func TestIncrementUsageReplicationControllers(t *testing.T) { namespace := "default" client := testclient.NewSimpleFake(&api.ReplicationControllerList{ Items: []api.ReplicationController{ { ObjectMeta: api.ObjectMeta{Name: "123", Namespace: namespace}, }, }, }) status := &api.ResourceQuotaStatus{ Hard: api.ResourceList{}, Used: api.ResourceList{}, } r := api.ResourceReplicationControllers status.Hard[r] = resource.MustParse("2") status.Used[r] = resource.MustParse("1") dirty, err := IncrementUsage(admission.NewAttributesRecord(&api.ReplicationController{}, "ReplicationController", namespace, "name", "replicationcontrollers", "", admission.Create, nil), status, client) if err != nil { t.Errorf("Unexpected error: %v", err) } if !dirty { t.Errorf("Expected the status to get incremented, therefore should have been dirty") } quantity := status.Used[r] if quantity.Value() != int64(2) { t.Errorf("Expected new item count to be 2, but was %s", quantity.String()) } }
func TestSyncResourceQuotaNoChange(t *testing.T) { quota := api.ResourceQuota{ Spec: api.ResourceQuotaSpec{ Hard: api.ResourceList{ api.ResourceCPU: resource.MustParse("4"), }, }, Status: api.ResourceQuotaStatus{ Hard: api.ResourceList{ api.ResourceCPU: resource.MustParse("4"), }, Used: api.ResourceList{ api.ResourceCPU: resource.MustParse("0"), }, }, } kubeClient := testclient.NewSimpleFake(&api.PodList{}, "a) ResourceQuotaController := NewResourceQuotaController(kubeClient) err := ResourceQuotaController.syncResourceQuota(quota) if err != nil { t.Fatalf("Unexpected error %v", err) } actions := kubeClient.Actions() if len(actions) != 1 && !actions[0].Matches("list", "pods") { t.Errorf("SyncResourceQuota made an unexpected client action when state was not dirty: %v", kubeClient.Actions) } }
func TestName(t *testing.T) { var ( testPodUID = types.UID("test_pod_uid") testVolumeName = "test_name" testNamespace = "test_metadata_namespace" testName = "test_metadata_name" ) volumeSpec := &api.Volume{ Name: testVolumeName, VolumeSource: api.VolumeSource{ DownwardAPI: &api.DownwardAPIVolumeSource{ Items: []api.DownwardAPIVolumeFile{ {Path: "name_file_name", FieldRef: api.ObjectFieldSelector{ FieldPath: "metadata.name"}}}}, }, } fake := testclient.NewSimpleFake(&api.Pod{ ObjectMeta: api.ObjectMeta{ Name: testName, Namespace: testNamespace, }, }) pluginMgr := volume.VolumePluginMgr{} pluginMgr.InitPlugins(ProbeVolumePlugins(), newTestHost(t, fake)) plugin, err := pluginMgr.FindPluginByName(downwardAPIPluginName) if err != nil { t.Errorf("Can't find the plugin by name") } pod := &api.Pod{ObjectMeta: api.ObjectMeta{UID: testPodUID, Name: testName}} builder, err := plugin.NewBuilder(volume.NewSpecFromVolume(volumeSpec), pod, volume.VolumeOptions{}) if err != nil { t.Errorf("Failed to make a new Builder: %v", err) } if builder == nil { t.Errorf("Got a nil Builder") } volumePath := builder.GetPath() err = builder.SetUp() if err != nil { t.Errorf("Failed to setup volume: %v", err) } var data []byte data, err = ioutil.ReadFile(path.Join(volumePath, "name_file_name")) if err != nil { t.Errorf(err.Error()) } if string(data) != testName { t.Errorf("Found `%s` expected %s", string(data), testName) } CleanEverything(plugin, testVolumeName, volumePath, testPodUID, t) }
func TestLimitRangerIgnoresSubresource(t *testing.T) { client := testclient.NewSimpleFake() indexer := cache.NewIndexer(cache.MetaNamespaceKeyFunc, cache.Indexers{"namespace": cache.MetaNamespaceIndexFunc}) handler := &limitRanger{ Handler: admission.NewHandler(admission.Create, admission.Update), client: client, limitFunc: Limit, indexer: indexer, } limitRange := validLimitRangeNoDefaults() testPod := validPod("testPod", 1, api.ResourceRequirements{}) indexer.Add(&limitRange) err := handler.Admit(admission.NewAttributesRecord(&testPod, "Pod", limitRange.Namespace, "testPod", "pods", "", admission.Update, nil)) if err == nil { t.Errorf("Expected an error since the pod did not specify resource limits in its update call") } err = handler.Admit(admission.NewAttributesRecord(&testPod, "Pod", limitRange.Namespace, "testPod", "pods", "status", admission.Update, nil)) if err != nil { t.Errorf("Should have ignored calls to any subresource of pod %v", err) } }
func TestSyncResourceQuotaSpecChange(t *testing.T) { quota := api.ResourceQuota{ Spec: api.ResourceQuotaSpec{ Hard: api.ResourceList{ api.ResourceCPU: resource.MustParse("4"), }, }, Status: api.ResourceQuotaStatus{ Hard: api.ResourceList{ api.ResourceCPU: resource.MustParse("3"), }, Used: api.ResourceList{ api.ResourceCPU: resource.MustParse("0"), }, }, } expectedUsage := api.ResourceQuota{ Status: api.ResourceQuotaStatus{ Hard: api.ResourceList{ api.ResourceCPU: resource.MustParse("4"), }, Used: api.ResourceList{ api.ResourceCPU: resource.MustParse("0"), }, }, } kubeClient := testclient.NewSimpleFake("a) ResourceQuotaController := NewResourceQuotaController(kubeClient) err := ResourceQuotaController.syncResourceQuota(quota) if err != nil { t.Fatalf("Unexpected error %v", err) } usage := kubeClient.Actions()[1].(testclient.UpdateAction).GetObject().(*api.ResourceQuota) // ensure hard and used limits are what we expected for k, v := range expectedUsage.Status.Hard { actual := usage.Status.Hard[k] actualValue := actual.String() expectedValue := v.String() if expectedValue != actualValue { t.Errorf("Usage Hard: Key: %v, Expected: %v, Actual: %v", k, expectedValue, actualValue) } } for k, v := range expectedUsage.Status.Used { actual := usage.Status.Used[k] actualValue := actual.String() expectedValue := v.String() if expectedValue != actualValue { t.Errorf("Usage Used: Key: %v, Expected: %v, Actual: %v", k, expectedValue, actualValue) } } }
