Merge pull request #56349 from php-coder/simplify_admission_test

Automatic merge from submit-queue (batch tested with PRs 56947, 56349, 57140, 53686, 57314). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. admission_test.go(TestAdmitPreferNonmutating): simplify test **What this PR does / why we need it**: This PR simplifies `TestAdmitPreferNonmutating` test by inlining members that have a constant values. **Release note**: ```release-note NONE ``` PTAL @liggitt @tallclair CC @simo5
2025-07-22 03:11:40 +00:00 · 2017-12-18 12:24:38 -08:00 · 2017-12-18 12:24:38 -08:00 · b6b1762a80
commit b6b1762a80
parent a8074cf02a b1ae1d67b2
1 changed files with 16 additions and 36 deletions
--- a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
+++ b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
@ -349,10 +349,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
 		pod                   *kapi.Pod
 		podBeforeUpdate       *kapi.Pod
 		psps                  []*extensions.PodSecurityPolicy
-		shouldPassAdmit       bool
 		shouldPassValidate    bool
 		expectMutation        bool
-		expectedPodUser       *int64
 		expectedContainerUser *int64
 		expectedPSP           string
 	}{
@ -360,10 +358,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
 			operation:             kadmission.Create,
 			pod:                   unprivilegedRunAsAnyPod.DeepCopy(),
 			psps:                  []*extensions.PodSecurityPolicy{privilegedPSP},
-			shouldPassAdmit:       true,
 			shouldPassValidate:    true,
 			expectMutation:        false,
-			expectedPodUser:       nil,
 			expectedContainerUser: nil,
 			expectedPSP:           privilegedPSP.Name,
 		},
@ -371,10 +367,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
 			operation:             kadmission.Create,
 			pod:                   unprivilegedRunAsAnyPod.DeepCopy(),
 			psps:                  []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP},
-			shouldPassAdmit:       true,
 			shouldPassValidate:    true,
 			expectMutation:        false,
-			expectedPodUser:       nil,
 			expectedContainerUser: nil,
 			expectedPSP:           privilegedPSP.Name,
 		},
@ -382,10 +376,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
 			operation:             kadmission.Create,
 			pod:                   unprivilegedRunAsAnyPod.DeepCopy(),
 			psps:                  []*extensions.PodSecurityPolicy{mutating2, mutating1},
-			shouldPassAdmit:       true,
 			shouldPassValidate:    true,
 			expectMutation:        true,
-			expectedPodUser:       nil,
 			expectedContainerUser: &mutating1.Spec.RunAsUser.Ranges[0].Min,
 			expectedPSP:           mutating1.Name,
 		},
@ -394,10 +386,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
 			pod:                   changedPodWithSC.DeepCopy(),
 			podBeforeUpdate:       podWithSC.DeepCopy(),
 			psps:                  []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP},
-			shouldPassAdmit:       true,
 			shouldPassValidate:    true,
 			expectMutation:        false,
-			expectedPodUser:       nil,
 			expectedContainerUser: nil,
 			expectedPSP:           privilegedPSP.Name,
 		},
@ -406,10 +396,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
 			pod:                   changedPod.DeepCopy(),
 			podBeforeUpdate:       unprivilegedRunAsAnyPod.DeepCopy(),
 			psps:                  []*extensions.PodSecurityPolicy{mutating2, mutating1},
-			shouldPassAdmit:       true,
 			shouldPassValidate:    false,
 			expectMutation:        false,
-			expectedPodUser:       nil,
 			expectedContainerUser: nil,
 			expectedPSP:           "",
 		},
@ -418,10 +406,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
 			pod:                   unprivilegedRunAsAnyPod.DeepCopy(),
 			podBeforeUpdate:       unprivilegedRunAsAnyPod.DeepCopy(),
 			psps:                  []*extensions.PodSecurityPolicy{mutating2, mutating1},
-			shouldPassAdmit:       true,
 			shouldPassValidate:    true,
 			expectMutation:        false,
-			expectedPodUser:       nil,
 			expectedContainerUser: nil,
 			expectedPSP:           "",
 		},
@ -430,38 +416,32 @@ func TestAdmitPreferNonmutating(t *testing.T) {
 			pod:                   gcChangedPod.DeepCopy(),
 			podBeforeUpdate:       unprivilegedRunAsAnyPod.DeepCopy(),
 			psps:                  []*extensions.PodSecurityPolicy{mutating2, mutating1},
-			shouldPassAdmit:       true,
 			shouldPassValidate:    true,
 			expectMutation:        false,
-			expectedPodUser:       nil,
 			expectedContainerUser: nil,
 			expectedPSP:           "",
 		},
 	}

 	for k, v := range tests {
-		testPSPAdmitAdvanced(k, v.operation, v.psps, nil, &user.DefaultInfo{}, v.pod, v.podBeforeUpdate, v.shouldPassAdmit, v.shouldPassValidate, v.expectMutation, v.expectedPSP, t)
+		testPSPAdmitAdvanced(k, v.operation, v.psps, nil, &user.DefaultInfo{}, v.pod, v.podBeforeUpdate, true, v.shouldPassValidate, v.expectMutation, v.expectedPSP, t)

-		if v.shouldPassAdmit {
-			actualPodUser := (*int64)(nil)
-			if v.pod.Spec.SecurityContext != nil {
-				actualPodUser = v.pod.Spec.SecurityContext.RunAsUser
-			}
-			if (actualPodUser == nil) != (v.expectedPodUser == nil) {
-				t.Errorf("%s expected pod user %v, got %v", k, v.expectedPodUser, actualPodUser)
-			} else if actualPodUser != nil && *actualPodUser != *v.expectedPodUser {
-				t.Errorf("%s expected pod user %v, got %v", k, *v.expectedPodUser, *actualPodUser)
-			}
+		actualPodUser := (*int64)(nil)
+		if v.pod.Spec.SecurityContext != nil {
+			actualPodUser = v.pod.Spec.SecurityContext.RunAsUser
+		}
+		if actualPodUser != nil {
+			t.Errorf("%s expected pod user nil, got %v", k, *actualPodUser)
+		}

-			actualContainerUser := (*int64)(nil)
-			if v.pod.Spec.Containers[0].SecurityContext != nil {
-				actualContainerUser = v.pod.Spec.Containers[0].SecurityContext.RunAsUser
-			}
-			if (actualContainerUser == nil) != (v.expectedContainerUser == nil) {
-				t.Errorf("%s expected container user %v, got %v", k, v.expectedContainerUser, actualContainerUser)
-			} else if actualContainerUser != nil && *actualContainerUser != *v.expectedContainerUser {
-				t.Errorf("%s expected container user %v, got %v", k, *v.expectedContainerUser, *actualContainerUser)
-			}
+		actualContainerUser := (*int64)(nil)
+		if v.pod.Spec.Containers[0].SecurityContext != nil {
+			actualContainerUser = v.pod.Spec.Containers[0].SecurityContext.RunAsUser
+		}
+		if (actualContainerUser == nil) != (v.expectedContainerUser == nil) {
+			t.Errorf("%s expected container user %v, got %v", k, v.expectedContainerUser, actualContainerUser)
+		} else if actualContainerUser != nil && *actualContainerUser != *v.expectedContainerUser {
+			t.Errorf("%s expected container user %v, got %v", k, *v.expectedContainerUser, *actualContainerUser)
 		}
 	}
 }