github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-10-31 05:40:42 +00:00
Code Issues Projects Releases Wiki Activity

Improvements to mustrunas_test.go

Browse Source 
* Removed unused members from structs
* Compare error messages

Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
This commit is contained in:
Julien Pivotto
2017-02-23 20:23:38 +01:00
parent 17375fc59f
commit 12a3b61279
1 changed files with 42 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
pkg/security/podsecuritypolicy/capabilities/mustrunas_test.go
View File

@@ -26,13 +26,10 @@ import (
func TestGenerateAdds(t *testing.T) { func TestGenerateAdds(t *testing.T) {
tests := map[string]struct { tests := map[string]struct {
defaultAddCaps []api.Capability defaultAddCaps []api.Capability
requiredDropCaps []api.Capability
containerCaps *api.Capabilities containerCaps *api.Capabilities
expectedCaps *api.Capabilities expectedCaps *api.Capabilities
}{ }{
"no required, no container requests": { "no required, no container requests": {},
expectedCaps: nil,
},
"required, no container requests": { "required, no container requests": {
defaultAddCaps: []api.Capability{"foo"}, defaultAddCaps: []api.Capability{"foo"},
expectedCaps: &api.Capabilities{ expectedCaps: &api.Capabilities{
@@ -93,7 +90,7 @@ func TestGenerateAdds(t *testing.T) {
}, },
} }
strategy, err := NewDefaultCapabilities(v.defaultAddCaps, v.requiredDropCaps, nil) strategy, err := NewDefaultCapabilities(v.defaultAddCaps, nil, nil)
if err != nil { if err != nil {
t.Errorf("%s failed: %v", k, err) t.Errorf("%s failed: %v", k, err)
continue continue
@@ -217,22 +214,18 @@ func TestGenerateDrops(t *testing.T) {
func TestValidateAdds(t *testing.T) { func TestValidateAdds(t *testing.T) {
tests := map[string]struct { tests := map[string]struct {
defaultAddCaps []api.Capability defaultAddCaps []api.Capability
requiredDropCaps []api.Capability
allowedCaps []api.Capability allowedCaps []api.Capability
containerCaps *api.Capabilities containerCaps *api.Capabilities
shouldPass bool expectedError string
}{ }{
// no container requests // no container requests
"no required, no allowed, no container requests": { "no required, no allowed, no container requests": {},
shouldPass: true,
},
"no required, allowed, no container requests": { "no required, allowed, no container requests": {
allowedCaps: []api.Capability{"foo"}, allowedCaps: []api.Capability{"foo"},
shouldPass: true,
}, },
"required, no allowed, no container requests": { "required, no allowed, no container requests": {
defaultAddCaps: []api.Capability{"foo"}, defaultAddCaps: []api.Capability{"foo"},
shouldPass: false, expectedError: `capabilities: Invalid value: "null": required capabilities are not set on the securityContext`,
}, },
// container requests match required // container requests match required
@@ -241,14 +234,13 @@ func TestValidateAdds(t *testing.T) {
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"foo"}, Add: []api.Capability{"foo"},
}, },
shouldPass: true,
}, },
"required, no allowed, container requests invalid": { "required, no allowed, container requests invalid": {
defaultAddCaps: []api.Capability{"foo"}, defaultAddCaps: []api.Capability{"foo"},
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"bar"}, Add: []api.Capability{"bar"},
}, },
shouldPass: false, expectedError: `capabilities.add: Invalid value: "bar": capability may not be added`,
}, },
// container requests match allowed // container requests match allowed
@@ -257,14 +249,13 @@ func TestValidateAdds(t *testing.T) {
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"foo"}, Add: []api.Capability{"foo"},
}, },
shouldPass: true,
}, },
"no required, allowed, container requests invalid": { "no required, allowed, container requests invalid": {
allowedCaps: []api.Capability{"foo"}, allowedCaps: []api.Capability{"foo"},
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"bar"}, Add: []api.Capability{"bar"},
}, },
shouldPass: false, expectedError: `capabilities.add: Invalid value: "bar": capability may not be added`,
}, },
// required and allowed // required and allowed
@@ -274,7 +265,6 @@ func TestValidateAdds(t *testing.T) {
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"foo"}, Add: []api.Capability{"foo"},
}, },
shouldPass: true,
}, },
"required, allowed, container requests valid allowed": { "required, allowed, container requests valid allowed": {
defaultAddCaps: []api.Capability{"foo"}, defaultAddCaps: []api.Capability{"foo"},
@@ -282,7 +272,6 @@ func TestValidateAdds(t *testing.T) {
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"bar"}, Add: []api.Capability{"bar"},
}, },
shouldPass: true,
}, },
"required, allowed, container requests invalid": { "required, allowed, container requests invalid": {
defaultAddCaps: []api.Capability{"foo"}, defaultAddCaps: []api.Capability{"foo"},
