mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Merge pull request #56349 from php-coder/simplify_admission_test
Automatic merge from submit-queue (batch tested with PRs 56947, 56349, 57140, 53686, 57314). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. admission_test.go(TestAdmitPreferNonmutating): simplify test **What this PR does / why we need it**: This PR simplifies `TestAdmitPreferNonmutating` test by inlining members that have a constant values. **Release note**: ```release-note NONE ``` PTAL @liggitt @tallclair CC @simo5
This commit is contained in:
commit
b6b1762a80
@ -349,10 +349,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
|
|||||||
pod *kapi.Pod
|
pod *kapi.Pod
|
||||||
podBeforeUpdate *kapi.Pod
|
podBeforeUpdate *kapi.Pod
|
||||||
psps []*extensions.PodSecurityPolicy
|
psps []*extensions.PodSecurityPolicy
|
||||||
shouldPassAdmit bool
|
|
||||||
shouldPassValidate bool
|
shouldPassValidate bool
|
||||||
expectMutation bool
|
expectMutation bool
|
||||||
expectedPodUser *int64
|
|
||||||
expectedContainerUser *int64
|
expectedContainerUser *int64
|
||||||
expectedPSP string
|
expectedPSP string
|
||||||
}{
|
}{
|
||||||
@ -360,10 +358,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
|
|||||||
operation: kadmission.Create,
|
operation: kadmission.Create,
|
||||||
pod: unprivilegedRunAsAnyPod.DeepCopy(),
|
pod: unprivilegedRunAsAnyPod.DeepCopy(),
|
||||||
psps: []*extensions.PodSecurityPolicy{privilegedPSP},
|
psps: []*extensions.PodSecurityPolicy{privilegedPSP},
|
||||||
shouldPassAdmit: true,
|
|
||||||
shouldPassValidate: true,
|
shouldPassValidate: true,
|
||||||
expectMutation: false,
|
expectMutation: false,
|
||||||
expectedPodUser: nil,
|
|
||||||
expectedContainerUser: nil,
|
expectedContainerUser: nil,
|
||||||
expectedPSP: privilegedPSP.Name,
|
expectedPSP: privilegedPSP.Name,
|
||||||
},
|
},
|
||||||
@ -371,10 +367,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
|
|||||||
operation: kadmission.Create,
|
operation: kadmission.Create,
|
||||||
pod: unprivilegedRunAsAnyPod.DeepCopy(),
|
pod: unprivilegedRunAsAnyPod.DeepCopy(),
|
||||||
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP},
|
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP},
|
||||||
shouldPassAdmit: true,
|
|
||||||
shouldPassValidate: true,
|
shouldPassValidate: true,
|
||||||
expectMutation: false,
|
expectMutation: false,
|
||||||
expectedPodUser: nil,
|
|
||||||
expectedContainerUser: nil,
|
expectedContainerUser: nil,
|
||||||
expectedPSP: privilegedPSP.Name,
|
expectedPSP: privilegedPSP.Name,
|
||||||
},
|
},
|
||||||
@ -382,10 +376,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
|
|||||||
operation: kadmission.Create,
|
operation: kadmission.Create,
|
||||||
pod: unprivilegedRunAsAnyPod.DeepCopy(),
|
pod: unprivilegedRunAsAnyPod.DeepCopy(),
|
||||||
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
|
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
|
||||||
shouldPassAdmit: true,
|
|
||||||
shouldPassValidate: true,
|
shouldPassValidate: true,
|
||||||
expectMutation: true,
|
expectMutation: true,
|
||||||
expectedPodUser: nil,
|
|
||||||
expectedContainerUser: &mutating1.Spec.RunAsUser.Ranges[0].Min,
|
expectedContainerUser: &mutating1.Spec.RunAsUser.Ranges[0].Min,
|
||||||
expectedPSP: mutating1.Name,
|
expectedPSP: mutating1.Name,
|
||||||
},
|
},
|
||||||
@ -394,10 +386,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
|
|||||||
pod: changedPodWithSC.DeepCopy(),
|
pod: changedPodWithSC.DeepCopy(),
|
||||||
podBeforeUpdate: podWithSC.DeepCopy(),
|
podBeforeUpdate: podWithSC.DeepCopy(),
|
||||||
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP},
|
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1, privilegedPSP},
|
||||||
shouldPassAdmit: true,
|
|
||||||
shouldPassValidate: true,
|
shouldPassValidate: true,
|
||||||
expectMutation: false,
|
expectMutation: false,
|
||||||
expectedPodUser: nil,
|
|
||||||
expectedContainerUser: nil,
|
expectedContainerUser: nil,
|
||||||
expectedPSP: privilegedPSP.Name,
|
expectedPSP: privilegedPSP.Name,
|
||||||
},
|
},
|
||||||
@ -406,10 +396,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
|
|||||||
pod: changedPod.DeepCopy(),
|
pod: changedPod.DeepCopy(),
|
||||||
podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(),
|
podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(),
