github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 21:47:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #31684 from nebril/refactor-docker-manager-test

Browse Source 
Automatic merge from submit-queue

Pod creation moved outside of docker manager tests

**What this PR does / why we need it**:
It cleans up docker manager tests a little.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: related to #31550

**Special notes for your reviewer**:
I don't claim that working on this issue is finished, I cleaned up the tests just a bit
**Release note**:
```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2016-09-28 18:10:26 -07:00 committed by GitHub
commit 80123cb680
1 changed files with 178 additions and 373 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

551
pkg/kubelet/dockertools/docker_manager_test.go
View File

@ -422,14 +422,7 @@ func TestDeleteImageWithMultipleTags(t *testing.T) {
func TestKillContainerInPod(t *testing.T) { func TestKillContainerInPod(t *testing.T) {
manager, fakeDocker := newTestDockerManager() manager, fakeDocker := newTestDockerManager()
pod := &api.Pod{ pod := makePod("qux", nil)
ObjectMeta: api.ObjectMeta{
UID: "12345678",
Name: "qux",
Namespace: "new",
},
Spec: api.PodSpec{Containers: []api.Container{{Name: "foo"}, {Name: "bar"}}},
}
containers := []*FakeContainer{ containers := []*FakeContainer{
{ {
ID: "1111", ID: "1111",
@ -465,26 +458,20 @@ func TestKillContainerInPodWithPreStop(t *testing.T) {
ExitCode: 0, ExitCode: 0,
} }
expectedCmd := []string{"foo.sh", "bar"} expectedCmd := []string{"foo.sh", "bar"}
pod := &api.Pod{ pod := makePod("qux", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {
Name: "qux", Name: "foo",
Namespace: "new", Lifecycle: &api.Lifecycle{
}, PreStop: &api.Handler{
Spec: api.PodSpec{ Exec: &api.ExecAction{
Containers: []api.Container{ Command: expectedCmd,
{
Name: "foo",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{
Exec: &api.ExecAction{
Command: expectedCmd,
},
}, },
}, },
}, },
{Name: "bar"}}}, },
} {Name: "bar"}}})
podString, err := runtime.Encode(testapi.Default.Codec(), pod) podString, err := runtime.Encode(testapi.Default.Codec(), pod)
if err != nil { if err != nil {
t.Errorf("unexpected error: %v", err) t.Errorf("unexpected error: %v", err)
@ -524,14 +511,7 @@ func TestKillContainerInPodWithPreStop(t *testing.T) {
func TestKillContainerInPodWithError(t *testing.T) { func TestKillContainerInPodWithError(t *testing.T) {
manager, fakeDocker := newTestDockerManager() manager, fakeDocker := newTestDockerManager()
pod := &api.Pod{ pod := makePod("qux", nil)
ObjectMeta: api.ObjectMeta{
UID: "12345678",
Name: "qux",
Namespace: "new",
},
Spec: api.PodSpec{Containers: []api.Container{{Name: "foo"}, {Name: "bar"}}},
}
containers := []*FakeContainer{ containers := []*FakeContainer{
{ {
ID: "1111", ID: "1111",
@ -602,18 +582,11 @@ func TestSyncPodCreateNetAndContainer(t *testing.T) {
dm, fakeDocker := newTestDockerManager() dm, fakeDocker := newTestDockerManager()
dm.podInfraContainerImage = "pod_infra_image" dm.podInfraContainerImage = "pod_infra_image"
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar"},
Name: "foo",
Namespace: "new",
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{
{Name: "bar"},
},
},
}
