func TestIncrementUsageReplicationControllers(t *testing.T) {
namespace := "default"
client := testclient.NewSimpleFake(&api.ReplicationControllerList{
Items: []api.ReplicationController{
{
ObjectMeta: api.ObjectMeta{Name: "123", Namespace: namespace},
},
},
})
status := &api.ResourceQuotaStatus{
Hard: api.ResourceList{},
Used: api.ResourceList{},
}
r := api.ResourceReplicationControllers
status.Hard[r] = resource.MustParse("2")
status.Used[r] = resource.MustParse("1")
dirty, err := IncrementUsage(admission.NewAttributesRecord(&api.ReplicationController{}, "ReplicationController", namespace, "name", "replicationcontrollers", "", admission.Create, nil), status, client)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if !dirty {
t.Errorf("Expected the status to get incremented, therefore should have been dirty")
}
quantity := status.Used[r]
if quantity.Value() != int64(2) {
t.Errorf("Expected new item count to be 2, but was %s", quantity.String())
}
}
func TestSyncResourceQuotaNoChange(t *testing.T) {
quota := api.ResourceQuota{
Spec: api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("4"),
},
},
Status: api.ResourceQuotaStatus{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("4"),
},
Used: api.ResourceList{
api.ResourceCPU: resource.MustParse("0"),
},
},
}
kubeClient := testclient.NewSimpleFake(&api.PodList{}, "a)
ResourceQuotaController := NewResourceQuotaController(kubeClient)
err := ResourceQuotaController.syncResourceQuota(quota)
if err != nil {
t.Fatalf("Unexpected error %v", err)
}
actions := kubeClient.Actions()
if len(actions) != 1 && !actions[0].Matches("list", "pods") {
t.Errorf("SyncResourceQuota made an unexpected client action when state was not dirty: %v", kubeClient.Actions)
}
}
func TestName(t *testing.T) {
var (
testPodUID = types.UID("test_pod_uid")
testVolumeName = "test_name"
testNamespace = "test_metadata_namespace"
testName = "test_metadata_name"
)
volumeSpec := &api.Volume{
Name: testVolumeName,
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{
{Path: "name_file_name", FieldRef: api.ObjectFieldSelector{
FieldPath: "metadata.name"}}}},
},
}
fake := testclient.NewSimpleFake(&api.Pod{
ObjectMeta: api.ObjectMeta{
Name: testName,
Namespace: testNamespace,
},
})
pluginMgr := volume.VolumePluginMgr{}
pluginMgr.InitPlugins(ProbeVolumePlugins(), newTestHost(t, fake))
plugin, err := pluginMgr.FindPluginByName(downwardAPIPluginName)
if err != nil {
t.Errorf("Can't find the plugin by name")
}
pod := &api.Pod{ObjectMeta: api.ObjectMeta{UID: testPodUID, Name: testName}}
builder, err := plugin.NewBuilder(volume.NewSpecFromVolume(volumeSpec), pod, volume.VolumeOptions{})
if err != nil {
t.Errorf("Failed to make a new Builder: %v", err)
}
if builder == nil {
t.Errorf("Got a nil Builder")
}
volumePath := builder.GetPath()
err = builder.SetUp()
if err != nil {
t.Errorf("Failed to setup volume: %v", err)
}
var data []byte
data, err = ioutil.ReadFile(path.Join(volumePath, "name_file_name"))
if err != nil {
t.Errorf(err.Error())
}
if string(data) != testName {
t.Errorf("Found `%s` expected %s", string(data), testName)
}
CleanEverything(plugin, testVolumeName, volumePath, testPodUID, t)
}
func TestLimitRangerIgnoresSubresource(t *testing.T) {
client := testclient.NewSimpleFake()
indexer := cache.NewIndexer(cache.MetaNamespaceKeyFunc, cache.Indexers{"namespace": cache.MetaNamespaceIndexFunc})
handler := &limitRanger{
Handler: admission.NewHandler(admission.Create, admission.Update),
client: client,
limitFunc: Limit,
indexer: indexer,
}
limitRange := validLimitRangeNoDefaults()
testPod := validPod("testPod", 1, api.ResourceRequirements{})
indexer.Add(&limitRange)
err := handler.Admit(admission.NewAttributesRecord(&testPod, "Pod", limitRange.Namespace, "testPod", "pods", "", admission.Update, nil))
if err == nil {
t.Errorf("Expected an error since the pod did not specify resource limits in its update call")
}
err = handler.Admit(admission.NewAttributesRecord(&testPod, "Pod", limitRange.Namespace, "testPod", "pods", "status", admission.Update, nil))
if err != nil {
t.Errorf("Should have ignored calls to any subresource of pod %v", err)
}
}
func TestSyncResourceQuotaSpecChange(t *testing.T) {
quota := api.ResourceQuota{
Spec: api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("4"),
},
},
Status: api.ResourceQuotaStatus{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("3"),
},
Used: api.ResourceList{
api.ResourceCPU: resource.MustParse("0"),
},
},
}
expectedUsage := api.ResourceQuota{
Status: api.ResourceQuotaStatus{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("4"),
},
Used: api.ResourceList{
api.ResourceCPU: resource.MustParse("0"),
},
},
}
kubeClient := testclient.NewSimpleFake("a)
ResourceQuotaController := NewResourceQuotaController(kubeClient)
err := ResourceQuotaController.syncResourceQuota(quota)
if err != nil {
t.Fatalf("Unexpected error %v", err)
}
usage := kubeClient.Actions()[1].(testclient.UpdateAction).GetObject().(*api.ResourceQuota)
// ensure hard and used limits are what we expected
for k, v := range expectedUsage.Status.Hard {
actual := usage.Status.Hard[k]
actualValue := actual.String()
expectedValue := v.String()
if expectedValue != actualValue {
t.Errorf("Usage Hard: Key: %v, Expected: %v, Actual: %v", k, expectedValue, actualValue)
}
}
for k, v := range expectedUsage.Status.Used {
actual := usage.Status.Used[k]
actualValue := actual.String()
expectedValue := v.String()
if expectedValue != actualValue {
t.Errorf("Usage Used: Key: %v, Expected: %v, Actual: %v", k, expectedValue, actualValue)
}
}
}
// Test the case where the 'ready' file has been created and the pod volume dir
// is a mountpoint. Mount should not be called.
