github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-02 08:17:26 +00:00
Code Issues Projects Releases Wiki Activity

kubelet/userns: Test new functionality with feature gate enabled

Browse Source 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This commit is contained in:
Rodrigo Campos 2024-02-16 13:58:19 -03:00 committed by Giuseppe Scrivano
parent 658b45cd03
commit 0e2b447269
No known key found for this signature in database
GPG Key ID: 67E38F7A8BA21772
1 changed files with 45 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
pkg/kubelet/userns/userns_manager_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package userns package userns
import ( import (
"errors"
"fmt" "fmt"
"os" "os"
"testing" "testing"
@ -36,6 +37,7 @@ import (
type testUserNsPodsManager struct { type testUserNsPodsManager struct {
podDir string podDir string
podList []types.UID podList []types.UID
userns bool
} }
func (m *testUserNsPodsManager) GetPodDir(podUID types.UID) string { func (m *testUserNsPodsManager) GetPodDir(podUID types.UID) string {
@ -53,7 +55,10 @@ func (m *testUserNsPodsManager) ListPodsFromDisk() ([]types.UID, error) {
} }
func (m *testUserNsPodsManager) HandlerSupportsUserNamespaces(runtimeHandler string) (bool, error) { func (m *testUserNsPodsManager) HandlerSupportsUserNamespaces(runtimeHandler string) (bool, error) {
return true, nil if runtimeHandler == "error" {
return false, errors.New("unknown runtime")
}
return m.userns, nil
} }
func TestUserNsManagerAllocate(t *testing.T) { func TestUserNsManagerAllocate(t *testing.T) {
@ -196,10 +201,12 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) {
falseVal := false falseVal := false
cases := []struct { cases := []struct {
name string name string
pod *v1.Pod pod *v1.Pod
expMode runtimeapi.NamespaceMode expMode runtimeapi.NamespaceMode
success bool runtimeUserns bool
runtimeHandler string
success bool
}{ }{
{ {
name: "no user namespace", name: "no user namespace",
@ -207,6 +214,12 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) {
expMode: runtimeapi.NamespaceMode_NODE, expMode: runtimeapi.NamespaceMode_NODE,
success: true, success: true,
}, },
{
name: "nil pod",
pod: nil,
expMode: runtimeapi.NamespaceMode_NODE,
success: true,
},
{ {
name: "opt-in to host user namespace", name: "opt-in to host user namespace",
pod: &v1.Pod{ pod: &v1.Pod{
@ -224,19 +237,42 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) {
HostUsers: &falseVal, HostUsers: &falseVal,
}, },
}, },
expMode: runtimeapi.NamespaceMode_POD, expMode: runtimeapi.NamespaceMode_POD,
success: true, runtimeUserns: true,
success: true,
},
{
name: "user namespace, but no runtime support",
pod: &v1.Pod{
Spec: v1.PodSpec{
HostUsers: &falseVal,
},
},
runtimeUserns: false,
},
{
name: "user namespace, but runtime returns error",
pod: &v1.Pod{
Spec: v1.PodSpec{
HostUsers: &falseVal,
},
},
// This handler name makes the fake runtime return an error.
runtimeHandler: "error",
}, },
} }
for _, tc := range cases { for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
// These tests will create the userns file, so use an existing podDir. // These tests will create the userns file, so use an existing podDir.
testUserNsPodsManager := &testUserNsPodsManager{podDir: t.TempDir()} testUserNsPodsManager := &testUserNsPodsManager{
podDir: t.TempDir(),
userns: tc.runtimeUserns,
}
m, err := MakeUserNsManager(testUserNsPodsManager) m, err := MakeUserNsManager(testUserNsPodsManager)
assert.NoError(t, err) assert.NoError(t, err)
userns, err := m.GetOrCreateUserNamespaceMappings(tc.pod, "") userns, err := m.GetOrCreateUserNamespaceMappings(tc.pod, tc.runtimeHandler)
if (tc.success && err != nil) || (!tc.success && err == nil) { if (tc.success && err != nil) || (!tc.success && err == nil) {
t.Errorf("expected success: %v but got error: %v", tc.success, err) t.Errorf("expected success: %v but got error: %v", tc.success, err)
} }