karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
karmada/pkg/util/lifted/visitpod_test.go

595 lines
24 KiB
Go
Raw Blame History

/*
Copyright 2015 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This code is directly lifted from the Kubernetes codebase in order to avoid relying on the k8s.io/kubernetes package.
// For reference:
// https://github.com/kubernetes/kubernetes/blob/release-1.26/pkg/api/v1/pod/util.go#L66-L70
// https://github.com/kubernetes/kubernetes/blob/release-1.26/pkg/api/v1/pod/util_test.go#L202-L366
// https://github.com/kubernetes/kubernetes/blob/release-1.26/pkg/api/v1/pod/util_test.go#L368-L523
// https://github.com/kubernetes/kubernetes/blob/release-1.26/pkg/api/v1/pod/util_test.go#L525-L563
// https://github.com/kubernetes/kubernetes/blob/release-1.26/pkg/api/v1/pod/util_test.go#L565-L665
// https://github.com/kubernetes/kubernetes/blob/release-1.26/staging/src/k8s.io/component-base/featuregate/testing/feature_gate.go#L26-L44
package lifted
import (
"fmt"
"reflect"
"strings"
"testing"
"github.com/google/go-cmp/cmp"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/validation/field"
utilfeature "k8s.io/apiserver/pkg/util/feature"
"k8s.io/component-base/featuregate"
)
const (
// Allows running an ephemeral container in pod namespaces to troubleshoot a running pod.
EphemeralContainersFeature featuregate.Feature = "EphemeralContainers"
)
func init() {
testKubernetesFeatureGates := map[featuregate.Feature]featuregate.FeatureSpec{
EphemeralContainersFeature: {Default: true, PreRelease: featuregate.Beta},
}
runtime.Must(utilfeature.DefaultMutableFeatureGate.Add(testKubernetesFeatureGates))
}
// +lifted:source=https://github.com/kubernetes/kubernetes/blob/release-1.26/pkg/api/v1/pod/util.go#L66-L70
// +lifted:changed
// AllFeatureEnabledContainers returns a ContainerType mask which includes all container
// types except for the ones guarded by feature gate.
func AllFeatureEnabledContainers() ContainerType {
containerType := AllContainers
if !utilfeature.DefaultFeatureGate.Enabled(EphemeralContainersFeature) {
containerType &= ^EphemeralContainers
}
return containerType
}
// +lifted:source=https://github.com/kubernetes/kubernetes/blob/release-1.26/staging/src/k8s.io/component-base/featuregate/testing/feature_gate.go#L26-L44
// SetFeatureGateDuringTest sets the specified gate to the specified value, and returns a function that restores the original value.
// Failures to set or restore cause the test to fail.
//
// Example use:
//
// defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.<FeatureName>, true)()
func SetFeatureGateDuringTest(tb testing.TB, gate featuregate.FeatureGate, f featuregate.Feature, value bool) func() {
originalValue := gate.Enabled(f)
if err := gate.(featuregate.MutableFeatureGate).Set(fmt.Sprintf("%s=%v", f, value)); err != nil {
tb.Errorf("error setting %s=%v: %v", f, value, err)
}
return func() {
if err := gate.(featuregate.MutableFeatureGate).Set(fmt.Sprintf("%s=%v", f, originalValue)); err != nil {
tb.Errorf("error restoring %s=%v: %v", f, originalValue, err)
}
}
}
// +lifted:source=https://github.com/kubernetes/kubernetes/blob/release-1.26/pkg/api/v1/pod/util_test.go#L202-L366
// +lifted:changed
func TestVisitContainers(t *testing.T) {
setAllFeatureEnabledContainersDuringTest := ContainerType(0)
testCases := []struct {
desc string
spec *corev1.PodSpec
wantContainers []string
mask ContainerType
ephemeralContainersEnabled bool
}{
{
desc: "empty podspec",
spec: &corev1.PodSpec{},
wantContainers: []string{},
mask: AllContainers,
},
{
desc: "regular containers",
spec: &corev1.PodSpec{
Containers: []corev1.Container{
{Name: "c1"},
{Name: "c2"},
},
InitContainers: []corev1.Container{
{Name: "i1"},
{Name: "i2"},
},
EphemeralContainers: []corev1.EphemeralContainer{
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e1"}},
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e2"}},
},
},
wantContainers: []string{"c1", "c2"},
mask: Containers,
},
{
desc: "init containers",
spec: &corev1.PodSpec{
Containers: []corev1.Container{
{Name: "c1"},
{Name: "c2"},
},
InitContainers: []corev1.Container{
{Name: "i1"},
{Name: "i2"},
},
EphemeralContainers: []corev1.EphemeralContainer{
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e1"}},