runSyncPod(t, dm, fakeDocker, pod, nil, false) runSyncPod(t, dm, fakeDocker, pod, nil, false)
verifyCalls(t, fakeDocker, []string{ verifyCalls(t, fakeDocker, []string{
@ -649,18 +622,11 @@ func TestSyncPodCreatesNetAndContainerPullsImage(t *testing.T) {
puller := dm.dockerPuller.(*FakeDockerPuller) puller := dm.dockerPuller.(*FakeDockerPuller)
puller.HasImages = []string{} puller.HasImages = []string{}
dm.podInfraContainerImage = "pod_infra_image" dm.podInfraContainerImage = "pod_infra_image"
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar", Image: "something", ImagePullPolicy: "IfNotPresent"},
Name: "foo",
Namespace: "new",
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{
{Name: "bar", Image: "something", ImagePullPolicy: "IfNotPresent"},
},
},
}
runSyncPod(t, dm, fakeDocker, pod, nil, false) runSyncPod(t, dm, fakeDocker, pod, nil, false)
@ -687,18 +653,11 @@ func TestSyncPodCreatesNetAndContainerPullsImage(t *testing.T) {
func TestSyncPodWithPodInfraCreatesContainer(t *testing.T) { func TestSyncPodWithPodInfraCreatesContainer(t *testing.T) {
dm, fakeDocker := newTestDockerManager() dm, fakeDocker := newTestDockerManager()
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar"},
Name: "foo",
Namespace: "new",
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{
{Name: "bar"},
},
},
}
fakeDocker.SetFakeRunningContainers([]*FakeContainer{{ fakeDocker.SetFakeRunningContainers([]*FakeContainer{{
ID: "9876", ID: "9876",
@ -722,18 +681,11 @@ func TestSyncPodWithPodInfraCreatesContainer(t *testing.T) {
func TestSyncPodDeletesWithNoPodInfraContainer(t *testing.T) { func TestSyncPodDeletesWithNoPodInfraContainer(t *testing.T) {
dm, fakeDocker := newTestDockerManager() dm, fakeDocker := newTestDockerManager()
pod := &api.Pod{ pod := makePod("foo1", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar1"},
Name: "foo1",
Namespace: "new",
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{
{Name: "bar1"},
},
},
}
fakeDocker.SetFakeRunningContainers([]*FakeContainer{{ fakeDocker.SetFakeRunningContainers([]*FakeContainer{{
ID: "1234", ID: "1234",
Name: "/k8s_bar1_foo1_new_12345678_0", Name: "/k8s_bar1_foo1_new_12345678_0",
@ -764,18 +716,11 @@ func TestSyncPodDeletesWithNoPodInfraContainer(t *testing.T) {
func TestSyncPodDeletesDuplicate(t *testing.T) { func TestSyncPodDeletesDuplicate(t *testing.T) {
dm, fakeDocker := newTestDockerManager() dm, fakeDocker := newTestDockerManager()
pod := &api.Pod{ pod := makePod("bar", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "foo"},
Name: "bar",
Namespace: "new",
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{
{Name: "foo"},
},
},
}
fakeDocker.SetFakeRunningContainers([]*FakeContainer{ fakeDocker.SetFakeRunningContainers([]*FakeContainer{
{ {
@ -805,18 +750,11 @@ func TestSyncPodDeletesDuplicate(t *testing.T) {
func TestSyncPodBadHash(t *testing.T) { func TestSyncPodBadHash(t *testing.T) {
dm, fakeDocker := newTestDockerManager() dm, fakeDocker := newTestDockerManager()
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar"},
Name: "foo",
Namespace: "new",
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{
{Name: "bar"},
},
},
}
fakeDocker.SetFakeRunningContainers([]*FakeContainer{ fakeDocker.SetFakeRunningContainers([]*FakeContainer{
{ {
@ -845,16 +783,9 @@ func TestSyncPodsUnhealthy(t *testing.T) {
