Home Explore Help
Sign In
tzeneto
/
custom-kube-scheduler
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: b9b304b401
Branches Tags
custom-kube-...
/
kubernetes-v1.15.4
/
pkg
/
security
/
podsecuritypolicy
/
group
/
mustrunas_test.go

mustrunas_test.go 4.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181 
  1. /*
    2. 

  2. Copyright 2014 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package group
    18. 

  18. 

  19. import (
    20. 

  20. 	"strings"
    21. 

  21. 	"testing"
    22. 

  22. 

  23. 	policy "k8s.io/api/policy/v1beta1"
    24. 

  24. 	"k8s.io/apimachinery/pkg/util/validation/field"
    25. 

  25. )
    26. 

  26. 

  27. func TestMustRunAsOptions(t *testing.T) {
    28. 

  28. 	tests := map[string]struct {
    29. 

  29. 		ranges []policy.IDRange
    30. 

  30. 		pass   bool
    31. 

  31. 	}{
    32. 

  32. 		"empty": {
    33. 

  33. 			ranges: []policy.IDRange{},
    34. 

  34. 		},
    35. 

  35. 		"ranges": {
    36. 

  36. 			ranges: []policy.IDRange{
    37. 

  37. 				{Min: 1, Max: 1},
    38. 

  38. 			},
    39. 

  39. 			pass: true,
    40. 

  40. 		},
    41. 

  41. 	}
    42. 

  42. 

  43. 	for k, v := range tests {
    44. 

  44. 		_, err := NewMustRunAs(v.ranges)
    45. 

  45. 		if v.pass && err != nil {
    46. 

  46. 			t.Errorf("error creating strategy for %s: %v", k, err)
    47. 

  47. 		}
    48. 

  48. 		if !v.pass && err == nil {
    49. 

  49. 			t.Errorf("expected error for %s but got none", k)
    50. 

  50. 		}
    51. 

  51. 	}
    52. 

  52. }
    53. 

  53. 

  54. func TestGenerate(t *testing.T) {
    55. 

  55. 	tests := map[string]struct {
    56. 

  56. 		ranges   []policy.IDRange
    57. 

  57. 		expected []int64
    58. 

  58. 	}{
    59. 

  59. 		"multi value": {
    60. 

  60. 			ranges: []policy.IDRange{
    61. 

  61. 				{Min: 1, Max: 2},
    62. 

  62. 			},
    63. 

  63. 			expected: []int64{1},
    64. 

  64. 		},
    65. 

  65. 		"single value": {
    66. 

  66. 			ranges: []policy.IDRange{
    67. 

  67. 				{Min: 1, Max: 1},
    68. 

  68. 			},
    69. 

  69. 			expected: []int64{1},
    70. 

  70. 		},
    71. 

  71. 		"multi range": {
    72. 

  72. 			ranges: []policy.IDRange{
    73. 

  73. 				{Min: 1, Max: 1},
    74. 

  74. 				{Min: 2, Max: 500},
    75. 

  75. 			},
    76. 

  76. 			expected: []int64{1},
    77. 

  77. 		},
    78. 

  78. 	}
    79. 

  79. 

  80. 	for k, v := range tests {
    81. 

  81. 		s, err := NewMustRunAs(v.ranges)
    82. 

  82. 		if err != nil {
    83. 

  83. 			t.Errorf("error creating strategy for %s: %v", k, err)
    84. 

  84. 		}
    85. 

  85. 		actual, err := s.Generate(nil)
    86. 

  86. 		if err != nil {
    87. 

  87. 			t.Errorf("unexpected error for %s: %v", k, err)
    88. 

  88. 		}
    89. 

  89. 		if len(actual) != len(v.expected) {
    90. 

  90. 			t.Errorf("unexpected generated values.  Expected %v, got %v", v.expected, actual)
    91. 

  91. 			continue
    92. 

  92. 		}
    93. 

  93. 		if len(actual) > 0 && len(v.expected) > 0 {
    94. 

  94. 			if actual[0] != v.expected[0] {
    95. 

  95. 				t.Errorf("unexpected generated values.  Expected %v, got %v", v.expected, actual)
    96. 

  96. 			}
    97. 

  97. 		}
    98. 

  98. 

  99. 		single, err := s.GenerateSingle(nil)
    100. 