func TestPluginIdempotent(t *testing.T) {
var (
testPodUID = types.UID("test_pod_uid2")
testVolumeName = "test_volume_name"
testNamespace = "test_secret_namespace"
testName = "test_secret_name"
volumeSpec = volumeSpec(testVolumeName, testName)
secret = secret(testNamespace, testName)
client = testclient.NewSimpleFake(&secret)
pluginMgr = volume.VolumePluginMgr{}
rootDir, host = newTestHost(t, client)
)
pluginMgr.InitPlugins(ProbeVolumePlugins(), host)
plugin, err := pluginMgr.FindPluginByName(secretPluginName)
if err != nil {
t.Errorf("Can't find the plugin by name")
}
podVolumeDir := fmt.Sprintf("%v/pods/test_pod_uid2/volumes/kubernetes.io~secret/test_volume_name", rootDir)
podMetadataDir := fmt.Sprintf("%v/pods/test_pod_uid2/plugins/kubernetes.io~secret/test_volume_name", rootDir)
pod := &api.Pod{ObjectMeta: api.ObjectMeta{UID: testPodUID}}
mounter := host.GetMounter().(*mount.FakeMounter)
mounter.MountPoints = []mount.MountPoint{
{
Path: podVolumeDir,
},
}
util.SetReady(podMetadataDir)
builder, err := plugin.NewBuilder(volume.NewSpecFromVolume(volumeSpec), pod, volume.VolumeOptions{})
if err != nil {
t.Errorf("Failed to make a new Builder: %v", err)
}
if builder == nil {
t.Errorf("Got a nil Builder")
}
volumePath := builder.GetPath()
err = builder.SetUp()
if err != nil {
t.Errorf("Failed to setup volume: %v", err)
}
if len(mounter.Log) != 0 {
t.Errorf("Unexpected calls made to mounter: %v", mounter.Log)
}
if _, err := os.Stat(volumePath); err != nil {
if !os.IsNotExist(err) {
t.Errorf("SetUp() failed unexpectedly: %v", err)
}
} else {
t.Errorf("volume path should not exist: %v", volumePath)
}
}
// Test the case where the plugin's ready file exists, but the volume dir is not a
// mountpoint, which is the state the system will be in after reboot. The dir
// should be mounter and the secret data written to it.
func TestPluginReboot(t *testing.T) {
var (
testPodUID = types.UID("test_pod_uid3")
testVolumeName = "test_volume_name"
testNamespace = "test_secret_namespace"
testName = "test_secret_name"
volumeSpec = volumeSpec(testVolumeName, testName)
secret = secret(testNamespace, testName)
client = testclient.NewSimpleFake(&secret)
pluginMgr = volume.VolumePluginMgr{}
rootDir, host = newTestHost(t, client)
)
pluginMgr.InitPlugins(ProbeVolumePlugins(), host)
plugin, err := pluginMgr.FindPluginByName(secretPluginName)
if err != nil {
t.Errorf("Can't find the plugin by name")
}
pod := &api.Pod{ObjectMeta: api.ObjectMeta{UID: testPodUID}}
builder, err := plugin.NewBuilder(volume.NewSpecFromVolume(volumeSpec), pod, volume.VolumeOptions{})
if err != nil {
t.Errorf("Failed to make a new Builder: %v", err)
}
if builder == nil {
t.Errorf("Got a nil Builder")
}
podMetadataDir := fmt.Sprintf("%v/pods/test_pod_uid3/plugins/kubernetes.io~secret/test_volume_name", rootDir)
util.SetReady(podMetadataDir)
volumePath := builder.GetPath()
if !strings.HasSuffix(volumePath, fmt.Sprintf("pods/test_pod_uid3/volumes/kubernetes.io~secret/test_volume_name")) {
t.Errorf("Got unexpected path: %s", volumePath)
}
err = builder.SetUp()
if err != nil {
t.Errorf("Failed to setup volume: %v", err)
}
if _, err := os.Stat(volumePath); err != nil {
if os.IsNotExist(err) {
t.Errorf("SetUp() failed, volume path not created: %s", volumePath)
} else {
t.Errorf("SetUp() failed: %v", err)
}
}
doTestSecretDataInVolume(volumePath, secret, t)
doTestCleanAndTeardown(plugin, testPodUID, testVolumeName, volumePath, t)
}
func TestSyncBatch(t *testing.T) {
syncer := newTestManager()
syncer.kubeClient = testclient.NewSimpleFake(testPod)
syncer.SetPodStatus(testPod, getRandomPodStatus())
err := syncer.syncBatch()
if err != nil {
t.Errorf("unexpected syncing error: %v", err)
}
verifyActions(t, syncer.kubeClient, []testclient.Action{
testclient.GetActionImpl{ActionImpl: testclient.ActionImpl{Verb: "get", Resource: "pods"}},
testclient.UpdateActionImpl{ActionImpl: testclient.ActionImpl{Verb: "update", Resource: "pods", Subresource: "status"}},
},
)
}
func TestDeniesInvalidServiceAccount(t *testing.T) {
ns := "myns"
// Build a test client that the admission plugin can use to look up the service account missing from its cache
client := testclient.NewSimpleFake()
admit := NewServiceAccount(client)
pod := &api.Pod{}
attrs := admission.NewAttributesRecord(pod, "Pod", ns, "myname", string(api.ResourcePods), "", admission.Create, nil)
err := admit.Admit(attrs)
if err == nil {
t.Errorf("Expected error for missing service account, got none")
}
}
func TestSyncBatchChecksMismatchedUID(t *testing.T) {
syncer := newTestManager()
testPod.UID = "first"
differentPod := *testPod
differentPod.UID = "second"
syncer.kubeClient = testclient.NewSimpleFake(testPod)
syncer.SetPodStatus(&differentPod, getRandomPodStatus())
err := syncer.syncBatch()
if err != nil {
t.Errorf("unexpected syncing error: %v", err)
}
verifyActions(t, syncer.kubeClient, []testclient.Action{
testclient.GetActionImpl{ActionImpl: testclient.ActionImpl{Verb: "get", Resource: "pods"}},
})
}
func TestExceedUsagePods(t *testing.T) {
pod := validPod("123", 1, getResourceRequirements(getResourceList("100m", "1Gi"), getResourceList("", "")))
podList := &api.PodList{Items: []api.Pod{*pod}}
client := testclient.NewSimpleFake(podList)
status := &api.ResourceQuotaStatus{
Hard: api.ResourceList{},
Used: api.ResourceList{},
}
r := api.ResourcePods
status.Hard[r] = resource.MustParse("1")
status.Used[r] = resource.MustParse("1")
_, err := IncrementUsage(admission.NewAttributesRecord(&api.Pod{}, "Pod", pod.Namespace, "name", "pods", "", admission.Create, nil), status, client)
if err == nil {
t.Errorf("Expected error because this would exceed your quota")
}
}
func TestDescribeService(t *testing.T) {
fake := testclient.NewSimpleFake(&api.Service{
ObjectMeta: api.ObjectMeta{
Name: "bar",
Namespace: "foo",
},
})
c := &describeClient{T: t, Namespace: "foo", Interface: fake}
d := ServiceDescriber{c}
out, err := d.Describe("foo", "bar")
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if !strings.Contains(out, "Labels:") || !strings.Contains(out, "bar") {
