diff --git a/pkg/controller/disruption/disruption.go b/pkg/controller/disruption/disruption.go index 11642b422ec..1a62a311714 100644 --- a/pkg/controller/disruption/disruption.go +++ b/pkg/controller/disruption/disruption.go @@ -470,12 +470,12 @@ func (dc *DisruptionController) getPdbForPod(pod *v1.Pod) *policy.PodDisruptionB // IMPORTANT NOTE : the returned pods should NOT be modified. func (dc *DisruptionController) getPodsForPdb(pdb *policy.PodDisruptionBudget) ([]*v1.Pod, error) { sel, err := metav1.LabelSelectorAsSelector(pdb.Spec.Selector) - if sel.Empty() { - return []*v1.Pod{}, nil - } if err != nil { return []*v1.Pod{}, err } + if sel.Empty() { + return []*v1.Pod{}, nil + } pods, err := dc.podLister.Pods(pdb.Namespace).List(sel) if err != nil { return []*v1.Pod{}, err diff --git a/pkg/controller/disruption/disruption_test.go b/pkg/controller/disruption/disruption_test.go index dbda1fdaece..28a69150f40 100644 --- a/pkg/controller/disruption/disruption_test.go +++ b/pkg/controller/disruption/disruption_test.go @@ -1160,6 +1160,44 @@ func TestUpdatePDBStatusRetries(t *testing.T) { } } +func TestInvalidSelectors(t *testing.T) { + testCases := map[string]struct { + labelSelector *metav1.LabelSelector + }{ + "illegal value key": { + labelSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "k8s.io/too/many/slashes": "value", + }, + }, + }, + "illegal operator": { + labelSelector: &metav1.LabelSelector{ + MatchExpressions: []metav1.LabelSelectorRequirement{ + { + Key: "foo", + Operator: metav1.LabelSelectorOperator("illegal"), + Values: []string{"bar"}, + }, + }, + }, + }, + } + + for tn, tc := range testCases { + t.Run(tn, func(t *testing.T) { + dc, ps := newFakeDisruptionController() + + pdb, pdbName := newMinAvailablePodDisruptionBudget(t, intstr.FromInt(3)) + pdb.Spec.Selector = tc.labelSelector + + add(t, dc.pdbStore, pdb) + dc.sync(pdbName) + ps.VerifyPdbStatus(t, pdbName, 0, 0, 0, 0, map[string]metav1.Time{}) + }) + } +} + // waitForCacheCount blocks until the given cache store has the desired number // of items in it. This will return an error if the condition is not met after a // 10 second timeout.