github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 04:33:26 +00:00
Code Issues Projects Releases Wiki Activity

Add unit tests for allowSubDomainSecret format validation

Browse Source 
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
Humble Chirammal 2022-07-19 09:51:53 +05:30
parent 5c92e4b816
commit e2ab0f93e6
1 changed files with 88 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
pkg/apis/core/validation/validation_test.go
View File

@ -759,7 +759,7 @@ func TestValidatePersistentVolumeSourceUpdate(t *testing.T) {
newVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "controllerExpand"), newVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "controllerExpand"),
}, },
"csi-expansion-enabled-from-longSecretRef-to-longSecretRef": { "csi-expansion-enabled-from-longSecretRef-to-longSecretRef": {
isExpectedFailure: true, isExpectedFailure: false,
oldVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "controllerExpand"), oldVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "controllerExpand"),
newVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "controllerExpand"), newVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "controllerExpand"),
}, },
@ -784,7 +784,7 @@ func TestValidatePersistentVolumeSourceUpdate(t *testing.T) {
newVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "controllerPublish"), newVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "controllerPublish"),
}, },
"csi-cntrlpublish-enabled-from-longSecretRef-to-longSecretRef": { "csi-cntrlpublish-enabled-from-longSecretRef-to-longSecretRef": {
isExpectedFailure: true, isExpectedFailure: false,
oldVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "controllerPublish"), oldVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "controllerPublish"),
newVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "controllerPublish"), newVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "controllerPublish"),
}, },
@ -809,7 +809,7 @@ func TestValidatePersistentVolumeSourceUpdate(t *testing.T) {
newVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "nodePublish"), newVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "nodePublish"),
}, },
"csi-nodepublish-enabled-from-longSecretRef-to-longSecretRef": { "csi-nodepublish-enabled-from-longSecretRef-to-longSecretRef": {
isExpectedFailure: true, isExpectedFailure: false,
oldVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "nodePublish"), oldVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "nodePublish"),
newVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "nodePublish"), newVolume: getCSIVolumeWithSecret(validCSIVolume, longSecretRef, "nodePublish"),
}, },
@ -2749,6 +2749,7 @@ func TestValidateCSIPersistentVolumeSource(t *testing.T) {
csi *core.CSIPersistentVolumeSource csi *core.CSIPersistentVolumeSource
errtype field.ErrorType errtype field.ErrorType
errfield string errfield string
allowDNSSubDomainSecretName bool
}{ }{
{ {
name: "all required fields ok", name: "all required fields ok",
@ -2906,10 +2907,88 @@ func TestValidateCSIPersistentVolumeSource(t *testing.T) {
name: "valid nodeExpandSecretRef", name: "valid nodeExpandSecretRef",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", NodeExpandSecretRef: &core.SecretReference{Name: "foobar", Namespace: "default"}}, csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", NodeExpandSecretRef: &core.SecretReference{Name: "foobar", Namespace: "default"}},
}, },
{
name: "Invalid nodePublishSecretRef",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", NodePublishSecretRef: &core.SecretReference{Name: "foobar", Namespace: "default"}},
},
// tests with allowDNSSubDomainSecretName flag on/off
{
name: "valid nodeExpandSecretRef with allow flag off",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", NodeExpandSecretRef: &core.SecretReference{Name: strings.Repeat("g", 63), Namespace: "default"}},
allowDNSSubDomainSecretName: false,
},
{
