( System.setProperty("os.name", "Windows"); - Map envVars = new HashMap(); + Map envVars = new HashMap<>(); envVars.put("HOMEDRIVE", "C:\\Users\\"); envVars.put("HOMEPATH", "user"); envVars.put("USERPROFILE", "C:\\Users\\user\\workspace\\myworkspace\\tools\\cygwin\\"); - assertEquals("C:\\Users\\user", Config.getHomeDir(f -> true, envVars::get)); + assertThat(Config.getHomeDir(f -> true, envVars::get)).isEqualTo("C:\\Users\\user"); } finally { System.setProperty("os.name", osNamePropToRestore); @@ -797,8 +920,8 @@ void getHomeDir_shouldUseUserprofileOnWindows_WhenHomeHomedriveHomepathEnvVariab Map envVars = new HashMap(); envVars.put("USERPROFILE", "C:\\Users\\user\\workspace\\myworkspace\\tools\\cygwin\\"); - assertEquals("C:\\Users\\user\\workspace\\myworkspace\\tools\\cygwin\\", - Config.getHomeDir(f -> true, envVars::get)); + assertThat(Config.getHomeDir(f -> true, envVars::get)) + .isEqualTo("C:\\Users\\user\\workspace\\myworkspace\\tools\\cygwin\\"); } finally { System.setProperty("os.name", osNamePropToRestore); @@ -812,13 +935,13 @@ void getHomeDir_shouldUseHomeEnvVariableOnWindows_WhenHomeEnvVariableIsSet() { System.setProperty("os.name", "Windows"); - Map envVars = new HashMap(); + Map envVars = new HashMap<>(); envVars.put("HOMEDRIVE", "C:\\Users\\"); envVars.put("HOMEPATH", "user"); envVars.put("HOME", "C:\\Users\\user\\workspace\\myworkspace\\tools\\cygwin\\"); - assertEquals("C:\\Users\\user\\workspace\\myworkspace\\tools\\cygwin\\", - Config.getHomeDir(f -> true, envVars::get)); + assertThat(Config.getHomeDir(f -> true, envVars::get)) + .isEqualTo("C:\\Users\\user\\workspace\\myworkspace\\tools\\cygwin\\"); } finally { System.setProperty("os.name", osNamePropToRestore); @@ -829,13 +952,13 @@ void getHomeDir_shouldUseHomeEnvVariableOnWindows_WhenHomeEnvVariableIsSet() { @EnabledOnOs({ WINDOWS }) void getHomeDir_shouldUseHomeEnvVariable_WhenEnabledOnWindows_WhenHomeEnvVariableIsSet() { - Map envVars = new HashMap(); + Map envVars = new HashMap<>(); envVars.put("HOMEDRIVE", "C:\\Users\\"); envVars.put("HOMEPATH", "user"); envVars.put("HOME", "C:\\Users\\user\\workspace\\myworkspace\\tools\\cygwin\\"); - assertEquals("C:\\Users\\user\\workspace\\myworkspace\\tools\\cygwin\\", - Config.getHomeDir(f -> true, envVars::get)); + assertThat(Config.getHomeDir(f -> true, envVars::get)) + .isEqualTo("C:\\Users\\user\\workspace\\myworkspace\\tools\\cygwin\\"); } @@ -848,8 +971,7 @@ void getHomeDir_shouldReturnUserHomeProp_WhenHomeEnvVariablesAreNotSet() { Map emptyEnvVars = Collections.emptyMap(); - assertEquals("/home/user", Config.getHomeDir(f -> true, emptyEnvVars::get)); - + assertThat(Config.getHomeDir(f -> true, emptyEnvVars::get)).isEqualTo("/home/user"); } finally { System.setProperty("user.home", userHomePropToRestore); } @@ -883,4 +1005,195 @@ void givenEmptyKubeConfig_whenConfigCreated_thenShouldNotProduceNPE() throws URI // Then assertThat(config).isNotNull(); } + + @Nested + @DisplayName("autoConfigure disabled") + class NoAutoConfiguration { + @Nested + @DisplayName("system properties present should be ignored with auto configuration disabled") + class SystemPropertiesConfigured extends AutoConfiguredDisabledScenarios { + @BeforeEach + void setUp() { + setKubernetesClientConfigSystemProperties(); + } + } + + @Nested + @DisplayName("kubeconfig present should be ignored with auto configuration disabled") + class KubeConfigPresent extends AutoConfiguredDisabledScenarios { + @BeforeEach + void setUp() throws IOException { + if (FileSystem.getCurrent() == FileSystem.WINDOWS) { + System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_EXEC_FILE_WIN_NULL_ARGS); + } else { + Files.setPosixFilePermissions(Paths.get(TEST_TOKEN_GENERATOR_FILE), PosixFilePermissions.fromString("rwxrwxr-x")); + System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_EXEC_FILE_NULL_ARGS); + } + } + + @AfterEach + void tearDown() { + System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILE); + } + } + } + + private abstract static class AutoConfiguredDisabledScenarios { + private final NamedContext userConfiguredNamedContext = new NamedContextBuilder() + .withName("context1") + .withNewContext() + .withCluster("api-test-openshiftapps-com:6443") + .withUser("testuser/api-test-openshiftapps-com:6443") + .endContext() + .build(); + + @Nested + @DisplayName("kubernetes.disable.autoConfig=true") + class AutoConfigDisabledViaProperty { + @BeforeEach + void setUp() { + System.setProperty(Config.KUBERNETES_DISABLE_AUTO_CONFIG_SYSTEM_PROPERTY, "true"); + } + + @Test + @DisplayName("no user configuration, the use default values") + void whenConfigDisabledViaPropertyAndUserProvidesNoConfiguration_thenUseConfigDefaultValues() { + assertConfigUsesDefaultValues(new ConfigBuilder().build()); + } + + @Test + @DisplayName("user configuration via builder, the user configuration used") + void whenConfigDisabledViaPropertyAndUserProvidesConfigurationViaConfigBuilder_thenUseConfigDefaultValues() { + assertConfigUsesUserProvidedValues(createConfigBuilderWithUserConfiguration().build()); + } + + @AfterEach + void tearDown() { + System.clearProperty(Config.KUBERNETES_DISABLE_AUTO_CONFIG_SYSTEM_PROPERTY); + } + } + + private io.fabric8.kubernetes.client.ConfigBuilder createConfigBuilderWithUserConfiguration() { + return new ConfigBuilder() + .withMasterUrl("https://api-test.openshiftapps.com:6443") + .withContexts(userConfiguredNamedContext) + .withCurrentContext(userConfiguredNamedContext) + .withMaxConcurrentRequests(30) + .withMaxConcurrentRequestsPerHost(10) + .withTrustCerts() + .withDisableHostnameVerification() + .withClientKeyAlgo("EC") + .withWatchReconnectInterval(500) + .withWatchReconnectLimit(10) + .withConnectionTimeout(1000) + .withRequestTimeout(1000) + .withScaleTimeout(1000) + .withLoggingInterval(1000) + .withWebsocketPingInterval(10000L) + .withUploadRequestTimeout(1000) + .withImpersonateExtras(Collections.singletonMap("acme%2Fproject", Collections.singletonList("some-project"))) + .withHttp2Disable(true) + .withTlsVersions(new TlsVersion[] { TlsVersion.TLS_1_3 }) + .withCurrentContext(userConfiguredNamedContext) + .withImpersonateGroups("developer", "admin") + .withUserAgent("custom-user-agent"); + } + + void assertConfigUsesDefaultValues(Config configWithoutAutoConfigure) { + assertThat(configWithoutAutoConfigure) + .hasFieldOrPropertyWithValue("autoConfigure", false) + .hasFieldOrPropertyWithValue("masterUrl", "https://kubernetes.default.svc/") + .hasFieldOrPropertyWithValue("contexts", Collections.emptyList()) + .hasFieldOrPropertyWithValue("maxConcurrentRequests", 64) + .hasFieldOrPropertyWithValue("maxConcurrentRequestsPerHost", 5) + .hasFieldOrPropertyWithValue("trustCerts", false) + .hasFieldOrPropertyWithValue("disableHostnameVerification", false) + .hasFieldOrPropertyWithValue("clientKeyAlgo", "RSA") + .hasFieldOrPropertyWithValue("clientKeyPassphrase", "changeit") + .hasFieldOrPropertyWithValue("watchReconnectInterval", 1000) + .hasFieldOrPropertyWithValue("watchReconnectLimit", -1) + .hasFieldOrPropertyWithValue("connectionTimeout", 10000) + .hasFieldOrPropertyWithValue("requestTimeout", 10000) + .hasFieldOrPropertyWithValue("scaleTimeout", 600000L) + .hasFieldOrPropertyWithValue("loggingInterval", 20000) + .hasFieldOrPropertyWithValue("websocketPingInterval", 30000L) + .hasFieldOrPropertyWithValue("uploadRequestTimeout", 