github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Clean up brace whitespace in **/validation_test.go

Browse Source 
This was making my eyes bleed as I read over code.

I used the following in vim.  I made them up on the fly, but they seemed
to pass manual inspection.

:g/},\n\s*{$/s//}, {/
:w
:g/{$\n\s*{$/s//{{/
:w
:g/^\(\s*\)},\n\1},$/s//}},/
:w
:g/^\(\s*\)},$\n\1}$/s//}}/
:w
This commit is contained in:
Tim Hockin
2023-05-02 00:36:15 -07:00
parent 19830bf51b
commit d55b67b349
27 changed files with 18026 additions and 22083 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1917
pkg/apis/admissionregistration/validation/validation_test.go
View File

File diff suppressed because it is too large Load Diff

186
pkg/apis/apiserverinternal/validation/validation_test.go
View File

@@ -28,96 +28,84 @@ func TestValidateServerStorageVersion(t *testing.T) {
cases := []struct {
ssv apiserverinternal.ServerStorageVersion
expectedErr string
}{
{
}{{
ssv: apiserverinternal.ServerStorageVersion{
APIServerID: "-fea",
EncodingVersion: "v1alpha1",
DecodableVersions: []string{"v1alpha1", "v1"},
},
expectedErr: "apiServerID: Invalid value",
},
{
}, {
ssv: apiserverinternal.ServerStorageVersion{
APIServerID: "fea",
EncodingVersion: "v1alpha1",
DecodableVersions: []string{"v1beta1", "v1"},
},
expectedErr: "decodableVersions must include encodingVersion",
},
{
}, {
ssv: apiserverinternal.ServerStorageVersion{
APIServerID: "fea",
EncodingVersion: "v1alpha1",
DecodableVersions: []string{"v1alpha1", "v1", "-fea"},
},
expectedErr: "decodableVersions[2]: Invalid value",
},
{
}, {
ssv: apiserverinternal.ServerStorageVersion{
APIServerID: "fea",
EncodingVersion: "v1alpha1",
DecodableVersions: []string{"v1alpha1", "v1"},
},
expectedErr: "",
},
{
}, {
ssv: apiserverinternal.ServerStorageVersion{
APIServerID: "fea",
EncodingVersion: "mygroup.com/v2",
DecodableVersions: []string{"v1alpha1", "v1", "mygroup.com/v2"},
},
expectedErr: "",
},
{
}, {
ssv: apiserverinternal.ServerStorageVersion{
APIServerID: "fea",
EncodingVersion: "mygroup.com/v2",
DecodableVersions: []string{"mygroup.com/v2", "/v3"},
},
expectedErr: `[].decodableVersions[1]: Invalid value: "/v3": group part: must be non-empty`,
},
{
}, {
ssv: apiserverinternal.ServerStorageVersion{
APIServerID: "fea",
EncodingVersion: "mygroup.com/v2",
DecodableVersions: []string{"mygroup.com/v2", "mygroup.com/"},
},
expectedErr: `[].decodableVersions[1]: Invalid value: "mygroup.com/": version part: must be non-empty`,
},
{
}, {
ssv: apiserverinternal.ServerStorageVersion{
APIServerID: "fea",
EncodingVersion: "/v3",
DecodableVersions: []string{"mygroup.com/v2", "/v3"},
},
expectedErr: `[].encodingVersion: Invalid value: "/v3": group part: must be non-empty`,
},
{
}, {
ssv: apiserverinternal.ServerStorageVersion{
APIServerID: "fea",
EncodingVersion: "v1",
DecodableVersions: []string{"v1", "mygroup_com/v2"},
},
expectedErr: `[].decodableVersions[1]: Invalid value: "mygroup_com/v2": group part: a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')`,
},
{
}, {
ssv: apiserverinternal.ServerStorageVersion{
APIServerID: "fea",
EncodingVersion: "v1",
DecodableVersions: []string{"v1", "mygroup.com/v2_"},
},
expectedErr: `[].decodableVersions[1]: Invalid value: "mygroup.com/v2_": version part: a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')`,
},
{
}, {
ssv: apiserverinternal.ServerStorageVersion{
APIServerID: "fea",
EncodingVersion: "v1",
DecodableVersions: []string{"v1", "mygroup.com/v2/myresource"},
},
expectedErr: `[].decodableVersions[1]: Invalid value: "mygroup.com/v2/myresource": an apiVersion is a DNS-1035 label, which must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyVersion')`,
},
}
}}
for _, tc := range cases {
err := validateServerStorageVersion(tc.ssv, field.NewPath("")).ToAggregate()
@@ -142,91 +130,70 @@ func TestValidateCommonVersion(t *testing.T) {
cases := []struct {
status apiserverinternal.StorageVersionStatus
expectedErr string
}{
{
}{{
status: apiserverinternal.StorageVersionStatus{
StorageVersions: []apiserverinternal.ServerStorageVersion{},
CommonEncodingVersion: func() *string { a := "v1alpha1"; return &a }(),
},
expectedErr: "should be nil if servers do not agree on the same encoding version, or if there is no server reporting the supported versions yet",
},
{
}, {
status: apiserverinternal.StorageVersionStatus{
StorageVersions: []apiserverinternal.ServerStorageVersion{
{
StorageVersions: []apiserverinternal.ServerStorageVersion{{
APIServerID: "1",
EncodingVersion: "v1alpha1",
},
{
}, {
APIServerID: "2",
EncodingVersion: "v1",
},
},
}},
CommonEncodingVersion: func() *string { a := "v1alpha1"; return &a }(),
},
expectedErr: "should be nil if servers do not agree on the same encoding version, or if there is no server reporting the supported versions yet",
},
{
}, {
status: apiserverinternal.StorageVersionStatus{
StorageVersions: []apiserverinternal.ServerStorageVersion{
{
StorageVersions: []apiserverinternal.ServerStorageVersion{{
APIServerID: "1",
EncodingVersion: "v1alpha1",
},
{
}, {
APIServerID: "2",
EncodingVersion: "v1alpha1",
},
},
}},
CommonEncodingVersion: nil,
},
expectedErr: "Invalid value: \"null\": the common encoding version is v1alpha1",
},
{
}, {
status: apiserverinternal.StorageVersionStatus{
StorageVersions: []apiserverinternal.ServerStorageVersion{
{
StorageVersions: []apiserverinternal.ServerStorageVersion{{
APIServerID: "1",
EncodingVersion: "v1alpha1",
},
{
}, {
APIServerID: "2",
EncodingVersion: "v1alpha1",
},
},
}},
CommonEncodingVersion: func() *string { a := "v1"; return &a }(),
},
expectedErr: "Invalid value: \"v1\": the actual common encoding version is v1alpha1",
},
{
}, {
status: apiserverinternal.StorageVersionStatus{
StorageVersions: []apiserverinternal.ServerStorageVersion{
{
StorageVersions: []apiserverinternal.ServerStorageVersion{{
APIServerID: "1",
EncodingVersion: "v1alpha1",
},
{
}, {
APIServerID: "2",
EncodingVersion: "v1alpha1",
},
},
}},
CommonEncodingVersion: func() *string { a := "v1alpha1"; return &a }(),
},
expectedErr: "",
},
{
}, {
status: apiserverinternal.StorageVersionStatus{
StorageVersions: []apiserverinternal.ServerStorageVersion{
{
StorageVersions: []apiserverinternal.ServerStorageVersion{{
APIServerID: "1",
EncodingVersion: "v1alpha1",
},
},
}},
CommonEncodingVersion: func() *string { a := "v1alpha1"; return &a }(),
},
expectedErr: "",
},
}
}}
for _, tc := range cases {
err := validateCommonVersion(tc.status, field.NewPath(""))
if err == nil && len(tc.expectedErr) == 0 {
@@ -250,78 +217,58 @@ func TestValidateStorageVersionCondition(t *testing.T) {
cases := []struct {
conditions []apiserverinternal.StorageVersionCondition
expectedErr string
}{
{
conditions: []apiserverinternal.StorageVersionCondition{
{
}{{
conditions: []apiserverinternal.StorageVersionCondition{{
Type: "-fea",
Status: "True",
Reason: "unknown",
Message: "unknown",
},
},
}},
expectedErr: "type: Invalid value",
},
{
conditions: []apiserverinternal.StorageVersionCondition{
{
}, {
conditions: []apiserverinternal.StorageVersionCondition{{
Type: "fea",
Status: "-True",
Reason: "unknown",
Message: "unknown",
},
},
}},
expectedErr: "status: Invalid value",
},
{
conditions: []apiserverinternal.StorageVersionCondition{
{
}, {
conditions: []apiserverinternal.StorageVersionCondition{{
Type: "fea",
Status: "True",
Message: "unknown",
},
},
}},
expectedErr: "Required value: reason cannot be empty",
},
{
conditions: []apiserverinternal.StorageVersionCondition{
{
}, {
conditions: []apiserverinternal.StorageVersionCondition{{
Type: "fea",
Status: "True",
Reason: "unknown",
},
},
}},
expectedErr: "Required value: message cannot be empty",
},
{
conditions: []apiserverinternal.StorageVersionCondition{
{
}, {
conditions: []apiserverinternal.StorageVersionCondition{{
Type: "fea",
Status: "True",
Reason: "unknown",
Message: "unknown",
},
{
}, {
Type: "fea",
Status: "True",
Reason: "unknown",
Message: "unknown",
},
},
}},
expectedErr: `"fea": the type of the condition is not unique, it also appears in conditions[0]`,
},
{
conditions: []apiserverinternal.StorageVersionCondition{
{
}, {
conditions: []apiserverinternal.StorageVersionCondition{{
Type: "fea",
Status: "True",
Reason: "unknown",
Message: "unknown",
},
},
}},
expectedErr: "",
},
}
}}
for _, tc := range cases {
err := validateStorageVersionCondition(tc.conditions, field.NewPath("")).ToAggregate()
if err == nil && len(tc.expectedErr) == 0 {
@@ -345,40 +292,31 @@ func TestValidateStorageVersionName(t *testing.T) {
cases := []struct {
name string
expectedErr string
}{
{
}{{
name: "",
expectedErr: `name must be in the form of <group>.<resource>`,
},
{
}, {
name: "pods",
expectedErr: `name must be in the form of <group>.<resource>`,
},
{
}, {
name: "core.pods",
expectedErr: "",
},
{
}, {
name: "authentication.k8s.io.tokenreviews",
expectedErr: "",
},
{
}, {
name: strings.Repeat("x", 253) + ".tokenreviews",
expectedErr: "",
},
{
}, {
name: strings.Repeat("x", 254) + ".tokenreviews",
expectedErr: `the group segment must be no more than 253 characters`,
},
{
}, {
name: "authentication.k8s.io." + strings.Repeat("x", 63),
expectedErr: "",
},
{
}, {
name: "authentication.k8s.io." + strings.Repeat("x", 64),
expectedErr: `the resource segment must be no more than 63 characters`,
},
}
}}
for _, tc := range cases {
errs := ValidateStorageVersionName(tc.name, false)
if errs == nil && len(tc.expectedErr) == 0 {

