Skip to content

Commit

Permalink
added tests of mixed privileged falgs in container
Browse files Browse the repository at this point in the history
  • Loading branch information
@mifitous
mifitous committed Apr 20, 2023
1 parent ec92b7f commit be5fb7e
Show file tree
Hide file tree
Showing 2 changed files with 262 additions and 5 deletions.
28 changes: 23 additions & 5 deletions src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,8 @@ public void upgradeFrom_1_15_9_invalid() {
assertEquals("blah", template.getYaml());
assertEquals(Collections.singletonList("blah"), template.getYamls());
assertNull(template._getYamls());
log.getMessages().stream().anyMatch(msg -> msg.contains("Found several persisted YAML fragments in pod template java"));
log.getMessages().stream()
.anyMatch(msg -> msg.contains("Found several persisted YAML fragments in pod template java"));
}

@Test
Expand Down Expand Up @@ -183,7 +184,7 @@ public void upgradeFrom_0_12() throws Exception {
public void upgradeFrom_0_10() throws Exception {
List<PodTemplate> templates = cloud.getTemplates();
PodTemplate template = templates.get(0);
DescribableList<NodeProperty<?>,NodePropertyDescriptor> nodeProperties = template.getNodeProperties();
DescribableList<NodeProperty<?>, NodePropertyDescriptor> nodeProperties = template.getNodeProperties();
assertEquals(1, nodeProperties.size());
ToolLocationNodeProperty property = (ToolLocationNodeProperty) nodeProperties.get(0);
assertEquals(1, property.getLocations().size());
Expand All @@ -202,11 +203,28 @@ public void upgradeFrom_0_8() throws Exception {
assertEquals(cloud.DEFAULT_WAIT_FOR_POD_SEC, cloud.getWaitForPodSec());
}

private void assertPodTemplates(List<PodTemplate> templates) {
assertEquals(1, templates.size());
@Test
@LocalData()
@Issue("JENKINS-70287")
public void mixedPrivivilegedPodTemplates() throws Exception {
List<PodTemplate> templates = cloud.getTemplates();
assertPodTemplates(templates, 2, 2);
PodTemplate template = templates.get(0);
assertEquals(2, template.getContainers().size());
assertEquals(true, template.getContainers().get(0).isPrivileged());
assertEquals(false, template.getContainers().get(1).isPrivileged());
PodTemplate baseTemplate = templates.get(1);
assertEquals(1, baseTemplate.getContainers().size());
assertEquals(true, baseTemplate.getContainers().get(0).isPrivileged());
assertEquals(Collections.emptyList(), template.getYamls());
assertNull(template.getYaml());
}