// Test the case where the 'ready' file has been created and the pod volume dir // is a mountpoint. Mount should not be called. func TestPluginIdempotent(t *testing.T) { var ( testPodUID = types.UID("test_pod_uid2") testVolumeName = "test_volume_name" testNamespace = "test_secret_namespace" testName = "test_secret_name" volumeSpec = volumeSpec(testVolumeName, testName) secret = secret(testNamespace, testName) client = testclient.NewSimpleFake(&secret) pluginMgr = volume.VolumePluginMgr{} rootDir, host = newTestHost(t, client) ) pluginMgr.InitPlugins(ProbeVolumePlugins(), host) plugin, err := pluginMgr.FindPluginByName(secretPluginName) if err != nil { t.Errorf("Can't find the plugin by name") } podVolumeDir := fmt.Sprintf("%v/pods/test_pod_uid2/volumes/kubernetes.io~secret/test_volume_name", rootDir) podMetadataDir := fmt.Sprintf("%v/pods/test_pod_uid2/plugins/kubernetes.io~secret/test_volume_name", rootDir) pod := &api.Pod{ObjectMeta: api.ObjectMeta{UID: testPodUID}} mounter := host.GetMounter().(*mount.FakeMounter) mounter.MountPoints = []mount.MountPoint{ { Path: podVolumeDir, }, } util.SetReady(podMetadataDir) builder, err := plugin.NewBuilder(volume.NewSpecFromVolume(volumeSpec), pod, volume.VolumeOptions{}) if err != nil { t.Errorf("Failed to make a new Builder: %v", err) } if builder == nil { t.Errorf("Got a nil Builder") } volumePath := builder.GetPath() err = builder.SetUp() if err != nil { t.Errorf("Failed to setup volume: %v", err) } if len(mounter.Log) != 0 { t.Errorf("Unexpected calls made to mounter: %v", mounter.Log) } if _, err := os.Stat(volumePath); err != nil { if !os.IsNotExist(err) { t.Errorf("SetUp() failed unexpectedly: %v", err) } } else { t.Errorf("volume path should not exist: %v", volumePath) } }
// Test the case where the plugin's ready file exists, but the volume dir is not a // mountpoint, which is the state the system will be in after reboot. The dir // should be mounter and the secret data written to it. func TestPluginReboot(t *testing.T) { var ( testPodUID = types.UID("test_pod_uid3") testVolumeName = "test_volume_name" testNamespace = "test_secret_namespace" testName = "test_secret_name" volumeSpec = volumeSpec(testVolumeName, testName) secret = secret(testNamespace, testName) client = testclient.NewSimpleFake(&secret) pluginMgr = volume.VolumePluginMgr{} rootDir, host = newTestHost(t, client) ) pluginMgr.InitPlugins(ProbeVolumePlugins(), host) plugin, err := pluginMgr.FindPluginByName(secretPluginName) if err != nil { t.Errorf("Can't find the plugin by name") } pod := &api.Pod{ObjectMeta: api.ObjectMeta{UID: testPodUID}} builder, err := plugin.NewBuilder(volume.NewSpecFromVolume(volumeSpec), pod, volume.VolumeOptions{}) if err != nil { t.Errorf("Failed to make a new Builder: %v", err) } if builder == nil { t.Errorf("Got a nil Builder") } podMetadataDir := fmt.Sprintf("%v/pods/test_pod_uid3/plugins/kubernetes.io~secret/test_volume_name", rootDir) util.SetReady(podMetadataDir) volumePath := builder.GetPath() if !strings.HasSuffix(volumePath, fmt.Sprintf("pods/test_pod_uid3/volumes/kubernetes.io~secret/test_volume_name")) { t.Errorf("Got unexpected path: %s", volumePath) } err = builder.SetUp() if err != nil { t.Errorf("Failed to setup volume: %v", err) } if _, err := os.Stat(volumePath); err != nil { if os.IsNotExist(err) { t.Errorf("SetUp() failed, volume path not created: %s", volumePath) } else { t.Errorf("SetUp() failed: %v", err) } } doTestSecretDataInVolume(volumePath, secret, t) doTestCleanAndTeardown(plugin, testPodUID, testVolumeName, volumePath, t) }
func TestSyncBatch(t *testing.T) { syncer := newTestManager() syncer.kubeClient = testclient.NewSimpleFake(testPod) syncer.SetPodStatus(testPod, getRandomPodStatus()) err := syncer.syncBatch() if err != nil { t.Errorf("unexpected syncing error: %v", err) } verifyActions(t, syncer.kubeClient, []testclient.Action{ testclient.GetActionImpl{ActionImpl: testclient.ActionImpl{Verb: "get", Resource: "pods"}}, testclient.UpdateActionImpl{ActionImpl: testclient.ActionImpl{Verb: "update", Resource: "pods", Subresource: "status"}}, }, ) }
func TestDeniesInvalidServiceAccount(t *testing.T) { ns := "myns" // Build a test client that the admission plugin can use to look up the service account missing from its cache client := testclient.NewSimpleFake() admit := NewServiceAccount(client) pod := &api.Pod{} attrs := admission.NewAttributesRecord(pod, "Pod", ns, "myname", string(api.ResourcePods), "", admission.Create, nil) err := admit.Admit(attrs) if err == nil { t.Errorf("Expected error for missing service account, got none") } }
func TestSyncBatchChecksMismatchedUID(t *testing.T) { syncer := newTestManager() testPod.UID = "first" differentPod := *testPod differentPod.UID = "second" syncer.kubeClient = testclient.NewSimpleFake(testPod) syncer.SetPodStatus(&differentPod, getRandomPodStatus()) err := syncer.syncBatch() if err != nil { t.Errorf("unexpected syncing error: %v", err) } verifyActions(t, syncer.kubeClient, []testclient.Action{ testclient.GetActionImpl{ActionImpl: testclient.ActionImpl{Verb: "get", Resource: "pods"}}, }) }
func TestExceedUsagePods(t *testing.T) { pod := validPod("123", 1, getResourceRequirements(getResourceList("100m", "1Gi"), getResourceList("", ""))) podList := &api.PodList{Items: []api.Pod{*pod}} client := testclient.NewSimpleFake(podList) status := &api.ResourceQuotaStatus{ Hard: api.ResourceList{}, Used: api.ResourceList{}, } r := api.ResourcePods status.Hard[r] = resource.MustParse("1") status.Used[r] = resource.MustParse("1") _, err := IncrementUsage(admission.NewAttributesRecord(&api.Pod{}, "Pod", pod.Namespace, "name", "pods", "", admission.Create, nil), status, client) if err == nil { t.Errorf("Expected error because this would exceed your quota") } }
func TestDescribeService(t *testing.T) { fake := testclient.NewSimpleFake(&api.Service{ ObjectMeta: api.ObjectMeta{ Name: "bar", Namespace: "foo", }, }) c := &describeClient{T: t, Namespace: "foo", Interface: fake} d := ServiceDescriber{c} out, err := d.Describe("foo", "bar") if err != nil { t.Errorf("unexpected error: %v", err) } if !strings.Contains(out, "Labels:") || !strings.Contains(out, "bar") { t.Errorf("unexpected out: %s", out) } }
func TestDescribeDeployment(t *testing.T) { fake := testclient.NewSimpleFake(&extensions.Deployment{ ObjectMeta: api.ObjectMeta{ Name: "bar", Namespace: "foo", }, Spec: extensions.DeploymentSpec{ Template: &api.PodTemplateSpec{}, }, }) c := &describeClient{T: t, Namespace: "foo", Interface: fake} d := DeploymentDescriber{c} out, err := d.Describe("foo", "bar") if err != nil { t.Errorf("unexpected error: %v", err) } if !strings.Contains(out, "bar") || !strings.Contains(out, "foo") { t.Errorf("unexpected out: %s", out) } }
func TestReplicationControllerScaleFailsPreconditions(t *testing.T) { fake := testclient.NewSimpleFake(&api.ReplicationController{ Spec: api.ReplicationControllerSpec{ Replicas: 10, }, }) scaler := ReplicationControllerScaler{fake} preconditions := ScalePrecondition{2, ""} count := uint(3) name := "foo" scaler.Scale("default", name, count, &preconditions, nil, nil) actions := fake.Actions() if len(actions) != 1 { t.Errorf("unexpected actions: %v, expected 1 action (get)", actions) } if action, ok := actions[0].(testclient.GetAction); !ok || action.GetResource() != "replicationcontrollers" || action.GetName() != name { t.Errorf("unexpected action: %v, expected get-replicationController %s", actions[0], name) } }
