// Generate creates the capabilities based on policy rules. Generate will produce the following: // 1. a capabilities.Add set containing all the required adds (unless the // container specifically is dropping the cap) and container requested adds // 2. a capabilities.Drop set containing all the required drops and container requested drops func (s *defaultCapabilities) Generate(pod *api.Pod, container *api.Container) (*api.Capabilities, error) { defaultAdd := makeCapSet(s.defaultAddCapabilities) requiredDrop := makeCapSet(s.requiredDropCapabilities) containerAdd := sets.NewString() containerDrop := sets.NewString() if container.SecurityContext != nil && container.SecurityContext.Capabilities != nil { containerAdd = makeCapSet(container.SecurityContext.Capabilities.Add) containerDrop = makeCapSet(container.SecurityContext.Capabilities.Drop) } // remove any default adds that the container is specifically dropping defaultAdd = defaultAdd.Difference(containerDrop) combinedAdd := defaultAdd.Union(containerAdd).List() combinedDrop := requiredDrop.Union(containerDrop).List() // nothing generated? return nil if len(combinedAdd) == 0 && len(combinedDrop) == 0 { return nil, nil } return &api.Capabilities{ Add: capabilityFromStringSlice(combinedAdd), Drop: capabilityFromStringSlice(combinedDrop), }, nil }
func TestWaitFlagNew(t *testing.T) { fcmd := exec.FakeCmd{ CombinedOutputScript: []exec.FakeCombinedOutputAction{ // iptables version check func() ([]byte, error) { return []byte("iptables v1.4.22"), nil }, // Success. func() ([]byte, error) { return []byte{}, nil }, }, } fexec := exec.FakeExec{ CommandScript: []exec.FakeCommandAction{ func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) }, func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) }, }, } runner := New(&fexec, dbus.NewFake(nil, nil), ProtocolIpv4) defer runner.Destroy() err := runner.DeleteChain(TableNAT, Chain("FOOBAR")) if err != nil { t.Errorf("expected success, got %v", err) } if fcmd.CombinedOutputCalls != 2 { t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-w2") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[1]) } if sets.NewString(fcmd.CombinedOutputLog[1]...).HasAny("-w") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[1]) } }
// Test public interface func doTestIndex(t *testing.T, indexer Indexer) { mkObj := func(id string, val string) testStoreObject { return testStoreObject{id: id, val: val} } // Test Index expected := map[string]sets.String{} expected["b"] = sets.NewString("a", "c") expected["f"] = sets.NewString("e") expected["h"] = sets.NewString("g") indexer.Add(mkObj("a", "b")) indexer.Add(mkObj("c", "b")) indexer.Add(mkObj("e", "f")) indexer.Add(mkObj("g", "h")) { for k, v := range expected { found := sets.String{} indexResults, err := indexer.Index("by_val", mkObj("", k)) if err != nil { t.Errorf("Unexpected error %v", err) } for _, item := range indexResults { found.Insert(item.(testStoreObject).id) } items := v.List() if !found.HasAll(items...) { t.Errorf("missing items, index %s, expected %v but found %v", k, items, found.List()) } } } }
func TestPetQueueScaleDown(t *testing.T) { replicas := 1 ps := newPetSet(replicas) // knownPods are the pods in the system knownPods := newPodList(ps, 3) q := NewPetQueue(ps, knownPods) // The iterator will insert a single replica, the enqueue // mimics that behavior. pet, _ := newPCB(fmt.Sprintf("%v", 0), ps) q.enqueue(pet) deletes := sets.NewString(fmt.Sprintf("%v-1", ps.Name), fmt.Sprintf("%v-2", ps.Name)) syncs := sets.NewString(fmt.Sprintf("%v-0", ps.Name)) // Confirm that 2 known pods are deleted for i := 0; i < 3; i++ { p := q.dequeue() switch p.event { case syncPet: if !syncs.Has(p.pod.Name) { t.Errorf("Unexpected sync %v expecting %+v", p.pod.Name, syncs) } case deletePet: if !deletes.Has(p.pod.Name) { t.Errorf("Unexpected deletes %v expecting %+v", p.pod.Name, deletes) } } } if q.dequeue() != nil { t.Errorf("Expected no pets") } }
