kubelet/userns: Test new functionality with feature gate enabled
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This commit is contained in:
Rodrigo Campos
committed by
Giuseppe Scrivano
Giuseppe Scrivano
parent
658b45cd03
commit
0e2b447269
@@ -17,6 +17,7 @@ limitations under the License.
|
|||||||
package userns
|
package userns
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"testing"
|
"testing"
|
||||||
@@ -36,6 +37,7 @@ import (
|
|||||||
type testUserNsPodsManager struct {
|
type testUserNsPodsManager struct {
|
||||||
podDir string
|
podDir string
|
||||||
podList []types.UID
|
podList []types.UID
|
||||||
|
userns bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *testUserNsPodsManager) GetPodDir(podUID types.UID) string {
|
func (m *testUserNsPodsManager) GetPodDir(podUID types.UID) string {
|
||||||
@@ -53,7 +55,10 @@ func (m *testUserNsPodsManager) ListPodsFromDisk() ([]types.UID, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (m *testUserNsPodsManager) HandlerSupportsUserNamespaces(runtimeHandler string) (bool, error) {
|
func (m *testUserNsPodsManager) HandlerSupportsUserNamespaces(runtimeHandler string) (bool, error) {
|
||||||
return true, nil
|
if runtimeHandler == "error" {
|
||||||
|
return false, errors.New("unknown runtime")
|
||||||
|
}
|
||||||
|
return m.userns, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestUserNsManagerAllocate(t *testing.T) {
|
func TestUserNsManagerAllocate(t *testing.T) {
|
||||||
@@ -199,6 +204,8 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) {
|
|||||||
name string
|
name string
|
||||||
pod *v1.Pod
|
pod *v1.Pod
|
||||||
expMode runtimeapi.NamespaceMode
|
expMode runtimeapi.NamespaceMode
|
||||||
|
runtimeUserns bool
|
||||||
|
runtimeHandler string
|
||||||
success bool
|
success bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
@@ -207,6 +214,12 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) {
|
|||||||
expMode: runtimeapi.NamespaceMode_NODE,
|
expMode: runtimeapi.NamespaceMode_NODE,
|
||||||
success: true,
|
success: true,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "nil pod",
|
||||||
|
pod: nil,
|
||||||
|
expMode: runtimeapi.NamespaceMode_NODE,
|
||||||
|
success: true,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "opt-in to host user namespace",
|
name: "opt-in to host user namespace",
|
||||||
pod: &v1.Pod{
|
pod: &v1.Pod{
|
||||||
@@ -225,18 +238,41 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
expMode: runtimeapi.NamespaceMode_POD,
|
expMode: runtimeapi.NamespaceMode_POD,
|
||||||
|
runtimeUserns: true,
|
||||||
success: true,
|
success: true,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "user namespace, but no runtime support",
|
||||||
|
pod: &v1.Pod{
|
||||||
|
Spec: v1.PodSpec{
|
||||||
|
HostUsers: &falseVal,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
runtimeUserns: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "user namespace, but runtime returns error",
|
||||||
|
pod: &v1.Pod{
|
||||||
|
Spec: v1.PodSpec{
|
||||||
|
HostUsers: &falseVal,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
// This handler name makes the fake runtime return an error.
|
||||||
|
runtimeHandler: "error",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tc := range cases {
|
for _, tc := range cases {
|
||||||
t.Run(tc.name, func(t *testing.T) {
|
t.Run(tc.name, func(t *testing.T) {
|
||||||
// These tests will create the userns file, so use an existing podDir.
|
// These tests will create the userns file, so use an existing podDir.
|
||||||
testUserNsPodsManager := &testUserNsPodsManager{podDir: t.TempDir()}
|
testUserNsPodsManager := &testUserNsPodsManager{
|
||||||
|
podDir: t.TempDir(),
|
||||||
|
userns: tc.runtimeUserns,
|
||||||
|
}
|
||||||
m, err := MakeUserNsManager(testUserNsPodsManager)
|
m, err := MakeUserNsManager(testUserNsPodsManager)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
userns, err := m.GetOrCreateUserNamespaceMappings(tc.pod, "")
|
userns, err := m.GetOrCreateUserNamespaceMappings(tc.pod, tc.runtimeHandler)
|
||||||
if (tc.success && err != nil) || (!tc.success && err == nil) {
|
if (tc.success && err != nil) || (!tc.success && err == nil) {
|
||||||
t.Errorf("expected success: %v but got error: %v", tc.success, err)
|
t.Errorf("expected success: %v but got error: %v", tc.success, err)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user