private void assertPodTemplates(List<PodTemplate> templates, Integer... numbers) {
assertEquals(numbers.length > 0 ? numbers[0] : 1, templates.size());
PodTemplate podTemplate = templates.get(0);
assertEquals(Integer.MAX_VALUE, podTemplate.getInstanceCap());
assertEquals(1, podTemplate.getContainers().size());
assertEquals(numbers.length > 1 ? numbers[1] : 1, podTemplate.getContainers().size());
ContainerTemplate containerTemplate = podTemplate.getContainers().get(0);
assertEquals("jenkins/inbound-agent", containerTemplate.getImage());
assertEquals("jnlp", containerTemplate.getName());
Expand Down
239 changes: 239 additions & 0 deletions ...anchez/jenkins/plugins/kubernetes/KubernetesTest/mixedPrivivilegedPodTemplates/config.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,239 @@
<?xml version='1.1' encoding='UTF-8'?>
<hudson>
<disabledAdministrativeMonitors/>
<version>2.235.2</version>
<installStateName>DEVELOPMENT</installStateName>
<numExecutors>2</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
<securityRealm class="hudson.security.SecurityRealm$None"/>
<disableRememberMe>false</disableRememberMe>
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
<buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
<jdks/>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds>
<org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="[email protected]">
<name>kubernetes</name>
<defaultsProviderTemplate>jnlp</defaultsProviderTemplate>
<templates>
<org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
<inheritFrom>jnlp</inheritFrom>
<name>java</name>
<privileged>false</privileged>
<capOnlyOnAlivePods>false</capOnlyOnAlivePods>
<alwaysPullImage>true</alwaysPullImage>
<instanceCap>2147483647</instanceCap>
<slaveConnectTimeout>100</slaveConnectTimeout>
<idleMinutes>0</idleMinutes>
<activeDeadlineSeconds>0</activeDeadlineSeconds>
<label>java</label>
<nodeSelector></nodeSelector>
<nodeUsageMode>NORMAL</nodeUsageMode>
<customWorkspaceVolumeEnabled>false</customWorkspaceVolumeEnabled>
<workspaceVolume class="org.csanchez.jenkins.plugins.kubernetes.volumes.workspace.EmptyDirWorkspaceVolume">
<memory>false</memory>
</workspaceVolume>
<volumes>
<org.csanchez.jenkins.plugins.kubernetes.volumes.EmptyDirVolume>
<mountPath>/mnt</mountPath>
<memory>false</memory>
</org.csanchez.jenkins.plugins.kubernetes.volumes.EmptyDirVolume>
<org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume>
<mountPath>/host</mountPath>
<hostPath>/mnt/host</hostPath>
</org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume>
</volumes>
<containers>
<org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
<name>jnlp</name>
<image>jenkins/inbound-agent</image>
<privileged>true</privileged>
<alwaysPullImage>true</alwaysPullImage>
<workingDir>/home/jenkins</workingDir>
<command></command>
<args>${computer.jnlpmac} ${computer.name}</args>
<ttyEnabled>true</ttyEnabled>
<resourceRequestCpu>500m</resourceRequestCpu>
<resourceRequestMemory>250Mi</resourceRequestMemory>
<resourceLimitCpu>500m</resourceLimitCpu>
<resourceLimitMemory>250Mi</resourceLimitMemory>
<envVars>
<org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
<key>a</key>
<value>b</value>
</org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
<org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
<key>c</key>
<value>d</value>
</org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
</envVars>
<ports/>
<livenessProbe>
<execArgs></execArgs>
<timeoutSeconds>0</timeoutSeconds>
<initialDelaySeconds>0</initialDelaySeconds>
<failureThreshold>0</failureThreshold>
<periodSeconds>0</periodSeconds>
<successThreshold>0</successThreshold>
</livenessProbe>
</org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
<org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
<name>busybox</name>
<image>busybox</image>
<privileged>false</privileged>
<runAsUser>600002</runAsUser>
<runAsGroup>1000</runAsGroup>
<alwaysPullImage>true</alwaysPullImage>
<workingDir>/home/jenkins</workingDir>
<command>cat</command>
<args></args>
<ttyEnabled>true</ttyEnabled>
<resourceRequestCpu>500m</resourceRequestCpu>
<resourceRequestMemory>250Mi</resourceRequestMemory>
<resourceLimitCpu>500m</resourceLimitCpu>
<resourceLimitMemory>250Mi</resourceLimitMemory>
<envVars/>
<ports/>
<livenessProbe>
<execArgs></execArgs>
<timeoutSeconds>0</timeoutSeconds>
<initialDelaySeconds>0</initialDelaySeconds>
<failureThreshold>0</failureThreshold>
<periodSeconds>0</periodSeconds>
<successThreshold>0</successThreshold>
</livenessProbe>
</org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
</containers>
<envVars>
<org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
<key>a</key>
<value>b</value>
</org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
<org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
<key>c</key>
<value>d</value>
</org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
</envVars>
<annotations>
<org.csanchez.jenkins.plugins.kubernetes.PodAnnotation>
<key>aa</key>
<value>bb</value>
</org.csanchez.jenkins.plugins.kubernetes.PodAnnotation>
</annotations>
<imagePullSecrets>
<org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
<name></name>
</org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
</imagePullSecrets>
<yamls>
<string></string>
</yamls>
<podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Default"/>
<yamlMergeStrategy class="org.csanchez.jenkins.plugins.kubernetes.pod.yaml.Overrides"/>
<showRawYaml>true</showRawYaml>
</org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
<org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
<name>jnlp</name>
<privileged>true</privileged>
<capOnlyOnAlivePods>false</capOnlyOnAlivePods>
<alwaysPullImage>false</alwaysPullImage>
<instanceCap>2147483647</instanceCap>
<slaveConnectTimeout>100</slaveConnectTimeout>
<idleMinutes>0</idleMinutes>
<activeDeadlineSeconds>0</activeDeadlineSeconds>
<label>jnlp-base</label>
<hostNetwork>false</hostNetwork>
<volumes>
<org.csanchez.jenkins.plugins.kubernetes.volumes.EmptyDirVolume>
<mountPath>/mnt</mountPath>
<memory>false</memory>
</org.csanchez.jenkins.plugins.kubernetes.volumes.EmptyDirVolume>
<org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume>
<mountPath>/host</mountPath>
<hostPath>/mnt/host</hostPath>
</org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume>
</volumes>
<containers>
<org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
<name>jnlp-base</name>
<image>busybox</image>
<privileged>true</privileged>
<runAsUser>600002</runAsUser>
<runAsGroup>1000</runAsGroup>
<alwaysPullImage>true</alwaysPullImage>
<workingDir>/home/jenkins</workingDir>
<command>cat</command>
<args></args>
<ttyEnabled>true</ttyEnabled>
<resourceRequestCpu>500m</resourceRequestCpu>
<resourceRequestMemory>250Mi</resourceRequestMemory>
<resourceLimitCpu>500m</resourceLimitCpu>
<resourceLimitMemory>250Mi</resourceLimitMemory>
<envVars/>
<ports/>
<livenessProbe>
<execArgs></execArgs>
<timeoutSeconds>0</timeoutSeconds>
<initialDelaySeconds>0</initialDelaySeconds>
<failureThreshold>0</failureThreshold>
<periodSeconds>0</periodSeconds>
<successThreshold>0</successThreshold>
</livenessProbe>
</org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
</containers>
<imagePullSecrets>
<org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
<name></name>
</org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
</imagePullSecrets>
<podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Default"/>
<yamlMergeStrategy class="org.csanchez.jenkins.plugins.kubernetes.pod.yaml.Merge"/>
<showRawYaml>true</showRawYaml>
</org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
</templates>
<serverUrl>https://192.168.64.1</serverUrl>
<skipTlsVerify>true</skipTlsVerify>
<addMasterProxyEnvVars>false</addMasterProxyEnvVars>
<capOnlyOnAlivePods>false</capOnlyOnAlivePods>
<namespace>default</namespace>
<containerCap>10</containerCap>
<retentionTimeout>5</retentionTimeout>
<connectTimeout>0</connectTimeout>
<readTimeout>0</readTimeout>
<labels class="linked-hash-map">
<entry>
<string>jenkins</string>
<string>slave</string>
</entry>
<entry>
<string>biff</string>
<string>johnson</string>
</entry>
</labels>
<usageRestricted>false</usageRestricted>
<maxRequestsPerHost>32</maxRequestsPerHost>
<waitForPodSec>600</waitForPodSec>
<podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Never"/>
</org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
</clouds>
<quietPeriod>5</quietPeriod>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>all</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>all</primaryView>
<slaveAgentPort>0</slaveAgentPort>
<label></label>
<nodeProperties/>
<globalNodeProperties/>
</hudson>

0 comments on commit be5fb7e

Please sign in to comment.