@@ -290,14 +279,14 @@ func TestValidateAdds(t *testing.T) {
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"baz"}, Add: []api.Capability{"baz"},
}, },
shouldPass: false, expectedError: `capabilities.add: Invalid value: "baz": capability may not be added`,
}, },
"validation is case sensitive": { "validation is case sensitive": {
defaultAddCaps: []api.Capability{"foo"}, defaultAddCaps: []api.Capability{"foo"},
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"FOO"}, Add: []api.Capability{"FOO"},
}, },
shouldPass: false, expectedError: `capabilities.add: Invalid value: "FOO": capability may not be added`,
}, },
} }
@@ -308,36 +297,41 @@ func TestValidateAdds(t *testing.T) {
}, },
} }
strategy, err := NewDefaultCapabilities(v.defaultAddCaps, v.requiredDropCaps, v.allowedCaps) strategy, err := NewDefaultCapabilities(v.defaultAddCaps, nil, v.allowedCaps)
if err != nil { if err != nil {
t.Errorf("%s failed: %v", k, err) t.Errorf("%s failed: %v", k, err)
continue continue
} }
errs := strategy.Validate(nil, container) errs := strategy.Validate(nil, container)
if v.shouldPass && len(errs) > 0 { if v.expectedError == "" && len(errs) > 0 {
t.Errorf("%s should have passed but had errors %v", k, errs) t.Errorf("%s should have passed but had errors %v", k, errs)
continue continue
} }
if !v.shouldPass && len(errs) == 0 { if v.expectedError != "" && len(errs) == 0 {
t.Errorf("%s should have failed but received no errors", k) t.Errorf("%s should have failed but received no errors", k)
continue
}
if len(errs) == 1 && errs[0].Error() != v.expectedError {
t.Errorf("%s should have failed with %v but received %v", k, v.expectedError, errs[0])
continue
}
if len(errs) > 1 {
t.Errorf("%s should have failed with at most one error, but received %v: %v", k, len(errs), errs)
} }
} }
} }
func TestValidateDrops(t *testing.T) { func TestValidateDrops(t *testing.T) {
tests := map[string]struct { tests := map[string]struct {
defaultAddCaps []api.Capability
requiredDropCaps []api.Capability requiredDropCaps []api.Capability
containerCaps *api.Capabilities containerCaps *api.Capabilities
shouldPass bool expectedError string
}{ }{
// no container requests // no container requests
"no required, no container requests": { "no required, no container requests": {},
shouldPass: true,
},
"required, no container requests": { "required, no container requests": {
requiredDropCaps: []api.Capability{"foo"}, requiredDropCaps: []api.Capability{"foo"},
shouldPass: false, expectedError: `capabilities: Invalid value: "null": required capabilities are not set on the securityContext`,
}, },
// container requests match required // container requests match required
@@ -346,21 +340,20 @@ func TestValidateDrops(t *testing.T) {
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Drop: []api.Capability{"foo"}, Drop: []api.Capability{"foo"},
}, },
shouldPass: true,
}, },
"required, container requests invalid": { "required, container requests invalid": {
requiredDropCaps: []api.Capability{"foo"}, requiredDropCaps: []api.Capability{"foo"},
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Drop: []api.Capability{"bar"}, Drop: []api.Capability{"bar"},
}, },
shouldPass: false, expectedError: `capabilities.drop: Invalid value: []api.Capability{"bar"}: foo is required to be dropped but was not found`,
}, },
"validation is case sensitive": { "validation is case sensitive": {
requiredDropCaps: []api.Capability{"foo"}, requiredDropCaps: []api.Capability{"foo"},
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Drop: []api.Capability{"FOO"}, Drop: []api.Capability{"FOO"},
}, },
shouldPass: false, expectedError: `capabilities.drop: Invalid value: []api.Capability{"FOO"}: foo is required to be dropped but was not found`,
}, },
} }
@@ -371,18 +364,26 @@ func TestValidateDrops(t *testing.T) {
}, },
} }
strategy, err := NewDefaultCapabilities(v.defaultAddCaps, v.requiredDropCaps, nil) strategy, err := NewDefaultCapabilities(nil, v.requiredDropCaps, nil)
if err != nil { if err != nil {
t.Errorf("%s failed: %v", k, err) t.Errorf("%s failed: %v", k, err)
continue continue
} }
errs := strategy.Validate(nil, container) errs := strategy.Validate(nil, container)
if v.shouldPass && len(errs) > 0 { if v.expectedError == "" && len(errs) > 0 {
t.Errorf("%s should have passed but had errors %v", k, errs) t.Errorf("%s should have passed but had errors %v", k, errs)
continue continue
} }
if !v.shouldPass && len(errs) == 0 { if v.expectedError != "" && len(errs) == 0 {
t.Errorf("%s should have failed but received no errors", k) t.Errorf("%s should have failed but received no errors", k)
continue
}
if len(errs) == 1 && errs[0].Error() != v.expectedError {
t.Errorf("%s should have failed with %v but received %v", k, v.expectedError, errs[0])
continue
}
if len(errs) > 1 {
t.Errorf("%s should have failed with at most one error, but received %v: %v", k, len(errs), errs)
} }
} }
} }