github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests. 

- remove irrelevant test cases
- add test case for AllowPrivilegeEscalation: nil
- explicitly specify input and expected outcome
pull/6/head
Slava Semushin 2018-01-08 15:26:03 +01:00
parent af78b9bac4
commit 3a461afaf5
1 changed files with 14 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
pkg/securitycontext/util_test.go
View File

@ -178,56 +178,39 @@ func TestHasRootRunAsUser(t *testing.T) {
} }
func TestAddNoNewPrivileges(t *testing.T) { func TestAddNoNewPrivileges(t *testing.T) {
var nonRoot int64 = 1000
var root int64 = 0
pfalse := false pfalse := false
ptrue := true ptrue := true
tests := map[string]struct { tests := map[string]struct {
sc v1.SecurityContext sc *v1.SecurityContext
expect bool expect bool
}{ }{
"allowPrivilegeEscalation nil security context nil": {}, "allowPrivilegeEscalation nil security context nil": {
"allowPrivilegeEscalation nil nonRoot": { sc: nil,
sc: v1.SecurityContext{ expect: false,
RunAsUser: &nonRoot,
},
}, },
"allowPrivilegeEscalation nil root": { "allowPrivilegeEscalation nil": {
sc: v1.SecurityContext{ sc: &v1.SecurityContext{
RunAsUser: &root, AllowPrivilegeEscalation: nil,
}, },
expect: false,
}, },
"allowPrivilegeEscalation false nonRoot": { "allowPrivilegeEscalation false": {
sc: v1.SecurityContext{ sc: &v1.SecurityContext{
RunAsUser: &nonRoot,
AllowPrivilegeEscalation: &pfalse, AllowPrivilegeEscalation: &pfalse,
}, },
expect: true, expect: true,
}, },
"allowPrivilegeEscalation false root": { "allowPrivilegeEscalation true": {
sc: v1.SecurityContext{ sc: &v1.SecurityContext{
RunAsUser: &root,
AllowPrivilegeEscalation: &pfalse,
},
expect: true,
},
"allowPrivilegeEscalation true nonRoot": {
sc: v1.SecurityContext{
RunAsUser: &nonRoot,
AllowPrivilegeEscalation: &ptrue,
},
},
"allowPrivilegeEscalation true root": {
sc: v1.SecurityContext{
RunAsUser: &root,
AllowPrivilegeEscalation: &ptrue, AllowPrivilegeEscalation: &ptrue,
}, },
expect: false,
}, },
} }
for k, v := range tests { for k, v := range tests {
actual := AddNoNewPrivileges(&v.sc) actual := AddNoNewPrivileges(v.sc)
if actual != v.expect { if actual != v.expect {
t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual) t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual)
} }