Merge pull request #100368 from soltysh/gce_non_root

Run GCE unit tests as non-root
This commit is contained in:
Kubernetes Prow Robot 2021-03-18 22:52:33 -07:00 committed by GitHub
commit eb44008ce2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 29 additions and 16 deletions

View File

@ -17,12 +17,15 @@ limitations under the License.
package gci
import (
"os"
"strconv"
"strings"
"testing"
)
type kubeAPIServeETCDEnv struct {
KubeHome string
KubeAPIServerRunAsUser string
ETCDServers string
ETCDServersOverride string
CAKey string
@ -68,6 +71,7 @@ func TestServerOverride(t *testing.T) {
c := newManifestTestCase(t, kubeAPIServerManifestFileName, kubeAPIServerStartFuncName, nil)
defer c.tearDown()
tc.env.KubeHome = c.kubeHome
tc.env.KubeAPIServerRunAsUser = strconv.Itoa(os.Getuid())
c.mustInvokeFunc(
tc.env,
@ -124,6 +128,7 @@ func TestStorageOptions(t *testing.T) {
c := newManifestTestCase(t, kubeAPIServerManifestFileName, kubeAPIServerStartFuncName, nil)
defer c.tearDown()
tc.env.KubeHome = c.kubeHome
tc.env.KubeAPIServerRunAsUser = strconv.Itoa(os.Getuid())
c.mustInvokeFunc(
tc.env,
@ -188,6 +193,7 @@ func TestTLSFlags(t *testing.T) {
c := newManifestTestCase(t, kubeAPIServerManifestFileName, kubeAPIServerStartFuncName, nil)
defer c.tearDown()
tc.env.KubeHome = c.kubeHome
tc.env.KubeAPIServerRunAsUser = strconv.Itoa(os.Getuid())
c.mustInvokeFunc(
tc.env,

View File

@ -24,6 +24,7 @@ import (
"os"
"path/filepath"
"reflect"
"strconv"
"strings"
"testing"
@ -38,6 +39,7 @@ const (
type kubeAPIServerEnv struct {
KubeHome string
KubeAPIServerRunAsUser string
EncryptionProviderConfigPath string
EncryptionProviderConfig string
CloudKMSIntegration bool
@ -72,6 +74,7 @@ func TestEncryptionProviderFlag(t *testing.T) {
e := kubeAPIServerEnv{
KubeHome: c.kubeHome,
KubeAPIServerRunAsUser: strconv.Itoa(os.Getuid()),
EncryptionProviderConfigPath: filepath.Join(c.kubeHome, "encryption-provider-config.yaml"),
EncryptionProviderConfig: tc.encryptionProviderConfig,
}
@ -107,6 +110,7 @@ func TestEncryptionProviderConfig(t *testing.T) {
p := filepath.Join(c.kubeHome, "encryption-provider-config.yaml")
e := kubeAPIServerEnv{
KubeHome: c.kubeHome,
KubeAPIServerRunAsUser: strconv.Itoa(os.Getuid()),
EncryptionProviderConfigPath: p,
EncryptionProviderConfig: base64.StdEncoding.EncodeToString([]byte("foo")),
}
@ -177,6 +181,7 @@ func TestKMSIntegration(t *testing.T) {
var e = kubeAPIServerEnv{
KubeHome: c.kubeHome,
KubeAPIServerRunAsUser: strconv.Itoa(os.Getuid()),
EncryptionProviderConfigPath: filepath.Join(c.kubeHome, "encryption-provider-config.yaml"),
EncryptionProviderConfig: base64.StdEncoding.EncodeToString([]byte("foo")),
CloudKMSIntegration: tc.cloudKMSIntegration,

View File

@ -13,3 +13,4 @@ readonly ETCD_SERVERS_OVERRIDES={{.ETCDServersOverride}}
readonly STORAGE_BACKEND={{.StorageBackend}}
readonly STORAGE_MEDIA_TYPE={{.StorageMediaType}}
readonly ETCD_COMPACTION_INTERVAL_SEC={{.CompactionInterval}}
readonly KUBE_API_SERVER_RUNASUSER={{.KubeAPIServerRunAsUser}}

View File

@ -6,3 +6,4 @@ ENCRYPTION_PROVIDER_CONFIG_PATH={{.EncryptionProviderConfigPath}}
{{if .CloudKMSIntegration}}
readonly CLOUD_KMS_INTEGRATION=true
{{end}}
readonly KUBE_API_SERVER_RUNASUSER={{.KubeAPIServerRunAsUser}}