github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 20:53:33 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #107215 from mengjiao-liu/improve-test-securitycontext-accessor

Browse Source 
Add missing test cases for `RunAsGroup` and `SetRunAsGroup` methods
This commit is contained in:
Kubernetes Prow Robot 2022-05-03 17:18:14 -07:00 committed by GitHub
commit 3a2d79cd7a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
pkg/securitycontext/accessors_test.go
View File

@ -257,6 +257,7 @@ func TestPodSecurityContextMutator(t *testing.T) {
func TestContainerSecurityContextAccessor(t *testing.T) { func TestContainerSecurityContextAccessor(t *testing.T) {
privileged := true privileged := true
runAsUser := int64(1) runAsUser := int64(1)
runAsGroup := int64(1)
runAsNonRoot := true runAsNonRoot := true
readOnlyRootFilesystem := true readOnlyRootFilesystem := true
allowPrivilegeEscalation := true allowPrivilegeEscalation := true
@ -268,6 +269,7 @@ func TestContainerSecurityContextAccessor(t *testing.T) {
{Privileged: &privileged}, {Privileged: &privileged},
{SELinuxOptions: &api.SELinuxOptions{User: "bob"}}, {SELinuxOptions: &api.SELinuxOptions{User: "bob"}},
{RunAsUser: &runAsUser}, {RunAsUser: &runAsUser},
{RunAsGroup: &runAsGroup},
{RunAsNonRoot: &runAsNonRoot}, {RunAsNonRoot: &runAsNonRoot},
{ReadOnlyRootFilesystem: &readOnlyRootFilesystem}, {ReadOnlyRootFilesystem: &readOnlyRootFilesystem},
{AllowPrivilegeEscalation: &allowPrivilegeEscalation}, {AllowPrivilegeEscalation: &allowPrivilegeEscalation},
@ -293,6 +295,9 @@ func TestContainerSecurityContextAccessor(t *testing.T) {
if v := a.RunAsUser(); !reflect.DeepEqual(expected.RunAsUser, v) { if v := a.RunAsUser(); !reflect.DeepEqual(expected.RunAsUser, v) {
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsUser, v) t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsUser, v)
} }
if v := a.RunAsGroup(); !reflect.DeepEqual(expected.RunAsGroup, v) {
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsGroup, v)
}
if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) { if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) {
t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v) t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v)
} }
@ -345,6 +350,7 @@ func TestContainerSecurityContextMutator(t *testing.T) {
m.SetReadOnlyRootFilesystem(m.ReadOnlyRootFilesystem()) m.SetReadOnlyRootFilesystem(m.ReadOnlyRootFilesystem())
m.SetRunAsNonRoot(m.RunAsNonRoot()) m.SetRunAsNonRoot(m.RunAsNonRoot())
m.SetRunAsUser(m.RunAsUser()) m.SetRunAsUser(m.RunAsUser())
m.SetRunAsGroup(m.RunAsGroup())
m.SetSELinuxOptions(m.SELinuxOptions()) m.SetSELinuxOptions(m.SELinuxOptions())
if !reflect.DeepEqual(sc, originalSC) { if !reflect.DeepEqual(sc, originalSC) {
t.Errorf("%s: unexpected mutation: %#v, %#v", k, sc, originalSC) t.Errorf("%s: unexpected mutation: %#v, %#v", k, sc, originalSC)
@ -431,6 +437,19 @@ func TestContainerSecurityContextMutator(t *testing.T) {
} }
} }
// RunAsGroup
{
modifiedSC := nonNilSC(tc.newSC())
m := NewContainerSecurityContextMutator(tc.newSC())
i := int64(1123)
modifiedSC.RunAsGroup = &i
m.SetRunAsGroup(&i)
if !reflect.DeepEqual(m.ContainerSecurityContext(), modifiedSC) {
t.Errorf("%s: unexpected object:\n%s", k, diff.ObjectGoPrintSideBySide(modifiedSC, m.ContainerSecurityContext()))
continue
}
}
// SELinuxOptions // SELinuxOptions
{ {
modifiedSC := nonNilSC(tc.newSC()) modifiedSC := nonNilSC(tc.newSC())
@ -567,6 +586,9 @@ func TestEffectiveContainerSecurityContextAccessor(t *testing.T) {
if v := a.RunAsUser(); !reflect.DeepEqual(expected.RunAsUser, v) { if v := a.RunAsUser(); !reflect.DeepEqual(expected.RunAsUser, v) {
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsUser, v) t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsUser, v)
} }
if v := a.RunAsGroup(); !reflect.DeepEqual(expected.RunAsGroup, v) {
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsGroup, v)
}
if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) { if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) {
t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v) t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v)
} }
@ -643,6 +665,7 @@ func TestEffectiveContainerSecurityContextMutator(t *testing.T) {
m.SetReadOnlyRootFilesystem(m.ReadOnlyRootFilesystem()) m.SetReadOnlyRootFilesystem(m.ReadOnlyRootFilesystem())
m.SetRunAsNonRoot(m.RunAsNonRoot()) m.SetRunAsNonRoot(m.RunAsNonRoot())
m.SetRunAsUser(m.RunAsUser()) m.SetRunAsUser(m.RunAsUser())
m.SetRunAsGroup(m.RunAsGroup())
m.SetSELinuxOptions(m.SELinuxOptions()) m.SetSELinuxOptions(m.SELinuxOptions())
if !reflect.DeepEqual(podSC, originalPodSC) { if !reflect.DeepEqual(podSC, originalPodSC) {
t.Errorf("%s: unexpected mutation: %#v, %#v", k, podSC, originalPodSC) t.Errorf("%s: unexpected mutation: %#v, %#v", k, podSC, originalPodSC)
@ -750,6 +773,22 @@ func TestEffectiveContainerSecurityContextMutator(t *testing.T) {
} }
} }
// RunAsGroup
{
modifiedSC := nonNilSC(tc.newSC())
m := NewEffectiveContainerSecurityContextMutator(
NewPodSecurityContextAccessor(tc.newPodSC()),
NewContainerSecurityContextMutator(tc.newSC()),
)
i := int64(1123)
modifiedSC.RunAsGroup = &i
m.SetRunAsGroup(&i)
if !reflect.DeepEqual(m.ContainerSecurityContext(), modifiedSC) {
t.Errorf("%s: unexpected object:\n%s", k, diff.ObjectGoPrintSideBySide(modifiedSC, m.ContainerSecurityContext()))
continue
}
}
// SELinuxOptions // SELinuxOptions
{ {
modifiedSC := nonNilSC(tc.newSC()) modifiedSC := nonNilSC(tc.newSC())