diff --git a/pkg/controller/volume/selinuxwarning/selinux_warning_controller_test.go b/pkg/controller/volume/selinuxwarning/selinux_warning_controller_test.go index dda563f7541..ae324907f11 100644 --- a/pkg/controller/volume/selinuxwarning/selinux_warning_controller_test.go +++ b/pkg/controller/volume/selinuxwarning/selinux_warning_controller_test.go @@ -338,6 +338,84 @@ func TestSELinuxWarningController_Sync(t *testing.T) { `Normal SELinuxLabelConflict SELinuxLabel ":::s0:c1,c2" conflicts with pod pod2 that uses the same volume as this pod with SELinuxLabel ":::s0:c98,c99". If both pods land on the same node, only one of them may access the volume.`, }, }, + { + name: "pending pod is processed", + existingPVCs: []*v1.PersistentVolumeClaim{ + pvcBoundToPV("pv1", "pvc1"), + }, + existingPVs: []*v1.PersistentVolume{ + pvBoundToPVC("pv1", "pvc1"), + }, + existingPods: []*v1.Pod{ + pod("pod1", "s0:c1,c2", nil).withPVC("pvc1", "vol1").withPhase(v1.PodPending).build(), + }, + pod: cache.ObjectName{Namespace: namespace, Name: "pod1"}, + expectedEvents: nil, + expectedAddedVolumes: []addedVolume{ + { + volumeName: "fake-plugin/pv1", + podKey: cache.ObjectName{Namespace: namespace, Name: "pod1"}, + label: ":::s0:c1,c2", + changePolicy: v1.SELinuxChangePolicyMountOption, + csiDriver: "ebs.csi.aws.com", + }, + }, + }, + { + name: "unknown pod is processed", + existingPVCs: []*v1.PersistentVolumeClaim{ + pvcBoundToPV("pv1", "pvc1"), + }, + existingPVs: []*v1.PersistentVolume{ + pvBoundToPVC("pv1", "pvc1"), + }, + existingPods: []*v1.Pod{ + pod("pod1", "s0:c1,c2", nil).withPVC("pvc1", "vol1").withPhase(v1.PodUnknown).build(), + }, + pod: cache.ObjectName{Namespace: namespace, Name: "pod1"}, + expectedEvents: nil, + expectedAddedVolumes: []addedVolume{ + { + volumeName: "fake-plugin/pv1", + podKey: cache.ObjectName{Namespace: namespace, Name: "pod1"}, + label: ":::s0:c1,c2", + changePolicy: v1.SELinuxChangePolicyMountOption, + csiDriver: "ebs.csi.aws.com", + }, + }, + }, + { + name: "succeeded pod is removed from the cache", + existingPVCs: []*v1.PersistentVolumeClaim{ + pvcBoundToPV("pv1", "pvc1"), + }, + existingPVs: []*v1.PersistentVolume{ + pvBoundToPVC("pv1", "pvc1"), + }, + existingPods: []*v1.Pod{ + pod("pod1", "s0:c1,c2", nil).withPVC("pvc1", "vol1").withPhase(v1.PodSucceeded).build(), + }, + pod: cache.ObjectName{Namespace: namespace, Name: "pod1"}, + expectedEvents: nil, + expectedAddedVolumes: nil, + expectedDeletedPods: []cache.ObjectName{{Namespace: namespace, Name: "pod1"}}, + }, + { + name: "failed pod is removed from the cache", + existingPVCs: []*v1.PersistentVolumeClaim{ + pvcBoundToPV("pv1", "pvc1"), + }, + existingPVs: []*v1.PersistentVolume{ + pvBoundToPVC("pv1", "pvc1"), + }, + existingPods: []*v1.Pod{ + pod("pod1", "s0:c1,c2", nil).withPVC("pvc1", "vol1").withPhase(v1.PodFailed).build(), + }, + pod: cache.ObjectName{Namespace: namespace, Name: "pod1"}, + expectedEvents: nil, + expectedAddedVolumes: nil, + expectedDeletedPods: []cache.ObjectName{{Namespace: namespace, Name: "pod1"}}, + }, { name: "deleted pod", existingPods: []*v1.Pod{ @@ -533,10 +611,18 @@ func pod(podName, level string, changePolicy *v1.PodSELinuxChangePolicy) *podBui }, }, }, + Status: v1.PodStatus{ + Phase: v1.PodRunning, + }, }, } } +func (b *podBuilder) withPhase(phase v1.PodPhase) *podBuilder { + b.pod.Status.Phase = phase + return b +} + func (b *podBuilder) withInlineVolume() *podBuilder { b.pod.Spec.Volumes = append(b.pod.Spec.Volumes, v1.Volume{ Name: "inlineVolume",