infraContainerID = "9876" infraContainerID = "9876"
) )
dm, fakeDocker := newTestDockerManager() dm, fakeDocker := newTestDockerManager()
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{{Name: "unhealthy"}},
UID: "12345678", })
Name: "foo",
Namespace: "new",
},
Spec: api.PodSpec{
Containers: []api.Container{{Name: "unhealthy"}},
},
}
fakeDocker.SetFakeRunningContainers([]*FakeContainer{ fakeDocker.SetFakeRunningContainers([]*FakeContainer{
{ {
@ -884,18 +815,11 @@ func TestSyncPodsUnhealthy(t *testing.T) {
func TestSyncPodsDoesNothing(t *testing.T) { func TestSyncPodsDoesNothing(t *testing.T) {
dm, fakeDocker := newTestDockerManager() dm, fakeDocker := newTestDockerManager()
container := api.Container{Name: "bar"} container := api.Container{Name: "bar"}
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", container,
Name: "foo",
Namespace: "new",
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{
container,
},
},
}
fakeDocker.SetFakeRunningContainers([]*FakeContainer{ fakeDocker.SetFakeRunningContainers([]*FakeContainer{
{ {
ID: "1234", ID: "1234",
@ -917,16 +841,9 @@ func TestSyncPodWithRestartPolicy(t *testing.T) {
{Name: "succeeded"}, {Name: "succeeded"},
{Name: "failed"}, {Name: "failed"},
} }
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: containers,
UID: "12345678", })
Name: "foo",
Namespace: "new",
},
Spec: api.PodSpec{
Containers: containers,
},
}
dockerContainers := []*FakeContainer{ dockerContainers := []*FakeContainer{
{ {
ID: "9876", ID: "9876",
@ -1011,34 +928,27 @@ func TestSyncPodBackoff(t *testing.T) {
{Name: "good"}, {Name: "good"},
{Name: "bad"}, {Name: "bad"},
} }
pod := &api.Pod{ pod := makePod("podfoo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: containers,
UID: "12345678", })
Name: "podfoo",
Namespace: "nsnew",
},
Spec: api.PodSpec{
Containers: containers,
},
}
stableId := "k8s_bad." + strconv.FormatUint(kubecontainer.HashContainer(&containers[1]), 16) + "_podfoo_nsnew_12345678" stableId := "k8s_bad." + strconv.FormatUint(kubecontainer.HashContainer(&containers[1]), 16) + "_podfoo_new_12345678"
dockerContainers := []*FakeContainer{ dockerContainers := []*FakeContainer{
{ {
ID: "9876", ID: "9876",
Name: "/k8s_POD." + strconv.FormatUint(generatePodInfraContainerHash(pod), 16) + "_podfoo_nsnew_12345678_0", Name: "/k8s_POD." + strconv.FormatUint(generatePodInfraContainerHash(pod), 16) + "_podfoo_new_12345678_0",
StartedAt: startTime, StartedAt: startTime,
Running: true, Running: true,
}, },
{ {
ID: "1234", ID: "1234",
Name: "/k8s_good." + strconv.FormatUint(kubecontainer.HashContainer(&containers[0]), 16) + "_podfoo_nsnew_12345678_0", Name: "/k8s_good." + strconv.FormatUint(kubecontainer.HashContainer(&containers[0]), 16) + "_podfoo_new_12345678_0",
StartedAt: startTime, StartedAt: startTime,
Running: true, Running: true,
}, },
{ {
ID: "5678", ID: "5678",
Name: "/k8s_bad." + strconv.FormatUint(kubecontainer.HashContainer(&containers[1]), 16) + "_podfoo_nsnew_12345678_0", Name: "/k8s_bad." + strconv.FormatUint(kubecontainer.HashContainer(&containers[1]), 16) + "_podfoo_new_12345678_0",
ExitCode: 42, ExitCode: 42,
StartedAt: startTime, StartedAt: startTime,
FinishedAt: fakeClock.Now(), FinishedAt: fakeClock.Now(),
@ -1098,24 +1008,17 @@ func TestSyncPodBackoff(t *testing.T) {