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e2"}},
},
},
wantContainers: []string{"i1", "i2"},
mask: InitContainers,
},
{
desc: "ephemeral containers",
spec: &corev1.PodSpec{
Containers: []corev1.Container{
{Name: "c1"},
{Name: "c2"},
},
InitContainers: []corev1.Container{
{Name: "i1"},
{Name: "i2"},
},
EphemeralContainers: []corev1.EphemeralContainer{
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e1"}},
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e2"}},
},
},
wantContainers: []string{"e1", "e2"},
mask: EphemeralContainers,
},
{
desc: "all container types",
spec: &corev1.PodSpec{
Containers: []corev1.Container{
{Name: "c1"},
{Name: "c2"},
},
InitContainers: []corev1.Container{
{Name: "i1"},
{Name: "i2"},
},
EphemeralContainers: []corev1.EphemeralContainer{
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e1"}},
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e2"}},
},
},
wantContainers: []string{"i1", "i2", "c1", "c2", "e1", "e2"},
mask: AllContainers,
},
{
desc: "all feature enabled container types with ephemeral containers disabled",
spec: &corev1.PodSpec{
Containers: []corev1.Container{
{Name: "c1"},
{Name: "c2"},
},
InitContainers: []corev1.Container{
{Name: "i1"},
{Name: "i2"},
},
EphemeralContainers: []corev1.EphemeralContainer{
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e1"}},
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e2"}},
},
},
wantContainers: []string{"i1", "i2", "c1", "c2"},
mask: setAllFeatureEnabledContainersDuringTest,
},
{
desc: "all feature enabled container types with ephemeral containers enabled",
spec: &corev1.PodSpec{
Containers: []corev1.Container{
{Name: "c1"},
{Name: "c2", SecurityContext: &corev1.SecurityContext{}},
},
InitContainers: []corev1.Container{
{Name: "i1"},
{Name: "i2", SecurityContext: &corev1.SecurityContext{}},
},
EphemeralContainers: []corev1.EphemeralContainer{
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e1"}},
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e2"}},
},
},
wantContainers: []string{"i1", "i2", "c1", "c2", "e1", "e2"},
mask: setAllFeatureEnabledContainersDuringTest,
ephemeralContainersEnabled: true,
},
{
desc: "dropping fields",
spec: &corev1.PodSpec{
Containers: []corev1.Container{
{Name: "c1"},
{Name: "c2", SecurityContext: &corev1.SecurityContext{}},
},
InitContainers: []corev1.Container{
{Name: "i1"},
{Name: "i2", SecurityContext: &corev1.SecurityContext{}},
},
EphemeralContainers: []corev1.EphemeralContainer{
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e1"}},
{EphemeralContainerCommon: corev1.EphemeralContainerCommon{Name: "e2", SecurityContext: &corev1.SecurityContext{}}},
},
},
wantContainers: []string{"i1", "i2", "c1", "c2", "e1", "e2"},
mask: AllContainers,
},
}
for _, tc := range testCases {
t.Run(tc.desc, func(t *testing.T) {
defer SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, EphemeralContainersFeature, tc.ephemeralContainersEnabled)()
if tc.mask == setAllFeatureEnabledContainersDuringTest {
tc.mask = AllFeatureEnabledContainers()
}
gotContainers := []string{}
VisitContainers(tc.spec, tc.mask, func(c *corev1.Container, containerType ContainerType) bool {
gotContainers = append(gotContainers, c.Name)
if c.SecurityContext != nil {
c.SecurityContext = nil
}
return true
})
if !cmp.Equal(gotContainers, tc.wantContainers) {
t.Errorf("VisitContainers() = %+v, want %+v", gotContainers, tc.wantContainers)
}
for _, c := range tc.spec.Containers {
if c.SecurityContext != nil {
t.Errorf("VisitContainers() did not drop SecurityContext for container %q", c.Name)
}
}
for _, c := range tc.spec.InitContainers {
if c.SecurityContext != nil {
t.Errorf("VisitContainers() did not drop SecurityContext for init container %q", c.Name)
}
}
for _, c := range tc.spec.EphemeralContainers {
if c.SecurityContext != nil {
t.Errorf("VisitContainers() did not drop SecurityContext for ephemeral container %q", c.Name)
}
}
})
}
}
// +lifted:source=https://github.com/kubernetes/kubernetes/blob/release-1.26/pkg/api/v1/pod/util_test.go#L368-L523
// +lifted:changed
func TestPodSecrets(t *testing.T) {
defer SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, EphemeralContainersFeature, true)()
// Stub containing all possible secret references in a pod.