312
pkg/apis/apps/validation/validation_test.go
View File

@@ -248,32 +248,26 @@ func TestValidateStatefulSet(t *testing.T) {
errs field.ErrorList
}
successCases := []testCase{
{
successCases := []testCase{{
name: "alpha name",
set: mkStatefulSet(&validPodTemplate, tweakName("abc")),
},
{
}, {
name: "alphanumeric name",
set: mkStatefulSet(&validPodTemplate, tweakName("abc-123")),
},
{
}, {
name: "parallel pod management",
set: mkStatefulSet(&validPodTemplate, tweakPodManagementPolicy(apps.ParallelPodManagement)),
},
{
}, {
name: "ordered ready pod management",
set: mkStatefulSet(&validPodTemplate, tweakPodManagementPolicy(apps.OrderedReadyPodManagement)),
},
{
}, {
name: "update strategy",
set: mkStatefulSet(&validPodTemplate,
tweakReplicas(3),
tweakUpdateStrategyType(apps.RollingUpdateStatefulSetStrategyType),
tweakRollingUpdatePartition(2),
),
},
{
}, {
name: "PVC policy " + enableStatefulSetAutoDeletePVC,
set: mkStatefulSet(&validPodTemplate,
tweakPVCPolicy(mkPVCPolicy(
@@ -281,8 +275,7 @@ func TestValidateStatefulSet(t *testing.T) {
tweakPVCScalePolicy(apps.RetainPersistentVolumeClaimRetentionPolicyType),
)),
),
},
{
}, {
name: "maxUnavailable with parallel pod management",
set: mkStatefulSet(&validPodTemplate,
tweakReplicas(3),
@@ -290,8 +283,7 @@ func TestValidateStatefulSet(t *testing.T) {
tweakRollingUpdatePartition(2),
tweakMaxUnavailable(intstr.FromInt32(2)),
),
},
{
}, {
name: "ordinals.start positive value",
set: mkStatefulSet(&validPodTemplate,
tweakReplicas(3),
@@ -300,58 +292,50 @@ func TestValidateStatefulSet(t *testing.T) {
},
}
errorCases := []testCase{
{
errorCases := []testCase{{
name: "zero-length name",
set: mkStatefulSet(&validPodTemplate, tweakName("")),
errs: field.ErrorList{
field.Required(field.NewPath("metadata", "name"), ""),
},
},
{
}, {
name: "name-with-dots",
set: mkStatefulSet(&validPodTemplate, tweakName("abc.123")),
errs: field.ErrorList{
field.Invalid(field.NewPath("metadata", "name"), "abc.123", ""),
},
},
{
}, {
name: "long name",
set: mkStatefulSet(&validPodTemplate, tweakName(strings.Repeat("a", 64))),
errs: field.ErrorList{
field.Invalid(field.NewPath("metadata", "name"), strings.Repeat("a", 64), ""),
},
},
{
}, {
name: "missing-namespace",
set: mkStatefulSet(&validPodTemplate, tweakNamespace("")),
errs: field.ErrorList{
field.Required(field.NewPath("metadata", "namespace"), ""),
},
},
{
}, {
name: "empty selector",
set: mkStatefulSet(&validPodTemplate, tweakSelectorLabels(nil)),
errs: field.ErrorList{
field.Required(field.NewPath("spec", "selector"), ""),
field.Invalid(field.NewPath("spec", "template", "metadata", "labels"), nil, ""), // selector is empty, labels are not, so select doesn't match labels
},
},
{
}, {
name: "selector_doesnt_match",
set: mkStatefulSet(&validPodTemplate, tweakSelectorLabels(map[string]string{"foo": "bar"})),
errs: field.ErrorList{
field.Invalid(field.NewPath("spec", "template", "metadata", "labels"), nil, ""),
},
},
{
}, {
name: "negative_replicas",
set: mkStatefulSet(&validPodTemplate, tweakReplicas(-1)),
errs: field.ErrorList{
field.Invalid(field.NewPath("spec", "replicas"), nil, ""),
},
},
{
}, {
name: "invalid_label",
set: mkStatefulSet(&validPodTemplate,
tweakLabels("NoUppercaseOrSpecialCharsLike=Equals", "bar"),
@@ -359,8 +343,7 @@ func TestValidateStatefulSet(t *testing.T) {
errs: field.ErrorList{
field.Invalid(field.NewPath("metadata", "labels"), nil, ""),
},
},
{
}, {
name: "invalid_label 2",
set: mkStatefulSet(&invalidPodTemplate,
tweakLabels("NoUppercaseOrSpecialCharsLike=Equals", "bar"),
@@ -371,8 +354,7 @@ func TestValidateStatefulSet(t *testing.T) {
field.Invalid(field.NewPath("spec", "selector"), nil, ""),
field.Invalid(field.NewPath("spec", "selector", "matchLabels"), nil, ""),
},
},
{
}, {
name: "invalid_annotation",
set: mkStatefulSet(&validPodTemplate,
tweakAnnotations("NoUppercaseOrSpecialCharsLike=Equals", "bar"),
@@ -380,29 +362,25 @@ func TestValidateStatefulSet(t *testing.T) {
errs: field.ErrorList{
field.Invalid(field.NewPath("metadata", "annotations"), nil, ""),
},
},
{
}, {
name: "invalid restart policy 1",
set: mkStatefulSet(&validPodTemplate, tweakTemplateRestartPolicy(api.RestartPolicyOnFailure)),
errs: field.ErrorList{
field.NotSupported(field.NewPath("spec", "template", "spec", "restartPolicy"), nil, nil),
},
},
{
}, {
name: "invalid restart policy 2",
set: mkStatefulSet(&validPodTemplate, tweakTemplateRestartPolicy(api.RestartPolicyNever)),
errs: field.ErrorList{
field.NotSupported(field.NewPath("spec", "template", "spec", "restartPolicy"), nil, nil),
},
},
{
}, {
name: "empty restart policy",
set: mkStatefulSet(&validPodTemplate, tweakTemplateRestartPolicy("")),
errs: field.ErrorList{
field.NotSupported(field.NewPath("spec", "template", "spec", "restartPolicy"), nil, nil),
},
},
{
}, {
name: "invalid update strategy",
set: mkStatefulSet(&validPodTemplate,
tweakReplicas(3),
@@ -411,8 +389,7 @@ func TestValidateStatefulSet(t *testing.T) {
errs: field.ErrorList{
field.Invalid(field.NewPath("spec", "updateStrategy"), nil, ""),
},
},
{
}, {
name: "empty update strategy",
set: mkStatefulSet(&validPodTemplate,
tweakReplicas(3),
@@ -421,8 +398,7 @@ func TestValidateStatefulSet(t *testing.T) {
errs: field.ErrorList{
field.Required(field.NewPath("spec", "updateStrategy"), ""),
},
},
{
}, {
name: "invalid rolling update",
set: mkStatefulSet(&validPodTemplate,
tweakReplicas(3),
@@ -432,8 +408,7 @@ func TestValidateStatefulSet(t *testing.T) {
errs: field.ErrorList{
field.Invalid(field.NewPath("spec", "updateStrategy", "rollingUpdate"), nil, ""),
},
},
{
}, {
name: "negative parition",
set: mkStatefulSet(&validPodTemplate,
tweakReplicas(3),
@@ -442,8 +417,7 @@ func TestValidateStatefulSet(t *testing.T) {
errs: field.ErrorList{
field.Invalid(field.NewPath("spec", "updateStrategy", "rollingUpdate", "partition"), nil, ""),
},
},
{
}, {
name: "empty pod management policy",
set: mkStatefulSet(&validPodTemplate,
tweakPodManagementPolicy(""),
@@ -452,22 +426,19 @@ func TestValidateStatefulSet(t *testing.T) {
errs: field.ErrorList{
field.Required(field.NewPath("spec", "podManagementPolicy"), ""),
},
},
{
}, {
name: "invalid pod management policy",
set: mkStatefulSet(&validPodTemplate, tweakPodManagementPolicy("foo")),
errs: field.ErrorList{
field.Invalid(field.NewPath("spec", "podManagementPolicy"), nil, ""),
},
},
{
}, {
name: "set active deadline seconds",
set: mkStatefulSet(&invalidPodTemplate2, tweakReplicas(3)),
errs: field.ErrorList{
field.Forbidden(field.NewPath("spec", "template", "spec", "activeDeadlineSeconds"), ""),
},
},
{
}, {
name: "empty PersistentVolumeClaimRetentionPolicy " + enableStatefulSetAutoDeletePVC,
set: mkStatefulSet(&validPodTemplate,
tweakPVCPolicy(mkPVCPolicy()),
@@ -476,8 +447,7 @@ func TestValidateStatefulSet(t *testing.T) {
field.NotSupported(field.NewPath("spec", "persistentVolumeClaimRetentionPolicy", "whenDeleted"), nil, nil),
field.NotSupported(field.NewPath("spec", "persistentVolumeClaimRetentionPolicy", "whenScaled"), nil, nil),
},
},
{
}, {
name: "invalid PersistentVolumeClaimRetentionPolicy " + enableStatefulSetAutoDeletePVC,
set: mkStatefulSet(&validPodTemplate,
tweakPVCPolicy(mkPVCPolicy(
@@ -489,8 +459,7 @@ func TestValidateStatefulSet(t *testing.T) {
field.NotSupported(field.NewPath("spec", "persistentVolumeClaimRetentionPolicy", "whenDeleted"), nil, nil),
field.NotSupported(field.NewPath("spec", "persistentVolumeClaimRetentionPolicy", "whenScaled"), nil, nil),
},
},
{
}, {
name: "zero maxUnavailable",
set: mkStatefulSet(&validPodTemplate,
tweakReplicas(3),
@@ -500,8 +469,7 @@ func TestValidateStatefulSet(t *testing.T) {
errs: field.ErrorList{
field.Invalid(field.NewPath("spec", "updateStrategy", "rollingUpdate", "maxUnavailable"), nil, ""),
},
},
{
}, {
name: "zero percent maxUnavailable",
set: mkStatefulSet(&validPodTemplate,
tweakReplicas(3),
@@ -511,8 +479,7 @@ func TestValidateStatefulSet(t *testing.T) {
errs: field.ErrorList{
field.Invalid(field.NewPath("spec", "updateStrategy", "rollingUpdate", "maxUnavailable"), nil, ""),
},
},
{
}, {
name: "greater than 100 percent maxUnavailable",
set: mkStatefulSet(&validPodTemplate,
tweakReplicas(3),
@@ -522,8 +489,7 @@ func TestValidateStatefulSet(t *testing.T) {
errs: field.ErrorList{
field.Invalid(field.NewPath("spec", "updateStrategy", "rollingUpdate", "maxUnavailable"), nil, ""),
},
},
{
}, {
name: "invalid ordinals.start",
set: mkStatefulSet(&validPodTemplate,
tweakReplicas(3),
@@ -635,48 +601,42 @@ func TestValidateStatefulSetStatus(t *testing.T) {
observedGeneration *int64
collisionCount *int32
expectedErr bool
}{
{
}{{
name: "valid status",
replicas: 3,
readyReplicas: 3,
currentReplicas: 2,
updatedReplicas: 1,
expectedErr: false,
},
{
}, {
name: "invalid replicas",
replicas: -1,
readyReplicas: 3,
currentReplicas: 2,
updatedReplicas: 1,
expectedErr: true,
},
{
}, {
name: "invalid readyReplicas",
replicas: 3,
readyReplicas: -1,
currentReplicas: 2,
updatedReplicas: 1,
expectedErr: true,
},
{
}, {
name: "invalid currentReplicas",
replicas: 3,
readyReplicas: 3,
currentReplicas: -1,
updatedReplicas: 1,
expectedErr: true,
},
{
}, {
name: "invalid updatedReplicas",
replicas: 3,
readyReplicas: 3,
currentReplicas: 2,
updatedReplicas: -1,
expectedErr: true,
},
{
}, {
name: "invalid observedGeneration",
replicas: 3,
readyReplicas: 3,
@@ -684,8 +644,7 @@ func TestValidateStatefulSetStatus(t *testing.T) {
updatedReplicas: 1,
observedGeneration: &observedGenerationMinusOne,
expectedErr: true,
},
{
}, {
name: "invalid collisionCount",
replicas: 3,
readyReplicas: 3,
@@ -693,48 +652,42 @@ func TestValidateStatefulSetStatus(t *testing.T) {
updatedReplicas: 1,
collisionCount: &collisionCountMinusOne,
expectedErr: true,
},
{
}, {
name: "readyReplicas greater than replicas",
replicas: 3,
readyReplicas: 4,
currentReplicas: 2,
updatedReplicas: 1,
expectedErr: true,
},
{
}, {
name: "currentReplicas greater than replicas",
replicas: 3,
readyReplicas: 3,
currentReplicas: 4,
updatedReplicas: 1,
expectedErr: true,
},
{
}, {
name: "updatedReplicas greater than replicas",
replicas: 3,
readyReplicas: 3,
currentReplicas: 2,
updatedReplicas: 4,
expectedErr: true,
},
{
}, {
name: "invalid: number of available replicas",
replicas: 3,
readyReplicas: 3,
currentReplicas: 2,
availableReplicas: int32(-1),
expectedErr: true,
},
{
}, {
name: "invalid: available replicas greater than replicas",
replicas: 3,
readyReplicas: 3,
currentReplicas: 2,
availableReplicas: int32(4),
expectedErr: true,
},
{
}, {
name: "invalid: available replicas greater than ready replicas",
replicas: 3,
readyReplicas: 2,
@@ -842,23 +795,19 @@ func TestValidateStatefulSetUpdate(t *testing.T) {
errs field.ErrorList
}
successCases := []testCase{
{
successCases := []testCase{{
name: "update replica count",
old: mkStatefulSet(&validPodTemplate),
update: mkStatefulSet(&validPodTemplate, tweakReplicas(3)),
},
{
}, {
name: "update containers 1",
old: mkStatefulSet(&validPodTemplate),
update: mkStatefulSet(addContainersValidTemplate),
},
{
}, {
name: "update containers 2",
old: mkStatefulSet(addContainersValidTemplate),
update: mkStatefulSet(&validPodTemplate),
},
{
}, {
name: "update containers and pvc retention policy 1",
old: mkStatefulSet(addContainersValidTemplate),
update: mkStatefulSet(&validPodTemplate,
@@ -867,8 +816,7 @@ func TestValidateStatefulSetUpdate(t *testing.T) {
tweakPVCScalePolicy(apps.RetainPersistentVolumeClaimRetentionPolicyType),
)),
),
},
{
}, {
name: "update containers and pvc retention policy 2",
old: mkStatefulSet(&validPodTemplate,
tweakPVCPolicy(mkPVCPolicy(
@@ -876,54 +824,46 @@ func TestValidateStatefulSetUpdate(t *testing.T) {
)),
),
update: mkStatefulSet(&validPodTemplate),
},
{
}, {
name: "update update strategy",
old: mkStatefulSet(&validPodTemplate),
update: mkStatefulSet(&validPodTemplate,
tweakUpdateStrategyType(apps.OnDeleteStatefulSetStrategyType),
),
},
{
}, {
name: "update min ready seconds 1",
old: mkStatefulSet(&validPodTemplate),
update: mkStatefulSet(&validPodTemplate, tweakMinReadySeconds(10)),
},
{
}, {
name: "update min ready seconds 2",
old: mkStatefulSet(&validPodTemplate, tweakMinReadySeconds(5)),
update: mkStatefulSet(&validPodTemplate, tweakMinReadySeconds(10)),
},
{
}, {
name: "update existing instance with now-invalid name",
old: mkStatefulSet(&validPodTemplate, tweakFinalizers("final")),
update: mkStatefulSet(&validPodTemplate, tweakFinalizers()),
},
{
}, {
name: "update existing instance with .spec.ordinals.start",
old: mkStatefulSet(&validPodTemplate),
update: mkStatefulSet(&validPodTemplate, tweakOrdinalsStart(3)),
},
}
errorCases := []testCase{
{
errorCases := []testCase{{
name: "update name",
old: mkStatefulSet(&validPodTemplate, tweakName("abc")),
update: mkStatefulSet(&validPodTemplate, tweakName("abc2")),
errs: field.ErrorList{
field.Invalid(field.NewPath("metadata", "name"), nil, ""),
},
},
{
}, {
name: "update namespace",
old: mkStatefulSet(&validPodTemplate, tweakNamespace(metav1.NamespaceDefault)),
update: mkStatefulSet(&validPodTemplate, tweakNamespace(metav1.NamespaceDefault+"1")),
errs: field.ErrorList{
field.Invalid(field.NewPath("metadata", "namespace"), nil, ""),
},
},
{
}, {
name: "update selector",
old: mkStatefulSet(&validPodTemplate, tweakSelectorLabels(validLabels)),
update: mkStatefulSet(&validPodTemplate2,
@@ -932,48 +872,42 @@ func TestValidateStatefulSetUpdate(t *testing.T) {
errs: field.ErrorList{
field.Forbidden(field.NewPath("spec"), ""),
},
},
{
}, {
name: "update pod management policy 1",
old: mkStatefulSet(&validPodTemplate, tweakPodManagementPolicy("")),
update: mkStatefulSet(&validPodTemplate, tweakPodManagementPolicy(apps.OrderedReadyPodManagement)),
errs: field.ErrorList{
field.Forbidden(field.NewPath("spec"), ""),
},
},
{
}, {
name: "update pod management policy 2",
old: mkStatefulSet(&validPodTemplate, tweakPodManagementPolicy(apps.ParallelPodManagement)),
update: mkStatefulSet(&validPodTemplate, tweakPodManagementPolicy(apps.OrderedReadyPodManagement)),
errs: field.ErrorList{
field.Forbidden(field.NewPath("spec"), ""),
},
},
{
}, {
name: "update to negative replicas",
old: mkStatefulSet(&validPodTemplate),
update: mkStatefulSet(&validPodTemplate, tweakReplicas(-1)),
errs: field.ErrorList{
field.Invalid(field.NewPath("spec", "replicas"), nil, ""),
},
},
{
}, {
name: "update pvc template size",
old: mkStatefulSet(&validPodTemplate, tweakPVCTemplate(validPVCTemplate)),
update: mkStatefulSet(&validPodTemplate, tweakPVCTemplate(validPVCTemplateChangedSize)),
errs: field.ErrorList{
field.Forbidden(field.NewPath("spec"), ""),
},
},
{
}, {
name: "update pvc template storage class",
old: mkStatefulSet(&validPodTemplate, tweakPVCTemplate(validPVCTemplate)),
update: mkStatefulSet(&validPodTemplate, tweakPVCTemplate(validPVCTemplateChangedClass)),
errs: field.ErrorList{
field.Forbidden(field.NewPath("spec"), ""),
},
},
{
}, {
name: "add new pvc template",
old: mkStatefulSet(&validPodTemplate, tweakPVCTemplate(validPVCTemplate)),
update: mkStatefulSet(&validPodTemplate, tweakPVCTemplate(validPVCTemplate, validPVCTemplate2)),
@@ -1112,26 +1046,22 @@ func TestValidateControllerRevisionUpdate(t *testing.T) {
newHistory apps.ControllerRevision
oldHistory apps.ControllerRevision
isValid bool
}{
{
}{{
name: "valid",
newHistory: valid,
oldHistory: valid,
isValid: true,
},
{
}, {
name: "invalid",
newHistory: noVersion,
oldHistory: valid,
isValid: false,
},
{
}, {
name: "changed data",
newHistory: changedData,
oldHistory: valid,
isValid: false,
},
{
}, {
name: "changed revision",
newHistory: changedRevision,
oldHistory: valid,
@@ -1158,8 +1088,7 @@ func TestValidateDaemonSetStatusUpdate(t *testing.T) {
update apps.DaemonSet
}
successCases := []dsUpdateTest{
{
successCases := []dsUpdateTest{{
old: apps.DaemonSet{
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Status: apps.DaemonSetStatus{
@@ -2071,8 +2000,7 @@ func TestValidateDaemonSet(t *testing.T) {
},
},
}
successCases := []apps.DaemonSet{
{
successCases := []apps.DaemonSet{{
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Spec: apps.DaemonSetSpec{
Selector: &metav1.LabelSelector{MatchLabels: validSelector},
@@ -2081,8 +2009,7 @@ func TestValidateDaemonSet(t *testing.T) {
Type: apps.OnDeleteDaemonSetStrategyType,
},
},
},
{
}, {
ObjectMeta: metav1.ObjectMeta{Name: "abc-123", Namespace: metav1.NamespaceDefault},
Spec: apps.DaemonSetSpec{
Selector: &metav1.LabelSelector{MatchLabels: validSelector},
@@ -2290,14 +2217,12 @@ func validDeployment() *apps.Deployment {
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSDefault,
Containers: []api.Container{
{
Containers: []api.Container{{
Name: "nginx",
Image: "image",
ImagePullPolicy: api.PullNever,
TerminationMessagePolicy: api.TerminationMessageReadFile,
},
},
}},
},
},
RollbackTo: &apps.RollbackConfig{
@@ -2427,8 +2352,7 @@ func TestValidateDeploymentStatus(t *testing.T) {
collisionCount *int32
expectedErr bool
}{
{
}{{
name: "valid status",
replicas: 3,
updatedReplicas: 3,
@@ -2436,8 +2360,7 @@ func TestValidateDeploymentStatus(t *testing.T) {
availableReplicas: 1,
observedGeneration: 2,
expectedErr: false,
},
{
}, {
name: "invalid replicas",
replicas: -1,
updatedReplicas: 2,
@@ -2445,8 +2368,7 @@ func TestValidateDeploymentStatus(t *testing.T) {
availableReplicas: 1,
observedGeneration: 2,
expectedErr: true,
},
{
}, {
name: "invalid updatedReplicas",
replicas: 2,
updatedReplicas: -1,
@@ -2454,32 +2376,28 @@ func TestValidateDeploymentStatus(t *testing.T) {
availableReplicas: 1,
observedGeneration: 2,
expectedErr: true,
},
{
}, {
name: "invalid readyReplicas",
replicas: 3,
readyReplicas: -1,
availableReplicas: 1,
observedGeneration: 2,
expectedErr: true,
},
{
}, {
name: "invalid availableReplicas",
replicas: 3,
readyReplicas: 3,
availableReplicas: -1,
observedGeneration: 2,
expectedErr: true,
},
{
}, {
name: "invalid observedGeneration",
replicas: 3,
readyReplicas: 3,
availableReplicas: 3,
observedGeneration: -1,
expectedErr: true,
},
{
}, {
name: "updatedReplicas greater than replicas",
replicas: 3,
updatedReplicas: 4,
@@ -2487,32 +2405,28 @@ func TestValidateDeploymentStatus(t *testing.T) {
availableReplicas: 3,
observedGeneration: 1,
expectedErr: true,
},
{
}, {
name: "readyReplicas greater than replicas",
replicas: 3,
readyReplicas: 4,
availableReplicas: 3,
observedGeneration: 1,
expectedErr: true,
},
{
}, {
name: "availableReplicas greater than replicas",
replicas: 3,
readyReplicas: 3,
availableReplicas: 4,
observedGeneration: 1,
expectedErr: true,
},
{
}, {
name: "availableReplicas greater than readyReplicas",
replicas: 3,
readyReplicas: 2,
availableReplicas: 3,
observedGeneration: 1,
expectedErr: true,
},
{
}, {
name: "invalid collisionCount",
replicas: 3,
observedGeneration: 1,
@@ -2548,8 +2462,7 @@ func TestValidateDeploymentStatusUpdate(t *testing.T) {
from, to apps.DeploymentStatus
expectedErr bool
}{
{
}{{
name: "increase: valid update",
from: apps.DeploymentStatus{
CollisionCount: nil,
@@ -2558,8 +2471,7 @@ func TestValidateDeploymentStatusUpdate(t *testing.T) {
CollisionCount: &collisionCount,
},
expectedErr: false,
},
{
}, {
name: "stable: valid update",
from: apps.DeploymentStatus{
CollisionCount: &collisionCount,
@@ -2568,8 +2480,7 @@ func TestValidateDeploymentStatusUpdate(t *testing.T) {
CollisionCount: &collisionCount,
},
expectedErr: false,
},
{
}, {
name: "unset: invalid update",
from: apps.DeploymentStatus{
CollisionCount: &collisionCount,
@@ -2578,8 +2489,7 @@ func TestValidateDeploymentStatusUpdate(t *testing.T) {
CollisionCount: nil,
},
expectedErr: true,
},
{
}, {
name: "decrease: invalid update",
from: apps.DeploymentStatus{
CollisionCount: &otherCollisionCount,
@@ -2872,8 +2782,7 @@ func TestValidateReplicaSetStatus(t *testing.T) {
observedGeneration int64
expectedErr bool
}{
{
}{{
name: "valid status",
replicas: 3,
fullyLabeledReplicas: 3,
@@ -2881,8 +2790,7 @@ func TestValidateReplicaSetStatus(t *testing.T) {
availableReplicas: 1,
observedGeneration: 2,
expectedErr: false,
},
{
}, {
name: "invalid replicas",
replicas: -1,
fullyLabeledReplicas: 3,
@@ -2890,8 +2798,7 @@ func TestValidateReplicaSetStatus(t *testing.T) {
availableReplicas: 1,
observedGeneration: 2,
expectedErr: true,
},
{
}, {
name: "invalid fullyLabeledReplicas",
replicas: 3,
fullyLabeledReplicas: -1,
@@ -2899,8 +2806,7 @@ func TestValidateReplicaSetStatus(t *testing.T) {
availableReplicas: 1,
observedGeneration: 2,
expectedErr: true,
},
{
}, {
name: "invalid readyReplicas",
replicas: 3,
fullyLabeledReplicas: 3,
@@ -2908,8 +2814,7 @@ func TestValidateReplicaSetStatus(t *testing.T) {
availableReplicas: 1,
observedGeneration: 2,
expectedErr: true,
},
{
}, {
name: "invalid availableReplicas",
replicas: 3,
fullyLabeledReplicas: 3,
@@ -2917,8 +2822,7 @@ func TestValidateReplicaSetStatus(t *testing.T) {
availableReplicas: -1,
observedGeneration: 2,
expectedErr: true,
},
{
}, {
name: "invalid observedGeneration",
replicas: 3,
fullyLabeledReplicas: 3,
@@ -2926,8 +2830,7 @@ func TestValidateReplicaSetStatus(t *testing.T) {
availableReplicas: 3,
observedGeneration: -1,
expectedErr: true,
},
{
}, {
name: "fullyLabeledReplicas greater than replicas",
replicas: 3,
fullyLabeledReplicas: 4,
@@ -2935,8 +2838,7 @@ func TestValidateReplicaSetStatus(t *testing.T) {
availableReplicas: 3,
observedGeneration: 1,
expectedErr: true,
},
{
}, {
name: "readyReplicas greater than replicas",
replicas: 3,
fullyLabeledReplicas: 3,
@@ -2944,8 +2846,7 @@ func TestValidateReplicaSetStatus(t *testing.T) {
availableReplicas: 3,
observedGeneration: 1,
expectedErr: true,
},
{
}, {
name: "availableReplicas greater than replicas",
replicas: 3,
fullyLabeledReplicas: 3,
@@ -2953,8 +2854,7 @@ func TestValidateReplicaSetStatus(t *testing.T) {
availableReplicas: 4,
observedGeneration: 1,
expectedErr: true,
},
{
}, {
name: "availableReplicas greater than readyReplicas",
replicas: 3,
fullyLabeledReplicas: 3,
@@ -2998,8 +2898,7 @@ func TestValidateReplicaSetStatusUpdate(t *testing.T) {
old apps.ReplicaSet
update apps.ReplicaSet
}
successCases := []rcUpdateTest{
{
successCases := []rcUpdateTest{{
old: apps.ReplicaSet{
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Spec: apps.ReplicaSetSpec{
@@ -3300,22 +3199,19 @@ func TestValidateReplicaSet(t *testing.T) {
},
},
}
successCases := []apps.ReplicaSet{
{
successCases := []apps.ReplicaSet{{
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Spec: apps.ReplicaSetSpec{
Selector: &metav1.LabelSelector{MatchLabels: validLabels},
Template: validPodTemplate.Template,
},
},
{
}, {
ObjectMeta: metav1.ObjectMeta{Name: "abc-123", Namespace: metav1.NamespaceDefault},
Spec: apps.ReplicaSetSpec{
Selector: &metav1.LabelSelector{MatchLabels: validLabels},
Template: validPodTemplate.Template,
},
},
{
}, {
ObjectMeta: metav1.ObjectMeta{Name: "abc-123", Namespace: metav1.NamespaceDefault},
Spec: apps.ReplicaSetSpec{
Replicas: 1,