func TestJobScaleFailsPreconditions(t *testing.T) { ten := 10 fake := testclient.NewSimpleFake(&extensions.Job{ Spec: extensions.JobSpec{ Parallelism: &ten, }, }) scaler := JobScaler{fake} preconditions := ScalePrecondition{2, ""} count := uint(3) name := "foo" scaler.Scale("default", name, count, &preconditions, nil, nil) actions := fake.Actions() if len(actions) != 1 { t.Errorf("unexpected actions: %v, expected 1 actions (get)", actions) } if action, ok := actions[0].(testclient.GetAction); !ok || action.GetResource() != "jobs" || action.GetName() != name { t.Errorf("unexpected action: %v, expected get-job %s", actions[0], name) } }
func TestExceedUsageServices(t *testing.T) { namespace := "default" client := testclient.NewSimpleFake(&api.ServiceList{ Items: []api.Service{ { ObjectMeta: api.ObjectMeta{Name: "123", Namespace: namespace}, }, }, }) status := &api.ResourceQuotaStatus{ Hard: api.ResourceList{}, Used: api.ResourceList{}, } r := api.ResourceServices status.Hard[r] = resource.MustParse("1") status.Used[r] = resource.MustParse("1") _, err := IncrementUsage(admission.NewAttributesRecord(&api.Service{}, "Service", namespace, "name", "services", "", admission.Create, nil), status, client) if err == nil { t.Errorf("Expected error because this would exceed usage") } }
func TestExceedUsagePersistentVolumeClaims(t *testing.T) { namespace := "default" client := testclient.NewSimpleFake(&api.PersistentVolumeClaimList{ Items: []api.PersistentVolumeClaim{ { ObjectMeta: api.ObjectMeta{Name: "123", Namespace: namespace}, }, }, }) status := &api.ResourceQuotaStatus{ Hard: api.ResourceList{}, Used: api.ResourceList{}, } r := api.ResourcePersistentVolumeClaims status.Hard[r] = resource.MustParse("1") status.Used[r] = resource.MustParse("1") _, err := IncrementUsage(admission.NewAttributesRecord(&api.PersistentVolumeClaim{}, "PersistentVolumeClaim", namespace, "name", "persistentvolumeclaims", "", admission.Create, nil), status, client) if err == nil { t.Errorf("Expected error for exceeding hard limits") } }
func TestPodDescribeResultsSorted(t *testing.T) { // Arrange fake := testclient.NewSimpleFake(&api.EventList{ Items: []api.Event{ { Source: api.EventSource{Component: "kubelet"}, Message: "Item 1", FirstTimestamp: unversioned.NewTime(time.Date(2014, time.January, 15, 0, 0, 0, 0, time.UTC)), LastTimestamp: unversioned.NewTime(time.Date(2014, time.January, 15, 0, 0, 0, 0, time.UTC)), Count: 1, }, { Source: api.EventSource{Component: "scheduler"}, Message: "Item 2", FirstTimestamp: unversioned.NewTime(time.Date(1987, time.June, 17, 0, 0, 0, 0, time.UTC)), LastTimestamp: unversioned.NewTime(time.Date(1987, time.June, 17, 0, 0, 0, 0, time.UTC)), Count: 1, }, { Source: api.EventSource{Component: "kubelet"}, Message: "Item 3", FirstTimestamp: unversioned.NewTime(time.Date(2002, time.December, 25, 0, 0, 0, 0, time.UTC)), LastTimestamp: unversioned.NewTime(time.Date(2002, time.December, 25, 0, 0, 0, 0, time.UTC)), Count: 1, }, }, }) c := &describeClient{T: t, Namespace: "foo", Interface: fake} d := PodDescriber{c} // Act out, err := d.Describe("foo", "bar") // Assert if err != nil { t.Errorf("unexpected error: %v", err) } VerifyDatesInOrder(out, "\n" /* rowDelimiter */, "\t" /* columnDelimiter */, t) }
func TestIncrementUsagePods(t *testing.T) { pod := validPod("123", 1, getResourceRequirements(getResourceList("100m", "1Gi"), getResourceList("", ""))) podList := &api.PodList{Items: []api.Pod{*pod}} client := testclient.NewSimpleFake(podList) status := &api.ResourceQuotaStatus{ Hard: api.ResourceList{}, Used: api.ResourceList{}, } r := api.ResourcePods status.Hard[r] = resource.MustParse("2") status.Used[r] = resource.MustParse("1") dirty, err := IncrementUsage(admission.NewAttributesRecord(&api.Pod{}, "Pod", pod.Namespace, "new-pod", "pods", "", admission.Create, nil), status, client) if err != nil { t.Errorf("Unexpected error: %v", err) } if !dirty { t.Errorf("Expected the status to get incremented, therefore should have been dirty") } quantity := status.Used[r] if quantity.Value() != int64(2) { t.Errorf("Expected new item count to be 2, but was %s", quantity.String()) } }
func TestFetchesUncachedServiceAccount(t *testing.T) { ns := "myns" // Build a test client that the admission plugin can use to look up the service account missing from its cache client := testclient.NewSimpleFake(&api.ServiceAccount{ ObjectMeta: api.ObjectMeta{ Name: DefaultServiceAccountName, Namespace: ns, }, }) admit := NewServiceAccount(client) admit.RequireAPIToken = false pod := &api.Pod{} attrs := admission.NewAttributesRecord(pod, "Pod", ns, "myname", string(api.ResourcePods), "", admission.Create, nil) err := admit.Admit(attrs) if err != nil { t.Errorf("Unexpected error: %v", err) } if pod.Spec.ServiceAccountName != DefaultServiceAccountName { t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccountName) } }
func TestServiceAccountCreation(t *testing.T) { ns := api.NamespaceDefault defaultName := "default" managedName := "managed" activeNS := &api.Namespace{ ObjectMeta: api.ObjectMeta{Name: ns}, Status: api.NamespaceStatus{ Phase: api.NamespaceActive, }, } terminatingNS := &api.Namespace{ ObjectMeta: api.ObjectMeta{Name: ns}, Status: api.NamespaceStatus{ Phase: api.NamespaceTerminating, }, } defaultServiceAccount := &api.ServiceAccount{ ObjectMeta: api.ObjectMeta{ Name: defaultName, Namespace: ns, ResourceVersion: "1", }, } managedServiceAccount := &api.ServiceAccount{ ObjectMeta: api.ObjectMeta{ Name: managedName, Namespace: ns, ResourceVersion: "1", }, } unmanagedServiceAccount := &api.ServiceAccount{ ObjectMeta: api.ObjectMeta{ Name: "other-unmanaged", Namespace: ns, ResourceVersion: "1", }, } testcases := map[string]struct { ExistingNamespace *api.Namespace ExistingServiceAccounts []*api.ServiceAccount AddedNamespace *api.Namespace UpdatedNamespace *api.Namespace DeletedServiceAccount *api.ServiceAccount ExpectCreatedServiceAccounts []string }{ "new active namespace missing serviceaccounts": { ExistingServiceAccounts: []*api.ServiceAccount{}, AddedNamespace: activeNS, ExpectCreatedServiceAccounts: sets.NewString(defaultName, managedName).List(), }, "new active namespace missing serviceaccount": { ExistingServiceAccounts: []*api.ServiceAccount{managedServiceAccount}, AddedNamespace: activeNS, ExpectCreatedServiceAccounts: []string{defaultName}, }, "new active namespace with serviceaccounts": { ExistingServiceAccounts: []*api.ServiceAccount{defaultServiceAccount, managedServiceAccount}, AddedNamespace: activeNS, ExpectCreatedServiceAccounts: []string{}, }, "new terminating namespace": { ExistingServiceAccounts: []*api.ServiceAccount{}, AddedNamespace: terminatingNS, ExpectCreatedServiceAccounts: []string{}, }, "updated active namespace missing serviceaccounts": { ExistingServiceAccounts: []*api.ServiceAccount{}, UpdatedNamespace: activeNS, ExpectCreatedServiceAccounts: sets.NewString(defaultName, managedName).List(), }, "updated active namespace missing serviceaccount": { ExistingServiceAccounts: []*api.ServiceAccount{defaultServiceAccount}, UpdatedNamespace: activeNS, ExpectCreatedServiceAccounts: []string{managedName}, }, "updated active namespace with serviceaccounts": { ExistingServiceAccounts: []*api.ServiceAccount{defaultServiceAccount, managedServiceAccount}, UpdatedNamespace: activeNS, ExpectCreatedServiceAccounts: []string{}, }, "updated terminating namespace": { ExistingServiceAccounts: []*api.ServiceAccount{}, UpdatedNamespace: terminatingNS, ExpectCreatedServiceAccounts: []string{}, }, "deleted serviceaccount without namespace": { DeletedServiceAccount: defaultServiceAccount, ExpectCreatedServiceAccounts: []string{}, }, "deleted serviceaccount with active namespace": { ExistingNamespace: activeNS, DeletedServiceAccount: defaultServiceAccount, ExpectCreatedServiceAccounts: []string{defaultName}, }, "deleted serviceaccount with terminating namespace": { ExistingNamespace: terminatingNS, DeletedServiceAccount: defaultServiceAccount, ExpectCreatedServiceAccounts: []string{}, }, "deleted unmanaged serviceaccount with active namespace": { ExistingNamespace: activeNS, DeletedServiceAccount: unmanagedServiceAccount, ExpectCreatedServiceAccounts: []string{}, }, "deleted unmanaged serviceaccount with terminating namespace": { ExistingNamespace: terminatingNS, DeletedServiceAccount: unmanagedServiceAccount, ExpectCreatedServiceAccounts: []string{}, }, } for k, tc := range testcases { client := testclient.NewSimpleFake(defaultServiceAccount, managedServiceAccount) options := DefaultServiceAccountsControllerOptions() options.Names = sets.NewString(defaultName, managedName) controller := NewServiceAccountsController(client, options) if tc.ExistingNamespace != nil { controller.namespaces.Add(tc.ExistingNamespace) } for _, s := range tc.ExistingServiceAccounts { controller.serviceAccounts.Add(s) } if tc.AddedNamespace != nil { controller.namespaces.Add(tc.AddedNamespace) controller.namespaceAdded(tc.AddedNamespace) } if tc.UpdatedNamespace != nil { controller.namespaces.Add(tc.UpdatedNamespace) controller.namespaceUpdated(nil, tc.UpdatedNamespace) } if tc.DeletedServiceAccount != nil { controller.serviceAccountDeleted(tc.DeletedServiceAccount) } actions := client.Actions() if len(tc.ExpectCreatedServiceAccounts) != len(actions) { t.Errorf("%s: Expected to create accounts %#v. Actual actions were: %#v", k, tc.ExpectCreatedServiceAccounts, actions) continue } for i, expectedName := range tc.ExpectCreatedServiceAccounts { action := actions[i] if !action.Matches("create", "serviceaccounts") { t.Errorf("%s: Unexpected action %s", k, action) break } createdAccount := action.(testclient.CreateAction).GetObject().(*api.ServiceAccount) if createdAccount.Name != expectedName { t.Errorf("%s: Expected %s to be created, got %s", k, expectedName, createdAccount.Name) } } } }
// TestRollingUpdater_cleanupWithClients ensures that the cleanup policy is // correctly implemented. func TestRollingUpdater_cleanupWithClients(t *testing.T) { rc := oldRc(2, 2) rcExisting := newRc(1, 3) tests := []struct { name string policy RollingUpdaterCleanupPolicy responses []runtime.Object expected []string }{ { name: "preserve", policy: PreserveRollingUpdateCleanupPolicy, responses: []runtime.Object{rcExisting}, expected: []string{ "get", "update", "get", "get", }, }, { name: "delete", policy: DeleteRollingUpdateCleanupPolicy, responses: []runtime.Object{rcExisting}, expected: []string{ "get", "update", "get", "get", "delete", }, }, { name: "rename", policy: RenameRollingUpdateCleanupPolicy, responses: []runtime.Object{rcExisting}, expected: []string{ "get", "update", "get", "get", "delete", "create", "delete", }, }, } for _, test := range tests { fake := testclient.NewSimpleFake(test.responses...) updater := &RollingUpdater{ ns: "default", c: fake, } config := &RollingUpdaterConfig{ Out: ioutil.Discard, OldRc: rc, NewRc: rcExisting, UpdatePeriod: 0, Interval: time.Millisecond, Timeout: time.Millisecond, CleanupPolicy: test.policy, } err := updater.cleanupWithClients(rc, rcExisting, config) if err != nil { t.Errorf("unexpected error: %v", err) } if len(fake.Actions()) != len(test.expected) { t.Fatalf("%s: unexpected actions: %v, expected %v", test.name, fake.Actions(), test.expected) } for j, action := range fake.Actions() { if e, a := test.expected[j], action.GetVerb(); e != a { t.Errorf("%s: unexpected action: expected %s, got %s", test.name, e, a) } } } }
func TestFindSourceController(t *testing.T) { ctrl1 := api.ReplicationController{ ObjectMeta: api.ObjectMeta{ Name: "foo", Annotations: map[string]string{ sourceIdAnnotation: "bar:1234", }, }, } ctrl2 := api.ReplicationController{ ObjectMeta: api.ObjectMeta{ Name: "bar", Annotations: map[string]string{ sourceIdAnnotation: "foo:12345", }, }, } ctrl3 := api.ReplicationController{ ObjectMeta: api.ObjectMeta{ Annotations: map[string]string{ sourceIdAnnotation: "baz:45667", }, }, } tests := []struct { list *api.ReplicationControllerList expectedController *api.ReplicationController err error name string expectError bool }{ { list: &api.ReplicationControllerList{}, expectError: true, }, { list: &api.ReplicationControllerList{ Items: []api.ReplicationController{ctrl1}, }, name: "foo", expectError: true, }, { list: &api.ReplicationControllerList{ Items: []api.ReplicationController{ctrl1}, }, name: "bar", expectedController: &ctrl1, }, { list: &api.ReplicationControllerList{ Items: []api.ReplicationController{ctrl1, ctrl2}, }, name: "bar", expectedController: &ctrl1, }, { list: &api.ReplicationControllerList{ Items: []api.ReplicationController{ctrl1, ctrl2}, }, name: "foo", expectedController: &ctrl2, }, { list: &api.ReplicationControllerList{ Items: []api.ReplicationController{ctrl1, ctrl2, ctrl3}, }, name: "baz", expectedController: &ctrl3, }, } for _, test := range tests { fakeClient := testclient.NewSimpleFake(test.list) ctrl, err := FindSourceController(fakeClient, "default", test.name) if test.expectError && err == nil { t.Errorf("unexpected non-error") } if !test.expectError && err != nil { t.Errorf("unexpected error") } if !reflect.DeepEqual(ctrl, test.expectedController) { t.Errorf("expected:\n%v\ngot:\n%v\n", test.expectedController, ctrl) } } }
