mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-10-23 02:23:53 +00:00
tests
This commit is contained in:
parent
8a1c2a0c84
commit
f5bb014274
2 changed files with 13 additions and 14 deletions
|
@ -43,8 +43,7 @@ import (
|
|||
const (
|
||||
EngineName = "kubernetes"
|
||||
// TODO: 5 seconds is against best practice, k3s didn't work otherwise
|
||||
defaultResyncDuration = 5 * time.Second
|
||||
efaultFSGroup int64 = 1000
|
||||
defaultResyncDuration = 5 * time.Second
|
||||
)
|
||||
|
||||
var defaultDeleteOptions = newDefaultDeleteOptions()
|
||||
|
@ -100,7 +99,7 @@ func configFromCliContext(ctx context.Context) (*config, error) {
|
|||
ImagePullSecretNames: c.StringSlice("backend-k8s-pod-image-pull-secret-names"),
|
||||
SecurityContext: SecurityContextConfig{
|
||||
RunAsNonRoot: c.Bool("backend-k8s-secctx-nonroot"), // cspell:words secctx nonroot
|
||||
FSGroup: newInt64(defaultFSGroup),
|
||||
FSGroup: newInt64(1000),
|
||||
},
|
||||
NativeSecretsAllowFromStep: c.Bool("backend-k8s-allow-native-secrets"),
|
||||
}
|
||||
|
|
|
@ -391,16 +391,6 @@ func TestPodPrivilege(t *testing.T) {
|
|||
}
|
||||
pod, err = createTestPod(false, false, secCtx)
|
||||
assert.NoError(t, err)
|
||||
assert.Nil(t, pod.Spec.SecurityContext)
|
||||
assert.Nil(t, pod.Spec.Containers[0].SecurityContext)
|
||||
|
||||
// step is not privileged, but security context is requesting privileged
|
||||
secCtx = SecurityContext{
|
||||
Privileged: newBool(true),
|
||||
}
|
||||
pod, err = createTestPod(false, false, secCtx)
|
||||
assert.NoError(t, err)
|
||||
assert.NotNil(t, pod.Spec.SecurityContext)
|
||||
assert.Equal(t, &v1.PodSecurityContext{
|
||||
SELinuxOptions: (*v1.SELinuxOptions)(nil),
|
||||
WindowsOptions: (*v1.WindowsSecurityContextOptions)(nil),
|
||||
|
@ -409,12 +399,22 @@ func TestPodPrivilege(t *testing.T) {
|
|||
RunAsNonRoot: (*bool)(nil),
|
||||
SupplementalGroups: []int64(nil),
|
||||
SupplementalGroupsPolicy: (*v1.SupplementalGroupsPolicy)(nil),
|
||||
FSGroup: newInt64(1000),
|
||||
FSGroup: newInt64(0),
|
||||
Sysctls: []v1.Sysctl(nil),
|
||||
FSGroupChangePolicy: (*v1.PodFSGroupChangePolicy)(nil),
|
||||
SeccompProfile: (*v1.SeccompProfile)(nil),
|
||||
AppArmorProfile: (*v1.AppArmorProfile)(nil),
|
||||
}, pod.Spec.SecurityContext)
|
||||
assert.Nil(t, pod.Spec.Containers[0].SecurityContext)
|
||||
|
||||
// step is not privileged, but security context is requesting privileged
|
||||
secCtx = SecurityContext{
|
||||
Privileged: newBool(true),
|
||||
}
|
||||
pod, err = createTestPod(false, false, secCtx)
|
||||
assert.NoError(t, err)
|
||||
assert.Nil(t, pod.Spec.SecurityContext)
|
||||
assert.Equal(t, (*v1.PodSecurityContext)(nil), pod.Spec.SecurityContext)
|
||||
|
||||
// step is privileged and security context is requesting privileged
|
||||
secCtx = SecurityContext{
|
||||
|
|
Loading…
Reference in a new issue