39
pkg/apis/authorization/validation/validation_test.go
View File

@@ -40,13 +40,11 @@ func TestValidateSARSpec(t *testing.T) {
name string
obj authorizationapi.SubjectAccessReviewSpec
msg string
}{
{
}{{
name: "neither request",
obj: authorizationapi.SubjectAccessReviewSpec{User: "me"},
msg: "exactly one of nonResourceAttributes or resourceAttributes must be specified",
},
{
}, {
name: "both requests",
obj: authorizationapi.SubjectAccessReviewSpec{
ResourceAttributes: &authorizationapi.ResourceAttributes{},
@@ -54,15 +52,13 @@ func TestValidateSARSpec(t *testing.T) {
User: "me",
},
msg: "cannot be specified in combination with resourceAttributes",
},
{
}, {
name: "no subject",
obj: authorizationapi.SubjectAccessReviewSpec{
ResourceAttributes: &authorizationapi.ResourceAttributes{},
},
msg: `spec.user: Invalid value: "": at least one of user or group must be specified`,
},
}
}}
for _, c := range errorCases {
errs := ValidateSubjectAccessReviewSpec(c.obj, field.NewPath("spec"))
@@ -102,21 +98,18 @@ func TestValidateSelfSAR(t *testing.T) {
name string
obj authorizationapi.SelfSubjectAccessReviewSpec
msg string
}{
{
}{{
name: "neither request",
obj: authorizationapi.SelfSubjectAccessReviewSpec{},
msg: "exactly one of nonResourceAttributes or resourceAttributes must be specified",
},
{
}, {
name: "both requests",
obj: authorizationapi.SelfSubjectAccessReviewSpec{
ResourceAttributes: &authorizationapi.ResourceAttributes{},
NonResourceAttributes: &authorizationapi.NonResourceAttributes{},
},
msg: "cannot be specified in combination with resourceAttributes",
},
}
}}
for _, c := range errorCases {
errs := ValidateSelfSubjectAccessReviewSpec(c.obj, field.NewPath("spec"))
@@ -136,14 +129,12 @@ func TestValidateSelfSAR(t *testing.T) {
}
func TestValidateLocalSAR(t *testing.T) {
successCases := []authorizationapi.LocalSubjectAccessReview{
{
successCases := []authorizationapi.LocalSubjectAccessReview{{
Spec: authorizationapi.SubjectAccessReviewSpec{
ResourceAttributes: &authorizationapi.ResourceAttributes{},
User: "user",
},
},
}
}}
for _, successCase := range successCases {
if errs := ValidateLocalSubjectAccessReview(&successCase); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
@@ -154,8 +145,7 @@ func TestValidateLocalSAR(t *testing.T) {
name string
obj *authorizationapi.LocalSubjectAccessReview
msg string
}{
{
}{{
name: "name",
obj: &authorizationapi.LocalSubjectAccessReview{
ObjectMeta: metav1.ObjectMeta{Name: "a"},
@@ -165,8 +155,7 @@ func TestValidateLocalSAR(t *testing.T) {
},
},
msg: "must be empty except for namespace",
},
{
}, {
name: "namespace conflict",
obj: &authorizationapi.LocalSubjectAccessReview{
ObjectMeta: metav1.ObjectMeta{Namespace: "a"},
@@ -176,8 +165,7 @@ func TestValidateLocalSAR(t *testing.T) {
},
},
msg: "must match metadata.namespace",
},
{
}, {
name: "nonresource",
obj: &authorizationapi.LocalSubjectAccessReview{
ObjectMeta: metav1.ObjectMeta{Namespace: "a"},
@@ -187,8 +175,7 @@ func TestValidateLocalSAR(t *testing.T) {
},
},
msg: "disallowed on this kind of request",
},
}
}}
for _, c := range errorCases {
errs := ValidateLocalSubjectAccessReview(c.obj)

636
pkg/apis/autoscaling/validation/validation_test.go
View File

File diff suppressed because it is too large Load Diff

237
pkg/apis/batch/validation/validation_test.go
View File

@@ -112,49 +112,39 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionIgnore,
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{
{
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{{
Type: api.DisruptionTarget,
Status: api.ConditionTrue,
},
},
},
{
}},
}, {
Action: batch.PodFailurePolicyActionFailJob,
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{
{
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{{
Type: api.PodConditionType("CustomConditionType"),
Status: api.ConditionFalse,
},
},
},
{
}},
}, {
Action: batch.PodFailurePolicyActionCount,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
ContainerName: pointer.String("abc"),
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
Values: []int32{1, 2, 3},
},
},
{
}, {
Action: batch.PodFailurePolicyActionIgnore,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
ContainerName: pointer.String("def"),
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
Values: []int32{4},
},
},
{
}, {
Action: batch.PodFailurePolicyActionFailJob,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
Operator: batch.PodFailurePolicyOnExitCodesOpNotIn,
Values: []int32{5, 6, 7},
},
},
},
}},
},
},
},
@@ -314,11 +304,9 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionFailJob,
},
},
}},
},
},
},
@@ -331,15 +319,13 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionFailJob,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
Values: []int32{11, 11},
},
},
},
}},
},
},
},
@@ -352,8 +338,7 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionFailJob,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
@@ -365,8 +350,7 @@ func TestValidateJob(t *testing.T) {
return tooManyValues
}(),
},
},
},
}},
},
},
},
@@ -404,8 +388,7 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionFailJob,
OnPodConditions: func() []batch.PodFailurePolicyOnPodConditionsPattern {
tooManyPatterns := make([]batch.PodFailurePolicyOnPodConditionsPattern, maxPodFailurePolicyOnPodConditionsPatterns+1)
@@ -417,8 +400,7 @@ func TestValidateJob(t *testing.T) {
}
return tooManyPatterns
}(),
},
},
}},
},
},
},
@@ -431,15 +413,13 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionFailJob,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
Values: []int32{12, 13, 13, 13},
},
},
},
}},
},
},
},
@@ -452,15 +432,13 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionFailJob,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
Values: []int32{19, 11},
},
},
},
}},
},
},
},
@@ -473,15 +451,13 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionFailJob,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
Values: []int32{},
},
},
},
}},
},
},
},
@@ -494,15 +470,13 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: "",
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
Values: []int32{1, 2, 3},
},
},
},
}},
},
},
},
@@ -515,15 +489,13 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionFailJob,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
Operator: "",
Values: []int32{1, 2, 3},
},
},
},
}},
},
},
},
@@ -536,22 +508,18 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionFailJob,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
ContainerName: pointer.String("abc"),
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
Values: []int32{1, 2, 3},
},
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{
{
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{{
Type: api.DisruptionTarget,
Status: api.ConditionTrue,
},
},
},
},
}},
}},
},
},
},
@@ -564,15 +532,13 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionIgnore,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
Values: []int32{1, 0, 2},
},
},
},
}},
},
},
},
@@ -585,24 +551,21 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionIgnore,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
ContainerName: pointer.String("abc"),
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
Values: []int32{1, 2, 3},
},
},
{
}, {
Action: batch.PodFailurePolicyActionFailJob,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
ContainerName: pointer.String("xyz"),
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
Values: []int32{5, 6, 7},
},
},
},
}},
},
},
},
@@ -615,16 +578,14 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: "UnknownAction",
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
ContainerName: pointer.String("abc"),
Operator: batch.PodFailurePolicyOnExitCodesOpIn,
Values: []int32{1, 2, 3},
},
},
},
}},
},
},
},
@@ -637,15 +598,13 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionIgnore,
OnExitCodes: &batch.PodFailurePolicyOnExitCodesRequirement{
Operator: "UnknownOperator",
Values: []int32{1, 2, 3},
},
},
},
}},
},
},
},
@@ -658,16 +617,12 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionIgnore,
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{
{
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{{
Type: api.DisruptionTarget,
},
},
},
},
}},
}},
},
},
},
@@ -680,17 +635,13 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionIgnore,
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{
{
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{{
Type: api.DisruptionTarget,
Status: "UnknownStatus",
},
},
},
},
}},
}},
},
},
},
@@ -703,16 +654,12 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionIgnore,
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{
{
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{{
Status: api.ConditionTrue,
},
},
},
},
}},
}},
},
},
},
@@ -725,17 +672,13 @@ func TestValidateJob(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionIgnore,
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{
{
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{{
Type: api.PodConditionType("Invalid Condition Type"),
Status: api.ConditionTrue,
},
},
},
},
}},
}},
},
},
},
@@ -1116,17 +1059,13 @@ func TestValidateJobUpdate(t *testing.T) {
validNodeAffinity := &api.Affinity{
NodeAffinity: &api.NodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &api.NodeSelector{
NodeSelectorTerms: []api.NodeSelectorTerm{
{
MatchExpressions: []api.NodeSelectorRequirement{
{
NodeSelectorTerms: []api.NodeSelectorTerm{{
MatchExpressions: []api.NodeSelectorRequirement{{
Key: "foo",
Operator: api.NodeSelectorOpIn,
Values: []string{"bar", "value2"},
},
},
},
},
}},
}},
},
},
}
@@ -1134,17 +1073,13 @@ func TestValidateJobUpdate(t *testing.T) {
validPodTemplateWithAffinity.Spec.Affinity = &api.Affinity{
NodeAffinity: &api.NodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &api.NodeSelector{
NodeSelectorTerms: []api.NodeSelectorTerm{
{
MatchExpressions: []api.NodeSelectorRequirement{
{
NodeSelectorTerms: []api.NodeSelectorTerm{{
MatchExpressions: []api.NodeSelectorRequirement{{
Key: "foo",
Operator: api.NodeSelectorOpIn,
Values: []string{"bar", "value"},
},
},
},
},
}},
}},
},
},
}
@@ -1242,17 +1177,13 @@ func TestValidateJobUpdate(t *testing.T) {
},
update: func(job *batch.Job) {
job.Spec.PodFailurePolicy = &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionIgnore,
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{
{
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{{
Type: api.DisruptionTarget,
Status: api.ConditionTrue,
},
},
},
},
}},
}},
}
},
err: &field.Error{
@@ -1267,29 +1198,23 @@ func TestValidateJobUpdate(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionIgnore,
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{
{
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{{
Type: api.DisruptionTarget,
Status: api.ConditionTrue,
},
},
},
},
}},
}},
},
},
},
update: func(job *batch.Job) {
job.Spec.PodFailurePolicy.Rules = append(job.Spec.PodFailurePolicy.Rules, batch.PodFailurePolicyRule{
Action: batch.PodFailurePolicyActionCount,
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{
{
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{{
Type: api.DisruptionTarget,
Status: api.ConditionTrue,
},
},
}},
})
},
err: &field.Error{
@@ -1304,17 +1229,13 @@ func TestValidateJobUpdate(t *testing.T) {
Selector: validGeneratedSelector,
Template: validPodTemplateSpecForGeneratedRestartPolicyNever,
PodFailurePolicy: &batch.PodFailurePolicy{
Rules: []batch.PodFailurePolicyRule{
{
Rules: []batch.PodFailurePolicyRule{{
Action: batch.PodFailurePolicyActionIgnore,
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{
{
OnPodConditions: []batch.PodFailurePolicyOnPodConditionsPattern{{
Type: api.DisruptionTarget,
Status: api.ConditionTrue,
},
},
},
},
}},
}},
},
},
},