func TestUpdateExistingReplicationController(t *testing.T) { tests := []struct { rc *api.ReplicationController name string deploymentKey string deploymentValue string expectedRc *api.ReplicationController expectErr bool }{ { rc: &api.ReplicationController{ Spec: api.ReplicationControllerSpec{ Template: &api.PodTemplateSpec{}, }, }, name: "foo", deploymentKey: "dk", deploymentValue: "some-hash", expectedRc: &api.ReplicationController{ ObjectMeta: api.ObjectMeta{ Annotations: map[string]string{ "kubectl.kubernetes.io/next-controller-id": "foo", }, }, Spec: api.ReplicationControllerSpec{ Selector: map[string]string{ "dk": "some-hash", }, Template: &api.PodTemplateSpec{ ObjectMeta: api.ObjectMeta{ Labels: map[string]string{ "dk": "some-hash", }, }, }, }, }, }, { rc: &api.ReplicationController{ Spec: api.ReplicationControllerSpec{ Template: &api.PodTemplateSpec{ ObjectMeta: api.ObjectMeta{ Labels: map[string]string{ "dk": "some-other-hash", }, }, }, Selector: map[string]string{ "dk": "some-other-hash", }, }, }, name: "foo", deploymentKey: "dk", deploymentValue: "some-hash", expectedRc: &api.ReplicationController{ ObjectMeta: api.ObjectMeta{ Annotations: map[string]string{ "kubectl.kubernetes.io/next-controller-id": "foo", }, }, Spec: api.ReplicationControllerSpec{ Selector: map[string]string{ "dk": "some-other-hash", }, Template: &api.PodTemplateSpec{ ObjectMeta: api.ObjectMeta{ Labels: map[string]string{ "dk": "some-other-hash", }, }, }, }, }, }, } for _, test := range tests { buffer := &bytes.Buffer{} fakeClient := testclient.NewSimpleFake(test.expectedRc) rc, err := UpdateExistingReplicationController(fakeClient, test.rc, "default", test.name, test.deploymentKey, test.deploymentValue, buffer) if !reflect.DeepEqual(rc, test.expectedRc) { t.Errorf("expected:\n%#v\ngot:\n%#v\n", test.expectedRc, rc) } if test.expectErr && err == nil { t.Errorf("unexpected non-error") } if !test.expectErr && err != nil { t.Errorf("unexpected error: %v", err) } } }
func TestPersistentVolumeDescriber(t *testing.T) { tests := map[string]*api.PersistentVolume{ "hostpath": { Spec: api.PersistentVolumeSpec{ PersistentVolumeSource: api.PersistentVolumeSource{ HostPath: &api.HostPathVolumeSource{}, }, }, }, "gce": { Spec: api.PersistentVolumeSpec{ PersistentVolumeSource: api.PersistentVolumeSource{ GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{}, }, }, }, "ebs": { Spec: api.PersistentVolumeSpec{ PersistentVolumeSource: api.PersistentVolumeSource{ AWSElasticBlockStore: &api.AWSElasticBlockStoreVolumeSource{}, }, }, }, "nfs": { Spec: api.PersistentVolumeSpec{ PersistentVolumeSource: api.PersistentVolumeSource{ NFS: &api.NFSVolumeSource{}, }, }, }, "iscsi": { Spec: api.PersistentVolumeSpec{ PersistentVolumeSource: api.PersistentVolumeSource{ ISCSI: &api.ISCSIVolumeSource{}, }, }, }, "gluster": { Spec: api.PersistentVolumeSpec{ PersistentVolumeSource: api.PersistentVolumeSource{ Glusterfs: &api.GlusterfsVolumeSource{}, }, }, }, "rbd": { Spec: api.PersistentVolumeSpec{ PersistentVolumeSource: api.PersistentVolumeSource{ RBD: &api.RBDVolumeSource{}, }, }, }, } for name, pv := range tests { fake := testclient.NewSimpleFake(pv) c := PersistentVolumeDescriber{fake} str, err := c.Describe("foo", "bar") if err != nil { t.Errorf("Unexpected error for test %s: %v", name, err) } if str == "" { t.Errorf("Unexpected empty string for test %s. Expected PV Describer output", name) } } }
func TestReplicationControllerStop(t *testing.T) { name := "foo" ns := "default" tests := []struct { Name string Objs []runtime.Object StopError error StopMessage string ExpectedActions []string }{ { Name: "OnlyOneRC", Objs: []runtime.Object{ &api.ReplicationController{ // GET ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1"}}, }, &api.ReplicationControllerList{ // LIST Items: []api.ReplicationController{ { ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1"}}, }, }, }, }, StopError: nil, StopMessage: "foo stopped", ExpectedActions: []string{"get", "list", "get", "update", "get", "get", "delete"}, }, { Name: "NoOverlapping", Objs: []runtime.Object{ &api.ReplicationController{ // GET ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1"}}, }, &api.ReplicationControllerList{ // LIST Items: []api.ReplicationController{ { ObjectMeta: api.ObjectMeta{ Name: "baz", Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k3": "v3"}}, }, { ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1"}}, }, }, }, }, StopError: nil, StopMessage: "foo stopped", ExpectedActions: []string{"get", "list", "get", "update", "get", "get", "delete"}, }, { Name: "OverlappingError", Objs: []runtime.Object{ &api.ReplicationController{ // GET ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1"}}, }, &api.ReplicationControllerList{ // LIST Items: []api.ReplicationController{ { ObjectMeta: api.ObjectMeta{ Name: "baz", Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1", "k2": "v2"}}, }, { ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1"}}, }, }, }, }, StopError: fmt.Errorf("Detected overlapping controllers for rc foo: baz, please manage deletion individually with --cascade=false."), StopMessage: "", ExpectedActions: []string{"get", "list"}, }, { Name: "OverlappingButSafeDelete", Objs: []runtime.Object{ &api.ReplicationController{ // GET ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1", "k2": "v2"}}, }, &api.ReplicationControllerList{ // LIST Items: []api.ReplicationController{ { ObjectMeta: api.ObjectMeta{ Name: "baz", Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1", "k2": "v2", "k3": "v3"}}, }, { ObjectMeta: api.ObjectMeta{ Name: "zaz", Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1"}}, }, { ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1", "k2": "v2"}}, }, }, }, }, StopError: fmt.Errorf("Detected overlapping controllers for rc foo: baz,zaz, please manage deletion individually with --cascade=false."), StopMessage: "", ExpectedActions: []string{"get", "list"}, }, { Name: "TwoExactMatchRCs", Objs: []runtime.Object{ &api.ReplicationController{ // GET ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1"}}, }, &api.ReplicationControllerList{ // LIST Items: []api.ReplicationController{ { ObjectMeta: api.ObjectMeta{ Name: "zaz", Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1"}}, }, { ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, }, Spec: api.ReplicationControllerSpec{ Replicas: 0, Selector: map[string]string{"k1": "v1"}}, }, }, }, }, StopError: nil, StopMessage: "foo stopped", ExpectedActions: []string{"get", "list", "delete"}, }, } for _, test := range tests { fake := testclient.NewSimpleFake(test.Objs...) reaper := ReplicationControllerReaper{fake, time.Millisecond, time.Millisecond} s, err := reaper.Stop(ns, name, 0, nil) if !reflect.DeepEqual(err, test.StopError) { t.Errorf("%s unexpected error: %v", test.Name, err) continue } if s != test.StopMessage { t.Errorf("%s expected '%s', got '%s'", test.Name, test.StopMessage, s) continue } actions := fake.Actions() if len(actions) != len(test.ExpectedActions) { t.Errorf("%s unexpected actions: %v, expected %d actions got %d", test.Name, actions, len(test.ExpectedActions), len(actions)) continue } for i, verb := range test.ExpectedActions { if actions[i].GetResource() != "replicationcontrollers" { t.Errorf("%s unexpected action: %+v, expected %s-replicationController", test.Name, actions[i], verb) } if actions[i].GetVerb() != verb { t.Errorf("%s unexpected action: %+v, expected %s-replicationController", test.Name, actions[i], verb) } } } }
func TestJobStop(t *testing.T) { name := "foo" ns := "default" zero := 0 tests := []struct { Name string Objs []runtime.Object StopError error StopMessage string ExpectedActions []string }{ { Name: "OnlyOneJob", Objs: []runtime.Object{ &extensions.Job{ // GET ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, }, Spec: extensions.JobSpec{ Parallelism: &zero, Selector: &extensions.PodSelector{ MatchLabels: map[string]string{"k1": "v1"}, }, }, }, &extensions.JobList{ // LIST Items: []extensions.Job{ { ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, }, Spec: extensions.JobSpec{ Parallelism: &zero, Selector: &extensions.PodSelector{ MatchLabels: map[string]string{"k1": "v1"}, }, }, }, }, }, }, StopError: nil, StopMessage: "foo stopped", ExpectedActions: []string{"get", "get", "update", "get", "get", "delete"}, }, } for _, test := range tests { fake := testclient.NewSimpleFake(test.Objs...) reaper := JobReaper{fake, time.Millisecond, time.Millisecond} s, err := reaper.Stop(ns, name, 0, nil) if !reflect.DeepEqual(err, test.StopError) { t.Errorf("%s unexpected error: %v", test.Name, err) continue } if s != test.StopMessage { t.Errorf("%s expected '%s', got '%s'", test.Name, test.StopMessage, s) continue } actions := fake.Actions() if len(actions) != len(test.ExpectedActions) { t.Errorf("%s unexpected actions: %v, expected %d actions got %d", test.Name, actions, len(test.ExpectedActions), len(actions)) continue } for i, verb := range test.ExpectedActions { if actions[i].GetResource() != "jobs" { t.Errorf("%s unexpected action: %+v, expected %s-job", test.Name, actions[i], verb) } if actions[i].GetVerb() != verb { t.Errorf("%s unexpected action: %+v, expected %s-job", test.Name, actions[i], verb) } } } }
func TestTokenCreation(t *testing.T) { testcases := map[string]struct { ClientObjects []runtime.Object SecretsSyncPending bool ServiceAccountsSyncPending bool ExistingServiceAccount *api.ServiceAccount ExistingSecrets []*api.Secret AddedServiceAccount *api.ServiceAccount UpdatedServiceAccount *api.ServiceAccount DeletedServiceAccount *api.ServiceAccount AddedSecret *api.Secret UpdatedSecret *api.Secret DeletedSecret *api.Secret ExpectedActions []testclient.Action }{ "new serviceaccount with no secrets": { ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()}, AddedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))), }, }, "new serviceaccount with no secrets with unsynced secret store": { ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()}, SecretsSyncPending: true, AddedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))), }, }, "new serviceaccount with missing secrets": { ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()}, AddedServiceAccount: serviceAccount(missingSecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(missingSecretReferences()))), }, }, "new serviceaccount with missing secrets with unsynced secret store": { ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()}, SecretsSyncPending: true, AddedServiceAccount: serviceAccount(missingSecretReferences()), ExpectedActions: []testclient.Action{}, }, "new serviceaccount with non-token secrets": { ClientObjects: []runtime.Object{serviceAccount(regularSecretReferences()), createdTokenSecret(), opaqueSecret()}, AddedServiceAccount: serviceAccount(regularSecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(regularSecretReferences()))), }, }, "new serviceaccount with token secrets": { ClientObjects: []runtime.Object{serviceAccount(tokenSecretReferences()), serviceAccountTokenSecret()}, ExistingSecrets: []*api.Secret{serviceAccountTokenSecret()}, AddedServiceAccount: serviceAccount(tokenSecretReferences()), ExpectedActions: []testclient.Action{}, }, "new serviceaccount with no secrets with resource conflict": { ClientObjects: []runtime.Object{updatedServiceAccount(emptySecretReferences()), createdTokenSecret()}, AddedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), }, }, "updated serviceaccount with no secrets": { ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()}, UpdatedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))), }, }, "updated serviceaccount with no secrets with unsynced secret store": { ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()}, SecretsSyncPending: true, UpdatedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))), }, }, "updated serviceaccount with missing secrets": { ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()}, UpdatedServiceAccount: serviceAccount(missingSecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(missingSecretReferences()))), }, }, "updated serviceaccount with missing secrets with unsynced secret store": { ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()}, SecretsSyncPending: true, UpdatedServiceAccount: serviceAccount(missingSecretReferences()), ExpectedActions: []testclient.Action{}, }, "updated serviceaccount with non-token secrets": { ClientObjects: []runtime.Object{serviceAccount(regularSecretReferences()), createdTokenSecret(), opaqueSecret()}, UpdatedServiceAccount: serviceAccount(regularSecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(regularSecretReferences()))), }, }, "updated serviceaccount with token secrets": { ExistingSecrets: []*api.Secret{serviceAccountTokenSecret()}, UpdatedServiceAccount: serviceAccount(tokenSecretReferences()), ExpectedActions: []testclient.Action{}, }, "updated serviceaccount with no secrets with resource conflict": { ClientObjects: []runtime.Object{updatedServiceAccount(emptySecretReferences()), createdTokenSecret()}, UpdatedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), }, }, "deleted serviceaccount with no secrets": { DeletedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{}, }, "deleted serviceaccount with missing secrets": { DeletedServiceAccount: serviceAccount(missingSecretReferences()), ExpectedActions: []testclient.Action{}, }, "deleted serviceaccount with non-token secrets": { ClientObjects: []runtime.Object{opaqueSecret()}, DeletedServiceAccount: serviceAccount(regularSecretReferences()), ExpectedActions: []testclient.Action{}, }, "deleted serviceaccount with token secrets": { ClientObjects: []runtime.Object{serviceAccountTokenSecret()}, ExistingSecrets: []*api.Secret{serviceAccountTokenSecret()}, DeletedServiceAccount: serviceAccount(tokenSecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewDeleteAction("secrets", api.NamespaceDefault, "token-secret-1"), }, }, "added secret without serviceaccount": { ClientObjects: []runtime.Object{serviceAccountTokenSecret()}, AddedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewDeleteAction("secrets", api.NamespaceDefault, "token-secret-1"), }, }, "added secret with serviceaccount": { ExistingServiceAccount: serviceAccount(tokenSecretReferences()), AddedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{}, }, "added token secret without token data": { ClientObjects: []runtime.Object{serviceAccountTokenSecretWithoutTokenData()}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), AddedSecret: serviceAccountTokenSecretWithoutTokenData(), ExpectedActions: []testclient.Action{ testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()), }, }, "added token secret without ca data": { ClientObjects: []runtime.Object{serviceAccountTokenSecretWithoutCAData()}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), AddedSecret: serviceAccountTokenSecretWithoutCAData(), ExpectedActions: []testclient.Action{ testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()), }, }, "added token secret with mismatched ca data": { ClientObjects: []runtime.Object{serviceAccountTokenSecretWithCAData([]byte("mismatched"))}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), AddedSecret: serviceAccountTokenSecretWithCAData([]byte("mismatched")), ExpectedActions: []testclient.Action{ testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()), }, }, "updated secret without serviceaccount": { ClientObjects: []runtime.Object{serviceAccountTokenSecret()}, UpdatedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewDeleteAction("secrets", api.NamespaceDefault, "token-secret-1"), }, }, "updated secret with serviceaccount": { ExistingServiceAccount: serviceAccount(tokenSecretReferences()), UpdatedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{}, }, "updated token secret without token data": { ClientObjects: []runtime.Object{serviceAccountTokenSecretWithoutTokenData()}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), UpdatedSecret: serviceAccountTokenSecretWithoutTokenData(), ExpectedActions: []testclient.Action{ testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()), }, }, "updated token secret without ca data": { ClientObjects: []runtime.Object{serviceAccountTokenSecretWithoutCAData()}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), UpdatedSecret: serviceAccountTokenSecretWithoutCAData(), ExpectedActions: []testclient.Action{ testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()), }, }, "updated token secret with mismatched ca data": { ClientObjects: []runtime.Object{serviceAccountTokenSecretWithCAData([]byte("mismatched"))}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), UpdatedSecret: serviceAccountTokenSecretWithCAData([]byte("mismatched")), ExpectedActions: []testclient.Action{ testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()), }, }, "deleted secret without serviceaccount": { DeletedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{}, }, "deleted secret with serviceaccount with reference": { ClientObjects: []runtime.Object{serviceAccount(tokenSecretReferences())}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), DeletedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(emptySecretReferences())), }, }, "deleted secret with serviceaccount without reference": { ExistingServiceAccount: serviceAccount(emptySecretReferences()), DeletedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{}, }, } for k, tc := range testcases { // Re-seed to reset name generation utilrand.Seed(1) generator := &testGenerator{Token: "ABC"} client := testclient.NewSimpleFake(tc.ClientObjects...) controller := NewTokensController(client, TokensControllerOptions{TokenGenerator: generator, RootCA: []byte("CA Data")}) // Tell the token controller whether its stores have been synced controller.serviceAccountsSynced = func() bool { return !tc.ServiceAccountsSyncPending } controller.secretsSynced = func() bool { return !tc.SecretsSyncPending } if tc.ExistingServiceAccount != nil { controller.serviceAccounts.Add(tc.ExistingServiceAccount) } for _, s := range tc.ExistingSecrets { controller.secrets.Add(s) } if tc.AddedServiceAccount != nil { controller.serviceAccountAdded(tc.AddedServiceAccount) } if tc.UpdatedServiceAccount != nil { controller.serviceAccountUpdated(nil, tc.UpdatedServiceAccount) } if tc.DeletedServiceAccount != nil { controller.serviceAccountDeleted(tc.DeletedServiceAccount) } if tc.AddedSecret != nil { controller.secretAdded(tc.AddedSecret) } if tc.UpdatedSecret != nil { controller.secretUpdated(nil, tc.UpdatedSecret) } if tc.DeletedSecret != nil { controller.secretDeleted(tc.DeletedSecret) } actions := client.Actions() for i, action := range actions { if len(tc.ExpectedActions) < i+1 { t.Errorf("%s: %d unexpected actions: %+v", k, len(actions)-len(tc.ExpectedActions), actions[i:]) break } expectedAction := tc.ExpectedActions[i] if !reflect.DeepEqual(expectedAction, action) { t.Errorf("%s: Expected\n\t%#v\ngot\n\t%#v", k, expectedAction, action) continue } } if len(tc.ExpectedActions) > len(actions) { t.Errorf("%s: %d additional expected actions:%+v", k, len(tc.ExpectedActions)-len(actions), tc.ExpectedActions[len(actions):]) } } }
