mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Merge pull request #107215 from mengjiao-liu/improve-test-securitycontext-accessor
Add missing test cases for `RunAsGroup` and `SetRunAsGroup` methods
This commit is contained in:
commit
3a2d79cd7a
@ -257,6 +257,7 @@ func TestPodSecurityContextMutator(t *testing.T) {
|
|||||||
func TestContainerSecurityContextAccessor(t *testing.T) {
|
func TestContainerSecurityContextAccessor(t *testing.T) {
|
||||||
privileged := true
|
privileged := true
|
||||||
runAsUser := int64(1)
|
runAsUser := int64(1)
|
||||||
|
runAsGroup := int64(1)
|
||||||
runAsNonRoot := true
|
runAsNonRoot := true
|
||||||
readOnlyRootFilesystem := true
|
readOnlyRootFilesystem := true
|
||||||
allowPrivilegeEscalation := true
|
allowPrivilegeEscalation := true
|
||||||
@ -268,6 +269,7 @@ func TestContainerSecurityContextAccessor(t *testing.T) {
|
|||||||
{Privileged: &privileged},
|
{Privileged: &privileged},
|
||||||
{SELinuxOptions: &api.SELinuxOptions{User: "bob"}},
|
{SELinuxOptions: &api.SELinuxOptions{User: "bob"}},
|
||||||
{RunAsUser: &runAsUser},
|
{RunAsUser: &runAsUser},
|
||||||
|
{RunAsGroup: &runAsGroup},
|
||||||
{RunAsNonRoot: &runAsNonRoot},
|
{RunAsNonRoot: &runAsNonRoot},
|
||||||
{ReadOnlyRootFilesystem: &readOnlyRootFilesystem},
|
{ReadOnlyRootFilesystem: &readOnlyRootFilesystem},
|
||||||
{AllowPrivilegeEscalation: &allowPrivilegeEscalation},
|
{AllowPrivilegeEscalation: &allowPrivilegeEscalation},
|
||||||
@ -293,6 +295,9 @@ func TestContainerSecurityContextAccessor(t *testing.T) {
|
|||||||
if v := a.RunAsUser(); !reflect.DeepEqual(expected.RunAsUser, v) {
|
if v := a.RunAsUser(); !reflect.DeepEqual(expected.RunAsUser, v) {
|
||||||
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsUser, v)
|
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsUser, v)
|
||||||
}
|
}
|
||||||
|
if v := a.RunAsGroup(); !reflect.DeepEqual(expected.RunAsGroup, v) {
|
||||||
|
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsGroup, v)
|
||||||
|
}
|
||||||
if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) {
|
if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) {
|
||||||
t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v)
|
t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v)
|
||||||
}
|
}
|
||||||
@ -345,6 +350,7 @@ func TestContainerSecurityContextMutator(t *testing.T) {
|
|||||||
m.SetReadOnlyRootFilesystem(m.ReadOnlyRootFilesystem())
|
m.SetReadOnlyRootFilesystem(m.ReadOnlyRootFilesystem())
|
||||||
m.SetRunAsNonRoot(m.RunAsNonRoot())
|
m.SetRunAsNonRoot(m.RunAsNonRoot())
|
||||||
m.SetRunAsUser(m.RunAsUser())
|
m.SetRunAsUser(m.RunAsUser())
|
||||||
|
m.SetRunAsGroup(m.RunAsGroup())
|
||||||
m.SetSELinuxOptions(m.SELinuxOptions())
|
m.SetSELinuxOptions(m.SELinuxOptions())
|
||||||
if !reflect.DeepEqual(sc, originalSC) {
|
if !reflect.DeepEqual(sc, originalSC) {
|
||||||
t.Errorf("%s: unexpected mutation: %#v, %#v", k, sc, originalSC)
|
t.Errorf("%s: unexpected mutation: %#v, %#v", k, sc, originalSC)
|
||||||
@ -431,6 +437,19 @@ func TestContainerSecurityContextMutator(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// RunAsGroup