234
pkg/apis/certificates/validation/validation_test.go
View File

@@ -413,18 +413,15 @@ func Test_getValidationOptions(t *testing.T) {
newCSR *capi.CertificateSigningRequest
oldCSR *capi.CertificateSigningRequest
want certificateValidationOptions
}{
{
}{{
name: "strict create",
oldCSR: nil,
want: certificateValidationOptions{},
},
{
}, {
name: "strict update",
oldCSR: &capi.CertificateSigningRequest{},
want: certificateValidationOptions{},
},
{
}, {
name: "compatible update, approved+denied",
oldCSR: &capi.CertificateSigningRequest{Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateApproved}, {Type: capi.CertificateDenied}},
@@ -432,15 +429,13 @@ func Test_getValidationOptions(t *testing.T) {
want: certificateValidationOptions{
allowBothApprovedAndDenied: true,
},
},
{
}, {
name: "compatible update, legacy signerName",
oldCSR: &capi.CertificateSigningRequest{Spec: capi.CertificateSigningRequestSpec{SignerName: capi.LegacyUnknownSignerName}},
want: certificateValidationOptions{
allowLegacySignerName: true,
},
},
{
}, {
name: "compatible update, duplicate condition types",
oldCSR: &capi.CertificateSigningRequest{Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateApproved}, {Type: capi.CertificateApproved}},
@@ -448,8 +443,7 @@ func Test_getValidationOptions(t *testing.T) {
want: certificateValidationOptions{
allowDuplicateConditionTypes: true,
},
},
{
}, {
name: "compatible update, empty condition types",
oldCSR: &capi.CertificateSigningRequest{Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{}},
@@ -457,8 +451,7 @@ func Test_getValidationOptions(t *testing.T) {
want: certificateValidationOptions{
allowEmptyConditionType: true,
},
},
{
}, {
name: "compatible update, no diff to certificate",
newCSR: &capi.CertificateSigningRequest{Status: capi.CertificateSigningRequestStatus{
Certificate: validCertificate,
@@ -469,8 +462,7 @@ func Test_getValidationOptions(t *testing.T) {
want: certificateValidationOptions{
allowArbitraryCertificate: true,
},
},
{
}, {
name: "compatible update, existing invalid certificate",
newCSR: &capi.CertificateSigningRequest{Status: capi.CertificateSigningRequestStatus{
Certificate: []byte(`new - no PEM blocks`),
@@ -481,22 +473,19 @@ func Test_getValidationOptions(t *testing.T) {
want: certificateValidationOptions{
allowArbitraryCertificate: true,
},
},
{
}, {
name: "compatible update, existing unknown usages",
oldCSR: &capi.CertificateSigningRequest{Spec: capi.CertificateSigningRequestSpec{Usages: []capi.KeyUsage{"unknown"}}},
want: certificateValidationOptions{
allowUnknownUsages: true,
},
},
{
}, {
name: "compatible update, existing duplicate usages",
oldCSR: &capi.CertificateSigningRequest{Spec: capi.CertificateSigningRequestSpec{Usages: []capi.KeyUsage{"any", "any"}}},
want: certificateValidationOptions{
allowDuplicateUsages: true,
},
},
}
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := getValidationOptions(tt.newCSR, tt.oldCSR); !reflect.DeepEqual(got, tt.want) {
@@ -524,18 +513,15 @@ func TestValidateCertificateSigningRequestUpdate(t *testing.T) {
newCSR *capi.CertificateSigningRequest
oldCSR *capi.CertificateSigningRequest
errs []string
}{
{
}{{
name: "no-op",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
},
{
}, {
name: "finalizer change with invalid status",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{Certificate: invalidCertificateNoPEM}},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{Certificate: invalidCertificateNoPEM}},
},
{
}, {
name: "add Approved condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateApproved, Status: core.ConditionTrue}},
@@ -544,8 +530,7 @@ func TestValidateCertificateSigningRequestUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not add a condition of type "Approved"`,
},
},
{
}, {
name: "remove Approved condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
@@ -554,8 +539,7 @@ func TestValidateCertificateSigningRequestUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not remove a condition of type "Approved"`,
},
},
{
}, {
name: "add Denied condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateDenied, Status: core.ConditionTrue}},
@@ -564,8 +548,7 @@ func TestValidateCertificateSigningRequestUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not add a condition of type "Denied"`,
},
},
{
}, {
name: "remove Denied condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
@@ -574,16 +557,14 @@ func TestValidateCertificateSigningRequestUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not remove a condition of type "Denied"`,
},
},
{
}, {
name: "add Failed condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateFailed, Status: core.ConditionTrue}},
}},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec},
errs: []string{},
},
{
}, {
name: "remove Failed condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
@@ -592,8 +573,7 @@ func TestValidateCertificateSigningRequestUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not remove a condition of type "Failed"`,
},
},
{
}, {
name: "set certificate",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Certificate: validCertificate,
@@ -602,8 +582,7 @@ func TestValidateCertificateSigningRequestUpdate(t *testing.T) {
errs: []string{
`status.certificate: Forbidden: updates may not set certificate content`,
},
},
}
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
@@ -640,18 +619,15 @@ func TestValidateCertificateSigningRequestStatusUpdate(t *testing.T) {
newCSR *capi.CertificateSigningRequest
oldCSR *capi.CertificateSigningRequest
errs []string
}{
{
}{{
name: "no-op",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
},
{
}, {
name: "finalizer change with invalid status",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{Certificate: invalidCertificateNoPEM}},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{Certificate: invalidCertificateNoPEM}},
},
{
}, {
name: "finalizer change with duplicate and unknown usages",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: capi.CertificateSigningRequestSpec{
Usages: []capi.KeyUsage{"unknown", "unknown"},
@@ -663,8 +639,7 @@ func TestValidateCertificateSigningRequestStatusUpdate(t *testing.T) {
Request: newCSRPEM(t),
SignerName: validSignerName,
}},
},
{
}, {
name: "add Approved condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateApproved, Status: core.ConditionTrue}},
@@ -673,8 +648,7 @@ func TestValidateCertificateSigningRequestStatusUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not add a condition of type "Approved"`,
},
},
{
}, {
name: "remove Approved condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
@@ -683,8 +657,7 @@ func TestValidateCertificateSigningRequestStatusUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not remove a condition of type "Approved"`,
},
},
{
}, {
name: "add Denied condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateDenied, Status: core.ConditionTrue}},
@@ -693,8 +666,7 @@ func TestValidateCertificateSigningRequestStatusUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not add a condition of type "Denied"`,
},
},
{
}, {
name: "remove Denied condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
@@ -703,16 +675,14 @@ func TestValidateCertificateSigningRequestStatusUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not remove a condition of type "Denied"`,
},
},
{
}, {
name: "add Failed condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateFailed, Status: core.ConditionTrue}},
}},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec},
errs: []string{},
},
{
}, {
name: "remove Failed condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
@@ -721,16 +691,14 @@ func TestValidateCertificateSigningRequestStatusUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not remove a condition of type "Failed"`,
},
},
{
}, {
name: "set valid certificate",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Certificate: validCertificate,
}},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec},
errs: []string{},
},
{
}, {
name: "set invalid certificate",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Certificate: invalidCertificateNoPEM,
@@ -739,8 +707,7 @@ func TestValidateCertificateSigningRequestStatusUpdate(t *testing.T) {
errs: []string{
`status.certificate: Invalid value: "<certificate data>": must contain at least one CERTIFICATE PEM block`,
},
},
{
}, {
name: "reset certificate",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Certificate: invalidCertificateNonCertificatePEM,
@@ -751,8 +718,7 @@ func TestValidateCertificateSigningRequestStatusUpdate(t *testing.T) {
errs: []string{
`status.certificate: Forbidden: updates may not modify existing certificate content`,
},
},
}
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
@@ -789,25 +755,21 @@ func TestValidateCertificateSigningRequestApprovalUpdate(t *testing.T) {
newCSR *capi.CertificateSigningRequest
oldCSR *capi.CertificateSigningRequest
errs []string
}{
{
}{{
name: "no-op",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
},
{
}, {
name: "finalizer change with invalid certificate",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{Certificate: invalidCertificateNoPEM}},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{Certificate: invalidCertificateNoPEM}},
},
{
}, {
name: "add Approved condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateApproved, Status: core.ConditionTrue}},
}},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec},
},
{
}, {
name: "remove Approved condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
@@ -816,15 +778,13 @@ func TestValidateCertificateSigningRequestApprovalUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not remove a condition of type "Approved"`,
},
},
{
}, {
name: "add Denied condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateDenied, Status: core.ConditionTrue}},
}},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec},
},
{
}, {
name: "remove Denied condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
@@ -833,16 +793,14 @@ func TestValidateCertificateSigningRequestApprovalUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not remove a condition of type "Denied"`,
},
},
{
}, {
name: "add Failed condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateFailed, Status: core.ConditionTrue}},
}},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec},
errs: []string{},
},
{
}, {
name: "remove Failed condition",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec},
oldCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMetaWithFinalizers, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
@@ -851,8 +809,7 @@ func TestValidateCertificateSigningRequestApprovalUpdate(t *testing.T) {
errs: []string{
`status.conditions: Forbidden: updates may not remove a condition of type "Failed"`,
},
},
{
}, {
name: "set certificate",
newCSR: &capi.CertificateSigningRequest{ObjectMeta: validUpdateMeta, Spec: validSpec, Status: capi.CertificateSigningRequestStatus{
Certificate: validCertificate,
@@ -861,8 +818,7 @@ func TestValidateCertificateSigningRequestApprovalUpdate(t *testing.T) {
errs: []string{
`status.certificate: Forbidden: updates may not set certificate content`,
},
},
}
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
@@ -909,32 +865,28 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
{
name: "no status",
csr: &capi.CertificateSigningRequest{ObjectMeta: validObjectMeta, Spec: validSpec},
},
{
}, {
name: "approved condition",
csr: &capi.CertificateSigningRequest{ObjectMeta: validObjectMeta, Spec: validSpec,
Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateApproved, Status: core.ConditionTrue}},
},
},
},
{
}, {
name: "denied condition",
csr: &capi.CertificateSigningRequest{ObjectMeta: validObjectMeta, Spec: validSpec,
Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateDenied, Status: core.ConditionTrue}},
},
},
},
{
}, {
name: "failed condition",
csr: &capi.CertificateSigningRequest{ObjectMeta: validObjectMeta, Spec: validSpec,
Status: capi.CertificateSigningRequestStatus{
Conditions: []capi.CertificateSigningRequestCondition{{Type: capi.CertificateFailed, Status: core.ConditionTrue}},
},
},
},
{
}, {
name: "approved+issued",
csr: &capi.CertificateSigningRequest{ObjectMeta: validObjectMeta, Spec: validSpec,
Status: capi.CertificateSigningRequestStatus{
@@ -969,8 +921,7 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
},
lenientOpts: certificateValidationOptions{allowEmptyConditionType: true},
strictErrs: []string{`status.conditions[0].type: Required value`},
},
{
}, {
name: "approved and denied",
csr: &capi.CertificateSigningRequest{ObjectMeta: validObjectMeta, Spec: validSpec,
Status: capi.CertificateSigningRequestStatus{
@@ -979,8 +930,7 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
},
lenientOpts: certificateValidationOptions{allowBothApprovedAndDenied: true},
strictErrs: []string{`status.conditions[1].type: Invalid value: "Denied": Approved and Denied conditions are mutually exclusive`},
},
{
}, {
name: "duplicate condition",
csr: &capi.CertificateSigningRequest{ObjectMeta: validObjectMeta, Spec: validSpec,
Status: capi.CertificateSigningRequestStatus{
@@ -1002,8 +952,7 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
},
lenientOpts: certificateValidationOptions{allowArbitraryCertificate: true},
strictErrs: []string{`status.certificate: Invalid value: "<certificate data>": must contain at least one CERTIFICATE PEM block`},
},
{
}, {
name: "status.certificate, non-CERTIFICATE PEM",
csr: &capi.CertificateSigningRequest{ObjectMeta: validObjectMeta, Spec: validSpec,
Status: capi.CertificateSigningRequestStatus{
@@ -1013,8 +962,7 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
},
lenientOpts: certificateValidationOptions{allowArbitraryCertificate: true},
strictErrs: []string{`status.certificate: Invalid value: "<certificate data>": only CERTIFICATE PEM blocks are allowed, found "CERTIFICATE1"`},
},
{
}, {
name: "status.certificate, PEM headers",
csr: &capi.CertificateSigningRequest{ObjectMeta: validObjectMeta, Spec: validSpec,
Status: capi.CertificateSigningRequestStatus{
@@ -1024,8 +972,7 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
},
lenientOpts: certificateValidationOptions{allowArbitraryCertificate: true},
strictErrs: []string{`status.certificate: Invalid value: "<certificate data>": no PEM block headers are permitted`},
},
{
}, {
name: "status.certificate, non-base64 PEM",
csr: &capi.CertificateSigningRequest{ObjectMeta: validObjectMeta, Spec: validSpec,
Status: capi.CertificateSigningRequestStatus{
@@ -1035,8 +982,7 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
},
lenientOpts: certificateValidationOptions{allowArbitraryCertificate: true},
strictErrs: []string{`status.certificate: Invalid value: "<certificate data>": must contain at least one CERTIFICATE PEM block`},
},
{
}, {
name: "status.certificate, empty PEM block",
csr: &capi.CertificateSigningRequest{ObjectMeta: validObjectMeta, Spec: validSpec,
Status: capi.CertificateSigningRequestStatus{
@@ -1046,8 +992,7 @@ func Test_validateCertificateSigningRequestOptions(t *testing.T) {
},
lenientOpts: certificateValidationOptions{allowArbitraryCertificate: true},
strictErrs: []string{`status.certificate: Invalid value: "<certificate data>": found CERTIFICATE PEM block containing 0 certificates`},
},
{
}, {
name: "status.certificate, non-ASN1 data",
csr: &capi.CertificateSigningRequest{ObjectMeta: validObjectMeta, Spec: validSpec,
Status: capi.CertificateSigningRequestStatus{
@@ -1164,8 +1109,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
bundle *capi.ClusterTrustBundle
opts ValidateClusterTrustBundleOptions
wantErrors field.ErrorList
}{
{
}{{
description: "valid, no signer name",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1175,8 +1119,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
TrustBundle: goodCert1Block,
},
},
},
{
}, {
description: "invalid, no signer name, invalid name",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1189,8 +1132,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("metadata", "name"), "k8s.io:bar:foo", "ClusterTrustBundle without signer name must not have \":\" in its name"),
},
},
{
}, {
description: "valid, with signer name",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1201,8 +1143,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
TrustBundle: goodCert1Block,
},
},
},
{
}, {
description: "invalid, with signer name, missing name prefix",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1216,8 +1157,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("metadata", "name"), "look-ma-no-prefix", "ClusterTrustBundle for signerName k8s.io/foo must be named with prefix k8s.io:foo:"),
},
},
{
}, {
description: "invalid, with signer name, empty name suffix",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1231,8 +1171,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("metadata", "name"), "k8s.io:foo:", `a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')`),
},
},
{
}, {
description: "invalid, with signer name, bad name suffix",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1246,8 +1185,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("metadata", "name"), "k8s.io:foo:123notvalidDNSSubdomain", `a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')`),
},
},
{
}, {
description: "valid, with signer name, with inter-block garbage",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1258,8 +1196,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
TrustBundle: "garbage\n" + goodCert1Block + "\ngarbage\n" + goodCert2Block,
},
},
},
{
}, {
description: "invalid, no signer name, no trust anchors",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1270,8 +1207,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("spec", "trustBundle"), "<value omitted>", "at least one trust anchor must be provided"),
},
},
{
}, {
description: "invalid, no trust anchors",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1284,8 +1220,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("spec", "trustBundle"), "<value omitted>", "at least one trust anchor must be provided"),
},
},
{
}, {
description: "invalid, bad signer name",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1299,8 +1234,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("spec", "signerName"), "invalid", "must be a fully qualified domain and path of the form 'example.com/signer-name'"),
},
},
{
}, {
description: "invalid, no blocks",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1313,8 +1247,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("spec", "trustBundle"), "<value omitted>", "at least one trust anchor must be provided"),
},
},
{
}, {
description: "invalid, bad block type",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1327,8 +1260,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("spec", "trustBundle"), "<value omitted>", "entry 1 has bad block type: NOTACERTIFICATE"),
},
},
{
}, {
description: "invalid, block with headers",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1341,8 +1273,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("spec", "trustBundle"), "<value omitted>", "entry 1 has PEM block headers"),
},
},
{
}, {
description: "invalid, cert is not a CA cert",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1355,8 +1286,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("spec", "trustBundle"), "<value omitted>", "entry 0 does not have the CA bit set"),
},
},
{
}, {
description: "invalid, duplicated blocks",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1369,8 +1299,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("spec", "trustBundle"), "<value omitted>", "duplicate trust anchor (indices [0 1])"),
},
},
{
}, {
description: "invalid, non-certificate entry",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1383,8 +1312,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("spec", "trustBundle"), "<value omitted>", "entry 1 does not parse as X.509"),
},
},
{
}, {
description: "allow any old garbage in the PEM field if we suppress parsing",
bundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1397,8 +1325,7 @@ func TestValidateClusterTrustBundle(t *testing.T) {
opts: ValidateClusterTrustBundleOptions{
SuppressBundleParsing: true,
},
},
}
}}
for _, tc := range testCases {
t.Run(tc.description, func(t *testing.T) {
gotErrors := ValidateClusterTrustBundle(tc.bundle, tc.opts)
@@ -1454,8 +1381,7 @@ func TestValidateClusterTrustBundleUpdate(t *testing.T) {
description string
oldBundle, newBundle *capi.ClusterTrustBundle
wantErrors field.ErrorList
}{
{
}{{
description: "changing signer name disallowed",
oldBundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1479,8 +1405,7 @@ func TestValidateClusterTrustBundleUpdate(t *testing.T) {
field.Invalid(field.NewPath("metadata", "name"), "k8s.io:foo:bar", "ClusterTrustBundle for signerName k8s.io/bar must be named with prefix k8s.io:bar:"),
field.Invalid(field.NewPath("spec", "signerName"), "k8s.io/bar", "field is immutable"),
},
},
{
}, {
description: "adding certificate allowed",
oldBundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1500,8 +1425,7 @@ func TestValidateClusterTrustBundleUpdate(t *testing.T) {
TrustBundle: goodCert1Block + "\n" + goodCert2Block,
},
},
},
{
}, {
description: "emptying trustBundle disallowed",
oldBundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1524,8 +1448,7 @@ func TestValidateClusterTrustBundleUpdate(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("spec", "trustBundle"), "<value omitted>", "at least one trust anchor must be provided"),
},
},
{
}, {
description: "emptying trustBundle (replace with non-block garbage) disallowed",
oldBundle: &capi.ClusterTrustBundle{
ObjectMeta: metav1.ObjectMeta{
@@ -1548,8 +1471,7 @@ func TestValidateClusterTrustBundleUpdate(t *testing.T) {
wantErrors: field.ErrorList{
field.Invalid(field.NewPath("spec", "trustBundle"), "<value omitted>", "at least one trust anchor must be provided"),
},
},
}
}}
for _, tc := range testCases {
t.Run(tc.description, func(t *testing.T) {

192
pkg/apis/core/v1/validation/validation_test.go
View File

@@ -31,8 +31,7 @@ func TestValidateResourceRequirements(t *testing.T) {
successCase := []struct {
name string
requirements v1.ResourceRequirements
}{
{
}{{
name: "Resources with Requests equal to Limits",
requirements: v1.ResourceRequirements{
Requests: v1.ResourceList{
@@ -44,8 +43,7 @@ func TestValidateResourceRequirements(t *testing.T) {
v1.ResourceName(v1.ResourceMemory): resource.MustParse("10G"),
},
},
},
{
}, {
name: "Resources with only Limits",
requirements: v1.ResourceRequirements{
Limits: v1.ResourceList{
@@ -54,8 +52,7 @@ func TestValidateResourceRequirements(t *testing.T) {
v1.ResourceName("my.org/resource"): resource.MustParse("10"),
},
},
},
{
}, {
name: "Resources with only Requests",
requirements: v1.ResourceRequirements{
Requests: v1.ResourceList{
@@ -64,8 +61,7 @@ func TestValidateResourceRequirements(t *testing.T) {
v1.ResourceName("my.org/resource"): resource.MustParse("10"),
},
},
},
{
}, {
name: "Resources with Requests Less Than Limits",
requirements: v1.ResourceRequirements{
Requests: v1.ResourceList{
@@ -79,8 +75,7 @@ func TestValidateResourceRequirements(t *testing.T) {
v1.ResourceName("my.org/resource"): resource.MustParse("9"),
},
},
},
}
}}
for _, tc := range successCase {
t.Run(tc.name, func(t *testing.T) {
if errs := ValidateResourceRequirements(&tc.requirements, field.NewPath("resources")); len(errs) != 0 {
@@ -94,8 +89,7 @@ func TestValidateResourceRequirements(t *testing.T) {
requirements v1.ResourceRequirements
skipLimitValueCheck bool
skipRequestValueCheck bool
}{
{
}{{
name: "Resources with Requests Larger Than Limits",
requirements: v1.ResourceRequirements{
Requests: v1.ResourceList{
@@ -109,8 +103,7 @@ func TestValidateResourceRequirements(t *testing.T) {
v1.ResourceName("my.org/resource"): resource.MustParse("9m"),
},
},
},
{
}, {
name: "Invalid Resources with Requests",
requirements: v1.ResourceRequirements{
Requests: v1.ResourceList{
@@ -118,8 +111,7 @@ func TestValidateResourceRequirements(t *testing.T) {
},
},
skipRequestValueCheck: true,
},
{
}, {
name: "Invalid Resources with Limits",
requirements: v1.ResourceRequirements{
Limits: v1.ResourceList{
@@ -127,8 +119,7 @@ func TestValidateResourceRequirements(t *testing.T) {
},
},
skipLimitValueCheck: true,
},
}
}}
for _, tc := range errorCase {
t.Run(tc.name, func(t *testing.T) {
errs := ValidateResourceRequirements(&tc.requirements, field.NewPath("resources"))
@@ -168,28 +159,22 @@ func TestValidateContainerResourceName(t *testing.T) {
successCase := []struct {
name string
ResourceName string
}{
{
}{{
name: "CPU resource",
ResourceName: "cpu",
},
{
}, {
name: "Memory resource",
ResourceName: "memory",
},
{
}, {
name: "Hugepages resource",
ResourceName: "hugepages-2Mi",
},
{
}, {
name: "Namespaced resource",
ResourceName: "kubernetes.io/resource-foo",
},
{
}, {
name: "Extended Resource",
ResourceName: "my.org/resource-bar",
},
}
}}
for _, tc := range successCase {
t.Run(tc.name, func(t *testing.T) {
if errs := ValidateContainerResourceName(tc.ResourceName, field.NewPath(tc.ResourceName)); len(errs) != 0 {
@@ -201,20 +186,16 @@ func TestValidateContainerResourceName(t *testing.T) {
errorCase := []struct {
name string
ResourceName string
}{
{
}{{
name: "Invalid standard resource",
ResourceName: "cpu-core",
},
{
}, {
name: "Invalid namespaced resource",
ResourceName: "kubernetes.io/",
},
{
}, {
name: "Invalid extended resource",
ResourceName: "my.org-foo-resource",
},
}
}}
for _, tc := range errorCase {
t.Run(tc.name, func(t *testing.T) {
if errs := ValidateContainerResourceName(tc.ResourceName, field.NewPath(tc.ResourceName)); len(errs) == 0 {
@@ -239,45 +220,38 @@ func TestValidatePodLogOptions(t *testing.T) {
successCase := []struct {
name string
podLogOptions v1.PodLogOptions
}{
{
}{{
name: "Empty PodLogOptions",
podLogOptions: v1.PodLogOptions{},
},
{
}, {
name: "PodLogOptions with TailLines",
podLogOptions: v1.PodLogOptions{
TailLines: &positiveLine,
},
},
{
}, {
name: "PodLogOptions with LimitBytes",
podLogOptions: v1.PodLogOptions{
LimitBytes: &limitBytesGreaterThan1,
},
},
{
}, {
name: "PodLogOptions with only sinceSeconds",
podLogOptions: v1.PodLogOptions{
SinceSeconds: &sinceSecondsGreaterThan1,
},
},
{
}, {
name: "PodLogOptions with LimitBytes with TailLines",
podLogOptions: v1.PodLogOptions{
LimitBytes: &limitBytesGreaterThan1,
TailLines: &positiveLine,
},
},
{
}, {
name: "PodLogOptions with LimitBytes with TailLines with SinceSeconds",
podLogOptions: v1.PodLogOptions{
LimitBytes: &limitBytesGreaterThan1,
TailLines: &positiveLine,
SinceSeconds: &sinceSecondsGreaterThan1,
},
},
}
}}
for _, tc := range successCase {
t.Run(tc.name, func(t *testing.T) {
if errs := ValidatePodLogOptions(&tc.podLogOptions); len(errs) != 0 {
@@ -289,24 +263,21 @@ func TestValidatePodLogOptions(t *testing.T) {
errorCase := []struct {
name string
podLogOptions v1.PodLogOptions
}{
{
}{{
name: "Invalid podLogOptions with Negative TailLines",
podLogOptions: v1.PodLogOptions{
TailLines: &negativeLine,
LimitBytes: &limitBytesGreaterThan1,
SinceSeconds: &sinceSecondsGreaterThan1,
},
},
{
}, {
name: "Invalid podLogOptions with zero or negative LimitBytes",
podLogOptions: v1.PodLogOptions{
TailLines: &positiveLine,
LimitBytes: &limitBytesLessThan1,
SinceSeconds: &sinceSecondsGreaterThan1,
},
},
{
}, {
name: "Invalid podLogOptions with zero or negative SinceSeconds",
podLogOptions: v1.PodLogOptions{
TailLines: &negativeLine,
@@ -321,8 +292,7 @@ func TestValidatePodLogOptions(t *testing.T) {
SinceSeconds: &sinceSecondsGreaterThan1,
SinceTime: &timestamp,
},
},
}
}}
for _, tc := range errorCase {
t.Run(tc.name, func(t *testing.T) {
if errs := ValidatePodLogOptions(&tc.podLogOptions); len(errs) == 0 {
@@ -338,54 +308,37 @@ func TestAccumulateUniqueHostPorts(t *testing.T) {
containers []v1.Container
accumulator *sets.String
fldPath *field.Path
}{
{
}{{
name: "HostPort is not allocated while containers use the same port with different protocol",
containers: []v1.Container{
{
Ports: []v1.ContainerPort{
{
containers: []v1.Container{{
Ports: []v1.ContainerPort{{
HostPort: 8080,
Protocol: v1.ProtocolUDP,
},
},
},
{
Ports: []v1.ContainerPort{
{
}},
}, {
Ports: []v1.ContainerPort{{
HostPort: 8080,
Protocol: v1.ProtocolTCP,
},
},
},
},
}},
}},
accumulator: &sets.String{},
fldPath: field.NewPath("spec", "containers"),
},
{
}, {
name: "HostPort is not allocated while containers use different ports",
containers: []v1.Container{
{
Ports: []v1.ContainerPort{
{
containers: []v1.Container{{
Ports: []v1.ContainerPort{{
HostPort: 8080,
Protocol: v1.ProtocolUDP,
},
},
},
{
Ports: []v1.ContainerPort{
{
}},
}, {
Ports: []v1.ContainerPort{{
HostPort: 8081,
Protocol: v1.ProtocolUDP,
},
},
},
},
}},
}},
accumulator: &sets.String{},
fldPath: field.NewPath("spec", "containers"),
},
}
}}
for _, tc := range successCase {
t.Run(tc.name, func(t *testing.T) {
if errs := AccumulateUniqueHostPorts(tc.containers, tc.accumulator, tc.fldPath); len(errs) != 0 {
@@ -398,54 +351,37 @@ func TestAccumulateUniqueHostPorts(t *testing.T) {
containers []v1.Container
accumulator *sets.String
fldPath *field.Path
}{
{
}{{
name: "HostPort is already allocated while containers use the same port with UDP",
containers: []v1.Container{
{
Ports: []v1.ContainerPort{
{
containers: []v1.Container{{
Ports: []v1.ContainerPort{{
HostPort: 8080,
Protocol: v1.ProtocolUDP,
},
},
},
{
Ports: []v1.ContainerPort{
{
}},
}, {
Ports: []v1.ContainerPort{{
HostPort: 8080,
Protocol: v1.ProtocolUDP,
},
},
},
},
}},
}},
accumulator: &sets.String{},
fldPath: field.NewPath("spec", "containers"),
},
{
}, {
name: "HostPort is already allocated",
containers: []v1.Container{
{
Ports: []v1.ContainerPort{
{
containers: []v1.Container{{
Ports: []v1.ContainerPort{{
HostPort: 8080,
Protocol: v1.ProtocolUDP,
},
},
},
{
Ports: []v1.ContainerPort{
{
}},
}, {
Ports: []v1.ContainerPort{{
HostPort: 8081,
Protocol: v1.ProtocolUDP,
},
},
},
},
}},
}},
accumulator: &sets.String{"8080/UDP": sets.Empty{}},
fldPath: field.NewPath("spec", "containers"),
},
}
}}
for _, tc := range errorCase {
t.Run(tc.name, func(t *testing.T) {
if errs := AccumulateUniqueHostPorts(tc.containers, tc.accumulator, tc.fldPath); len(errs) == 0 {

