Merge pull request #41995 from roidelapluie/41990-a

Automatic merge from submit-queue

Improvements to mustrunas_test.go

refs #41990

Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>



**What this PR does / why we need it**:

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #41990

**Special notes for your reviewer**:

**Release note**:

```release-note
```
This commit is contained in:
Kubernetes Submit Queue 2017-04-10 07:28:51 -07:00 committed by GitHub
commit 3f941ac16c

View File

@ -25,14 +25,11 @@ import (
func TestGenerateAdds(t *testing.T) { func TestGenerateAdds(t *testing.T) {
tests := map[string]struct { tests := map[string]struct {
defaultAddCaps []api.Capability defaultAddCaps []api.Capability
requiredDropCaps []api.Capability containerCaps *api.Capabilities
containerCaps *api.Capabilities expectedCaps *api.Capabilities
expectedCaps *api.Capabilities
}{ }{
"no required, no container requests": { "no required, no container requests": {},
expectedCaps: nil,
},
"required, no container requests": { "required, no container requests": {
defaultAddCaps: []api.Capability{"foo"}, defaultAddCaps: []api.Capability{"foo"},
expectedCaps: &api.Capabilities{ expectedCaps: &api.Capabilities{
@ -93,7 +90,7 @@ func TestGenerateAdds(t *testing.T) {
}, },
} }
strategy, err := NewDefaultCapabilities(v.defaultAddCaps, v.requiredDropCaps, nil) strategy, err := NewDefaultCapabilities(v.defaultAddCaps, nil, nil)
if err != nil { if err != nil {
t.Errorf("%s failed: %v", k, err) t.Errorf("%s failed: %v", k, err)
continue continue
@ -216,23 +213,19 @@ func TestGenerateDrops(t *testing.T) {
func TestValidateAdds(t *testing.T) { func TestValidateAdds(t *testing.T) {
tests := map[string]struct { tests := map[string]struct {
defaultAddCaps []api.Capability defaultAddCaps []api.Capability
requiredDropCaps []api.Capability allowedCaps []api.Capability
allowedCaps []api.Capability containerCaps *api.Capabilities
containerCaps *api.Capabilities expectedError string
shouldPass bool
}{ }{
// no container requests // no container requests
"no required, no allowed, no container requests": { "no required, no allowed, no container requests": {},
shouldPass: true,
},
"no required, allowed, no container requests": { "no required, allowed, no container requests": {
allowedCaps: []api.Capability{"foo"}, allowedCaps: []api.Capability{"foo"},
shouldPass: true,
}, },
"required, no allowed, no container requests": { "required, no allowed, no container requests": {
defaultAddCaps: []api.Capability{"foo"}, defaultAddCaps: []api.Capability{"foo"},
shouldPass: false, expectedError: `capabilities: Invalid value: "null": required capabilities are not set on the securityContext`,
}, },
// container requests match required // container requests match required
@ -241,14 +234,13 @@ func TestValidateAdds(t *testing.T) {
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"foo"}, Add: []api.Capability{"foo"},
}, },
shouldPass: true,
}, },
"required, no allowed, container requests invalid": { "required, no allowed, container requests invalid": {
defaultAddCaps: []api.Capability{"foo"}, defaultAddCaps: []api.Capability{"foo"},
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"bar"}, Add: []api.Capability{"bar"},
}, },
shouldPass: false, expectedError: `capabilities.add: Invalid value: "bar": capability may not be added`,
}, },
// container requests match allowed // container requests match allowed
@ -257,14 +249,13 @@ func TestValidateAdds(t *testing.T) {
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"foo"}, Add: []api.Capability{"foo"},
}, },
shouldPass: true,
}, },
"no required, allowed, container requests invalid": { "no required, allowed, container requests invalid": {
allowedCaps: []api.Capability{"foo"}, allowedCaps: []api.Capability{"foo"},
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"bar"}, Add: []api.Capability{"bar"},
}, },
shouldPass: false, expectedError: `capabilities.add: Invalid value: "bar": capability may not be added`,
}, },
// required and allowed // required and allowed
@ -274,7 +265,6 @@ func TestValidateAdds(t *testing.T) {
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"foo"}, Add: []api.Capability{"foo"},
}, },
shouldPass: true,
}, },
"required, allowed, container requests valid allowed": { "required, allowed, container requests valid allowed": {
defaultAddCaps: []api.Capability{"foo"}, defaultAddCaps: []api.Capability{"foo"},
@ -282,7 +272,6 @@ func TestValidateAdds(t *testing.T) {
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"bar"}, Add: []api.Capability{"bar"},
}, },
shouldPass: true,
}, },
"required, allowed, container requests invalid": { "required, allowed, container requests invalid": {
defaultAddCaps: []api.Capability{"foo"}, defaultAddCaps: []api.Capability{"foo"},
@ -290,14 +279,14 @@ func TestValidateAdds(t *testing.T) {
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"baz"}, Add: []api.Capability{"baz"},
}, },
shouldPass: false, expectedError: `capabilities.add: Invalid value: "baz": capability may not be added`,
}, },
"validation is case sensitive": { "validation is case sensitive": {
defaultAddCaps: []api.Capability{"foo"}, defaultAddCaps: []api.Capability{"foo"},
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Add: []api.Capability{"FOO"}, Add: []api.Capability{"FOO"},
}, },
shouldPass: false, expectedError: `capabilities.add: Invalid value: "FOO": capability may not be added`,
}, },
} }
@ -308,36 +297,41 @@ func TestValidateAdds(t *testing.T) {
}, },
} }
strategy, err := NewDefaultCapabilities(v.defaultAddCaps, v.requiredDropCaps, v.allowedCaps) strategy, err := NewDefaultCapabilities(v.defaultAddCaps, nil, v.allowedCaps)
if err != nil { if err != nil {
t.Errorf("%s failed: %v", k, err) t.Errorf("%s failed: %v", k, err)
continue continue
} }
errs := strategy.Validate(nil, container) errs := strategy.Validate(nil, container)
if v.shouldPass && len(errs) > 0 { if v.expectedError == "" && len(errs) > 0 {
t.Errorf("%s should have passed but had errors %v", k, errs) t.Errorf("%s should have passed but had errors %v", k, errs)
continue continue
} }
if !v.shouldPass && len(errs) == 0 { if v.expectedError != "" && len(errs) == 0 {
t.Errorf("%s should have failed but received no errors", k) t.Errorf("%s should have failed but received no errors", k)
continue
}
if len(errs) == 1 && errs[0].Error() != v.expectedError {
t.Errorf("%s should have failed with %v but received %v", k, v.expectedError, errs[0])
continue
}
if len(errs) > 1 {
t.Errorf("%s should have failed with at most one error, but received %v: %v", k, len(errs), errs)
} }
} }
} }
func TestValidateDrops(t *testing.T) { func TestValidateDrops(t *testing.T) {
tests := map[string]struct { tests := map[string]struct {
defaultAddCaps []api.Capability
requiredDropCaps []api.Capability requiredDropCaps []api.Capability
containerCaps *api.Capabilities containerCaps *api.Capabilities
shouldPass bool expectedError string
}{ }{
// no container requests // no container requests
"no required, no container requests": { "no required, no container requests": {},
shouldPass: true,
},
"required, no container requests": { "required, no container requests": {
requiredDropCaps: []api.Capability{"foo"}, requiredDropCaps: []api.Capability{"foo"},
shouldPass: false, expectedError: `capabilities: Invalid value: "null": required capabilities are not set on the securityContext`,
}, },
// container requests match required // container requests match required
@ -346,21 +340,20 @@ func TestValidateDrops(t *testing.T) {
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Drop: []api.Capability{"foo"}, Drop: []api.Capability{"foo"},
}, },
shouldPass: true,
}, },
"required, container requests invalid": { "required, container requests invalid": {
requiredDropCaps: []api.Capability{"foo"}, requiredDropCaps: []api.Capability{"foo"},
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Drop: []api.Capability{"bar"}, Drop: []api.Capability{"bar"},
}, },
shouldPass: false, expectedError: `capabilities.drop: Invalid value: []api.Capability{"bar"}: foo is required to be dropped but was not found`,
}, },
"validation is case sensitive": { "validation is case sensitive": {
requiredDropCaps: []api.Capability{"foo"}, requiredDropCaps: []api.Capability{"foo"},
containerCaps: &api.Capabilities{ containerCaps: &api.Capabilities{
Drop: []api.Capability{"FOO"}, Drop: []api.Capability{"FOO"},
}, },
shouldPass: false, expectedError: `capabilities.drop: Invalid value: []api.Capability{"FOO"}: foo is required to be dropped but was not found`,
}, },
} }
@ -371,18 +364,26 @@ func TestValidateDrops(t *testing.T) {
}, },
} }
strategy, err := NewDefaultCapabilities(v.defaultAddCaps, v.requiredDropCaps, nil) strategy, err := NewDefaultCapabilities(nil, v.requiredDropCaps, nil)
if err != nil { if err != nil {
t.Errorf("%s failed: %v", k, err) t.Errorf("%s failed: %v", k, err)
continue continue
} }
errs := strategy.Validate(nil, container) errs := strategy.Validate(nil, container)
if v.shouldPass && len(errs) > 0 { if v.expectedError == "" && len(errs) > 0 {
t.Errorf("%s should have passed but had errors %v", k, errs) t.Errorf("%s should have passed but had errors %v", k, errs)
continue continue
} }
if !v.shouldPass && len(errs) == 0 { if v.expectedError != "" && len(errs) == 0 {
t.Errorf("%s should have failed but received no errors", k) t.Errorf("%s should have failed but received no errors", k)
continue
}
if len(errs) == 1 && errs[0].Error() != v.expectedError {
t.Errorf("%s should have failed with %v but received %v", k, v.expectedError, errs[0])
continue
}
if len(errs) > 1 {
t.Errorf("%s should have failed with at most one error, but received %v: %v", k, len(errs), errs)
} }
} }
} }