t.Errorf("unexpected out: %s", out)
}
}
func TestDescribeDeployment(t *testing.T) {
fake := testclient.NewSimpleFake(&extensions.Deployment{
ObjectMeta: api.ObjectMeta{
Name: "bar",
Namespace: "foo",
},
Spec: extensions.DeploymentSpec{
Template: &api.PodTemplateSpec{},
},
})
c := &describeClient{T: t, Namespace: "foo", Interface: fake}
d := DeploymentDescriber{c}
out, err := d.Describe("foo", "bar")
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if !strings.Contains(out, "bar") || !strings.Contains(out, "foo") {
t.Errorf("unexpected out: %s", out)
}
}
func TestReplicationControllerScaleFailsPreconditions(t *testing.T) {
fake := testclient.NewSimpleFake(&api.ReplicationController{
Spec: api.ReplicationControllerSpec{
Replicas: 10,
},
})
scaler := ReplicationControllerScaler{fake}
preconditions := ScalePrecondition{2, ""}
count := uint(3)
name := "foo"
scaler.Scale("default", name, count, &preconditions, nil, nil)
actions := fake.Actions()
if len(actions) != 1 {
t.Errorf("unexpected actions: %v, expected 1 action (get)", actions)
}
if action, ok := actions[0].(testclient.GetAction); !ok || action.GetResource() != "replicationcontrollers" || action.GetName() != name {
t.Errorf("unexpected action: %v, expected get-replicationController %s", actions[0], name)
}
}
func TestJobScaleFailsPreconditions(t *testing.T) {
ten := 10
fake := testclient.NewSimpleFake(&extensions.Job{
Spec: extensions.JobSpec{
Parallelism: &ten,
},
})
scaler := JobScaler{fake}
preconditions := ScalePrecondition{2, ""}
count := uint(3)
name := "foo"
scaler.Scale("default", name, count, &preconditions, nil, nil)
actions := fake.Actions()
if len(actions) != 1 {
t.Errorf("unexpected actions: %v, expected 1 actions (get)", actions)
}
if action, ok := actions[0].(testclient.GetAction); !ok || action.GetResource() != "jobs" || action.GetName() != name {
t.Errorf("unexpected action: %v, expected get-job %s", actions[0], name)
}
}
func TestExceedUsageServices(t *testing.T) {
namespace := "default"
client := testclient.NewSimpleFake(&api.ServiceList{
Items: []api.Service{
{
ObjectMeta: api.ObjectMeta{Name: "123", Namespace: namespace},
},
},
})
status := &api.ResourceQuotaStatus{
Hard: api.ResourceList{},
Used: api.ResourceList{},
}
r := api.ResourceServices
status.Hard[r] = resource.MustParse("1")
status.Used[r] = resource.MustParse("1")
_, err := IncrementUsage(admission.NewAttributesRecord(&api.Service{}, "Service", namespace, "name", "services", "", admission.Create, nil), status, client)
if err == nil {
t.Errorf("Expected error because this would exceed usage")
}
}
func TestExceedUsagePersistentVolumeClaims(t *testing.T) {
namespace := "default"
client := testclient.NewSimpleFake(&api.PersistentVolumeClaimList{
Items: []api.PersistentVolumeClaim{
{
ObjectMeta: api.ObjectMeta{Name: "123", Namespace: namespace},
},
},
})
status := &api.ResourceQuotaStatus{
Hard: api.ResourceList{},
Used: api.ResourceList{},
}
r := api.ResourcePersistentVolumeClaims
status.Hard[r] = resource.MustParse("1")
status.Used[r] = resource.MustParse("1")
_, err := IncrementUsage(admission.NewAttributesRecord(&api.PersistentVolumeClaim{}, "PersistentVolumeClaim", namespace, "name", "persistentvolumeclaims", "", admission.Create, nil), status, client)
if err == nil {
t.Errorf("Expected error for exceeding hard limits")
}
}
func TestPodDescribeResultsSorted(t *testing.T) {
// Arrange
fake := testclient.NewSimpleFake(&api.EventList{
Items: []api.Event{
{
Source: api.EventSource{Component: "kubelet"},
Message: "Item 1",
FirstTimestamp: unversioned.NewTime(time.Date(2014, time.January, 15, 0, 0, 0, 0, time.UTC)),
LastTimestamp: unversioned.NewTime(time.Date(2014, time.January, 15, 0, 0, 0, 0, time.UTC)),
Count: 1,
},
{
Source: api.EventSource{Component: "scheduler"},
Message: "Item 2",
FirstTimestamp: unversioned.NewTime(time.Date(1987, time.June, 17, 0, 0, 0, 0, time.UTC)),
LastTimestamp: unversioned.NewTime(time.Date(1987, time.June, 17, 0, 0, 0, 0, time.UTC)),
Count: 1,
},
{
Source: api.EventSource{Component: "kubelet"},
Message: "Item 3",
FirstTimestamp: unversioned.NewTime(time.Date(2002, time.December, 25, 0, 0, 0, 0, time.UTC)),
LastTimestamp: unversioned.NewTime(time.Date(2002, time.December, 25, 0, 0, 0, 0, time.UTC)),
Count: 1,
},
},
})
c := &describeClient{T: t, Namespace: "foo", Interface: fake}
d := PodDescriber{c}
// Act
out, err := d.Describe("foo", "bar")
// Assert
if err != nil {
t.Errorf("unexpected error: %v", err)
}
VerifyDatesInOrder(out, "\n" /* rowDelimiter */, "\t" /* columnDelimiter */, t)
}
func TestIncrementUsagePods(t *testing.T) {
pod := validPod("123", 1, getResourceRequirements(getResourceList("100m", "1Gi"), getResourceList("", "")))
podList := &api.PodList{Items: []api.Pod{*pod}}
client := testclient.NewSimpleFake(podList)
status := &api.ResourceQuotaStatus{
Hard: api.ResourceList{},
Used: api.ResourceList{},
}
r := api.ResourcePods
status.Hard[r] = resource.MustParse("2")
status.Used[r] = resource.MustParse("1")
dirty, err := IncrementUsage(admission.NewAttributesRecord(&api.Pod{}, "Pod", pod.Namespace, "new-pod", "pods", "", admission.Create, nil), status, client)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if !dirty {
t.Errorf("Expected the status to get incremented, therefore should have been dirty")
}
quantity := status.Used[r]
if quantity.Value() != int64(2) {
t.Errorf("Expected new item count to be 2, but was %s", quantity.String())
}
}
func TestFetchesUncachedServiceAccount(t *testing.T) {
ns := "myns"
// Build a test client that the admission plugin can use to look up the service account missing from its cache
client := testclient.NewSimpleFake(&api.ServiceAccount{
ObjectMeta: api.ObjectMeta{
Name: DefaultServiceAccountName,
Namespace: ns,
},
})
admit := NewServiceAccount(client)
admit.RequireAPIToken = false
pod := &api.Pod{}
attrs := admission.NewAttributesRecord(pod, "Pod", ns, "myname", string(api.ResourcePods), "", admission.Create, nil)
