From 15aa00fc8360f85935ca97df2b0377470fb46223 Mon Sep 17 00:00:00 2001
From: Sascha Grunert <sgrunert@redhat.com>
Date: Thu, 1 Jun 2023 09:55:48 +0200
Subject: [PATCH] Remove unused `getSeccompProfilePath` helper function

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
---
 pkg/kubelet/kuberuntime/helpers.go            |  47 ---
 pkg/kubelet/kuberuntime/helpers_linux_test.go | 291 ------------------
 2 files changed, 338 deletions(-)

diff --git a/pkg/kubelet/kuberuntime/helpers.go b/pkg/kubelet/kuberuntime/helpers.go
index 1e6359f5687..e217b4487c1 100644
--- a/pkg/kubelet/kuberuntime/helpers.go
+++ b/pkg/kubelet/kuberuntime/helpers.go
@@ -212,53 +212,6 @@ func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus) *kubecontainer.Runtim
 	return &kubecontainer.RuntimeStatus{Conditions: conditions}
 }
 
-func fieldProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (string, error) {
-	if scmp == nil {
-		if fallbackToRuntimeDefault {
-			return v1.SeccompProfileRuntimeDefault, nil
-		}
-		return "", nil
-	}
-	if scmp.Type == v1.SeccompProfileTypeRuntimeDefault {
-		return v1.SeccompProfileRuntimeDefault, nil
-	}
-	if scmp.Type == v1.SeccompProfileTypeLocalhost {
-		if scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 {
-			fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile)
-			return v1.SeccompLocalhostProfileNamePrefix + fname, nil
-		} else {
-			return "", fmt.Errorf("localhostProfile must be set if seccompProfile type is Localhost.")
-		}
-	}
-	if scmp.Type == v1.SeccompProfileTypeUnconfined {
-		return v1.SeccompProfileNameUnconfined, nil
-	}
-
-	if fallbackToRuntimeDefault {
-		return v1.SeccompProfileRuntimeDefault, nil
-	}
-	return "", nil
-}
-
-func (m *kubeGenericRuntimeManager) getSeccompProfilePath(annotations map[string]string, containerName string,
-	podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) (string, error) {
-	// container fields are applied first
-	if containerSecContext != nil && containerSecContext.SeccompProfile != nil {
-		return fieldProfile(containerSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault)
-	}
-
-	// when container seccomp is not defined, try to apply from pod field
-	if podSecContext != nil && podSecContext.SeccompProfile != nil {
-		return fieldProfile(podSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault)
-	}
-
-	if fallbackToRuntimeDefault {
-		return v1.SeccompProfileRuntimeDefault, nil
-	}
-
-	return "", nil
-}
-
 func fieldSeccompProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (*runtimeapi.SecurityProfile, error) {
 	if scmp == nil {
 		if fallbackToRuntimeDefault {
diff --git a/pkg/kubelet/kuberuntime/helpers_linux_test.go b/pkg/kubelet/kuberuntime/helpers_linux_test.go
index b4bc990dcb4..792ecc47331 100644
--- a/pkg/kubelet/kuberuntime/helpers_linux_test.go
+++ b/pkg/kubelet/kuberuntime/helpers_linux_test.go
@@ -29,17 +29,12 @@ import (
 	runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1"
 	"k8s.io/kubernetes/pkg/features"
 	"k8s.io/kubernetes/pkg/kubelet/cm"
-	utilpointer "k8s.io/utils/pointer"
 )
 
 func seccompLocalhostRef(profileName string) string {
 	return filepath.Join(fakeSeccompProfileRoot, profileName)
 }
 
-func seccompLocalhostPath(profileName string) string {
-	return "localhost/" + seccompLocalhostRef(profileName)
-}
-
 func TestMilliCPUToQuota(t *testing.T) {
 	for _, testCase := range []struct {
 		msg      string
@@ -218,292 +213,6 @@ func TestMilliCPUToQuotaWithCustomCPUCFSQuotaPeriod(t *testing.T) {
 	}
 }
 
-func TestFieldProfile(t *testing.T) {
-	tests := []struct {
-		description     string
-		scmpProfile     *v1.SeccompProfile
-		rootPath        string
-		expectedProfile string
-		expectedError   string
