Merge pull request #57970 from php-coder/improve_add_no_new_privs_test

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests

**What this PR does / why we need it**:
This PR improves existing test in the following ways:
- remove irrelevant test cases
- add test case for `AllowPrivilegeEscalation: nil`
- explicitly specify input and expected outcome

This is addressed to the following review comment: https://github.com/kubernetes/kubernetes/pull/47019#discussion_r135808264

**Release note**:
```release-note
NONE
```

PTAL @jessfraz @kubernetes/sig-auth-pr-reviews
CC @simo5
This commit is contained in:
Kubernetes Submit Queue 2018-01-17 09:37:28 -08:00 committed by GitHub
commit 8a6bb3e120
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -178,56 +178,39 @@ func TestHasRootRunAsUser(t *testing.T) {
}
func TestAddNoNewPrivileges(t *testing.T) {
var nonRoot int64 = 1000
var root int64 = 0
pfalse := false
ptrue := true
tests := map[string]struct {
sc v1.SecurityContext
sc *v1.SecurityContext
expect bool
}{
"allowPrivilegeEscalation nil security context nil": {},
"allowPrivilegeEscalation nil nonRoot": {
sc: v1.SecurityContext{
RunAsUser: &nonRoot,
},
"allowPrivilegeEscalation nil security context nil": {
sc: nil,
expect: false,
},
"allowPrivilegeEscalation nil root": {
sc: v1.SecurityContext{
RunAsUser: &root,
"allowPrivilegeEscalation nil": {
sc: &v1.SecurityContext{
AllowPrivilegeEscalation: nil,
},
expect: false,
},
"allowPrivilegeEscalation false nonRoot": {
sc: v1.SecurityContext{
RunAsUser: &nonRoot,
"allowPrivilegeEscalation false": {
sc: &v1.SecurityContext{
AllowPrivilegeEscalation: &pfalse,
},
expect: true,
},
"allowPrivilegeEscalation false root": {
sc: v1.SecurityContext{
RunAsUser: &root,
AllowPrivilegeEscalation: &pfalse,
},
expect: true,
},
"allowPrivilegeEscalation true nonRoot": {
sc: v1.SecurityContext{
RunAsUser: &nonRoot,
AllowPrivilegeEscalation: &ptrue,
},
},
"allowPrivilegeEscalation true root": {
sc: v1.SecurityContext{
RunAsUser: &root,
"allowPrivilegeEscalation true": {
sc: &v1.SecurityContext{
AllowPrivilegeEscalation: &ptrue,
},
expect: false,
},
}
for k, v := range tests {
actual := AddNoNewPrivileges(&v.sc)
actual := AddNoNewPrivileges(v.sc)
if actual != v.expect {
t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual)
}