func TestGetRestartCount(t *testing.T) { func TestGetRestartCount(t *testing.T) {
dm, fakeDocker := newTestDockerManager() dm, fakeDocker := newTestDockerManager()
containerName := "bar" containerName := "bar"
pod := api.Pod{ pod := *makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: containerName},
Name: "foo",
Namespace: "new",
}, },
Spec: api.PodSpec{ RestartPolicy: "Always",
Containers: []api.Container{ })
{Name: containerName}, pod.Status = api.PodStatus{
}, ContainerStatuses: []api.ContainerStatus{
RestartPolicy: "Always", {
}, Name: containerName,
Status: api.PodStatus{ RestartCount: 3,
ContainerStatuses: []api.ContainerStatus{
{
Name: containerName,
RestartCount: 3,
},
}, },
}, },
} }
@ -1192,16 +1095,9 @@ func TestGetTerminationMessagePath(t *testing.T) {
TerminationMessagePath: "/dev/somepath", TerminationMessagePath: "/dev/somepath",
}, },
} }
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: containers,
UID: "12345678", })
Name: "foo",
Namespace: "new",
},
Spec: api.PodSpec{
Containers: containers,
},
}
runSyncPod(t, dm, fakeDocker, pod, nil, false) runSyncPod(t, dm, fakeDocker, pod, nil, false)
@ -1225,29 +1121,22 @@ func TestSyncPodWithPodInfraCreatesContainerCallsHandler(t *testing.T) {
fakeHTTPClient := &fakeHTTP{} fakeHTTPClient := &fakeHTTP{}
dm, fakeDocker := newTestDockerManagerWithHTTPClient(fakeHTTPClient) dm, fakeDocker := newTestDockerManagerWithHTTPClient(fakeHTTPClient)
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {
Name: "foo", Name: "bar",
Namespace: "new", Lifecycle: &api.Lifecycle{
}, PostStart: &api.Handler{
Spec: api.PodSpec{ HTTPGet: &api.HTTPGetAction{
Containers: []api.Container{ Host: "foo",
{ Port: intstr.FromInt(8080),
Name: "bar", Path: "bar",
Lifecycle: &api.Lifecycle{
PostStart: &api.Handler{
HTTPGet: &api.HTTPGetAction{
Host: "foo",
Port: intstr.FromInt(8080),
Path: "bar",
},
}, },
}, },
}, },
}, },
}, },
} })
fakeDocker.SetFakeRunningContainers([]*FakeContainer{{ fakeDocker.SetFakeRunningContainers([]*FakeContainer{{
ID: "9876", ID: "9876",
Name: "/k8s_POD." + strconv.FormatUint(generatePodInfraContainerHash(pod), 16) + "_foo_new_12345678_0", Name: "/k8s_POD." + strconv.FormatUint(generatePodInfraContainerHash(pod), 16) + "_foo_new_12345678_0",
@ -1275,28 +1164,21 @@ func TestSyncPodEventHandlerFails(t *testing.T) {
fakeHTTPClient := &fakeHTTP{err: fmt.Errorf("test error")} fakeHTTPClient := &fakeHTTP{err: fmt.Errorf("test error")}
dm, fakeDocker := newTestDockerManagerWithHTTPClient(fakeHTTPClient) dm, fakeDocker := newTestDockerManagerWithHTTPClient(fakeHTTPClient)
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar",
Name: "foo", Lifecycle: &api.Lifecycle{
Namespace: "new", PostStart: &api.Handler{
}, HTTPGet: &api.HTTPGetAction{
Spec: api.PodSpec{ Host: "does.no.exist",
Containers: []api.Container{ Port: intstr.FromInt(8080),
{Name: "bar", Path: "bar",
Lifecycle: &api.Lifecycle{
PostStart: &api.Handler{
HTTPGet: &api.HTTPGetAction{
Host: "does.no.exist",
Port: intstr.FromInt(8080),
Path: "bar",
},
}, },
}, },
}, },
}, },
}, },
} })
fakeDocker.SetFakeRunningContainers([]*FakeContainer{{ fakeDocker.SetFakeRunningContainers([]*FakeContainer{{
ID: "9876", ID: "9876",
@ -1311,7 +1193,6 @@ func TestSyncPodEventHandlerFails(t *testing.T) {
"stop", "stop",
}) })
// TODO(yifan): Check the stopped container's name.
if len(fakeDocker.Stopped) != 1 { if len(fakeDocker.Stopped) != 1 {
t.Fatalf("Wrong containers were stopped: %v", fakeDocker.Stopped) t.Fatalf("Wrong containers were stopped: %v", fakeDocker.Stopped)
} }
@ -1360,18 +1241,11 @@ func TestSyncPodWithTerminationLog(t *testing.T) {
Name: "bar", Name: "bar",
TerminationMessagePath: "/dev/somepath", TerminationMessagePath: "/dev/somepath",
} }
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", container,
Name: "foo",
Namespace: "new",
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{
container,
},
},
}
runSyncPod(t, dm, fakeDocker, pod, nil, false) runSyncPod(t, dm, fakeDocker, pod, nil, false)
verifyCalls(t, fakeDocker, []string{ verifyCalls(t, fakeDocker, []string{
@ -1405,21 +1279,14 @@ func TestSyncPodWithTerminationLog(t *testing.T) {
func TestSyncPodWithHostNetwork(t *testing.T) { func TestSyncPodWithHostNetwork(t *testing.T) {
dm, fakeDocker := newTestDockerManager() dm, fakeDocker := newTestDockerManager()
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar"},
Name: "foo",
Namespace: "new",
}, },
Spec: api.PodSpec{ SecurityContext: &api.PodSecurityContext{
Containers: []api.Container{ HostNetwork: true,
{Name: "bar"},
},
SecurityContext: &api.PodSecurityContext{
HostNetwork: true,
},
}, },
} })
runSyncPod(t, dm, fakeDocker, pod, nil, false) runSyncPod(t, dm, fakeDocker, pod, nil, false)
@ -1616,22 +1483,15 @@ func TestSyncPodWithPullPolicy(t *testing.T) {
puller.HasImages = []string{"existing_one", "want:latest"} puller.HasImages = []string{"existing_one", "want:latest"}
dm.podInfraContainerImage = "pod_infra_image" dm.podInfraContainerImage = "pod_infra_image"
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar", Image: "pull_always_image", ImagePullPolicy: api.PullAlways},
Name: "foo", {Name: "bar2", Image: "pull_if_not_present_image", ImagePullPolicy: api.PullIfNotPresent},
Namespace: "new", {Name: "bar3", Image: "existing_one", ImagePullPolicy: api.PullIfNotPresent},
{Name: "bar4", Image: "want:latest", ImagePullPolicy: api.PullIfNotPresent},
{Name: "bar5", Image: "pull_never_image", ImagePullPolicy: api.PullNever},
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{
{Name: "bar", Image: "pull_always_image", ImagePullPolicy: api.PullAlways},
{Name: "bar2", Image: "pull_if_not_present_image", ImagePullPolicy: api.PullIfNotPresent},
{Name: "bar3", Image: "existing_one", ImagePullPolicy: api.PullIfNotPresent},
{Name: "bar4", Image: "want:latest", ImagePullPolicy: api.PullIfNotPresent},
{Name: "bar5", Image: "pull_never_image", ImagePullPolicy: api.PullNever},
},
},
}
expectedResults := []*kubecontainer.SyncResult{ expectedResults := []*kubecontainer.SyncResult{
//Sync result for infra container //Sync result for infra container
@ -1665,13 +1525,7 @@ func TestSyncPodWithPullPolicy(t *testing.T) {
// There are still quite a few failure cases not covered. // There are still quite a few failure cases not covered.
