Home Explore Help
Sign In
tzeneto
/
custom-kube-scheduler
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: cb14858ef6
Branches Tags
custom-kube-...
/
kubernetes
/
pkg
/
api
/
v1
/
persistentvolume
/
util_test.go

util_test.go 13 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281 
  1. /*
    2. 

  2. Copyright 2017 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package persistentvolume
    18. 

  18. 

  19. import (
    20. 

  20. 	"reflect"
    21. 

  21. 	"strings"
    22. 

  22. 	"testing"
    23. 

  23. 

  24. 	corev1 "k8s.io/api/core/v1"
    25. 

  25. 	"k8s.io/apimachinery/pkg/util/sets"
    26. 

  26. 	"k8s.io/apimachinery/pkg/util/validation/field"
    27. 

  27. 	api "k8s.io/kubernetes/pkg/apis/core"
    28. 

  28. )
    29. 

  29. 

  30. func TestPVSecrets(t *testing.T) {
    31. 

  31. 	// Stub containing all possible secret references in a PV.
    32. 

  32. 	// The names of the referenced secrets match struct paths detected by reflection.
    33. 

  33. 	secretNamespace := "Spec.PersistentVolumeSource.AzureFile.SecretNamespace"
    34. 

  34. 	pvs := []*corev1.PersistentVolume{
    35. 

  35. 		{Spec: corev1.PersistentVolumeSpec{
    36. 

  36. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    37. 

  37. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    38. 

  38. 				AzureFile: &corev1.AzureFilePersistentVolumeSource{
    39. 

  39. 					SecretName: "Spec.PersistentVolumeSource.AzureFile.SecretName"}}}},
    40. 

  40. 		{Spec: corev1.PersistentVolumeSpec{
    41. 

  41. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    42. 

  42. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    43. 

  43. 				AzureFile: &corev1.AzureFilePersistentVolumeSource{
    44. 

  44. 					SecretName:      "Spec.PersistentVolumeSource.AzureFile.SecretName",
    45. 

  45. 					SecretNamespace: &secretNamespace}}}},
    46. 

  46. 		{Spec: corev1.PersistentVolumeSpec{
    47. 

  47. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    48. 

  48. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    49. 

  49. 				CephFS: &corev1.CephFSPersistentVolumeSource{
    50. 

  50. 					SecretRef: &corev1.SecretReference{
    51. 

  51. 						Name:      "Spec.PersistentVolumeSource.CephFS.SecretRef",
    52. 

  52. 						Namespace: "cephfs"}}}}},
    53. 

  53. 		{Spec: corev1.PersistentVolumeSpec{
    54. 

  54. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    55. 

  55. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    56. 

  56. 				CephFS: &corev1.CephFSPersistentVolumeSource{
    57. 

  57. 					SecretRef: &corev1.SecretReference{
    58. 

  58. 						Name: "Spec.PersistentVolumeSource.CephFS.SecretRef"}}}}},
    59. 

  59. 		{Spec: corev1.PersistentVolumeSpec{
    60. 

  60. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    61. 

  61. 				Cinder: &corev1.CinderPersistentVolumeSource{
    62. 

  62. 					SecretRef: &corev1.SecretReference{
    63. 

  63. 						Name:      "Spec.PersistentVolumeSource.Cinder.SecretRef",
    64. 

  64. 						Namespace: "cinder"}}}}},
    65. 

  65. 		{Spec: corev1.PersistentVolumeSpec{
    66. 

  66. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    67. 

  67. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    68. 

  68. 				FlexVolume: &corev1.FlexPersistentVolumeSource{
    69. 

  69. 					SecretRef: &corev1.SecretReference{
    70. 

  70. 						Name:      "Spec.PersistentVolumeSource.FlexVolume.SecretRef",
    71. 

  71. 						Namespace: "flexns"}}}}},
    72. 

  72. 		{Spec: corev1.PersistentVolumeSpec{
    73. 

