func TestMissingSecrets(t *testing.T) { g, _, err := osgraphtest.BuildGraph("../../../api/graph/test/bad_secret_refs.yaml") if err != nil { t.Fatalf("unexpected error: %v", err) } kubeedges.AddAllRequestedServiceAccountEdges(g) kubeedges.AddAllMountableSecretEdges(g) kubeedges.AddAllMountedSecretEdges(g) markers := FindMissingSecrets(g, osgraph.DefaultNamer) if e, a := 1, len(markers); e != a { t.Fatalf("expected %v, got %v", e, a) } actualDC := osgraph.GetTopLevelContainerNode(g, markers[0].Node) expectedDC := g.Find(osgraph.UniqueName("DeploymentConfig|/docker-nfs-server")) if e, a := expectedDC.ID(), actualDC.ID(); e != a { t.Errorf("expected %v, got %v", e, a) } actualSecret := markers[0].RelatedNodes[0] expectedSecret := g.Find(osgraph.UniqueName("Secret|/missing-secret")) if e, a := expectedSecret.ID(), actualSecret.ID(); e != a { t.Errorf("expected %v, got %v", e, a) } }
func (d *ProjectStatusDescriber) MakeGraph(namespace string) (osgraph.Graph, sets.String, error) { g := osgraph.New() loaders := []GraphLoader{ &serviceLoader{namespace: namespace, lister: d.K}, &serviceAccountLoader{namespace: namespace, lister: d.K}, &secretLoader{namespace: namespace, lister: d.K}, &rcLoader{namespace: namespace, lister: d.K}, &podLoader{namespace: namespace, lister: d.K}, // TODO check swagger for feature enablement and selectively add bcLoader and buildLoader // then remove errors.TolerateNotFoundError method. &bcLoader{namespace: namespace, lister: d.C}, &buildLoader{namespace: namespace, lister: d.C}, &isLoader{namespace: namespace, lister: d.C}, &dcLoader{namespace: namespace, lister: d.C}, &routeLoader{namespace: namespace, lister: d.C}, } loadingFuncs := []func() error{} for _, loader := range loaders { loadingFuncs = append(loadingFuncs, loader.Load) } forbiddenResources := sets.String{} if errs := parallel.Run(loadingFuncs...); len(errs) > 0 { actualErrors := []error{} for _, err := range errs { if kapierrors.IsForbidden(err) { forbiddenErr := err.(*kapierrors.StatusError) if (forbiddenErr.Status().Details != nil) && (len(forbiddenErr.Status().Details.Kind) > 0) { forbiddenResources.Insert(forbiddenErr.Status().Details.Kind) } continue } actualErrors = append(actualErrors, err) } if len(actualErrors) > 0 { return g, forbiddenResources, utilerrors.NewAggregate(actualErrors) } } for _, loader := range loaders { loader.AddToGraph(g) } kubeedges.AddAllExposedPodTemplateSpecEdges(g) kubeedges.AddAllExposedPodEdges(g) kubeedges.AddAllManagedByRCPodEdges(g) kubeedges.AddAllRequestedServiceAccountEdges(g) kubeedges.AddAllMountableSecretEdges(g) kubeedges.AddAllMountedSecretEdges(g) buildedges.AddAllInputOutputEdges(g) buildedges.AddAllBuildEdges(g) deployedges.AddAllTriggerEdges(g) deployedges.AddAllDeploymentEdges(g) imageedges.AddAllImageStreamRefEdges(g) routeedges.AddAllRouteEdges(g) return g, forbiddenResources, nil }
