func TestIgnoresNonCreate(t *testing.T) { pod := &api.Pod{} for _, op := range []admission.Operation{admission.Update, admission.Delete, admission.Connect} { attrs := admission.NewAttributesRecord(pod, nil, api.Kind("Pod").WithVersion("version"), "myns", "myname", api.Resource("pods").WithVersion("version"), "", op, nil) handler := admission.NewChainHandler(NewServiceAccount()) err := handler.Admit(attrs) if err != nil { t.Errorf("Expected %s operation allowed, got err: %v", op, err) } } }
// TestIgnoreAdmission validates that a request is ignored if its not a create func TestIgnoreAdmission(t *testing.T) { namespace := "test" mockClient := newMockClientForTest([]string{}) handler, informerFactory, err := newHandlerForTest(mockClient) if err != nil { t.Errorf("unexpected error initializing handler: %v", err) } informerFactory.Start(wait.NeverStop) chainHandler := admission.NewChainHandler(handler) pod := newPod(namespace) err = chainHandler.Admit(admission.NewAttributesRecord(&pod, nil, api.Kind("Pod").WithVersion("version"), pod.Namespace, pod.Name, api.Resource("pods").WithVersion("version"), "", admission.Update, nil)) if err != nil { t.Errorf("unexpected error returned from admission handler") } if hasCreateNamespaceAction(mockClient) { t.Errorf("unexpected create namespace action") } }
// TestAdmission func TestAdmission(t *testing.T) { pvHandler := NewPersistentVolumeLabel() handler := admission.NewChainHandler(pvHandler) ignoredPV := api.PersistentVolume{ ObjectMeta: metav1.ObjectMeta{Name: "noncloud", Namespace: "myns"}, Spec: api.PersistentVolumeSpec{ PersistentVolumeSource: api.PersistentVolumeSource{ HostPath: &api.HostPathVolumeSource{ Path: "/", }, }, }, } awsPV := api.PersistentVolume{ ObjectMeta: metav1.ObjectMeta{Name: "noncloud", Namespace: "myns"}, Spec: api.PersistentVolumeSpec{ PersistentVolumeSource: api.PersistentVolumeSource{ AWSElasticBlockStore: &api.AWSElasticBlockStoreVolumeSource{ VolumeID: "123", }, }, }, } // Non-cloud PVs are ignored err := handler.Admit(admission.NewAttributesRecord(&ignoredPV, nil, api.Kind("PersistentVolume").WithVersion("version"), ignoredPV.Namespace, ignoredPV.Name, api.Resource("persistentvolumes").WithVersion("version"), "", admission.Create, nil)) if err != nil { t.Errorf("Unexpected error returned from admission handler (on ignored pv): %v", err) } // We only add labels on creation err = handler.Admit(admission.NewAttributesRecord(&awsPV, nil, api.Kind("PersistentVolume").WithVersion("version"), awsPV.Namespace, awsPV.Name, api.Resource("persistentvolumes").WithVersion("version"), "", admission.Delete, nil)) if err != nil { t.Errorf("Unexpected error returned from admission handler (when deleting aws pv): %v", err) } // Errors from the cloudprovider block creation of the volume pvHandler.ebsVolumes = mockVolumeFailure(fmt.Errorf("invalid volume")) err = handler.Admit(admission.NewAttributesRecord(&awsPV, nil, api.Kind("PersistentVolume").WithVersion("version"), awsPV.Namespace, awsPV.Name, api.Resource("persistentvolumes").WithVersion("version"), "", admission.Create, nil)) if err == nil { t.Errorf("Expected error when aws pv info fails") } // Don't add labels if the cloudprovider doesn't return any labels := make(map[string]string) pvHandler.ebsVolumes = mockVolumeLabels(labels) err = handler.Admit(admission.NewAttributesRecord(&awsPV, nil, api.Kind("PersistentVolume").WithVersion("version"), awsPV.Namespace, awsPV.Name, api.Resource("persistentvolumes").WithVersion("version"), "", admission.Create, nil)) if err != nil { t.Errorf("Expected no error when creating aws pv") } if len(awsPV.ObjectMeta.Labels) != 0 { t.Errorf("Unexpected number of labels") } // Don't panic if the cloudprovider returns nil, nil pvHandler.ebsVolumes = mockVolumeFailure(nil) err = handler.Admit(admission.NewAttributesRecord(&awsPV, nil, api.Kind("PersistentVolume").WithVersion("version"), awsPV.Namespace, awsPV.Name, api.Resource("persistentvolumes").WithVersion("version"), "", admission.Create, nil)) if err != nil { t.Errorf("Expected no error when cloud provider returns empty labels") } // Labels from the cloudprovider should be applied to the volume labels = make(map[string]string) labels["a"] = "1" labels["b"] = "2" pvHandler.ebsVolumes = mockVolumeLabels(labels) err = handler.Admit(admission.NewAttributesRecord(&awsPV, nil, api.Kind("PersistentVolume").WithVersion("version"), awsPV.Namespace, awsPV.Name, api.Resource("persistentvolumes").WithVersion("version"), "", admission.Create, nil)) if err != nil { t.Errorf("Expected no error when creating aws pv") } if awsPV.Labels["a"] != "1" || awsPV.Labels["b"] != "2" { t.Errorf("Expected label a to be added when creating aws pv") } // User-provided labels should be honored, but cloudprovider labels replace them when they overlap awsPV.ObjectMeta.Labels = make(map[string]string) awsPV.ObjectMeta.Labels["a"] = "not1" awsPV.ObjectMeta.Labels["c"] = "3" err = handler.Admit(admission.NewAttributesRecord(&awsPV, nil, api.Kind("PersistentVolume").WithVersion("version"), awsPV.Namespace, awsPV.Name, api.Resource("persistentvolumes").WithVersion("version"), "", admission.Create, nil)) if err != nil { t.Errorf("Expected no error when creating aws pv") } if awsPV.Labels["a"] != "1" || awsPV.Labels["b"] != "2" { t.Errorf("Expected cloudprovider labels to replace user labels when creating aws pv") } if awsPV.Labels["c"] != "3" { t.Errorf("Expected (non-conflicting) user provided labels to be honored when creating aws pv") } }