  73. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    74. 

  74. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    75. 

  75. 				FlexVolume: &corev1.FlexPersistentVolumeSource{
    76. 

  76. 					SecretRef: &corev1.SecretReference{
    77. 

  77. 						Name: "Spec.PersistentVolumeSource.FlexVolume.SecretRef"}}}}},
    78. 

  78. 		{Spec: corev1.PersistentVolumeSpec{
    79. 

  79. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    80. 

  80. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    81. 

  81. 				RBD: &corev1.RBDPersistentVolumeSource{
    82. 

  82. 					SecretRef: &corev1.SecretReference{
    83. 

  83. 						Name: "Spec.PersistentVolumeSource.RBD.SecretRef"}}}}},
    84. 

  84. 		{Spec: corev1.PersistentVolumeSpec{
    85. 

  85. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    86. 

  86. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    87. 

  87. 				RBD: &corev1.RBDPersistentVolumeSource{
    88. 

  88. 					SecretRef: &corev1.SecretReference{
    89. 

  89. 						Name:      "Spec.PersistentVolumeSource.RBD.SecretRef",
    90. 

  90. 						Namespace: "rbdns"}}}}},
    91. 

  91. 		{Spec: corev1.PersistentVolumeSpec{
    92. 

  92. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    93. 

  93. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    94. 

  94. 				ScaleIO: &corev1.ScaleIOPersistentVolumeSource{
    95. 

  95. 					SecretRef: &corev1.SecretReference{
    96. 

  96. 						Name: "Spec.PersistentVolumeSource.ScaleIO.SecretRef"}}}}},
    97. 

  97. 		{Spec: corev1.PersistentVolumeSpec{
    98. 

  98. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    99. 

  99. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    100. 

  100. 				ScaleIO: &corev1.ScaleIOPersistentVolumeSource{
    101. 

  101. 					SecretRef: &corev1.SecretReference{
    102. 

  102. 						Name:      "Spec.PersistentVolumeSource.ScaleIO.SecretRef",
    103. 

  103. 						Namespace: "scaleions"}}}}},
    104. 

  104. 		{Spec: corev1.PersistentVolumeSpec{
    105. 

  105. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    106. 

  106. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    107. 

  107. 				ISCSI: &corev1.ISCSIPersistentVolumeSource{
    108. 

  108. 					SecretRef: &corev1.SecretReference{
    109. 

  109. 						Name:      "Spec.PersistentVolumeSource.ISCSI.SecretRef",
    110. 

  110. 						Namespace: "iscsi"}}}}},
    111. 

  111. 		{Spec: corev1.PersistentVolumeSpec{
    112. 

  112. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    113. 

  113. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    114. 

  114. 				ISCSI: &corev1.ISCSIPersistentVolumeSource{
    115. 

  115. 					SecretRef: &corev1.SecretReference{
    116. 

  116. 						Name: "Spec.PersistentVolumeSource.ISCSI.SecretRef"}}}}},
    117. 

  117. 		{Spec: corev1.PersistentVolumeSpec{
    118. 

  118. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    119. 

  119. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    120. 

  120. 				StorageOS: &corev1.StorageOSPersistentVolumeSource{
    121. 

  121. 					SecretRef: &corev1.ObjectReference{
    122. 

  122. 						Name:      "Spec.PersistentVolumeSource.StorageOS.SecretRef",
    123. 

  123. 						Namespace: "storageosns"}}}}},
    124. 

  124. 		{Spec: corev1.PersistentVolumeSpec{
    125. 

  125. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    126. 

  126. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    127. 

  127. 				CSI: &corev1.CSIPersistentVolumeSource{
    128. 

  128. 					ControllerPublishSecretRef: &corev1.SecretReference{
    129. 

  129. 						Name:      "Spec.PersistentVolumeSource.CSI.ControllerPublishSecretRef",
    130. 

  130. 						Namespace: "csi"}}}}},
    131. 

  131. 		{Spec: corev1.PersistentVolumeSpec{
    132. 

