github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

provider_test.go: use existing method instead of own copy of it. 

Also:
- rename variables according to its meaning
- improve godoc comment
pull/6/head
Slava Semushin 2017-08-09 17:50:04 +02:00
parent 6a0d3c7494
commit 93a9186e8e
2 changed files with 5 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/security/podsecuritypolicy/provider.go
View File

@ -324,7 +324,7 @@ func (s *simpleProvider) ValidateContainerSecurityContext(pod *api.Pod, containe
return allErrs return allErrs
} }
// hasHostPort checks the port definitions on the container for HostPort > 0. // hasInvalidHostPort checks whether the port definitions on the container fall outside of the ranges allowed by the PSP.
func (s *simpleProvider) hasInvalidHostPort(container *api.Container, fldPath *field.Path) field.ErrorList { func (s *simpleProvider) hasInvalidHostPort(container *api.Container, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{} allErrs := field.ErrorList{}
for _, cp := range container.Ports { for _, cp := range container.Ports {

27
pkg/security/podsecuritypolicy/provider_test.go
View File

@ -575,7 +575,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) {
api.SeccompPodAnnotationKey: "foo", api.SeccompPodAnnotationKey: "foo",
} }
errorCases := map[string]struct { successCases := map[string]struct {
pod *api.Pod pod *api.Pod
psp *extensions.PodSecurityPolicy psp *extensions.PodSecurityPolicy
}{ }{
@ -625,7 +625,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) {
}, },
} }
for k, v := range errorCases { for k, v := range successCases {
provider, err := NewSimpleProvider(v.psp, "namespace", NewSimpleStrategyFactory()) provider, err := NewSimpleProvider(v.psp, "namespace", NewSimpleStrategyFactory())
if err != nil { if err != nil {
t.Fatalf("unable to create provider %v", err) t.Fatalf("unable to create provider %v", err)
@ -639,25 +639,6 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) {
} }
func TestValidateContainerSecurityContextSuccess(t *testing.T) { func TestValidateContainerSecurityContextSuccess(t *testing.T) {
var notPriv bool = false
defaultPod := func() *api.Pod {
return &api.Pod{
Spec: api.PodSpec{
SecurityContext: &api.PodSecurityContext{},
Containers: []api.Container{
{
Name: defaultContainerName,
SecurityContext: &api.SecurityContext{
// expected to be set by defaulting mechanisms
Privileged: &notPriv,
// fill in the rest for test cases
},
},
},
},
}
}
// success user strat // success user strat
userPSP := defaultPSP() userPSP := defaultPSP()
uid := int64(999) uid := int64(999)
@ -751,7 +732,7 @@ func TestValidateContainerSecurityContextSuccess(t *testing.T) {
api.SeccompPodAnnotationKey: "foo", api.SeccompPodAnnotationKey: "foo",
} }
errorCases := map[string]struct { successCases := map[string]struct {
pod *api.Pod pod *api.Pod
psp *extensions.PodSecurityPolicy psp *extensions.PodSecurityPolicy
}{ }{
@ -809,7 +790,7 @@ func TestValidateContainerSecurityContextSuccess(t *testing.T) {
}, },
} }
for k, v := range errorCases { for k, v := range successCases {
provider, err := NewSimpleProvider(v.psp, "namespace", NewSimpleStrategyFactory()) provider, err := NewSimpleProvider(v.psp, "namespace", NewSimpleStrategyFactory())
if err != nil { if err != nil {
t.Fatalf("unable to create provider %v", err) t.Fatalf("unable to create provider %v", err)