Add unit tests for DesiredStateOfWorldPopulator

2025-07-24 04:06:03 +00:00 · 2022-07-29 13:21:50 +02:00 · 2022-07-29 13:21:50 +02:00 · f9c7ce5b9c
commit f9c7ce5b9c
parent 39f0d78714
2 changed files with 195 additions and 1 deletions
--- a/pkg/kubelet/volumemanager/populator/desired_state_of_world_populator_test.go
+++ b/pkg/kubelet/volumemanager/populator/desired_state_of_world_populator_test.go
@ -31,7 +31,9 @@ import (
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/client-go/kubernetes/fake"
 	core "k8s.io/client-go/testing"
 	featuregatetesting "k8s.io/component-base/featuregate/testing"
 	csitrans "k8s.io/csi-translation-lib"
 	"k8s.io/kubernetes/pkg/features"
 	"k8s.io/kubernetes/pkg/kubelet/configmap"
 	containertest "k8s.io/kubernetes/pkg/kubelet/container/testing"
 	kubepod "k8s.io/kubernetes/pkg/kubelet/pod"
@ -1067,6 +1069,195 @@ func TestCheckVolumeFSResize(t *testing.T) {
 	}
 }
 func TestCheckVolumeSELinux(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ReadWriteOncePod, true)()
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.SELinuxMountReadWriteOncePod, true)()
 	fullOpts := &v1.SELinuxOptions{
 		User:  "system_u",
 		Role:  "object_r",
 		Type:  "container_t",
 		Level: "s0:c1,c2",
 	}
 	differentFullOpts := &v1.SELinuxOptions{
 		User:  "system_u",
 		Role:  "object_r",
 		Type:  "container_t",
 		Level: "s0:c9998,c9999",
 	}
 	partialOpts := &v1.SELinuxOptions{
 		Level: "s0:c3,c4",
 	}
 	testcases := []struct {
 		name                         string
 		accessModes                  []v1.PersistentVolumeAccessMode
 		existingContainerSELinuxOpts *v1.SELinuxOptions
 		newContainerSELinuxOpts      *v1.SELinuxOptions
 		pluginSupportsSELinux        bool
 		expectError                  bool
 		expectedContext              string
 	}{
 		{
 			name:                    "RWOP with plugin with SELinux with full context in pod",
 			accessModes:             []v1.PersistentVolumeAccessMode{v1.ReadWriteOncePod},
 			newContainerSELinuxOpts: fullOpts,
 			pluginSupportsSELinux:   true,
 			expectedContext:         "system_u:object_r:container_file_t:s0:c1,c2",
 		},
 		{
 			name:                    "RWOP with plugin with SELinux with partial context in pod",
 			accessModes:             []v1.PersistentVolumeAccessMode{v1.ReadWriteOncePod},
 			newContainerSELinuxOpts: partialOpts,
 			pluginSupportsSELinux:   true,
 			expectedContext:         "system_u:object_r:container_file_t:s0:c3,c4",
 		},
 		{
 			name:                    "RWX with plugin with SELinux with fill context in pod",
 			accessModes:             []v1.PersistentVolumeAccessMode{v1.ReadWriteMany},
 			newContainerSELinuxOpts: fullOpts,
 			pluginSupportsSELinux:   true,
 			expectedContext:         "", // RWX volumes don't support SELinux
 		},
 		{
 			name:                    "RWOP with plugin with no SELinux with fill context in pod",
 			accessModes:             []v1.PersistentVolumeAccessMode{v1.ReadWriteOncePod},
 			newContainerSELinuxOpts: fullOpts,
 			pluginSupportsSELinux:   false,
 			expectedContext:         "", // plugin doesn't support SELinux
 		},
 		{
 			name:                    "RWOP with plugin with SELinux with no context in pod",
 			accessModes:             []v1.PersistentVolumeAccessMode{v1.ReadWriteOncePod},
 			newContainerSELinuxOpts: nil,
 			pluginSupportsSELinux:   true,
 			expectedContext:         "",
 		},
 		{
 			name:                         "RWOP with plugin with SELinux with full context in pod with existing pod",
 			accessModes:                  []v1.PersistentVolumeAccessMode{v1.ReadWriteOncePod},
 			existingContainerSELinuxOpts: fullOpts,
 			newContainerSELinuxOpts:      fullOpts,
 			pluginSupportsSELinux:        true,
 			expectedContext:              "system_u:object_r:container_file_t:s0:c1,c2",
 		},
 		{
 			name:                         "mismatched SELinux with RWX - success",
 			accessModes:                  []v1.PersistentVolumeAccessMode{v1.ReadWriteMany},
 			existingContainerSELinuxOpts: fullOpts,
 			newContainerSELinuxOpts:      differentFullOpts,
 			pluginSupportsSELinux:        true,
 			expectedContext:              "",
 		},
 		{
 			name:                         "mismatched SELinux with RWOP - failure",
 			accessModes:                  []v1.PersistentVolumeAccessMode{v1.ReadWriteOncePod},
 			existingContainerSELinuxOpts: fullOpts,
 			newContainerSELinuxOpts:      differentFullOpts,
 			pluginSupportsSELinux:        true,