  132. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    133. 

  133. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    134. 

  134. 				CSI: &corev1.CSIPersistentVolumeSource{
    135. 

  135. 					NodePublishSecretRef: &corev1.SecretReference{
    136. 

  136. 						Name:      "Spec.PersistentVolumeSource.CSI.NodePublishSecretRef",
    137. 

  137. 						Namespace: "csi"}}}}},
    138. 

  138. 		{Spec: corev1.PersistentVolumeSpec{
    139. 

  139. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    140. 

  140. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    141. 

  141. 				CSI: &corev1.CSIPersistentVolumeSource{
    142. 

  142. 					NodeStageSecretRef: &corev1.SecretReference{
    143. 

  143. 						Name:      "Spec.PersistentVolumeSource.CSI.NodeStageSecretRef",
    144. 

  144. 						Namespace: "csi"}}}}},
    145. 

  145. 		{Spec: corev1.PersistentVolumeSpec{
    146. 

  146. 			ClaimRef: &corev1.ObjectReference{Namespace: "claimrefns", Name: "claimrefname"},
    147. 

  147. 			PersistentVolumeSource: corev1.PersistentVolumeSource{
    148. 

  148. 				CSI: &corev1.CSIPersistentVolumeSource{
    149. 

  149. 					ControllerExpandSecretRef: &corev1.SecretReference{
    150. 

  150. 						Name:      "Spec.PersistentVolumeSource.CSI.ControllerExpandSecretRef",
    151. 

  151. 						Namespace: "csi"}}}}},
    152. 

  152. 	}
    153. 

  153. 	extractedNames := sets.NewString()
    154. 

  154. 	extractedNamesWithNamespace := sets.NewString()
    155. 

  155. 

  156. 	for _, pv := range pvs {
    157. 

  157. 		VisitPVSecretNames(pv, func(namespace, name string, kubeletVisible bool) bool {
    158. 

  158. 			extractedNames.Insert(name)
    159. 

  159. 			extractedNamesWithNamespace.Insert(namespace + "/" + name)
    160. 

  160. 			return true
    161. 

  161. 		})
    162. 

  162. 	}
    163. 

  163. 

  164. 	// excludedSecretPaths holds struct paths to fields with "secret" in the name that are not actually references to secret API objects
    165. 

  165. 	excludedSecretPaths := sets.NewString(
    166. 

  166. 		"Spec.PersistentVolumeSource.CephFS.SecretFile",
    167. 

  167. 		"Spec.PersistentVolumeSource.AzureFile.SecretNamespace",
    168. 

  168. 	)
    169. 

  169. 	// expectedSecretPaths holds struct paths to fields with "secret" in the name that are references to secret API objects.
    170. 

  170. 	// every path here should be represented as an example in the PV stub above, with the secret name set to the path.
    171. 

  171. 	expectedSecretPaths := sets.NewString(
    172. 

  172. 		"Spec.PersistentVolumeSource.AzureFile.SecretName",
    173. 

  173. 		"Spec.PersistentVolumeSource.CephFS.SecretRef",
    174. 

  174. 		"Spec.PersistentVolumeSource.Cinder.SecretRef",
    175. 

  175. 		"Spec.PersistentVolumeSource.FlexVolume.SecretRef",
    176. 

  176. 		"Spec.PersistentVolumeSource.RBD.SecretRef",
    177. 

  177. 		"Spec.PersistentVolumeSource.ScaleIO.SecretRef",
    178. 

  178. 		"Spec.PersistentVolumeSource.ISCSI.SecretRef",
    179. 

  179. 		"Spec.PersistentVolumeSource.StorageOS.SecretRef",
    180. 

  180. 		"Spec.PersistentVolumeSource.CSI.ControllerPublishSecretRef",
    181. 

  181. 		"Spec.PersistentVolumeSource.CSI.NodePublishSecretRef",
    182. 

