github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-17 15:50:10 +00:00
Code Issues Projects Releases Wiki Activity

Tag all feature gates required by a test

Browse Source 
Use all necessary feature gates in SELinuxMount tests.
This commit is contained in:
Jan Safranek 2024-03-01 14:37:54 +01:00
parent 2a22b6f6b8
commit 74417b517a
1 changed files with 39 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
test/e2e/storage/csi_mock/csi_selinux_mount.go
View File

@ -49,12 +49,12 @@ import (
// These tags are used in the tests: // These tags are used in the tests:
// //
// [FeatureGate:SELinuxMountReadWriteOncePod] // [FeatureGate:SELinuxMountReadWriteOncePod]
// - The test requires SELinuxMountReadWriteOncePod enabled. SELinuxMount may be enabled or disabled, except for tests with Feature:SELinuxMountReadWriteOncePodOnly (see below). // - The test requires SELinuxMountReadWriteOncePod enabled.
// //
// [FeatureGate:SELinuxMountReadWriteOncePod] [Feature:SELinuxMountReadWriteOncePodOnly] // [FeatureGate:SELinuxMountReadWriteOncePod] [Feature:SELinuxMountReadWriteOncePodOnly]
// - The test requires SELinuxMountReadWriteOncePod enabled and SELinuxMount disabled. This checks metrics that are emitted only when SELinuxMount is disabled. // - The test requires SELinuxMountReadWriteOncePod enabled and SELinuxMount disabled. This checks metrics that are emitted only when SELinuxMount is disabled.
// //
// [FeatureGate:SELinuxMount] // [FeatureGate:SELinuxMountReadWriteOncePod] [FeatureGate:SELinuxMount]
// - The test requires SELinuxMountReadWriteOncePod and SELinuxMount enabled. // - The test requires SELinuxMountReadWriteOncePod and SELinuxMount enabled.
var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() { var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
f := framework.NewDefaultFramework("csi-mock-volumes-selinux") f := framework.NewDefaultFramework("csi-mock-volumes-selinux")
@ -89,7 +89,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
expectedFirstMountOptions []string expectedFirstMountOptions []string
expectedSecondMountOptions []string expectedSecondMountOptions []string
expectedUnstage bool expectedUnstage bool
feature interface{} testTags []interface{}
}{ }{
// Start just a single pod and check its volume is mounted correctly // Start just a single pod and check its volume is mounted correctly
{ {
@ -98,7 +98,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
firstPodSELinuxOpts: &seLinuxOpts1, firstPodSELinuxOpts: &seLinuxOpts1,
volumeMode: v1.ReadWriteOncePod, volumeMode: v1.ReadWriteOncePod,
expectedFirstMountOptions: []string{seLinuxMountOption1}, expectedFirstMountOptions: []string{seLinuxMountOption1},
feature: framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod)},
}, },
{ {
name: "should add SELinux mount option to existing mount options", name: "should add SELinux mount option to existing mount options",
@ -107,7 +107,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
mountOptions: []string{"noexec", "noatime"}, mountOptions: []string{"noexec", "noatime"},
volumeMode: v1.ReadWriteOncePod, volumeMode: v1.ReadWriteOncePod,
expectedFirstMountOptions: []string{"noexec", "noatime", seLinuxMountOption1}, expectedFirstMountOptions: []string{"noexec", "noatime", seLinuxMountOption1},
feature: framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod)},
}, },
{ {
name: "should not pass SELinux mount option for RWO volume with SELinuxMount disabled", name: "should not pass SELinux mount option for RWO volume with SELinuxMount disabled",
@ -115,7 +115,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
firstPodSELinuxOpts: &seLinuxOpts1, firstPodSELinuxOpts: &seLinuxOpts1,
volumeMode: v1.ReadWriteOnce, volumeMode: v1.ReadWriteOnce,
expectedFirstMountOptions: nil, expectedFirstMountOptions: nil,
feature: feature.SELinuxMountReadWriteOncePodOnly, testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), feature.SELinuxMountReadWriteOncePodOnly},
}, },
{ {
name: "should pass SELinux mount option for RWO volume with SELinuxMount enabled", name: "should pass SELinux mount option for RWO volume with SELinuxMount enabled",
@ -123,7 +123,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
firstPodSELinuxOpts: &seLinuxOpts1, firstPodSELinuxOpts: &seLinuxOpts1,
volumeMode: v1.ReadWriteOnce, volumeMode: v1.ReadWriteOnce,
expectedFirstMountOptions: []string{seLinuxMountOption1}, expectedFirstMountOptions: []string{seLinuxMountOption1},
feature: framework.WithFeatureGate(features.SELinuxMount), testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), framework.WithFeatureGate(features.SELinuxMount)},
}, },
{ {
name: "should not pass SELinux mount option for Pod without SELinux context", name: "should not pass SELinux mount option for Pod without SELinux context",
@ -131,7 +131,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
