github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-07 19:23:40 +00:00
Code Issues Projects Releases Wiki Activity

admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing shouldPassAdmit by a constant value.

Browse Source
This commit is contained in:
Slava Semushin 2017-11-24 17:11:51 +01:00
parent 2b95212ad3
commit b1ae1d67b2
1 changed files with 16 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
View File

@ -349,7 +349,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
pod *kapi.Pod pod *kapi.Pod
podBeforeUpdate *kapi.Pod podBeforeUpdate *kapi.Pod
psps []*extensions.PodSecurityPolicy psps []*extensions.PodSecurityPolicy
shouldPassAdmit bool
shouldPassValidate bool shouldPassValidate bool
expectMutation bool expectMutation bool
expectedContainerUser *int64 expectedContainerUser *int64
@ -359,7 +358,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
operation: kadmission.Create, operation: kadmission.Create,
pod: unprivilegedRunAsAnyPod.DeepCopy(), pod: unprivilegedRunAsAnyPod.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{privilegedPSP}, psps: []*extensions.PodSecurityPolicy{privilegedPSP},
shouldPassAdmit: true,
shouldPassValidate: true, shouldPassValidate: true,
expectMutation: false, expectMutation: false,
expectedContainerUser: nil, expectedContainerUser: nil,
@ -369,7 +367,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
operation: kadmission.Create, operation: kadmission.Create,
pod: unprivilegedRunAsAnyPod.DeepCopy(), pod: unprivilegedRunAsAnyPod.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP}, psps: []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP},
shouldPassAdmit: true,
shouldPassValidate: true, shouldPassValidate: true,
expectMutation: false, expectMutation: false,
expectedContainerUser: nil, expectedContainerUser: nil,
@ -379,7 +376,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
operation: kadmission.Create, operation: kadmission.Create,
pod: unprivilegedRunAsAnyPod.DeepCopy(), pod: unprivilegedRunAsAnyPod.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1}, psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
shouldPassAdmit: true,
shouldPassValidate: true, shouldPassValidate: true,
expectMutation: true, expectMutation: true,
expectedContainerUser: &mutating1.Spec.RunAsUser.Ranges[0].Min, expectedContainerUser: &mutating1.Spec.RunAsUser.Ranges[0].Min,
@ -390,7 +386,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
pod: changedPodWithSC.DeepCopy(), pod: changedPodWithSC.DeepCopy(),
podBeforeUpdate: podWithSC.DeepCopy(), podBeforeUpdate: podWithSC.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP}, psps: []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP},
shouldPassAdmit: true,
shouldPassValidate: true, shouldPassValidate: true,
expectMutation: false, expectMutation: false,
expectedContainerUser: nil, expectedContainerUser: nil,
@ -401,7 +396,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
pod: changedPod.DeepCopy(), pod: changedPod.DeepCopy(),
podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(), podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1}, psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
shouldPassAdmit: true,
shouldPassValidate: false, shouldPassValidate: false,
expectMutation: false, expectMutation: false,
expectedContainerUser: nil, expectedContainerUser: nil,
@ -412,7 +406,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
pod: unprivilegedRunAsAnyPod.DeepCopy(), pod: unprivilegedRunAsAnyPod.DeepCopy(),
podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(), podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1}, psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
shouldPassAdmit: true,
shouldPassValidate: true, shouldPassValidate: true,
expectMutation: false, expectMutation: false,
expectedContainerUser: nil, expectedContainerUser: nil,
@ -423,7 +416,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
pod: gcChangedPod.DeepCopy(), pod: gcChangedPod.DeepCopy(),
podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(), podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1}, psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
shouldPassAdmit: true,
shouldPassValidate: true, shouldPassValidate: true,
expectMutation: false, expectMutation: false,
expectedContainerUser: nil, expectedContainerUser: nil,
@ -432,9 +424,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
} }
for k, v := range tests { for k, v := range tests {
testPSPAdmitAdvanced(k, v.operation, v.psps, nil, &user.DefaultInfo{}, v.pod, v.podBeforeUpdate, v.shouldPassAdmit, v.shouldPassValidate, v.expectMutation, v.expectedPSP, t) testPSPAdmitAdvanced(k, v.operation, v.psps, nil, &user.DefaultInfo{}, v.pod, v.podBeforeUpdate, true, v.shouldPassValidate, v.expectMutation, v.expectedPSP, t)
if v.shouldPassAdmit {
actualPodUser := (*int64)(nil) actualPodUser := (*int64)(nil)
if v.pod.Spec.SecurityContext != nil { if v.pod.Spec.SecurityContext != nil {
actualPodUser = v.pod.Spec.SecurityContext.RunAsUser actualPodUser = v.pod.Spec.SecurityContext.RunAsUser
@ -453,7 +444,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
t.Errorf("%s expected container user %v, got %v", k, *v.expectedContainerUser, *actualContainerUser) t.Errorf("%s expected container user %v, got %v", k, *v.expectedContainerUser, *actualContainerUser)
} }
} }
}
} }
func TestFailClosedOnInvalidPod(t *testing.T) { func TestFailClosedOnInvalidPod(t *testing.T) {