Run GCE unit tests as non-root

This commit is contained in:
Maciej Szulik 2021-03-18 12:14:02 +01:00
parent 0c6d922812
commit a3a26171d1
No known key found for this signature in database
GPG Key ID: F15E55D276FA84C4
4 changed files with 29 additions and 16 deletions

View File

@ -17,26 +17,29 @@ limitations under the License.
package gci
import (
"os"
"strconv"
"strings"
"testing"
)
type kubeAPIServeETCDEnv struct {
KubeHome string
ETCDServers string
ETCDServersOverride string
CAKey string
CACert string
CACertPath string
APIServerKey string
APIServerCert string
APIServerCertPath string
APIServerKeyPath string
ETCDKey string
ETCDCert string
StorageBackend string
StorageMediaType string
CompactionInterval string
KubeHome string
KubeAPIServerRunAsUser string
ETCDServers string
ETCDServersOverride string
CAKey string
CACert string
CACertPath string
APIServerKey string
APIServerCert string
APIServerCertPath string
APIServerKeyPath string
ETCDKey string
ETCDCert string
StorageBackend string
StorageMediaType string
CompactionInterval string
}
func TestServerOverride(t *testing.T) {
@ -68,6 +71,7 @@ func TestServerOverride(t *testing.T) {
c := newManifestTestCase(t, kubeAPIServerManifestFileName, kubeAPIServerStartFuncName, nil)
defer c.tearDown()
tc.env.KubeHome = c.kubeHome
tc.env.KubeAPIServerRunAsUser = strconv.Itoa(os.Getuid())
c.mustInvokeFunc(
tc.env,
@ -124,6 +128,7 @@ func TestStorageOptions(t *testing.T) {
c := newManifestTestCase(t, kubeAPIServerManifestFileName, kubeAPIServerStartFuncName, nil)
defer c.tearDown()
tc.env.KubeHome = c.kubeHome
tc.env.KubeAPIServerRunAsUser = strconv.Itoa(os.Getuid())
c.mustInvokeFunc(
tc.env,
@ -188,6 +193,7 @@ func TestTLSFlags(t *testing.T) {
c := newManifestTestCase(t, kubeAPIServerManifestFileName, kubeAPIServerStartFuncName, nil)
defer c.tearDown()
tc.env.KubeHome = c.kubeHome
tc.env.KubeAPIServerRunAsUser = strconv.Itoa(os.Getuid())
c.mustInvokeFunc(
tc.env,

View File

@ -24,6 +24,7 @@ import (
"os"
"path/filepath"
"reflect"
"strconv"
"strings"
"testing"
@ -38,6 +39,7 @@ const (
type kubeAPIServerEnv struct {
KubeHome string
KubeAPIServerRunAsUser string
EncryptionProviderConfigPath string
EncryptionProviderConfig string
CloudKMSIntegration bool
@ -72,6 +74,7 @@ func TestEncryptionProviderFlag(t *testing.T) {
e := kubeAPIServerEnv{
KubeHome: c.kubeHome,
KubeAPIServerRunAsUser: strconv.Itoa(os.Getuid()),
EncryptionProviderConfigPath: filepath.Join(c.kubeHome, "encryption-provider-config.yaml"),
EncryptionProviderConfig: tc.encryptionProviderConfig,
}
@ -107,6 +110,7 @@ func TestEncryptionProviderConfig(t *testing.T) {
p := filepath.Join(c.kubeHome, "encryption-provider-config.yaml")
e := kubeAPIServerEnv{
KubeHome: c.kubeHome,
KubeAPIServerRunAsUser: strconv.Itoa(os.Getuid()),
EncryptionProviderConfigPath: p,
EncryptionProviderConfig: base64.StdEncoding.EncodeToString([]byte("foo")),
}
@ -177,6 +181,7 @@ func TestKMSIntegration(t *testing.T) {
var e = kubeAPIServerEnv{
KubeHome: c.kubeHome,
KubeAPIServerRunAsUser: strconv.Itoa(os.Getuid()),
EncryptionProviderConfigPath: filepath.Join(c.kubeHome, "encryption-provider-config.yaml"),
EncryptionProviderConfig: base64.StdEncoding.EncodeToString([]byte("foo")),
CloudKMSIntegration: tc.cloudKMSIntegration,

View File

@ -13,3 +13,4 @@ readonly ETCD_SERVERS_OVERRIDES={{.ETCDServersOverride}}
readonly STORAGE_BACKEND={{.StorageBackend}}
readonly STORAGE_MEDIA_TYPE={{.StorageMediaType}}
readonly ETCD_COMPACTION_INTERVAL_SEC={{.CompactionInterval}}
readonly KUBE_API_SERVER_RUNASUSER={{.KubeAPIServerRunAsUser}}

View File

@ -5,4 +5,5 @@ ENCRYPTION_PROVIDER_CONFIG_PATH={{.EncryptionProviderConfigPath}}
{{end}}
{{if .CloudKMSIntegration}}
readonly CLOUD_KMS_INTEGRATION=true
{{end}}
{{end}}
readonly KUBE_API_SERVER_RUNASUSER={{.KubeAPIServerRunAsUser}}