kubelet/userns: Test new functionality with feature gate enabled
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This commit is contained in:
Rodrigo Campos
committed by
Giuseppe Scrivano
Giuseppe Scrivano
parent
658b45cd03
commit
0e2b447269
@@ -17,6 +17,7 @@ limitations under the License.
|
||||
package userns
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"testing"
|
||||
@@ -36,6 +37,7 @@ import (
|
||||
type testUserNsPodsManager struct {
|
||||
podDir string
|
||||
podList []types.UID
|
||||
userns bool
|
||||
}
|
||||
|
||||
func (m *testUserNsPodsManager) GetPodDir(podUID types.UID) string {
|
||||
@@ -53,7 +55,10 @@ func (m *testUserNsPodsManager) ListPodsFromDisk() ([]types.UID, error) {
|
||||
}
|
||||
|
||||
func (m *testUserNsPodsManager) HandlerSupportsUserNamespaces(runtimeHandler string) (bool, error) {
|
||||
return true, nil
|
||||
if runtimeHandler == "error" {
|
||||
return false, errors.New("unknown runtime")
|
||||
}
|
||||
return m.userns, nil
|
||||
}
|
||||
|
||||
func TestUserNsManagerAllocate(t *testing.T) {
|
||||
@@ -196,10 +201,12 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) {
|
||||
falseVal := false
|
||||
|
||||
cases := []struct {
|
||||
name string
|
||||
pod *v1.Pod
|
||||
expMode runtimeapi.NamespaceMode
|
||||
success bool
|
||||
name string
|
||||
pod *v1.Pod
|
||||
expMode runtimeapi.NamespaceMode
|
||||
runtimeUserns bool
|
||||
runtimeHandler string
|
||||
success bool
|
||||
}{
|
||||
{
|
||||
name: "no user namespace",
|
||||
@@ -207,6 +214,12 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) {
|
||||
expMode: runtimeapi.NamespaceMode_NODE,
|
||||
success: true,
|
||||
},
|
||||
{
|
||||
name: "nil pod",
|
||||
pod: nil,
|
||||
expMode: runtimeapi.NamespaceMode_NODE,
|
||||
success: true,
|
||||
},
|
||||
{
|
||||
name: "opt-in to host user namespace",
|
||||
pod: &v1.Pod{
|
||||
@@ -224,19 +237,42 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) {
|
||||
HostUsers: &falseVal,
|
||||
},
|
||||
},
|
||||
expMode: runtimeapi.NamespaceMode_POD,
|
||||
success: true,
|
||||
expMode: runtimeapi.NamespaceMode_POD,
|
||||
runtimeUserns: true,
|
||||
success: true,
|
||||
},
|
||||
{
|
||||
name: "user namespace, but no runtime support",
|
||||
pod: &v1.Pod{
|
||||
Spec: v1.PodSpec{
|
||||
HostUsers: &falseVal,
|
||||
},
|
||||
},
|
||||
runtimeUserns: false,
|
||||
},
|
||||
{
|
||||
name: "user namespace, but runtime returns error",
|
||||
pod: &v1.Pod{
|
||||
Spec: v1.PodSpec{
|
||||
HostUsers: &falseVal,
|
||||
},
|
||||
},
|
||||
// This handler name makes the fake runtime return an error.
|
||||
runtimeHandler: "error",
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range cases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
// These tests will create the userns file, so use an existing podDir.
|
||||
testUserNsPodsManager := &testUserNsPodsManager{podDir: t.TempDir()}
|
||||
testUserNsPodsManager := &testUserNsPodsManager{
|
||||
podDir: t.TempDir(),
|
||||
userns: tc.runtimeUserns,
|
||||
}
|
||||
m, err := MakeUserNsManager(testUserNsPodsManager)
|
||||
assert.NoError(t, err)
|
||||
|
||||
userns, err := m.GetOrCreateUserNamespaceMappings(tc.pod, "")
|
||||
userns, err := m.GetOrCreateUserNamespaceMappings(tc.pod, tc.runtimeHandler)
|
||||
if (tc.success && err != nil) || (!tc.success && err == nil) {
|
||||
t.Errorf("expected success: %v but got error: %v", tc.success, err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user