update admission test cases

2018-01-15 14:58:09 +08:00 · 2018-01-15 14:58:09 +08:00 · 82c3d2492c
parent 7c5f9e0bba
commit 82c3d2492c
3 changed files with 243 additions and 17 deletions
--- a/cmd/kube-apiserver/app/options/options_test.go
+++ b/cmd/kube-apiserver/app/options/options_test.go
@ -110,12 +110,14 @@ func TestAddFlags(t *testing.T) {
 			RequestTimeout:              time.Duration(2) * time.Minute,
 			MinRequestTimeout:           1800,
 		},
-		Admission: &apiserveroptions.AdmissionOptions{
-			RecommendedPluginOrder: []string{"NamespaceLifecycle", "Initializers", "MutatingAdmissionWebhook", "ValidatingAdmissionWebhook"},
-			DefaultOffPlugins:      []string{"Initializers", "MutatingAdmissionWebhook", "ValidatingAdmissionWebhook"},
-			PluginNames:            []string{"AlwaysDeny"},
-			ConfigFile:             "/admission-control-config",
-			Plugins:                s.Admission.Plugins,
+		Admission: &kubeoptions.AdmissionOptions{
+			PluginNames: []string{"AlwaysDeny"},
+			GenericAdmission: &apiserveroptions.AdmissionOptions{
+				RecommendedPluginOrder: s.Admission.GenericAdmission.RecommendedPluginOrder,
+				DefaultOffPlugins:      s.Admission.GenericAdmission.DefaultOffPlugins,
+				ConfigFile:             "/admission-control-config",
+				Plugins:                s.Admission.GenericAdmission.Plugins,
+			},
 		},
 		Etcd: &apiserveroptions.EtcdOptions{
 			StorageConfig: storagebackend.Config{
--- a/pkg/kubeapiserver/options/admission_test.go
+++ b/pkg/kubeapiserver/options/admission_test.go
@ -0,0 +1,53 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+import (
+	"testing"
+)
+
+func TestValidate(t *testing.T) {
+	// 1. Both `--admission-control` and `--enable-admission-plugins` are specified
+	options := NewAdmissionOptions()
+	options.PluginNames = []string{"ServiceAccount"}
+	options.GenericAdmission.EnablePlugins = []string{"Initializers"}
+	if len(options.Validate()) == 0 {
+		t.Errorf("Expect error, but got none")
+	}
+
+	// 2. Both `--admission-control` and `--disable-admission-plugins` are specified
+	options = NewAdmissionOptions()
+	options.PluginNames = []string{"ServiceAccount"}
+	options.GenericAdmission.DisablePlugins = []string{"Initializers"}
+	if len(options.Validate()) == 0 {
+		t.Errorf("Expect error, but got none")
+	}
+
+	// 3. PluginNames is not registered
+	options = NewAdmissionOptions()
+	options.PluginNames = []string{"pluginA"}
+	if len(options.Validate()) == 0 {
+		t.Errorf("Expect error, but got none")
+	}
+
+	// 4. PluginNames is not valid
+	options = NewAdmissionOptions()
+	options.PluginNames = []string{"ServiceAccount"}
+	if errs := options.Validate(); len(errs) > 0 {
+		t.Errorf("Unexpected err: %v", errs)
+	}
+}
--- a/staging/src/k8s.io/apiserver/pkg/server/options/admission_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/admission_test.go
@ -18,26 +18,80 @@ package options

 import (
 	"fmt"
+	"io"
 	"testing"
+
+	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/apiserver/pkg/admission"
 )

-func TestEnabledPluginNamesMethod(t *testing.T) {
+func TestEnabledPluginNames(t *testing.T) {
 	scenarios := []struct {
 		expectedPluginNames       []string
-		setDefaultOffPluginNames  []string
+		setDefaultOffPlugins      sets.String
 		setRecommendedPluginOrder []string
+		setEnablePlugins          []string
+		setDisablePlugins         []string
+		setAdmissionControl       []string
 	}{
-		// scenario 1: check if a call to enabledPluginNames sets expected values.
+		// scenario 0: check if a call to enabledPluginNames sets expected values.
 		{
 			expectedPluginNames: []string{"NamespaceLifecycle"},
 		},

