mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 12:15:52 +00:00
Merge pull request #57970 from php-coder/improve_add_no_new_privs_test
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests **What this PR does / why we need it**: This PR improves existing test in the following ways: - remove irrelevant test cases - add test case for `AllowPrivilegeEscalation: nil` - explicitly specify input and expected outcome This is addressed to the following review comment: https://github.com/kubernetes/kubernetes/pull/47019#discussion_r135808264 **Release note**: ```release-note NONE ``` PTAL @jessfraz @kubernetes/sig-auth-pr-reviews CC @simo5
This commit is contained in:
commit
8a6bb3e120
@ -178,56 +178,39 @@ func TestHasRootRunAsUser(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestAddNoNewPrivileges(t *testing.T) {
|
||||
var nonRoot int64 = 1000
|
||||
var root int64 = 0
|
||||
pfalse := false
|
||||
ptrue := true
|
||||
|
||||
tests := map[string]struct {
|
||||
sc v1.SecurityContext
|
||||
sc *v1.SecurityContext
|
||||
expect bool
|
||||
}{
|
||||
"allowPrivilegeEscalation nil security context nil": {},
|
||||
"allowPrivilegeEscalation nil nonRoot": {
|
||||
sc: v1.SecurityContext{
|
||||
RunAsUser: &nonRoot,
|
||||
},
|
||||
"allowPrivilegeEscalation nil security context nil": {
|
||||
sc: nil,
|
||||
expect: false,
|
||||
},
|
||||
"allowPrivilegeEscalation nil root": {
|
||||
sc: v1.SecurityContext{
|
||||
RunAsUser: &root,
|
||||
"allowPrivilegeEscalation nil": {
|
||||
sc: &v1.SecurityContext{
|
||||
AllowPrivilegeEscalation: nil,
|
||||
},
|
||||
expect: false,
|
||||
},
|
||||
"allowPrivilegeEscalation false nonRoot": {
|
||||
sc: v1.SecurityContext{
|
||||
RunAsUser: &nonRoot,
|
||||
"allowPrivilegeEscalation false": {
|
||||
sc: &v1.SecurityContext{
|
||||
AllowPrivilegeEscalation: &pfalse,
|
||||
},
|
||||
expect: true,
|
||||
},
|
||||
"allowPrivilegeEscalation false root": {
|
||||
sc: v1.SecurityContext{
|
||||
RunAsUser: &root,
|
||||
AllowPrivilegeEscalation: &pfalse,
|
||||
},
|
||||
expect: true,
|
||||
},
|
||||
"allowPrivilegeEscalation true nonRoot": {
|
||||
sc: v1.SecurityContext{
|
||||
RunAsUser: &nonRoot,
|
||||
AllowPrivilegeEscalation: &ptrue,
|
||||
},
|
||||
},
|
||||
"allowPrivilegeEscalation true root": {
|
||||
sc: v1.SecurityContext{
|
||||
RunAsUser: &root,
|
||||
"allowPrivilegeEscalation true": {
|
||||
sc: &v1.SecurityContext{
|
||||
AllowPrivilegeEscalation: &ptrue,
|
||||
},
|
||||
expect: false,
|
||||
},
|
||||
}
|
||||
|
||||
for k, v := range tests {
|
||||
actual := AddNoNewPrivileges(&v.sc)
|
||||
actual := AddNoNewPrivileges(v.sc)
|
||||
if actual != v.expect {
|
||||
t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user