graduate CSIServiceAccountToken to beta

pkg/apis/storage/validation/validation_test.go

@@ -1927,11 +1927,11 @@ func TestCSIDriverValidationUpdate(t *testing.T) {
 	podInfoOnMount := true
 	storageCapacity := true
 	notPodInfoOnMount := false
+	gcp := "gcp"
+	requiresRepublish := true
 	notRequiresRepublish := false
 	notStorageCapacity := false
 	resourceVersion := "1"
-	invalidFSGroupPolicy := storage.ReadWriteOnceWithFSTypeFSGroupPolicy
-	invalidFSGroupPolicy = "invalid-mode"
 	old := storage.CSIDriver{
 		ObjectMeta: metav1.ObjectMeta{Name: driverName, ResourceVersion: resourceVersion},
 		Spec: storage.CSIDriverSpec{
@@ -1946,30 +1946,35 @@ func TestCSIDriverValidationUpdate(t *testing.T) {
 		},
 	}
 
-	// Currently we compare the object against itself
-	// and ensure updates succeed
-	successCases := []storage.CSIDriver{
-		old,
-		// An invalid FSGroupPolicy should still pass
+	successCases := []struct {
+		name   string
+		modify func(new *storage.CSIDriver)
+	}{
 		{
-			ObjectMeta: metav1.ObjectMeta{Name: driverName, ResourceVersion: resourceVersion},
-			Spec: storage.CSIDriverSpec{
-				AttachRequired: &attachNotRequired,
-				PodInfoOnMount: &notPodInfoOnMount,
-				VolumeLifecycleModes: []storage.VolumeLifecycleMode{
-					storage.VolumeLifecycleEphemeral,
-					storage.VolumeLifecyclePersistent,
-				},
-				FSGroupPolicy:   &invalidFSGroupPolicy,
-				StorageCapacity: &storageCapacity,
+			name:   "no change",
+			modify: func(new *storage.CSIDriver) {},
+		},
+		{
+			name: "change TokenRequests",
+			modify: func(new *storage.CSIDriver) {
+				new.Spec.TokenRequests = []storage.TokenRequest{{Audience: gcp}}
+			},
+		},
+		{
+			name: "change RequiresRepublish",
+			modify: func(new *storage.CSIDriver) {
+				new.Spec.RequiresRepublish = &requiresRepublish
 			},
 		},
 	}
-	for _, csiDriver := range successCases {
-		newDriver := csiDriver.DeepCopy()
-		if errs := ValidateCSIDriverUpdate(&csiDriver, newDriver); len(errs) != 0 {
-			t.Errorf("expected success for %+v: %v", csiDriver, errs)
-		}
+	for _, test := range successCases {
+		t.Run(test.name, func(t *testing.T) {
+			new := old.DeepCopy()
+			test.modify(new)
+			if errs := ValidateCSIDriverUpdate(new, &old); len(errs) != 0 {
+				t.Errorf("Expected success for %+v: %v", new, errs)
+			}
+		})
 	}
 
 	// Each test case changes exactly one field. None of that is valid.
@@ -1995,18 +2000,18 @@ func TestCSIDriverValidationUpdate(t *testing.T) {
 				new.Spec.AttachRequired = nil
 			},
 		},
-		{
-			name: "PodInfoOnMount not set",
-			modify: func(new *storage.CSIDriver) {
-				new.Spec.PodInfoOnMount = nil
-			},
-		},
 		{
 			name: "AttachRequired changed",
 			modify: func(new *storage.CSIDriver) {
 				new.Spec.AttachRequired = &attachRequired
 			},
 		},
+		{
+			name: "PodInfoOnMount not set",
+			modify: func(new *storage.CSIDriver) {
+				new.Spec.PodInfoOnMount = nil
+			},
+		},
 		{
 			name: "PodInfoOnMount changed",
 			modify: func(new *storage.CSIDriver) {
@@ -2064,6 +2069,12 @@ func TestCSIDriverValidationUpdate(t *testing.T) {
 				new.Spec.StorageCapacity = &notStorageCapacity
 			},
 		},
+		{
+			name: "TokenRequests invalidated",
+			modify: func(new *storage.CSIDriver) {
+				new.Spec.TokenRequests = []storage.TokenRequest{{Audience: gcp}, {Audience: gcp}}
+			},
+		},
 	}
 
 	for _, test := range errorCases {
@@ -2071,7 +2082,7 @@ func TestCSIDriverValidationUpdate(t *testing.T) {
 			new := old.DeepCopy()
 			test.modify(new)
 			if errs := ValidateCSIDriverUpdate(new, &old); len(errs) == 0 {
-				t.Errorf("Expected failure for test: %v", new)
+				t.Errorf("Expected failure for test: %+v", new)
 			}
 		})
 	}
@@ -2253,7 +2264,7 @@ func TestCSIServiceAccountToken(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			desc: "invalid - TokenRequests has tokens with ExpirationSeconds less than 10min",
+			desc: "invalid - TokenRequests has tokens with ExpirationSeconds longer than 1<<32 min",
 			csiDriver: &storage.CSIDriver{
 				ObjectMeta: metav1.ObjectMeta{Name: driverName},
 				Spec: storage.CSIDriverSpec{