From ff6947625d4a89f6b21327c768e81232c6cf54cd Mon Sep 17 00:00:00 2001 From: Chao Xu Date: Mon, 1 Jun 2015 21:51:26 -0700 Subject: [PATCH 1/4] add v1 tests to hack/test-go; let default value of Container.SecurityContext to be nil --- cmd/integration/integration.go | 17 +++++++++ examples/examples_test.go | 1 + hack/test-go.sh | 2 +- pkg/api/latest/latest_test.go | 1 + pkg/api/v1beta3/defaults.go | 3 ++ .../validation/testdata/v1/invalidPod.yaml | 11 ++++++ .../validation/testdata/v1/invalidPod1.json | 19 ++++++++++ .../validation/testdata/v1/invalidPod2.json | 35 +++++++++++++++++++ .../validation/testdata/v1/invalidPod3.json | 35 +++++++++++++++++++ pkg/api/validation/testdata/v1/validPod.yaml | 16 +++++++++ pkg/kubelet/config/http_test.go | 8 ++--- 11 files changed, 143 insertions(+), 5 deletions(-) create mode 100644 pkg/api/validation/testdata/v1/invalidPod.yaml create mode 100644 pkg/api/validation/testdata/v1/invalidPod1.json create mode 100644 pkg/api/validation/testdata/v1/invalidPod2.json create mode 100644 pkg/api/validation/testdata/v1/invalidPod3.json create mode 100644 pkg/api/validation/testdata/v1/validPod.yaml diff --git a/cmd/integration/integration.go b/cmd/integration/integration.go index 33b9cd64cff..2ce6376e42d 100644 --- a/cmd/integration/integration.go +++ b/cmd/integration/integration.go @@ -622,6 +622,23 @@ func runPatchTest(c *client.Client) { []byte(`{"metadata":{"labels":{"$patch":"replace"}}}`), }, }, + "v1": { + api.JSONPatchType: { + []byte(`[{"op":"add","path":"/metadata/labels","value":{"foo":"bar","baz":"qux"}}]`), + []byte(`[{"op":"remove","path":"/metadata/labels/foo"}]`), + []byte(`[{"op":"remove","path":"/metadata/labels"}]`), + }, + api.MergePatchType: { + []byte(`{"metadata":{"labels":{"foo":"bar","baz":"qux"}}}`), + []byte(`{"metadata":{"labels":{"foo":null}}}`), + []byte(`{"metadata":{"labels":null}}`), + }, + api.StrategicMergePatchType: { + []byte(`{"metadata":{"labels":{"foo":"bar","baz":"qux"}}}`), + []byte(`{"metadata":{"labels":{"foo":null}}}`), + []byte(`{"metadata":{"labels":{"$patch":"replace"}}}`), + }, + }, } pb := patchBodies[c.APIVersion()] diff --git a/examples/examples_test.go b/examples/examples_test.go index 332ed89a8b0..877d84829e8 100644 --- a/examples/examples_test.go +++ b/examples/examples_test.go @@ -140,6 +140,7 @@ func TestExampleObjectSchemas(t *testing.T) { cases := map[string]map[string]runtime.Object{ "../cmd/integration": { "v1beta3-controller": &api.ReplicationController{}, + "v1-controller": &api.ReplicationController{}, }, "../examples/guestbook": { "frontend-controller": &api.ReplicationController{}, diff --git a/hack/test-go.sh b/hack/test-go.sh index 0604a092356..3cb94d88b0c 100755 --- a/hack/test-go.sh +++ b/hack/test-go.sh @@ -52,7 +52,7 @@ KUBE_RACE=${KUBE_RACE:-} # use KUBE_RACE="-race" to enable race testing # Set to the goveralls binary path to report coverage results to Coveralls.io. KUBE_GOVERALLS_BIN=${KUBE_GOVERALLS_BIN:-} # Comma separated list of API Versions that should be tested. -KUBE_TEST_API_VERSIONS=${KUBE_TEST_API_VERSIONS:-"v1beta3"} +KUBE_TEST_API_VERSIONS=${KUBE_TEST_API_VERSIONS:-"v1beta3,v1"} # Run tests with the standard (registry) and a custom etcd prefix # (kubernetes.io/registry). KUBE_TEST_ETCD_PREFIXES=${KUBE_TEST_ETCD_PREFIXES:-"registry,kubernetes.io/registry"} diff --git a/pkg/api/latest/latest_test.go b/pkg/api/latest/latest_test.go index 881ac4b8558..8169443ae58 100644 --- a/pkg/api/latest/latest_test.go +++ b/pkg/api/latest/latest_test.go @@ -21,6 +21,7 @@ import ( "testing" internal "github.com/GoogleCloudPlatform/kubernetes/pkg/api" + _ "github.com/GoogleCloudPlatform/kubernetes/pkg/api/v1" ) func TestResourceVersioner(t *testing.T) { diff --git a/pkg/api/v1beta3/defaults.go b/pkg/api/v1beta3/defaults.go index d542e5f3047..74f931dd136 100644 --- a/pkg/api/v1beta3/defaults.go +++ b/pkg/api/v1beta3/defaults.go @@ -171,6 +171,9 @@ func defaultHostNetworkPorts(containers *[]Container) { // defaultSecurityContext performs the downward and upward merges of a pod definition func defaultSecurityContext(container *Container) { if container.SecurityContext == nil { + if (len(container.Capabilities.Add) == 0) && (len(container.Capabilities.Drop) == 0) && (container.Privileged == false) { + return + } glog.V(5).Infof("creating security context for container %s", container.Name) container.SecurityContext = &SecurityContext{} } diff --git a/pkg/api/validation/testdata/v1/invalidPod.yaml b/pkg/api/validation/testdata/v1/invalidPod.yaml new file mode 100644 index 00000000000..059b2dc7b2e --- /dev/null +++ b/pkg/api/validation/testdata/v1/invalidPod.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Pod +metadata: + labels: + name: redis-master + name: name +spec: + containers: + - args: "this is a bad command" + image: redis + name: master diff --git a/pkg/api/validation/testdata/v1/invalidPod1.json b/pkg/api/validation/testdata/v1/invalidPod1.json new file mode 100644 index 00000000000..df256426c45 --- /dev/null +++ b/pkg/api/validation/testdata/v1/invalidPod1.json @@ -0,0 +1,19 @@ +{ + "kind": "Pod", + "apiVersion": "v1", + "metadata": { + "name": "name", + "labels": { + "name": "redis-master" + } + }, + "spec": { + "containers": [ + { + "name": "master", + "image": "redis", + "args": "this is a bad command" + } + ] + } +} diff --git a/pkg/api/validation/testdata/v1/invalidPod2.json b/pkg/api/validation/testdata/v1/invalidPod2.json new file mode 100644 index 00000000000..97f02ac1336 --- /dev/null +++ b/pkg/api/validation/testdata/v1/invalidPod2.json @@ -0,0 +1,35 @@ +{ + "kind": "Pod", + "apiVersion": "v1", + "metadata": { + "name": "apache-php", + "labels": { + "name": "apache-php" + } + }, + "spec": { + "volumes": [{ + "name": "shared-disk" + }], + "containers": [ + { + "name": "apache-php", + "image": "php:5.6.2-apache", + "ports": [ + { + "name": "apache", + "hostPort": "13380", + "containerPort": 80, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "name": "shared-disk", + "mountPath": "/var/www/html" + } + ] + } + ] + } +} diff --git a/pkg/api/validation/testdata/v1/invalidPod3.json b/pkg/api/validation/testdata/v1/invalidPod3.json new file mode 100644 index 00000000000..78bc87e8cea --- /dev/null +++ b/pkg/api/validation/testdata/v1/invalidPod3.json @@ -0,0 +1,35 @@ +{ + "kind": "Pod", + "apiVersion": "v1", + "metadata": { + "name": "apache-php", + "labels": { + "name": "apache-php" + } + }, + "spec": { + "volumes": [ + "name": "shared-disk" + ], + "containers": [ + { + "name": "apache-php", + "image": "php:5.6.2-apache", + "ports": [ + { + "name": "apache", + "hostPort": 13380, + "containerPort": 80, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "name": "shared-disk", + "mountPath": "/var/www/html" + } + ] + } + ] + } +} diff --git a/pkg/api/validation/testdata/v1/validPod.yaml b/pkg/api/validation/testdata/v1/validPod.yaml new file mode 100644 index 00000000000..b8bdbdf6983 --- /dev/null +++ b/pkg/api/validation/testdata/v1/validPod.