github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Modify podpreset lister to use correct namespace

Browse Source 
Previously a pod with an empty namespace field submitted to a given namespace
was incorrectly matching preset labels in a different namespace.
This commit is contained in:
Jeff Peeler 2017-07-18 10:46:45 -04:00
parent 4103f40fc2
commit 74463e5e66
2 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/admission/podpreset/admission.go
View File

@ -103,7 +103,7 @@ func (c *podPresetPlugin) Admit(a admission.Attributes) error {
return nil return nil
} }
list, err := c.lister.PodPresets(pod.GetNamespace()).List(labels.Everything()) list, err := c.lister.PodPresets(a.GetNamespace()).List(labels.Everything())
// Ignore if exclusion annotation is present // Ignore if exclusion annotation is present
if podAnnotations := pod.GetAnnotations(); podAnnotations != nil { if podAnnotations := pod.GetAnnotations(); podAnnotations != nil {

68
plugin/pkg/admission/podpreset/admission_test.go
View File

@ -695,6 +695,74 @@ func TestExclusionNoAdmit(t *testing.T) {
} }
} }
func TestAdmitEmptyPodNamespace(t *testing.T) {
containerName := "container"
pod := &api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "mypod",
Labels: map[string]string{
"security": "S2",
},
},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: containerName,
Env: []api.EnvVar{{Name: "abc", Value: "value2"}, {Name: "ABCD", Value: "value3"}},
},
},
},
}
pip := &settings.PodPreset{
ObjectMeta: v1.ObjectMeta{
Name: "hello",
Namespace: "different", // (pod will be submitted to namespace 'namespace')
},
Spec: settings.PodPresetSpec{
Selector: v1.LabelSelector{
MatchExpressions: []v1.LabelSelectorRequirement{
{
Key: "security",
Operator: v1.LabelSelectorOpIn,
Values: []string{"S2"},
},
},
},
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Env: []api.EnvVar{{Name: "abcd", Value: "value"}, {Name: "ABC", Value: "value"}},
EnvFrom: []api.EnvFromSource{
{
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
},
},
{
Prefix: "pre_",
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
},
},
},
},
}
originalPod, err := api.Scheme.Copy(pod)
if err != nil {
t.Fatal(err)
}
err = admitPod(pod, pip)
if err != nil {
t.Fatal(err)
}
// verify PodSpec has not been mutated
if !reflect.DeepEqual(pod, originalPod) {
t.Fatalf("Expected pod spec of '%v' to be unchanged", pod.Name)
}
}
func admitPod(pod *api.Pod, pip *settings.PodPreset) error { func admitPod(pod *api.Pod, pip *settings.PodPreset) error {
informerFactory := informers.NewSharedInformerFactory(nil, controller.NoResyncPeriodFunc()) informerFactory := informers.NewSharedInformerFactory(nil, controller.NoResyncPeriodFunc())
store := informerFactory.Settings().InternalVersion().PodPresets().Informer().GetStore() store := informerFactory.Settings().InternalVersion().PodPresets().Informer().GetStore()