-	}{
-		{
-			description:     "no seccompProfile should return empty",
-			expectedProfile: "",
-		},
-		{
-			description: "type localhost without profile should return error",
-			scmpProfile: &v1.SeccompProfile{
-				Type: v1.SeccompProfileTypeLocalhost,
-			},
-			expectedError: "localhostProfile must be set if seccompProfile type is Localhost.",
-		},
-		{
-			description: "unknown type should return empty",
-			scmpProfile: &v1.SeccompProfile{
-				Type: "",
-			},
-			expectedProfile: "",
-		},
-		{
-			description: "SeccompProfileTypeRuntimeDefault should return runtime/default",
-			scmpProfile: &v1.SeccompProfile{
-				Type: v1.SeccompProfileTypeRuntimeDefault,
-			},
-			expectedProfile: "runtime/default",
-		},
-		{
-			description: "SeccompProfileTypeUnconfined should return unconfined",
-			scmpProfile: &v1.SeccompProfile{
-				Type: v1.SeccompProfileTypeUnconfined,
-			},
-			expectedProfile: "unconfined",
-		},
-		{
-			description: "SeccompProfileTypeLocalhost should return localhost",
-			scmpProfile: &v1.SeccompProfile{
-				Type:             v1.SeccompProfileTypeLocalhost,
-				LocalhostProfile: utilpointer.String("profile.json"),
-			},
-			rootPath:        "/test/",
-			expectedProfile: "localhost//test/profile.json",
-		},
-	}
-
-	for i, test := range tests {
-		seccompProfile, err := fieldProfile(test.scmpProfile, test.rootPath, false)
-		if test.expectedError != "" {
-			assert.EqualError(t, err, test.expectedError, "TestCase[%d]: %s", i, test.description)
-		} else {
-			assert.NoError(t, err, "TestCase[%d]: %s", i, test.description)
-			assert.Equal(t, test.expectedProfile, seccompProfile, "TestCase[%d]: %s", i, test.description)
-		}
-	}
-}
-
-func TestFieldProfileDefaultSeccomp(t *testing.T) {
-	tests := []struct {
-		description     string
-		scmpProfile     *v1.SeccompProfile
-		rootPath        string
-		expectedProfile string
-		expectedError   string
-	}{
-		{
-			description:     "no seccompProfile should return runtime/default",
-			expectedProfile: v1.SeccompProfileRuntimeDefault,
-		},
-		{
-			description: "type localhost without profile should return error",
-			scmpProfile: &v1.SeccompProfile{
-				Type: v1.SeccompProfileTypeLocalhost,
-			},
-			expectedError: "localhostProfile must be set if seccompProfile type is Localhost.",
-		},
-		{
-			description: "unknown type should return runtime/default",
-			scmpProfile: &v1.SeccompProfile{
-				Type: "",
-			},
-			expectedProfile: v1.SeccompProfileRuntimeDefault,
-		},
-		{
-			description: "SeccompProfileTypeRuntimeDefault should return runtime/default",
-			scmpProfile: &v1.SeccompProfile{
-				Type: v1.SeccompProfileTypeRuntimeDefault,
-			},
-			expectedProfile: "runtime/default",
-		},
-		{
-			description: "SeccompProfileTypeUnconfined should return unconfined",
-			scmpProfile: &v1.SeccompProfile{
-				Type: v1.SeccompProfileTypeUnconfined,
-			},
-			expectedProfile: "unconfined",
-		},
-		{
-			description: "SeccompProfileTypeLocalhost should return localhost",
-			scmpProfile: &v1.SeccompProfile{
-				Type:             v1.SeccompProfileTypeLocalhost,
-				LocalhostProfile: utilpointer.String("profile.json"),
-			},
-			rootPath:        "/test/",
-			expectedProfile: "localhost//test/profile.json",
-		},
-	}
-
-	for i, test := range tests {
-		seccompProfile, err := fieldProfile(test.scmpProfile, test.rootPath, true)
-		if test.expectedError != "" {
-			assert.EqualError(t, err, test.expectedError, "TestCase[%d]: %s", i, test.description)
-		} else {
-			assert.NoError(t, err, "TestCase[%d]: %s", i, test.description)
-			assert.Equal(t, test.expectedProfile, seccompProfile, "TestCase[%d]: %s", i, test.description)
-		}
-	}
-}
-
