Unverified Commit 8a6bb3e1 authored by Kubernetes Submit Queue's avatar Kubernetes Submit Queue Committed by GitHub

Merge pull request #57970 from php-coder/improve_add_no_new_privs_test

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests **What this PR does / why we need it**: This PR improves existing test in the following ways: - remove irrelevant test cases - add test case for `AllowPrivilegeEscalation: nil` - explicitly specify input and expected outcome This is addressed to the following review comment: https://github.com/kubernetes/kubernetes/pull/47019#discussion_r135808264 **Release note**: ```release-note NONE ``` PTAL @jessfraz @kubernetes/sig-auth-pr-reviews CC @simo5
parents 36592241 3a461afa
...@@ -178,56 +178,39 @@ func TestHasRootRunAsUser(t *testing.T) { ...@@ -178,56 +178,39 @@ func TestHasRootRunAsUser(t *testing.T) {
} }
func TestAddNoNewPrivileges(t *testing.T) { func TestAddNoNewPrivileges(t *testing.T) {
var nonRoot int64 = 1000
var root int64 = 0
pfalse := false pfalse := false
ptrue := true ptrue := true
tests := map[string]struct { tests := map[string]struct {
sc v1.SecurityContext sc *v1.SecurityContext
expect bool expect bool
}{ }{
"allowPrivilegeEscalation nil security context nil": {}, "allowPrivilegeEscalation nil security context nil": {
"allowPrivilegeEscalation nil nonRoot": { sc: nil,
sc: v1.SecurityContext{ expect: false,
RunAsUser: &nonRoot,
},
},
"allowPrivilegeEscalation nil root": {
sc: v1.SecurityContext{
RunAsUser: &root,
},
}, },
"allowPrivilegeEscalation false nonRoot": { "allowPrivilegeEscalation nil": {
sc: v1.SecurityContext{ sc: &v1.SecurityContext{
RunAsUser: &nonRoot, AllowPrivilegeEscalation: nil,
AllowPrivilegeEscalation: &pfalse,
}, },
expect: true, expect: false,
}, },
"allowPrivilegeEscalation false root": { "allowPrivilegeEscalation false": {
sc: v1.SecurityContext{ sc: &v1.SecurityContext{
RunAsUser: &root,
AllowPrivilegeEscalation: &pfalse, AllowPrivilegeEscalation: &pfalse,
}, },
expect: true, expect: true,
}, },
"allowPrivilegeEscalation true nonRoot": { "allowPrivilegeEscalation true": {
sc: v1.SecurityContext{ sc: &v1.SecurityContext{
RunAsUser: &nonRoot,
AllowPrivilegeEscalation: &ptrue,
},
},
"allowPrivilegeEscalation true root": {
sc: v1.SecurityContext{
RunAsUser: &root,
AllowPrivilegeEscalation: &ptrue, AllowPrivilegeEscalation: &ptrue,
}, },
expect: false,
}, },
} }
for k, v := range tests { for k, v := range tests {
actual := AddNoNewPrivileges(&v.sc) actual := AddNoNewPrivileges(v.sc)
if actual != v.expect { if actual != v.expect {
t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual) t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual)
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment