PodSecurity: Make check-specific passing fixtures optional

2025-07-27 13:37:30 +00:00 · 2021-07-06 12:43:29 -04:00 · 2021-07-06 12:43:29 -04:00 · ea54b1b152
commit ea54b1b152
parent 2423842549
5 changed files with 10 additions and 9 deletions
--- a/staging/src/k8s.io/pod-security-admission/test/fixtures.go
+++ b/staging/src/k8s.io/pod-security-admission/test/fixtures.go
@ -170,8 +170,8 @@ func getFixtures(key fixtureKey) (fixtureData, error) {
 			if len(data.expectErrorSubstring) == 0 {
 				data.expectErrorSubstring = key.check
 			}
-			if len(data.pass) == 0 || len(data.fail) == 0 {
+			if len(data.fail) == 0 {
-				return fixtureData{}, fmt.Errorf("generatePass/generateFail for %#v must return at least one pod each", key)
+				return fixtureData{}, fmt.Errorf("generateFail for %#v must return at least one pod", key)
 			}
 			return data, nil
 		}
--- a/staging/src/k8s.io/pod-security-admission/test/fixtures_allowPrivilegeEscalation.go
+++ b/staging/src/k8s.io/pod-security-admission/test/fixtures_allowPrivilegeEscalation.go
@ -34,10 +34,8 @@ containerFields: []string{
 func init() {
 	fixtureData_1_8 := fixtureGenerator{
 		generatePass: func(p *corev1.Pod) []*corev1.Pod {
-			return []*corev1.Pod{
+			// minimal valid pod already captures all valid combinations
-				// only valid pod is to explicitly set allowPrivilegeEscalation to false in all containers
+			return nil
 				p,
 			}
 		},
 		generateFail: func(p *corev1.Pod) []*corev1.Pod {
 			return []*corev1.Pod{
--- a/staging/src/k8s.io/pod-security-admission/test/fixtures_hostNamespaces.go
+++ b/staging/src/k8s.io/pod-security-admission/test/fixtures_hostNamespaces.go
@ -30,7 +30,8 @@ func init() {
 	fixtureData_1_0 := fixtureGenerator{
 		expectErrorSubstring: "host namespaces",
 		generatePass: func(p *corev1.Pod) []*corev1.Pod {
-			return []*corev1.Pod{p} // minimal valid pod
+			// minimal valid pod already captures all valid combinations
 			return nil
 		},
 		generateFail: func(p *corev1.Pod) []*corev1.Pod {
 			return []*corev1.Pod{
--- a/staging/src/k8s.io/pod-security-admission/test/fixtures_hostPath.go
+++ b/staging/src/k8s.io/pod-security-admission/test/fixtures_hostPath.go
@ -30,7 +30,8 @@ func init() {
 	fixtureData_1_0 := fixtureGenerator{
 		expectErrorSubstring: "hostPath volumes",
 		generatePass: func(p *corev1.Pod) []*corev1.Pod {
-			return []*corev1.Pod{p} // minimal valid pod
+			// minimal valid pod already captures all valid combinations
 			return nil
 		},
 		generateFail: func(p *corev1.Pod) []*corev1.Pod {
 			return []*corev1.Pod{
--- a/staging/src/k8s.io/pod-security-admission/test/fixtures_hostProcess.go
+++ b/staging/src/k8s.io/pod-security-admission/test/fixtures_hostProcess.go
@ -39,7 +39,8 @@ func init() {
 	fixtureData_1_0 := fixtureGenerator{
 		generatePass: func(p *corev1.Pod) []*corev1.Pod {
-			return []*corev1.Pod{p}
+			// minimal valid pod already captures all valid combinations
 			return nil
 		},
 		failRequiresFeatures: []featuregate.Feature{"WindowsHostProcessContainers"},
 		generateFail: func(p *corev1.Pod) []*corev1.Pod {