err := admit.Admit(attrs)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if pod.Spec.ServiceAccountName != DefaultServiceAccountName {
t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccountName)
}
}
func TestServiceAccountCreation(t *testing.T) {
ns := api.NamespaceDefault
defaultName := "default"
managedName := "managed"
activeNS := &api.Namespace{
ObjectMeta: api.ObjectMeta{Name: ns},
Status: api.NamespaceStatus{
Phase: api.NamespaceActive,
},
}
terminatingNS := &api.Namespace{
ObjectMeta: api.ObjectMeta{Name: ns},
Status: api.NamespaceStatus{
Phase: api.NamespaceTerminating,
},
}
defaultServiceAccount := &api.ServiceAccount{
ObjectMeta: api.ObjectMeta{
Name: defaultName,
Namespace: ns,
ResourceVersion: "1",
},
}
managedServiceAccount := &api.ServiceAccount{
ObjectMeta: api.ObjectMeta{
Name: managedName,
Namespace: ns,
ResourceVersion: "1",
},
}
unmanagedServiceAccount := &api.ServiceAccount{
ObjectMeta: api.ObjectMeta{
Name: "other-unmanaged",
Namespace: ns,
ResourceVersion: "1",
},
}
testcases := map[string]struct {
ExistingNamespace *api.Namespace
ExistingServiceAccounts []*api.ServiceAccount
AddedNamespace *api.Namespace
UpdatedNamespace *api.Namespace
DeletedServiceAccount *api.ServiceAccount
ExpectCreatedServiceAccounts []string
}{
"new active namespace missing serviceaccounts": {
ExistingServiceAccounts: []*api.ServiceAccount{},
AddedNamespace: activeNS,
ExpectCreatedServiceAccounts: sets.NewString(defaultName, managedName).List(),
},
"new active namespace missing serviceaccount": {
ExistingServiceAccounts: []*api.ServiceAccount{managedServiceAccount},
AddedNamespace: activeNS,
ExpectCreatedServiceAccounts: []string{defaultName},
},
"new active namespace with serviceaccounts": {
ExistingServiceAccounts: []*api.ServiceAccount{defaultServiceAccount, managedServiceAccount},
AddedNamespace: activeNS,
ExpectCreatedServiceAccounts: []string{},
},
"new terminating namespace": {
ExistingServiceAccounts: []*api.ServiceAccount{},
AddedNamespace: terminatingNS,
ExpectCreatedServiceAccounts: []string{},
},
"updated active namespace missing serviceaccounts": {
ExistingServiceAccounts: []*api.ServiceAccount{},
UpdatedNamespace: activeNS,
ExpectCreatedServiceAccounts: sets.NewString(defaultName, managedName).List(),
},
"updated active namespace missing serviceaccount": {
ExistingServiceAccounts: []*api.ServiceAccount{defaultServiceAccount},
UpdatedNamespace: activeNS,
ExpectCreatedServiceAccounts: []string{managedName},
},
"updated active namespace with serviceaccounts": {
ExistingServiceAccounts: []*api.ServiceAccount{defaultServiceAccount, managedServiceAccount},
UpdatedNamespace: activeNS,
ExpectCreatedServiceAccounts: []string{},
},
"updated terminating namespace": {
ExistingServiceAccounts: []*api.ServiceAccount{},
UpdatedNamespace: terminatingNS,
ExpectCreatedServiceAccounts: []string{},
},
"deleted serviceaccount without namespace": {
DeletedServiceAccount: defaultServiceAccount,
ExpectCreatedServiceAccounts: []string{},
},
"deleted serviceaccount with active namespace": {
ExistingNamespace: activeNS,
DeletedServiceAccount: defaultServiceAccount,
ExpectCreatedServiceAccounts: []string{defaultName},
},
"deleted serviceaccount with terminating namespace": {
ExistingNamespace: terminatingNS,
DeletedServiceAccount: defaultServiceAccount,
ExpectCreatedServiceAccounts: []string{},
},
"deleted unmanaged serviceaccount with active namespace": {
ExistingNamespace: activeNS,
DeletedServiceAccount: unmanagedServiceAccount,
ExpectCreatedServiceAccounts: []string{},
},
"deleted unmanaged serviceaccount with terminating namespace": {
ExistingNamespace: terminatingNS,
DeletedServiceAccount: unmanagedServiceAccount,
ExpectCreatedServiceAccounts: []string{},
},
}
for k, tc := range testcases {
client := testclient.NewSimpleFake(defaultServiceAccount, managedServiceAccount)
options := DefaultServiceAccountsControllerOptions()
options.Names = sets.NewString(defaultName, managedName)
controller := NewServiceAccountsController(client, options)
if tc.ExistingNamespace != nil {
controller.namespaces.Add(tc.ExistingNamespace)
}
for _, s := range tc.ExistingServiceAccounts {
controller.serviceAccounts.Add(s)
}
if tc.AddedNamespace != nil {
controller.namespaces.Add(tc.AddedNamespace)
controller.namespaceAdded(tc.AddedNamespace)
}
if tc.UpdatedNamespace != nil {
controller.namespaces.Add(tc.UpdatedNamespace)
controller.namespaceUpdated(nil, tc.UpdatedNamespace)
}
if tc.DeletedServiceAccount != nil {
controller.serviceAccountDeleted(tc.DeletedServiceAccount)
}
actions := client.Actions()
if len(tc.ExpectCreatedServiceAccounts) != len(actions) {
t.Errorf("%s: Expected to create accounts %#v. Actual actions were: %#v", k, tc.ExpectCreatedServiceAccounts, actions)
continue
}
for i, expectedName := range tc.ExpectCreatedServiceAccounts {
action := actions[i]
if !action.Matches("create", "serviceaccounts") {
t.Errorf("%s: Unexpected action %s", k, action)
break
}
createdAccount := action.(testclient.CreateAction).GetObject().(*api.ServiceAccount)
if createdAccount.Name != expectedName {
t.Errorf("%s: Expected %s to be created, got %s", k, expectedName, createdAccount.Name)
}
}
}
}
// TestRollingUpdater_cleanupWithClients ensures that the cleanup policy is
// correctly implemented.
func TestRollingUpdater_cleanupWithClients(t *testing.T) {
rc := oldRc(2, 2)
rcExisting := newRc(1, 3)
tests := []struct {
name string
policy RollingUpdaterCleanupPolicy
responses []runtime.Object
expected []string
}{
{
name: "preserve",
policy: PreserveRollingUpdateCleanupPolicy,
responses: []runtime.Object{rcExisting},
expected: []string{
"get",
"update",
"get",
"get",
},
},
{
name: "delete",
policy: DeleteRollingUpdateCleanupPolicy,
responses: []runtime.Object{rcExisting},
expected: []string{
"get",
"update",
"get",
"get",
"delete",
},
},
{
name: "rename",
policy: RenameRollingUpdateCleanupPolicy,
responses: []runtime.Object{rcExisting},
expected: []string{
"get",
"update",
"get",
"get",
"delete",
"create",
"delete",
},
},
}
for _, test := range tests {
fake := testclient.NewSimpleFake(test.responses...)