func TestCheckMountedSecrets(t *testing.T) { g, objs, err := osgraphtest.BuildGraph("../../../api/graph/test/bad_secret_refs.yaml") if err != nil { t.Fatalf("unexpected error: %v", err) } var dc *deployapi.DeploymentConfig for _, obj := range objs { if currDC, ok := obj.(*deployapi.DeploymentConfig); ok { if dc != nil { t.Errorf("got more than one dc: %v", currDC) } dc = currDC } } kubeedges.AddAllRequestedServiceAccountEdges(g) kubeedges.AddAllMountableSecretEdges(g) kubeedges.AddAllMountedSecretEdges(g) dcNode := g.Find(deploygraph.DeploymentConfigNodeName(dc)) unmountable, missing := CheckMountedSecrets(g, dcNode.(*deploygraph.DeploymentConfigNode)) if e, a := 2, len(unmountable); e != a { t.Fatalf("expected %v, got %v", e, a) } if e, a := 1, len(missing); e != a { t.Fatalf("expected %v, got %v", e, a) } if e, a := "missing-secret", missing[0].Name; e != a { t.Fatalf("expected %v, got %v", e, a) } }
func TestUnmountableSecrets(t *testing.T) { g, _, err := osgraphtest.BuildGraph("../../../api/graph/test/bad_secret_refs.yaml") if err != nil { t.Fatalf("unexpected error: %v", err) } kubeedges.AddAllRequestedServiceAccountEdges(g) kubeedges.AddAllMountableSecretEdges(g) kubeedges.AddAllMountedSecretEdges(g) markers := FindUnmountableSecrets(g, osgraph.DefaultNamer) if e, a := 2, len(markers); e != a { t.Errorf("expected %v, got %v", e, a) } expectedSecret1 := g.Find(osgraph.UniqueName("Secret|/missing-secret")) expectedSecret2 := g.Find(osgraph.UniqueName("Secret|/unmountable-secret")) found1 := false found2 := false for i := 0; i < 2; i++ { actualDC := osgraph.GetTopLevelContainerNode(g, markers[i].Node) expectedDC := g.Find(osgraph.UniqueName("DeploymentConfig|/docker-nfs-server")) if e, a := expectedDC.ID(), actualDC.ID(); e != a { t.Errorf("expected %v, got %v", e, a) } actualSecret := markers[i].RelatedNodes[0] if e, a := expectedSecret1.ID(), actualSecret.ID(); e == a { found1 = true } if e, a := expectedSecret2.ID(), actualSecret.ID(); e == a { found2 = true } } if !found1 { t.Errorf("expected %v, got %v", expectedSecret1, markers) } if !found2 { t.Errorf("expected %v, got %v", expectedSecret2, markers) } }
func (d *ProjectStatusDescriber) MakeGraph(namespace string) (osgraph.Graph, error) { g := osgraph.New() loaders := []GraphLoader{ &serviceLoader{namespace: namespace, lister: d.K}, &serviceAccountLoader{namespace: namespace, lister: d.K}, &secretLoader{namespace: namespace, lister: d.K}, &rcLoader{namespace: namespace, lister: d.K}, &podLoader{namespace: namespace, lister: d.K}, &bcLoader{namespace: namespace, lister: d.C}, &buildLoader{namespace: namespace, lister: d.C}, &isLoader{namespace: namespace, lister: d.C}, &dcLoader{namespace: namespace, lister: d.C}, } loadingFuncs := []func() error{} for _, loader := range loaders { loadingFuncs = append(loadingFuncs, loader.Load) } if errs := parallel.Run(loadingFuncs...); len(errs) > 0 { return g, utilerrors.NewAggregate(errs) } for _, loader := range loaders { loader.AddToGraph(g) } kubeedges.AddAllExposedPodTemplateSpecEdges(g) kubeedges.AddAllExposedPodEdges(g) kubeedges.AddAllManagedByRCPodEdges(g) kubeedges.AddAllRequestedServiceAccountEdges(g) kubeedges.AddAllMountableSecretEdges(g) kubeedges.AddAllMountedSecretEdges(g) buildedges.AddAllInputOutputEdges(g) buildedges.AddAllBuildEdges(g) deployedges.AddAllTriggerEdges(g) deployedges.AddAllDeploymentEdges(g) imageedges.AddAllImageStreamRefEdges(g) return g, nil }