// The names of the referenced secrets match struct paths detected by reflection.
pod := &corev1.Pod{
Spec: corev1.PodSpec{
Containers: []corev1.Container{{
EnvFrom: []corev1.EnvFromSource{{
SecretRef: &corev1.SecretEnvSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.Containers[*].EnvFrom[*].SecretRef"}}}},
Env: []corev1.EnvVar{{
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.Containers[*].Env[*].ValueFrom.SecretKeyRef"}}}}}}},
ImagePullSecrets: []corev1.LocalObjectReference{{
Name: "Spec.ImagePullSecrets"}},
InitContainers: []corev1.Container{{
EnvFrom: []corev1.EnvFromSource{{
SecretRef: &corev1.SecretEnvSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.InitContainers[*].EnvFrom[*].SecretRef"}}}},
Env: []corev1.EnvVar{{
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.InitContainers[*].Env[*].ValueFrom.SecretKeyRef"}}}}}}},
Volumes: []corev1.Volume{{
VolumeSource: corev1.VolumeSource{
AzureFile: &corev1.AzureFileVolumeSource{
SecretName: "Spec.Volumes[*].VolumeSource.AzureFile.SecretName"}}}, {
VolumeSource: corev1.VolumeSource{
CephFS: &corev1.CephFSVolumeSource{
SecretRef: &corev1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.CephFS.SecretRef"}}}}, {
VolumeSource: corev1.VolumeSource{
Cinder: &corev1.CinderVolumeSource{
SecretRef: &corev1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.Cinder.SecretRef"}}}}, {
VolumeSource: corev1.VolumeSource{
FlexVolume: &corev1.FlexVolumeSource{
SecretRef: &corev1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.FlexVolume.SecretRef"}}}}, {
VolumeSource: corev1.VolumeSource{
Projected: &corev1.ProjectedVolumeSource{
Sources: []corev1.VolumeProjection{{
Secret: &corev1.SecretProjection{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.Projected.Sources[*].Secret"}}}}}}}, {
VolumeSource: corev1.VolumeSource{
RBD: &corev1.RBDVolumeSource{
SecretRef: &corev1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.RBD.SecretRef"}}}}, {
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: "Spec.Volumes[*].VolumeSource.Secret.SecretName"}}}, {
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: "Spec.Volumes[*].VolumeSource.Secret"}}}, {
VolumeSource: corev1.VolumeSource{
ScaleIO: &corev1.ScaleIOVolumeSource{
SecretRef: &corev1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.ScaleIO.SecretRef"}}}}, {
VolumeSource: corev1.VolumeSource{
ISCSI: &corev1.ISCSIVolumeSource{
SecretRef: &corev1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.ISCSI.SecretRef"}}}}, {
VolumeSource: corev1.VolumeSource{
StorageOS: &corev1.StorageOSVolumeSource{
SecretRef: &corev1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.StorageOS.SecretRef"}}}}, {
VolumeSource: corev1.VolumeSource{
CSI: &corev1.CSIVolumeSource{
NodePublishSecretRef: &corev1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.CSI.NodePublishSecretRef"}}}}},
EphemeralContainers: []corev1.EphemeralContainer{{
EphemeralContainerCommon: corev1.EphemeralContainerCommon{
EnvFrom: []corev1.EnvFromSource{{
SecretRef: &corev1.SecretEnvSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.EphemeralContainers[*].EphemeralContainerCommon.EnvFrom[*].SecretRef"}}}},
Env: []corev1.EnvVar{{
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.EphemeralContainers[*].EphemeralContainerCommon.Env[*].ValueFrom.SecretKeyRef"}}}}}}}},
},
}
extractedNames := sets.NewString()
VisitPodSecretNames(pod, func(name string) bool {
extractedNames.Insert(name)
return true
})
// excludedSecretPaths holds struct paths to fields with "secret" in the name that are not actually references to secret API objects
excludedSecretPaths := sets.NewString(
"Spec.Volumes[*].VolumeSource.CephFS.SecretFile",
)
// expectedSecretPaths holds struct paths to fields with "secret" in the name that are references to secret API objects.