updater := &RollingUpdater{
ns: "default",
c: fake,
}
config := &RollingUpdaterConfig{
Out: ioutil.Discard,
OldRc: rc,
NewRc: rcExisting,
UpdatePeriod: 0,
Interval: time.Millisecond,
Timeout: time.Millisecond,
CleanupPolicy: test.policy,
}
err := updater.cleanupWithClients(rc, rcExisting, config)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if len(fake.Actions()) != len(test.expected) {
t.Fatalf("%s: unexpected actions: %v, expected %v", test.name, fake.Actions(), test.expected)
}
for j, action := range fake.Actions() {
if e, a := test.expected[j], action.GetVerb(); e != a {
t.Errorf("%s: unexpected action: expected %s, got %s", test.name, e, a)
}
}
}
}
func TestFindSourceController(t *testing.T) {
ctrl1 := api.ReplicationController{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Annotations: map[string]string{
sourceIdAnnotation: "bar:1234",
},
},
}
ctrl2 := api.ReplicationController{
ObjectMeta: api.ObjectMeta{
Name: "bar",
Annotations: map[string]string{
sourceIdAnnotation: "foo:12345",
},
},
}
ctrl3 := api.ReplicationController{
ObjectMeta: api.ObjectMeta{
Annotations: map[string]string{
sourceIdAnnotation: "baz:45667",
},
},
}
tests := []struct {
list *api.ReplicationControllerList
expectedController *api.ReplicationController
err error
name string
expectError bool
}{
{
list: &api.ReplicationControllerList{},
expectError: true,
},
{
list: &api.ReplicationControllerList{
Items: []api.ReplicationController{ctrl1},
},
name: "foo",
expectError: true,
},
{
list: &api.ReplicationControllerList{
Items: []api.ReplicationController{ctrl1},
},
name: "bar",
expectedController: &ctrl1,
},
{
list: &api.ReplicationControllerList{
Items: []api.ReplicationController{ctrl1, ctrl2},
},
name: "bar",
expectedController: &ctrl1,
},
{
list: &api.ReplicationControllerList{
Items: []api.ReplicationController{ctrl1, ctrl2},
},
name: "foo",
expectedController: &ctrl2,
},
{
list: &api.ReplicationControllerList{
Items: []api.ReplicationController{ctrl1, ctrl2, ctrl3},
},
name: "baz",
expectedController: &ctrl3,
},
}
for _, test := range tests {
fakeClient := testclient.NewSimpleFake(test.list)
ctrl, err := FindSourceController(fakeClient, "default", test.name)
if test.expectError && err == nil {
t.Errorf("unexpected non-error")
}
if !test.expectError && err != nil {
t.Errorf("unexpected error")
}
if !reflect.DeepEqual(ctrl, test.expectedController) {
t.Errorf("expected:\n%v\ngot:\n%v\n", test.expectedController, ctrl)
}
}
}
func TestUpdateExistingReplicationController(t *testing.T) {
tests := []struct {
rc *api.ReplicationController
name string
deploymentKey string
deploymentValue string
expectedRc *api.ReplicationController
expectErr bool
}{
{
rc: &api.ReplicationController{
Spec: api.ReplicationControllerSpec{
Template: &api.PodTemplateSpec{},
},
},
name: "foo",
deploymentKey: "dk",
deploymentValue: "some-hash",
expectedRc: &api.ReplicationController{
ObjectMeta: api.ObjectMeta{
Annotations: map[string]string{
"kubectl.kubernetes.io/next-controller-id": "foo",
},
},
Spec: api.ReplicationControllerSpec{
Selector: map[string]string{
"dk": "some-hash",
},
Template: &api.PodTemplateSpec{
ObjectMeta: api.ObjectMeta{
Labels: map[string]string{
"dk": "some-hash",
},
},
},
},
},
},
{
rc: &api.ReplicationController{
Spec: api.ReplicationControllerSpec{
Template: &api.PodTemplateSpec{
ObjectMeta: api.ObjectMeta{
Labels: map[string]string{
"dk": "some-other-hash",
},
},
},
Selector: map[string]string{
"dk": "some-other-hash",
},
},
},
name: "foo",
deploymentKey: "dk",
deploymentValue: "some-hash",
expectedRc: &api.ReplicationController{
ObjectMeta: api.ObjectMeta{
Annotations: map[string]string{
"kubectl.kubernetes.io/next-controller-id": "foo",
},
},
Spec: api.ReplicationControllerSpec{
Selector: map[string]string{
"dk": "some-other-hash",
},
Template: &api.PodTemplateSpec{
ObjectMeta: api.ObjectMeta{
Labels: map[string]string{
"dk": "some-other-hash",
},
},
},
},
},
},
}
for _, test := range tests {
buffer := &bytes.Buffer{}
fakeClient := testclient.NewSimpleFake(test.expectedRc)
rc, err := UpdateExistingReplicationController(fakeClient, test.rc, "default", test.name, test.deploymentKey, test.deploymentValue, buffer)
if !reflect.DeepEqual(rc, test.expectedRc) {
t.Errorf("expected:\n%#v\ngot:\n%#v\n", test.expectedRc, rc)
}
if test.expectErr && err == nil {
t.Errorf("unexpected non-error")
}
if !test.expectErr && err != nil {
t.Errorf("unexpected error: %v", err)
}
}
}
func TestPersistentVolumeDescriber(t *testing.T) {
tests := map[string]*api.PersistentVolume{
"hostpath": {
Spec: api.PersistentVolumeSpec{
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{},
},
},
},
"gce": {
Spec: api.PersistentVolumeSpec{
PersistentVolumeSource: api.PersistentVolumeSource{
GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{},
},
},
},
"ebs": {
Spec: api.PersistentVolumeSpec{
PersistentVolumeSource: api.PersistentVolumeSource{
AWSElasticBlockStore: &api.AWSElasticBlockStoreVolumeSource{},
},
},
},
"nfs": {
Spec: api.PersistentVolumeSpec{
PersistentVolumeSource: api.PersistentVolumeSource{
NFS: &api.NFSVolumeSource{},
},
},
},
"iscsi": {
Spec: api.PersistentVolumeSpec{
PersistentVolumeSource: api.PersistentVolumeSource{
ISCSI: &api.ISCSIVolumeSource{},
},
},
},
"gluster": {
Spec: api.PersistentVolumeSpec{
PersistentVolumeSource: api.PersistentVolumeSource{
Glusterfs: &api.GlusterfsVolumeSource{},
},
},
},
"rbd": {
Spec: api.PersistentVolumeSpec{
PersistentVolumeSource: api.PersistentVolumeSource{
RBD: &api.RBDVolumeSource{},
},
},
},
}
for name, pv := range tests {
fake := testclient.NewSimpleFake(pv)
c := PersistentVolumeDescriber{fake}
str, err := c.Describe("foo", "bar")
if err != nil {
t.Errorf("Unexpected error for test %s: %v", name, err)
}
if str == "" {
t.Errorf("Unexpected empty string for test %s. Expected PV Describer output", name)
}
}
}
func TestReplicationControllerStop(t *testing.T) {
name := "foo"
ns := "default"
tests := []struct {
Name string
Objs []runtime.Object
StopError error
StopMessage string
ExpectedActions []string
}{
{
Name: "OnlyOneRC",
Objs: []runtime.Object{
&api.ReplicationController{ // GET
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1"}},
},
&api.ReplicationControllerList{ // LIST
Items: []api.ReplicationController{
{
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1"}},
},
},
},
},
StopError: nil,
StopMessage: "foo stopped",
ExpectedActions: []string{"get", "list", "get", "update", "get", "get", "delete"},
},
{
Name: "NoOverlapping",
Objs: []runtime.Object{
&api.ReplicationController{ // GET
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1"}},
},
&api.ReplicationControllerList{ // LIST
Items: []api.ReplicationController{
{
ObjectMeta: api.ObjectMeta{
Name: "baz",
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k3": "v3"}},
},
{
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1"}},
},
},
},
},
StopError: nil,
StopMessage: "foo stopped",
ExpectedActions: []string{"get", "list", "get", "update", "get", "get", "delete"},
},
{
Name: "OverlappingError",
Objs: []runtime.Object{
&api.ReplicationController{ // GET
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1"}},
},
&api.ReplicationControllerList{ // LIST
Items: []api.ReplicationController{
{
ObjectMeta: api.ObjectMeta{
Name: "baz",
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1", "k2": "v2"}},
},
{
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1"}},
},
},
},
},
StopError: fmt.Errorf("Detected overlapping controllers for rc foo: baz, please manage deletion individually with --cascade=false."),
StopMessage: "",
ExpectedActions: []string{"get", "list"},
},
{
Name: "OverlappingButSafeDelete",
Objs: []runtime.Object{
&api.ReplicationController{ // GET
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1", "k2": "v2"}},
},
&api.ReplicationControllerList{ // LIST
Items: []api.ReplicationController{
{
ObjectMeta: api.ObjectMeta{
Name: "baz",
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1", "k2": "v2", "k3": "v3"}},
},
{
ObjectMeta: api.ObjectMeta{
Name: "zaz",
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1"}},
},
{
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1", "k2": "v2"}},
},
},
},
},
StopError: fmt.Errorf("Detected overlapping controllers for rc foo: baz,zaz, please manage deletion individually with --cascade=false."),
StopMessage: "",
ExpectedActions: []string{"get", "list"},
},
{
Name: "TwoExactMatchRCs",
Objs: []runtime.Object{
&api.ReplicationController{ // GET
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1"}},
},
&api.ReplicationControllerList{ // LIST
Items: []api.ReplicationController{
{
ObjectMeta: api.ObjectMeta{
Name: "zaz",
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1"}},
},
{
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: ns,
},
Spec: api.ReplicationControllerSpec{
Replicas: 0,
Selector: map[string]string{"k1": "v1"}},
},
},
},
},
StopError: nil,
StopMessage: "foo stopped",
ExpectedActions: []string{"get", "list", "delete"},
},
}
for _, test := range tests {
fake := testclient.NewSimpleFake(test.Objs...)