func newRESTMapper(externalVersions []unversioned.GroupVersion) meta.RESTMapper { // the list of kinds that are scoped at the root of the api hierarchy // if a kind is not enumerated here, it is assumed to have a namespace scope rootScoped := sets.NewString() ignoredKinds := sets.NewString() return api.NewDefaultRESTMapper(externalVersions, interfacesFor, importPrefix, ignoredKinds, rootScoped) }
// test the processItem function making the expected actions. func TestProcessItem(t *testing.T) { pod := newDanglingPod() podBytes, err := json.Marshal(pod) if err != nil { t.Fatal(err) } testHandler := &fakeActionHandler{ response: map[string]FakeResponse{ "GET" + "/api/v1/namespaces/ns1/replicationcontrollers/owner1": { 404, []byte{}, }, "GET" + "/api/v1/namespaces/ns1/pods/ToBeDeletedPod": { 200, podBytes, }, }, } podResource := []unversioned.GroupVersionResource{{Version: "v1", Resource: "pods"}} srv, clientConfig := testServerAndClientConfig(testHandler.ServeHTTP) defer srv.Close() clientPool := dynamic.NewClientPool(clientConfig, dynamic.LegacyAPIPathResolverFunc) gc, err := NewGarbageCollector(clientPool, podResource) if err != nil { t.Fatal(err) } item := &node{ identity: objectReference{ OwnerReference: metatypes.OwnerReference{ Kind: pod.Kind, APIVersion: pod.APIVersion, Name: pod.Name, UID: pod.UID, }, Namespace: pod.Namespace, }, // owners are intentionally left empty. The processItem routine should get the latest item from the server. owners: nil, } err = gc.processItem(item) if err != nil { t.Errorf("Unexpected Error: %v", err) } expectedActionSet := sets.NewString() expectedActionSet.Insert("GET=/api/v1/namespaces/ns1/replicationcontrollers/owner1") expectedActionSet.Insert("DELETE=/api/v1/namespaces/ns1/pods/ToBeDeletedPod") expectedActionSet.Insert("GET=/api/v1/namespaces/ns1/pods/ToBeDeletedPod") actualActionSet := sets.NewString() for _, action := range testHandler.actions { actualActionSet.Insert(action.String()) } if !expectedActionSet.Equal(actualActionSet) { t.Errorf("expected actions:\n%v\n but got:\n%v\nDifference:\n%v", expectedActionSet, actualActionSet, expectedActionSet.Difference(actualActionSet)) } }
func TestSyncResourceQuotaNoChange(t *testing.T) { resourceQuota := api.ResourceQuota{ ObjectMeta: api.ObjectMeta{ Namespace: "default", Name: "rq", }, Spec: api.ResourceQuotaSpec{ Hard: api.ResourceList{ api.ResourceCPU: resource.MustParse("4"), }, }, Status: api.ResourceQuotaStatus{ Hard: api.ResourceList{ api.ResourceCPU: resource.MustParse("4"), }, Used: api.ResourceList{ api.ResourceCPU: resource.MustParse("0"), }, }, } kubeClient := fake.NewSimpleClientset(&api.PodList{}, &resourceQuota) resourceQuotaControllerOptions := &ResourceQuotaControllerOptions{ KubeClient: kubeClient, ResyncPeriod: controller.NoResyncPeriodFunc, Registry: install.NewRegistry(kubeClient), GroupKindsToReplenish: []unversioned.GroupKind{ api.Kind("Pod"), api.Kind("Service"), api.Kind("ReplicationController"), api.Kind("PersistentVolumeClaim"), }, ControllerFactory: NewReplenishmentControllerFactoryFromClient(kubeClient), ReplenishmentResyncPeriod: controller.NoResyncPeriodFunc, } quotaController := NewResourceQuotaController(resourceQuotaControllerOptions) err := quotaController.syncResourceQuota(resourceQuota) if err != nil { t.Fatalf("Unexpected error %v", err) } expectedActionSet := sets.NewString( strings.Join([]string{"list", "replicationcontrollers", ""}, "-"), strings.Join([]string{"list", "services", ""}, "-"), strings.Join([]string{"list", "pods", ""}, "-"), strings.Join([]string{"list", "resourcequotas", ""}, "-"), strings.Join([]string{"list", "secrets", ""}, "-"), strings.Join([]string{"list", "persistentvolumeclaims", ""}, "-"), ) actionSet := sets.NewString() for _, action := range kubeClient.Actions() { actionSet.Insert(strings.Join([]string{action.GetVerb(), action.GetResource().Resource, action.GetSubresource()}, "-")) } if !actionSet.HasAll(expectedActionSet.List()...) { t.Errorf("Expected actions:\n%v\n but got:\n%v\nDifference:\n%v", expectedActionSet, actionSet, expectedActionSet.Difference(actionSet)) } }