  100. 		if err != nil {
    101. 

  101. 			t.Errorf("unexpected error for %s: %v", k, err)
    102. 

  102. 		}
    103. 

  103. 		if single == nil {
    104. 

  104. 			t.Errorf("unexpected nil generated value for %s: %v", k, single)
    105. 

  105. 		}
    106. 

  106. 		if *single != v.expected[0] {
    107. 

  107. 			t.Errorf("unexpected generated single value.  Expected %v, got %v", v.expected, actual)
    108. 

  108. 		}
    109. 

  109. 	}
    110. 

  110. }
    111. 

  111. 

  112. func TestValidate(t *testing.T) {
    113. 

  113. 	tests := map[string]struct {
    114. 

  114. 		ranges        []policy.IDRange
    115. 

  115. 		groups        []int64
    116. 

  116. 		expectedError string
    117. 

  117. 	}{
    118. 

  118. 		"nil security context": {
    119. 

  119. 			ranges: []policy.IDRange{
    120. 

  120. 				{Min: 1, Max: 3},
    121. 

  121. 			},
    122. 

  122. 			expectedError: "unable to validate empty groups against required ranges",
    123. 

  123. 		},
    124. 

  124. 		"empty groups": {
    125. 

  125. 			ranges: []policy.IDRange{
    126. 

  126. 				{Min: 1, Max: 3},
    127. 

  127. 			},
    128. 

  128. 			expectedError: "unable to validate empty groups against required ranges",
    129. 

  129. 		},
    130. 

  130. 		"not in range": {
    131. 

  131. 			groups: []int64{5},
    132. 

  132. 			ranges: []policy.IDRange{
    133. 

  133. 				{Min: 1, Max: 3},
    134. 

  134. 				{Min: 4, Max: 4},
    135. 

  135. 			},
    136. 

  136. 			expectedError: "group 5 must be in the ranges: [{1 3} {4 4}]",
    137. 

  137. 		},
    138. 

  138. 		"in range 1": {
    139. 

  139. 			groups: []int64{2},
    140. 

  140. 			ranges: []policy.IDRange{
    141. 

  141. 				{Min: 1, Max: 3},
    142. 

  142. 			},
    143. 

  143. 		},
    144. 

  144. 		"in range boundary min": {
    145. 

  145. 			groups: []int64{1},
    146. 

  146. 			ranges: []policy.IDRange{
    147. 

  147. 				{Min: 1, Max: 3},
    148. 

  148. 			},
    149. 

  149. 		},
    150. 

  150. 		"in range boundary max": {
    151. 

  151. 			groups: []int64{3},
    152. 

  152. 			ranges: []policy.IDRange{
    153. 

  153. 				{Min: 1, Max: 3},
    154. 

  154. 			},
    155. 

  155. 		},
    156. 

  156. 		"singular range": {
    157. 

  157. 			groups: []int64{4},
    158. 

  158. 			ranges: []policy.IDRange{
    159. 

  159. 				{Min: 4, Max: 4},
    160. 

  160. 			},
    161. 

  161. 		},
    162. 

  162. 	}
    163. 

  163. 

  164. 	for k, v := range tests {
    165. 

  165. 		s, err := NewMustRunAs(v.ranges)
    166. 

  166. 		if err != nil {
    167. 

  167. 			t.Errorf("error creating strategy for %s: %v", k, err)
    168. 

  168. 		}
    169. 

  169. 		errs := s.Validate(field.NewPath(""), nil, v.groups)
    170. 

  170. 		if v.expectedError == "" && len(errs) > 0 {
    171. 

  171. 			t.Errorf("unexpected errors for %s: %v", k, errs)
    172. 

  172. 		}
    173. 

  173. 		if v.expectedError != "" && len(errs) == 0 {
    174. 

  174. 			t.Errorf("expected errors for %s but got: %v", k, errs)
    175. 

  175. 		}
    176. 

  176. 		if v.expectedError != "" && len(errs) > 0 && !strings.Contains(errs[0].Error(), v.expectedError) {
    177. 

  177. 			t.Errorf("expected error for %s: %v, but got: %v", k, v.expectedError, errs[0])
    178. 

  178. 		}
    179. 

  179. 	}
    180. 

  180. }
    181. 

  181.