// TODO(random-liu): Better way to test the SyncPod failures. // TODO(random-liu): Better way to test the SyncPod failures.
func TestSyncPodWithFailure(t *testing.T) { func TestSyncPodWithFailure(t *testing.T) {
pod := &api.Pod{ pod := makePod("foo", nil)
ObjectMeta: api.ObjectMeta{
UID: "12345678",
Name: "foo",
Namespace: "new",
},
}
tests := map[string]struct { tests := map[string]struct {
container api.Container container api.Container
dockerError map[string]error dockerError map[string]error
@ -1776,20 +1630,14 @@ func TestSecurityOptsOperator(t *testing.T) {
func TestGetSecurityOpts(t *testing.T) { func TestGetSecurityOpts(t *testing.T) {
const containerName = "bar" const containerName = "bar"
makePod := func(annotations map[string]string) *api.Pod { pod := func(annotations map[string]string) *api.Pod {
return &api.Pod{ p := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: containerName},
Name: "foo",
Namespace: "new",
Annotations: annotations,
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{ p.Annotations = annotations
{Name: containerName}, return p
},
},
}
} }
tests := []struct { tests := []struct {
@ -1798,29 +1646,29 @@ func TestGetSecurityOpts(t *testing.T) {
expectedOpts []string expectedOpts []string
}{{ }{{
msg: "No security annotations", msg: "No security annotations",
pod: makePod(nil), pod: pod(nil),
expectedOpts: []string{"seccomp=unconfined"}, expectedOpts: []string{"seccomp=unconfined"},
}, { }, {
msg: "Seccomp default", msg: "Seccomp default",
pod: makePod(map[string]string{ pod: pod(map[string]string{
api.SeccompContainerAnnotationKeyPrefix + containerName: "docker/default", api.SeccompContainerAnnotationKeyPrefix + containerName: "docker/default",
}), }),
expectedOpts: nil, expectedOpts: nil,
}, { }, {
msg: "AppArmor runtime/default", msg: "AppArmor runtime/default",
pod: makePod(map[string]string{ pod: pod(map[string]string{
apparmor.ContainerAnnotationKeyPrefix + containerName: apparmor.ProfileRuntimeDefault, apparmor.ContainerAnnotationKeyPrefix + containerName: apparmor.ProfileRuntimeDefault,
}), }),
expectedOpts: []string{"seccomp=unconfined"}, expectedOpts: []string{"seccomp=unconfined"},
}, { }, {
msg: "AppArmor local profile", msg: "AppArmor local profile",
pod: makePod(map[string]string{ pod: pod(map[string]string{
apparmor.ContainerAnnotationKeyPrefix + containerName: apparmor.ProfileNamePrefix + "foo", apparmor.ContainerAnnotationKeyPrefix + containerName: apparmor.ProfileNamePrefix + "foo",
}), }),
expectedOpts: []string{"seccomp=unconfined", "apparmor=foo"}, expectedOpts: []string{"seccomp=unconfined", "apparmor=foo"},
}, { }, {
msg: "AppArmor and seccomp profile", msg: "AppArmor and seccomp profile",
pod: makePod(map[string]string{ pod: pod(map[string]string{
api.SeccompContainerAnnotationKeyPrefix + containerName: "docker/default", api.SeccompContainerAnnotationKeyPrefix + containerName: "docker/default",
apparmor.ContainerAnnotationKeyPrefix + containerName: apparmor.ProfileNamePrefix + "foo", apparmor.ContainerAnnotationKeyPrefix + containerName: apparmor.ProfileNamePrefix + "foo",
}), }),
@ -1846,18 +1694,11 @@ func TestSeccompIsUnconfinedByDefaultWithDockerV110(t *testing.T) {
recorder := record.NewFakeRecorder(20) recorder := record.NewFakeRecorder(20)
dm.recorder = recorder dm.recorder = recorder