5067
pkg/apis/core/validation/validation_test.go
View File

File diff suppressed because it is too large Load Diff

735
pkg/apis/flowcontrol/validation/validation_test.go
View File

File diff suppressed because it is too large Load Diff

174
pkg/apis/networking/validation/validation_test.go
View File

@@ -477,22 +477,18 @@ func TestValidateIngress(t *testing.T) {
},
Spec: networking.IngressSpec{
DefaultBackend: &defaultBackend,
Rules: []networking.IngressRule{
{
Rules: []networking.IngressRule{{
Host: "foo.bar.com",
IngressRuleValue: networking.IngressRuleValue{
HTTP: &networking.HTTPIngressRuleValue{
Paths: []networking.HTTPIngressPath{
{
Paths: []networking.HTTPIngressPath{{
Path: "/foo",
PathType: &pathTypeImplementationSpecific,
Backend: defaultBackend,
}},
},
},
},
},
},
},
}},
},
Status: networking.IngressStatus{
LoadBalancer: networking.IngressLoadBalancerStatus{
@@ -595,8 +591,7 @@ func TestValidateIngress(t *testing.T) {
tweakIngress: func(ing *networking.Ingress) {
ing.Spec.Rules[0].IngressRuleValue = networking.IngressRuleValue{
HTTP: &networking.HTTPIngressRuleValue{
Paths: []networking.HTTPIngressPath{
{
Paths: []networking.HTTPIngressPath{{
Path: "/foo",
PathType: &pathTypeImplementationSpecific,
Backend: networking.IngressBackend{
@@ -607,8 +602,7 @@ func TestValidateIngress(t *testing.T) {
Name: "bar",
},
},
},
},
}},
},
}
},
@@ -620,8 +614,7 @@ func TestValidateIngress(t *testing.T) {
tweakIngress: func(ing *networking.Ingress) {
ing.Spec.Rules[0].IngressRuleValue = networking.IngressRuleValue{
HTTP: &networking.HTTPIngressRuleValue{
Paths: []networking.HTTPIngressPath{
{
Paths: []networking.HTTPIngressPath{{
Path: "/foo",
PathType: &pathTypeImplementationSpecific,
Backend: networking.IngressBackend{
@@ -632,8 +625,7 @@ func TestValidateIngress(t *testing.T) {
Name: "bar",
},
},
},
},
}},
},
}
},
@@ -790,15 +782,13 @@ func TestValidateIngressRuleValue(t *testing.T) {
t.Run(name, func(t *testing.T) {
irv := &networking.IngressRuleValue{
HTTP: &networking.HTTPIngressRuleValue{
Paths: []networking.HTTPIngressPath{
{
Paths: []networking.HTTPIngressPath{{
Path: testCase.path,
PathType: &testCase.pathType,
Backend: networking.IngressBackend{
Service: &serviceBackend,
},
},
},
}},
},
}
errs := validateIngressRuleValue(irv, field.NewPath("testing"), IngressValidationOptions{})
@@ -1638,22 +1628,18 @@ func TestValidateIngressTLS(t *testing.T) {
},
Spec: networking.IngressSpec{
DefaultBackend: &defaultBackend,
Rules: []networking.IngressRule{
{
Rules: []networking.IngressRule{{
Host: "foo.bar.com",
IngressRuleValue: networking.IngressRuleValue{
HTTP: &networking.HTTPIngressRuleValue{
Paths: []networking.HTTPIngressPath{
{
Paths: []networking.HTTPIngressPath{{
Path: "/foo",
PathType: &pathTypeImplementationSpecific,
Backend: defaultBackend,
}},
},
},
},
},
},
},
}},
},
Status: networking.IngressStatus{
LoadBalancer: networking.IngressLoadBalancerStatus{
@@ -1670,11 +1656,9 @@ func TestValidateIngressTLS(t *testing.T) {
wildcardHost := "foo.*.bar.com"
badWildcardTLS := newValid()
badWildcardTLS.Spec.Rules[0].Host = "*.foo.bar.com"
badWildcardTLS.Spec.TLS = []networking.IngressTLS{
{
badWildcardTLS.Spec.TLS = []networking.IngressTLS{{
Hosts: []string{wildcardHost},
},
}
}}
badWildcardTLSErr := fmt.Sprintf("spec.tls[0].hosts[0]: Invalid value: '%v'", wildcardHost)
errorCases[badWildcardTLSErr] = badWildcardTLS
@@ -1696,11 +1680,9 @@ func TestValidateIngressTLS(t *testing.T) {
wildHost := "*.bar.com"
goodWildcardTLS := newValid()
goodWildcardTLS.Spec.Rules[0].Host = "*.bar.com"
goodWildcardTLS.Spec.TLS = []networking.IngressTLS{
{
goodWildcardTLS.Spec.TLS = []networking.IngressTLS{{
Hosts: []string{wildHost},
},
}
}}
validCases[fmt.Sprintf("spec.tls[0].hosts: Valid value: '%v'", wildHost)] = goodWildcardTLS
for k, v := range validCases {
errs := validateIngress(&v, IngressValidationOptions{})
@@ -1731,21 +1713,17 @@ func TestValidateEmptyIngressTLS(t *testing.T) {
Namespace: metav1.NamespaceDefault,
},
Spec: networking.IngressSpec{
Rules: []networking.IngressRule{
{
Rules: []networking.IngressRule{{
Host: "foo.bar.com",
IngressRuleValue: networking.IngressRuleValue{
HTTP: &networking.HTTPIngressRuleValue{
Paths: []networking.HTTPIngressPath{
{
Paths: []networking.HTTPIngressPath{{
PathType: &pathTypeImplementationSpecific,
Backend: defaultBackend,
}},
},
},
},
},
},
},
}},
},
}
}
@@ -1757,11 +1735,9 @@ func TestValidateEmptyIngressTLS(t *testing.T) {
}
validCases[fmt.Sprintf("spec.tls[0]: Valid value: %v", goodEmptyTLS.Spec.TLS[0])] = goodEmptyTLS
goodEmptyHosts := newValid()
goodEmptyHosts.Spec.TLS = []networking.IngressTLS{
{
goodEmptyHosts.Spec.TLS = []networking.IngressTLS{{
Hosts: []string{},
},
}
}}
validCases[fmt.Sprintf("spec.tls[0]: Valid value: %v", goodEmptyHosts.Spec.TLS[0])] = goodEmptyHosts
for k, v := range validCases {
errs := validateIngress(&v, IngressValidationOptions{})
@@ -1791,21 +1767,17 @@ func TestValidateIngressStatusUpdate(t *testing.T) {
},
Spec: networking.IngressSpec{
DefaultBackend: &defaultBackend,
Rules: []networking.IngressRule{
{
Rules: []networking.IngressRule{{
Host: "foo.bar.com",
IngressRuleValue: networking.IngressRuleValue{
HTTP: &networking.HTTPIngressRuleValue{
Paths: []networking.HTTPIngressPath{
{
Paths: []networking.HTTPIngressPath{{
Path: "/foo",
Backend: defaultBackend,
}},
},
},
},
},
},
},
}},
},
Status: networking.IngressStatus{
LoadBalancer: networking.IngressLoadBalancerStatus{
@@ -1867,17 +1839,13 @@ func TestValidateIngressStatusUpdate(t *testing.T) {
func makeNodeSelector(key string, op api.NodeSelectorOperator, values []string) *api.NodeSelector {
return &api.NodeSelector{
NodeSelectorTerms: []api.NodeSelectorTerm{
{
MatchExpressions: []api.NodeSelectorRequirement{
{
NodeSelectorTerms: []api.NodeSelectorTerm{{
MatchExpressions: []api.NodeSelectorRequirement{{
Key: key,
Operator: op,
Values: values,
},
},
},
},
}},
}},
}
}
@@ -1901,48 +1869,39 @@ func TestValidateClusterCIDR(t *testing.T) {
name string
cc *networking.ClusterCIDR
expectErr bool
}{
{
}{{
name: "valid SingleStack IPv4 ClusterCIDR",
cc: makeClusterCIDR(8, "10.1.0.0/16", "", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: false,
},
{
}, {
name: "valid SingleStack IPv4 ClusterCIDR, perNodeHostBits = maxPerNodeHostBits",
cc: makeClusterCIDR(16, "10.1.0.0/16", "", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: false,
},
{
}, {
name: "valid SingleStack IPv4 ClusterCIDR, perNodeHostBits > minPerNodeHostBits",
cc: makeClusterCIDR(4, "10.1.0.0/16", "", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: false,
},
{
}, {
name: "valid SingleStack IPv6 ClusterCIDR",
cc: makeClusterCIDR(8, "", "fd00:1:1::/64", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: false,
},
{
}, {
name: "valid SingleStack IPv6 ClusterCIDR, perNodeHostBits = maxPerNodeHostBit",
cc: makeClusterCIDR(64, "", "fd00:1:1::/64", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: false,
},
{
}, {
name: "valid SingleStack IPv6 ClusterCIDR, perNodeHostBits > minPerNodeHostBit",
cc: makeClusterCIDR(4, "", "fd00:1:1::/64", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: false,
},
{
}, {
name: "valid SingleStack IPv6 ClusterCIDR perNodeHostBits=100",
cc: makeClusterCIDR(100, "", "fd00:1:1::/16", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: false,
},
{
}, {
name: "valid DualStack ClusterCIDR",
cc: makeClusterCIDR(8, "10.1.0.0/16", "fd00:1:1::/64", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: false,
},
{
}, {
name: "valid DualStack ClusterCIDR, no NodeSelector",
cc: makeClusterCIDR(8, "10.1.0.0/16", "fd00:1:1::/64", nil),
expectErr: false,
@@ -1952,8 +1911,7 @@ func TestValidateClusterCIDR(t *testing.T) {
name: "invalid ClusterCIDR, no IPv4 or IPv6 CIDR",
cc: makeClusterCIDR(8, "", "", nil),
expectErr: true,
},
{
}, {
name: "invalid ClusterCIDR, invalid nodeSelector",
cc: makeClusterCIDR(8, "10.1.0.0/16", "fd00:1:1::/64", makeNodeSelector("NoUppercaseOrSpecialCharsLike=Equals", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
@@ -1963,13 +1921,11 @@ func TestValidateClusterCIDR(t *testing.T) {
name: "invalid SingleStack IPv4 ClusterCIDR, invalid spec.IPv4",
cc: makeClusterCIDR(8, "test", "", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
},
{
}, {
name: "invalid Singlestack IPv4 ClusterCIDR, perNodeHostBits > maxPerNodeHostBits",
cc: makeClusterCIDR(100, "10.1.0.0/16", "", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
},
{
}, {
name: "invalid SingleStack IPv4 ClusterCIDR, perNodeHostBits < minPerNodeHostBits",
cc: makeClusterCIDR(2, "10.1.0.0/16", "", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
@@ -1979,18 +1935,15 @@ func TestValidateClusterCIDR(t *testing.T) {
name: "invalid SingleStack IPv6 ClusterCIDR, invalid spec.IPv6",
cc: makeClusterCIDR(8, "", "testv6", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
},
{
}, {
name: "invalid SingleStack IPv6 ClusterCIDR, valid IPv4 CIDR in spec.IPv6",
cc: makeClusterCIDR(8, "", "10.2.0.0/16", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
},
{
}, {
name: "invalid SingleStack IPv6 ClusterCIDR, invalid perNodeHostBits > maxPerNodeHostBits",
cc: makeClusterCIDR(12, "", "fd00::/120", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
},
{
}, {
name: "invalid SingleStack IPv6 ClusterCIDR, invalid perNodeHostBits < minPerNodeHostBits",
cc: makeClusterCIDR(3, "", "fd00::/120", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
@@ -2000,18 +1953,15 @@ func TestValidateClusterCIDR(t *testing.T) {
name: "invalid DualStack ClusterCIDR, valid spec.IPv4, invalid spec.IPv6",
cc: makeClusterCIDR(8, "10.1.0.0/16", "testv6", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
},
{
}, {
name: "invalid DualStack ClusterCIDR, valid spec.IPv6, invalid spec.IPv4",
cc: makeClusterCIDR(8, "testv4", "fd00::/120", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
},
{
}, {
name: "invalid DualStack ClusterCIDR, invalid perNodeHostBits > maxPerNodeHostBits",
cc: makeClusterCIDR(24, "10.1.0.0/16", "fd00:1:1::/64", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
},
{
}, {
name: "invalid DualStack ClusterCIDR, valid IPv6 CIDR in spec.IPv4",
cc: makeClusterCIDR(8, "fd00::/120", "fd00:1:1::/64", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
@@ -2038,33 +1988,27 @@ func TestValidateClusterConfigUpdate(t *testing.T) {
name string
cc *networking.ClusterCIDR
expectErr bool
}{
{
}{{
name: "Successful update, no changes to ClusterCIDR.Spec",
cc: makeClusterCIDR(8, "10.1.0.0/16", "fd00:1:1::/64", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: false,
},
{
}, {
name: "Failed update, update spec.PerNodeHostBits",
cc: makeClusterCIDR(12, "10.1.0.0/16", "fd00:1:1::/64", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
},
{
}, {
name: "Failed update, update spec.IPv4",
cc: makeClusterCIDR(8, "10.2.0.0/16", "fd00:1:1::/64", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
},
{
}, {
name: "Failed update, update spec.IPv6",
cc: makeClusterCIDR(8, "10.1.0.0/16", "fd00:2:/112", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar"})),
expectErr: true,
},
{
}, {
name: "Failed update, update spec.NodeSelector",
cc: makeClusterCIDR(8, "10.1.0.0/16", "fd00:1:1::/64", makeNodeSelector("foo", api.NodeSelectorOpIn, []string{"bar2"})),
expectErr: true,
},
}
}}
for _, testCase := range testCases {
t.Run(testCase.name, func(t *testing.T) {
err := ValidateClusterCIDRUpdate(testCase.cc, oldCCC)
@@ -2244,8 +2188,7 @@ func TestValidateIPAddressUpdate(t *testing.T) {
name string
new func(svc *networking.IPAddress) *networking.IPAddress
expectErr bool
}{
{
}{{
name: "Successful update, no changes",
new: func(old *networking.IPAddress) *networking.IPAddress {
out := old.DeepCopy()
@@ -2267,8 +2210,7 @@ func TestValidateIPAddressUpdate(t *testing.T) {
return out
}, expectErr: true,
},
{
}, {
name: "Failed update, delete spec.ParentRef",
new: func(svc *networking.IPAddress) *networking.IPAddress {
out := svc.DeepCopy()

12
pkg/apis/node/validation/validation_test.go
View File

@@ -134,8 +134,7 @@ func TestValidateOverhead(t *testing.T) {
successCase := []struct {
Name string
overhead *node.Overhead
}{
{
}{{
Name: "Overhead with valid cpu and memory resources",
overhead: &node.Overhead{
PodFixed: core.ResourceList{
@@ -143,8 +142,7 @@ func TestValidateOverhead(t *testing.T) {
core.ResourceName(core.ResourceMemory): resource.MustParse("10G"),
},
},
},
}
}}
for _, tc := range successCase {
rc := &node.RuntimeClass{
@@ -160,16 +158,14 @@ func TestValidateOverhead(t *testing.T) {
errorCase := []struct {
Name string
overhead *node.Overhead
}{
{
}{{
Name: "Invalid Resources",
overhead: &node.Overhead{
PodFixed: core.ResourceList{
core.ResourceName("my.org"): resource.MustParse("10m"),
},
},
},
}
}}
for _, tc := range errorCase {
rc := &node.RuntimeClass{
ObjectMeta: metav1.ObjectMeta{Name: "foo"},