-func TestGetSeccompProfilePath(t *testing.T) {
-	_, _, m, err := createTestRuntimeManager()
-	require.NoError(t, err)
-
-	tests := []struct {
-		description     string
-		annotation      map[string]string
-		podSc           *v1.PodSecurityContext
-		containerSc     *v1.SecurityContext
-		containerName   string
-		expectedProfile string
-		expectedError   string
-	}{
-		{
-			description:     "no seccomp should return empty",
-			expectedProfile: "",
-		},
-		{
-			description:     "annotations: no seccomp with containerName should return empty",
-			containerName:   "container1",
-			expectedProfile: "",
-		},
-		{
-			description:     "pod seccomp profile set to unconfined returns unconfined",
-			podSc:           &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeUnconfined}},
-			expectedProfile: "unconfined",
-		},
-		{
-			description:     "container seccomp profile set to unconfined returns unconfined",
-			containerSc:     &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeUnconfined}},
-			expectedProfile: "unconfined",
-		},
-		{
-			description:     "pod seccomp profile set to SeccompProfileTypeRuntimeDefault returns runtime/default",
-			podSc:           &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeRuntimeDefault}},
-			expectedProfile: "runtime/default",
-		},
-		{
-			description:     "container seccomp profile set to SeccompProfileTypeRuntimeDefault returns runtime/default",
-			containerSc:     &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeRuntimeDefault}},
-			expectedProfile: "runtime/default",
-		},
-		{
-			description:     "pod seccomp profile set to SeccompProfileTypeLocalhost returns 'localhost/' + LocalhostProfile",
-			podSc:           &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeLocalhost, LocalhostProfile: getLocal("filename")}},
-			expectedProfile: seccompLocalhostPath("filename"),
-		},
-		{
-			description:   "pod seccomp profile set to SeccompProfileTypeLocalhost with empty LocalhostProfile returns error",
-			podSc:         &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeLocalhost}},
-			expectedError: "localhostProfile must be set if seccompProfile type is Localhost.",
-		},
-		{
-			description:   "container seccomp profile set to SeccompProfileTypeLocalhost with empty LocalhostProfile returns error",
-			containerSc:   &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeLocalhost}},
-			expectedError: "localhostProfile must be set if seccompProfile type is Localhost.",
-		},
-		{
-			description:     "container seccomp profile set to SeccompProfileTypeLocalhost returns 'localhost/' + LocalhostProfile",
-			containerSc:     &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeLocalhost, LocalhostProfile: getLocal("filename2")}},
-			expectedProfile: seccompLocalhostPath("filename2"),
-		},
-		{
-			description:     "prioritise container field over pod field",
-			podSc:           &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeUnconfined}},
-			containerSc:     &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeRuntimeDefault}},
-			expectedProfile: "runtime/default",
-		},
-	}
-
-	for i, test := range tests {
-		seccompProfile, err := m.getSeccompProfilePath(test.annotation, test.containerName, test.podSc, test.containerSc, false)
-		if test.expectedError != "" {
-			assert.EqualError(t, err, test.expectedError, "TestCase[%d]: %s", i, test.description)
-		} else {
-			assert.NoError(t, err, "TestCase[%d]: %s", i, test.description)
-			assert.Equal(t, test.expectedProfile, seccompProfile, "TestCase[%d]: %s", i, test.description)
-		}
-	}
-}
-
-func TestGetSeccompProfilePathDefaultSeccomp(t *testing.T) {
-	_, _, m, err := createTestRuntimeManager()