 			expectError:                  true,
 			// The original seLinuxOpts are kept in DSW
 			expectedContext: "system_u:object_r:container_file_t:s0:c1,c2",
 		},
 	}
 	for _, tc := range testcases {
 		t.Run(tc.name, func(t *testing.T) {
 			pv := &v1.PersistentVolume{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "dswp-test-volume-name",
 				},
 				Spec: v1.PersistentVolumeSpec{
 					PersistentVolumeSource: v1.PersistentVolumeSource{RBD: &v1.RBDPersistentVolumeSource{}},
 					Capacity:               volumeCapacity(1),
 					ClaimRef:               &v1.ObjectReference{Namespace: "ns", Name: "file-bound"},
 					AccessModes:            tc.accessModes,
 				},
 			}
 			pvc := &v1.PersistentVolumeClaim{
 				Spec: v1.PersistentVolumeClaimSpec{
 					VolumeName: pv.Name,
 					Resources: v1.ResourceRequirements{
 						Requests: pv.Spec.Capacity,
 					},
 					AccessModes: tc.accessModes,
 				},
 				Status: v1.PersistentVolumeClaimStatus{
 					Phase:    v1.ClaimBound,
 					Capacity: pv.Spec.Capacity,
 				},
 			}
 			container := v1.Container{
 				SecurityContext: &v1.SecurityContext{
 					SELinuxOptions: nil,
 				},
 				VolumeMounts: []v1.VolumeMount{
 					{
 						Name:      pv.Name,
 						MountPath: "/mnt",
 					},
 				},
 			}
 			fakeVolumePluginMgr, plugin := volumetesting.GetTestKubeletVolumePluginMgr(t)
 			plugin.SupportsSELinux = tc.pluginSupportsSELinux
 			dswp, fakePodManager, fakeDSW, _, _ := createDswpWithVolumeWithCustomPluginMgr(t, pv, pvc, fakeVolumePluginMgr)
 			var existingPod *v1.Pod
 			if tc.existingContainerSELinuxOpts != nil {
 				// Add existing pod + volume
 				existingContainer := container
 				existingContainer.SecurityContext.SELinuxOptions = tc.existingContainerSELinuxOpts
 				existingPod = createPodWithVolume("dswp-old-pod", "dswp-test-volume-name", "file-bound", []v1.Container{existingContainer})
 				fakePodManager.AddPod(existingPod)
 				dswp.findAndAddNewPods()
 			}
 			newContainer := container
 			newContainer.SecurityContext.SELinuxOptions = tc.newContainerSELinuxOpts
 			newPod := createPodWithVolume("dswp-test-pod", "dswp-test-volume-name", "file-bound", []v1.Container{newContainer})
 			// Act - add the new Pod
 			fakePodManager.AddPod(newPod)
 			dswp.findAndAddNewPods()
 			// Assert
 			// Check the global volume state
 			uniquePodName := types.UniquePodName(newPod.UID)
 			uniqueVolumeName := v1.UniqueVolumeName("fake-plugin/" + newPod.Spec.Volumes[0].Name)
 			volumeExists := fakeDSW.VolumeExists(uniqueVolumeName, tc.expectedContext)
 			if !volumeExists {
 				t.Errorf(
 					"VolumeExists(%q) failed. Expected: <true> Actual: <%v>",
 					uniqueVolumeName,
 					volumeExists)
 			}
 			// Check the Pod local volume state
 			podExistsInVolume := fakeDSW.PodExistsInVolume(uniquePodName, uniqueVolumeName, tc.expectedContext)
 			if !podExistsInVolume && !tc.expectError {
 				t.Errorf(
 					"DSW PodExistsInVolume returned incorrect value. Expected: <true> Actual: <%v>",
 					podExistsInVolume)
 			}
 			if podExistsInVolume && tc.expectError {
 				t.Errorf(
 					"DSW PodExistsInVolume returned incorrect value. Expected: <false> Actual: <%v>",
 					podExistsInVolume)
 			}
 			errors := fakeDSW.GetPodsWithErrors()
 			if tc.expectError && len(errors) == 0 {
 				t.Errorf("Expected Pod error, got none")
 			}
 			if !tc.expectError && len(errors) > 0 {
 				t.Errorf("Unexpected Pod errors: %v", errors)
 			}
 			verifyVolumeExistsInVolumesToMount(t, uniqueVolumeName, false /* expectReportedInUse */, fakeDSW)
 		})
 	}
 }
 func createResizeRelatedVolumes(volumeMode *v1.PersistentVolumeMode) (pv *v1.PersistentVolume, pvc *v1.PersistentVolumeClaim) {
 	pv = &v1.PersistentVolume{
 		ObjectMeta: metav1.ObjectMeta{
@ -1175,7 +1366,7 @@ func createPodWithVolume(pod, pv, pvc string, containers []v1.Container) *v1.Pod
 	return &v1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      pod,
-			UID:       "dswp-test-pod-uid",
+			UID:       kubetypes.UID(pod + "-uid"),
 			Namespace: "dswp-test",
 		},
 		Spec: v1.PodSpec{
--- a/pkg/volume/util/util_test.go
+++ b/pkg/volume/util/util_test.go
@ -28,7 +28,10 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	featuregatetesting "k8s.io/component-base/featuregate/testing"
 	_ "k8s.io/kubernetes/pkg/apis/core/install"
 	"k8s.io/kubernetes/pkg/features"
 	"k8s.io/kubernetes/pkg/util/slice"
 	"k8s.io/kubernetes/pkg/volume"
 	utilptr "k8s.io/utils/pointer"