75
pkg/apis/policy/validation/validation_test.go
View File

@@ -107,40 +107,35 @@ func TestValidateUnhealthyPodEvictionPolicyDisruptionBudgetSpec(t *testing.T) {
name string
pdbSpec policy.PodDisruptionBudgetSpec
expectErr bool
}{
{
}{{
name: "valid nil UnhealthyPodEvictionPolicy",
pdbSpec: policy.PodDisruptionBudgetSpec{
MinAvailable: &c1,
UnhealthyPodEvictionPolicy: nil,
},
expectErr: false,
},
{
}, {
name: "valid UnhealthyPodEvictionPolicy",
pdbSpec: policy.PodDisruptionBudgetSpec{
MinAvailable: &c1,
UnhealthyPodEvictionPolicy: &alwaysAllowPolicy,
},
expectErr: false,
},
{
}, {
name: "empty UnhealthyPodEvictionPolicy",
pdbSpec: policy.PodDisruptionBudgetSpec{
MinAvailable: &c1,
UnhealthyPodEvictionPolicy: new(policy.UnhealthyPodEvictionPolicyType),
},
expectErr: true,
},
{
}, {
name: "invalid UnhealthyPodEvictionPolicy",
pdbSpec: policy.PodDisruptionBudgetSpec{
MinAvailable: &c1,
UnhealthyPodEvictionPolicy: &invalidPolicy,
},
expectErr: true,
},
}
}}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
@@ -162,8 +157,7 @@ func TestValidatePodDisruptionBudgetStatus(t *testing.T) {
name string
pdbStatus policy.PodDisruptionBudgetStatus
expectErrForVersion map[schema.GroupVersion]bool
}{
{
}{{
name: "DisruptionsAllowed: 10",
pdbStatus: policy.PodDisruptionBudgetStatus{
DisruptionsAllowed: 10,
@@ -172,8 +166,7 @@ func TestValidatePodDisruptionBudgetStatus(t *testing.T) {
policy.SchemeGroupVersion: expectNoErrors,
policyv1beta1.SchemeGroupVersion: expectNoErrors,
},
},
{
}, {
name: "CurrentHealthy: 5",
pdbStatus: policy.PodDisruptionBudgetStatus{
CurrentHealthy: 5,
@@ -182,8 +175,7 @@ func TestValidatePodDisruptionBudgetStatus(t *testing.T) {
policy.SchemeGroupVersion: expectNoErrors,
policyv1beta1.SchemeGroupVersion: expectNoErrors,
},
},
{
}, {
name: "DesiredHealthy: 3",
pdbStatus: policy.PodDisruptionBudgetStatus{
DesiredHealthy: 3,
@@ -192,8 +184,7 @@ func TestValidatePodDisruptionBudgetStatus(t *testing.T) {
policy.SchemeGroupVersion: expectNoErrors,
policyv1beta1.SchemeGroupVersion: expectNoErrors,
},
},
{
}, {
name: "ExpectedPods: 2",
pdbStatus: policy.PodDisruptionBudgetStatus{
ExpectedPods: 2,
@@ -202,8 +193,7 @@ func TestValidatePodDisruptionBudgetStatus(t *testing.T) {
policy.SchemeGroupVersion: expectNoErrors,
policyv1beta1.SchemeGroupVersion: expectNoErrors,
},
},
{
}, {
name: "DisruptionsAllowed: -10",
pdbStatus: policy.PodDisruptionBudgetStatus{
DisruptionsAllowed: -10,
@@ -212,8 +202,7 @@ func TestValidatePodDisruptionBudgetStatus(t *testing.T) {
policy.SchemeGroupVersion: expectErrors,
policyv1beta1.SchemeGroupVersion: expectNoErrors,
},
},
{
}, {
name: "CurrentHealthy: -5",
pdbStatus: policy.PodDisruptionBudgetStatus{
CurrentHealthy: -5,
@@ -222,8 +211,7 @@ func TestValidatePodDisruptionBudgetStatus(t *testing.T) {
policy.SchemeGroupVersion: expectErrors,
policyv1beta1.SchemeGroupVersion: expectNoErrors,
},
},
{
}, {
name: "DesiredHealthy: -3",
pdbStatus: policy.PodDisruptionBudgetStatus{
DesiredHealthy: -3,
@@ -232,8 +220,7 @@ func TestValidatePodDisruptionBudgetStatus(t *testing.T) {
policy.SchemeGroupVersion: expectErrors,
policyv1beta1.SchemeGroupVersion: expectNoErrors,
},
},
{
}, {
name: "ExpectedPods: -2",
pdbStatus: policy.PodDisruptionBudgetStatus{
ExpectedPods: -2,
@@ -242,12 +229,10 @@ func TestValidatePodDisruptionBudgetStatus(t *testing.T) {
policy.SchemeGroupVersion: expectErrors,
policyv1beta1.SchemeGroupVersion: expectNoErrors,
},
},
{
}, {
name: "Conditions valid",
pdbStatus: policy.PodDisruptionBudgetStatus{
Conditions: []metav1.Condition{
{
Conditions: []metav1.Condition{{
Type: policyv1beta1.DisruptionAllowedCondition,
Status: metav1.ConditionTrue,
LastTransitionTime: metav1.Time{
@@ -256,34 +241,28 @@ func TestValidatePodDisruptionBudgetStatus(t *testing.T) {
Reason: policyv1beta1.SufficientPodsReason,
Message: "message",
ObservedGeneration: 3,
},
},
}},
},
expectErrForVersion: map[schema.GroupVersion]bool{
policy.SchemeGroupVersion: expectNoErrors,
policyv1beta1.SchemeGroupVersion: expectNoErrors,
},
},
{
}, {
name: "Conditions not valid",
pdbStatus: policy.PodDisruptionBudgetStatus{
Conditions: []metav1.Condition{
{
Conditions: []metav1.Condition{{
Type: policyv1beta1.DisruptionAllowedCondition,
Status: metav1.ConditionTrue,
},
{
}, {
Type: policyv1beta1.DisruptionAllowedCondition,
Status: metav1.ConditionFalse,
},
},
}},
},
expectErrForVersion: map[schema.GroupVersion]bool{
policy.SchemeGroupVersion: expectErrors,
policyv1beta1.SchemeGroupVersion: expectErrors,
},
},
}
}}
for _, tc := range testCases {
for apiVersion, expectErrors := range tc.expectErrForVersion {
@@ -1165,23 +1144,19 @@ func TestAllowEphemeralVolumeType(t *testing.T) {
description string
hasGenericVolume bool
psp func() *policy.PodSecurityPolicy
}{
{
}{{
description: "PodSecurityPolicySpec Without GenericVolume",
hasGenericVolume: false,
psp: pspWithoutGenericVolume,
},
{
}, {
description: "PodSecurityPolicySpec With GenericVolume",
hasGenericVolume: true,
psp: pspWithGenericVolume,
},
{
}, {
description: "is nil",
hasGenericVolume: false,
psp: pspNil,
},
}
}}
for _, oldPSPInfo := range pspInfo {
for _, newPSPInfo := range pspInfo {

42
pkg/apis/rbac/validation/validation_test.go
View File

@@ -402,12 +402,10 @@ func TestValidateRoleNonResourceURL(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: "default",
},
Rules: []rbac.PolicyRule{
{
Rules: []rbac.PolicyRule{{
Verbs: []string{"get"},
NonResourceURLs: []string{"/*"},
},
},
}},
},
wantErr: false,
}.test(t)
@@ -420,13 +418,11 @@ func TestValidateRoleNamespacedNonResourceURL(t *testing.T) {
Namespace: "default",
Name: "default",
},
Rules: []rbac.PolicyRule{
{
Rules: []rbac.PolicyRule{{
// non-resource URLs are invalid for namespaced rules
Verbs: []string{"get"},
NonResourceURLs: []string{"/*"},
},
},
}},
},
wantErr: true,
errType: field.ErrorTypeInvalid,
@@ -440,12 +436,10 @@ func TestValidateRoleNonResourceURLNoVerbs(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: "default",
},
Rules: []rbac.PolicyRule{
{
Rules: []rbac.PolicyRule{{
Verbs: []string{},
NonResourceURLs: []string{"/*"},
},
},
}},
},
wantErr: true,
errType: field.ErrorTypeRequired,
@@ -460,14 +454,12 @@ func TestValidateRoleMixedNonResourceAndResource(t *testing.T) {
Name: "default",
Namespace: "default",
},
Rules: []rbac.PolicyRule{
{
Rules: []rbac.PolicyRule{{
Verbs: []string{"get"},
NonResourceURLs: []string{"/*"},
APIGroups: []string{"v1"},
Resources: []string{"pods"},
},
},
}},
},
wantErr: true,
errType: field.ErrorTypeInvalid,
@@ -482,13 +474,11 @@ func TestValidateRoleValidResource(t *testing.T) {
Name: "default",
Namespace: "default",
},
Rules: []rbac.PolicyRule{
{
Rules: []rbac.PolicyRule{{
Verbs: []string{"get"},
APIGroups: []string{"v1"},
Resources: []string{"pods"},
},
},
}},
},
wantErr: false,
}.test(t)
@@ -501,12 +491,10 @@ func TestValidateRoleNoAPIGroup(t *testing.T) {
Name: "default",
Namespace: "default",
},
Rules: []rbac.PolicyRule{
{
Rules: []rbac.PolicyRule{{
Verbs: []string{"get"},
Resources: []string{"pods"},
},
},
}},
},
wantErr: true,
errType: field.ErrorTypeRequired,
@@ -521,12 +509,10 @@ func TestValidateRoleNoResources(t *testing.T) {
Name: "default",
Namespace: "default",
},
Rules: []rbac.PolicyRule{
{
Rules: []rbac.PolicyRule{{
Verbs: []string{"get"},
APIGroups: []string{"v1"},
},
},
}},
},
wantErr: true,
errType: field.ErrorTypeRequired,

921
pkg/apis/storage/validation/validation_test.go
View File

File diff suppressed because it is too large Load Diff

180
pkg/kubelet/apis/config/validation/validation_test.go
View File

@@ -86,22 +86,19 @@ func TestValidateKubeletConfiguration(t *testing.T) {
name string
configure func(config *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration
errMsg string
}{
{
}{{
name: "Success",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
return conf
},
},
{
}, {
name: "invalid NodeLeaseDurationSeconds",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.NodeLeaseDurationSeconds = 0
return conf
},
errMsg: "invalid configuration: nodeLeaseDurationSeconds must be greater than 0",
},
{
}, {
name: "specify EnforceNodeAllocatable without enabling CgroupsPerQOS",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.CgroupsPerQOS = false
@@ -109,8 +106,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: enforceNodeAllocatable (--enforce-node-allocatable) is not supported unless cgroupsPerQOS (--cgroups-per-qos) is set to true",
},
{
}, {
name: "specify SystemCgroups without CgroupRoot",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.SystemCgroups = "/"
@@ -118,32 +114,28 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: systemCgroups (--system-cgroups) was specified and cgroupRoot (--cgroup-root) was not specified",
},
{
}, {
name: "invalid EventBurst",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.EventBurst = -1
return conf
},
errMsg: "invalid configuration: eventBurst (--event-burst) -1 must not be a negative number",
},
{
}, {
name: "invalid EventRecordQPS",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.EventRecordQPS = -1
return conf
},
errMsg: "invalid configuration: eventRecordQPS (--event-qps) -1 must not be a negative number",
},
{
}, {
name: "invalid HealthzPort",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.HealthzPort = 65536
return conf
},
errMsg: "invalid configuration: healthzPort (--healthz-port) 65536 must be between 1 and 65535, inclusive",
},
{
}, {
name: "specify CPUCFSQuotaPeriod without enabling CPUCFSQuotaPeriod",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"CustomCPUCFSQuotaPeriod": false}
@@ -151,8 +143,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: cpuCFSQuotaPeriod (--cpu-cfs-quota-period) {200ms} requires feature gate CustomCPUCFSQuotaPeriod",
},
{
}, {
name: "invalid CPUCFSQuotaPeriod",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"CustomCPUCFSQuotaPeriod": true}
@@ -160,24 +151,21 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: cpuCFSQuotaPeriod (--cpu-cfs-quota-period) {2s} must be between 1ms and 1sec, inclusive",
},
{
}, {
name: "invalid ImageGCHighThresholdPercent",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.ImageGCHighThresholdPercent = 101
return conf
},
errMsg: "invalid configuration: imageGCHighThresholdPercent (--image-gc-high-threshold) 101 must be between 0 and 100, inclusive",
},
{
}, {
name: "invalid ImageGCLowThresholdPercent",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.ImageGCLowThresholdPercent = -1
return conf
},
errMsg: "invalid configuration: imageGCLowThresholdPercent (--image-gc-low-threshold) -1 must be between 0 and 100, inclusive",
},
{
}, {
name: "ImageGCLowThresholdPercent is equal to ImageGCHighThresholdPercent",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.ImageGCHighThresholdPercent = 0
@@ -185,8 +173,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: imageGCLowThresholdPercent (--image-gc-low-threshold) 0 must be less than imageGCHighThresholdPercent (--image-gc-high-threshold) 0",
},
{
}, {
name: "ImageGCLowThresholdPercent is greater than ImageGCHighThresholdPercent",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.ImageGCHighThresholdPercent = 0
@@ -194,120 +181,105 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: imageGCLowThresholdPercent (--image-gc-low-threshold) 1 must be less than imageGCHighThresholdPercent (--image-gc-high-threshold) 0",
},
{
}, {
name: "invalid IPTablesDropBit",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.IPTablesDropBit = 32
return conf
},
errMsg: "invalid configuration: iptablesDropBit (--iptables-drop-bit) 32 must be between 0 and 31, inclusive",
},
{
}, {
name: "invalid IPTablesMasqueradeBit",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.IPTablesMasqueradeBit = 32
return conf
},
errMsg: "invalid configuration: iptablesMasqueradeBit (--iptables-masquerade-bit) 32 must be between 0 and 31, inclusive",
},
{
}, {
name: "invalid KubeAPIBurst",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.KubeAPIBurst = -1
return conf
},
errMsg: "invalid configuration: kubeAPIBurst (--kube-api-burst) -1 must not be a negative number",
},
{
}, {
name: "invalid KubeAPIQPS",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.KubeAPIQPS = -1
return conf
},
errMsg: "invalid configuration: kubeAPIQPS (--kube-api-qps) -1 must not be a negative number",
},
{
}, {
name: "invalid NodeStatusMaxImages",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.NodeStatusMaxImages = -2
return conf
},
errMsg: "invalid configuration: nodeStatusMaxImages (--node-status-max-images) -2 must be -1 or greater",
},
{
}, {
name: "invalid MaxOpenFiles",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.MaxOpenFiles = -1
return conf
},
errMsg: "invalid configuration: maxOpenFiles (--max-open-files) -1 must not be a negative number",
},
{
}, {
name: "invalid MaxPods",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.MaxPods = -1
return conf
},
errMsg: "invalid configuration: maxPods (--max-pods) -1 must not be a negative number",
},
{
}, {
name: "invalid OOMScoreAdj",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.OOMScoreAdj = 1001
return conf
},
errMsg: "invalid configuration: oomScoreAdj (--oom-score-adj) 1001 must be between -1000 and 1000, inclusive",
},
{
}, {
name: "invalid PodsPerCore",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.PodsPerCore = -1
return conf
},
errMsg: "invalid configuration: podsPerCore (--pods-per-core) -1 must not be a negative number",
},
{
}, {
name: "invalid Port",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.Port = 65536
return conf
},
errMsg: "invalid configuration: port (--port) 65536 must be between 1 and 65535, inclusive",
},
{
}, {
name: "invalid ReadOnlyPort",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.ReadOnlyPort = 65536
return conf
},
errMsg: "invalid configuration: readOnlyPort (--read-only-port) 65536 must be between 0 and 65535, inclusive",
},
{
}, {
name: "invalid RegistryBurst",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.RegistryBurst = -1
return conf
},
errMsg: "invalid configuration: registryBurst (--registry-burst) -1 must not be a negative number",
},
{
}, {
name: "invalid RegistryPullQPS",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.RegistryPullQPS = -1
return conf
},
errMsg: "invalid configuration: registryPullQPS (--registry-qps) -1 must not be a negative number",
},
{
}, {
name: "invalid MaxParallelImagePulls",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.MaxParallelImagePulls = utilpointer.Int32(0)
return conf
},
errMsg: "invalid configuration: maxParallelImagePulls 0 must be a positive number",
},
{
}, {
name: "invalid MaxParallelImagePulls and SerializeImagePulls combination",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.MaxParallelImagePulls = utilpointer.Int32(3)
@@ -315,16 +287,14 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: maxParallelImagePulls cannot be larger than 1 unless SerializeImagePulls (--serialize-image-pulls) is set to false",
},
{
}, {
name: "valid MaxParallelImagePulls and SerializeImagePulls combination",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.MaxParallelImagePulls = utilpointer.Int32(1)
conf.SerializeImagePulls = true
return conf
},
},
{
}, {
name: "specify ServerTLSBootstrap without enabling RotateKubeletServerCertificate",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"RotateKubeletServerCertificate": false}
@@ -332,24 +302,21 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: serverTLSBootstrap true requires feature gate RotateKubeletServerCertificate",
},
{
}, {
name: "invalid TopologyManagerPolicy",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.TopologyManagerPolicy = "invalid-policy"
return conf
},
errMsg: "invalid configuration: topologyManagerPolicy (--topology-manager-policy) \"invalid-policy\" must be one of: [\"none\" \"best-effort\" \"restricted\" \"single-numa-node\"]",
},
{
}, {
name: "invalid TopologyManagerScope",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.TopologyManagerScope = "invalid-scope"
return conf
},
errMsg: "invalid configuration: topologyManagerScope (--topology-manager-scope) \"invalid-scope\" must be one of: \"container\", or \"pod\"",
},
{
}, {
name: "ShutdownGracePeriodCriticalPods is greater than ShutdownGracePeriod",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"GracefulNodeShutdown": true}
@@ -358,8 +325,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: shutdownGracePeriodCriticalPods {2s} must be <= shutdownGracePeriod {1s}",
},
{
}, {
name: "ShutdownGracePeriod is less than 1 sec",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"GracefulNodeShutdown": true}
@@ -367,8 +333,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: shutdownGracePeriod {1ms} must be either zero or otherwise >= 1 sec",
},
{
}, {
name: "ShutdownGracePeriodCriticalPods is less than 1 sec",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"GracefulNodeShutdown": true}
@@ -376,8 +341,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: shutdownGracePeriodCriticalPods {1ms} must be either zero or otherwise >= 1 sec",
},
{
}, {
name: "specify ShutdownGracePeriod without enabling GracefulNodeShutdown",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"GracefulNodeShutdown": false}
@@ -385,8 +349,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: specifying shutdownGracePeriod or shutdownGracePeriodCriticalPods requires feature gate GracefulNodeShutdown",
},
{
}, {
name: "specify ShutdownGracePeriodCriticalPods without enabling GracefulNodeShutdown",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"GracefulNodeShutdown": false}
@@ -394,8 +357,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: specifying shutdownGracePeriod or shutdownGracePeriodCriticalPods requires feature gate GracefulNodeShutdown",
},
{
}, {
name: "invalid MemorySwap.SwapBehavior",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"NodeSwap": true}
@@ -403,8 +365,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: memorySwap.swapBehavior \"invalid-behavior\" must be one of: \"\", \"LimitedSwap\", or \"UnlimitedSwap\"",
},
{
}, {
name: "specify MemorySwap.SwapBehavior without enabling NodeSwap",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"NodeSwap": false}
@@ -412,8 +373,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: memorySwap.swapBehavior cannot be set when NodeSwap feature flag is disabled",
},
{
}, {
name: "specify SystemReservedEnforcementKey without specifying SystemReservedCgroup",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.EnforceNodeAllocatable = []string{kubetypes.SystemReservedEnforcementKey}
@@ -421,8 +381,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: systemReservedCgroup (--system-reserved-cgroup) must be specified when \"system-reserved\" contained in enforceNodeAllocatable (--enforce-node-allocatable)",
},
{
}, {
name: "specify KubeReservedEnforcementKey without specifying KubeReservedCgroup",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.EnforceNodeAllocatable = []string{kubetypes.KubeReservedEnforcementKey}
@@ -430,32 +389,28 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: kubeReservedCgroup (--kube-reserved-cgroup) must be specified when \"kube-reserved\" contained in enforceNodeAllocatable (--enforce-node-allocatable)",
},
{
}, {
name: "specify NodeAllocatableNoneKey with additional enforcements",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.EnforceNodeAllocatable = []string{kubetypes.NodeAllocatableNoneKey, kubetypes.KubeReservedEnforcementKey}
return conf
},
errMsg: "invalid configuration: enforceNodeAllocatable (--enforce-node-allocatable) may not contain additional enforcements when \"none\" is specified",
},
{
}, {
name: "invalid EnforceNodeAllocatable",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.EnforceNodeAllocatable = []string{"invalid-enforce-node-allocatable"}
return conf
},
errMsg: "invalid configuration: option \"invalid-enforce-node-allocatable\" specified for enforceNodeAllocatable (--enforce-node-allocatable). Valid options are \"pods\", \"system-reserved\", \"kube-reserved\", or \"none\"",
},
{
}, {
name: "invalid HairpinMode",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.HairpinMode = "invalid-hair-pin-mode"
return conf
},
errMsg: "invalid configuration: option \"invalid-hair-pin-mode\" specified for hairpinMode (--hairpin-mode). Valid options are \"none\", \"hairpin-veth\" or \"promiscuous-bridge\"",
},
{
}, {
name: "specify ReservedSystemCPUs with SystemReservedCgroup",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.ReservedSystemCPUs = "0-3"
@@ -463,8 +418,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: can't use reservedSystemCPUs (--reserved-cpus) with systemReservedCgroup (--system-reserved-cgroup) or kubeReservedCgroup (--kube-reserved-cgroup)",
},
{
}, {
name: "specify ReservedSystemCPUs with KubeReservedCgroup",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.ReservedSystemCPUs = "0-3"
@@ -472,16 +426,14 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: can't use reservedSystemCPUs (--reserved-cpus) with systemReservedCgroup (--system-reserved-cgroup) or kubeReservedCgroup (--kube-reserved-cgroup)",
},
{
}, {
name: "invalid ReservedSystemCPUs",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.ReservedSystemCPUs = "invalid-reserved-system-cpus"
return conf
},
errMsg: "invalid configuration: unable to parse reservedSystemCPUs (--reserved-cpus) invalid-reserved-system-cpus, error:",
},
{
}, {
name: "enable MemoryQoS without specifying MemoryThrottlingFactor",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"MemoryQoS": true}
@@ -489,16 +441,14 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: memoryThrottlingFactor is required when MemoryQoS feature flag is enabled",
},
{
}, {
name: "invalid MemoryThrottlingFactor",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.MemoryThrottlingFactor = utilpointer.Float64(1.1)
return conf
},
errMsg: "invalid configuration: memoryThrottlingFactor 1.1 must be greater than 0 and less than or equal to 1.0",
},
{
}, {
name: "invalid Taint.TimeAdded",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
now := metav1.Now()
@@ -506,8 +456,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: taint.TimeAdded is not nil",
},
{
}, {
name: "specify tracing with KubeletTracing disabled",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
samplingRate := int32(99999)
@@ -516,8 +465,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: tracing should not be configured if KubeletTracing feature flag is disabled.",
},
{
}, {
name: "specify tracing invalid sampling rate",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
samplingRate := int32(-1)
@@ -526,8 +474,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "tracing.samplingRatePerMillion: Invalid value: -1: sampling rate must be positive",
},
{
}, {
name: "specify tracing invalid endpoint",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
ep := "dn%2s://localhost:4317"
@@ -536,42 +483,36 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "tracing.endpoint: Invalid value: \"dn%2s://localhost:4317\": parse \"dn%2s://localhost:4317\": first path segment in URL cannot contain colon",
},
{
}, {
name: "invalid GracefulNodeShutdownBasedOnPodPriority",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"GracefulNodeShutdownBasedOnPodPriority": true}
conf.ShutdownGracePeriodByPodPriority = []kubeletconfig.ShutdownGracePeriodByPodPriority{
{
conf.ShutdownGracePeriodByPodPriority = []kubeletconfig.ShutdownGracePeriodByPodPriority{{
Priority: 0,
ShutdownGracePeriodSeconds: 0,
}}
return conf
},
errMsg: "invalid configuration: Cannot specify both shutdownGracePeriodByPodPriority and shutdownGracePeriod at the same time",
},
{
}, {
name: "Specifying shutdownGracePeriodByPodPriority without enable GracefulNodeShutdownBasedOnPodPriority",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"GracefulNodeShutdownBasedOnPodPriority": false}
conf.ShutdownGracePeriodByPodPriority = []kubeletconfig.ShutdownGracePeriodByPodPriority{
{
conf.ShutdownGracePeriodByPodPriority = []kubeletconfig.ShutdownGracePeriodByPodPriority{{
Priority: 0,
ShutdownGracePeriodSeconds: 0,
}}
return conf
},
errMsg: "invalid configuration: Specifying shutdownGracePeriodByPodPriority requires feature gate GracefulNodeShutdownBasedOnPodPriority",
},
{
}, {
name: "enableSystemLogQuery is enabled without NodeLogQuery feature gate",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.EnableSystemLogQuery = true
return conf
},
errMsg: "invalid configuration: NodeLogQuery feature gate is required for enableSystemLogHandler",
},
{
}, {
name: "enableSystemLogQuery is enabled without enableSystemLogHandler",
configure: func(conf *kubeletconfig.KubeletConfiguration) *kubeletconfig.KubeletConfiguration {
conf.FeatureGates = map[string]bool{"NodeLogQuery": true}
@@ -580,8 +521,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
return conf
},
errMsg: "invalid configuration: enableSystemLogHandler is required for enableSystemLogQuery",
},
}
}}
for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) {

