This PR fixes a possible panic caused by decoding a JSON document
followed by a YAML document that is shorter than the first json
document.
This can cause a panic because the stream already consumed the JSON
data. When we fallback to YAML reader, the YAML starts with a zero
offset while the stream consumed data is non-zero. This could lead into
consuming negative bytes because `d.yaml.InputOffset() -
d.stream.Consumed()` is negative which will cause a panic.
Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
rewrite the tests porting to the new layout and utilities.
We may add more cases and better integration in the future.
Signed-off-by: Francesco Romani <fromani@redhat.com>
now that we have a minimal BeforeEach (and let's keep it this way)
we can factor out the reservedCPUs setting, since it's the same
code for each testcase.
Signed-off-by: Francesco Romani <fromani@redhat.com>
reuse existing building blocks at the cost of
a tiny, non-nested BeforeEach (which is still OK)
and some targeted duplication.
Signed-off-by: Francesco Romani <fromani@redhat.com>
rewrite tests which exercise multiple container within the
same pod. Preserve the existing testcases, add more.
Note basic coverage for mixed pods - some containers requiring
exclusive CPUs, some not, was already added with the initial batch.
Signed-off-by: Francesco Romani <fromani@redhat.com>
We have tests which cover the case on which a pod
with a single container require multiple CPUs;
rewrite them preserving the testcases and actually
adding coverage.
Add and use stricter checks along the way.
Signed-off-by: Francesco Romani <fromani@redhat.com>
Complete the rewrite the policy option compatibility tests,
rewriting the tests which check compatibility
between the `full-pcpus-only` and `distribute-cpus-across-numa`.
All testcases are preserved.
Signed-off-by: Francesco Romani <fromani@redhat.com>
Rewrite the policy option compatibility tests.
We start with the tests which check the compatibility
between the `full-pcpus-only` and `strict-cpu-reservation`
tests, because the former is the only GA option
at time of writing.
All testcases are preserved.
Signed-off-by: Francesco Romani <fromani@redhat.com>
rewrite the cpumanager e2e tests for the
`strict-cpu-reservation` policy option to fit
into the new layout.
All testcases are preserved.
Signed-off-by: Francesco Romani <fromani@redhat.com>
Rewrite the cpumanager tests to make use of the lessons
learned, more modern idioms, remove obsolete assumptions
and in gneeral remove all the legacy which was accumulating
over the years.
The goal is to have a simpler, flatter and more maintenable
code layout, de-entangle the net of dependency,
making the tests more robust and easier to extend.
In short, this is all about maintainability. All the testcases
will be preserved, and few other can be added along the way.
Comments in the code will explain the code layout decisions
and tradeoff, and provide a good guide to add more tests
in the future.
Special care was added in order to maximize the isolation between
tests, at cost, in selected cases of a controlled and planned
code duplication.
Signed-off-by: Francesco Romani <fromani@redhat.com>
Test case:
```
type T1 struct {
T2 T2 `json:"t2"`
T3 T3 `json:"t3"`
}
type T2 struct {
ST1 []T1 `json:"st1"`
}
// +k8s:validateFalse
type T3 struct {
T4 T4 `json:"t4"`
}
type T4 struct {
ST3 []T3 `json:"st3"`
}
```
Today, we do not detect T2 as having validations because T1 was
incomplete because T3 had not been finished. This is hard to resolve in
the current model where we look at `hasValidations()` during discovery.
We don't have the information we need at that point.
This commit changes the approach.
Instead of saying:
```
if hasValidation(slice-element-type) {
save the eachVal(type-function)
}
```
...we ALWAYS track the `eachVal(type-function)`, but in a different
field. Then at emit time we can check `hasValidations` and emit the
code to call the eachVal only if actually needed.
Additionally, `hasValidations` is changed to not cache answers. This was
the source of part of the original problem and, on measuring, the cache
added little performance, so I nixed it. As we add coverage across all
of k/k we might want to bring it back, but now we have good tests.
I converted `hasValidations` back to a method which is only accessible
in emit phase, not discovery. Not more temptation.
Lastly, I added test cases.
Improve audit context handling by encapsulating event data and operations behind a structured API. Make
the Audit system more robust in concurrent environments by properly isolating mutable state. The cleaner
API simplifies interaction with audit events, improving maintainability. Encapsulation reduces bugs
by preventing direct manipulation of audit events.
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Co-Authored-By: Jordan Liggitt <liggitt@google.com>
Co-Authored-By: sxllwx <scottwangsxll@gmail.com>
https://kep.k8s.io/3638 has been promoted to stable back in 1.32 so now
is the right time to drop this feature gate entirely.
Signed-off-by: Maciej Szulik <soltysh@gmail.com>