From b0a49e197010c2f626500b20478083de50188760 Mon Sep 17 00:00:00 2001 From: Pengfei Ni Date: Sun, 11 Feb 2018 15:01:20 +0800 Subject: [PATCH] Update unit tests and bazel files --- pkg/kubelet/apis/BUILD | 14 +- pkg/kubelet/dockershim/BUILD | 15 +- pkg/kubelet/kuberuntime/BUILD | 67 ++++++++- .../kuberuntime_container_linux_test.go | 130 ++++++++++++++++++ .../kuberuntime/kuberuntime_container_test.go | 101 -------------- 5 files changed, 210 insertions(+), 117 deletions(-) create mode 100644 pkg/kubelet/kuberuntime/kuberuntime_container_linux_test.go diff --git a/pkg/kubelet/apis/BUILD b/pkg/kubelet/apis/BUILD index a371d20f496..47cb8184ccb 100644 --- a/pkg/kubelet/apis/BUILD +++ b/pkg/kubelet/apis/BUILD @@ -10,8 +10,20 @@ go_library( srcs = [ "well_known_annotations.go", "well_known_labels.go", - ], + ] + select({ + "@io_bazel_rules_go//go/platform:windows": [ + "well_known_annotations_windows.go", + ], + "//conditions:default": [], + }), importpath = "k8s.io/kubernetes/pkg/kubelet/apis", + deps = select({ + "@io_bazel_rules_go//go/platform:windows": [ + "//pkg/features:go_default_library", + "//vendor/k8s.io/apiserver/pkg/util/feature:go_default_library", + ], + "//conditions:default": [], + }), ) filegroup( diff --git a/pkg/kubelet/dockershim/BUILD b/pkg/kubelet/dockershim/BUILD index eec1a3adc17..2429b526375 100644 --- a/pkg/kubelet/dockershim/BUILD +++ b/pkg/kubelet/dockershim/BUILD @@ -1,10 +1,4 @@ -package(default_visibility = ["//visibility:public"]) - -load( - "@io_bazel_rules_go//go:def.bzl", - "go_library", - "go_test", -) +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") go_library( name = "go_default_library", @@ -83,6 +77,7 @@ go_library( "//conditions:default": [], }), importpath = "k8s.io/kubernetes/pkg/kubelet/dockershim", + visibility = ["//visibility:public"], deps = [ "//pkg/credentialprovider:go_default_library", "//pkg/kubelet/apis/cri/runtime/v1alpha2:go_default_library", @@ -126,9 +121,8 @@ go_library( "//vendor/k8s.io/utils/exec:go_default_library", ] + select({ "@io_bazel_rules_go//go/platform:windows": [ - "//pkg/features:go_default_library", + "//pkg/kubelet/apis:go_default_library", "//pkg/kubelet/winstats:go_default_library", - "//vendor/k8s.io/apiserver/pkg/util/feature:go_default_library", ], "//conditions:default": [], }), @@ -153,8 +147,6 @@ go_test( ], "//conditions:default": [], }), - data = [ - ], embed = [":go_default_library"], deps = [ "//pkg/kubelet/apis/cri/runtime/v1alpha2:go_default_library", @@ -198,4 +190,5 @@ filegroup( "//pkg/kubelet/dockershim/testing:all-srcs", ], tags = ["automanaged"], + visibility = ["//visibility:public"], ) diff --git a/pkg/kubelet/kuberuntime/BUILD b/pkg/kubelet/kuberuntime/BUILD index b52b1ffaebb..7fc904d311a 100644 --- a/pkg/kubelet/kuberuntime/BUILD +++ b/pkg/kubelet/kuberuntime/BUILD @@ -22,7 +22,53 @@ go_library( "labels.go", "legacy.go", "security_context.go", - ], + ] + select({ + "@io_bazel_rules_go//go/platform:android": [ + "helpers_unsupported.go", + "kuberuntime_container_unsupported.go", + ], + "@io_bazel_rules_go//go/platform:darwin": [ + "helpers_unsupported.go", + "kuberuntime_container_unsupported.go", + ], + "@io_bazel_rules_go//go/platform:dragonfly": [ + "helpers_unsupported.go", + "kuberuntime_container_unsupported.go", + ], + "@io_bazel_rules_go//go/platform:freebsd": [ + "helpers_unsupported.go", + "kuberuntime_container_unsupported.go", + ], + "@io_bazel_rules_go//go/platform:linux": [ + "helpers_linux.go", + "kuberuntime_container_linux.go", + ], + "@io_bazel_rules_go//go/platform:nacl": [ + "helpers_unsupported.go", + "kuberuntime_container_unsupported.go", + ], + "@io_bazel_rules_go//go/platform:netbsd": [ + "helpers_unsupported.go", + "kuberuntime_container_unsupported.go", + ], + "@io_bazel_rules_go//go/platform:openbsd": [ + "helpers_unsupported.go", + "kuberuntime_container_unsupported.go", + ], + "@io_bazel_rules_go//go/platform:plan9": [ + "helpers_unsupported.go", + "kuberuntime_container_unsupported.go", + ], + "@io_bazel_rules_go//go/platform:solaris": [ + "helpers_unsupported.go", + "kuberuntime_container_unsupported.go", + ], + "@io_bazel_rules_go//go/platform:windows": [ + "helpers_windows.go", + "kuberuntime_container_windows.go", + ], + "//conditions:default": [], + }), importpath = "k8s.io/kubernetes/pkg/kubelet/kuberuntime", deps = [ "//pkg/api/legacyscheme:go_default_library", @@ -40,7 +86,6 @@ go_library( "//pkg/kubelet/lifecycle:go_default_library", "//pkg/kubelet/metrics:go_default_library", "//pkg/kubelet/prober/results:go_default_library", - "//pkg/kubelet/qos:go_default_library", "//pkg/kubelet/types:go_default_library", "//pkg/kubelet/util/cache:go_default_library", "//pkg/kubelet/util/format:go_default_library", @@ -64,7 +109,16 @@ go_library( "//vendor/k8s.io/client-go/tools/record:go_default_library", "//vendor/k8s.io/client-go/tools/reference:go_default_library", "//vendor/k8s.io/client-go/util/flowcontrol:go_default_library", - ], + ] + select({ + "@io_bazel_rules_go//go/platform:linux": [ + "//pkg/kubelet/qos:go_default_library", + ], + "@io_bazel_rules_go//go/platform:windows": [ + "//pkg/kubelet/apis:go_default_library", + "//vendor/github.com/docker/docker/pkg/sysinfo:go_default_library", + ], + "//conditions:default": [], + }), ) go_test( @@ -80,7 +134,12 @@ go_test( "labels_test.go", "legacy_test.go", "security_context_test.go", - ], + ] + select({ + "@io_bazel_rules_go//go/platform:linux": [ + "kuberuntime_container_linux_test.go", + ], + "//conditions:default": [], + }), embed = [":go_default_library"], deps = [ "//pkg/credentialprovider:go_default_library", diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container_linux_test.go b/pkg/kubelet/kuberuntime/kuberuntime_container_linux_test.go new file mode 100644 index 00000000000..7bd9aafac83 --- /dev/null +++ b/pkg/kubelet/kuberuntime/kuberuntime_container_linux_test.go @@ -0,0 +1,130 @@ +// +build linux + +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package kuberuntime + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2" + kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" +) + +func makeExpectedConfig(m *kubeGenericRuntimeManager, pod *v1.Pod, containerIndex int) *runtimeapi.ContainerConfig { + container := &pod.Spec.Containers[containerIndex] + podIP := "" + restartCount := 0 + opts, _ := m.runtimeHelper.GenerateRunContainerOptions(pod, container, podIP) + containerLogsPath := buildContainerLogsPath(container.Name, restartCount) + restartCountUint32 := uint32(restartCount) + envs := make([]*runtimeapi.KeyValue, len(opts.Envs)) + + expectedConfig := &runtimeapi.ContainerConfig{ + Metadata: &runtimeapi.ContainerMetadata{ + Name: container.Name, + Attempt: restartCountUint32, + }, + Image: &runtimeapi.ImageSpec{Image: container.Image}, + Command: container.Command, + Args: []string(nil), + WorkingDir: container.WorkingDir, + Labels: newContainerLabels(container, pod, kubecontainer.ContainerTypeRegular), + Annotations: newContainerAnnotations(container, pod, restartCount, opts), + Devices: makeDevices(opts), + Mounts: m.makeMounts(opts, container), + LogPath: containerLogsPath, + Stdin: container.Stdin, + StdinOnce: container.StdinOnce, + Tty: container.TTY, + Linux: m.generateLinuxContainerConfig(container, pod, new(int64), ""), + Envs: envs, + } + return expectedConfig +} + +func TestGenerateContainerConfig(t *testing.T) { + _, imageService, m, err := createTestRuntimeManager() + assert.NoError(t, err) + + pod := &v1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + UID: "12345678", + Name: "bar", + Namespace: "new", + }, + Spec: v1.PodSpec{ + Containers: []v1.Container{ + { + Name: "foo", + Image: "busybox", + ImagePullPolicy: v1.PullIfNotPresent, + Command: []string{"testCommand"}, + WorkingDir: "testWorkingDir", + }, + }, + }, + } + + expectedConfig := makeExpectedConfig(m, pod, 0) + containerConfig, err := m.generateContainerConfig(&pod.Spec.Containers[0], pod, 0, "", pod.Spec.Containers[0].Image, kubecontainer.ContainerTypeRegular) + assert.NoError(t, err) + assert.Equal(t, expectedConfig, containerConfig, "generate container config for kubelet runtime v1.") + + runAsUser := int64(0) + runAsNonRootTrue := true + podWithContainerSecurityContext := &v1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + UID: "12345678", + Name: "bar", + Namespace: "new", + }, + Spec: v1.PodSpec{ + Containers: []v1.Container{ + { + Name: "foo", + Image: "busybox", + ImagePullPolicy: v1.PullIfNotPresent, + Command: []string{"testCommand"}, + WorkingDir: "testWorkingDir", + SecurityContext: &v1.SecurityContext{ + RunAsNonRoot: &runAsNonRootTrue, + RunAsUser: &runAsUser, + }, + }, + }, + }, + } + + _, err = m.generateContainerConfig(&podWithContainerSecurityContext.Spec.Containers[0], podWithContainerSecurityContext, 0, "", podWithContainerSecurityContext.Spec.Containers[0].Image, kubecontainer.ContainerTypeRegular) + assert.Error(t, err) + + imageId, _ := imageService.PullImage(&runtimeapi.ImageSpec{Image: "busybox"}, nil) + image, _ := imageService.ImageStatus(&runtimeapi.ImageSpec{Image: imageId}) + + image.Uid = nil + image.Username = "test" + + podWithContainerSecurityContext.Spec.Containers[0].SecurityContext.RunAsUser = nil + podWithContainerSecurityContext.Spec.Containers[0].SecurityContext.RunAsNonRoot = &runAsNonRootTrue + + _, err = m.generateContainerConfig(&podWithContainerSecurityContext.Spec.Containers[0], podWithContainerSecurityContext, 0, "", podWithContainerSecurityContext.Spec.Containers[0].Image, kubecontainer.ContainerTypeRegular) + assert.Error(t, err, "RunAsNonRoot should fail for non-numeric username") +} diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container_test.go b/pkg/kubelet/kuberuntime/kuberuntime_container_test.go index b0ab9a70ccc..64845b8c9ad 100644 --- a/pkg/kubelet/kuberuntime/kuberuntime_container_test.go +++ b/pkg/kubelet/kuberuntime/kuberuntime_container_test.go @@ -203,107 +203,6 @@ func TestToKubeContainerStatus(t *testing.T) { } } -func makeExpectedConfig(m *kubeGenericRuntimeManager, pod *v1.Pod, containerIndex int) *runtimeapi.ContainerConfig { - container := &pod.Spec.Containers[containerIndex] - podIP := "" - restartCount := 0 - opts, _ := m.runtimeHelper.GenerateRunContainerOptions(pod, container, podIP) - containerLogsPath := buildContainerLogsPath(container.Name, restartCount) - restartCountUint32 := uint32(restartCount) - envs := make([]*runtimeapi.KeyValue, len(opts.Envs)) - - expectedConfig := &runtimeapi.ContainerConfig{ - Metadata: &runtimeapi.ContainerMetadata{ - Name: container.Name, - Attempt: restartCountUint32, - }, - Image: &runtimeapi.ImageSpec{Image: container.Image}, - Command: container.Command, - Args: []string(nil), - WorkingDir: container.WorkingDir, - Labels: newContainerLabels(container, pod, kubecontainer.ContainerTypeRegular), - Annotations: newContainerAnnotations(container, pod, restartCount, opts), - Devices: makeDevices(opts), - Mounts: m.makeMounts(opts, container), - LogPath: containerLogsPath, - Stdin: container.Stdin, - StdinOnce: container.StdinOnce, - Tty: container.TTY, - Linux: m.generateLinuxContainerConfig(container, pod, new(int64), ""), - Envs: envs, - } - return expectedConfig -} - -func TestGenerateContainerConfig(t *testing.T) { - _, imageService, m, err := createTestRuntimeManager() - assert.NoError(t, err) - - pod := &v1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - UID: "12345678", - Name: "bar", - Namespace: "new", - }, - Spec: v1.PodSpec{ - Containers: []v1.Container{ - { - Name: "foo", - Image: "busybox", - ImagePullPolicy: v1.PullIfNotPresent, - Command: []string{"testCommand"}, - WorkingDir: "testWorkingDir", - }, - }, - }, - } - - expectedConfig := makeExpectedConfig(m, pod, 0) - containerConfig, err := m.generateContainerConfig(&pod.Spec.Containers[0], pod, 0, "", pod.Spec.Containers[0].Image, kubecontainer.ContainerTypeRegular) - assert.NoError(t, err) - assert.Equal(t, expectedConfig, containerConfig, "generate container config for kubelet runtime v1.") - - runAsUser := int64(0) - runAsNonRootTrue := true - podWithContainerSecurityContext := &v1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - UID: "12345678", - Name: "bar", - Namespace: "new", - }, - Spec: v1.PodSpec{ - Containers: []v1.Container{ - { - Name: "foo", - Image: "busybox", - ImagePullPolicy: v1.PullIfNotPresent, - Command: []string{"testCommand"}, - WorkingDir: "testWorkingDir", - SecurityContext: &v1.SecurityContext{ - RunAsNonRoot: &runAsNonRootTrue, - RunAsUser: &runAsUser, - }, - }, - }, - }, - } - - _, err = m.generateContainerConfig(&podWithContainerSecurityContext.Spec.Containers[0], podWithContainerSecurityContext, 0, "", podWithContainerSecurityContext.Spec.Containers[0].Image, kubecontainer.ContainerTypeRegular) - assert.Error(t, err) - - imageId, _ := imageService.PullImage(&runtimeapi.ImageSpec{Image: "busybox"}, nil) - image, _ := imageService.ImageStatus(&runtimeapi.ImageSpec{Image: imageId}) - - image.Uid = nil - image.Username = "test" - - podWithContainerSecurityContext.Spec.Containers[0].SecurityContext.RunAsUser = nil - podWithContainerSecurityContext.Spec.Containers[0].SecurityContext.RunAsNonRoot = &runAsNonRootTrue - - _, err = m.generateContainerConfig(&podWithContainerSecurityContext.Spec.Containers[0], podWithContainerSecurityContext, 0, "", podWithContainerSecurityContext.Spec.Containers[0].Image, kubecontainer.ContainerTypeRegular) - assert.Error(t, err, "RunAsNonRoot should fail for non-numeric username") -} - func TestLifeCycleHook(t *testing.T) { // Setup