120000) + .hasFieldOrPropertyWithValue("impersonateExtras", Collections.emptyMap()) + .hasFieldOrPropertyWithValue("http2Disable", false) + .hasFieldOrPropertyWithValue("tlsVersions", new TlsVersion[] { TlsVersion.TLS_1_3, TlsVersion.TLS_1_2 }) + .satisfies(e -> assertThat(e.getCurrentContext()).isNull()) + .satisfies(e -> assertThat(e.getImpersonateGroups()).isEmpty()) + .satisfies(e -> assertThat(e.getUserAgent()).isNotNull()); + } + + void assertConfigUsesUserProvidedValues(Config config) { + assertThat(config) + .hasFieldOrPropertyWithValue("autoConfigure", false) + .hasFieldOrPropertyWithValue("masterUrl", "https://api-test.openshiftapps.com:6443/") + .hasFieldOrPropertyWithValue("contexts", Collections.singletonList(userConfiguredNamedContext)) + .hasFieldOrPropertyWithValue("maxConcurrentRequests", 30) + .hasFieldOrPropertyWithValue("maxConcurrentRequestsPerHost", 10) + .hasFieldOrPropertyWithValue("trustCerts", true) + .hasFieldOrPropertyWithValue("disableHostnameVerification", true) + .hasFieldOrPropertyWithValue("clientKeyAlgo", "EC") + .hasFieldOrPropertyWithValue("clientKeyPassphrase", "changeit") + .hasFieldOrPropertyWithValue("watchReconnectInterval", 500) + .hasFieldOrPropertyWithValue("watchReconnectLimit", 10) + .hasFieldOrPropertyWithValue("connectionTimeout", 1000) + .hasFieldOrPropertyWithValue("requestTimeout", 1000) + .hasFieldOrPropertyWithValue("scaleTimeout", 1000L) + .hasFieldOrPropertyWithValue("loggingInterval", 1000) + .hasFieldOrPropertyWithValue("websocketPingInterval", 10000L) + .hasFieldOrPropertyWithValue("uploadRequestTimeout", 1000) + .hasFieldOrPropertyWithValue("impersonateExtras", + Collections.singletonMap("acme%2Fproject", Collections.singletonList("some-project"))) + .hasFieldOrPropertyWithValue("http2Disable", true) + .hasFieldOrPropertyWithValue("tlsVersions", new TlsVersion[] { TlsVersion.TLS_1_3 }) + .satisfies(e -> assertThat(e.getCurrentContext()).isEqualTo(userConfiguredNamedContext)) + .satisfies(e -> assertThat(e.getImpersonateGroups()).containsExactly("developer", "admin")) + .satisfies(e -> assertThat(e.getUserAgent()).isEqualTo("custom-user-agent")); + } + } + + private static void setKubernetesClientConfigSystemProperties() { + System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "http://somehost:80"); + System.setProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY, "testns"); + + System.setProperty(Config.KUBERNETES_OAUTH_TOKEN_SYSTEM_PROPERTY, "token"); + System.setProperty(Config.KUBERNETES_AUTH_BASIC_USERNAME_SYSTEM_PROPERTY, "user"); + System.setProperty(Config.KUBERNETES_AUTH_BASIC_PASSWORD_SYSTEM_PROPERTY, "pass"); + System.setProperty(Config.KUBERNETES_TRUST_CERT_SYSTEM_PROPERTY, "true"); + System.setProperty(Config.KUBERNETES_DISABLE_HOSTNAME_VERIFICATION_SYSTEM_PROPERTY, "true"); + System.setProperty(Config.KUBERNETES_CA_CERTIFICATE_FILE_SYSTEM_PROPERTY, "/path/to/cert"); + System.setProperty(Config.KUBERNETES_CA_CERTIFICATE_DATA_SYSTEM_PROPERTY, "cacertdata"); + System.setProperty(Config.KUBERNETES_CLIENT_CERTIFICATE_FILE_SYSTEM_PROPERTY, "/path/to/clientcert"); + System.setProperty(Config.KUBERNETES_CLIENT_CERTIFICATE_DATA_SYSTEM_PROPERTY, "clientcertdata"); + System.setProperty(Config.KUBERNETES_CLIENT_KEY_FILE_SYSTEM_PROPERTY, "/path/to/clientkey"); + System.setProperty(Config.KUBERNETES_CLIENT_KEY_DATA_SYSTEM_PROPERTY, "clientkeydata"); + System.setProperty(Config.KUBERNETES_CLIENT_KEY_ALGO_SYSTEM_PROPERTY, "algo"); + System.setProperty(Config.KUBERNETES_CLIENT_KEY_PASSPHRASE_SYSTEM_PROPERTY, "passphrase"); + System.setProperty(Config.KUBERNETES_CLIENT_KEY_FILE_SYSTEM_PROPERTY, "/path/to/clientkey"); + System.setProperty(Config.KUBERNETES_MAX_CONCURRENT_REQUESTS, "120"); + System.setProperty(Config.KUBERNETES_MAX_CONCURRENT_REQUESTS_PER_HOST, "20"