// every path here should be represented as an example in the Pod stub above, with the secret name set to the path.
expectedSecretPaths := sets.NewString(
"Spec.Containers[*].EnvFrom[*].SecretRef",
"Spec.Containers[*].Env[*].ValueFrom.SecretKeyRef",
"Spec.EphemeralContainers[*].EphemeralContainerCommon.EnvFrom[*].SecretRef",
"Spec.EphemeralContainers[*].EphemeralContainerCommon.Env[*].ValueFrom.SecretKeyRef",
"Spec.ImagePullSecrets",
"Spec.InitContainers[*].EnvFrom[*].SecretRef",
"Spec.InitContainers[*].Env[*].ValueFrom.SecretKeyRef",
"Spec.Volumes[*].VolumeSource.AzureFile.SecretName",
"Spec.Volumes[*].VolumeSource.CephFS.SecretRef",
"Spec.Volumes[*].VolumeSource.Cinder.SecretRef",
"Spec.Volumes[*].VolumeSource.FlexVolume.SecretRef",
"Spec.Volumes[*].VolumeSource.Projected.Sources[*].Secret",
"Spec.Volumes[*].VolumeSource.RBD.SecretRef",
"Spec.Volumes[*].VolumeSource.Secret",
"Spec.Volumes[*].VolumeSource.Secret.SecretName",
"Spec.Volumes[*].VolumeSource.ScaleIO.SecretRef",
"Spec.Volumes[*].VolumeSource.ISCSI.SecretRef",
"Spec.Volumes[*].VolumeSource.StorageOS.SecretRef",
"Spec.Volumes[*].VolumeSource.CSI.NodePublishSecretRef",
)
secretPaths := collectResourcePaths(t, "secret", nil, "", reflect.TypeOf(&corev1.Pod{}))
secretPaths = secretPaths.Difference(excludedSecretPaths)
if missingPaths := expectedSecretPaths.Difference(secretPaths); len(missingPaths) > 0 {
t.Logf("Missing expected secret paths:\n%s", strings.Join(missingPaths.List(), "\n"))
t.Error("Missing expected secret paths. Verify VisitPodSecretNames() is correctly finding the missing paths, then correct expectedSecretPaths")
}
if extraPaths := secretPaths.Difference(expectedSecretPaths); len(extraPaths) > 0 {
t.Logf("Extra secret paths:\n%s", strings.Join(extraPaths.List(), "\n"))
t.Error("Extra fields with 'secret' in the name found. Verify VisitPodSecretNames() is including these fields if appropriate, then correct expectedSecretPaths")
}
if missingNames := expectedSecretPaths.Difference(extractedNames); len(missingNames) > 0 {
t.Logf("Missing expected secret names:\n%s", strings.Join(missingNames.List(), "\n"))
t.Error("Missing expected secret names. Verify the pod stub above includes these references, then verify VisitPodSecretNames() is correctly finding the missing names")
}
if extraNames := extractedNames.Difference(expectedSecretPaths); len(extraNames) > 0 {
t.Logf("Extra secret names:\n%s", strings.Join(extraNames.List(), "\n"))
t.Error("Extra secret names extracted. Verify VisitPodSecretNames() is correctly extracting secret names")
}
// emptyPod is a stub containing empty object names
emptyPod := &corev1.Pod{
Spec: corev1.PodSpec{
Containers: []corev1.Container{{
EnvFrom: []corev1.EnvFromSource{{
SecretRef: &corev1.SecretEnvSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: ""}}}}}},
},
}
VisitPodSecretNames(emptyPod, func(name string) bool {
t.Fatalf("expected no empty names collected, got %q", name)
return false
})
}
// +lifted:source=https://github.com/kubernetes/kubernetes/blob/release-1.26/pkg/api/v1/pod/util_test.go#L525-L563
// collectResourcePaths traverses the object, computing all the struct paths that lead to fields with resourcename in the name.