  182. 		"Spec.PersistentVolumeSource.CSI.NodeStageSecretRef",
    183. 

  183. 		"Spec.PersistentVolumeSource.CSI.ControllerExpandSecretRef",
    184. 

  184. 	)
    185. 

  185. 	secretPaths := collectSecretPaths(t, nil, "", reflect.TypeOf(&api.PersistentVolume{}))
    186. 

  186. 	secretPaths = secretPaths.Difference(excludedSecretPaths)
    187. 

  187. 	if missingPaths := expectedSecretPaths.Difference(secretPaths); len(missingPaths) > 0 {
    188. 

  188. 		t.Logf("Missing expected secret paths:\n%s", strings.Join(missingPaths.List(), "\n"))
    189. 

  189. 		t.Error("Missing expected secret paths. Verify VisitPVSecretNames() is correctly finding the missing paths, then correct expectedSecretPaths")
    190. 

  190. 	}
    191. 

  191. 	if extraPaths := secretPaths.Difference(expectedSecretPaths); len(extraPaths) > 0 {
    192. 

  192. 		t.Logf("Extra secret paths:\n%s", strings.Join(extraPaths.List(), "\n"))
    193. 

  193. 		t.Error("Extra fields with 'secret' in the name found. Verify VisitPVSecretNames() is including these fields if appropriate, then correct expectedSecretPaths")
    194. 

  194. 	}
    195. 

  195. 

  196. 	if missingNames := expectedSecretPaths.Difference(extractedNames); len(missingNames) > 0 {
    197. 

  197. 		t.Logf("Missing expected secret names:\n%s", strings.Join(missingNames.List(), "\n"))
    198. 

  198. 		t.Error("Missing expected secret names. Verify the PV stub above includes these references, then verify VisitPVSecretNames() is correctly finding the missing names")
    199. 

  199. 	}
    200. 

  200. 	if extraNames := extractedNames.Difference(expectedSecretPaths); len(extraNames) > 0 {
    201. 

  201. 		t.Logf("Extra secret names:\n%s", strings.Join(extraNames.List(), "\n"))
    202. 

  202. 		t.Error("Extra secret names extracted. Verify VisitPVSecretNames() is correctly extracting secret names")
    203. 

  203. 	}
    204. 

  204. 

  205. 	expectedNamespacedNames := sets.NewString(
    206. 

  206. 		"claimrefns/Spec.PersistentVolumeSource.AzureFile.SecretName",
    207. 

  207. 		"Spec.PersistentVolumeSource.AzureFile.SecretNamespace/Spec.PersistentVolumeSource.AzureFile.SecretName",
    208. 

  208. 

  209. 		"claimrefns/Spec.PersistentVolumeSource.CephFS.SecretRef",
    210. 

  210. 		"cephfs/Spec.PersistentVolumeSource.CephFS.SecretRef",
    211. 

  211. 

  212. 		"cinder/Spec.PersistentVolumeSource.Cinder.SecretRef",
    213. 

  213. 

  214. 		"claimrefns/Spec.PersistentVolumeSource.FlexVolume.SecretRef",
    215. 

  215. 		"flexns/Spec.PersistentVolumeSource.FlexVolume.SecretRef",
    216. 

  216. 

  217. 		"claimrefns/Spec.PersistentVolumeSource.RBD.SecretRef",
    218. 

  218. 		"rbdns/Spec.PersistentVolumeSource.RBD.SecretRef",
    219. 

  219. 

  220. 		"claimrefns/Spec.PersistentVolumeSource.ScaleIO.SecretRef",
    221. 

  221. 		"scaleions/Spec.PersistentVolumeSource.ScaleIO.SecretRef",
    222. 

  222. 

  223. 		"claimrefns/Spec.PersistentVolumeSource.ISCSI.SecretRef",
    224. 

  224. 		"iscsi/Spec.PersistentVolumeSource.ISCSI.SecretRef",
    225. 

  225. 

