github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
ec1d79da191c33e5b16b58e808880d522d3313d2
kubernetes/pkg/apis/admissionregistration/validation/validation_test.go
Chao Xu 6b5bd19566 api
2017-05-25 23:55:15 -07:00

379 lines
11 KiB
Go
Raw Blame History

/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package validation
import (
"strings"
"testing"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/kubernetes/pkg/apis/admissionregistration"
)
func getInitializerConfiguration(initializers []admissionregistration.Initializer) *admissionregistration.InitializerConfiguration {
return &admissionregistration.InitializerConfiguration{
ObjectMeta: metav1.ObjectMeta{
Name: "config",
},
Initializers: initializers,
}
}
func TestValidateInitializerConfiguration(t *testing.T) {
tests := []struct {
name string
config *admissionregistration.InitializerConfiguration
expectedError string
}{
{
name: "0 rule is valid",
config: getInitializerConfiguration(
[]admissionregistration.Initializer{
{
Name: "initializer.k8s.io",
},
}),
},
{
name: "all initializers must have a fully qualified name",
config: getInitializerConfiguration(
[]admissionregistration.Initializer{
{
Name: "initializer.k8s.io",
},
{
Name: "k8s.io",
},
{
Name: "",
},
}),
expectedError: `initializers[1].name: Invalid value: "k8s.io": should be a domain with at least two dots, initializers[2].name: Required value`,
},
{
name: "APIGroups must not be empty or nil",
config: getInitializerConfiguration(
[]admissionregistration.Initializer{
{
Name: "initializer.k8s.io",
Rules: []admissionregistration.Rule{
{
APIGroups: []string{},
APIVersions: []string{"a"},
Resources: []string{"a"},
},
{
APIGroups: nil,
APIVersions: []string{"a"},
Resources: []string{"a"},
},
},
},
}),
expectedError: `initializers[0].rules[0].apiGroups: Required value, initializers[0].rules[1].apiGroups: Required value`,
},
{
name: "APIVersions must not be empty or nil",
config: getInitializerConfiguration(
[]admissionregistration.Initializer{
{
Name: "initializer.k8s.io",
Rules: []admissionregistration.Rule{
{
APIGroups: []string{"a"},
APIVersions: []string{},
Resources: []string{"a"},
},
{
APIGroups: []string{"a"},
APIVersions: nil,
Resources: []string{"a"},
},
},
},
}),
expectedError: `initializers[0].rules[0].apiVersions: Required value, initializers[0].rules[1].apiVersions: Required value`,
},
{
name: "Resources must not be empty or nil",
config: getInitializerConfiguration(
[]admissionregistration.Initializer{
{
Name: "initializer.k8s.io",
Rules: []admissionregistration.Rule{
{
APIGroups: []string{"a"},
APIVersions: []string{"a"},
Resources: []string{},
},
{
APIGroups: []string{"a"},
APIVersions: []string{"a"},
Resources: nil,
},
},
},
}),
expectedError: `initializers[0].rules[0].resources: Required value, initializers[0].rules[1].resources: Required value`,
},
{
name: "\"\" is a valid APIGroup",
config: getInitializerConfiguration(
[]admissionregistration.Initializer{
{
Name: "initializer.k8s.io",
Rules: []admissionregistration.Rule{
{
APIGroups: []string{"a", ""},
APIVersions: []string{"a"},
Resources: []string{"a"},
},
},
},
}),
},
{
name: "\"\" is NOT a valid APIVersion",
config: getInitializerConfiguration(
[]admissionregistration.Initializer{
{
Name: "initializer.k8s.io",
Rules: []admissionregistration.Rule{
{
APIGroups: []string{"a"},
APIVersions: []string{"a", ""},
Resources: []string{"a"},
},
},
},
}),
expectedError: "apiVersions[1]: Required value",
},
{
name: "\"\" is NOT a valid Resource",
config: getInitializerConfiguration(
[]admissionregistration.Initializer{
{
Name: "initializer.k8s.io",
Rules: []admissionregistration.Rule{
{
APIGroups: []string{"a"},
APIVersions: []string{"a"},
Resources: []string{"a", ""},
},
},
},
}),
expectedError: "resources[1]: Required value",
},
{
name: "wildcard cannot be mixed with other strings",
config: getInitializerConfiguration(
[]admissionregistration.Initializer{
{
Name: "initializer.k8s.io",
Rules: []admissionregistration.Rule{
{
APIGroups: []string{"a", "*"},
APIVersions: []string{"a", "*"},
Resources: []string{"a", "*"},
},
},
},
}),
expectedError: `initializers[0].rules[0].apiGroups: Invalid value: []string{"a", "*"}: if '*' is present, must not specify other API groups, initializers[0].rules[0].apiVersions: Invalid value: []string{"a", "*"}: if '*' is present, must not specify other API versions, initializers[0].rules[0].Resources: Invalid value: []string{"a", "*"}: if '*' is present, must not specify other resources`,
},
{
name: "FailurePolicy can only be \"Ignore\"",