name: "Invalid nodeExpandSecretRef with allow flag off",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", NodeExpandSecretRef: &core.SecretReference{Name: strings.Repeat("g", 65), Namespace: "default"}},
allowDNSSubDomainSecretName: false,
errtype: field.ErrorTypeInvalid,
errfield: "nodeExpandSecretRef.name",
},
{
name: "valid nodeExpandSecretRef with allow flag on",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", NodeExpandSecretRef: &core.SecretReference{Name: strings.Repeat("g", 65), Namespace: "default"}},
allowDNSSubDomainSecretName: true,
},
{
name: "Invalid nodeExpandSecretRef with allow flag on",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", NodeExpandSecretRef: &core.SecretReference{Name: strings.Repeat("g", 255), Namespace: "default"}},
allowDNSSubDomainSecretName: true,
errtype: field.ErrorTypeInvalid,
errfield: "nodeExpandSecretRef.name",
},
{
name: "valid nodePublishSecretRef with allow flag off",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", NodePublishSecretRef: &core.SecretReference{Name: strings.Repeat("g", 63), Namespace: "default"}},
allowDNSSubDomainSecretName: false,
},
{
name: "Invalid nodePublishSecretRef with allow flag off",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", NodePublishSecretRef: &core.SecretReference{Name: strings.Repeat("g", 65), Namespace: "default"}},
allowDNSSubDomainSecretName: false,
errtype: field.ErrorTypeInvalid,
errfield: "nodePublishSecretRef.name",
},
{
name: "valid nodePublishSecretRef with allow flag on",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", NodePublishSecretRef: &core.SecretReference{Name: strings.Repeat("g", 65), Namespace: "default"}},
allowDNSSubDomainSecretName: true,
},
{
name: "Invalid nodePublishSecretRef with allow flag on",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", NodePublishSecretRef: &core.SecretReference{Name: strings.Repeat("g", 255), Namespace: "default"}},
allowDNSSubDomainSecretName: true,
errtype: field.ErrorTypeInvalid,
errfield: "nodePublishSecretRef.name",
},
{
name: "valid ControllerExpandSecretRef with allow flag off",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", ControllerExpandSecretRef: &core.SecretReference{Name: strings.Repeat("g", 63), Namespace: "default"}},
allowDNSSubDomainSecretName: false,
},
{
name: "Invalid ControllerExpandSecretRef with allow flag off",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", ControllerExpandSecretRef: &core.SecretReference{Name: strings.Repeat("g", 65), Namespace: "default"}},
allowDNSSubDomainSecretName: false,
errtype: field.ErrorTypeInvalid,
errfield: "controllerExpandSecretRef.name",
},
{
name: "valid ControllerExpandSecretRef with allow flag on",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", ControllerExpandSecretRef: &core.SecretReference{Name: strings.Repeat("g", 65), Namespace: "default"}},
allowDNSSubDomainSecretName: true,
},
{
name: "Invalid ControllerExpandSecretRef with allow flag on",
csi: &core.CSIPersistentVolumeSource{Driver: "com.google.gcepd", VolumeHandle: "foobar", ControllerExpandSecretRef: &core.SecretReference{Name: strings.Repeat("g", 255), Namespace: "default"}},
allowDNSSubDomainSecretName: true,
errtype: field.ErrorTypeInvalid,
errfield: "controllerExpandSecretRef.name",
},
} }
for i, tc := range testCases { for i, tc := range testCases {
errs := validateCSIPersistentVolumeSource(tc.csi, field.NewPath("field")) errs := validateCSIPersistentVolumeSource(tc.csi, tc.allowDNSSubDomainSecretName, field.NewPath("field"))
if len(errs) > 0 && tc.errtype == "" { if len(errs) > 0 && tc.errtype == "" {
t.Errorf("[%d: %q] unexpected error(s): %v", i, tc.name, errs) t.Errorf("[%d: %q] unexpected error(s): %v", i, tc.name, errs)
@ -20559,7 +20638,7 @@ func TestValidatePVSecretReference(t *testing.T) {
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
errs := validatePVSecretReference(tt.args.secretRef, tt.args.fldPath) errs := validatePVSecretReference(tt.args.secretRef, false, tt.args.fldPath)
if tt.expectError && len(errs) == 0 { if tt.expectError && len(errs) == 0 {
t.Errorf("Unexpected success") t.Errorf("Unexpected success")
} }