github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Immutable field and validation

Browse Source
This commit is contained in:
wojtekt
2019-11-26 13:29:26 +01:00
parent ef69bc910f
commit e612ebfdff
11 changed files with 322 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

209
pkg/apis/core/validation/validation_test.go
View File

@@ -13117,6 +13117,104 @@ func TestValidateSecret(t *testing.T) {
}
}
func TestValidateSecretUpdate(t *testing.T) {
validSecret := func() core.Secret {
return core.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
Namespace: "bar",
ResourceVersion: "20",
},
Data: map[string][]byte{
"data-1": []byte("bar"),
},
}
}
falseVal := false
trueVal := true
secret := validSecret()
immutableSecret := validSecret()
immutableSecret.Immutable = &trueVal
mutableSecret := validSecret()
mutableSecret.Immutable = &falseVal
secretWithData := validSecret()
secretWithData.Data["data-2"] = []byte("baz")
immutableSecretWithData := validSecret()
immutableSecretWithData.Immutable = &trueVal
immutableSecretWithData.Data["data-2"] = []byte("baz")
secretWithChangedData := validSecret()
secretWithChangedData.Data["data-1"] = []byte("foo")
immutableSecretWithChangedData := validSecret()
immutableSecretWithChangedData.Immutable = &trueVal
immutableSecretWithChangedData.Data["data-1"] = []byte("foo")
tests := []struct {
name string
oldSecret core.Secret
newSecret core.Secret
valid bool
}{
{
name: "mark secret immutable",
oldSecret: secret,
newSecret: immutableSecret,
valid: true,
},
{
name: "revert immutable secret",
oldSecret: immutableSecret,
newSecret: secret,
valid: false,
},
{
name: "makr immutable secret mutable",
oldSecret: immutableSecret,
newSecret: mutableSecret,
valid: false,
},
{
name: "add data in secret",
oldSecret: secret,
newSecret: secretWithData,
valid: true,
},
{
name: "add data in immutable secret",
oldSecret: immutableSecret,
newSecret: immutableSecretWithData,
valid: false,
},
{
name: "change data in secret",
oldSecret: secret,
newSecret: secretWithChangedData,
valid: true,
},
{
name: "change data in immutable secret",
oldSecret: immutableSecret,
newSecret: immutableSecretWithChangedData,
valid: false,
},
}
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
errs := ValidateSecretUpdate(&tc.newSecret, &tc.oldSecret)
if tc.valid && len(errs) > 0 {
t.Errorf("Unexpected error: %v", errs)
}
if !tc.valid && len(errs) == 0 {
t.Errorf("Unexpected lack of error")
}
})
}
}
func TestValidateDockerConfigSecret(t *testing.T) {
validDockerSecret := func() core.Secret {
return core.Secret{
@@ -13731,40 +13829,105 @@ func TestValidateConfigMapUpdate(t *testing.T) {
Data: data,
}
}
validConfigMap := func() core.ConfigMap {
return newConfigMap("1", "validname", "validdns", map[string]string{"key": "value"})
}
var (
validConfigMap = newConfigMap("1", "validname", "validns", map[string]string{"key": "value"})
noVersion = newConfigMap("", "validname", "validns", map[string]string{"key": "value"})
)
falseVal := false
trueVal := true
configMap := validConfigMap()
immutableConfigMap := validConfigMap()
immutableConfigMap.Immutable = &trueVal
mutableConfigMap := validConfigMap()
mutableConfigMap.Immutable = &falseVal
configMapWithData := validConfigMap()
configMapWithData.Data["key-2"] = "value-2"
immutableConfigMapWithData := validConfigMap()
immutableConfigMapWithData.Immutable = &trueVal
immutableConfigMapWithData.Data["key-2"] = "value-2"
configMapWithChangedData := validConfigMap()
configMapWithChangedData.Data["key"] = "foo"
immutableConfigMapWithChangedData := validConfigMap()
immutableConfigMapWithChangedData.Immutable = &trueVal
immutableConfigMapWithChangedData.Data["key"] = "foo"
noVersion := newConfigMap("", "validname", "validns", map[string]string{"key": "value"})
cases := []struct {
name string
newCfg core.ConfigMap
oldCfg core.ConfigMap
isValid bool
name string
newCfg core.ConfigMap
oldCfg core.ConfigMap
valid bool
}{
{
name: "valid",
newCfg: validConfigMap,
oldCfg: validConfigMap,
isValid: true,
name: "valid",
newCfg: configMap,
oldCfg: configMap,
valid: true,
},
{
name: "invalid",
newCfg: noVersion,
oldCfg: validConfigMap,
isValid: false,
name: "invalid",
newCfg: noVersion,
oldCfg: configMap,
valid: false,
},
{
name: "mark configmap immutable",
oldCfg: configMap,
newCfg: immutableConfigMap,
valid: true,
},
{
name: "revert immutable configmap",
oldCfg: immutableConfigMap,
newCfg: configMap,
valid: false,
},
{
name: "mark immutable configmap mutable",
oldCfg: immutableConfigMap,
newCfg: mutableConfigMap,
valid: false,
},
{
name: "add data in configmap",
oldCfg: configMap,
newCfg: configMapWithData,
valid: true,
},
{
name: "add data in immutable configmap",
oldCfg: immutableConfigMap,
newCfg: immutableConfigMapWithData,
valid: false,
},
{
name: "change data in configmap",
oldCfg: configMap,
newCfg: configMapWithChangedData,
valid: true,
},
{
name: "change data in immutable configmap",
oldCfg: immutableConfigMap,
newCfg: immutableConfigMapWithChangedData,
valid: false,
},
}
for _, tc := range cases {
errs := ValidateConfigMapUpdate(&tc.newCfg, &tc.oldCfg)
if tc.isValid && len(errs) > 0 {
t.Errorf("%v: unexpected error: %v", tc.name, errs)
}
if !tc.isValid && len(errs) == 0 {
t.Errorf("%v: unexpected non-error", tc.name)
}
t.Run(tc.name, func(t *testing.T) {
errs := ValidateConfigMapUpdate(&tc.newCfg, &tc.oldCfg)
if tc.valid && len(errs) > 0 {
t.Errorf("Unexpected error: %v", errs)
}
if !tc.valid && len(errs) == 0 {
t.Errorf("Unexpected lack of error")
}
})
}
}