Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[test-only][PodSecurity] Add test coverage for pod-template-containing objects #103452

Merged
merged 1 commit into from Jul 10, 2021
Merged

[test-only][PodSecurity] Add test coverage for pod-template-containing objects #103452

merged 1 commit into from Jul 10, 2021

Conversation

njuptlzf
Copy link
Contributor

@njuptlzf njuptlzf commented Jul 3, 2021
edited by liggitt

What type of PR is this?

/kind cleanup
/kind feature

What this PR does / why we need it:

Add test coverage for pod-template-containing objects

Which issue(s) this PR fixes:

Fixes #103210

Special notes for your reviewer:

ut for ValidatePodController

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

Part of https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2579-psp-replacement

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jul 3, 2021
@k8s-ci-robot
Copy link
Contributor

@njuptlzf: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jul 3, 2021
@k8s-ci-robot
Copy link
Contributor

Hi @njuptlzf. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@njuptlzf njuptlzf force-pushed the ps-ValidatePodController-ut branch from cd180c1 to 4d15674 Compare July 3, 2021 04:57
@k8s-ci-robot k8s-ci-robot added sig/auth Categorizes an issue or PR as relevant to SIG Auth. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jul 3, 2021
@njuptlzf
Copy link
Contributor Author

njuptlzf commented Jul 3, 2021

/sig auth security

@k8s-ci-robot k8s-ci-robot added the sig/security Categorizes an issue or PR as relevant to SIG Security. label Jul 3, 2021
@njuptlzf
Copy link
Contributor Author

njuptlzf commented Jul 3, 2021

/assign @liggitt

@njuptlzf njuptlzf force-pushed the ps-ValidatePodController-ut branch 4 times, most recently from f95a318 to 4bcea9c Compare July 4, 2021 03:28
@njuptlzf
Copy link
Contributor Author

njuptlzf commented Jul 5, 2021

Conflict with #103445
/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 5, 2021
@enj enj added this to Needs Triage in SIG Auth Old Jul 6, 2021
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 7, 2021
@njuptlzf njuptlzf force-pushed the ps-ValidatePodController-ut branch from 4bcea9c to 6df42ce Compare July 7, 2021 13:17
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 7, 2021
@njuptlzf
Copy link
Contributor Author

njuptlzf commented Jul 7, 2021

/hold cancel

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jul 7, 2021
liggitt
liggitt reviewed Jul 7, 2021
View reviewed changes
staging/src/k8s.io/pod-security-admission/admission/admission_test.go Outdated
@@ -457,3 +465,201 @@ func TestValidateNamespace(t *testing.T) {
})
}
}

func TestValidatePodController(t *testing.T) {
objMetadata := metav1.ObjectMeta{Name: "testName", Namespace: "testNS", Labels: map[string]string{"foo": "bar"}}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: use a valid namespace (namespaces can't have upper-case characters)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

staging/src/k8s.io/pod-security-admission/admission/admission_test.go Outdated
Comment on lines 632 to 633
Name: "testName",
Namespace: "testNS",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

set name to testns, set namespace to ""

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

name=testns is weird, len(namespaces)==0 cannot test namespaces are exempted,
so set
testName, testNamespace := "testname", "default"

staging/src/k8s.io/pod-security-admission/admission/admission_test.go Outdated Show resolved Hide resolved
staging/src/k8s.io/pod-security-admission/admission/admission_test.go Outdated Show resolved Hide resolved
staging/src/k8s.io/pod-security-admission/admission/admission_test.go Outdated Show resolved Hide resolved
@liggitt liggitt added this to In Review in SIG-Auth: PodSecurity via automation Jul 7, 2021
@liggitt liggitt added this to the v1.22 milestone Jul 7, 2021
@njuptlzf njuptlzf force-pushed the ps-ValidatePodController-ut branch from 6df42ce to 243a4b8 Compare July 8, 2021 00:26
@njuptlzf
Copy link
Contributor Author

njuptlzf commented Jul 8, 2021

Wait for #103465 to merge to see if it needs to be modified...
/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 8, 2021
@njuptlzf njuptlzf requested a review from liggitt July 8, 2021 00:42
@njuptlzf njuptlzf mentioned this pull request Jul 8, 2021
Closed
liggitt
liggitt reviewed Jul 8, 2021
View reviewed changes
Copy link
Member

@liggitt liggitt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

testcases look good, needs a rebase and message update, then lgtm

/hold cancel

staging/src/k8s.io/pod-security-admission/admission/admission_test.go Outdated Show resolved Hide resolved
staging/src/k8s.io/pod-security-admission/admission/admission_test.go Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 8, 2021
@liggitt liggitt moved this from Needs Triage to In Review (v1.22) in SIG Auth Old Jul 8, 2021
@njuptlzf njuptlzf force-pushed the ps-ValidatePodController-ut branch from 243a4b8 to 2b88dc3 Compare July 9, 2021 01:16
@njuptlzf njuptlzf requested a review from liggitt July 9, 2021 01:18
@liggitt liggitt changed the title [PodSecurity] Add test coverage for pod-template-containing objects [test-only][PodSecurity] Add test coverage for pod-template-containing objects Jul 9, 2021
@liggitt
Copy link
Member

liggitt commented Jul 9, 2021

/lgtm
/approve

test-only change improving test coverage of existing code, approving ahead of 7/15 test-freeze date

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 9, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, njuptlzf

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 9, 2021
@njuptlzf njuptlzf mentioned this pull request Jul 9, 2021
Closed
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

1 similar comment
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@liggitt liggitt moved this from In Review to Done in SIG-Auth: PodSecurity Jul 10, 2021
@liggitt liggitt moved this from In Review (v1.22) to Closed / Done in SIG Auth Old Jul 10, 2021
@liggitt liggitt mentioned this pull request Jul 10, 2021
Closed
12 tasks
@k8s-ci-robot k8s-ci-robot merged commit b2bf3d7 into kubernetes:master Jul 10, 2021
@njuptlzf njuptlzf deleted the ps-ValidatePodController-ut branch July 10, 2021 02:47
@njuptlzf njuptlzf mentioned this pull request Jul 13, 2021
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deads2k deads2k Awaiting requested review from deads2k

@liggitt liggitt Awaiting requested review from liggitt

Assignees

@liggitt liggitt

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/security Categorizes an issue or PR as relevant to SIG Security. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
SIG Auth
Archived in project
SIG-Auth: PodSecurity
Done (1.22, Alpha)
SIG Auth Old
Closed / Done
Milestone
v1.22
Development

Successfully merging this pull request may close these issues.

[PodSecurity] Add test coverage for pod-template-containing objects
4 participants
@njuptlzf @k8s-ci-robot @liggitt @fejta-bot