// disable `deprecation` check for lifted code.
//
//nolint:staticcheck
func collectResourcePaths(t *testing.T, resourcename string, path *field.Path, name string, tp reflect.Type) sets.String {
resourcename = strings.ToLower(resourcename)
resourcePaths := sets.NewString()
if tp.Kind() == reflect.Pointer {
resourcePaths.Insert(collectResourcePaths(t, resourcename, path, name, tp.Elem()).List()...)
return resourcePaths
}
if strings.Contains(strings.ToLower(name), resourcename) {
resourcePaths.Insert(path.String())
}
switch tp.Kind() {
case reflect.Pointer:
resourcePaths.Insert(collectResourcePaths(t, resourcename, path, name, tp.Elem()).List()...)
case reflect.Struct:
// ObjectMeta is generic and therefore should never have a field with a specific resource's name;
// it contains cycles so it's easiest to just skip it.
if name == "ObjectMeta" {
break
}
for i := 0; i < tp.NumField(); i++ {
field := tp.Field(i)
resourcePaths.Insert(collectResourcePaths(t, resourcename, path.Child(field.Name), field.Name, field.Type).List()...)
}
case reflect.Interface:
t.Errorf("cannot find %s fields in interface{} field %s", resourcename, path.String())
case reflect.Map:
resourcePaths.Insert(collectResourcePaths(t, resourcename, path.Key("*"), "", tp.Elem()).List()...)
case reflect.Slice:
resourcePaths.Insert(collectResourcePaths(t, resourcename, path.Key("*"), "", tp.Elem()).List()...)
default:
// all primitive types
}
return resourcePaths
}
// +lifted:source=https://github.com/kubernetes/kubernetes/blob/release-1.26/pkg/api/v1/pod/util_test.go#L565-L665
// +lifted:changed
func TestPodConfigmaps(t *testing.T) {
defer SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, EphemeralContainersFeature, true)()
// Stub containing all possible ConfigMap references in a pod.
// The names of the referenced ConfigMaps match struct paths detected by reflection.