|
||||||
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
|
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
|
||||||
shouldPassAdmit: true,
|
|
||||||
shouldPassValidate: false,
|
shouldPassValidate: false,
|
||||||
expectMutation: false,
|
expectMutation: false,
|
||||||
expectedPodUser: nil,
|
|
||||||
expectedContainerUser: nil,
|
expectedContainerUser: nil,
|
||||||
expectedPSP: "",
|
expectedPSP: "",
|
||||||
},
|
},
|
||||||
@ -418,10 +406,8 @@ func TestAdmitPreferNonmutating(t *testing.T) {
|
|||||||
pod: unprivilegedRunAsAnyPod.DeepCopy(),
|
pod: unprivilegedRunAsAnyPod.DeepCopy(),
|
||||||
podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(),
|
podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(),
|
||||||
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
|
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
|
||||||
shouldPassAdmit: true,
|
|
||||||
shouldPassValidate: true,
|
shouldPassValidate: true,
|
||||||
expectMutation: false,
|
expectMutation: false,
|
||||||
expectedPodUser: nil,
|
|
||||||
expectedContainerUser: nil,
|
expectedContainerUser: nil,
|
||||||
expectedPSP: "",
|
expectedPSP: "",
|
||||||
},
|
},
|
||||||
@ -430,38 +416,32 @@ func TestAdmitPreferNonmutating(t *testing.T) {
|
|||||||
pod: gcChangedPod.DeepCopy(),
|
pod: gcChangedPod.DeepCopy(),
|
||||||
podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(),
|
podBeforeUpdate: unprivilegedRunAsAnyPod.DeepCopy(),
|
||||||
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
|
psps: []*extensions.PodSecurityPolicy{mutating2, mutating1},
|
||||||
shouldPassAdmit: true,
|
|
||||||
shouldPassValidate: true,
|
shouldPassValidate: true,
|
||||||
expectMutation: false,
|
expectMutation: false,
|
||||||
expectedPodUser: nil,
|
|
||||||
expectedContainerUser: nil,
|
expectedContainerUser: nil,
|
||||||
expectedPSP: "",
|
expectedPSP: "",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for k, v := range tests {
|
for k, v := range tests {
|
||||||
testPSPAdmitAdvanced(k, v.operation, v.psps, nil, &user.DefaultInfo{}, v.pod, v.podBeforeUpdate, v.shouldPassAdmit, v.shouldPassValidate, v.expectMutation, v.expectedPSP, t)
|
testPSPAdmitAdvanced(k, v.operation, v.psps, nil, &user.DefaultInfo{}, v.pod, v.podBeforeUpdate, true, v.shouldPassValidate, v.expectMutation, v.expectedPSP, t)
|
||||||
|
|
||||||
if v.shouldPassAdmit {
|
actualPodUser := (*int64)(nil)
|
||||||
actualPodUser := (*int64)(nil)
|
if v.pod.Spec.SecurityContext != nil {
|
||||||
if v.pod.Spec.SecurityContext != nil {
|
actualPodUser = v.pod.Spec.SecurityContext.RunAsUser
|
||||||
actualPodUser = v.pod.Spec.SecurityContext.RunAsUser
|
}
|
||||||
}
|
if actualPodUser != nil {
|
||||||
if (actualPodUser == nil) != (v.expectedPodUser == nil) {
|
t.Errorf("%s expected pod user nil, got %v", k, *actualPodUser)
|
||||||
t.Errorf("%s expected pod user %v, got %v", k, v.expectedPodUser, actualPodUser)
|
}
|
||||||
} else if actualPodUser != nil && *actualPodUser != *v.expectedPodUser {
|
|
||||||
t.Errorf("%s expected pod user %v, got %v", k, *v.expectedPodUser, *actualPodUser)
|
|
||||||
}
|
|
||||||
|
|
||||||
actualContainerUser := (*int64)(nil)
|
actualContainerUser := (*int64)(nil)
|
||||||
if v.pod.Spec.Containers[0].SecurityContext != nil {
|
if v.pod.Spec.Containers[0].SecurityContext != nil {
|
||||||
actualContainerUser = v.pod.Spec.Containers[0].SecurityContext.RunAsUser
|
actualContainerUser = v.pod.Spec.Containers[0].SecurityContext.RunAsUser
|
||||||
}
|
}
|
||||||
if (actualContainerUser == nil) != (v.expectedContainerUser == nil) {
|
if (actualContainerUser == nil) != (v.expectedContainerUser == nil) {
|
||||||
t.Errorf("%s expected container user %v, got %v", k, v.expectedContainerUser, actualContainerUser)
|
t.Errorf("%s expected container user %v, got %v", k, v.expectedContainerUser, actualContainerUser)
|
||||||
} else if actualContainerUser != nil && *actualContainerUser != *v.expectedContainerUser {
|
} else if actualContainerUser != nil && *actualContainerUser != *v.expectedContainerUser {
|
||||||
t.Errorf("%s expected container user %v, got %v", k, *v.expectedContainerUser, *actualContainerUser)
|
t.Errorf("%s expected container user %v, got %v", k, *v.expectedContainerUser, *actualContainerUser)
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user