func (im *realImageManager) detectImages(detectTime time.Time) error { images, err := im.runtime.ListImages() if err != nil { return err } pods, err := im.runtime.GetPods(true) if err != nil { return err } // Make a set of images in use by containers. imagesInUse := sets.NewString() for _, pod := range pods { for _, container := range pod.Containers { glog.V(5).Infof("Pod %s/%s, container %s uses image %s", pod.Namespace, pod.Name, container.Name, container.Image) imagesInUse.Insert(container.Image) } } // Add new images and record those being used. now := time.Now() currentImages := sets.NewString() im.imageRecordsLock.Lock() defer im.imageRecordsLock.Unlock() for _, image := range images { glog.V(5).Infof("Adding image ID %s to currentImages", image.ID) currentImages.Insert(image.ID) // New image, set it as detected now. if _, ok := im.imageRecords[image.ID]; !ok { glog.V(5).Infof("Image ID %s is new", image.ID) im.imageRecords[image.ID] = &imageRecord{ firstDetected: detectTime, } } // Set last used time to now if the image is being used. if isImageUsed(image, imagesInUse) { glog.V(5).Infof("Setting Image ID %s lastUsed to %v", image.ID, now) im.imageRecords[image.ID].lastUsed = now } glog.V(5).Infof("Image ID %s has size %d", image.ID, image.Size) im.imageRecords[image.ID].size = image.Size } // Remove old images from our records. for image := range im.imageRecords { if !currentImages.Has(image) { glog.V(5).Infof("Image ID %s is no longer present; removing from imageRecords", image) delete(im.imageRecords, image) } } return nil }
func newRESTMapper(externalVersions []unversioned.GroupVersion) meta.RESTMapper { rootScoped := sets.NewString( "ClusterRole", "ClusterRoleBinding", ) ignoredKinds := sets.NewString() return api.NewDefaultRESTMapper(externalVersions, interfacesFor, importPrefix, ignoredKinds, rootScoped) }
func TestRequirementConstructor(t *testing.T) { requirementConstructorTests := []struct { Key string Op Operator Vals sets.String Success bool }{ {"x", InOperator, nil, false}, {"x", NotInOperator, sets.NewString(), false}, {"x", InOperator, sets.NewString("foo"), true}, {"x", NotInOperator, sets.NewString("foo"), true}, {"x", ExistsOperator, nil, true}, {"x", DoesNotExistOperator, nil, true}, {"1foo", InOperator, sets.NewString("bar"), true}, {"1234", InOperator, sets.NewString("bar"), true}, {"y", GreaterThanOperator, sets.NewString("1.1"), true}, {"z", LessThanOperator, sets.NewString("5.3"), true}, {"foo", GreaterThanOperator, sets.NewString("bar"), false}, {"barz", LessThanOperator, sets.NewString("blah"), false}, {strings.Repeat("a", 254), ExistsOperator, nil, false}, //breaks DNS rule that len(key) <= 253 } for _, rc := range requirementConstructorTests { if _, err := NewRequirement(rc.Key, rc.Op, rc.Vals); err == nil && !rc.Success { t.Errorf("expected error with key:%#v op:%v vals:%v, got no error", rc.Key, rc.Op, rc.Vals) } else if err != nil && rc.Success { t.Errorf("expected no error with key:%#v op:%v vals:%v, got:%v", rc.Key, rc.Op, rc.Vals, err) } } }