  226. 		"storageosns/Spec.PersistentVolumeSource.StorageOS.SecretRef",
    227. 

  227. 

  228. 		"csi/Spec.PersistentVolumeSource.CSI.ControllerPublishSecretRef",
    229. 

  229. 		"csi/Spec.PersistentVolumeSource.CSI.NodePublishSecretRef",
    230. 

  230. 		"csi/Spec.PersistentVolumeSource.CSI.NodeStageSecretRef",
    231. 

  231. 		"csi/Spec.PersistentVolumeSource.CSI.ControllerExpandSecretRef",
    232. 

  232. 	)
    233. 

  233. 	if missingNames := expectedNamespacedNames.Difference(extractedNamesWithNamespace); len(missingNames) > 0 {
    234. 

  234. 		t.Logf("Missing expected namespaced names:\n%s", strings.Join(missingNames.List(), "\n"))
    235. 

  235. 		t.Error("Missing expected namespaced names. Verify the PV stub above includes these references, then verify VisitPVSecretNames() is correctly finding the missing names")
    236. 

  236. 	}
    237. 

  237. 	if extraNames := extractedNamesWithNamespace.Difference(expectedNamespacedNames); len(extraNames) > 0 {
    238. 

  238. 		t.Logf("Extra namespaced names:\n%s", strings.Join(extraNames.List(), "\n"))
    239. 

  239. 		t.Error("Extra namespaced names extracted. Verify VisitPVSecretNames() is correctly extracting secret names")
    240. 

  240. 	}
    241. 

  241. }
    242. 

  242. 

  243. // collectSecretPaths traverses the object, computing all the struct paths that lead to fields with "secret" in the name.
    244. 

  244. func collectSecretPaths(t *testing.T, path *field.Path, name string, tp reflect.Type) sets.String {
    245. 

  245. 	secretPaths := sets.NewString()
    246. 

  246. 

  247. 	if tp.Kind() == reflect.Ptr {
    248. 

  248. 		secretPaths.Insert(collectSecretPaths(t, path, name, tp.Elem()).List()...)
    249. 

  249. 		return secretPaths
    250. 

  250. 	}
    251. 

  251. 

  252. 	if strings.Contains(strings.ToLower(name), "secret") {
    253. 

  253. 		secretPaths.Insert(path.String())
    254. 

  254. 	}
    255. 

  255. 

  256. 	switch tp.Kind() {
    257. 

  257. 	case reflect.Ptr:
    258. 

  258. 		secretPaths.Insert(collectSecretPaths(t, path, name, tp.Elem()).List()...)
    259. 

  259. 	case reflect.Struct:
    260. 

  260. 		// ObjectMeta should not have any field with the word "secret" in it;
    261. 

  261. 		// it contains cycles so it's easiest to just skip it.
    262. 

  262. 		if name == "ObjectMeta" {
    263. 

  263. 			break
    264. 

  264. 		}
    265. 

  265. 		for i := 0; i < tp.NumField(); i++ {
    266. 

  266. 			field := tp.Field(i)
    267. 

  267. 			secretPaths.Insert(collectSecretPaths(t, path.Child(field.Name), field.Name, field.Type).List()...)
    268. 

  268. 		}
    269. 

  269. 	case reflect.Interface:
    270. 

  270. 		t.Errorf("cannot find secret fields in interface{} field %s", path.String())
    271. 

  271. 	case reflect.Map:
    272. 

  272. 		secretPaths.Insert(collectSecretPaths(t, path.Key("*"), "", tp.Elem()).List()...)
    273. 

  273. 	case reflect.Slice:
    274. 

  274. 		secretPaths.Insert(collectSecretPaths(t, path.Key("*"), "", tp.Elem()).List()...)
    275. 

  275. 	default:
    276. 

  276. 		// all primitive types
    277. 

  277. 	}
    278. 

  278. 

  279. 	return secretPaths
    280. 

  280. }
    281. 

  281.