config: getInitializerConfiguration(
[]admissionregistration.Initializer{
{
Name: "initializer.k8s.io",
FailurePolicy: func() *admissionregistration.FailurePolicyType {
r := admissionregistration.Fail
return &r
}(),
},
}),
expectedError: `failurePolicy: Unsupported value: "Fail": supported values: Ignore`,
},
}
for _, test := range tests {
errs := ValidateInitializerConfiguration(test.config)
err := errs.ToAggregate()
if err != nil {
if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
t.Errorf("test case %s, expected to contain %s, got %s", test.name, e, a)
}
} else {
if test.expectedError != "" {
t.Errorf("test case %s, unexpected no error, expected to contain %s", test.name, test.expectedError)
}
}
}
}
func getExternalAdmissionHookConfiguration(hooks []admissionregistration.ExternalAdmissionHook) *admissionregistration.ExternalAdmissionHookConfiguration {
return &admissionregistration.ExternalAdmissionHookConfiguration{
ObjectMeta: metav1.ObjectMeta{
Name: "config",
},
ExternalAdmissionHooks: hooks,
}
}
func TestValidateExternalAdmissionHookConfiguration(t *testing.T) {
tests := []struct {
name string
config *admissionregistration.ExternalAdmissionHookConfiguration
expectedError string
}{
{
name: "all ExternalAdmissionHook must have a fully qualified name",
config: getExternalAdmissionHookConfiguration(
[]admissionregistration.ExternalAdmissionHook{
{
Name: "webhook.k8s.io",
},
{
Name: "k8s.io",
},
{
Name: "",
},
}),
expectedError: `externalAdmissionHook[1].name: Invalid value: "k8s.io": should be a domain with at least two dots, externalAdmissionHook[2].name: Required value`,
},
{
name: "Operations must not be empty or nil",
config: getExternalAdmissionHookConfiguration(
[]admissionregistration.ExternalAdmissionHook{
{
Name: "webhook.k8s.io",
Rules: []admissionregistration.RuleWithOperations{
{
Operations: []admissionregistration.OperationType{},
Rule: admissionregistration.Rule{
APIGroups: []string{"a"},
APIVersions: []string{"a"},
Resources: []string{"a"},
},
},
{
Operations: nil,
Rule: admissionregistration.Rule{
APIGroups: []string{"a"},
APIVersions: []string{"a"},
Resources: []string{"a"},
},
},
},
},
}),
expectedError: `externalAdmissionHook[0].rules[0].operations: Required value, externalAdmissionHook[0].rules[1].operations: Required value`,
},
{
name: "\"\" is NOT a valid operation",
config: getExternalAdmissionHookConfiguration(
[]admissionregistration.ExternalAdmissionHook{
{
Name: "webhook.k8s.io",
Rules: []admissionregistration.RuleWithOperations{
{
Operations: []admissionregistration.OperationType{"CREATE", ""},
Rule: admissionregistration.Rule{
APIGroups: []string{"a"},
APIVersions: []string{"a"},
Resources: []string{"a"},
},
},
},
},
}),
expectedError: `Unsupported value: ""`,
},
{
name: "operation must be either create/update/delete/connect",
config: getExternalAdmissionHookConfiguration(
[]admissionregistration.ExternalAdmissionHook{
{
Name: "webhook.k8s.io",
Rules: []admissionregistration.RuleWithOperations{
{
Operations: []admissionregistration.OperationType{"PATCH"},
Rule: admissionregistration.Rule{
APIGroups: []string{"a"},
APIVersions: []string{"a"},
Resources: []string{"a"},
},
},
},
},
}),
expectedError: `Unsupported value: "PATCH"`,
},
{
name: "wildcard cannot be mixed with other strings",
config: getExternalAdmissionHookConfiguration(
[]admissionregistration.ExternalAdmissionHook{
{
Name: "webhook.k8s.io",
Rules: []admissionregistration.RuleWithOperations{
{
Operations: []admissionregistration.OperationType{"CREATE", "*"},
Rule: admissionregistration.Rule{
APIGroups: []string{"a"},
APIVersions: []string{"a"},
Resources: []string{"a"},
},
},
},
},
}),
expectedError: `if '*' is present, must not specify other operations`,
},
{
name: "FailurePolicy can only be \"Ignore\"",
config: getExternalAdmissionHookConfiguration(
[]admissionregistration.ExternalAdmissionHook{
{
Name: "initializer.k8s.io",
FailurePolicy: func() *admissionregistration.FailurePolicyType {
r := admissionregistration.Fail
return &r
}(),
},
}),
expectedError: `failurePolicy: Unsupported value: "Fail": supported values: Ignore`,
},
}
for _, test := range tests {
errs := ValidateExternalAdmissionHookConfiguration(test.config)
err := errs.ToAggregate()
if err != nil {
if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
t.Errorf("test case %s, expected to contain %s, got %s", test.name, e, a)
}
} else {
if test.expectedError != "" {
t.Errorf("test case %s, unexpected no error, expected to contain %s", test.name, test.expectedError)
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink