Integration Test for Gardener Kubeconfig Expiration (kyma-project#1244)

testing/e2e/skr/kyma-environment-broker/client.js

@@ -6,6 +6,7 @@ const {OAuthCredentials, OAuthToken} = require('../lib/oauth');
 const SCOPES = ['broker:write'];
 const KYMA_SERVICE_ID = '47c9dcbf-ff30-448e-ab36-d3bad66ba281';
 const trialPlanID = '7d55d31d-35ae-4438-bf13-6ffdfa107d9f';
+const DEFAULT_EXPIRATION_SECONDS = 600;
 
 class KEBConfig {
   static fromEnv() {
@@ -272,12 +273,13 @@ class KEBClient {
     });
   }
 
-  async createBinding(instanceID, tokenRequest) {
+  async createBinding(instanceID, tokenRequest, expirationSeconds = DEFAULT_EXPIRATION_SECONDS) {
     const payload = {
       service_id: KYMA_SERVICE_ID,
       plan_id: this.planID,
       parameters: {
         token_request: tokenRequest,
+        expiration_seconds: expirationSeconds,
       },
     };
     const bindingID = Math.random().toString(36).substring(2, 18);

testing/e2e/skr/package.json

@@ -16,7 +16,6 @@
     "skr-networking-test": "mocha --inline-difs --check-leaks --reporter mocha-multi-reporters --reporter-options configFile=mocha-reporter-config.json ./skr-networking-test/index.js",
     "skr-trial-suspension-test": "DEBUG=true mocha --inline-diffs --check-leaks --reporter mocha-multi-reporters --reporter-options configFile=mocha-reporter-config.json --bail ./trial-suspension-test/test.js",
     "skr-binding-test": "mocha --inline-difs --check-leaks --reporter mocha-multi-reporters --reporter-options configFile=mocha-reporter-config.json ./skr-binding-test/index.js"
-
   },
   "license": "Apache-2.0",
   "devDependencies": {
@@ -29,7 +28,9 @@
   "dependencies": {
     "@kubernetes/client-node": "0.15.1",
     "axios": "^1.7.4",
+    "js-yaml": "^4.1.0",
     "mocha-junit-reporter": "^2.0.0",
+    "node-forge": "^1.3.1",
     "uuid": "^8.3.2"
   },
   "engines": {

testing/e2e/skr/skr-binding-test/index.js

@@ -1,6 +1,7 @@
+const {expect} = require('chai');
 const {gatherOptions} = require('../skr-test');
 const {initializeK8sClient} = require('../utils/index.js');
-const {getSecret} = require('../utils');
+const {getSecret, getKubeconfigValidityInSeconds} = require('../utils');
 const {provisionSKRInstance} = require('../skr-test/provision/provision-skr');
 const {deprovisionAndUnregisterSKR} = require('../skr-test/provision/deprovision-skr');
 const {KEBClient, KEBConfig} = require('../kyma-environment-broker');
@@ -44,8 +45,10 @@ describe('SKR Binding test', function() {
   });
 
   it('Create SKR binding using Gardener', async function() {
+    const expirationSeconds = 900;
     try {
-      kubeconfigFromBinding = await keb.createBinding(options.instanceID, false);
+      kubeconfigFromBinding = await keb.createBinding(options.instanceID, false, expirationSeconds);
+      expect(getKubeconfigValidityInSeconds(kubeconfigFromBinding.credentials.kubeconfig)).to.equal(expirationSeconds);
     } catch (err) {
       console.log(err);
     }

testing/e2e/skr/utils/index.js

@@ -1,5 +1,7 @@
 const k8s = require('@kubernetes/client-node');
 const {expect} = require('chai');
+const yaml = require('js-yaml');
+const forge = require('node-forge');
 
 const kc = new k8s.KubeConfig();
 let k8sDynamicApi;
@@ -423,6 +425,26 @@ function wait(fn, checkFn, timeout, interval) {
   });
 }
 
+function getKubeconfigValidityInSeconds(kubeconfig) {
+  try {
+    const doc = yaml.load(kubeconfig);
+    const users = doc.users;
+    if (users && users.length > 0) {
+      const pem = users[0].user['client-certificate-data'];
+      const decodedPem = atob(pem);
+      const certificate = forge.pki.certificateFromPem(decodedPem);
+      const difference = certificate.validity.notAfter.getTime() - certificate.validity.notBefore.getTime();
+      return difference / 1000;
+    } else {
+      console.error('No user data found');
+      return null;
+    }
+  } catch (e) {
+    console.error('Error parsing YAML content:', e);
+    return null;
+  }
+}
+
 module.exports = {
   initializeK8sClient,
   k8sApply,
@@ -446,4 +468,5 @@ module.exports = {
   genRandom,
   getEnvOrThrow,
   wait,
+  getKubeconfigValidityInSeconds,
 };