From 4baf35f2f52cdbe72c6af0e485a24f3aae29b80b Mon Sep 17 00:00:00 2001 From: Mengjiao Liu Date: Fri, 24 Dec 2021 17:13:45 +0800 Subject: [PATCH] Add missing test cases for `RunAsGroup` and `SetRunAsGroup` methods --- pkg/securitycontext/accessors_test.go | 39 +++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/pkg/securitycontext/accessors_test.go b/pkg/securitycontext/accessors_test.go index 0fde3eb84b9..1ce62736463 100644 --- a/pkg/securitycontext/accessors_test.go +++ b/pkg/securitycontext/accessors_test.go @@ -257,6 +257,7 @@ func TestPodSecurityContextMutator(t *testing.T) { func TestContainerSecurityContextAccessor(t *testing.T) { privileged := true runAsUser := int64(1) + runAsGroup := int64(1) runAsNonRoot := true readOnlyRootFilesystem := true allowPrivilegeEscalation := true @@ -268,6 +269,7 @@ func TestContainerSecurityContextAccessor(t *testing.T) { {Privileged: &privileged}, {SELinuxOptions: &api.SELinuxOptions{User: "bob"}}, {RunAsUser: &runAsUser}, + {RunAsGroup: &runAsGroup}, {RunAsNonRoot: &runAsNonRoot}, {ReadOnlyRootFilesystem: &readOnlyRootFilesystem}, {AllowPrivilegeEscalation: &allowPrivilegeEscalation}, @@ -293,6 +295,9 @@ func TestContainerSecurityContextAccessor(t *testing.T) { if v := a.RunAsUser(); !reflect.DeepEqual(expected.RunAsUser, v) { t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsUser, v) } + if v := a.RunAsGroup(); !reflect.DeepEqual(expected.RunAsGroup, v) { + t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsGroup, v) + } if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) { t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v) } @@ -345,6 +350,7 @@ func TestContainerSecurityContextMutator(t *testing.T) { m.SetReadOnlyRootFilesystem(m.ReadOnlyRootFilesystem()) m.SetRunAsNonRoot(m.RunAsNonRoot()) m.SetRunAsUser(m.RunAsUser()) + m.SetRunAsGroup(m.RunAsGroup()) m.SetSELinuxOptions(m.SELinuxOptions()) if !reflect.DeepEqual(sc, originalSC) { t.Errorf("%s: unexpected mutation: %#v, %#v", k, sc, originalSC) @@ -431,6 +437,19 @@ func TestContainerSecurityContextMutator(t *testing.T) { } } + // RunAsGroup + { + modifiedSC := nonNilSC(tc.newSC()) + m := NewContainerSecurityContextMutator(tc.newSC()) + i := int64(1123) + modifiedSC.RunAsGroup = &i + m.SetRunAsGroup(&i) + if !reflect.DeepEqual(m.ContainerSecurityContext(), modifiedSC) { + t.Errorf("%s: unexpected object:\n%s", k, diff.ObjectGoPrintSideBySide(modifiedSC, m.ContainerSecurityContext())) + continue + } + } + // SELinuxOptions { modifiedSC := nonNilSC(tc.newSC()) @@ -567,6 +586,9 @@ func TestEffectiveContainerSecurityContextAccessor(t *testing.T) { if v := a.RunAsUser(); !reflect.DeepEqual(expected.RunAsUser, v) { t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsUser, v) } + if v := a.RunAsGroup(); !reflect.DeepEqual(expected.RunAsGroup, v) { + t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsGroup, v) + } if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) { t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v) } @@ -643,6 +665,7 @@ func TestEffectiveContainerSecurityContextMutator(t *testing.T) { m.SetReadOnlyRootFilesystem(m.ReadOnlyRootFilesystem()) m.SetRunAsNonRoot(m.RunAsNonRoot()) m.SetRunAsUser(m.RunAsUser()) + m.SetRunAsGroup(m.RunAsGroup()) m.SetSELinuxOptions(m.SELinuxOptions()) if !reflect.DeepEqual(podSC, originalPodSC) { t.Errorf("%s: unexpected mutation: %#v, %#v", k, podSC, originalPodSC) @@ -750,6 +773,22 @@ func TestEffectiveContainerSecurityContextMutator(t *testing.T) { } } + // RunAsGroup + { + modifiedSC := nonNilSC(tc.newSC()) + m := NewEffectiveContainerSecurityContextMutator( + NewPodSecurityContextAccessor(tc.newPodSC()), + NewContainerSecurityContextMutator(tc.newSC()), + ) + i := int64(1123) + modifiedSC.RunAsGroup = &i + m.SetRunAsGroup(&i) + if !reflect.DeepEqual(m.ContainerSecurityContext(), modifiedSC) { + t.Errorf("%s: unexpected object:\n%s", k, diff.ObjectGoPrintSideBySide(modifiedSC, m.ContainerSecurityContext())) + continue + } + } + // SELinuxOptions { modifiedSC := nonNilSC(tc.newSC())