); + System.setProperty(Config.KUBERNETES_WATCH_RECONNECT_INTERVAL_SYSTEM_PROPERTY, "5000"); + System.setProperty(Config.KUBERNETES_WATCH_RECONNECT_LIMIT_SYSTEM_PROPERTY, "5"); + System.setProperty(Config.KUBERNETES_REQUEST_TIMEOUT_SYSTEM_PROPERTY, "5000"); + System.setProperty(Config.KUBERNETES_HTTP_PROXY, "httpProxy"); + + System.setProperty(Config.KUBERNETES_TLS_VERSIONS, "TLSv1.2,TLSv1.1"); + + System.setProperty(Config.KUBERNETES_TRUSTSTORE_FILE_PROPERTY, "/path/to/truststore"); + System.setProperty(Config.KUBERNETES_TRUSTSTORE_PASSPHRASE_PROPERTY, "truststorePassphrase"); + System.setProperty(Config.KUBERNETES_KEYSTORE_FILE_PROPERTY, "/path/to/keystore"); + System.setProperty(Config.KUBERNETES_KEYSTORE_PASSPHRASE_PROPERTY, "keystorePassphrase"); + + System.setProperty(Config.KUBERNETES_UPLOAD_REQUEST_TIMEOUT_SYSTEM_PROPERTY, "600000"); + System.setProperty(Config.KUBERNETES_WEBSOCKET_PING_INTERVAL_SYSTEM_PROPERTY, "1000"); + System.setProperty(Config.KUBERNETES_CONNECTION_TIMEOUT_SYSTEM_PROPERTY, "1000"); + System.setProperty(Config.KUBERNETES_SCALE_TIMEOUT_SYSTEM_PROPERTY, "1000"); + System.setProperty(Config.KUBERNETES_HTTPS_PROXY, "httpsProxy"); + System.setProperty(Config.KUBERNETES_NO_PROXY, "no-proxy-url1.io,no-proxy-url2.io"); + System.setProperty(Config.KUBERNETES_PROXY_USERNAME, "proxyUsername"); + System.setProperty(Config.KUBERNETES_PROXY_PASSWORD, "proxyPassword"); + } } diff --git a/kubernetes-client-api/src/test/resources/test-serviceaccount/ca.crt b/kubernetes-client-api/src/test/resources/test-serviceaccount/ca.crt new file mode 100644 index 00000000000..442e7ec6bd7 --- /dev/null +++ b/kubernetes-client-api/src/test/resources/test-serviceaccount/ca.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +cert-data +-----END CERTIFICATE----- diff --git a/kubernetes-client-api/src/test/resources/test-serviceaccount/token b/kubernetes-client-api/src/test/resources/test-serviceaccount/token new file mode 100644 index 00000000000..d4ed81c2751 --- /dev/null +++ b/kubernetes-client-api/src/test/resources/test-serviceaccount/token @@ -0,0 +1 @@ +token-from-mounted-serviceaccount diff --git a/kubernetes-itests/src/test/java/io/fabric8/kubernetes/DisableAutoConfigurationIT.java b/kubernetes-itests/src/test/java/io/fabric8/kubernetes/DisableAutoConfigurationIT.java new file mode 100644 index 00000000000..ada8c84d6ed --- /dev/null +++ b/kubernetes-itests/src/test/java/io/fabric8/kubernetes/DisableAutoConfigurationIT.java @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes; + +import io.fabric8.kubernetes.client.Config; +import io.fabric8.kubernetes.client.ConfigBuilder; +import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; +import io.fabric8.kubernetes.client.KubernetesClientException; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Test; + +import static org.assertj.core.api.AssertionsForClassTypes.assertThatExceptionOfType; + +class DisableAutoConfigurationIT { + KubernetesClient client; + + @Test + @DisplayName("kubernetes.disable.autoConfig=true, then client should not load kubeconfig contents") + void givenDisableAutoConfigPropertyTrue_shouldNotLoadLocalKubeConfig() { + try { + // Given + System.setProperty(Config.KUBERNETES_DISABLE_AUTO_CONFIG_SYSTEM_PROPERTY, "true"); + client = new KubernetesClientBuilder().withConfig(new ConfigBuilder() + .withRequestRetryBackoffLimit(0) + .build()).build(); + + // When + Then + assertThatExceptionOfType(KubernetesClientException.class) + .isThrownBy(() -> client.pods().list()) + .withMessageContaining("Operation: [list] for kind: [Pod] with name: [null] in namespace: [null] failed."); + } finally { + System.clearProperty(Config.KUBERNETES_DISABLE_AUTO_CONFIG_SYSTEM_PROPERTY); + } + } +}