func TestStoreWatch(t *testing.T) { testContext := api.WithNamespace(api.NewContext(), "test") noNamespaceContext := api.NewContext() table := map[string]struct { generic.Matcher context api.Context }{ "single": { Matcher: setMatcher{sets.NewString("foo")}, }, "multi": { Matcher: setMatcher{sets.NewString("foo", "bar")}, }, "singleNoNamespace": { Matcher: setMatcher{sets.NewString("foo")}, context: noNamespaceContext, }, } for name, m := range table { ctx := testContext if m.context != nil { ctx = m.context } podA := &api.Pod{ ObjectMeta: api.ObjectMeta{ Name: "foo", Namespace: "test", }, Spec: api.PodSpec{NodeName: "machine"}, } server, registry := NewTestGenericStoreRegistry(t) wi, err := registry.WatchPredicate(ctx, m, "0") if err != nil { t.Errorf("%v: unexpected error: %v", name, err) } else { obj, err := registry.Create(testContext, podA) if err != nil { got, open := <-wi.ResultChan() if !open { t.Errorf("%v: unexpected channel close", name) } else { if e, a := obj, got.Object; !reflect.DeepEqual(e, a) { t.Errorf("Expected %#v, got %#v", e, a) } } } wi.Stop() } server.Terminate(t) } }
// Makes sure that exactly the specified hosts are registered as instances with the load balancer func (c *Cloud) ensureLoadBalancerInstances(loadBalancerName string, lbInstances []*elb.Instance, instances []*ec2.Instance) error { expected := sets.NewString() for _, instance := range instances { expected.Insert(orEmpty(instance.InstanceId)) } actual := sets.NewString() for _, lbInstance := range lbInstances { actual.Insert(orEmpty(lbInstance.InstanceId)) } additions := expected.Difference(actual) removals := actual.Difference(expected) addInstances := []*elb.Instance{} for _, instanceId := range additions.List() { addInstance := &elb.Instance{} addInstance.InstanceId = aws.String(instanceId) addInstances = append(addInstances, addInstance) } removeInstances := []*elb.Instance{} for _, instanceId := range removals.List() { removeInstance := &elb.Instance{} removeInstance.InstanceId = aws.String(instanceId) removeInstances = append(removeInstances, removeInstance) } if len(addInstances) > 0 { registerRequest := &elb.RegisterInstancesWithLoadBalancerInput{} registerRequest.Instances = addInstances registerRequest.LoadBalancerName = aws.String(loadBalancerName) _, err := c.elb.RegisterInstancesWithLoadBalancer(registerRequest) if err != nil { return err } glog.V(1).Infof("Instances added to load-balancer %s", loadBalancerName) } if len(removeInstances) > 0 { deregisterRequest := &elb.DeregisterInstancesFromLoadBalancerInput{} deregisterRequest.Instances = removeInstances deregisterRequest.LoadBalancerName = aws.String(loadBalancerName) _, err := c.elb.DeregisterInstancesFromLoadBalancer(deregisterRequest) if err != nil { return err } glog.V(1).Infof("Instances removed from load-balancer %s", loadBalancerName) } return nil }
func compareResults(t *testing.T, expected, actual []types.UID) { expectedSet := sets.NewString() for _, u := range expected { expectedSet.Insert(string(u)) } actualSet := sets.NewString() for _, u := range actual { actualSet.Insert(string(u)) } if !expectedSet.Equal(actualSet) { t.Errorf("Expected %#v, got %#v", expectedSet.List(), actualSet.List()) } }
// fsTypeToStringSet converts an FSType slice to a string set. func FSTypeToStringSet(fsTypes []extensions.FSType) sets.String { set := sets.NewString() for _, v := range fsTypes { set.Insert(string(v)) } return set }
// makeCapSet makes a string set from capabilities and normalizes them to be all lower case to help // with comparisons. func makeCapSet(caps []api.Capability) sets.String { s := sets.NewString() for _, c := range caps { s.Insert(string(c)) } return s }
// NodeSelectorRequirementsAsSelector converts the []NodeSelectorRequirement api type into a struct that implements // labels.Selector. func NodeSelectorRequirementsAsSelector(nsm []NodeSelectorRequirement) (labels.Selector, error) { if len(nsm) == 0 { return labels.Nothing(), nil } selector := labels.NewSelector() for _, expr := range nsm { var op labels.Operator switch expr.Operator { case NodeSelectorOpIn: op = labels.InOperator case NodeSelectorOpNotIn: op = labels.NotInOperator case NodeSelectorOpExists: op = labels.ExistsOperator case NodeSelectorOpDoesNotExist: op = labels.DoesNotExistOperator case NodeSelectorOpGt: op = labels.GreaterThanOperator case NodeSelectorOpLt: op = labels.LessThanOperator default: return nil, fmt.Errorf("%q is not a valid node selector operator", expr.Operator) } r, err := labels.NewRequirement(expr.Key, op, sets.NewString(expr.Values...)) if err != nil { return nil, err } selector = selector.Add(*r) } return selector, nil }
