Improved code coverage for pkg/kubelet/util.
The test coverage for pkg/kubelet/util.go increased from 45.1% to 84.3%.
This commit is contained in:
		| @@ -1039,6 +1039,136 @@ func TestHostNetworkDisallowed(t *testing.T) { | ||||
| 	assert.Error(t, err, "expected pod infra creation to fail") | ||||
| } | ||||
|  | ||||
| func TestHostPIDAllowed(t *testing.T) { | ||||
| 	testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */) | ||||
| 	defer testKubelet.Cleanup() | ||||
| 	testKubelet.fakeCadvisor.On("Start").Return(nil) | ||||
| 	testKubelet.fakeCadvisor.On("VersionInfo").Return(&cadvisorapi.VersionInfo{}, nil) | ||||
| 	testKubelet.fakeCadvisor.On("MachineInfo").Return(&cadvisorapi.MachineInfo{}, nil) | ||||
| 	testKubelet.fakeCadvisor.On("ImagesFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) | ||||
| 	testKubelet.fakeCadvisor.On("RootFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) | ||||
|  | ||||
| 	kubelet := testKubelet.kubelet | ||||
|  | ||||
| 	capabilities.SetForTests(capabilities.Capabilities{ | ||||
| 		PrivilegedSources: capabilities.PrivilegedSources{ | ||||
| 			HostPIDSources: []string{kubetypes.ApiserverSource, kubetypes.FileSource}, | ||||
| 		}, | ||||
| 	}) | ||||
| 	pod := podWithUidNameNsSpec("12345678", "foo", "new", v1.PodSpec{ | ||||
| 		Containers: []v1.Container{ | ||||
| 			{Name: "foo"}, | ||||
| 		}, | ||||
| 		HostPID: true, | ||||
| 	}) | ||||
| 	pod.Annotations[kubetypes.ConfigSourceAnnotationKey] = kubetypes.FileSource | ||||
|  | ||||
| 	kubelet.podManager.SetPods([]*v1.Pod{pod}) | ||||
| 	err := kubelet.syncPod(syncPodOptions{ | ||||
| 		pod:        pod, | ||||
| 		podStatus:  &kubecontainer.PodStatus{}, | ||||
| 		updateType: kubetypes.SyncPodUpdate, | ||||
| 	}) | ||||
| 	assert.NoError(t, err, "expected pod infra creation to succeed") | ||||
| } | ||||
|  | ||||
| func TestHostPIDDisallowed(t *testing.T) { | ||||
| 	testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */) | ||||
| 	defer testKubelet.Cleanup() | ||||
| 	testKubelet.fakeCadvisor.On("Start").Return(nil) | ||||
| 	testKubelet.fakeCadvisor.On("VersionInfo").Return(&cadvisorapi.VersionInfo{}, nil) | ||||
| 	testKubelet.fakeCadvisor.On("MachineInfo").Return(&cadvisorapi.MachineInfo{}, nil) | ||||
| 	testKubelet.fakeCadvisor.On("ImagesFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) | ||||
| 	testKubelet.fakeCadvisor.On("RootFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) | ||||
|  | ||||
| 	kubelet := testKubelet.kubelet | ||||
|  | ||||
| 	capabilities.SetForTests(capabilities.Capabilities{ | ||||
| 		PrivilegedSources: capabilities.PrivilegedSources{ | ||||
| 			HostPIDSources: []string{}, | ||||
| 		}, | ||||
| 	}) | ||||
| 	pod := podWithUidNameNsSpec("12345678", "foo", "new", v1.PodSpec{ | ||||
| 		Containers: []v1.Container{ | ||||
| 			{Name: "foo"}, | ||||
| 		}, | ||||
| 		HostPID: true, | ||||
| 	}) | ||||
| 	pod.Annotations[kubetypes.ConfigSourceAnnotationKey] = kubetypes.FileSource | ||||
|  | ||||
| 	err := kubelet.syncPod(syncPodOptions{ | ||||
| 		pod:        pod, | ||||
| 		podStatus:  &kubecontainer.PodStatus{}, | ||||
| 		updateType: kubetypes.SyncPodUpdate, | ||||
| 	}) | ||||
| 	assert.Error(t, err, "expected pod infra creation to fail") | ||||