-		// scenario 2: overwrite RecommendedPluginOrder and set DefaultOffPluginNames
-		// make sure that plugins which are on DefaultOffPluginNames list do not get to PluginNames list.
+		// scenario 1: use default off plugins if no specified
 		{
-			expectedPluginNames:       []string{"pluginA"},
-			setRecommendedPluginOrder: []string{"pluginA", "pluginB"},
-			setDefaultOffPluginNames:  []string{"pluginB"},
+			expectedPluginNames:       []string{"pluginB"},
+			setRecommendedPluginOrder: []string{"pluginA", "pluginB", "pluginC", "pluginD"},
+			setDefaultOffPlugins:      sets.NewString("pluginA", "pluginC", "pluginD"),
+		},
+
+		// scenario 2: use default off plugins and with RecommendedPluginOrder
+		{
+			expectedPluginNames:       []string{"pluginA", "pluginB", "pluginC", "pluginD"},
+			setRecommendedPluginOrder: []string{"pluginA", "pluginB", "pluginC", "pluginD"},
+			setDefaultOffPlugins:      sets.NewString(),
+		},
+
+		// scenario 3: use default off plugins and specified by enable-admission-plugin with RecommendedPluginOrder
+		{
+			expectedPluginNames:       []string{"pluginA", "pluginB", "pluginC", "pluginD"},
+			setRecommendedPluginOrder: []string{"pluginA", "pluginB", "pluginC", "pluginD"},
+			setDefaultOffPlugins:      sets.NewString("pluginC", "pluginD"),
+			setEnablePlugins:          []string{"pluginD", "pluginC"},
+		},
+
+		// scenario 4: use default off plugins and specified by disable-admission-plugin with RecommendedPluginOrder
+		{
+			expectedPluginNames:       []string{"pluginB"},
+			setRecommendedPluginOrder: []string{"pluginA", "pluginB", "pluginC", "pluginD"},
+			setDefaultOffPlugins:      sets.NewString("pluginC", "pluginD"),
+			setDisablePlugins:         []string{"pluginA"},
+		},
+
+		// scenario 5: use default off plugins and specified by enable-admission-plugin and disable-admission-plugin with RecommendedPluginOrder
+		{
+			expectedPluginNames:       []string{"pluginA", "pluginC"},
+			setRecommendedPluginOrder: []string{"pluginA", "pluginB", "pluginC", "pluginD"},
+			setDefaultOffPlugins:      sets.NewString("pluginC", "pluginD"),
+			setEnablePlugins:          []string{"pluginC"},
+			setDisablePlugins:         []string{"pluginB"},
+		},
+
+		// scenario 6: use default off plugins and specified by admission-control with RecommendedPluginOrder
+		{
+			expectedPluginNames:       []string{"pluginA", "pluginB", "pluginC"},
+			setRecommendedPluginOrder: []string{"pluginA", "pluginB", "pluginC", "pluginD"},
+			setDefaultOffPlugins:      sets.NewString("pluginD"),
+			setAdmissionControl:       []string{"pluginA", "pluginB"},
+		},
+
+		// scenario 7: use default off plugins and specified by admission-control with RecommendedPluginOrder
+		{
+			expectedPluginNames:       []string{"pluginA", "pluginB", "pluginC"},
+			setRecommendedPluginOrder: []string{"pluginA", "pluginB", "pluginC", "pluginD"},
+			setDefaultOffPlugins:      sets.NewString("pluginC", "pluginD"),
+			setAdmissionControl:       []string{"pluginA", "pluginB", "pluginC"},
 		},
 	}

@ -46,12 +100,21 @@ func TestEnabledPluginNamesMethod(t *testing.T) {
 		t.Run(fmt.Sprintf("scenario %d", index), func(t *testing.T) {
 			target := NewAdmissionOptions()

-			if len(scenario.setDefaultOffPluginNames) > 0 {
-				target.DefaultOffPlugins = scenario.setDefaultOffPluginNames
+			if scenario.setDefaultOffPlugins != nil {
+				target.DefaultOffPlugins = scenario.setDefaultOffPlugins
 			}
-			if len(scenario.setRecommendedPluginOrder) > 0 {
+			if scenario.setRecommendedPluginOrder != nil {
 				target.RecommendedPluginOrder = scenario.setRecommendedPluginOrder
 			}
+			if scenario.setEnablePlugins != nil {
+				target.EnablePlugins = scenario.setEnablePlugins
+			}
+			if scenario.setDisablePlugins != nil {
+				target.DisablePlugins = scenario.setDisablePlugins
+			}
+			if scenario.setAdmissionControl != nil {
+				target.EnablePlugins = scenario.setAdmissionControl
+			}

 			actualPluginNames := target.enabledPluginNames()