func GetAllFSTypesAsSet() sets.String { fstypes := sets.NewString() fstypes.Insert( string(extensions.HostPath), string(extensions.AzureFile), string(extensions.Flocker), string(extensions.FlexVolume), string(extensions.EmptyDir), string(extensions.GCEPersistentDisk), string(extensions.AWSElasticBlockStore), string(extensions.GitRepo), string(extensions.Secret), string(extensions.NFS), string(extensions.ISCSI), string(extensions.Glusterfs), string(extensions.PersistentVolumeClaim), string(extensions.RBD), string(extensions.Cinder), string(extensions.CephFS), string(extensions.DownwardAPI), string(extensions.FC), string(extensions.ConfigMap), string(extensions.VsphereVolume)) return fstypes }
func TestEnsureRuleAlreadyExists(t *testing.T) { fcmd := exec.FakeCmd{ CombinedOutputScript: []exec.FakeCombinedOutputAction{ // iptables version check func() ([]byte, error) { return []byte("iptables v1.9.22"), nil }, // Success. func() ([]byte, error) { return []byte{}, nil }, }, } fexec := exec.FakeExec{ CommandScript: []exec.FakeCommandAction{ // iptables version check func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) }, // The second Command() call is checking the rule. Success of that exec means "done". func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) }, }, } runner := New(&fexec, dbus.NewFake(nil, nil), ProtocolIpv4) defer runner.Destroy() exists, err := runner.EnsureRule(Append, TableNAT, ChainOutput, "abc", "123") if err != nil { t.Errorf("expected success, got %v", err) } if !exists { t.Errorf("expected exists = true") } if fcmd.CombinedOutputCalls != 2 { t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-C", "OUTPUT", "abc", "123") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[1]) } }
func TestDeleteRuleNew(t *testing.T) { fcmd := exec.FakeCmd{ CombinedOutputScript: []exec.FakeCombinedOutputAction{ // iptables version check func() ([]byte, error) { return []byte("iptables v1.9.22"), nil }, // Success on the first call. func() ([]byte, error) { return []byte{}, nil }, // Success on the second call. func() ([]byte, error) { return []byte{}, nil }, }, } fexec := exec.FakeExec{ CommandScript: []exec.FakeCommandAction{ // iptables version check func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) }, // The second Command() call is checking the rule. Success of that means delete it. func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) }, func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) }, }, } runner := New(&fexec, dbus.NewFake(nil, nil), ProtocolIpv4) defer runner.Destroy() err := runner.DeleteRule(TableNAT, ChainOutput, "abc", "123") if err != nil { t.Errorf("expected success, got %v", err) } if fcmd.CombinedOutputCalls != 3 { t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } if !sets.NewString(fcmd.CombinedOutputLog[2]...).HasAll("iptables", "-t", "nat", "-D", "OUTPUT", "abc", "123") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } }
// getUnmountedVolumes fetches the current list of mounted volumes from // the actual state of the world, and uses it to process the list of // expectedVolumes. It returns a list of unmounted volumes. func (vm *volumeManager) getUnmountedVolumes( podName types.UniquePodName, expectedVolumes []string) []string { mountedVolumes := sets.NewString() for _, mountedVolume := range vm.actualStateOfWorld.GetMountedVolumesForPod(podName) { mountedVolumes.Insert(mountedVolume.OuterVolumeSpecName) } return filterUnmountedVolumes(mountedVolumes, expectedVolumes) }