pod := &corev1.Pod{
Spec: corev1.PodSpec{
Containers: []corev1.Container{{
EnvFrom: []corev1.EnvFromSource{{
ConfigMapRef: &corev1.ConfigMapEnvSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.Containers[*].EnvFrom[*].ConfigMapRef"}}}},
Env: []corev1.EnvVar{{
ValueFrom: &corev1.EnvVarSource{
ConfigMapKeyRef: &corev1.ConfigMapKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.Containers[*].Env[*].ValueFrom.ConfigMapKeyRef"}}}}}}},
EphemeralContainers: []corev1.EphemeralContainer{{
EphemeralContainerCommon: corev1.EphemeralContainerCommon{
EnvFrom: []corev1.EnvFromSource{{
ConfigMapRef: &corev1.ConfigMapEnvSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.EphemeralContainers[*].EphemeralContainerCommon.EnvFrom[*].ConfigMapRef"}}}},
Env: []corev1.EnvVar{{
ValueFrom: &corev1.EnvVarSource{
ConfigMapKeyRef: &corev1.ConfigMapKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.EphemeralContainers[*].EphemeralContainerCommon.Env[*].ValueFrom.ConfigMapKeyRef"}}}}}}}},
InitContainers: []corev1.Container{{
EnvFrom: []corev1.EnvFromSource{{
ConfigMapRef: &corev1.ConfigMapEnvSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.InitContainers[*].EnvFrom[*].ConfigMapRef"}}}},
Env: []corev1.EnvVar{{
ValueFrom: &corev1.EnvVarSource{
ConfigMapKeyRef: &corev1.ConfigMapKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.InitContainers[*].Env[*].ValueFrom.ConfigMapKeyRef"}}}}}}},
Volumes: []corev1.Volume{{
VolumeSource: corev1.VolumeSource{
Projected: &corev1.ProjectedVolumeSource{
Sources: []corev1.VolumeProjection{{
ConfigMap: &corev1.ConfigMapProjection{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.Projected.Sources[*].ConfigMap"}}}}}}}, {
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.ConfigMap"}}}}},
},
}
extractedNames := sets.NewString()
VisitPodConfigmapNames(pod, func(name string) bool {
extractedNames.Insert(name)
return true
})
// expectedPaths holds struct paths to fields with "ConfigMap" in the name that are references to ConfigMap API objects.
// every path here should be represented as an example in the Pod stub above, with the ConfigMap name set to the path.
expectedPaths := sets.NewString(
"Spec.Containers[*].EnvFrom[*].ConfigMapRef",
"Spec.Containers[*].Env[*].ValueFrom.ConfigMapKeyRef",
"Spec.EphemeralContainers[*].EphemeralContainerCommon.EnvFrom[*].ConfigMapRef",
"Spec.EphemeralContainers[*].EphemeralContainerCommon.Env[*].ValueFrom.ConfigMapKeyRef",
"Spec.InitContainers[*].EnvFrom[*].ConfigMapRef",
"Spec.InitContainers[*].Env[*].ValueFrom.ConfigMapKeyRef",
"Spec.Volumes[*].VolumeSource.Projected.Sources[*].ConfigMap",
"Spec.Volumes[*].VolumeSource.ConfigMap",
)
collectPaths := collectResourcePaths(t, "ConfigMap", nil, "", reflect.TypeOf(&corev1.Pod{}))
if missingPaths := expectedPaths.Difference(collectPaths); len(missingPaths) > 0 {
t.Logf("Missing expected paths:\n%s", strings.Join(missingPaths.List(), "\n"))
t.Error("Missing expected paths. Verify VisitPodConfigmapNames() is correctly finding the missing paths, then correct expectedPaths")
}
if extraPaths := collectPaths.Difference(expectedPaths); len(extraPaths) > 0 {
t.Logf("Extra paths:\n%s", strings.Join(extraPaths.List(), "\n"))
t.Error("Extra fields with resource in the name found. Verify VisitPodConfigmapNames() is including these fields if appropriate, then correct expectedPaths")
}
if missingNames := expectedPaths.Difference(extractedNames); len(missingNames) > 0 {
t.Logf("Missing expected names:\n%s", strings.Join(missingNames.List(), "\n"))
t.Error("Missing expected names. Verify the pod stub above includes these references, then verify VisitPodConfigmapNames() is correctly finding the missing names")
}
if extraNames := extractedNames.Difference(expectedPaths); len(extraNames) > 0 {
t.Logf("Extra names:\n%s", strings.Join(extraNames.List(), "\n"))
t.Error("Extra names extracted. Verify VisitPodConfigmapNames() is correctly extracting resource names")
}
// emptyPod is a stub containing empty object names
emptyPod := &corev1.Pod{
Spec: corev1.PodSpec{
Containers: []corev1.Container{{
EnvFrom: []corev1.EnvFromSource{{
ConfigMapRef: &corev1.ConfigMapEnvSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: ""}}}}}},
},
}
VisitPodConfigmapNames(emptyPod, func(name string) bool {
t.Fatalf("expected no empty names collected, got %q", name)
return false
})
}
Reference in New Issue View Git Blame Copy Permalink