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar"},
Name: "foo",
Namespace: "new",
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{
{Name: "bar"},
},
},
}
runSyncPod(t, dm, fakeDocker, pod, nil, false) runSyncPod(t, dm, fakeDocker, pod, nil, false)
@ -1889,20 +1730,13 @@ func TestSeccompIsUnconfinedByDefaultWithDockerV110(t *testing.T) {
func TestUnconfinedSeccompProfileWithDockerV110(t *testing.T) { func TestUnconfinedSeccompProfileWithDockerV110(t *testing.T) {
dm, fakeDocker := newTestDockerManagerWithVersion("1.10.1", "1.22") dm, fakeDocker := newTestDockerManagerWithVersion("1.10.1", "1.22")
pod := &api.Pod{ pod := makePod("foo4", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar4"},
Name: "foo4",
Namespace: "new",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "unconfined",
},
},
Spec: api.PodSpec{
Containers: []api.Container{
{Name: "bar4"},
},
}, },
})
pod.Annotations = map[string]string{
api.SeccompPodAnnotationKey: "unconfined",
} }
runSyncPod(t, dm, fakeDocker, pod, nil, false) runSyncPod(t, dm, fakeDocker, pod, nil, false)
@ -1931,20 +1765,13 @@ func TestUnconfinedSeccompProfileWithDockerV110(t *testing.T) {
func TestDefaultSeccompProfileWithDockerV110(t *testing.T) { func TestDefaultSeccompProfileWithDockerV110(t *testing.T) {
dm, fakeDocker := newTestDockerManagerWithVersion("1.10.1", "1.22") dm, fakeDocker := newTestDockerManagerWithVersion("1.10.1", "1.22")
pod := &api.Pod{ pod := makePod("foo1", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar1"},
Name: "foo1",
Namespace: "new",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "docker/default",
},
},
Spec: api.PodSpec{
Containers: []api.Container{
{Name: "bar1"},
},
}, },
})
pod.Annotations = map[string]string{
api.SeccompPodAnnotationKey: "docker/default",
} }
runSyncPod(t, dm, fakeDocker, pod, nil, false) runSyncPod(t, dm, fakeDocker, pod, nil, false)
@ -1973,21 +1800,14 @@ func TestDefaultSeccompProfileWithDockerV110(t *testing.T) {
func TestSeccompContainerAnnotationTrumpsPod(t *testing.T) { func TestSeccompContainerAnnotationTrumpsPod(t *testing.T) {
dm, fakeDocker := newTestDockerManagerWithVersion("1.10.1", "1.22") dm, fakeDocker := newTestDockerManagerWithVersion("1.10.1", "1.22")
pod := &api.Pod{ pod := makePod("foo2", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar2"},
Name: "foo2",
Namespace: "new",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "unconfined",
api.SeccompContainerAnnotationKeyPrefix + "bar2": "docker/default",
},
},
Spec: api.PodSpec{
Containers: []api.Container{
{Name: "bar2"},
},
}, },
})
pod.Annotations = map[string]string{
api.SeccompPodAnnotationKey: "unconfined",
api.SeccompContainerAnnotationKeyPrefix + "bar2": "docker/default",
} }
runSyncPod(t, dm, fakeDocker, pod, nil, false) runSyncPod(t, dm, fakeDocker, pod, nil, false)
@ -2052,19 +1872,12 @@ func TestSeccompLocalhostProfileIsLoaded(t *testing.T) {
_, filename, _, _ := goruntime.Caller(0) _, filename, _, _ := goruntime.Caller(0)
dm.seccompProfileRoot = path.Join(path.Dir(filename), "fixtures", "seccomp") dm.seccompProfileRoot = path.Join(path.Dir(filename), "fixtures", "seccomp")
pod := &api.Pod{ pod := makePod("foo2", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar2"},
Name: "foo2",
Namespace: "new",
Annotations: test.annotations,