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + labels: + name: redis-master + name: name +spec: + containers: + - args: + - this + - is + - an + - ok + - command + image: redis + name: master diff --git a/pkg/kubelet/config/http_test.go b/pkg/kubelet/config/http_test.go index 6843ac864b1..5a92ab75815 100644 --- a/pkg/kubelet/config/http_test.go +++ b/pkg/kubelet/config/http_test.go @@ -27,7 +27,6 @@ import ( "github.com/GoogleCloudPlatform/kubernetes/pkg/api/validation" "github.com/GoogleCloudPlatform/kubernetes/pkg/kubelet" "github.com/GoogleCloudPlatform/kubernetes/pkg/runtime" - "github.com/GoogleCloudPlatform/kubernetes/pkg/securitycontext" "github.com/GoogleCloudPlatform/kubernetes/pkg/util" "github.com/GoogleCloudPlatform/kubernetes/pkg/util/errors" ) @@ -161,7 +160,8 @@ func TestExtractPodsFromHTTP(t *testing.T) { Image: "foo", TerminationMessagePath: "/dev/termination-log", ImagePullPolicy: "Always", - SecurityContext: securitycontext.ValidSecurityContextWithContainerDefaults()}}, + //SecurityContext: securitycontext.ValidSecurityContextWithContainerDefaults() + }}, }, }), }, @@ -214,7 +214,7 @@ func TestExtractPodsFromHTTP(t *testing.T) { Image: "foo", TerminationMessagePath: "/dev/termination-log", ImagePullPolicy: "Always", - SecurityContext: securitycontext.ValidSecurityContextWithContainerDefaults()}}, + }}, }, }, &api.Pod{ @@ -234,7 +234,7 @@ func TestExtractPodsFromHTTP(t *testing.T) { Image: "bar", TerminationMessagePath: "/dev/termination-log", ImagePullPolicy: "IfNotPresent", - SecurityContext: securitycontext.ValidSecurityContextWithContainerDefaults()}}, + }}, }, }), }, From 48d3d604af0fcac98a3d32c06b016e04883ebd99 Mon Sep 17 00:00:00 2001 From: Chao Xu Date: Tue, 2 Jun 2015 09:48:29 -0700 Subject: [PATCH 2/4] fix --- cmd/integration/v1-controller.json | 24 ++++++++++++++++++++++++ pkg/kubelet/config/http_test.go | 1 - 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 cmd/integration/v1-controller.json diff --git a/cmd/integration/v1-controller.json b/cmd/integration/v1-controller.json new file mode 100644 index 00000000000..20a94b62614 --- /dev/null +++ b/cmd/integration/v1-controller.json @@ -0,0 +1,24 @@ +{ + "kind": "ReplicationController", + "apiVersion": "v1", + "metadata": { + "name": "nginx-controller", + "labels": {"name": "nginx"} + }, + "spec": { + "replicas": 2, + "selector": {"name": "nginx"}, + "template": { + "metadata": { + "labels": {"name": "nginx"} + }, + "spec": { + "containers": [{ + "name": "nginx", + "image": "nginx", + "ports": [{"containerPort": 80}] + }] + } + } + } +} diff --git a/pkg/kubelet/config/http_test.go b/pkg/kubelet/config/http_test.go index 5a92ab75815..26309fdf279 100644 --- a/pkg/kubelet/config/http_test.go +++ b/pkg/kubelet/config/http_test.go @@ -160,7 +160,6 @@ func TestExtractPodsFromHTTP(t *testing.T) { Image: "foo", TerminationMessagePath: "/dev/termination-log", ImagePullPolicy: "Always", - //SecurityContext: securitycontext.ValidSecurityContextWithContainerDefaults() }}, }, }), From 89c8949e788af5df538822167d52f65437e57f0a Mon Sep 17 00:00:00 2001 From: Chao Xu Date: Tue, 2 Jun 2015 10:22:10 -0700 Subject: [PATCH 3/4] add v1 to hack/test-integration.sh --- cmd/integration/integration.go | 1 + hack/test-integration.sh | 3 ++- pkg/api/v1/conversion.go | 26 ++++++++++++++++++++++ test/integration/auth_test.go | 8 +++++++ test/integration/framework/master_utils.go | 1 + test/integration/scheduler_test.go | 1 + test/integration/secret_test.go | 1 + test/integration/service_account_test.go | 1 + test/integration/utils.go | 1 + 9 files changed, 42 insertions(+), 1 deletion(-) diff --git a/cmd/integration/integration.go b/cmd/integration/integration.go index 2ce6376e42d..4fd597f4c13 