-	require.NoError(t, err)
-
-	tests := []struct {
-		description     string
-		annotation      map[string]string
-		podSc           *v1.PodSecurityContext
-		containerSc     *v1.SecurityContext
-		containerName   string
-		expectedProfile string
-		expectedError   string
-	}{
-		{
-			description:     "no seccomp should return runtime/default",
-			expectedProfile: v1.SeccompProfileRuntimeDefault,
-		},
-		{
-			description:     "annotations: no seccomp with containerName should return runtime/default",
-			containerName:   "container1",
-			expectedProfile: v1.SeccompProfileRuntimeDefault,
-		},
-		{
-			description:     "pod seccomp profile set to unconfined returns unconfined",
-			podSc:           &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeUnconfined}},
-			expectedProfile: "unconfined",
-		},
-		{
-			description:     "container seccomp profile set to unconfined returns unconfined",
-			containerSc:     &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeUnconfined}},
-			expectedProfile: "unconfined",
-		},
-		{
-			description:     "pod seccomp profile set to SeccompProfileTypeRuntimeDefault returns runtime/default",
-			podSc:           &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeRuntimeDefault}},
-			expectedProfile: "runtime/default",
-		},
-		{
-			description:     "container seccomp profile set to SeccompProfileTypeRuntimeDefault returns runtime/default",
-			containerSc:     &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeRuntimeDefault}},
-			expectedProfile: "runtime/default",
-		},
-		{
-			description:     "pod seccomp profile set to SeccompProfileTypeLocalhost returns 'localhost/' + LocalhostProfile",
-			podSc:           &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeLocalhost, LocalhostProfile: getLocal("filename")}},
-			expectedProfile: seccompLocalhostPath("filename"),
-		},
-		{
-			description:   "pod seccomp profile set to SeccompProfileTypeLocalhost with empty LocalhostProfile returns error",
-			podSc:         &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeLocalhost}},
-			expectedError: "localhostProfile must be set if seccompProfile type is Localhost.",
-		},
-		{
-			description:   "container seccomp profile set to SeccompProfileTypeLocalhost with empty LocalhostProfile returns error",
-			containerSc:   &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeLocalhost}},
-			expectedError: "localhostProfile must be set if seccompProfile type is Localhost.",
-		},
-		{
-			description:     "container seccomp profile set to SeccompProfileTypeLocalhost returns 'localhost/' + LocalhostProfile",
-			containerSc:     &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeLocalhost, LocalhostProfile: getLocal("filename2")}},
-			expectedProfile: seccompLocalhostPath("filename2"),
-		},
-		{
-			description:     "prioritise container field over pod field",
-			podSc:           &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeUnconfined}},
-			containerSc:     &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeRuntimeDefault}},
-			expectedProfile: "runtime/default",
-		},
-	}
-
-	for i, test := range tests {
-		seccompProfile, err := m.getSeccompProfilePath(test.annotation, test.containerName, test.podSc, test.containerSc, true)
-		if test.expectedError != "" {
-			assert.EqualError(t, err, test.expectedError, "TestCase[%d]: %s", i, test.description)
-		} else {
-			assert.NoError(t, err, "TestCase[%d]: %s", i, test.description)
-			assert.Equal(t, test.expectedProfile, seccompProfile, "TestCase[%d]: %s", i, test.description)
-		}
-	}
-}
-
 func TestGetSeccompProfile(t *testing.T) {
 	_, _, m, err := createTestRuntimeManager()
 	require.NoError(t, err)