Merge pull request #57970 from php-coder/improve_add_no_new_privs_test

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests **What this PR does / why we need it**: This PR improves existing test in the following ways: - remove irrelevant test cases - add test case for `AllowPrivilegeEscalation: nil` - explicitly specify input and expected outcome This is addressed to the following review comment: https://github.com/kubernetes/kubernetes/pull/47019#discussion_r135808264 **Release note**: ```release-note NONE ``` PTAL @jessfraz @kubernetes/sig-auth-pr-reviews CC @simo5
2025-07-30 15:05:27 +00:00 · 2018-01-17 09:37:28 -08:00 · 2018-01-17 09:37:28 -08:00 · 8a6bb3e120
commit 8a6bb3e120
parent 36592241b7 3a461afaf5
1 changed files with 14 additions and 31 deletions
--- a/pkg/securitycontext/util_test.go
+++ b/pkg/securitycontext/util_test.go
@ -178,56 +178,39 @@ func TestHasRootRunAsUser(t *testing.T) {
 }

 func TestAddNoNewPrivileges(t *testing.T) {
-	var nonRoot int64 = 1000
-	var root int64 = 0
 	pfalse := false
 	ptrue := true

 	tests := map[string]struct {
-		sc     v1.SecurityContext
+		sc     *v1.SecurityContext
 		expect bool
 	}{
-		"allowPrivilegeEscalation nil security context nil": {},
-		"allowPrivilegeEscalation nil nonRoot": {
-			sc: v1.SecurityContext{
-				RunAsUser: &nonRoot,
-			},
+		"allowPrivilegeEscalation nil security context nil": {
+			sc:     nil,
+			expect: false,
 		},
-		"allowPrivilegeEscalation nil root": {
-			sc: v1.SecurityContext{
-				RunAsUser: &root,
+		"allowPrivilegeEscalation nil": {
+			sc: &v1.SecurityContext{
+				AllowPrivilegeEscalation: nil,
 			},
+			expect: false,
 		},
-		"allowPrivilegeEscalation false nonRoot": {
-			sc: v1.SecurityContext{
-				RunAsUser:                &nonRoot,
+		"allowPrivilegeEscalation false": {
+			sc: &v1.SecurityContext{
 				AllowPrivilegeEscalation: &pfalse,
 			},
 			expect: true,
 		},
-		"allowPrivilegeEscalation false root": {
-			sc: v1.SecurityContext{
-				RunAsUser:                &root,
-				AllowPrivilegeEscalation: &pfalse,
-			},
-			expect: true,
-		},
-		"allowPrivilegeEscalation true nonRoot": {
-			sc: v1.SecurityContext{
-				RunAsUser:                &nonRoot,
-				AllowPrivilegeEscalation: &ptrue,
-			},
-		},
-		"allowPrivilegeEscalation true root": {
-			sc: v1.SecurityContext{
-				RunAsUser:                &root,
+		"allowPrivilegeEscalation true": {
+			sc: &v1.SecurityContext{
 				AllowPrivilegeEscalation: &ptrue,
 			},
+			expect: false,
 		},
 	}

 	for k, v := range tests {
-		actual := AddNoNewPrivileges(&v.sc)
+		actual := AddNoNewPrivileges(v.sc)
 		if actual != v.expect {
 			t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual)
 		}