| /* |
| Copyright 2014 The Kubernetes Authors. |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| package storage |
| |
| import ( |
| "testing" |
| |
| metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" |
| "k8s.io/kubernetes/pkg/apis/policy" |
| // Ensure that policy/v1beta1 package is initialized. |
| _ "k8s.io/api/policy/v1beta1" |
| "k8s.io/apimachinery/pkg/fields" |
| "k8s.io/apimachinery/pkg/labels" |
| "k8s.io/apimachinery/pkg/runtime" |
| "k8s.io/apiserver/pkg/registry/generic" |
| genericregistrytest "k8s.io/apiserver/pkg/registry/generic/testing" |
| etcdtesting "k8s.io/apiserver/pkg/storage/etcd/testing" |
| "k8s.io/kubernetes/pkg/registry/registrytest" |
| ) |
| |
| func newStorage(t *testing.T) (*REST, *etcdtesting.EtcdTestServer) { |
| etcdStorage, server := registrytest.NewEtcdStorage(t, "policy") |
| restOptions := generic.RESTOptions{ |
| StorageConfig: etcdStorage, |
| Decorator: generic.UndecoratedStorage, |
| DeleteCollectionWorkers: 1, |
| ResourcePrefix: "podsecuritypolicies", |
| } |
| return NewREST(restOptions), server |
| } |
| |
| func validNewPodSecurityPolicy() *policy.PodSecurityPolicy { |
| return &policy.PodSecurityPolicy{ |
| ObjectMeta: metav1.ObjectMeta{ |
| Name: "foo", |
| }, |
| Spec: policy.PodSecurityPolicySpec{ |
| SELinux: policy.SELinuxStrategyOptions{ |
| Rule: policy.SELinuxStrategyRunAsAny, |
| }, |
| RunAsUser: policy.RunAsUserStrategyOptions{ |
| Rule: policy.RunAsUserStrategyRunAsAny, |
| }, |
| RunAsGroup: &policy.RunAsGroupStrategyOptions{ |
| Rule: policy.RunAsGroupStrategyRunAsAny, |
| }, |
| FSGroup: policy.FSGroupStrategyOptions{ |
| Rule: policy.FSGroupStrategyRunAsAny, |
| }, |
| SupplementalGroups: policy.SupplementalGroupsStrategyOptions{ |
| Rule: policy.SupplementalGroupsStrategyRunAsAny, |
| }, |
| }, |
| } |
| } |
| |
| func TestCreate(t *testing.T) { |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| test := genericregistrytest.New(t, storage.Store).ClusterScope() |
| psp := validNewPodSecurityPolicy() |
| psp.ObjectMeta = metav1.ObjectMeta{GenerateName: "foo-"} |
| test.TestCreate( |
| // valid |
| psp, |
| // invalid |
| &policy.PodSecurityPolicy{ |
| ObjectMeta: metav1.ObjectMeta{Name: "name with spaces"}, |
| }, |
| ) |
| } |
| |
| func TestUpdate(t *testing.T) { |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| test := genericregistrytest.New(t, storage.Store).ClusterScope() |
| test.TestUpdate( |
| // valid |
| validNewPodSecurityPolicy(), |
| // updateFunc |
| func(obj runtime.Object) runtime.Object { |
| object := obj.(*policy.PodSecurityPolicy) |
| object.Labels = map[string]string{"a": "b"} |
| return object |
| }, |
| ) |
| } |
| |
| func TestDelete(t *testing.T) { |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| test := genericregistrytest.New(t, storage.Store).ClusterScope().ReturnDeletedObject() |
| test.TestDelete(validNewPodSecurityPolicy()) |
| } |
| |
| func TestGet(t *testing.T) { |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| test := genericregistrytest.New(t, storage.Store).ClusterScope() |
| test.TestGet(validNewPodSecurityPolicy()) |
| } |
| |
| func TestList(t *testing.T) { |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| test := genericregistrytest.New(t, storage.Store).ClusterScope() |
| test.TestList(validNewPodSecurityPolicy()) |
| } |
| |
| func TestWatch(t *testing.T) { |
| storage, server := newStorage(t) |
| defer server.Terminate(t) |
| defer storage.Store.DestroyFunc() |
| test := genericregistrytest.New(t, storage.Store).ClusterScope() |
| test.TestWatch( |
| validNewPodSecurityPolicy(), |
| // matching labels |
| []labels.Set{}, |
| // not matching labels |
| []labels.Set{ |
| {"foo": "bar"}, |
| }, |
| // matching fields |
| []fields.Set{ |
| {"metadata.name": "foo"}, |
| }, |
| // not matching fields |
| []fields.Set{ |
| {"metadata.name": "bar"}, |
| {"name": "foo"}, |
| }, |
| ) |
| } |