100644 --- a/cmd/integration/integration.go +++ b/cmd/integration/integration.go @@ -165,6 +165,7 @@ func startComponents(firstManifestURL, secondManifestURL, apiVersion string) (st ReadOnlyPort: portNumber, PublicAddress: publicAddress, CacheTimeout: 2 * time.Second, + EnableV1: true, }) handler.delegate = m.Handler diff --git a/hack/test-integration.sh b/hack/test-integration.sh index 36153522c6f..699bd98d151 100755 --- a/hack/test-integration.sh +++ b/hack/test-integration.sh @@ -25,7 +25,8 @@ set -o pipefail KUBE_ROOT=$(dirname "${BASH_SOURCE}")/.. source "${KUBE_ROOT}/hack/lib/init.sh" # Comma separated list of API Versions that should be tested. -KUBE_TEST_API_VERSIONS=${KUBE_TEST_API_VERSIONS:-"v1beta3"} +KUBE_TEST_API_VERSIONS=${KUBE_TEST_API_VERSIONS:-"v1beta3,v1"} + KUBE_INTEGRATION_TEST_MAX_CONCURRENCY=${KUBE_INTEGRATION_TEST_MAX_CONCURRENCY:-"-1"} LOG_LEVEL=${LOG_LEVEL:-2} diff --git a/pkg/api/v1/conversion.go b/pkg/api/v1/conversion.go index 5240dde5456..e783dd6c014 100644 --- a/pkg/api/v1/conversion.go +++ b/pkg/api/v1/conversion.go @@ -117,6 +117,32 @@ func addConversionFuncs() { // If one of the conversion functions is malformed, detect it immediately. panic(err) } + err = api.Scheme.AddFieldLabelConversionFunc("v1", "Secret", + func(label, value string) (string, string, error) { + switch label { + case "type": + return label, value, nil + default: + return "", "", fmt.Errorf("field label not supported: %s", label) + } + }) + if err != nil { + // If one of the conversion functions is malformed, detect it immediately. + panic(err) + } + err = api.Scheme.AddFieldLabelConversionFunc("v1", "ServiceAccount", + func(label, value string) (string, string, error) { + switch label { + case "metadata.name": + return label, value, nil + default: + return "", "", fmt.Errorf("field label not supported: %s", label) + } + }) + if err != nil { + // If one of the conversion functions is malformed, detect it immediately. + panic(err) + } } func convert_v1_StatusDetails_To_api_StatusDetails(in *StatusDetails, out *api.StatusDetails, s conversion.Scope) error { diff --git a/test/integration/auth_test.go b/test/integration/auth_test.go index ada2c441df7..490127543b1 100644 --- a/test/integration/auth_test.go +++ b/test/integration/auth_test.go @@ -397,6 +397,7 @@ func TestAuthModeAlwaysAllow(t *testing.T) { APIPrefix: "/api", Authorizer: apiserver.NewAlwaysAllowAuthorizer(), AdmissionControl: admit.NewAlwaysAdmit(), + EnableV1: true, }) transport := http.DefaultTransport @@ -537,6 +538,7 @@ func TestAuthModeAlwaysDeny(t *testing.T) { APIPrefix: "/api", Authorizer: apiserver.NewAlwaysDenyAuthorizer(), AdmissionControl: admit.NewAlwaysAdmit(), + EnableV1: true, }) transport := http.DefaultTransport @@ -605,6 +607,7 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) { Authenticator: getTestTokenAuth(), Authorizer: allowAliceAuthorizer{}, AdmissionControl: admit.NewAlwaysAdmit(), + EnableV1: true, }) previousResourceVersion := make(map[string]float64) @@ -692,6 +695,7 @@ func TestBobIsForbidden(t *testing.T) { Authenticator: getTestTokenAuth(), Authorizer: allowAliceAuthorizer{}, AdmissionControl: admit.NewAlwaysAdmit(), + EnableV1: true, }) transport := http.DefaultTransport @@ -753,6 +757,7 @@ func TestUnknownUserIsUnauthorized(t *testing.T) { Authenticator: getTestTokenAuth(), Authorizer: allowAliceAuthorizer{}, AdmissionControl: admit.NewAlwaysAdmit(), + EnableV1: true, }) transport := http.DefaultTransport @@ -833,6 +838,7 @@ func TestNamespaceAuthorization(t *testing.T) { Authenticator: getTestTokenAuth(), Authorizer: a, AdmissionControl: admit.NewAlwaysAdmit(), + EnableV1: true, }) previousResourceVersion := make(map[string]float64) @@ -948,6 +954,7 @@ func TestKindAuthorization(t *testing.T) { Authenticator: getTestTokenAuth(), Authorizer: a, AdmissionControl: admit.NewAlwaysAdmit(), + EnableV1: true, }) previousResourceVersion := make(map[string]float64) @@ -1050,6 +1057,7 @@ func TestReadOnlyAuthorization(t *testing.T) { Authenticator: getTestTokenAuth(), Authorizer: a, AdmissionControl: admit.NewAlwaysAdmit(), + EnableV1: true, }) transport := http.DefaultTransport diff --git a/test/integration/framework/master_utils.go b/test/integration/framework/master_utils.go index 3ff952e3547..de8e91fff84 100644 --- a/test/integration/framework/master_utils.go +++ b/test/integration/framework/master_utils.go @@ -272,6 +272,7 @@ func RunAMaster(t *testing.T) (*master.Master, *httptest.Server) { APIPrefix: "/api", Authorizer: apiserver.NewAlwaysAllowAuthorizer(), AdmissionControl: admit.NewAlwaysAdmit(), + EnableV1: true, }) s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { diff --git a/test/integration/scheduler_test.go b/test/integration/scheduler_test.go index e1733929c7e..a8d7db1fd72 100644 --- a/test/integration/scheduler_test.go +++ b/test/integration/scheduler_test.go @@ -75,6 +75,7 @@ func TestUnschedulableNodes(t *testing.T) { APIPrefix: "/api", Authorizer: apiserver.NewAlwaysAllowAuthorizer(), AdmissionControl: admit.NewAlwaysAdmit(), + EnableV1: true, }) restClient := client.NewOrDie(&client.Config{Host: s.URL, Version: testapi.Version()}) diff --git a/test/integration/secret_test.go b/test/integration/secret_test.go index b6c0ed7d4df..85ffece763c 100644 --- a/test/integration/secret_test.go +++ b/test/integration/secret_test.go @@ -68,6 +68,7 @@ func TestSecrets(t *testing.T) { APIPrefix: "/api", Authorizer: apiserver.NewAlwaysAllowAuthorizer(), AdmissionControl: admit.NewAlwaysAdmit(), + EnableV1: true, }) framework.DeleteAllEtcdKeys() diff --git a/test/integration/service_account_test.go b/test/integration/service_account_test.go index 1c3d692b244..94667b15b0f 100644 --- a/test/integration/service_account_test.go +++ b/test/integration/service_account_test.go @@ -419,6 +419,7 @@ func startServiceAccountTestServer(t *testing.T) (*client.Client, client.Config, Authenticator: authenticator, Authorizer: authorizer, AdmissionControl: serviceAccountAdmission, + EnableV1: true, }) // Start the service account and service account token controllers diff --git a/test/integration/utils.go b/test/integration/utils.go index d8e5187b485..265c13beab3 100644 --- a/test/integration/utils.go +++ b/test/integration/utils.go @@ -82,6 +82,7 @@ func runAMaster(t *testing.T) (*master.Master, *httptest.Server) { APIPrefix: "/api", Authorizer: apiserver.NewAlwaysAllowAuthorizer(), AdmissionControl: admit.NewAlwaysAdmit(), + EnableV1: true, }) s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { From 3358f378711ad51f63e3dd49b27343a0b87739a0 Mon Sep 17 00:00:00 2001 From: Chao Xu Date: Tue, 2 Jun 2015 17:27:57 -0700 Subject: [PATCH 4/4] remove imports of v1 in latest_test.go --- pkg/api/latest/latest_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/api/latest/latest_test.go b/pkg/api/latest/latest_test.go index 8169443ae58..881ac4b8558 100644 --- a/pkg/api/latest/latest_test.go +++ b/pkg/api/latest/latest_test.go @@ -21,7 +21,6 @@ import ( "testing" internal "github.com/GoogleCloudPlatform/kubernetes/pkg/api" - _ "github.com/GoogleCloudPlatform/kubernetes/pkg/api/v1" ) func TestResourceVersioner(t *testing.T) {