You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by pc...@apache.org on 2023/07/03 09:53:32 UTC
[camel-k] 02/02: fix(test): Add test on openshift utils
This is an automated email from the ASF dual-hosted git repository.
pcongiusti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 2f5a0e50853eadd1b164d8832a747f845019c318
Author: Gaelle Fournier <ga...@gmail.com>
AuthorDate: Thu Jun 29 17:15:16 2023 +0200
fix(test): Add test on openshift utils
---
pkg/util/openshift/openshift_test.go | 121 +++++++++++++++++++++++++++++++++++
1 file changed, 121 insertions(+)
diff --git a/pkg/util/openshift/openshift_test.go b/pkg/util/openshift/openshift_test.go
new file mode 100644
index 000000000..83c561572
--- /dev/null
+++ b/pkg/util/openshift/openshift_test.go
@@ -0,0 +1,121 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package openshift
+
+import (
+ "context"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ fakeclientset "k8s.io/client-go/kubernetes/fake"
+)
+
+var noSccAnnotationNamespace *corev1.Namespace = &corev1.Namespace{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "no-scc-annotations-namespace",
+ },
+}
+
+var constrainedNamespace *corev1.Namespace = &corev1.Namespace{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "myuser",
+ Annotations: map[string]string{
+ "openshift.io/sa.scc.mcs": "s0:c26,c5",
+ "openshift.io/sa.scc.supplemental-groups": "1000860000/10000",
+ "openshift.io/sa.scc.uid-range": "1000860000/10000",
+ },
+ Labels: map[string]string{
+ "kubernetes.io/metadata.name": "myuser",
+ "pod-security.kubernetes.io/audit": "restricted",
+ "pod-security.kubernetes.io/audit-version": "v1.24",
+ "pod-security.kubernetes.io/warn": "restricted",
+ "pod-security.kubernetes.io/warn-version": "v1.24",
+ },
+ },
+}
+
+func TestGetUserIdNamespaceWithoutLabels(t *testing.T) {
+ kclient := initClientWithNamespace(t, noSccAnnotationNamespace)
+
+ _, errUID := GetOpenshiftUser(context.Background(), kclient, "no-scc-annotations-namespace")
+
+ assert.NotNil(t, errUID)
+ assert.Contains(t, errUID.Error(), "annotation 'openshift.io/sa.scc.uid-range' not found")
+}
+
+func TestGetUserIdNamespaceConstrained(t *testing.T) {
+ kclient := initClientWithNamespace(t, constrainedNamespace)
+
+ uid, errUID := GetOpenshiftUser(context.Background(), kclient, "myuser")
+
+ assert.Nil(t, errUID)
+ assert.Equal(t, "1000860000", uid)
+}
+
+func TestGetPodSecurityContextNamespaceWithoutLabels(t *testing.T) {
+ kclient := initClientWithNamespace(t, noSccAnnotationNamespace)
+
+ _, errPsc := GetOpenshiftPodSecurityContextRestricted(context.Background(), kclient, "no-scc-annotations-namespace")
+
+ assert.NotNil(t, errPsc)
+ assert.Contains(t, errPsc.Error(), "annotation 'openshift.io/sa.scc.uid-range' not found")
+}
+
+func TestGetPodSecurityContextNamespaceConstrained(t *testing.T) {
+ kclient := initClientWithNamespace(t, constrainedNamespace)
+
+ psc, errPsc := GetOpenshiftPodSecurityContextRestricted(context.Background(), kclient, "myuser")
+
+ expectedFsGroup := int64(1000860000)
+ assert.Nil(t, errPsc)
+ assert.NotNil(t, psc)
+ assert.Equal(t, expectedFsGroup, *psc.FSGroup)
+}
+
+func TestGetSecurityContextNamespaceWithoutLabels(t *testing.T) {
+ kclient := initClientWithNamespace(t, noSccAnnotationNamespace)
+
+ _, errSc := GetOpenshiftSecurityContextRestricted(context.Background(), kclient, "no-scc-annotations-namespace")
+
+ assert.NotNil(t, errSc)
+ assert.Contains(t, errSc.Error(), "annotation 'openshift.io/sa.scc.uid-range' not found")
+}
+
+func TestGetSecurityContextNamespaceConstrained(t *testing.T) {
+ kclient := initClientWithNamespace(t, constrainedNamespace)
+
+ sc, errSc := GetOpenshiftSecurityContextRestricted(context.Background(), kclient, "myuser")
+
+ expectedUserID := int64(1000860000)
+ assert.Nil(t, errSc)
+ assert.NotNil(t, sc)
+ assert.Equal(t, expectedUserID, *sc.RunAsUser)
+}
+
+func initClientWithNamespace(t *testing.T, ns *corev1.Namespace) *fakeclientset.Clientset {
+ t.Helper()
+ kclient := fakeclientset.NewSimpleClientset()
+ _, err := kclient.CoreV1().Namespaces().Create(context.Background(), ns, metav1.CreateOptions{})
+ if err != nil {
+ t.Error(err)
+ t.Fail()
+ }
+ return kclient
+}