30
pkg/proxy/apis/config/validation/validation_test.go
View File

@@ -36,8 +36,7 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
} else {
proxyMode = kubeproxyconfig.ProxyModeIPVS
}
successCases := []kubeproxyconfig.KubeProxyConfiguration{
{
successCases := []kubeproxyconfig.KubeProxyConfiguration{{
BindAddress: "192.168.59.103",
HealthzBindAddress: "0.0.0.0:10256",
MetricsBindAddress: "127.0.0.1:10249",
@@ -59,8 +58,7 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
},
},
{
}, {
BindAddress: "192.168.59.103",
HealthzBindAddress: "0.0.0.0:10256",
MetricsBindAddress: "127.0.0.1:10249",
@@ -77,8 +75,7 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
},
},
{
}, {
BindAddress: "192.168.59.103",
HealthzBindAddress: "",
MetricsBindAddress: "127.0.0.1:10249",
@@ -95,8 +92,7 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
},
},
{
}, {
BindAddress: "fd00:192:168:59::103",
HealthzBindAddress: "",
MetricsBindAddress: "[::1]:10249",
@@ -113,8 +109,7 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
},
},
{
}, {
BindAddress: "10.10.12.11",
HealthzBindAddress: "0.0.0.0:12345",
MetricsBindAddress: "127.0.0.1:10249",
@@ -131,8 +126,7 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
},
},
{
}, {
BindAddress: "10.10.12.11",
HealthzBindAddress: "0.0.0.0:12345",
MetricsBindAddress: "127.0.0.1:10249",
@@ -149,8 +143,7 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
},
},
{
}, {
BindAddress: "10.10.12.11",
HealthzBindAddress: "0.0.0.0:12345",
MetricsBindAddress: "127.0.0.1:10249",
@@ -167,8 +160,7 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
},
},
{
}, {
BindAddress: "10.10.12.11",
HealthzBindAddress: "0.0.0.0:12345",
MetricsBindAddress: "127.0.0.1:10249",
@@ -189,8 +181,7 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
DetectLocal: kubeproxyconfig.DetectLocalConfiguration{
InterfaceNamePrefix: "vethabcde",
},
},
{
}, {
BindAddress: "10.10.12.11",
HealthzBindAddress: "0.0.0.0:12345",
MetricsBindAddress: "127.0.0.1:10249",
@@ -211,8 +202,7 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
DetectLocal: kubeproxyconfig.DetectLocalConfiguration{
BridgeInterface: "avz",
},
},
}
}}
for _, successCase := range successCases {
if errs := Validate(&successCase); len(errs) != 0 {

189
pkg/scheduler/apis/config/validation/validation_test.go
View File

@@ -57,8 +57,7 @@ func TestValidateKubeSchedulerConfigurationV1beta2(t *testing.T) {
PodInitialBackoffSeconds: podInitialBackoffSeconds,
PodMaxBackoffSeconds: podMaxBackoffSeconds,
PercentageOfNodesToScore: pointer.Int32(35),
Profiles: []config.KubeSchedulerProfile{
{
Profiles: []config.KubeSchedulerProfile{{
SchedulerName: "me",
Plugins: &config.Plugins{
QueueSort: config.PluginSet{
@@ -68,14 +67,11 @@ func TestValidateKubeSchedulerConfigurationV1beta2(t *testing.T) {
Disabled: []config.Plugin{{Name: "*"}},
},
},
PluginConfig: []config.PluginConfig{
{
PluginConfig: []config.PluginConfig{{
Name: "DefaultPreemption",
Args: &config.DefaultPreemptionArgs{MinCandidateNodesPercentage: 10, MinCandidateNodesAbsolute: 100},
},
},
},
{
}},
}, {
SchedulerName: "other",
Plugins: &config.Plugins{
QueueSort: config.PluginSet{
@@ -85,14 +81,11 @@ func TestValidateKubeSchedulerConfigurationV1beta2(t *testing.T) {
Enabled: []config.Plugin{{Name: "CustomBind"}},
},
},
},
},
Extenders: []config.Extender{
{
}},
Extenders: []config.Extender{{
PrioritizeVerb: "prioritize",
Weight: 1,
},
},
}},
}
invalidParallelismValue := validConfig.DeepCopy()
@@ -145,60 +138,46 @@ func TestValidateKubeSchedulerConfigurationV1beta2(t *testing.T) {
extenderNegativeWeight.Extenders[0].Weight = -1
invalidNodePercentage := validConfig.DeepCopy()
invalidNodePercentage.Profiles[0].PluginConfig = []config.PluginConfig{
{
invalidNodePercentage.Profiles[0].PluginConfig = []config.PluginConfig{{
Name: "DefaultPreemption",
Args: &config.DefaultPreemptionArgs{MinCandidateNodesPercentage: 200, MinCandidateNodesAbsolute: 100},
},
}
}}
invalidPluginArgs := validConfig.DeepCopy()
invalidPluginArgs.Profiles[0].PluginConfig = []config.PluginConfig{
{
invalidPluginArgs.Profiles[0].PluginConfig = []config.PluginConfig{{
Name: "DefaultPreemption",
Args: &config.InterPodAffinityArgs{},
},
}
}}
duplicatedPluginConfig := validConfig.DeepCopy()
duplicatedPluginConfig.Profiles[0].PluginConfig = []config.PluginConfig{
{
duplicatedPluginConfig.Profiles[0].PluginConfig = []config.PluginConfig{{
Name: "config",
},
{
}, {
Name: "config",
},
}
}}
mismatchQueueSort := validConfig.DeepCopy()
mismatchQueueSort.Profiles = []config.KubeSchedulerProfile{
{
mismatchQueueSort.Profiles = []config.KubeSchedulerProfile{{
SchedulerName: "me",
Plugins: &config.Plugins{
QueueSort: config.PluginSet{
Enabled: []config.Plugin{{Name: "PrioritySort"}},
},
},
PluginConfig: []config.PluginConfig{
{
PluginConfig: []config.PluginConfig{{
Name: "PrioritySort",
},
},
},
{
}},
}, {
SchedulerName: "other",
Plugins: &config.Plugins{
QueueSort: config.PluginSet{
Enabled: []config.Plugin{{Name: "CustomSort"}},
},
},
PluginConfig: []config.PluginConfig{
{
PluginConfig: []config.PluginConfig{{
Name: "CustomSort",
},
},
},
}
}},
}}
extenderDuplicateManagedResource := validConfig.DeepCopy()
extenderDuplicateManagedResource.Extenders[0].ManagedResources = []config.ExtenderManagedResource{
@@ -455,8 +434,7 @@ func TestValidateKubeSchedulerConfigurationV1beta3(t *testing.T) {
PodInitialBackoffSeconds: podInitialBackoffSeconds,
PodMaxBackoffSeconds: podMaxBackoffSeconds,
PercentageOfNodesToScore: pointer.Int32(35),
Profiles: []config.KubeSchedulerProfile{
{
Profiles: []config.KubeSchedulerProfile{{
SchedulerName: "me",
Plugins: &config.Plugins{
QueueSort: config.PluginSet{
@@ -466,14 +444,11 @@ func TestValidateKubeSchedulerConfigurationV1beta3(t *testing.T) {
Disabled: []config.Plugin{{Name: "*"}},
},
},
PluginConfig: []config.PluginConfig{
{
PluginConfig: []config.PluginConfig{{
Name: "DefaultPreemption",
Args: &config.DefaultPreemptionArgs{MinCandidateNodesPercentage: 10, MinCandidateNodesAbsolute: 100},
},
},
},
{
}},
}, {
SchedulerName: "other",
Plugins: &config.Plugins{
QueueSort: config.PluginSet{
@@ -483,14 +458,11 @@ func TestValidateKubeSchedulerConfigurationV1beta3(t *testing.T) {
Enabled: []config.Plugin{{Name: "CustomBind"}},
},
},
},
},
Extenders: []config.Extender{
{
}},
Extenders: []config.Extender{{
PrioritizeVerb: "prioritize",
Weight: 1,
},
},
}},
}
invalidParallelismValue := validConfig.DeepCopy()
@@ -543,20 +515,16 @@ func TestValidateKubeSchedulerConfigurationV1beta3(t *testing.T) {
extenderNegativeWeight.Extenders[0].Weight = -1
invalidNodePercentage := validConfig.DeepCopy()
invalidNodePercentage.Profiles[0].PluginConfig = []config.PluginConfig{
{
invalidNodePercentage.Profiles[0].PluginConfig = []config.PluginConfig{{
Name: "DefaultPreemption",
Args: &config.DefaultPreemptionArgs{MinCandidateNodesPercentage: 200, MinCandidateNodesAbsolute: 100},
},
}
}}
invalidPluginArgs := validConfig.DeepCopy()
invalidPluginArgs.Profiles[0].PluginConfig = []config.PluginConfig{
{
invalidPluginArgs.Profiles[0].PluginConfig = []config.PluginConfig{{
Name: "DefaultPreemption",
Args: &config.InterPodAffinityArgs{},
},
}
}}
duplicatedPlugins := validConfig.DeepCopy()
duplicatedPlugins.Profiles[0].Plugins.PreEnqueue.Enabled = []config.Plugin{
@@ -565,44 +533,34 @@ func TestValidateKubeSchedulerConfigurationV1beta3(t *testing.T) {
}
duplicatedPluginConfig := validConfig.DeepCopy()
duplicatedPluginConfig.Profiles[0].PluginConfig = []config.PluginConfig{
{
duplicatedPluginConfig.Profiles[0].PluginConfig = []config.PluginConfig{{
Name: "config",
},
{
}, {
Name: "config",
},
}
}}
mismatchQueueSort := validConfig.DeepCopy()
mismatchQueueSort.Profiles = []config.KubeSchedulerProfile{
{
mismatchQueueSort.Profiles = []config.KubeSchedulerProfile{{
SchedulerName: "me",
Plugins: &config.Plugins{
QueueSort: config.PluginSet{
Enabled: []config.Plugin{{Name: "PrioritySort"}},
},
},
PluginConfig: []config.PluginConfig{
{
PluginConfig: []config.PluginConfig{{
Name: "PrioritySort",
},
},
},
{
}},
}, {
SchedulerName: "other",
Plugins: &config.Plugins{
QueueSort: config.PluginSet{
Enabled: []config.Plugin{{Name: "CustomSort"}},
},
},
PluginConfig: []config.PluginConfig{
{
PluginConfig: []config.PluginConfig{{
Name: "CustomSort",
},
},
},
}
}},
}}
extenderDuplicateManagedResource := validConfig.DeepCopy()
extenderDuplicateManagedResource.Extenders[0].ManagedResources = []config.ExtenderManagedResource{
@@ -858,8 +816,7 @@ func TestValidateKubeSchedulerConfigurationV1(t *testing.T) {
},
PodInitialBackoffSeconds: podInitialBackoffSeconds,
PodMaxBackoffSeconds: podMaxBackoffSeconds,
Profiles: []config.KubeSchedulerProfile{
{
Profiles: []config.KubeSchedulerProfile{{
SchedulerName: "me",
PercentageOfNodesToScore: pointer.Int32(35),
Plugins: &config.Plugins{
@@ -870,14 +827,11 @@ func TestValidateKubeSchedulerConfigurationV1(t *testing.T) {
Disabled: []config.Plugin{{Name: "*"}},
},
},
PluginConfig: []config.PluginConfig{
{
PluginConfig: []config.PluginConfig{{
Name: "DefaultPreemption",
Args: &config.DefaultPreemptionArgs{MinCandidateNodesPercentage: 10, MinCandidateNodesAbsolute: 100},
},
},
},
{
}},
}, {
SchedulerName: "other",
PercentageOfNodesToScore: pointer.Int32(35),
Plugins: &config.Plugins{
@@ -888,14 +842,11 @@ func TestValidateKubeSchedulerConfigurationV1(t *testing.T) {
Enabled: []config.Plugin{{Name: "CustomBind"}},
},
},
},
},
Extenders: []config.Extender{
{
}},
Extenders: []config.Extender{{
PrioritizeVerb: "prioritize",
Weight: 1,
},
},
}},
}
invalidParallelismValue := validConfig.DeepCopy()
@@ -948,60 +899,46 @@ func TestValidateKubeSchedulerConfigurationV1(t *testing.T) {
extenderNegativeWeight.Extenders[0].Weight = -1
invalidNodePercentage := validConfig.DeepCopy()
invalidNodePercentage.Profiles[0].PluginConfig = []config.PluginConfig{
{
invalidNodePercentage.Profiles[0].PluginConfig = []config.PluginConfig{{
Name: "DefaultPreemption",
Args: &config.DefaultPreemptionArgs{MinCandidateNodesPercentage: 200, MinCandidateNodesAbsolute: 100},
},
}
}}
invalidPluginArgs := validConfig.DeepCopy()
invalidPluginArgs.Profiles[0].PluginConfig = []config.PluginConfig{
{
invalidPluginArgs.Profiles[0].PluginConfig = []config.PluginConfig{{
Name: "DefaultPreemption",
Args: &config.InterPodAffinityArgs{},
},
}
}}
duplicatedPluginConfig := validConfig.DeepCopy()
duplicatedPluginConfig.Profiles[0].PluginConfig = []config.PluginConfig{
{
duplicatedPluginConfig.Profiles[0].PluginConfig = []config.PluginConfig{{
Name: "config",
},
{
}, {
Name: "config",
},
}
}}
mismatchQueueSort := validConfig.DeepCopy()
mismatchQueueSort.Profiles = []config.KubeSchedulerProfile{
{
mismatchQueueSort.Profiles = []config.KubeSchedulerProfile{{
SchedulerName: "me",
Plugins: &config.Plugins{
QueueSort: config.PluginSet{
Enabled: []config.Plugin{{Name: "PrioritySort"}},
},
},
PluginConfig: []config.PluginConfig{
{
PluginConfig: []config.PluginConfig{{
Name: "PrioritySort",
},
},
},
{
}},
}, {
SchedulerName: "other",
Plugins: &config.Plugins{
QueueSort: config.PluginSet{
Enabled: []config.Plugin{{Name: "CustomSort"}},
},
},
PluginConfig: []config.PluginConfig{
{
PluginConfig: []config.PluginConfig{{
Name: "CustomSort",
},
},
},
}
}},
}}
extenderDuplicateManagedResource := validConfig.DeepCopy()
extenderDuplicateManagedResource.Extenders[0].ManagedResources = []config.ExtenderManagedResource{

102
plugin/pkg/admission/eventratelimit/apis/eventratelimit/validation/validation_test.go
View File

@@ -27,158 +27,124 @@ func TestValidateConfiguration(t *testing.T) {
name string
config eventratelimitapi.Configuration
expectedResult bool
}{
{
}{{
name: "valid server",
config: eventratelimitapi.Configuration{
Limits: []eventratelimitapi.Limit{
{
Limits: []eventratelimitapi.Limit{{
Type: "Server",
Burst: 5,
QPS: 1,
},
},
}},
},
expectedResult: true,
},
{
}, {
name: "valid namespace",
config: eventratelimitapi.Configuration{
Limits: []eventratelimitapi.Limit{
{
Limits: []eventratelimitapi.Limit{{
Type: "Namespace",
Burst: 10,
QPS: 2,
CacheSize: 100,
},
},
}},
},
expectedResult: true,
},
{
}, {
name: "valid user",
config: eventratelimitapi.Configuration{
Limits: []eventratelimitapi.Limit{
{
Limits: []eventratelimitapi.Limit{{
Type: "User",
Burst: 10,
QPS: 2,
CacheSize: 100,
},
},
}},
},
expectedResult: true,
},
{
}, {
name: "valid source+object",
config: eventratelimitapi.Configuration{
Limits: []eventratelimitapi.Limit{
{
Limits: []eventratelimitapi.Limit{{
Type: "SourceAndObject",
Burst: 5,
QPS: 1,
CacheSize: 1000,
},
},
}},
},
expectedResult: true,
},
{
}, {
name: "valid multiple",
config: eventratelimitapi.Configuration{
Limits: []eventratelimitapi.Limit{
{
Limits: []eventratelimitapi.Limit{{
Type: "Server",
Burst: 5,
QPS: 1,
},
{
}, {
Type: "Namespace",
Burst: 10,
QPS: 2,
CacheSize: 100,
},
{
}, {
Type: "SourceAndObject",
Burst: 25,
QPS: 10,
CacheSize: 1000,
},
},
}},
},
expectedResult: true,
},
{
}, {
name: "missing limits",
config: eventratelimitapi.Configuration{},
expectedResult: false,
},
{
}, {
name: "missing type",
config: eventratelimitapi.Configuration{
Limits: []eventratelimitapi.Limit{
{
Limits: []eventratelimitapi.Limit{{
Burst: 25,
QPS: 10,
CacheSize: 1000,
},
},
}},
},
expectedResult: false,
},
{
}, {
name: "invalid type",
config: eventratelimitapi.Configuration{
Limits: []eventratelimitapi.Limit{
{
Limits: []eventratelimitapi.Limit{{
Type: "unknown-type",
Burst: 25,
QPS: 10,
CacheSize: 1000,
},
},
}},
},
expectedResult: false,
},
{
}, {
name: "missing burst",
config: eventratelimitapi.Configuration{
Limits: []eventratelimitapi.Limit{
{
Limits: []eventratelimitapi.Limit{{
Type: "Server",
QPS: 1,
},
},
}},
},
expectedResult: false,
},
{
}, {
name: "missing qps",
config: eventratelimitapi.Configuration{
Limits: []eventratelimitapi.Limit{
{
Limits: []eventratelimitapi.Limit{{
Type: "Server",
Burst: 5,
},
},
}},
},
expectedResult: false,
},
{
}, {
name: "negative cache size",
config: eventratelimitapi.Configuration{
Limits: []eventratelimitapi.Limit{
{
Limits: []eventratelimitapi.Limit{{
Type: "Namespace",
Burst: 10,
QPS: 2,
CacheSize: -1,
},
},
}},
},
expectedResult: false,
},
}
}}
for _, tc := range cases {
errs := ValidateConfiguration(&tc.config)
if e, a := tc.expectedResult, len(errs) == 0; e != a {