func TestIncrementUsagePodResources(t *testing.T) { type testCase struct { testName string existing *api.Pod input *api.Pod resourceName api.ResourceName hard resource.Quantity expectedUsage resource.Quantity expectedError bool } testCases := []testCase{ { testName: "memory-allowed", existing: validPod("a", 1, getResourceRequirements(getResourceList("", "100Mi"), getResourceList("", ""))), input: validPod("b", 1, getResourceRequirements(getResourceList("", "100Mi"), getResourceList("", ""))), resourceName: api.ResourceMemory, hard: resource.MustParse("500Mi"), expectedUsage: resource.MustParse("200Mi"), expectedError: false, }, { testName: "memory-not-allowed", existing: validPod("a", 1, getResourceRequirements(getResourceList("", "100Mi"), getResourceList("", ""))), input: validPod("b", 1, getResourceRequirements(getResourceList("", "450Mi"), getResourceList("", ""))), resourceName: api.ResourceMemory, hard: resource.MustParse("500Mi"), expectedError: true, }, { testName: "memory-not-allowed-with-different-format", existing: validPod("a", 1, getResourceRequirements(getResourceList("", "100M"), getResourceList("", ""))), input: validPod("b", 1, getResourceRequirements(getResourceList("", "450Mi"), getResourceList("", ""))), resourceName: api.ResourceMemory, hard: resource.MustParse("500Mi"), expectedError: true, }, { testName: "memory-no-request", existing: validPod("a", 1, getResourceRequirements(getResourceList("", "100Mi"), getResourceList("", ""))), input: validPod("b", 1, getResourceRequirements(getResourceList("", ""), getResourceList("", ""))), resourceName: api.ResourceMemory, hard: resource.MustParse("500Mi"), expectedError: true, }, { testName: "cpu-allowed", existing: validPod("a", 1, getResourceRequirements(getResourceList("1", ""), getResourceList("", ""))), input: validPod("b", 1, getResourceRequirements(getResourceList("1", ""), getResourceList("", ""))), resourceName: api.ResourceCPU, hard: resource.MustParse("2"), expectedUsage: resource.MustParse("2"), expectedError: false, }, { testName: "cpu-not-allowed", existing: validPod("a", 1, getResourceRequirements(getResourceList("1", ""), getResourceList("", ""))), input: validPod("b", 1, getResourceRequirements(getResourceList("600m", ""), getResourceList("", ""))), resourceName: api.ResourceCPU, hard: resource.MustParse("1500m"), expectedError: true, }, { testName: "cpu-no-request", existing: validPod("a", 1, getResourceRequirements(getResourceList("1", ""), getResourceList("", ""))), input: validPod("b", 1, getResourceRequirements(getResourceList("", ""), getResourceList("", ""))), resourceName: api.ResourceCPU, hard: resource.MustParse("1500m"), expectedError: true, }, } for _, item := range testCases { podList := &api.PodList{Items: []api.Pod{*item.existing}} client := testclient.NewSimpleFake(podList) status := &api.ResourceQuotaStatus{ Hard: api.ResourceList{}, Used: api.ResourceList{}, } used, err := resourcequotacontroller.PodRequests(item.existing, item.resourceName) if err != nil { t.Errorf("Test %s, unexpected error %v", item.testName, err) } status.Hard[item.resourceName] = item.hard status.Used[item.resourceName] = *used dirty, err := IncrementUsage(admission.NewAttributesRecord(item.input, "Pod", item.input.Namespace, item.input.Name, "pods", "", admission.Create, nil), status, client) if err == nil && item.expectedError { t.Errorf("Test %s, expected error", item.testName) } if err != nil && !item.expectedError { t.Errorf("Test %s, unexpected error", err) } if !item.expectedError { if !dirty { t.Errorf("Test %s, expected the quota to be dirty", item.testName) } quantity := status.Used[item.resourceName] if quantity.String() != item.expectedUsage.String() { t.Errorf("Test %s, expected usage %s, actual usage %s", item.testName, item.expectedUsage.String(), quantity.String()) } } } }
func TestSyncResourceQuota(t *testing.T) { podList := api.PodList{ Items: []api.Pod{ { ObjectMeta: api.ObjectMeta{Name: "pod-running"}, Status: api.PodStatus{Phase: api.PodRunning}, Spec: api.PodSpec{ Volumes: []api.Volume{{Name: "vol"}}, Containers: []api.Container{{Name: "ctr", Image: "image", Resources: getResourceRequirements(getResourceList("100m", "1Gi"), getResourceList("", ""))}}, }, }, { ObjectMeta: api.ObjectMeta{Name: "pod-running-2"}, Status: api.PodStatus{Phase: api.PodRunning}, Spec: api.PodSpec{ Volumes: []api.Volume{{Name: "vol"}}, Containers: []api.Container{{Name: "ctr", Image: "image", Resources: getResourceRequirements(getResourceList("100m", "1Gi"), getResourceList("", ""))}}, }, }, { ObjectMeta: api.ObjectMeta{Name: "pod-failed"}, Status: api.PodStatus{Phase: api.PodFailed}, Spec: api.PodSpec{ Volumes: []api.Volume{{Name: "vol"}}, Containers: []api.Container{{Name: "ctr", Image: "image", Resources: getResourceRequirements(getResourceList("100m", "1Gi"), getResourceList("", ""))}}, }, }, }, } quota := api.ResourceQuota{ Spec: api.ResourceQuotaSpec{ Hard: api.ResourceList{ api.ResourceCPU: resource.MustParse("3"), api.ResourceMemory: resource.MustParse("100Gi"), api.ResourcePods: resource.MustParse("5"), }, }, } expectedUsage := api.ResourceQuota{ Status: api.ResourceQuotaStatus{ Hard: api.ResourceList{ api.ResourceCPU: resource.MustParse("3"), api.ResourceMemory: resource.MustParse("100Gi"), api.ResourcePods: resource.MustParse("5"), }, Used: api.ResourceList{ api.ResourceCPU: resource.MustParse("200m"), api.ResourceMemory: resource.MustParse("2Gi"), api.ResourcePods: resource.MustParse("2"), }, }, } kubeClient := testclient.NewSimpleFake(&podList, "a) ResourceQuotaController := NewResourceQuotaController(kubeClient) err := ResourceQuotaController.syncResourceQuota(quota) if err != nil { t.Fatalf("Unexpected error %v", err) } usage := kubeClient.Actions()[1].(testclient.UpdateAction).GetObject().(*api.ResourceQuota) // ensure hard and used limits are what we expected for k, v := range expectedUsage.Status.Hard { actual := usage.Status.Hard[k] actualValue := actual.String() expectedValue := v.String() if expectedValue != actualValue { t.Errorf("Usage Hard: Key: %v, Expected: %v, Actual: %v", k, expectedValue, actualValue) } } for k, v := range expectedUsage.Status.Used { actual := usage.Status.Used[k] actualValue := actual.String() expectedValue := v.String() if expectedValue != actualValue { t.Errorf("Usage Used: Key: %v, Expected: %v, Actual: %v", k, expectedValue, actualValue) } } }