// NewHandler creates a new base handler that handles the passed // in operations func NewHandler(ops ...Operation) *Handler { operations := sets.NewString() for _, op := range ops { operations.Insert(string(op)) } return &Handler{ operations: operations, } }
// Creates new queue which will use given RateLimiter to oversee execution. func NewRateLimitedTimedQueue(limiter flowcontrol.RateLimiter) *RateLimitedTimedQueue { return &RateLimitedTimedQueue{ queue: UniqueQueue{ queue: TimedQueue{}, set: sets.NewString(), }, limiter: limiter, } }
// Clear removes all items from the queue and duplication preventing set. func (q *UniqueQueue) Clear() { q.lock.Lock() defer q.lock.Unlock() if q.queue.Len() > 0 { q.queue = make(TimedQueue, 0) } if len(q.set) > 0 { q.set = sets.NewString() } }
// Executes the rule check without using the "-C" flag, instead parsing iptables-save. // Present for compatibility with <1.4.11 versions of iptables. This is full // of hack and half-measures. We should nix this ASAP. func (runner *runner) checkRuleWithoutCheck(table Table, chain Chain, args ...string) (bool, error) { glog.V(1).Infof("running iptables-save -t %s", string(table)) out, err := runner.exec.Command(cmdIptablesSave, "-t", string(table)).CombinedOutput() if err != nil { return false, fmt.Errorf("error checking rule: %v", err) } // Sadly, iptables has inconsistent quoting rules for comments. Just remove all quotes. // Also, quoted multi-word comments (which are counted as a single arg) // will be unpacked into multiple args, // in order to compare against iptables-save output (which will be split at whitespace boundary) // e.g. a single arg('"this must be before the NodePort rules"') will be unquoted and unpacked into 7 args. var argsCopy []string for i := range args { tmpField := strings.Trim(args[i], "\"") argsCopy = append(argsCopy, strings.Fields(tmpField)...) } argset := sets.NewString(argsCopy...) for _, line := range strings.Split(string(out), "\n") { var fields = strings.Fields(line) // Check that this is a rule for the correct chain, and that it has // the correct number of argument (+2 for "-A <chain name>") if !strings.HasPrefix(line, fmt.Sprintf("-A %s", string(chain))) || len(fields) != len(argsCopy)+2 { continue } // Sadly, iptables has inconsistent quoting rules for comments. // Just remove all quotes. for i := range fields { fields[i] = strings.Trim(fields[i], "\"") } // TODO: This misses reorderings e.g. "-x foo ! -y bar" will match "! -x foo -y bar" if sets.NewString(fields...).IsSuperset(argset) { return true, nil } glog.V(5).Infof("DBG: fields is not a superset of args: fields=%v args=%v", fields, args) } return false, nil }
func stringSetFromPointers(in []*string) sets.String { if in == nil { return nil } out := sets.NewString() for i := range in { out.Insert(orEmpty(in[i])) } return out }
func (dk *BasicDockerKeyring) Add(cfg DockerConfig) { if dk.index == nil { dk.index = make([]string, 0) dk.creds = make(map[string][]LazyAuthConfiguration) } for loc, ident := range cfg { var creds LazyAuthConfiguration if ident.Provider != nil { creds = LazyAuthConfiguration{ Provider: ident.Provider, } } else { creds = DockerConfigEntryToLazyAuthConfiguration(ident) } value := loc if !strings.HasPrefix(value, "https://") && !strings.HasPrefix(value, "http://") { value = "https://" + value } parsed, err := url.Parse(value) if err != nil { glog.Errorf("Entry %q in dockercfg invalid (%v), ignoring", loc, err) continue } // The docker client allows exact matches: // foo.bar.com/namespace // Or hostname matches: // foo.bar.com // It also considers /v2/ and /v1/ equivalent to the hostname // See ResolveAuthConfig in docker/registry/auth.go. effectivePath := parsed.Path if strings.HasPrefix(effectivePath, "/v2/") || strings.HasPrefix(effectivePath, "/v1/") { effectivePath = effectivePath[3:] } var key string if (len(effectivePath) > 0) && (effectivePath != "/") { key = parsed.Host + effectivePath } else { key = parsed.Host } dk.creds[key] = append(dk.creds[key], creds) dk.index = append(dk.index, key) } eliminateDupes := sets.NewString(dk.index...) dk.index = eliminateDupes.List() // Update the index used to identify which credentials to use for a given // image. The index is reverse-sorted so more specific paths are matched // first. For example, if for the given image "quay.io/coreos/etcd", // credentials for "quay.io/coreos" should match before "quay.io". sort.Sort(sort.Reverse(sort.StringSlice(dk.index))) }
func TestActivePodFiltering(t *testing.T) { // This rc is not needed by the test, only the newPodList to give the pods labels/a namespace. rc := newReplicationController(0) podList := newPodList(nil, 5, api.PodRunning, rc) podList.Items[0].Status.Phase = api.PodSucceeded podList.Items[1].Status.Phase = api.PodFailed expectedNames := sets.NewString() for _, pod := range podList.Items[2:] { expectedNames.Insert(pod.Name) } got := FilterActivePods(podList.Items) gotNames := sets.NewString() for _, pod := range got { gotNames.Insert(pod.Name) } if expectedNames.Difference(gotNames).Len() != 0 || gotNames.Difference(expectedNames).Len() != 0 { t.Errorf("expected %v, got %v", expectedNames.List(), gotNames.List()) } }
func TestRequirementSelectorMatching(t *testing.T) { var req Requirement labelSelectorMatchingTests := []struct { Set Set Sel Selector Match bool }{ {Set{"x": "foo", "y": "baz"}, &internalSelector{ req, }, false}, {Set{"x": "foo", "y": "baz"}, &internalSelector{ getRequirement("x", InOperator, sets.NewString("foo"), t), getRequirement("y", NotInOperator, sets.NewString("alpha"), t), }, true}, {Set{"x": "foo", "y": "baz"}, &internalSelector{ getRequirement("x", InOperator, sets.NewString("foo"), t), getRequirement("y", InOperator, sets.NewString("alpha"), t), }, false}, {Set{"y": ""}, &internalSelector{ getRequirement("x", NotInOperator, sets.NewString(""), t), getRequirement("y", ExistsOperator, nil, t), }, true}, {Set{"y": ""}, &internalSelector{ getRequirement("x", DoesNotExistOperator, nil, t), getRequirement("y", ExistsOperator, nil, t), }, true}, {Set{"y": ""}, &internalSelector{ getRequirement("x", NotInOperator, sets.NewString(""), t), getRequirement("y", DoesNotExistOperator, nil, t), }, false}, {Set{"y": "baz"}, &internalSelector{ getRequirement("x", InOperator, sets.NewString(""), t), }, false}, {Set{"z": "1.2"}, &internalSelector{ getRequirement("z", GreaterThanOperator, sets.NewString("1.0"), t), }, true}, {Set{"z": "v1.2"}, &internalSelector{ getRequirement("z", GreaterThanOperator, sets.NewString("1.0"), t), }, false}, } for _, lsm := range labelSelectorMatchingTests { if match := lsm.Sel.Matches(lsm.Set); match != lsm.Match { t.Errorf("%+v.Matches(%#v) => %v, want %v", lsm.Sel, lsm.Set, match, lsm.Match) } } }
// SplitResourceArgument splits the argument with commas and returns unique // strings in the original order. func SplitResourceArgument(arg string) []string { out := []string{} set := sets.NewString() for _, s := range strings.Split(arg, ",") { if set.Has(s) { continue } set.Insert(s) out = append(out, s) } return out }
func TestTry(t *testing.T) { evictor := NewRateLimitedTimedQueue(flowcontrol.NewFakeAlwaysRateLimiter()) evictor.Add("first") evictor.Add("second") evictor.Add("third") evictor.Remove("second") deletedMap := sets.NewString() evictor.Try(func(value TimedValue) (bool, time.Duration) { deletedMap.Insert(value.Value) return true, 0 }) setPattern := sets.NewString("first", "third") if len(deletedMap) != len(setPattern) { t.Fatalf("Map %v should have length %d", evictor.queue.set, len(setPattern)) } if !CheckSetEq(setPattern, deletedMap) { t.Errorf("Invalid map. Got %v, expected %v", deletedMap, setPattern) } }