| } | ||||
|  | ||||
| func TestHostIPCAllowed(t *testing.T) { | ||||
| 	testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */) | ||||
| 	defer testKubelet.Cleanup() | ||||
| 	testKubelet.fakeCadvisor.On("Start").Return(nil) | ||||
| 	testKubelet.fakeCadvisor.On("VersionInfo").Return(&cadvisorapi.VersionInfo{}, nil) | ||||
| 	testKubelet.fakeCadvisor.On("MachineInfo").Return(&cadvisorapi.MachineInfo{}, nil) | ||||
| 	testKubelet.fakeCadvisor.On("ImagesFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) | ||||
| 	testKubelet.fakeCadvisor.On("RootFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) | ||||
|  | ||||
| 	kubelet := testKubelet.kubelet | ||||
|  | ||||
| 	capabilities.SetForTests(capabilities.Capabilities{ | ||||
| 		PrivilegedSources: capabilities.PrivilegedSources{ | ||||
| 			HostIPCSources: []string{kubetypes.ApiserverSource, kubetypes.FileSource}, | ||||
| 		}, | ||||
| 	}) | ||||
| 	pod := podWithUidNameNsSpec("12345678", "foo", "new", v1.PodSpec{ | ||||
| 		Containers: []v1.Container{ | ||||
| 			{Name: "foo"}, | ||||
| 		}, | ||||
| 		HostIPC: true, | ||||
| 	}) | ||||
| 	pod.Annotations[kubetypes.ConfigSourceAnnotationKey] = kubetypes.FileSource | ||||
|  | ||||
| 	kubelet.podManager.SetPods([]*v1.Pod{pod}) | ||||
| 	err := kubelet.syncPod(syncPodOptions{ | ||||
| 		pod:        pod, | ||||
| 		podStatus:  &kubecontainer.PodStatus{}, | ||||
| 		updateType: kubetypes.SyncPodUpdate, | ||||
| 	}) | ||||
| 	assert.NoError(t, err, "expected pod infra creation to succeed") | ||||
| } | ||||
|  | ||||
| func TestHostIPCDisallowed(t *testing.T) { | ||||
| 	testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */) | ||||
| 	defer testKubelet.Cleanup() | ||||
| 	testKubelet.fakeCadvisor.On("Start").Return(nil) | ||||
| 	testKubelet.fakeCadvisor.On("VersionInfo").Return(&cadvisorapi.VersionInfo{}, nil) | ||||
| 	testKubelet.fakeCadvisor.On("MachineInfo").Return(&cadvisorapi.MachineInfo{}, nil) | ||||
| 	testKubelet.fakeCadvisor.On("ImagesFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) | ||||
| 	testKubelet.fakeCadvisor.On("RootFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) | ||||
|  | ||||
| 	kubelet := testKubelet.kubelet | ||||
|  | ||||
| 	capabilities.SetForTests(capabilities.Capabilities{ | ||||
| 		PrivilegedSources: capabilities.PrivilegedSources{ | ||||
| 			HostIPCSources: []string{}, | ||||
| 		}, | ||||
| 	}) | ||||
| 	pod := podWithUidNameNsSpec("12345678", "foo", "new", v1.PodSpec{ | ||||
| 		Containers: []v1.Container{ | ||||
| 			{Name: "foo"}, | ||||
| 		}, | ||||
| 		HostIPC: true, | ||||
| 	}) | ||||
| 	pod.Annotations[kubetypes.ConfigSourceAnnotationKey] = kubetypes.FileSource | ||||
|  | ||||
| 	err := kubelet.syncPod(syncPodOptions{ | ||||
| 		pod:        pod, | ||||
| 		podStatus:  &kubecontainer.PodStatus{}, | ||||
| 		updateType: kubetypes.SyncPodUpdate, | ||||
| 	}) | ||||
| 	assert.Error(t, err, "expected pod infra creation to fail") | ||||
| } | ||||
|  | ||||
| func TestPrivilegeContainerAllowed(t *testing.T) { | ||||
| 	testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */) | ||||
| 	defer testKubelet.Cleanup() | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Guangya Liu
					Guangya Liu