From f9b152abb084c999d7b8e68256d9d7bdbecec739 Mon Sep 17 00:00:00 2001 From: obitech Date: Wed, 18 Sep 2019 20:01:52 +0200 Subject: [PATCH] Add strict serializer to codec factory in kube-proxy --- cmd/kube-proxy/app/BUILD | 1 + cmd/kube-proxy/app/server_test.go | 47 ++++++++++++++++++++------ pkg/proxy/apis/config/scheme/scheme.go | 2 +- 3 files changed, 39 insertions(+), 11 deletions(-) diff --git a/cmd/kube-proxy/app/BUILD b/cmd/kube-proxy/app/BUILD index f3d7586bc3c..081ac969874 100644 --- a/cmd/kube-proxy/app/BUILD +++ b/cmd/kube-proxy/app/BUILD @@ -167,6 +167,7 @@ go_test( "//pkg/proxy/apis/config:go_default_library", "//pkg/util/configz:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library", "//staging/src/k8s.io/component-base/config:go_default_library", "//vendor/github.com/stretchr/testify/assert:go_default_library", diff --git a/cmd/kube-proxy/app/server_test.go b/cmd/kube-proxy/app/server_test.go index 0fc014e9308..e32fb23b1ca 100644 --- a/cmd/kube-proxy/app/server_test.go +++ b/cmd/kube-proxy/app/server_test.go @@ -30,12 +30,14 @@ import ( "github.com/stretchr/testify/assert" + utilpointer "k8s.io/utils/pointer" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kuberuntime "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/diff" componentbaseconfig "k8s.io/component-base/config" kubeproxyconfig "k8s.io/kubernetes/pkg/proxy/apis/config" "k8s.io/kubernetes/pkg/util/configz" - utilpointer "k8s.io/utils/pointer" ) // This test verifies that NewProxyServer does not crash when CleanupAndExit is true. @@ -279,10 +281,16 @@ nodePortAddresses: // TestLoadConfigFailures tests failure modes for loadConfig() func TestLoadConfigFailures(t *testing.T) { + yamlTemplate := `bindAddress: 0.0.0.0 +clusterCIDR: "1.2.3.0/24" +configSyncPeriod: 15s +kind: KubeProxyConfiguration` + testCases := []struct { - name string - config string - expErr string + name string + config string + expErr string + checkFn func(err error) bool }{ { name: "Decode error test", @@ -299,15 +307,34 @@ func TestLoadConfigFailures(t *testing.T) { config: "bindAddress: ::", expErr: "mapping values are not allowed in this context", }, + { + name: "Duplicate fields", + config: fmt.Sprintf("%s\nbindAddess: 1.2.3.4", yamlTemplate), + checkFn: kuberuntime.IsStrictDecodingError, + }, + { + name: "Unknown field", + config: fmt.Sprintf("%s\nfoo: bar", yamlTemplate), + checkFn: kuberuntime.IsStrictDecodingError, + }, } + version := "apiVersion: kubeproxy.config.k8s.io/v1alpha1" for _, tc := range testCases { - options := NewOptions() - config := fmt.Sprintf("%s\n%s", version, tc.config) - _, err := options.loadConfig([]byte(config)) - if assert.Error(t, err, tc.name) { - assert.Contains(t, err.Error(), tc.expErr, tc.name) - } + t.Run(tc.name, func(t *testing.T) { + options := NewOptions() + config := fmt.Sprintf("%s\n%s", version, tc.config) + _, err := options.loadConfig([]byte(config)) + + if assert.Error(t, err, tc.name) { + if tc.expErr != "" { + assert.Contains(t, err.Error(), tc.expErr) + } + if tc.checkFn != nil { + assert.True(t, tc.checkFn(err), tc.name) + } + } + }) } } diff --git a/pkg/proxy/apis/config/scheme/scheme.go b/pkg/proxy/apis/config/scheme/scheme.go index e2f408bd8ac..75e8082b25e 100644 --- a/pkg/proxy/apis/config/scheme/scheme.go +++ b/pkg/proxy/apis/config/scheme/scheme.go @@ -29,7 +29,7 @@ var ( Scheme = runtime.NewScheme() // Codecs provides methods for retrieving codecs and serializers for specific // versions and content types. - Codecs = serializer.NewCodecFactory(Scheme) + Codecs = serializer.NewCodecFactory(Scheme, serializer.EnableStrict) ) func init() {