15
plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/validation/validation_test.go
View File

@@ -17,9 +17,10 @@ limitations under the License.
package validation
import (
"testing"
api "k8s.io/kubernetes/pkg/apis/core"
internalapi "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction"
"testing"
)
func TestValidateConfiguration(t *testing.T) {
@@ -28,8 +29,7 @@ func TestValidateConfiguration(t *testing.T) {
config internalapi.Configuration
testName string
testStatus bool
}{
{
}{{
config: internalapi.Configuration{
Default: []api.Toleration{
{Key: "foo", Operator: "Exists", Value: "", Effect: "NoExecute", TolerationSeconds: &[]int64{60}[0]},
@@ -44,22 +44,19 @@ func TestValidateConfiguration(t *testing.T) {
},
testName: "Valid cases",
testStatus: true,
},
{
}, {
config: internalapi.Configuration{
Whitelist: []api.Toleration{{Key: "foo", Operator: "Exists", Value: "bar", Effect: "NoSchedule"}},
},
testName: "Invalid case",
testStatus: false,
},
{
}, {
config: internalapi.Configuration{
Default: []api.Toleration{{Operator: "Equal", Value: "bar", Effect: "NoSchedule"}},
},
testName: "Invalid case",
testStatus: false,
},
}
}}
for i := range tests {
errs := ValidateConfiguration(&tests[i].config)

60
staging/src/k8s.io/apimachinery/pkg/apis/meta/internalversion/validation/validation_test.go
View File

@@ -17,9 +17,10 @@ limitations under the License.
package validation
import (
"testing"
"k8s.io/apimachinery/pkg/apis/meta/internalversion"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"testing"
)
func TestValidateListOptions(t *testing.T) {
@@ -32,55 +33,47 @@ func TestValidateListOptions(t *testing.T) {
opts internalversion.ListOptions
watchListFeatureEnabled bool
expectErrors []string
}{
{
}{{
name: "valid-default",
opts: internalversion.ListOptions{},
},
{
}, {
name: "valid-resourceversionmatch-exact",
opts: internalversion.ListOptions{
ResourceVersion: "1",
ResourceVersionMatch: metav1.ResourceVersionMatchExact,
},
},
{
}, {
name: "invalid-resourceversionmatch-exact",
opts: internalversion.ListOptions{
ResourceVersion: "0",
ResourceVersionMatch: metav1.ResourceVersionMatchExact,
},
expectErrors: []string{"resourceVersionMatch: Forbidden: resourceVersionMatch \"exact\" is forbidden for resourceVersion \"0\""},
},
{
}, {
name: "valid-resourceversionmatch-notolderthan",
opts: internalversion.ListOptions{
ResourceVersion: "0",
ResourceVersionMatch: metav1.ResourceVersionMatchNotOlderThan,
},
},
{
}, {
name: "invalid-resourceversionmatch",
opts: internalversion.ListOptions{
ResourceVersion: "0",
ResourceVersionMatch: "foo",
},
expectErrors: []string{"resourceVersionMatch: Unsupported value: \"foo\": supported values: \"Exact\", \"NotOlderThan\", \"\""},
},
{
}, {
name: "list-sendInitialEvents-forbidden",
opts: internalversion.ListOptions{
SendInitialEvents: boolPtrFn(true),
},
expectErrors: []string{"sendInitialEvents: Forbidden: sendInitialEvents is forbidden for list"},
},
{
}, {
name: "valid-watch-default",
opts: internalversion.ListOptions{
Watch: true,
},
},
{
}, {
name: "valid-watch-sendInitialEvents-on",
opts: internalversion.ListOptions{
Watch: true,
@@ -89,8 +82,7 @@ func TestValidateListOptions(t *testing.T) {
AllowWatchBookmarks: true,
},
watchListFeatureEnabled: true,
},
{
}, {
name: "valid-watch-sendInitialEvents-off",
opts: internalversion.ListOptions{
Watch: true,
@@ -99,24 +91,21 @@ func TestValidateListOptions(t *testing.T) {
AllowWatchBookmarks: true,
},
watchListFeatureEnabled: true,
},
{
}, {
name: "watch-resourceversionmatch-without-sendInitialEvents-forbidden",
opts: internalversion.ListOptions{
Watch: true,
ResourceVersionMatch: metav1.ResourceVersionMatchNotOlderThan,
},
expectErrors: []string{"resourceVersionMatch: Forbidden: resourceVersionMatch is forbidden for watch unless sendInitialEvents is provided"},
},
{
}, {
name: "watch-sendInitialEvents-without-resourceversionmatch-forbidden",
opts: internalversion.ListOptions{
Watch: true,
SendInitialEvents: boolPtrFn(true),
},
expectErrors: []string{"resourceVersionMatch: Forbidden: sendInitialEvents requires setting resourceVersionMatch to NotOlderThan", "sendInitialEvents: Forbidden: sendInitialEvents is forbidden for watch unless the WatchList feature gate is enabled"},
},
{
}, {
name: "watch-sendInitialEvents-with-exact-resourceversionmatch-forbidden",
opts: internalversion.ListOptions{
Watch: true,
@@ -126,8 +115,7 @@ func TestValidateListOptions(t *testing.T) {
},
watchListFeatureEnabled: true,
expectErrors: []string{"resourceVersionMatch: Forbidden: sendInitialEvents requires setting resourceVersionMatch to NotOlderThan", "resourceVersionMatch: Unsupported value: \"Exact\": supported values: \"NotOlderThan\""},
},
{
}, {
name: "watch-sendInitialEvents-on-with-empty-resourceversionmatch-forbidden",
opts: internalversion.ListOptions{
Watch: true,
@@ -135,8 +123,7 @@ func TestValidateListOptions(t *testing.T) {
ResourceVersionMatch: "",
},
expectErrors: []string{"resourceVersionMatch: Forbidden: sendInitialEvents requires setting resourceVersionMatch to NotOlderThan", "sendInitialEvents: Forbidden: sendInitialEvents is forbidden for watch unless the WatchList feature gate is enabled"},
},
{
}, {
name: "watch-sendInitialEvents-off-with-empty-resourceversionmatch-forbidden",
opts: internalversion.ListOptions{
Watch: true,
@@ -144,8 +131,7 @@ func TestValidateListOptions(t *testing.T) {
ResourceVersionMatch: "",
},
expectErrors: []string{"resourceVersionMatch: Forbidden: sendInitialEvents requires setting resourceVersionMatch to NotOlderThan", "sendInitialEvents: Forbidden: sendInitialEvents is forbidden for watch unless the WatchList feature gate is enabled"},
},
{
}, {
name: "watch-sendInitialEvents-with-incorrect-resourceversionmatch-forbidden",
opts: internalversion.ListOptions{
Watch: true,
@@ -155,8 +141,7 @@ func TestValidateListOptions(t *testing.T) {
},
watchListFeatureEnabled: true,
expectErrors: []string{"resourceVersionMatch: Forbidden: sendInitialEvents requires setting resourceVersionMatch to NotOlderThan", "resourceVersionMatch: Unsupported value: \"incorrect\": supported values: \"NotOlderThan\""},
},
{
}, {
// note that validating allowWatchBookmarks would break backward compatibility
// because it was possible to request initial events via resourceVersion=0 before this change
name: "watch-sendInitialEvents-no-allowWatchBookmark",
@@ -166,8 +151,7 @@ func TestValidateListOptions(t *testing.T) {
ResourceVersionMatch: metav1.ResourceVersionMatchNotOlderThan,
},
watchListFeatureEnabled: true,
},
{
}, {
name: "watch-sendInitialEvents-no-watchlist-fg-disabled",
opts: internalversion.ListOptions{
Watch: true,
@@ -176,8 +160,7 @@ func TestValidateListOptions(t *testing.T) {
AllowWatchBookmarks: true,
},
expectErrors: []string{"sendInitialEvents: Forbidden: sendInitialEvents is forbidden for watch unless the WatchList feature gate is enabled"},
},
{
}, {
name: "watch-sendInitialEvents-no-watchlist-fg-disabled",
opts: internalversion.ListOptions{
Watch: true,
@@ -188,8 +171,7 @@ func TestValidateListOptions(t *testing.T) {
},
watchListFeatureEnabled: true,
expectErrors: []string{"resourceVersionMatch: Forbidden: resourceVersionMatch is forbidden when continue is provided"},
},
}
}}
for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) {

114
staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/validation/validation_test.go
View File

@@ -136,31 +136,26 @@ func TestValidPatchOptions(t *testing.T) {
tests := []struct {
opts metav1.PatchOptions
patchType types.PatchType
}{
{
}{{
opts: metav1.PatchOptions{
Force: boolPtr(true),
FieldManager: "kubectl",
},
patchType: types.ApplyPatchType,
},
{
}, {
opts: metav1.PatchOptions{
FieldManager: "kubectl",
},
patchType: types.ApplyPatchType,
},
{
}, {
opts: metav1.PatchOptions{},
patchType: types.MergePatchType,
},
{
}, {
opts: metav1.PatchOptions{
FieldManager: "patcher",
},
patchType: types.MergePatchType,
},
}
}}
for _, test := range tests {
t.Run(fmt.Sprintf("%v", test.opts), func(t *testing.T) {
@@ -243,36 +238,30 @@ func TestValidateFieldManagerInvalid(t *testing.T) {
}
func TestValidateManagedFieldsInvalid(t *testing.T) {
tests := []metav1.ManagedFieldsEntry{
{
tests := []metav1.ManagedFieldsEntry{{
Operation: metav1.ManagedFieldsOperationUpdate,
FieldsType: "RandomVersion",
APIVersion: "v1",
},
{
}, {
Operation: "RandomOperation",
FieldsType: "FieldsV1",
APIVersion: "v1",
},
{
}, {
// Operation is missing
FieldsType: "FieldsV1",
APIVersion: "v1",
},
{
}, {
Operation: metav1.ManagedFieldsOperationUpdate,
FieldsType: "FieldsV1",
// Invalid fieldManager
Manager: "field\nmanager",
APIVersion: "v1",
},
{
}, {
Operation: metav1.ManagedFieldsOperationApply,
FieldsType: "FieldsV1",
APIVersion: "v1",
Subresource: "TooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLongTooLong",
},
}
}}
for _, test := range tests {
t.Run(fmt.Sprintf("%#v", test), func(t *testing.T) {
@@ -285,30 +274,25 @@ func TestValidateManagedFieldsInvalid(t *testing.T) {
}
func TestValidateMangedFieldsValid(t *testing.T) {
tests := []metav1.ManagedFieldsEntry{
{
tests := []metav1.ManagedFieldsEntry{{
Operation: metav1.ManagedFieldsOperationUpdate,
APIVersion: "v1",
// FieldsType is missing
},
{
}, {
Operation: metav1.ManagedFieldsOperationUpdate,
FieldsType: "FieldsV1",
APIVersion: "v1",
},
{
}, {
Operation: metav1.ManagedFieldsOperationApply,
FieldsType: "FieldsV1",
APIVersion: "v1",
Subresource: "scale",
},
{
}, {
Operation: metav1.ManagedFieldsOperationApply,
FieldsType: "FieldsV1",
APIVersion: "v1",
Manager: "🍔",
},
}
}}
for _, test := range tests {
t.Run(fmt.Sprintf("%#v", test), func(t *testing.T) {
@@ -325,8 +309,7 @@ func TestValidateConditions(t *testing.T) {
name string
conditions []metav1.Condition
validateErrs func(t *testing.T, errs field.ErrorList)
}{
{
}{{
name: "bunch-of-invalid-fields",
conditions: []metav1.Condition{{
Type: ":invalid",
@@ -358,27 +341,22 @@ func TestValidateConditions(t *testing.T) {
t.Errorf("missing %q in\n%v", needle, errorsAsString(errs))
}
},
},
{
}, {
name: "duplicates",
conditions: []metav1.Condition{{
Type: "First",
},
{
}, {
Type: "Second",
},
{
}, {
Type: "First",
},
},
}},
validateErrs: func(t *testing.T, errs field.ErrorList) {
needle := `status.conditions[2].type: Duplicate value: "First"`
if !hasError(errs, needle) {
t.Errorf("missing %q in\n%v", needle, errorsAsString(errs))
}
},
},
{
}, {
name: "colon-allowed-in-reason",
conditions: []metav1.Condition{{
Type: "First",
@@ -390,8 +368,7 @@ func TestValidateConditions(t *testing.T) {
t.Errorf("has %q in\n%v", needle, errorsAsString(errs))
}
},
},
{
}, {
name: "comma-allowed-in-reason",
conditions: []metav1.Condition{{
Type: "First",
@@ -403,8 +380,7 @@ func TestValidateConditions(t *testing.T) {
t.Errorf("has %q in\n%v", needle, errorsAsString(errs))
}
},
},
{
}, {
name: "reason-does-not-end-in-delimiter",
conditions: []metav1.Condition{{
Type: "First",
@@ -416,8 +392,7 @@ func TestValidateConditions(t *testing.T) {
t.Errorf("missing %q in\n%v", needle, errorsAsString(errs))
}
},
},
}
}}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
@@ -433,31 +408,25 @@ func TestLabelSelectorMatchExpression(t *testing.T) {
labelSelector *metav1.LabelSelector
wantErrorNumber int
validateErrs func(t *testing.T, errs field.ErrorList)
}{
{
}{{
name: "Valid LabelSelector",
labelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
MatchExpressions: []metav1.LabelSelectorRequirement{{
Key: "key",
Operator: metav1.LabelSelectorOpIn,
Values: []string{"value"},
},
},
}},
},
wantErrorNumber: 0,
validateErrs: nil,
},
{
}, {
name: "MatchExpression's key name isn't valid",
labelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
MatchExpressions: []metav1.LabelSelectorRequirement{{
Key: "-key",
Operator: metav1.LabelSelectorOpIn,
Values: []string{"value"},
},
},
}},
},
wantErrorNumber: 1,
validateErrs: func(t *testing.T, errs field.ErrorList) {
@@ -466,17 +435,14 @@ func TestLabelSelectorMatchExpression(t *testing.T) {
t.Errorf("missing %q in\n%v", errMessage, errorsAsString(errs))
}
},
},
{
}, {
name: "MatchExpression's operator isn't valid",
labelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
MatchExpressions: []metav1.LabelSelectorRequirement{{
Key: "key",
Operator: "abc",
Values: []string{"value"},
},
},
}},
},
wantErrorNumber: 1,
validateErrs: func(t *testing.T, errs field.ErrorList) {
@@ -485,17 +451,14 @@ func TestLabelSelectorMatchExpression(t *testing.T) {
t.Errorf("missing %q in\n%v", errMessage, errorsAsString(errs))
}
},
},
{
}, {
name: "MatchExpression's value name isn't valid",
labelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
MatchExpressions: []metav1.LabelSelectorRequirement{{
Key: "key",
Operator: metav1.LabelSelectorOpIn,
Values: []string{"-value"},
},
},
}},
},
wantErrorNumber: 1,
validateErrs: func(t *testing.T, errs field.ErrorList) {
@@ -504,8 +467,7 @@ func TestLabelSelectorMatchExpression(t *testing.T) {
t.Errorf("missing %q in\n%v", errMessage, errorsAsString(errs))
}
},
},
}
}}
for index, testCase := range testCases {
t.Run(testCase.name, func(t *testing.T) {
allErrs := ValidateLabelSelector(testCase.labelSelector, LabelSelectorValidationOptions{false}, field.NewPath("labelSelector"))

18
staging/src/k8s.io/apimachinery/pkg/util/validation/validation_test.go
View File

@@ -630,33 +630,27 @@ func TestIsFullyQualifiedName(t *testing.T) {
name string
targetName string
err string
}{
{
}{{
name: "name needs to be fully qualified, i.e., contains at least 2 dots",
targetName: "k8s.io",
err: "should be a domain with at least three segments separated by dots",
},
{
}, {
name: "name should not include scheme",
targetName: "http://foo.k8s.io",
err: "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters",
},
{
}, {
name: "email should be invalid",
targetName: "example@foo.k8s.io",
err: "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters",
},
{
}, {
name: "name cannot be empty",
targetName: "",
err: "Required value",
},
{
}, {
name: "name must conform to RFC 1123",
targetName: "A.B.C",
err: "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters",
},
}
}}
for _, tc := range messageTests {
err := IsFullyQualifiedName(field.NewPath(""), tc.targetName).ToAggregate()
switch {

18
staging/src/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/validation/validation_test.go
View File

@@ -23,22 +23,16 @@ import (
)
func TestValidateConfiguration(t *testing.T) {
successCases := []resourcequotaapi.Configuration{
{
LimitedResources: []resourcequotaapi.LimitedResource{
{
successCases := []resourcequotaapi.Configuration{{
LimitedResources: []resourcequotaapi.LimitedResource{{
Resource: "pods",
MatchContains: []string{"requests.cpu"},
},
},
},
{
LimitedResources: []resourcequotaapi.LimitedResource{
{
}},
}, {
LimitedResources: []resourcequotaapi.LimitedResource{{
Resource: "persistentvolumeclaims",
MatchContains: []string{"requests.storage"},
},
},
}},
},
}
for i := range successCases {

6
staging/src/k8s.io/apiserver/pkg/apis/audit/validation/validation_test.go
View File

@@ -134,11 +134,9 @@ func TestValidatePolicy(t *testing.T) {
policy := audit.Policy{OmitStages: []audit.Stage{
audit.Stage("foo"),
},
Rules: []audit.PolicyRule{
{
Rules: []audit.PolicyRule{{
Level: audit.LevelMetadata,
},
},
}},
}
errorCases = append(errorCases, policy)

654
staging/src/k8s.io/apiserver/pkg/apis/config/validation/validation_test.go
View File

File diff suppressed because it is too large Load Diff

18
staging/src/k8s.io/client-go/tools/clientcmd/validation_test.go
View File

@@ -748,37 +748,31 @@ func TestErrConfigurationInvalidWithErrorsIs(t *testing.T) {
err error
matchAgainst error
expectMatch bool
}{
{
}{{
name: "no match",
err: errConfigurationInvalid{errors.New("my-error"), errors.New("my-other-error")},
matchAgainst: fmt.Errorf("no entry %s", "here"),
},
{
}, {
name: "match via .Is()",
err: errConfigurationInvalid{errors.New("forbidden"), alwaysMatchingError{}},
matchAgainst: errors.New("unauthorized"),
expectMatch: true,
},
{
}, {
name: "match via equality",
err: errConfigurationInvalid{errors.New("err"), someError{}},
matchAgainst: someError{},
expectMatch: true,
},
{
}, {
name: "match via nested aggregate",
err: errConfigurationInvalid{errors.New("closed today"), errConfigurationInvalid{errConfigurationInvalid{someError{}}}},
matchAgainst: someError{},
expectMatch: true,
},
{
}, {
name: "match via wrapped aggregate",
err: fmt.Errorf("wrap: %w", errConfigurationInvalid{errors.New("err"), someError{}}),
matchAgainst: someError{},
expectMatch: true,
},
}
}}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {