func TestAdmission(t *testing.T) {
testCases := []struct {
name string
attributes admission.Attributes
expectFailure bool
}{
{
name: "reject ownerref",
attributes: admission.NewAttributesRecord(&kapi.Pod{ObjectMeta: kapi.ObjectMeta{OwnerReferences: []kapi.OwnerReference{{}}}},
nil, unversioned.GroupVersionKind{}, "", "", unversioned.GroupVersionResource{}, "", admission.Create, nil),
expectFailure: true,
},
{
name: "reject finalizer",
attributes: admission.NewAttributesRecord(&kapi.Pod{ObjectMeta: kapi.ObjectMeta{Finalizers: []string{""}}},
nil, unversioned.GroupVersionKind{}, "", "", unversioned.GroupVersionResource{}, "", admission.Create, nil),
expectFailure: true,
},
{
name: "allow",
attributes: admission.NewAttributesRecord(&kapi.Pod{},
nil, unversioned.GroupVersionKind{}, "", "", unversioned.GroupVersionResource{}, "", admission.Create, nil),
},
}
for _, tc := range testCases {
admission, err := NewOwnerReferenceBlocker()
if err != nil {
t.Errorf("%v: unexpected error: %v", tc.name, err)
continue
}
admissionErr := admission.Admit(tc.attributes)
if admissionErr == nil && tc.expectFailure {
t.Errorf("%v: missing error", tc.name)
continue
}
if admissionErr != nil && !tc.expectFailure {
t.Errorf("%v: unexpected error: %v", tc.name, admissionErr)
continue
}
}
}
func TestAdmission(t *testing.T) {
enableBuild := &buildapi.Build{Spec: buildapi.BuildSpec{CommonSpec: buildapi.CommonSpec{Strategy: buildapi.BuildStrategy{JenkinsPipelineStrategy: &buildapi.JenkinsPipelineBuildStrategy{}}}}}
testCases := []struct {
name string
objects []runtime.Object
jenkinsEnabled *bool
attributes admission.Attributes
expectedErr string
validateClients func(kubeClient *fake.Clientset, originClient *testclient.Fake) string
}{
{
name: "disabled",
attributes: admission.NewAttributesRecord(enableBuild, nil, unversioned.GroupVersionKind{}, "namespace", "name", buildapi.SchemeGroupVersion.WithResource("builds"), "", admission.Create, &user.DefaultInfo{}),
jenkinsEnabled: boolptr(false),
validateClients: noAction,
},
{
name: "disabled default",
attributes: admission.NewAttributesRecord(enableBuild, nil, unversioned.GroupVersionKind{}, "namespace", "name", buildapi.SchemeGroupVersion.WithResource("builds"), "", admission.Create, &user.DefaultInfo{}),
validateClients: noAction,
},
{
name: "not a jenkins build",
attributes: admission.NewAttributesRecord(&buildapi.Build{Spec: buildapi.BuildSpec{CommonSpec: buildapi.CommonSpec{Strategy: buildapi.BuildStrategy{}}}}, nil, unversioned.GroupVersionKind{}, "namespace", "name", buildapi.SchemeGroupVersion.WithResource("builds"), "", admission.Create, &user.DefaultInfo{}),
jenkinsEnabled: boolptr(true),
validateClients: noAction,
},
{
name: "not a build kind",
attributes: admission.NewAttributesRecord(&kapi.Service{}, nil, unversioned.GroupVersionKind{}, "namespace", "name", buildapi.SchemeGroupVersion.WithResource("builds"), "", admission.Create, &user.DefaultInfo{}),
jenkinsEnabled: boolptr(true),
validateClients: noAction,
},
{
name: "not a build resource",
attributes: admission.NewAttributesRecord(enableBuild, nil, unversioned.GroupVersionKind{}, "namespace", "name", buildapi.SchemeGroupVersion.WithResource("notbuilds"), "", admission.Create, &user.DefaultInfo{}),
jenkinsEnabled: boolptr(true),
validateClients: noAction,
},
{
name: "subresource",
attributes: admission.NewAttributesRecord(enableBuild, nil, unversioned.GroupVersionKind{}, "namespace", "name", buildapi.SchemeGroupVersion.WithResource("builds"), "subresource", admission.Create, &user.DefaultInfo{}),
jenkinsEnabled: boolptr(true),
validateClients: noAction,
},
{
name: "service present",
attributes: admission.NewAttributesRecord(enableBuild, nil, unversioned.GroupVersionKind{}, "namespace", "name", buildapi.SchemeGroupVersion.WithResource("builds"), "", admission.Create, &user.DefaultInfo{}),
jenkinsEnabled: boolptr(true),
objects: []runtime.Object{
&kapi.Service{ObjectMeta: kapi.ObjectMeta{Namespace: "namespace", Name: "jenkins"}},
},
validateClients: func(kubeClient *fake.Clientset, originClient *testclient.Fake) string {
if len(kubeClient.Actions()) == 1 && kubeClient.Actions()[0].Matches("get", "services") {
return ""
}
return fmt.Sprintf("missing get service in: %v", kubeClient.Actions())
},
},
{
name: "works on true",
attributes: admission.NewAttributesRecord(enableBuild, nil, unversioned.GroupVersionKind{}, "namespace", "name", buildapi.SchemeGroupVersion.WithResource("builds"), "", admission.Create, &user.DefaultInfo{}),
objects: []runtime.Object{
&kapi.Service{ObjectMeta: kapi.ObjectMeta{Namespace: "namespace", Name: "jenkins"}},
},
jenkinsEnabled: boolptr(true),
validateClients: func(kubeClient *fake.Clientset, originClient *testclient.Fake) string {
if len(kubeClient.Actions()) == 1 && kubeClient.Actions()[0].Matches("get", "services") {
return ""
}
return fmt.Sprintf("missing get service in: %v", kubeClient.Actions())
},
},
{
name: "service missing",
attributes: admission.NewAttributesRecord(enableBuild, nil, unversioned.GroupVersionKind{}, "namespace", "name", buildapi.SchemeGroupVersion.WithResource("builds"), "", admission.Create, &user.DefaultInfo{}),
jenkinsEnabled: boolptr(true),
objects: []runtime.Object{},
validateClients: func(kubeClient *fake.Clientset, originClient *testclient.Fake) string {
if len(kubeClient.Actions()) == 0 {
return fmt.Sprintf("missing get service in: %v", kubeClient.Actions())
}
if !kubeClient.Actions()[0].Matches("get", "services") {
return fmt.Sprintf("missing get service in: %v", kubeClient.Actions())
}
if len(originClient.Actions()) == 0 {
return fmt.Sprintf("missing get template in: %v", originClient.Actions())
}
if !originClient.Actions()[0].Matches("get", "templates") {
return fmt.Sprintf("missing get template in: %v", originClient.Actions())
}
return ""
},
expectedErr: "Jenkins pipeline template / not found",
},
}
for _, tc := range testCases {
kubeClient := fake.NewSimpleClientset(tc.objects...)
originClient := testclient.NewSimpleFake(tc.objects...)
admission := NewJenkinsBootstrapper(kubeClient.Core()).(*jenkinsBootstrapper)
admission.openshiftClient = originClient
admission.jenkinsConfig = configapi.JenkinsPipelineConfig{
AutoProvisionEnabled: tc.jenkinsEnabled,
ServiceName: "jenkins",
}
err := admission.Admit(tc.attributes)
switch {
case len(tc.expectedErr) == 0 && err == nil:
case len(tc.expectedErr) == 0 && err != nil:
t.Errorf("%s: unexpected error: %v", tc.name, err)
case len(tc.expectedErr) != 0 && err == nil:
t.Errorf("%s: missing error: %v", tc.name, tc.expectedErr)
case len(tc.expectedErr) != 0 && err != nil && !strings.Contains(err.Error(), tc.expectedErr):
t.Errorf("%s: missing error: expected %v, got %v", tc.name, tc.expectedErr, err)
}
if tc.validateClients != nil {
if err := tc.validateClients(kubeClient, originClient); len(err) != 0 {
t.Errorf("%s: unexpected error: %v", tc.name, err)
}
}
}
}