firstPodSELinuxOpts: nil, firstPodSELinuxOpts: nil,
volumeMode: v1.ReadWriteOncePod, volumeMode: v1.ReadWriteOncePod,
expectedFirstMountOptions: nil, expectedFirstMountOptions: nil,
feature: framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod)},
}, },
{ {
name: "should not pass SELinux mount option for CSI driver that does not support SELinux mount", name: "should not pass SELinux mount option for CSI driver that does not support SELinux mount",
@ -139,7 +139,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
firstPodSELinuxOpts: &seLinuxOpts1, firstPodSELinuxOpts: &seLinuxOpts1,
volumeMode: v1.ReadWriteOncePod, volumeMode: v1.ReadWriteOncePod,
expectedFirstMountOptions: nil, expectedFirstMountOptions: nil,
feature: framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod)},
}, },
// Start two pods in a sequence and check their volume is / is not unmounted in between // Start two pods in a sequence and check their volume is / is not unmounted in between
{ {
@ -152,7 +152,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
expectedFirstMountOptions: []string{seLinuxMountOption1}, expectedFirstMountOptions: []string{seLinuxMountOption1},
expectedSecondMountOptions: []string{seLinuxMountOption1}, expectedSecondMountOptions: []string{seLinuxMountOption1},
expectedUnstage: false, expectedUnstage: false,
feature: framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod)},
}, },
{ {
name: "should unstage RWOP volume when starting a second pod with different SELinux context", name: "should unstage RWOP volume when starting a second pod with different SELinux context",
@ -164,7 +164,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
expectedFirstMountOptions: []string{seLinuxMountOption1}, expectedFirstMountOptions: []string{seLinuxMountOption1},
expectedSecondMountOptions: []string{seLinuxMountOption2}, expectedSecondMountOptions: []string{seLinuxMountOption2},
expectedUnstage: true, expectedUnstage: true,
feature: framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod)},
}, },
{ {
name: "should not unstage RWO volume when starting a second pod with the same SELinux context", name: "should not unstage RWO volume when starting a second pod with the same SELinux context",
@ -176,7 +176,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
expectedFirstMountOptions: []string{seLinuxMountOption1}, expectedFirstMountOptions: []string{seLinuxMountOption1},
expectedSecondMountOptions: []string{seLinuxMountOption1}, expectedSecondMountOptions: []string{seLinuxMountOption1},
expectedUnstage: false, expectedUnstage: false,
feature: framework.WithFeatureGate(features.SELinuxMount), testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), framework.WithFeatureGate(features.SELinuxMount)},
}, },
{ {
name: "should unstage RWO volume when starting a second pod with different SELinux context", name: "should unstage RWO volume when starting a second pod with different SELinux context",
@ -188,12 +188,12 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
expectedFirstMountOptions: []string{seLinuxMountOption1}, expectedFirstMountOptions: []string{seLinuxMountOption1},
expectedSecondMountOptions: []string{seLinuxMountOption2}, expectedSecondMountOptions: []string{seLinuxMountOption2},
expectedUnstage: true, expectedUnstage: true,
feature: framework.WithFeatureGate(features.SELinuxMount), testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), framework.WithFeatureGate(features.SELinuxMount)},
}, },
} }
for _, t := range tests { for _, t := range tests {
t := t t := t
f.It(t.name, t.feature, func(ctx context.Context) { testFunc := func(ctx context.Context) {
if framework.NodeOSDistroIs("windows") { if framework.NodeOSDistroIs("windows") {
e2eskipper.Skipf("SELinuxMount is only applied on linux nodes -- skipping") e2eskipper.Skipf("SELinuxMount is only applied on linux nodes -- skipping")
} }
@ -303,7 +303,15 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() {
gomega.Expect(unpublishCalls.Load()).To(gomega.BeNumerically(">", 0), "NodeUnpublish calls after the first pod is deleted") gomega.Expect(unpublishCalls.Load()).To(gomega.BeNumerically(">", 0), "NodeUnpublish calls after the first pod is deleted")
gomega.Expect(publishCalls.Load()).To(gomega.BeNumerically(">", 0), "NodePublish calls for the second pod") gomega.Expect(publishCalls.Load()).To(gomega.BeNumerically(">", 0), "NodePublish calls for the second pod")
gomega.Expect(nodePublishMountOpts).To(gomega.Equal(t.expectedSecondMountOptions), "NodePublish MountFlags for the second pod") gomega.Expect(nodePublishMountOpts).To(gomega.Equal(t.expectedSecondMountOptions), "NodePublish MountFlags for the second pod")
}) }
// t.testTags is array and it's not possible to use It("name", func(){}, t.testTags...)
// Compose It() arguments separately.
args := []interface{}{
t.name,
testFunc,
}
args = append(args, t.testTags...)
framework.It(args...)
