test refactor: test_real_cluster.rb

test/test_real_cluster.rb

@@ -16,59 +16,71 @@ def teardown
     WebMock.disable_net_connect! # Don't allow any connections in other tests.
   end
 
+  # Partially isolated tests that check Client behavior with given `verify_ssl` value:
+
+  # localhost and 127.0.0.1 are among names on the certificate
+  HOSTNAME_COVERED_BY_CERT = 'https://127.0.0.1:6443'.freeze
+  # 127.0.0.2 also means localhost but is not included in the certificate.
+  HOSTNAME_NOT_ON_CERT = 'https://127.0.0.2:6443'.freeze
+
   def test_real_cluster_verify_peer
     config = Kubeclient::Config.read(config_file('external.kubeconfig'))
     context = config.context
-    # localhost and 127.0.0.1 are among names on the certificate
     client1 = Kubeclient::Client.new(
-      'https://127.0.0.1:6443', 'v1',
+      HOSTNAME_COVERED_BY_CERT, 'v1',
       ssl_options: context.ssl_options.merge(verify_ssl: OpenSSL::SSL::VERIFY_PEER),
       auth_options: context.auth_options
     )
-    client1.discover
-    client1.get_nodes
-    exercise_watcher_with_timeout(client1.watch_nodes)
-    # 127.0.0.2 also means localhost but is not included in the certificate.
+    check_cert_accepted(client1)
     client2 = Kubeclient::Client.new(
-      'https://127.0.0.2:6443', 'v1',
+      HOSTNAME_NOT_ON_CERT, 'v1',
       ssl_options: context.ssl_options.merge(verify_ssl: OpenSSL::SSL::VERIFY_PEER),
       auth_options: context.auth_options
     )
-    # TODO: all OpenSSL exceptions should be wrapped with Kubeclient error.
-    assert_raises(Kubeclient::HttpError, OpenSSL::SSL::SSLError) do
-      client2.discover
-    end
-    # Since discovery fails, methods like .get_nodes, .watch_nodes would all fail
-    # on method_missing -> discover.  Call lower-level methods to test actual connection.
-    assert_raises(Kubeclient::HttpError, OpenSSL::SSL::SSLError) do
-      client2.get_entities('Node', 'nodes', {})
-    end
-    assert_raises(Kubeclient::HttpError, OpenSSL::SSL::SSLError) do
-      exercise_watcher_with_timeout(client2.watch_entities('nodes'))
-    end
+    check_cert_rejected(client2)
   end
 
   def test_real_cluster_verify_none
     config = Kubeclient::Config.read(config_file('external.kubeconfig'))
     context = config.context
-    # localhost and 127.0.0.1 are among names on the certificate
     client1 = Kubeclient::Client.new(
-      'https://127.0.0.1:6443', 'v1',
+      HOSTNAME_COVERED_BY_CERT, 'v1',
       ssl_options: context.ssl_options.merge(verify_ssl: OpenSSL::SSL::VERIFY_NONE),
       auth_options: context.auth_options
     )
-    client1.get_nodes
-    # 127.0.0.2 also means localhost but is not included in the certificate.
+    check_cert_accepted(client1)
     client2 = Kubeclient::Client.new(
-      'https://127.0.0.2:6443', 'v1',
+      HOSTNAME_NOT_ON_CERT, 'v1',
       ssl_options: context.ssl_options.merge(verify_ssl: OpenSSL::SSL::VERIFY_NONE),
       auth_options: context.auth_options
     )
-    client2.get_nodes
+    check_cert_accepted(client2)
   end
 
   private
 
+  # Test cert checking on discovery, CRUD, and watch code paths.
+  def check_cert_accepted(client)
+    client.discover
+    client.get_nodes
+    exercise_watcher_with_timeout(client.watch_nodes)
+  end
+
+  def check_cert_rejected(client)
+    # TODO: all OpenSSL exceptions should be wrapped with Kubeclient error.
+    assert_raises(Kubeclient::HttpError, OpenSSL::SSL::SSLError) do
+      client.discover
+    end
+    # Since discovery fails, methods like .get_nodes, .watch_nodes would all fail
+    # on method_missing -> discover.  Call lower-level methods to test actual connection.
+    assert_raises(Kubeclient::HttpError, OpenSSL::SSL::SSLError) do
+      client.get_entities('Node', 'nodes', {})
+    end
+    assert_raises(Kubeclient::HttpError, OpenSSL::SSL::SSLError) do
+      exercise_watcher_with_timeout(client.watch_entities('nodes'))
+    end
+  end
+
   def exercise_watcher_with_timeout(watcher)
     thread = Thread.new do
       sleep(1)