github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 14:37:00 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #105748 from marosset/host-process-emphemeral-contianer-validation

Browse Source 
Adding unit test coverage for API validation for ephemeral containers in hostprocess pods on Windows
This commit is contained in:
Kubernetes Prow Robot 2021-10-19 08:11:04 -07:00 committed by GitHub
commit 2dbdd9461d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 87 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
pkg/apis/core/validation/validation_test.go
View File

@ -18567,11 +18567,98 @@ func TestValidateWindowsHostProcessPod(t *testing.T) {
}}, }},
}, },
}, },
{
name: "Non-HostProcess ephemeral container in HostProcess pod should not validate",
expectError: true,
featureEnabled: true,
allowPrivileged: true,
podSpec: &core.PodSpec{
SecurityContext: &core.PodSecurityContext{
HostNetwork: true,
WindowsOptions: &core.WindowsSecurityContextOptions{
HostProcess: &trueVar,
},
},
Containers: []core.Container{{
Name: containerName,
}},
EphemeralContainers: []core.EphemeralContainer{{
EphemeralContainerCommon: core.EphemeralContainerCommon{
SecurityContext: &core.SecurityContext{
WindowsOptions: &core.WindowsSecurityContextOptions{
HostProcess: &falseVar,
},
},
},
}},
},
},
{
name: "HostProcess ephemeral container in HostProcess pod should validate",
expectError: false,
featureEnabled: true,
allowPrivileged: true,
podSpec: &core.PodSpec{
SecurityContext: &core.PodSecurityContext{
HostNetwork: true,
WindowsOptions: &core.WindowsSecurityContextOptions{
HostProcess: &trueVar,
},
},
Containers: []core.Container{{
Name: containerName,
}},
EphemeralContainers: []core.EphemeralContainer{{
EphemeralContainerCommon: core.EphemeralContainerCommon{},
}},
},
},
{
name: "Non-HostProcess ephemeral container in Non-HostProcess pod should validate",
expectError: false,
featureEnabled: true,
allowPrivileged: true,
podSpec: &core.PodSpec{
Containers: []core.Container{{
Name: containerName,
}},
EphemeralContainers: []core.EphemeralContainer{{
EphemeralContainerCommon: core.EphemeralContainerCommon{
SecurityContext: &core.SecurityContext{
WindowsOptions: &core.WindowsSecurityContextOptions{
HostProcess: &falseVar,
},
},
},
}},
},
},
{
name: "HostProcess ephemeral container in Non-HostProcess pod should not validate",
expectError: true,
featureEnabled: true,
allowPrivileged: true,
podSpec: &core.PodSpec{
Containers: []core.Container{{
Name: containerName,
}},
EphemeralContainers: []core.EphemeralContainer{{
EphemeralContainerCommon: core.EphemeralContainerCommon{
SecurityContext: &core.SecurityContext{
WindowsOptions: &core.WindowsSecurityContextOptions{
HostProcess: &trueVar,
},
},
},
}},
},
},
} }
for _, testCase := range testCases { for _, testCase := range testCases {
t.Run(testCase.name, func(t *testing.T) { t.Run(testCase.name, func(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.WindowsHostProcessContainers, testCase.featureEnabled)() defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.WindowsHostProcessContainers, testCase.featureEnabled)()
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.EphemeralContainers, true)()
opts := PodValidationOptions{AllowWindowsHostProcessField: testCase.featureEnabled} opts := PodValidationOptions{AllowWindowsHostProcessField: testCase.featureEnabled}