github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

e2e_node: clean up non-recommended import

Browse Source
This commit is contained in:
SataQiu
2019-07-28 12:49:36 +08:00
parent 23649560c0
commit 641d330f89
35 changed files with 763 additions and 763 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
test/e2e_node/security_context_test.go
View File

@@ -32,20 +32,20 @@ import (
e2elog "k8s.io/kubernetes/test/e2e/framework/log"
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
. "github.com/onsi/ginkgo"
"github.com/onsi/ginkgo"
imageutils "k8s.io/kubernetes/test/utils/image"
)
var _ = framework.KubeDescribe("Security Context", func() {
f := framework.NewDefaultFramework("security-context-test")
var podClient *framework.PodClient
BeforeEach(func() {
ginkgo.BeforeEach(func() {
podClient = f.PodClient()
})
Context("when pod PID namespace is configurable [Feature:ShareProcessNamespace][NodeAlphaFeature:ShareProcessNamespace]", func() {
It("containers in pods using isolated PID namespaces should all receive PID 1", func() {
By("Create a pod with isolated PID namespaces.")
ginkgo.Context("when pod PID namespace is configurable [Feature:ShareProcessNamespace][NodeAlphaFeature:ShareProcessNamespace]", func() {
ginkgo.It("containers in pods using isolated PID namespaces should all receive PID 1", func() {
ginkgo.By("Create a pod with isolated PID namespaces.")
f.PodClient().CreateSync(&v1.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "isolated-pid-ns-test-pod"},
Spec: v1.PodSpec{
@@ -65,7 +65,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
},
})
By("Check if both containers receive PID 1.")
ginkgo.By("Check if both containers receive PID 1.")
pid1 := f.ExecCommandInContainer("isolated-pid-ns-test-pod", "test-container-1", "/bin/pidof", "top")
pid2 := f.ExecCommandInContainer("isolated-pid-ns-test-pod", "test-container-2", "/bin/pidof", "sleep")
if pid1 != "1" || pid2 != "1" {
@@ -73,8 +73,8 @@ var _ = framework.KubeDescribe("Security Context", func() {
}
})
It("processes in containers sharing a pod namespace should be able to see each other [Alpha]", func() {
By("Check whether shared PID namespace is supported.")
ginkgo.It("processes in containers sharing a pod namespace should be able to see each other [Alpha]", func() {
ginkgo.By("Check whether shared PID namespace is supported.")
isEnabled, err := isSharedPIDNamespaceSupported()
framework.ExpectNoError(err)
if !isEnabled {
@@ -85,7 +85,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
framework.Skipf("run test with --feature-gates=PodShareProcessNamespace=true to test PID namespace sharing")
}
By("Create a pod with shared PID namespace.")
ginkgo.By("Create a pod with shared PID namespace.")
f.PodClient().CreateSync(&v1.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "shared-pid-ns-test-pod"},
Spec: v1.PodSpec{
@@ -106,7 +106,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
},
})
By("Check if the process in one container is visible to the process in the other.")
ginkgo.By("Check if the process in one container is visible to the process in the other.")
pid1 := f.ExecCommandInContainer("shared-pid-ns-test-pod", "test-container-1", "/bin/pidof", "top")
pid2 := f.ExecCommandInContainer("shared-pid-ns-test-pod", "test-container-2", "/bin/pidof", "top")
if pid1 != pid2 {
@@ -115,7 +115,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
})
})
Context("when creating a pod in the host PID namespace", func() {
ginkgo.Context("when creating a pod in the host PID namespace", func() {
makeHostPidPod := func(podName, image string, command []string, hostPID bool) *v1.Pod {
return &v1.Pod{
ObjectMeta: metav1.ObjectMeta{
@@ -145,7 +145,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
}
nginxPid := ""
BeforeEach(func() {
ginkgo.BeforeEach(func() {
nginxPodName := "nginx-hostpid-" + string(uuid.NewUUID())
podClient.CreateSync(makeHostPidPod(nginxPodName,
imageutils.GetE2EImage(imageutils.Nginx),
@@ -158,7 +158,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
nginxPid = strings.TrimSpace(output)
})
It("should show its pid in the host PID namespace [NodeFeature:HostAccess]", func() {
ginkgo.It("should show its pid in the host PID namespace [NodeFeature:HostAccess]", func() {
busyboxPodName := "busybox-hostpid-" + string(uuid.NewUUID())
createAndWaitHostPidPod(busyboxPodName, true)
logs, err := e2epod.GetPodLogs(f.ClientSet, f.Namespace.Name, busyboxPodName, busyboxPodName)
@@ -178,7 +178,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
}
})
It("should not show its pid in the non-hostpid containers [NodeFeature:HostAccess]", func() {
ginkgo.It("should not show its pid in the non-hostpid containers [NodeFeature:HostAccess]", func() {