reaper := ReplicationControllerReaper{fake, time.Millisecond, time.Millisecond}
s, err := reaper.Stop(ns, name, 0, nil)
if !reflect.DeepEqual(err, test.StopError) {
t.Errorf("%s unexpected error: %v", test.Name, err)
continue
}
if s != test.StopMessage {
t.Errorf("%s expected '%s', got '%s'", test.Name, test.StopMessage, s)
continue
}
actions := fake.Actions()
if len(actions) != len(test.ExpectedActions) {
t.Errorf("%s unexpected actions: %v, expected %d actions got %d", test.Name, actions, len(test.ExpectedActions), len(actions))
continue
}
for i, verb := range test.ExpectedActions {
if actions[i].GetResource() != "replicationcontrollers" {
t.Errorf("%s unexpected action: %+v, expected %s-replicationController", test.Name, actions[i], verb)
}
if actions[i].GetVerb() != verb {
t.Errorf("%s unexpected action: %+v, expected %s-replicationController", test.Name, actions[i], verb)
}
}
}
}
func TestJobStop(t *testing.T) {
name := "foo"
ns := "default"
zero := 0
tests := []struct {
Name string
Objs []runtime.Object
StopError error
StopMessage string
ExpectedActions []string
}{
{
Name: "OnlyOneJob",
Objs: []runtime.Object{
&extensions.Job{ // GET
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: ns,
},
Spec: extensions.JobSpec{
Parallelism: &zero,
Selector: &extensions.PodSelector{
MatchLabels: map[string]string{"k1": "v1"},
},
},
},
&extensions.JobList{ // LIST
Items: []extensions.Job{
{
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: ns,
},
Spec: extensions.JobSpec{
Parallelism: &zero,
Selector: &extensions.PodSelector{
MatchLabels: map[string]string{"k1": "v1"},
},
},
},
},
},
},
StopError: nil,
StopMessage: "foo stopped",
ExpectedActions: []string{"get", "get", "update", "get", "get", "delete"},
},
}
for _, test := range tests {
fake := testclient.NewSimpleFake(test.Objs...)
reaper := JobReaper{fake, time.Millisecond, time.Millisecond}
s, err := reaper.Stop(ns, name, 0, nil)
if !reflect.DeepEqual(err, test.StopError) {
t.Errorf("%s unexpected error: %v", test.Name, err)
continue
}
if s != test.StopMessage {
t.Errorf("%s expected '%s', got '%s'", test.Name, test.StopMessage, s)
continue
}
actions := fake.Actions()
if len(actions) != len(test.ExpectedActions) {
t.Errorf("%s unexpected actions: %v, expected %d actions got %d", test.Name, actions, len(test.ExpectedActions), len(actions))
continue
}
for i, verb := range test.ExpectedActions {
if actions[i].GetResource() != "jobs" {
t.Errorf("%s unexpected action: %+v, expected %s-job", test.Name, actions[i], verb)
}
if actions[i].GetVerb() != verb {
t.Errorf("%s unexpected action: %+v, expected %s-job", test.Name, actions[i], verb)
}
}
}
}
func TestTokenCreation(t *testing.T) {
testcases := map[string]struct {
ClientObjects []runtime.Object
SecretsSyncPending bool
ServiceAccountsSyncPending bool
ExistingServiceAccount *api.ServiceAccount
ExistingSecrets []*api.Secret
AddedServiceAccount *api.ServiceAccount
UpdatedServiceAccount *api.ServiceAccount
DeletedServiceAccount *api.ServiceAccount
AddedSecret *api.Secret
UpdatedSecret *api.Secret
DeletedSecret *api.Secret
ExpectedActions []testclient.Action
}{
"new serviceaccount with no secrets": {
ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()},
AddedServiceAccount: serviceAccount(emptySecretReferences()),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()),
testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))),
},
},
"new serviceaccount with no secrets with unsynced secret store": {
ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()},
SecretsSyncPending: true,
AddedServiceAccount: serviceAccount(emptySecretReferences()),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()),
testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))),
},
},
"new serviceaccount with missing secrets": {
ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()},
AddedServiceAccount: serviceAccount(missingSecretReferences()),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()),
testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(missingSecretReferences()))),
},
},
"new serviceaccount with missing secrets with unsynced secret store": {
ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()},
SecretsSyncPending: true,
AddedServiceAccount: serviceAccount(missingSecretReferences()),
ExpectedActions: []testclient.Action{},
},
"new serviceaccount with non-token secrets": {
ClientObjects: []runtime.Object{serviceAccount(regularSecretReferences()), createdTokenSecret(), opaqueSecret()},
AddedServiceAccount: serviceAccount(regularSecretReferences()),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()),
testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(regularSecretReferences()))),
},
},
"new serviceaccount with token secrets": {
ClientObjects: []runtime.Object{serviceAccount(tokenSecretReferences()), serviceAccountTokenSecret()},
ExistingSecrets: []*api.Secret{serviceAccountTokenSecret()},
AddedServiceAccount: serviceAccount(tokenSecretReferences()),
ExpectedActions: []testclient.Action{},
},
"new serviceaccount with no secrets with resource conflict": {
ClientObjects: []runtime.Object{updatedServiceAccount(emptySecretReferences()), createdTokenSecret()},
AddedServiceAccount: serviceAccount(emptySecretReferences()),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
},
},
"updated serviceaccount with no secrets": {
ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()},
UpdatedServiceAccount: serviceAccount(emptySecretReferences()),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()),
testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))),
},
},
"updated serviceaccount with no secrets with unsynced secret store": {
ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()},
SecretsSyncPending: true,
UpdatedServiceAccount: serviceAccount(emptySecretReferences()),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()),
testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))),
},
},
"updated serviceaccount with missing secrets": {
ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()},
UpdatedServiceAccount: serviceAccount(missingSecretReferences()),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()),
testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(missingSecretReferences()))),
},
},
"updated serviceaccount with missing secrets with unsynced secret store": {
ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()},
SecretsSyncPending: true,
UpdatedServiceAccount: serviceAccount(missingSecretReferences()),
ExpectedActions: []testclient.Action{},
},
"updated serviceaccount with non-token secrets": {
ClientObjects: []runtime.Object{serviceAccount(regularSecretReferences()), createdTokenSecret(), opaqueSecret()},
UpdatedServiceAccount: serviceAccount(regularSecretReferences()),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()),
testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(regularSecretReferences()))),
},
},
"updated serviceaccount with token secrets": {
ExistingSecrets: []*api.Secret{serviceAccountTokenSecret()},
UpdatedServiceAccount: serviceAccount(tokenSecretReferences()),
ExpectedActions: []testclient.Action{},
},
"updated serviceaccount with no secrets with resource conflict": {
ClientObjects: []runtime.Object{updatedServiceAccount(emptySecretReferences()), createdTokenSecret()},
UpdatedServiceAccount: serviceAccount(emptySecretReferences()),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
},
},
"deleted serviceaccount with no secrets": {
DeletedServiceAccount: serviceAccount(emptySecretReferences()),
ExpectedActions: []testclient.Action{},
},
"deleted serviceaccount with missing secrets": {
DeletedServiceAccount: serviceAccount(missingSecretReferences()),
ExpectedActions: []testclient.Action{},
},
"deleted serviceaccount with non-token secrets": {
ClientObjects: []runtime.Object{opaqueSecret()},
DeletedServiceAccount: serviceAccount(regularSecretReferences()),
ExpectedActions: []testclient.Action{},
},
"deleted serviceaccount with token secrets": {
ClientObjects: []runtime.Object{serviceAccountTokenSecret()},
ExistingSecrets: []*api.Secret{serviceAccountTokenSecret()},
DeletedServiceAccount: serviceAccount(tokenSecretReferences()),
ExpectedActions: []testclient.Action{
testclient.NewDeleteAction("secrets", api.NamespaceDefault, "token-secret-1"),
},
},
"added secret without serviceaccount": {
ClientObjects: []runtime.Object{serviceAccountTokenSecret()},
AddedSecret: serviceAccountTokenSecret(),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
testclient.NewDeleteAction("secrets", api.NamespaceDefault, "token-secret-1"),
},
},
"added secret with serviceaccount": {
ExistingServiceAccount: serviceAccount(tokenSecretReferences()),
AddedSecret: serviceAccountTokenSecret(),
ExpectedActions: []testclient.Action{},
},
"added token secret without token data": {
ClientObjects: []runtime.Object{serviceAccountTokenSecretWithoutTokenData()},
ExistingServiceAccount: serviceAccount(tokenSecretReferences()),
AddedSecret: serviceAccountTokenSecretWithoutTokenData(),
ExpectedActions: []testclient.Action{
testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()),
},
},
"added token secret without ca data": {
ClientObjects: []runtime.Object{serviceAccountTokenSecretWithoutCAData()},
ExistingServiceAccount: serviceAccount(tokenSecretReferences()),
AddedSecret: serviceAccountTokenSecretWithoutCAData(),
ExpectedActions: []testclient.Action{
testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()),
},
},
"added token secret with mismatched ca data": {
ClientObjects: []runtime.Object{serviceAccountTokenSecretWithCAData([]byte("mismatched"))},
ExistingServiceAccount: serviceAccount(tokenSecretReferences()),
AddedSecret: serviceAccountTokenSecretWithCAData([]byte("mismatched")),
ExpectedActions: []testclient.Action{
testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()),
},
},
"updated secret without serviceaccount": {
ClientObjects: []runtime.Object{serviceAccountTokenSecret()},
UpdatedSecret: serviceAccountTokenSecret(),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
testclient.NewDeleteAction("secrets", api.NamespaceDefault, "token-secret-1"),
},
},
"updated secret with serviceaccount": {
ExistingServiceAccount: serviceAccount(tokenSecretReferences()),
UpdatedSecret: serviceAccountTokenSecret(),
ExpectedActions: []testclient.Action{},
},
"updated token secret without token data": {
ClientObjects: []runtime.Object{serviceAccountTokenSecretWithoutTokenData()},
ExistingServiceAccount: serviceAccount(tokenSecretReferences()),
UpdatedSecret: serviceAccountTokenSecretWithoutTokenData(),
ExpectedActions: []testclient.Action{
testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()),
},
},
"updated token secret without ca data": {
ClientObjects: []runtime.Object{serviceAccountTokenSecretWithoutCAData()},
ExistingServiceAccount: serviceAccount(tokenSecretReferences()),
UpdatedSecret: serviceAccountTokenSecretWithoutCAData(),
ExpectedActions: []testclient.Action{
testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()),
},
},
"updated token secret with mismatched ca data": {
ClientObjects: []runtime.Object{serviceAccountTokenSecretWithCAData([]byte("mismatched"))},
ExistingServiceAccount: serviceAccount(tokenSecretReferences()),
UpdatedSecret: serviceAccountTokenSecretWithCAData([]byte("mismatched")),
ExpectedActions: []testclient.Action{
testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()),
},
},
"deleted secret without serviceaccount": {
DeletedSecret: serviceAccountTokenSecret(),
ExpectedActions: []testclient.Action{},
},
"deleted secret with serviceaccount with reference": {
ClientObjects: []runtime.Object{serviceAccount(tokenSecretReferences())},
ExistingServiceAccount: serviceAccount(tokenSecretReferences()),
DeletedSecret: serviceAccountTokenSecret(),
ExpectedActions: []testclient.Action{
testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"),
testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(emptySecretReferences())),
},
},
"deleted secret with serviceaccount without reference": {
ExistingServiceAccount: serviceAccount(emptySecretReferences()),
DeletedSecret: serviceAccountTokenSecret(),
ExpectedActions: []testclient.Action{},
},
}
for k, tc := range testcases {
// Re-seed to reset name generation
utilrand.Seed(1)
generator := &testGenerator{Token: "ABC"}
client := testclient.NewSimpleFake(tc.ClientObjects...)
