Skip to content
Permalink
Browse files

Merge remote-tracking branch 'origin/master' into release-1.15

  • Loading branch information...
Bubblemelon committed Jun 11, 2019
2 parents a5ecfdd + 0a9373b commit 02dc3d713dd7f945a8b6f7ef3e008f3d29c2d549
@@ -447,12 +447,22 @@ func dropDisabledProcMountField(podSpec, oldPodSpec *api.PodSpec) {
defaultProcMount := api.DefaultProcMount
for i := range podSpec.Containers {
if podSpec.Containers[i].SecurityContext != nil {
podSpec.Containers[i].SecurityContext.ProcMount = &defaultProcMount
if podSpec.Containers[i].SecurityContext.ProcMount != nil {
// The ProcMount field was improperly forced to non-nil in 1.12.
// If the feature is disabled, and the existing object is not using any non-default values, and the ProcMount field is present in the incoming object, force to the default value.
// Note: we cannot force the field to nil when the feature is disabled because it causes a diff against previously persisted data.
podSpec.Containers[i].SecurityContext.ProcMount = &defaultProcMount
}
}
}
for i := range podSpec.InitContainers {
if podSpec.InitContainers[i].SecurityContext != nil {
podSpec.InitContainers[i].SecurityContext.ProcMount = &defaultProcMount
if podSpec.InitContainers[i].SecurityContext.ProcMount != nil {
// The ProcMount field was improperly forced to non-nil in 1.12.
// If the feature is disabled, and the existing object is not using any non-default values, and the ProcMount field is present in the incoming object, force to the default value.
// Note: we cannot force the field to nil when the feature is disabled because it causes a diff against previously persisted data.
podSpec.InitContainers[i].SecurityContext.ProcMount = &defaultProcMount
}
}
}
}
@@ -514,7 +524,7 @@ func runtimeClassInUse(podSpec *api.PodSpec) bool {
return false
}

// procMountInUse returns true if the pod spec is non-nil and has a SecurityContext's ProcMount field set
// procMountInUse returns true if the pod spec is non-nil and has a SecurityContext's ProcMount field set to a non-default value
func procMountInUse(podSpec *api.PodSpec) bool {
if podSpec == nil {
return false
@@ -616,7 +616,7 @@ func TestDropProcMount(t *testing.T) {
},
}
}
podWithoutProcMount := func() *api.Pod {
podWithDefaultProcMount := func() *api.Pod {
return &api.Pod{
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyNever,
@@ -625,6 +625,15 @@ func TestDropProcMount(t *testing.T) {
},
}
}
podWithoutProcMount := func() *api.Pod {
return &api.Pod{
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyNever,
Containers: []api.Container{{Name: "container1", Image: "testimage", SecurityContext: &api.SecurityContext{ProcMount: nil}}},
InitContainers: []api.Container{{Name: "container1", Image: "testimage", SecurityContext: &api.SecurityContext{ProcMount: nil}}},
},
}
}

podInfo := []struct {
description string
@@ -636,6 +645,11 @@ func TestDropProcMount(t *testing.T) {
hasProcMount: true,
pod: podWithProcMount,
},
{
description: "has default ProcMount",
hasProcMount: false,
pod: podWithDefaultProcMount,
},
{
description: "does not have ProcMount",
hasProcMount: false,
@@ -683,8 +697,8 @@ func TestDropProcMount(t *testing.T) {
t.Errorf("new pod was not changed")
}
// new pod should not have ProcMount
if !reflect.DeepEqual(newPod, podWithoutProcMount()) {
t.Errorf("new pod had ProcMount: %v", diff.ObjectReflectDiff(newPod, podWithoutProcMount()))
if procMountInUse(&newPod.Spec) {
t.Errorf("new pod had ProcMount: %#v", &newPod.Spec)
}
default:
// new pod should not need to be changed

Some generated files are not rendered by default. Learn more.

Some generated files are not rendered by default. Learn more.

Some generated files are not rendered by default. Learn more.

Some generated files are not rendered by default. Learn more.

Some generated files are not rendered by default. Learn more.

Some generated files are not rendered by default. Learn more.

@@ -354,10 +354,6 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
c.Fuzz(&sc.Capabilities.Add)
c.Fuzz(&sc.Capabilities.Drop)
}
if sc.ProcMount == nil {
defProcMount := core.DefaultProcMount
sc.ProcMount = &defProcMount
}
},
func(s *core.Secret, c fuzz.Continue) {
c.FuzzNoCustom(s) // fuzz self without calling this function again

0 comments on commit 02dc3d7

Please sign in to comment.
You can’t perform that action at this time.