busyboxPodName := "busybox-non-hostpid-" + string(uuid.NewUUID())
createAndWaitHostPidPod(busyboxPodName, false)
logs, err := e2epod.GetPodLogs(f.ClientSet, f.Namespace.Name, busyboxPodName, busyboxPodName)
@@ -195,7 +195,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
})
})
Context("when creating a pod in the host IPC namespace", func() {
ginkgo.Context("when creating a pod in the host IPC namespace", func() {
makeHostIPCPod := func(podName, image string, command []string, hostIPC bool) *v1.Pod {
return &v1.Pod{
ObjectMeta: metav1.ObjectMeta{
@@ -225,7 +225,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
}
hostSharedMemoryID := ""
BeforeEach(func() {
ginkgo.BeforeEach(func() {
output, err := exec.Command("sh", "-c", "ipcmk -M 1048576 | awk '{print $NF}'").Output()
if err != nil {
e2elog.Failf("Failed to create the shared memory on the host: %v", err)
@@ -234,7 +234,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
e2elog.Logf("Got host shared memory ID %q", hostSharedMemoryID)
})
It("should show the shared memory ID in the host IPC containers [NodeFeature:HostAccess]", func() {
ginkgo.It("should show the shared memory ID in the host IPC containers [NodeFeature:HostAccess]", func() {
ipcutilsPodName := "ipcutils-hostipc-" + string(uuid.NewUUID())
createAndWaitHostIPCPod(ipcutilsPodName, true)
logs, err := e2epod.GetPodLogs(f.ClientSet, f.Namespace.Name, ipcutilsPodName, ipcutilsPodName)
@@ -249,7 +249,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
}
})
It("should not show the shared memory ID in the non-hostIPC containers [NodeFeature:HostAccess]", func() {
ginkgo.It("should not show the shared memory ID in the non-hostIPC containers [NodeFeature:HostAccess]", func() {
ipcutilsPodName := "ipcutils-non-hostipc-" + string(uuid.NewUUID())
createAndWaitHostIPCPod(ipcutilsPodName, false)
logs, err := e2epod.GetPodLogs(f.ClientSet, f.Namespace.Name, ipcutilsPodName, ipcutilsPodName)
@@ -264,7 +264,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
}
})
AfterEach(func() {
ginkgo.AfterEach(func() {
if hostSharedMemoryID != "" {
_, err := exec.Command("sh", "-c", fmt.Sprintf("ipcrm -m %q", hostSharedMemoryID)).Output()
if err != nil {
@@ -274,7 +274,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
})
})
Context("when creating a pod in the host network namespace", func() {
ginkgo.Context("when creating a pod in the host network namespace", func() {
makeHostNetworkPod := func(podName, image string, command []string, hostNetwork bool) *v1.Pod {
return &v1.Pod{
ObjectMeta: metav1.ObjectMeta{
@@ -307,7 +307,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
listeningPort := ""
var l net.Listener
var err error
BeforeEach(func() {
ginkgo.BeforeEach(func() {
l, err = net.Listen("tcp", ":0")
if err != nil {
e2elog.Failf("Failed to open a new tcp port: %v", err)
@@ -317,7 +317,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
e2elog.Logf("Opened a new tcp port %q", listeningPort)
})
It("should listen on same port in the host network containers [NodeFeature:HostAccess]", func() {
ginkgo.It("should listen on same port in the host network containers [NodeFeature:HostAccess]", func() {
busyboxPodName := "busybox-hostnetwork-" + string(uuid.NewUUID())
createAndWaitHostNetworkPod(busyboxPodName, true)
logs, err := e2epod.GetPodLogs(f.ClientSet, f.Namespace.Name, busyboxPodName, busyboxPodName)
@@ -331,7 +331,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
}
})
It("shouldn't show the same port in the non-hostnetwork containers [NodeFeature:HostAccess]", func() {
ginkgo.It("shouldn't show the same port in the non-hostnetwork containers [NodeFeature:HostAccess]", func() {
busyboxPodName := "busybox-non-hostnetwork-" + string(uuid.NewUUID())
createAndWaitHostNetworkPod(busyboxPodName, false)
logs, err := e2epod.GetPodLogs(f.ClientSet, f.Namespace.Name, busyboxPodName, busyboxPodName)
@@ -345,14 +345,14 @@ var _ = framework.KubeDescribe("Security Context", func() {
}
})
AfterEach(func() {
ginkgo.AfterEach(func() {
if l != nil {
l.Close()
}
})
})
Context("When creating a pod with privileged", func() {
ginkgo.Context("When creating a pod with privileged", func() {
makeUserPod := func(podName, image string, command []string, privileged bool) *v1.Pod {
return &v1.Pod{
ObjectMeta: metav1.ObjectMeta{
@@ -384,7 +384,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
return podName
}
It("should run the container as privileged when true [NodeFeature:HostAccess]", func() {
ginkgo.It("should run the container as privileged when true [NodeFeature:HostAccess]", func() {
podName := createAndWaitUserPod(true)
logs, err := e2epod.GetPodLogs(f.ClientSet, f.Namespace.Name, podName, podName)
if err != nil {