From 3f8ada67c5363e7b0c06ee3cbb44a6d20c9a9e09 Mon Sep 17 00:00:00 2001
From: mantuliu <240951888@qq.com>
Date: Wed, 1 Feb 2023 10:47:38 +0800
Subject: [PATCH] impove the coverage

Signed-off-by: mantuliu <240951888@qq.com>
---
 pkg/kubelet/sysctl/allowlist_test.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pkg/kubelet/sysctl/allowlist_test.go b/pkg/kubelet/sysctl/allowlist_test.go
index bbdc30209b0..9535eabbd9b 100644
--- a/pkg/kubelet/sysctl/allowlist_test.go
+++ b/pkg/kubelet/sysctl/allowlist_test.go
@@ -36,6 +36,7 @@ func TestNewAllowlist(t *testing.T) {
 		{sysctls: []string{"net.*.foo"}, err: true},
 		{sysctls: []string{"net.*/foo"}, err: true},
 		{sysctls: []string{"foo"}, err: true},
+		{sysctls: []string{"foo*"}, err: true},
 	} {
 		_, err := NewAllowlist(append(SafeSysctlAllowlist(), test.sysctls...))
 		if test.err && err == nil {
@@ -67,12 +68,13 @@ func TestAllowlist(t *testing.T) {
 		{sysctl: "net.ipv4.ip_local_port_range.a.b.c", hostNet: false},
 		{sysctl: "kernel.msgmax", hostIPC: true},
 		{sysctl: "kernel.sem", hostIPC: true},
+		{sysctl: "net.b.c", hostNet: true},
 	}
 	pod := &v1.Pod{}
 	pod.Spec.SecurityContext = &v1.PodSecurityContext{}
 	attrs := &lifecycle.PodAdmitAttributes{Pod: pod}
 
-	w, err := NewAllowlist(append(SafeSysctlAllowlist(), "kernel.msg*", "kernel.sem"))
+	w, err := NewAllowlist(append(SafeSysctlAllowlist(), "kernel.msg*", "kernel.sem", "net.b.*"))
 	if err != nil {
 		t.Fatalf("failed to create allowlist: %v", err)
 	}
@@ -81,7 +83,7 @@ func TestAllowlist(t *testing.T) {
 		if err := w.validateSysctl(test.sysctl, test.hostNet, test.hostIPC); err != nil {
 			t.Errorf("expected to be allowlisted: %+v, got: %v", test, err)
 		}
-		pod.Spec.SecurityContext.Sysctls = []v1.Sysctl{{test.sysctl, test.sysctl}}
+		pod.Spec.SecurityContext.Sysctls = []v1.Sysctl{{Name: test.sysctl, Value: test.sysctl}}
 		status := w.Admit(attrs)
 		if !status.Admit {
 			t.Errorf("expected to be allowlisted: %+v, got: %+v", test, status)
@@ -94,7 +96,7 @@ func TestAllowlist(t *testing.T) {
 		}
 		pod.Spec.HostNetwork = test.hostNet
 		pod.Spec.HostIPC = test.hostIPC
-		pod.Spec.SecurityContext.Sysctls = []v1.Sysctl{{test.sysctl, test.sysctl}}
+		pod.Spec.SecurityContext.Sysctls = []v1.Sysctl{{Name: test.sysctl, Value: test.sysctl}}
 		status := w.Admit(attrs)
 		if status.Admit {
 			t.Errorf("expected to be rejected: %+v", test)