@ -66,3 +129,111 @@ func TestEnabledPluginNamesMethod(t *testing.T) {
 		})
 	}
 }
+
+func TestValidate(t *testing.T) {
+	scenarios := []struct {
+		setEnablePlugins           []string
+		setDisablePlugins          []string
+		setRecommendedPluginsOrder []string
+		expectedResult             bool
+	}{
+		// scenario 0: not set any flag
+		{
+			expectedResult: true,
+		},
+
+		// scenario 1: set both `--enable-admission-plugin` `--disable-admission-plugin`
+		{
+			setEnablePlugins:  []string{"pluginA", "pluginB"},
+			setDisablePlugins: []string{"pluginC"},
+			expectedResult:    true,
+		},
+
+		// scenario 2: set invalid `--enable-admission-plugin` `--disable-admission-plugin`
+		{
+			setEnablePlugins:  []string{"pluginA", "pluginB"},
+			setDisablePlugins: []string{"pluginB"},
+			expectedResult:    false,
+		},
+
+		// scenario 3: set only invalid `--enable-admission-plugin`
+		{
+			setEnablePlugins: []string{"pluginA", "pluginE"},
+			expectedResult:   false,
+		},
+
+		// scenario 4: set only invalid `--disable-admission-plugin`
+		{
+			setDisablePlugins: []string{"pluginA", "pluginE"},
+			expectedResult:    false,
+		},
+
+		// scenario 5: set valid `--enable-admission-plugin`
+		{
+			setEnablePlugins: []string{"pluginA", "pluginB"},
+			expectedResult:   true,
+		},
+
+		// scenario 6: set valid `--disable-admission-plugin`
+		{
+			setDisablePlugins: []string{"pluginA"},
+			expectedResult:    true,
+		},
+
+		// scenario 7: RecommendedPluginOrder has duplicated plugin
+		{
+			setRecommendedPluginsOrder: []string{"pluginA", "pluginB", "pluginB", "pluginC"},
+			expectedResult:             false,
+		},
+
+		// scenario 8: RecommendedPluginOrder not equal to registered
+		{
+			setRecommendedPluginsOrder: []string{"pluginA", "pluginB", "pluginC"},
+			expectedResult:             false,
+		},
+
+		// scenario 9: RecommendedPluginOrder equal to registered
+		{
+			setRecommendedPluginsOrder: []string{"pluginA", "pluginB", "pluginC", "pluginD"},
+			expectedResult:             true,
+		},
+
+		// scenario 10: RecommendedPluginOrder not equal to registered
+		{
+			setRecommendedPluginsOrder: []string{"pluginA", "pluginB", "pluginC", "pluginE"},
+			expectedResult:             false,
+		},
+	}
+
+	for index, scenario := range scenarios {
+		t.Run(fmt.Sprintf("scenario %d", index), func(t *testing.T) {
+			options := NewAdmissionOptions()
+			options.DefaultOffPlugins = sets.NewString("pluginC", "pluginD")
+			options.RecommendedPluginOrder = []string{"pluginA", "pluginB", "pluginC", "pluginD"}
+			options.Plugins = &admission.Plugins{}
+			for _, plugin := range options.RecommendedPluginOrder {
+				options.Plugins.Register(plugin, func(config io.Reader) (admission.Interface, error) {
+					return nil, nil
+				})
+			}
+
+			if scenario.setEnablePlugins != nil {
+				options.EnablePlugins = scenario.setEnablePlugins
+			}
+			if scenario.setDisablePlugins != nil {
+				options.DisablePlugins = scenario.setDisablePlugins
+			}
+			if scenario.setRecommendedPluginsOrder != nil {
+				options.RecommendedPluginOrder = scenario.setRecommendedPluginsOrder
+			}
+
+			err := options.Validate()
+			if len(err) > 0 && scenario.expectedResult {
+				t.Errorf("Unexpected err: %v", err)
+			}
+			if len(err) == 0 && !scenario.expectedResult {
+				t.Errorf("Expect error, but got none")
+			}
+		})
+	}
+}