valid error for creation and update from valid to invalid only
- using an option AllowNamespacedSysctlsForHostNetAndHostIPC Signed-off-by: Paco Xu <paco.xu@daocloud.io>
This commit is contained in:
Paco Xu
@@ -21505,12 +21505,18 @@ func TestValidateSysctls(t *testing.T) {
|
||||
"kernel.shmmax",
|
||||
"kernel.shmmax",
|
||||
}
|
||||
opts := PodValidationOptions{
|
||||
AllowNamespacedSysctlsForHostNetAndHostIPC: false,
|
||||
}
|
||||
|
||||
sysctls := make([]core.Sysctl, len(valid))
|
||||
validSecurityContext := &core.PodSecurityContext{
|
||||
Sysctls: sysctls,
|
||||
}
|
||||
for i, sysctl := range valid {
|
||||
sysctls[i].Name = sysctl
|
||||
}
|
||||
errs := validateSysctls(sysctls, field.NewPath("foo"), false, false)
|
||||
errs := validateSysctls(validSecurityContext, field.NewPath("foo"), opts)
|
||||
if len(errs) != 0 {
|
||||
t.Errorf("unexpected validation errors: %v", errs)
|
||||
}
|
||||
@@ -21519,7 +21525,10 @@ func TestValidateSysctls(t *testing.T) {
|
||||
for i, sysctl := range invalid {
|
||||
sysctls[i].Name = sysctl
|
||||
}
|
||||
errs = validateSysctls(sysctls, field.NewPath("foo"), false, false)
|
||||
inValidSecurityContext := &core.PodSecurityContext{
|
||||
Sysctls: sysctls,
|
||||
}
|
||||
errs = validateSysctls(inValidSecurityContext, field.NewPath("foo"), opts)
|
||||
if len(errs) != 2 {
|
||||
t.Errorf("expected 2 validation errors. Got: %v", errs)
|
||||
} else {
|
||||
@@ -21535,7 +21544,10 @@ func TestValidateSysctls(t *testing.T) {
|
||||
for i, sysctl := range duplicates {
|
||||
sysctls[i].Name = sysctl
|
||||
}
|
||||
errs = validateSysctls(sysctls, field.NewPath("foo"), false, false)
|
||||
securityContextWithDup := &core.PodSecurityContext{
|
||||
Sysctls: sysctls,
|
||||
}
|
||||
errs = validateSysctls(securityContextWithDup, field.NewPath("foo"), opts)
|
||||
if len(errs) != 1 {
|
||||
t.Errorf("unexpected validation errors: %v", errs)
|
||||
} else if errs[0].Type != field.ErrorTypeDuplicate {
|
||||
@@ -21546,19 +21558,40 @@ func TestValidateSysctls(t *testing.T) {
|
||||
for i, sysctl := range invalidWithHostNet {
|
||||
sysctls[i].Name = sysctl
|
||||
}
|
||||
errs = validateSysctls(sysctls, field.NewPath("foo"), true, false)
|
||||
invalidSecurityContextWithHostNet := &core.PodSecurityContext{
|
||||
Sysctls: sysctls,
|
||||
HostIPC: false,
|
||||
HostNetwork: true,
|
||||
}
|
||||
errs = validateSysctls(invalidSecurityContextWithHostNet, field.NewPath("foo"), opts)
|
||||
if len(errs) != 2 {
|
||||
t.Errorf("unexpected validation errors: %v", errs)
|
||||
}
|
||||
opts.AllowNamespacedSysctlsForHostNetAndHostIPC = true
|
||||
errs = validateSysctls(invalidSecurityContextWithHostNet, field.NewPath("foo"), opts)
|
||||
if len(errs) != 0 {
|
||||
t.Errorf("unexpected validation errors: %v", errs)
|
||||
}
|
||||
|
||||
sysctls = make([]core.Sysctl, len(invalidWithHostIPC))
|
||||
for i, sysctl := range invalidWithHostIPC {
|
||||
sysctls[i].Name = sysctl
|
||||
}
|
||||
errs = validateSysctls(sysctls, field.NewPath("foo"), false, true)
|
||||
invalidSecurityContextWithHostIPC := &core.PodSecurityContext{
|
||||
Sysctls: sysctls,
|
||||
HostIPC: true,
|
||||
HostNetwork: false,
|
||||
}
|
||||
opts.AllowNamespacedSysctlsForHostNetAndHostIPC = false
|
||||
errs = validateSysctls(invalidSecurityContextWithHostIPC, field.NewPath("foo"), opts)
|
||||
if len(errs) != 2 {
|
||||
t.Errorf("unexpected validation errors: %v", errs)
|
||||
}
|
||||
opts.AllowNamespacedSysctlsForHostNetAndHostIPC = true
|
||||
errs = validateSysctls(invalidSecurityContextWithHostIPC, field.NewPath("foo"), opts)
|
||||
if len(errs) != 0 {
|
||||
t.Errorf("unexpected validation errors: %v", errs)
|
||||
}
|
||||
}
|
||||
|
||||
func newNodeNameEndpoint(nodeName string) *core.Endpoints {
|
||||
|
||||
Reference in New Issue
Block a user