github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 03:41:45 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #71188 from taragu/readonly-test-validate-readonly-io

Browse Source 
Add test case for validate container cannot write to readonly volumes
This commit is contained in:
Kubernetes Prow Robot 2019-01-03 15:51:23 -08:00 committed by GitHub
commit 1061f31644
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
test/e2e/storage/testsuites/subpath.go
View File

@ -246,7 +246,7 @@ func testSubPath(input *subPathTestInput) {
setInitCommand(input.pod, fmt.Sprintf("ln -s /bin %s", input.subPathDir))
// Pod should fail
testPodFailSubpath(input.f, input.pod)
testPodFailSubpath(input.f, input.pod, false)
})
It("should fail if subpath file is outside the volume [Slow]", func() {
@ -254,7 +254,7 @@ func testSubPath(input *subPathTestInput) {
setInitCommand(input.pod, fmt.Sprintf("ln -s /bin/sh %s", input.subPathDir))
// Pod should fail
testPodFailSubpath(input.f, input.pod)
testPodFailSubpath(input.f, input.pod, false)
})
It("should fail if non-existent subpath is outside the volume [Slow]", func() {
@ -262,7 +262,7 @@ func testSubPath(input *subPathTestInput) {
setInitCommand(input.pod, fmt.Sprintf("ln -s /bin/notanexistingpath %s", input.subPathDir))
// Pod should fail
testPodFailSubpath(input.f, input.pod)
testPodFailSubpath(input.f, input.pod, false)
})
It("should fail if subpath with backstepping is outside the volume [Slow]", func() {
@ -270,7 +270,7 @@ func testSubPath(input *subPathTestInput) {
setInitCommand(input.pod, fmt.Sprintf("ln -s ../ %s", input.subPathDir))
// Pod should fail
testPodFailSubpath(input.f, input.pod)
testPodFailSubpath(input.f, input.pod, false)
})
It("should support creating multiple subpath from same volumes [Slow]", func() {
@ -360,6 +360,23 @@ func testSubPath(input *subPathTestInput) {
testReadFile(input.f, input.filePathInSubpath, input.pod, 0)
})
It("should verify container cannot write to subpath readonly volumes", func() {
if input.roVol == nil {
framework.Skipf("Volume type %v doesn't support readOnly source", input.volType)
}
// Format the volume while it's writable
formatVolume(input.f, input.formatPod)
// Set volume source to read only
input.pod.Spec.Volumes[0].VolumeSource = *input.roVol
// Write the file in the volume from container 0
setWriteCommand(input.subPathDir, &input.pod.Spec.Containers[0])
// Pod should fail
testPodFailSubpath(input.f, input.pod, true)
})
// TODO: add a test case for the same disk with two partitions
}
@ -574,11 +591,11 @@ func testReadFile(f *framework.Framework, file string, pod *v1.Pod, containerInd
Expect(err).NotTo(HaveOccurred(), "while deleting pod")
}
func testPodFailSubpath(f *framework.Framework, pod *v1.Pod) {
testPodFailSubpathError(f, pod, "subPath")
func testPodFailSubpath(f *framework.Framework, pod *v1.Pod, allowContainerTerminationError bool) {
testPodFailSubpathError(f, pod, "subPath", allowContainerTerminationError)
}
func testPodFailSubpathError(f *framework.Framework, pod *v1.Pod, errorMsg string) {
func testPodFailSubpathError(f *framework.Framework, pod *v1.Pod, errorMsg string, allowContainerTerminationError bool) {
By(fmt.Sprintf("Creating pod %s", pod.Name))
pod, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(pod)
Expect(err).ToNot(HaveOccurred(), "while creating pod")
@ -586,7 +603,7 @@ func testPodFailSubpathError(f *framework.Framework, pod *v1.Pod, errorMsg strin
framework.DeletePodWithWait(f, f.ClientSet, pod)
}()
By("Checking for subpath error in container status")
err = waitForPodSubpathError(f, pod)
err = waitForPodSubpathError(f, pod, allowContainerTerminationError)
Expect(err).NotTo(HaveOccurred(), "while waiting for subpath failure")
}
@ -601,7 +618,7 @@ func findSubpathContainerName(pod *v1.Pod) string {
return ""
}
func waitForPodSubpathError(f *framework.Framework, pod *v1.Pod) error {
func waitForPodSubpathError(f *framework.Framework, pod *v1.Pod, allowContainerTerminationError bool) error {
subpathContainerName := findSubpathContainerName(pod)
if subpathContainerName == "" {
return fmt.Errorf("failed to find container that uses subpath")
@ -619,6 +636,9 @@ func waitForPodSubpathError(f *framework.Framework, pod *v1.Pod) error {
case status.State.Running != nil:
return false, fmt.Errorf("subpath container unexpectedly became running")
case status.State.Terminated != nil:
if status.State.Terminated.ExitCode != 0 && allowContainerTerminationError {
return true, nil
}
return false, fmt.Errorf("subpath container unexpectedly terminated")
case status.State.Waiting != nil:
if status.State.Waiting.Reason == "CreateContainerConfigError" &&