github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-07 19:23:40 +00:00
Code Issues Projects Releases Wiki Activity

admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing shouldPassAdmit by a constant value.

Browse Source
This commit is contained in:
Slava Semushin 2017-11-24 17:11:51 +01:00
parent 2b95212ad3
commit b1ae1d67b2
1 changed files with 16 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
View File

@ -349,7 +349,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
pod *kapi.Pod pod *kapi.Pod
podBeforeUpdate *kapi.Pod podBeforeUpdate *kapi.Pod
psps []*extensions.PodSecurityPolicy psps []*extensions.PodSecurityPolicy
shouldPassAdmit bool
shouldPassValidate bool shouldPassValidate bool
expectMutation bool expectMutation bool
expectedContainerUser *int64 expectedContainerUser *int64
@ -359,7 +358,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
operation: kadmission.Create, operation: kadmission.Create,
pod: unprivilegedRunAsAnyPod.DeepCopy(), pod: unprivilegedRunAsAnyPod.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{privilegedPSP}, psps: []*extensions.PodSecurityPolicy{privilegedPSP},
shouldPassAdmit: true,
shouldPassValidate: true, shouldPassValidate: true,
expectMutation: false, expectMutation: false,
expectedContainerUser: nil, expectedContainerUser: nil,
@ -369,7 +367,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
operation: kadmission.Create, operation: kadmission.Create,
pod: unprivilegedRunAsAnyPod.DeepCopy(), pod: unprivilegedRunAsAnyPod.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP}, psps: []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP},
shouldPassAdmit: true,
shouldPassValidate: true, shouldPassValidate: true,
expectMutation: false, expectMutation: false,
expectedContainerUser: nil, expectedContainerUser: nil,
@ -379,7 +376,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
operation: kadmission.Create, operation: kadmission.Create,
pod: unprivilegedRunAsAnyPod.DeepCopy(), pod: unprivilegedRunAsAnyPod.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1}, psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
shouldPassAdmit: true,
shouldPassValidate: true, shouldPassValidate: true,
expectMutation: true, expectMutation: true,
expectedContainerUser: &mutating1.Spec.RunAsUser.Ranges[0].Min, expectedContainerUser: &mutating1.Spec.RunAsUser.Ranges[0].Min,
@ -390,7 +386,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
pod: changedPodWithSC.DeepCopy(), pod: changedPodWithSC.DeepCopy(),
podBeforeUpdate: podWithSC.DeepCopy(), podBeforeUpdate: podWithSC.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP}, psps: []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP},
shouldPassAdmit: true,
shouldPassValidate: true, shouldPassValidate: true,
expectMutation: false, expectMutation: false,
expectedContainerUser: nil, expectedContainerUser: nil,
@ -401,7 +396,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
pod: changedPod.DeepCopy(), pod: changedPod.DeepCopy(),
podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(), podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1}, psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
shouldPassAdmit: true,
shouldPassValidate: false, shouldPassValidate: false,
expectMutation: false, expectMutation: false,
expectedContainerUser: nil, expectedContainerUser: nil,
@ -412,7 +406,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
pod: unprivilegedRunAsAnyPod.DeepCopy(), pod: unprivilegedRunAsAnyPod.DeepCopy(),
podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(), podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1}, psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
shouldPassAdmit: true,
shouldPassValidate: true, shouldPassValidate: true,
expectMutation: false, expectMutation: false,
expectedContainerUser: nil, expectedContainerUser: nil,
@ -423,7 +416,6 @@ func TestAdmitPreferNonmutating(t *testing.T) {
pod: gcChangedPod.DeepCopy(), pod: gcChangedPod.DeepCopy(),
podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(), podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(),
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1}, psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
shouldPassAdmit: true,
shouldPassValidate: true, shouldPassValidate: true,
expectMutation: false, expectMutation: false,
expectedContainerUser: nil, expectedContainerUser: nil,
@ -432,26 +424,24 @@ func TestAdmitPreferNonmutating(t *testing.T) {
} }
for k, v := range tests { for k, v := range tests {
testPSPAdmitAdvanced(k, v.operation, v.psps, nil, &user.DefaultInfo{}, v.pod, v.podBeforeUpdate, v.shouldPassAdmit, v.shouldPassValidate, v.expectMutation, v.expectedPSP, t) testPSPAdmitAdvanced(k, v.operation, v.psps, nil, &user.DefaultInfo{}, v.pod, v.podBeforeUpdate, true, v.shouldPassValidate, v.expectMutation, v.expectedPSP, t)
if v.shouldPassAdmit { actualPodUser := (*int64)(nil)
actualPodUser := (*int64)(nil) if v.pod.Spec.SecurityContext != nil {
if v.pod.Spec.SecurityContext != nil { actualPodUser = v.pod.Spec.SecurityContext.RunAsUser
actualPodUser = v.pod.Spec.SecurityContext.RunAsUser }
} if actualPodUser != nil {
if actualPodUser != nil { t.Errorf("%s expected pod user nil, got %v", k, *actualPodUser)
t.Errorf("%s expected pod user nil, got %v", k, *actualPodUser) }
}
actualContainerUser := (*int64)(nil) actualContainerUser := (*int64)(nil)
if v.pod.Spec.Containers[0].SecurityContext != nil { if v.pod.Spec.Containers[0].SecurityContext != nil {
actualContainerUser = v.pod.Spec.Containers[0].SecurityContext.RunAsUser actualContainerUser = v.pod.Spec.Containers[0].SecurityContext.RunAsUser
} }
if (actualContainerUser == nil) != (v.expectedContainerUser == nil) { if (actualContainerUser == nil) != (v.expectedContainerUser == nil) {
t.Errorf("%s expected container user %v, got %v", k, v.expectedContainerUser, actualContainerUser) t.Errorf("%s expected container user %v, got %v", k, v.expectedContainerUser, actualContainerUser)
} else if actualContainerUser != nil && *actualContainerUser != *v.expectedContainerUser { } else if actualContainerUser != nil && *actualContainerUser != *v.expectedContainerUser {
t.Errorf("%s expected container user %v, got %v", k, *v.expectedContainerUser, *actualContainerUser) t.Errorf("%s expected container user %v, got %v", k, *v.expectedContainerUser, *actualContainerUser)
}
} }
} }
} }