You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by po...@apache.org on 2023/08/14 11:51:00 UTC

[airflow] branch main updated: Adding typing for KPO SCC objects (#33381)

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 46ffc25995 Adding typing for KPO SCC objects (#33381)
46ffc25995 is described below

commit 46ffc259956d3782bb0c09e782fca634ff4215b9
Author: Amogh Desai <am...@gmail.com>
AuthorDate: Mon Aug 14 17:20:52 2023 +0530

    Adding typing for KPO SCC objects (#33381)
    
    * Adding typing for KPO SCC objects
    
    
    ---------
    
    Co-authored-by: Hussein Awala <hu...@awala.fr>
    Co-authored-by: Wei Lee <we...@gmail.com>
    Co-authored-by: John Brandborg <jo...@protonmail.com>
---
 airflow/providers/cncf/kubernetes/operators/pod.py    |  4 ++--
 kubernetes_tests/test_kubernetes_pod_operator.py      | 12 +++++++-----
 tests/providers/cncf/kubernetes/operators/test_pod.py |  6 ++----
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/airflow/providers/cncf/kubernetes/operators/pod.py b/airflow/providers/cncf/kubernetes/operators/pod.py
index d72b2fec0c..a3958b6237 100644
--- a/airflow/providers/cncf/kubernetes/operators/pod.py
+++ b/airflow/providers/cncf/kubernetes/operators/pod.py
@@ -296,8 +296,8 @@ class KubernetesPodOperator(BaseOperator):
         service_account_name: str | None = None,
         hostnetwork: bool = False,
         tolerations: list[k8s.V1Toleration] | None = None,
-        security_context: dict | None = None,
-        container_security_context: dict | None = None,
+        security_context: k8s.V1PodSecurityContext | dict | None = None,
+        container_security_context: k8s.V1SecurityContext | dict | None = None,
         dnspolicy: str | None = None,
         dns_config: k8s.V1PodDNSConfig | None = None,
         hostname: str | None = None,
diff --git a/kubernetes_tests/test_kubernetes_pod_operator.py b/kubernetes_tests/test_kubernetes_pod_operator.py
index 5b94e2186c..3d7a2fd4ef 100644
--- a/kubernetes_tests/test_kubernetes_pod_operator.py
+++ b/kubernetes_tests/test_kubernetes_pod_operator.py
@@ -29,7 +29,7 @@ from uuid import uuid4
 
 import pendulum
 import pytest
-from kubernetes.client import V1EnvVar, models as k8s
+from kubernetes.client import V1EnvVar, V1PodSecurityContext, V1SecurityContext, models as k8s
 from kubernetes.client.api_client import ApiClient
 from kubernetes.client.rest import ApiException
 from pytest import param
@@ -514,7 +514,7 @@ class TestKubernetesPodOperatorSystem:
 
     @pytest.mark.parametrize("uid", [0, 1000])
     def test_run_as_user(self, uid, mock_get_connection):
-        security_context = {"runAsUser": uid}
+        security_context = V1PodSecurityContext(run_as_user=uid)
         name = str(uuid4())
         k = KubernetesPodOperator(
             namespace="default",
@@ -539,7 +539,7 @@ class TestKubernetesPodOperatorSystem:
 
     @pytest.mark.parametrize("gid", [0, 1000])
     def test_fs_group(self, gid, mock_get_connection):
-        security_context = {"fsGroup": gid}
+        security_context = V1PodSecurityContext(fs_group=gid)
         name = str(uuid4())
         k = KubernetesPodOperator(
             namespace="default",
@@ -563,7 +563,7 @@ class TestKubernetesPodOperatorSystem:
         assert pod.to_dict()["spec"]["security_context"]["fs_group"] == gid
 
     def test_disable_privilege_escalation(self, mock_get_connection):
-        container_security_context = {"allowPrivilegeEscalation": False}
+        container_security_context = V1SecurityContext(allow_privilege_escalation=False)
 
         k = KubernetesPodOperator(
             namespace="default",
@@ -579,7 +579,9 @@ class TestKubernetesPodOperatorSystem:
         context = create_context(k)
         k.execute(context)
         actual_pod = self.api_client.sanitize_for_serialization(k.pod)
-        self.expected_pod["spec"]["containers"][0]["securityContext"] = container_security_context
+        self.expected_pod["spec"]["containers"][0]["securityContext"] = {
+            "allowPrivilegeEscalation": container_security_context.allow_privilege_escalation
+        }
         assert self.expected_pod == actual_pod
 
     def test_faulty_image(self, mock_get_connection):
diff --git a/tests/providers/cncf/kubernetes/operators/test_pod.py b/tests/providers/cncf/kubernetes/operators/test_pod.py
index b398ec2053..7b40103dac 100644
--- a/tests/providers/cncf/kubernetes/operators/test_pod.py
+++ b/tests/providers/cncf/kubernetes/operators/test_pod.py
@@ -23,7 +23,7 @@ from unittest.mock import MagicMock, patch
 
 import pendulum
 import pytest
-from kubernetes.client import ApiClient, V1PodStatus, models as k8s
+from kubernetes.client import ApiClient, V1PodSecurityContext, V1PodStatus, models as k8s
 from pytest import param
 from urllib3 import HTTPResponse
 from urllib3.packages.six import BytesIO
@@ -219,9 +219,7 @@ class TestKubernetesPodOperator:
         assert k.env_vars[0].name == "bartemplated"
 
     def test_security_context(self):
-        security_context = {
-            "runAsUser": 1245,
-        }
+        security_context = V1PodSecurityContext(run_as_user=1245)
         k = KubernetesPodOperator(
             security_context=security_context,
             task_id="task",