test: add testcase covering issue #253

#253 Signed-off-by: Clément Nussbaumer <clement.nussbaumer@postfinance.ch>
postfinance · May 21, 2024 · 4118bc0 · 4118bc0
1 parent c2effac
commit 4118bc0
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/internal/controller/csr_controller_test.go b/internal/controller/csr_controller_test.go
@@ -235,6 +235,30 @@ func TestSANCheckedEvenWithDNSResolutionBypassed(t *testing.T) {
 	assert.False(t, denied)
 }
 
+func TestX509CRIPAddressesWithDNSBypass(t *testing.T) { // reproduces issue #253
+	csrParams := CsrParams{
+		csrName:     "dns-bypass-regex-check-with-x509-cr-san-ips",
+		nodeName:    testNodeName,
+		dnsName:     testNodeName + "-unresolved.test.ch",
+		ipAddresses: []net.IP{{192, 168, 3, 4}},
+	}
+	csr := createCsr(t, csrParams)
+	_, nodeClientSet, _ := createControlPlaneUser(t, csr.Spec.Username, []string{"system:masters"})
+
+	csrController.BypassDNSResolution = true
+	defer func() { csrController.BypassDNSResolution = false }()
+
+	_, err := nodeClientSet.CertificatesV1().CertificateSigningRequests().Create(
+		testContext, &csr, metav1.CreateOptions{})
+	require.Nil(t, err, "Could not create the CSR.")
+
+	approved, denied, reason, err := waitCsrApprovalStatus(csr.Name)
+	t.Log(reason)
+	require.Nil(t, err, "Could not retrieve the CSR to check its approval status")
+	assert.True(t, approved)
+	assert.False(t, denied)
+}
+
 func TestBypassDNSResolution(t *testing.T) {
 	csrParams := CsrParams{
 		csrName:  "dns-bypass",