} }
}) })
}) })
@ -338,7 +346,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount metrics", func() {
waitForSecondPodStart bool waitForSecondPodStart bool
secondPodFailureEvent string secondPodFailureEvent string
expectIncreases sets.String expectIncreases sets.String
feature interface{} testTags []interface{}
}{ }{
{ {
name: "warning is not bumped on two Pods with the same context on RWO volume", name: "warning is not bumped on two Pods with the same context on RWO volume",
@ -348,7 +356,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount metrics", func() {
volumeMode: v1.ReadWriteOnce, volumeMode: v1.ReadWriteOnce,
waitForSecondPodStart: true, waitForSecondPodStart: true,
expectIncreases: sets.NewString( /* no metric is increased, admitted_total was already increased when the first pod started */ ), expectIncreases: sets.NewString( /* no metric is increased, admitted_total was already increased when the first pod started */ ),
feature: feature.SELinuxMountReadWriteOncePodOnly, testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), feature.SELinuxMountReadWriteOncePodOnly},
}, },
{ {
name: "warning is bumped on two Pods with a different context on RWO volume", name: "warning is bumped on two Pods with a different context on RWO volume",
@ -358,7 +366,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount metrics", func() {
volumeMode: v1.ReadWriteOnce, volumeMode: v1.ReadWriteOnce,
waitForSecondPodStart: true, waitForSecondPodStart: true,
expectIncreases: sets.NewString("volume_manager_selinux_volume_context_mismatch_warnings_total"), expectIncreases: sets.NewString("volume_manager_selinux_volume_context_mismatch_warnings_total"),
feature: feature.SELinuxMountReadWriteOncePodOnly, testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), feature.SELinuxMountReadWriteOncePodOnly},
}, },
{ {
name: "error is not bumped on two Pods with the same context on RWO volume and SELinuxMount enabled", name: "error is not bumped on two Pods with the same context on RWO volume and SELinuxMount enabled",
@ -368,7 +376,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount metrics", func() {
volumeMode: v1.ReadWriteOnce, volumeMode: v1.ReadWriteOnce,
waitForSecondPodStart: true, waitForSecondPodStart: true,
expectIncreases: sets.NewString( /* no metric is increased, admitted_total was already increased when the first pod started */ ), expectIncreases: sets.NewString( /* no metric is increased, admitted_total was already increased when the first pod started */ ),
feature: framework.WithFeatureGate(features.SELinuxMount), testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), framework.WithFeatureGate(features.SELinuxMount)},
}, },
{ {
name: "error is bumped on two Pods with a different context on RWO volume and SELinuxMount enabled", name: "error is bumped on two Pods with a different context on RWO volume and SELinuxMount enabled",
@ -379,7 +387,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount metrics", func() {
volumeMode: v1.ReadWriteOnce, volumeMode: v1.ReadWriteOnce,
waitForSecondPodStart: false, waitForSecondPodStart: false,
expectIncreases: sets.NewString("volume_manager_selinux_volume_context_mismatch_errors_total"), expectIncreases: sets.NewString("volume_manager_selinux_volume_context_mismatch_errors_total"),
feature: framework.WithFeatureGate(features.SELinuxMount), testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), framework.WithFeatureGate(features.SELinuxMount)},
}, },
{ {
name: "error is bumped on two Pods with a different context on RWOP volume", name: "error is bumped on two Pods with a different context on RWOP volume",
@ -390,12 +398,12 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount metrics", func() {
volumeMode: v1.ReadWriteOncePod, volumeMode: v1.ReadWriteOncePod,
waitForSecondPodStart: false, waitForSecondPodStart: false,
expectIncreases: sets.NewString("volume_manager_selinux_volume_context_mismatch_errors_total"), expectIncreases: sets.NewString("volume_manager_selinux_volume_context_mismatch_errors_total"),
feature: framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod), testTags: []interface{}{framework.WithFeatureGate(features.SELinuxMountReadWriteOncePod)},
}, },
} }
for _, t := range tests { for _, t := range tests {
t := t t := t
f.It(t.name, t.feature, func(ctx context.Context) { testFunc := func(ctx context.Context) {
// Some metrics use CSI driver name as a label, which is "csi-mock-" + the namespace name. // Some metrics use CSI driver name as a label, which is "csi-mock-" + the namespace name.
volumePluginLabel := "{volume_plugin=\"kubernetes.io/csi/csi-mock-" + f.Namespace.Name + "\"}" volumePluginLabel := "{volume_plugin=\"kubernetes.io/csi/csi-mock-" + f.Namespace.Name + "\"}"
@ -467,7 +475,15 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount metrics", func() {
ginkgo.By("Waiting for expected metric changes") ginkgo.By("Waiting for expected metric changes")
err = waitForMetricIncrease(ctx, grabber, pod.Spec.NodeName, allMetrics, t.expectIncreases, metrics, framework.PodStartShortTimeout) err = waitForMetricIncrease(ctx, grabber, pod.Spec.NodeName, allMetrics, t.expectIncreases, metrics, framework.PodStartShortTimeout)
framework.ExpectNoError(err, "waiting for metrics %s to increase", t.expectIncreases) framework.ExpectNoError(err, "waiting for metrics %s to increase", t.expectIncreases)
}) }
// t.testTags is array and it's not possible to use It("name", func(){xxx}, t.testTags...)
// Compose It() arguments separately.
args := []interface{}{
t.name,
testFunc,
}
args = append(args, t.testTags...)
framework.It(args...)
} }
}) })
}) })