|
||||||
|
{
|
||||||
|
modifiedSC := nonNilSC(tc.newSC())
|
||||||
|
m := NewContainerSecurityContextMutator(tc.newSC())
|
||||||
|
i := int64(1123)
|
||||||
|
modifiedSC.RunAsGroup = &i
|
||||||
|
m.SetRunAsGroup(&i)
|
||||||
|
if !reflect.DeepEqual(m.ContainerSecurityContext(), modifiedSC) {
|
||||||
|
t.Errorf("%s: unexpected object:\n%s", k, diff.ObjectGoPrintSideBySide(modifiedSC, m.ContainerSecurityContext()))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// SELinuxOptions
|
// SELinuxOptions
|
||||||
{
|
{
|
||||||
modifiedSC := nonNilSC(tc.newSC())
|
modifiedSC := nonNilSC(tc.newSC())
|
||||||
@ -567,6 +586,9 @@ func TestEffectiveContainerSecurityContextAccessor(t *testing.T) {
|
|||||||
if v := a.RunAsUser(); !reflect.DeepEqual(expected.RunAsUser, v) {
|
if v := a.RunAsUser(); !reflect.DeepEqual(expected.RunAsUser, v) {
|
||||||
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsUser, v)
|
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsUser, v)
|
||||||
}
|
}
|
||||||
|
if v := a.RunAsGroup(); !reflect.DeepEqual(expected.RunAsGroup, v) {
|
||||||
|
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsGroup, v)
|
||||||
|
}
|
||||||
if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) {
|
if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) {
|
||||||
t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v)
|
t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v)
|
||||||
}
|
}
|
||||||
@ -643,6 +665,7 @@ func TestEffectiveContainerSecurityContextMutator(t *testing.T) {
|
|||||||
m.SetReadOnlyRootFilesystem(m.ReadOnlyRootFilesystem())
|
m.SetReadOnlyRootFilesystem(m.ReadOnlyRootFilesystem())
|
||||||
m.SetRunAsNonRoot(m.RunAsNonRoot())
|
m.SetRunAsNonRoot(m.RunAsNonRoot())
|
||||||
m.SetRunAsUser(m.RunAsUser())
|
m.SetRunAsUser(m.RunAsUser())
|
||||||
|
m.SetRunAsGroup(m.RunAsGroup())
|
||||||
m.SetSELinuxOptions(m.SELinuxOptions())
|
m.SetSELinuxOptions(m.SELinuxOptions())
|
||||||
if !reflect.DeepEqual(podSC, originalPodSC) {
|
if !reflect.DeepEqual(podSC, originalPodSC) {
|
||||||
t.Errorf("%s: unexpected mutation: %#v, %#v", k, podSC, originalPodSC)
|
t.Errorf("%s: unexpected mutation: %#v, %#v", k, podSC, originalPodSC)
|
||||||
@ -750,6 +773,22 @@ func TestEffectiveContainerSecurityContextMutator(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// RunAsGroup
|
||||||
|
{
|
||||||
|
modifiedSC := nonNilSC(tc.newSC())
|
||||||
|
m := NewEffectiveContainerSecurityContextMutator(
|
||||||
|
NewPodSecurityContextAccessor(tc.newPodSC()),
|
||||||
|
NewContainerSecurityContextMutator(tc.newSC()),
|
||||||
|
)
|
||||||
|
i := int64(1123)
|
||||||
|
modifiedSC.RunAsGroup = &i
|
||||||
|
m.SetRunAsGroup(&i)
|
||||||
|
if !reflect.DeepEqual(m.ContainerSecurityContext(), modifiedSC) {
|
||||||
|
t.Errorf("%s: unexpected object:\n%s", k, diff.ObjectGoPrintSideBySide(modifiedSC, m.ContainerSecurityContext()))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// SELinuxOptions
|
// SELinuxOptions
|
||||||
{
|
{
|
||||||
modifiedSC := nonNilSC(tc.newSC())
|
modifiedSC := nonNilSC(tc.newSC())
|
||||||
|
Loading…
Reference in New Issue
Block a user