Skip to content

Commit

Permalink
test: add testcase covering issue #253
Browse files Browse the repository at this point in the history
#253
Signed-off-by: Clément Nussbaumer <[email protected]>
  • Loading branch information
clementnuss committed May 21, 2024
1 parent c2effac commit 4118bc0
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions internal/controller/csr_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,30 @@ func TestSANCheckedEvenWithDNSResolutionBypassed(t *testing.T) {
assert.False(t, denied)
}

func TestX509CRIPAddressesWithDNSBypass(t *testing.T) { // reproduces issue #253
csrParams := CsrParams{
csrName: "dns-bypass-regex-check-with-x509-cr-san-ips",
nodeName: testNodeName,
dnsName: testNodeName + "-unresolved.test.ch",
ipAddresses: []net.IP{{192, 168, 3, 4}},
}
csr := createCsr(t, csrParams)
_, nodeClientSet, _ := createControlPlaneUser(t, csr.Spec.Username, []string{"system:masters"})

csrController.BypassDNSResolution = true
defer func() { csrController.BypassDNSResolution = false }()

_, err := nodeClientSet.CertificatesV1().CertificateSigningRequests().Create(
testContext, &csr, metav1.CreateOptions{})
require.Nil(t, err, "Could not create the CSR.")

approved, denied, reason, err := waitCsrApprovalStatus(csr.Name)
t.Log(reason)
require.Nil(t, err, "Could not retrieve the CSR to check its approval status")
assert.True(t, approved)
assert.False(t, denied)
}

func TestBypassDNSResolution(t *testing.T) {
csrParams := CsrParams{
csrName: "dns-bypass",
Expand Down

0 comments on commit 4118bc0

Please sign in to comment.