From d5eda34073e7d5e735aa1ff67773eb12aa2865e4 Mon Sep 17 00:00:00 2001 From: Guangya Liu Date: Thu, 16 Feb 2017 23:16:51 +0800 Subject: [PATCH] Improved code coverage for pkg/kubelet/util. The test coverage for pkg/kubelet/util.go increased from 45.1% to 84.3%. --- pkg/kubelet/kubelet_test.go | 130 ++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) diff --git a/pkg/kubelet/kubelet_test.go b/pkg/kubelet/kubelet_test.go index 00e3a9340ca9..4e289c80ef92 100644 --- a/pkg/kubelet/kubelet_test.go +++ b/pkg/kubelet/kubelet_test.go @@ -1039,6 +1039,136 @@ func TestHostNetworkDisallowed(t *testing.T) { assert.Error(t, err, "expected pod infra creation to fail") } +func TestHostPIDAllowed(t *testing.T) { + testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */) + defer testKubelet.Cleanup() + testKubelet.fakeCadvisor.On("Start").Return(nil) + testKubelet.fakeCadvisor.On("VersionInfo").Return(&cadvisorapi.VersionInfo{}, nil) + testKubelet.fakeCadvisor.On("MachineInfo").Return(&cadvisorapi.MachineInfo{}, nil) + testKubelet.fakeCadvisor.On("ImagesFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) + testKubelet.fakeCadvisor.On("RootFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) + + kubelet := testKubelet.kubelet + + capabilities.SetForTests(capabilities.Capabilities{ + PrivilegedSources: capabilities.PrivilegedSources{ + HostPIDSources: []string{kubetypes.ApiserverSource, kubetypes.FileSource}, + }, + }) + pod := podWithUidNameNsSpec("12345678", "foo", "new", v1.PodSpec{ + Containers: []v1.Container{ + {Name: "foo"}, + }, + HostPID: true, + }) + pod.Annotations[kubetypes.ConfigSourceAnnotationKey] = kubetypes.FileSource + + kubelet.podManager.SetPods([]*v1.Pod{pod}) + err := kubelet.syncPod(syncPodOptions{ + pod: pod, + podStatus: &kubecontainer.PodStatus{}, + updateType: kubetypes.SyncPodUpdate, + }) + assert.NoError(t, err, "expected pod infra creation to succeed") +} + +func TestHostPIDDisallowed(t *testing.T) { + testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */) + defer testKubelet.Cleanup() + testKubelet.fakeCadvisor.On("Start").Return(nil) + testKubelet.fakeCadvisor.On("VersionInfo").Return(&cadvisorapi.VersionInfo{}, nil) + testKubelet.fakeCadvisor.On("MachineInfo").Return(&cadvisorapi.MachineInfo{}, nil) + testKubelet.fakeCadvisor.On("ImagesFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) + testKubelet.fakeCadvisor.On("RootFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) + + kubelet := testKubelet.kubelet + + capabilities.SetForTests(capabilities.Capabilities{ + PrivilegedSources: capabilities.PrivilegedSources{ + HostPIDSources: []string{}, + }, + }) + pod := podWithUidNameNsSpec("12345678", "foo", "new", v1.PodSpec{ + Containers: []v1.Container{ + {Name: "foo"}, + }, + HostPID: true, + }) + pod.Annotations[kubetypes.ConfigSourceAnnotationKey] = kubetypes.FileSource + + err := kubelet.syncPod(syncPodOptions{ + pod: pod, + podStatus: &kubecontainer.PodStatus{}, + updateType: kubetypes.SyncPodUpdate, + }) + assert.Error(t, err, "expected pod infra creation to fail") +} + +func TestHostIPCAllowed(t *testing.T) { + testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */) + defer testKubelet.Cleanup() + testKubelet.fakeCadvisor.On("Start").Return(nil) + testKubelet.fakeCadvisor.On("VersionInfo").Return(&cadvisorapi.VersionInfo{}, nil) + testKubelet.fakeCadvisor.On("MachineInfo").Return(&cadvisorapi.MachineInfo{}, nil) + testKubelet.fakeCadvisor.On("ImagesFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) + testKubelet.fakeCadvisor.On("RootFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) + + kubelet := testKubelet.kubelet + + capabilities.SetForTests(capabilities.Capabilities{ + PrivilegedSources: capabilities.PrivilegedSources{ + HostIPCSources: []string{kubetypes.ApiserverSource, kubetypes.FileSource}, + }, + }) + pod := podWithUidNameNsSpec("12345678", "foo", "new", v1.PodSpec{ + Containers: []v1.Container{ + {Name: "foo"}, + }, + HostIPC: true, + }) + pod.Annotations[kubetypes.ConfigSourceAnnotationKey] = kubetypes.FileSource + + kubelet.podManager.SetPods([]*v1.Pod{pod}) + err := kubelet.syncPod(syncPodOptions{ + pod: pod, + podStatus: &kubecontainer.PodStatus{}, + updateType: kubetypes.SyncPodUpdate, + }) + assert.NoError(t, err, "expected pod infra creation to succeed") +} + +func TestHostIPCDisallowed(t *testing.T) { + testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */) + defer testKubelet.Cleanup() + testKubelet.fakeCadvisor.On("Start").Return(nil) + testKubelet.fakeCadvisor.On("VersionInfo").Return(&cadvisorapi.VersionInfo{}, nil) + testKubelet.fakeCadvisor.On("MachineInfo").Return(&cadvisorapi.MachineInfo{}, nil) + testKubelet.fakeCadvisor.On("ImagesFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) + testKubelet.fakeCadvisor.On("RootFsInfo").Return(cadvisorapiv2.FsInfo{}, nil) + + kubelet := testKubelet.kubelet + + capabilities.SetForTests(capabilities.Capabilities{ + PrivilegedSources: capabilities.PrivilegedSources{ + HostIPCSources: []string{}, + }, + }) + pod := podWithUidNameNsSpec("12345678", "foo", "new", v1.PodSpec{ + Containers: []v1.Container{ + {Name: "foo"}, + }, + HostIPC: true, + }) + pod.Annotations[kubetypes.ConfigSourceAnnotationKey] = kubetypes.FileSource + + err := kubelet.syncPod(syncPodOptions{ + pod: pod, + podStatus: &kubecontainer.PodStatus{}, + updateType: kubetypes.SyncPodUpdate, + }) + assert.Error(t, err, "expected pod infra creation to fail") +} + func TestPrivilegeContainerAllowed(t *testing.T) { testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */) defer testKubelet.Cleanup()