controller := NewTokensController(client, TokensControllerOptions{TokenGenerator: generator, RootCA: []byte("CA Data")})
// Tell the token controller whether its stores have been synced
controller.serviceAccountsSynced = func() bool { return !tc.ServiceAccountsSyncPending }
controller.secretsSynced = func() bool { return !tc.SecretsSyncPending }
if tc.ExistingServiceAccount != nil {
controller.serviceAccounts.Add(tc.ExistingServiceAccount)
}
for _, s := range tc.ExistingSecrets {
controller.secrets.Add(s)
}
if tc.AddedServiceAccount != nil {
controller.serviceAccountAdded(tc.AddedServiceAccount)
}
if tc.UpdatedServiceAccount != nil {
controller.serviceAccountUpdated(nil, tc.UpdatedServiceAccount)
}
if tc.DeletedServiceAccount != nil {
controller.serviceAccountDeleted(tc.DeletedServiceAccount)
}
if tc.AddedSecret != nil {
controller.secretAdded(tc.AddedSecret)
}
if tc.UpdatedSecret != nil {
controller.secretUpdated(nil, tc.UpdatedSecret)
}
if tc.DeletedSecret != nil {
controller.secretDeleted(tc.DeletedSecret)
}
actions := client.Actions()
for i, action := range actions {
if len(tc.ExpectedActions) < i+1 {
t.Errorf("%s: %d unexpected actions: %+v", k, len(actions)-len(tc.ExpectedActions), actions[i:])
break
}
expectedAction := tc.ExpectedActions[i]
if !reflect.DeepEqual(expectedAction, action) {
t.Errorf("%s: Expected\n\t%#v\ngot\n\t%#v", k, expectedAction, action)
continue
}
}
if len(tc.ExpectedActions) > len(actions) {
t.Errorf("%s: %d additional expected actions:%+v", k, len(tc.ExpectedActions)-len(actions), tc.ExpectedActions[len(actions):])
}
}
}
func TestIncrementUsagePodResources(t *testing.T) {
type testCase struct {
testName string
existing *api.Pod
input *api.Pod
resourceName api.ResourceName
hard resource.Quantity
expectedUsage resource.Quantity
expectedError bool
}
testCases := []testCase{
{
testName: "memory-allowed",
existing: validPod("a", 1, getResourceRequirements(getResourceList("", "100Mi"), getResourceList("", ""))),
input: validPod("b", 1, getResourceRequirements(getResourceList("", "100Mi"), getResourceList("", ""))),
resourceName: api.ResourceMemory,
hard: resource.MustParse("500Mi"),
expectedUsage: resource.MustParse("200Mi"),
expectedError: false,
},
{
testName: "memory-not-allowed",
existing: validPod("a", 1, getResourceRequirements(getResourceList("", "100Mi"), getResourceList("", ""))),
input: validPod("b", 1, getResourceRequirements(getResourceList("", "450Mi"), getResourceList("", ""))),
resourceName: api.ResourceMemory,
hard: resource.MustParse("500Mi"),
expectedError: true,
},
{
testName: "memory-not-allowed-with-different-format",
existing: validPod("a", 1, getResourceRequirements(getResourceList("", "100M"), getResourceList("", ""))),
input: validPod("b", 1, getResourceRequirements(getResourceList("", "450Mi"), getResourceList("", ""))),
resourceName: api.ResourceMemory,
hard: resource.MustParse("500Mi"),
expectedError: true,
},
{
testName: "memory-no-request",
existing: validPod("a", 1, getResourceRequirements(getResourceList("", "100Mi"), getResourceList("", ""))),
input: validPod("b", 1, getResourceRequirements(getResourceList("", ""), getResourceList("", ""))),
resourceName: api.ResourceMemory,
hard: resource.MustParse("500Mi"),
expectedError: true,
},
{
testName: "cpu-allowed",
existing: validPod("a", 1, getResourceRequirements(getResourceList("1", ""), getResourceList("", ""))),
input: validPod("b", 1, getResourceRequirements(getResourceList("1", ""), getResourceList("", ""))),
resourceName: api.ResourceCPU,
hard: resource.MustParse("2"),
expectedUsage: resource.MustParse("2"),
expectedError: false,
},
{
testName: "cpu-not-allowed",
existing: validPod("a", 1, getResourceRequirements(getResourceList("1", ""), getResourceList("", ""))),
input: validPod("b", 1, getResourceRequirements(getResourceList("600m", ""), getResourceList("", ""))),
resourceName: api.ResourceCPU,
hard: resource.MustParse("1500m"),
expectedError: true,
},
{
testName: "cpu-no-request",
existing: validPod("a", 1, getResourceRequirements(getResourceList("1", ""), getResourceList("", ""))),
input: validPod("b", 1, getResourceRequirements(getResourceList("", ""), getResourceList("", ""))),
resourceName: api.ResourceCPU,
hard: resource.MustParse("1500m"),
expectedError: true,
},
}
for _, item := range testCases {
podList := &api.PodList{Items: []api.Pod{*item.existing}}
client := testclient.NewSimpleFake(podList)
status := &api.ResourceQuotaStatus{
Hard: api.ResourceList{},
Used: api.ResourceList{},
}
used, err := resourcequotacontroller.PodRequests(item.existing, item.resourceName)
if err != nil {
t.Errorf("Test %s, unexpected error %v", item.testName, err)
}
status.Hard[item.resourceName] = item.hard
status.Used[item.resourceName] = *used
dirty, err := IncrementUsage(admission.NewAttributesRecord(item.input, "Pod", item.input.Namespace, item.input.Name, "pods", "", admission.Create, nil), status, client)
if err == nil && item.expectedError {
t.Errorf("Test %s, expected error", item.testName)
}
if err != nil && !item.expectedError {
t.Errorf("Test %s, unexpected error", err)
}
if !item.expectedError {
if !dirty {
t.Errorf("Test %s, expected the quota to be dirty", item.testName)
}
quantity := status.Used[item.resourceName]
if quantity.String() != item.expectedUsage.String() {
t.Errorf("Test %s, expected usage %s, actual usage %s", item.testName, item.expectedUsage.String(), quantity.String())
}
}
}
}
func TestSyncResourceQuota(t *testing.T) {
podList := api.PodList{
Items: []api.Pod{
{
ObjectMeta: api.ObjectMeta{Name: "pod-running"},
Status: api.PodStatus{Phase: api.PodRunning},
Spec: api.PodSpec{
Volumes: []api.Volume{{Name: "vol"}},
Containers: []api.Container{{Name: "ctr", Image: "image", Resources: getResourceRequirements(getResourceList("100m", "1Gi"), getResourceList("", ""))}},
},
},
{
ObjectMeta: api.ObjectMeta{Name: "pod-running-2"},
Status: api.PodStatus{Phase: api.PodRunning},
Spec: api.PodSpec{
Volumes: []api.Volume{{Name: "vol"}},
Containers: []api.Container{{Name: "ctr", Image: "image", Resources: getResourceRequirements(getResourceList("100m", "1Gi"), getResourceList("", ""))}},
},
},
{
ObjectMeta: api.ObjectMeta{Name: "pod-failed"},
Status: api.PodStatus{Phase: api.PodFailed},
Spec: api.PodSpec{
Volumes: []api.Volume{{Name: "vol"}},
Containers: []api.Container{{Name: "ctr", Image: "image", Resources: getResourceRequirements(getResourceList("100m", "1Gi"), getResourceList("", ""))}},
},
},
},
}
quota := api.ResourceQuota{
Spec: api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("3"),
api.ResourceMemory: resource.MustParse("100Gi"),
api.ResourcePods: resource.MustParse("5"),
},
},
}
expectedUsage := api.ResourceQuota{
Status: api.ResourceQuotaStatus{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("3"),
api.ResourceMemory: resource.MustParse("100Gi"),
api.ResourcePods: resource.MustParse("5"),
},
Used: api.ResourceList{
api.ResourceCPU: resource.MustParse("200m"),
api.ResourceMemory: resource.MustParse("2Gi"),
api.ResourcePods: resource.MustParse("2"),
},
},
}
kubeClient := testclient.NewSimpleFake(&podList, "a)
ResourceQuotaController := NewResourceQuotaController(kubeClient)
err := ResourceQuotaController.syncResourceQuota(quota)
if err != nil {
t.Fatalf("Unexpected error %v", err)
}
usage := kubeClient.Actions()[1].(testclient.UpdateAction).GetObject().(*api.ResourceQuota)
// ensure hard and used limits are what we expected
for k, v := range expectedUsage.Status.Hard {
actual := usage.Status.Hard[k]
actualValue := actual.String()
expectedValue := v.String()
if expectedValue != actualValue {
t.Errorf("Usage Hard: Key: %v, Expected: %v, Actual: %v", k, expectedValue, actualValue)
}
}
for k, v := range expectedUsage.Status.Used {
actual := usage.Status.Used[k]
actualValue := actual.String()
expectedValue := v.String()
if expectedValue != actualValue {
t.Errorf("Usage Used: Key: %v, Expected: %v, Actual: %v", k, expectedValue, actualValue)
}
}
}