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{ pod.Annotations = test.annotations
{Name: "bar2"},
},
},
}
result := runSyncPod(t, dm, fakeDocker, pod, nil, test.expectedError != "") result := runSyncPod(t, dm, fakeDocker, pod, nil, test.expectedError != "")
if test.expectedError != "" { if test.expectedError != "" {
@ -2102,18 +1915,11 @@ func TestSeccompLocalhostProfileIsLoaded(t *testing.T) {
func TestSecurityOptsAreNilWithDockerV19(t *testing.T) { func TestSecurityOptsAreNilWithDockerV19(t *testing.T) {
dm, fakeDocker := newTestDockerManagerWithVersion("1.9.1", "1.21") dm, fakeDocker := newTestDockerManagerWithVersion("1.9.1", "1.21")
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar"},
Name: "foo",
Namespace: "new",
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{
{Name: "bar"},
},
},
}
runSyncPod(t, dm, fakeDocker, pod, nil, false) runSyncPod(t, dm, fakeDocker, pod, nil, false)
@ -2320,16 +2126,9 @@ func TestGetPodStatusNoSuchContainer(t *testing.T) {
infraContainerID = "9876" infraContainerID = "9876"
) )
dm, fakeDocker := newTestDockerManager() dm, fakeDocker := newTestDockerManager()
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{{Name: "nosuchcontainer"}},
UID: "12345678", })
Name: "foo",
Namespace: "new",
},
Spec: api.PodSpec{
Containers: []api.Container{{Name: "nosuchcontainer"}},
},
}
fakeDocker.SetFakeContainers([]*FakeContainer{ fakeDocker.SetFakeContainers([]*FakeContainer{
{ {
@ -2364,14 +2163,12 @@ func TestGetPodStatusNoSuchContainer(t *testing.T) {
func TestPruneInitContainers(t *testing.T) { func TestPruneInitContainers(t *testing.T) {
dm, fake := newTestDockerManager() dm, fake := newTestDockerManager()
pod := &api.Pod{ pod := makePod("", &api.PodSpec{
Spec: api.PodSpec{ InitContainers: []api.Container{
InitContainers: []api.Container{ {Name: "init1"},
{Name: "init1"}, {Name: "init2"},
{Name: "init2"},
},
}, },
} })
status := &kubecontainer.PodStatus{ status := &kubecontainer.PodStatus{
ContainerStatuses: []*kubecontainer.ContainerStatus{ ContainerStatuses: []*kubecontainer.ContainerStatus{
{Name: "init2", ID: kubecontainer.ContainerID{ID: "init2-new-1"}, State: kubecontainer.ContainerStateExited}, {Name: "init2", ID: kubecontainer.ContainerID{ID: "init2-new-1"}, State: kubecontainer.ContainerStateExited},
@ -2510,18 +2307,11 @@ func TestSyncPodGetsPodIPFromNetworkPlugin(t *testing.T) {
fnp := mock_network.NewMockNetworkPlugin(ctrl) fnp := mock_network.NewMockNetworkPlugin(ctrl)
dm.networkPlugin = fnp dm.networkPlugin = fnp
pod := &api.Pod{ pod := makePod("foo", &api.PodSpec{
ObjectMeta: api.ObjectMeta{ Containers: []api.Container{
UID: "12345678", {Name: "bar"},
Name: "foo",
Namespace: "new",
}, },
Spec: api.PodSpec{ })
Containers: []api.Container{
{Name: "bar"},
},
},
}
// Can be called multiple times due to GetPodStatus // Can be called multiple times due to GetPodStatus
fnp.EXPECT().Name().Return("someNetworkPlugin").AnyTimes() fnp.EXPECT().Name().Return("someNetworkPlugin").AnyTimes()
@ -2568,3 +2358,18 @@ func TestContainerAndPodFromLabels(t *testing.T) {
} }
} }
} }
func makePod(name string, spec *api.PodSpec) *api.Pod {
if spec == nil {
spec = &api.PodSpec{Containers: []api.Container{{Name: "foo"}, {Name: "bar"}}}
}
pod := &api.Pod{
ObjectMeta: api.ObjectMeta{
UID: "12345678",
Name: name,
Namespace: "new",
},
Spec: *spec,
}
return pod
}