Skip to content

Commit 032e032

Browse files
shajia-deshawshajia-deshaw
committed
address review comments: use the same test with additional SC assertions
1 parent 0ae8abc commit 032e032

1 file changed

Lines changed: 17 additions & 96 deletions

File tree

pkg/controller/perconaservermongodbrestore/physical_test.go

Lines changed: 17 additions & 96 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,13 @@ import (
1919
func TestUpdateStatefulSetForPhysicalRestore(t *testing.T) {
2020
ctx := context.Background()
2121

22+
nonRoot := true
23+
allowPrivEsc := false
24+
initSC := &corev1.SecurityContext{
25+
RunAsNonRoot: &nonRoot,
26+
AllowPrivilegeEscalation: &allowPrivEsc,
27+
}
28+
2229
cluster := &psmdbv1.PerconaServerMongoDB{
2330
ObjectMeta: metav1.ObjectMeta{
2431
Name: "my-cluster",
@@ -40,6 +47,7 @@ func TestUpdateStatefulSetForPhysicalRestore(t *testing.T) {
4047
Users: "users-secret",
4148
SSL: "ssl-secret",
4249
},
50+
InitContainerSecurityContext: initSC,
4351
},
4452
}
4553

@@ -103,10 +111,15 @@ func TestUpdateStatefulSetForPhysicalRestore(t *testing.T) {
103111
assert.NotEqual(t, naming.ContainerBackupAgent, c.Name)
104112
}
105113

106-
assert.True(t,
107-
slices.ContainsFunc(updatedSTS.Spec.Template.Spec.InitContainers, func(c corev1.Container) bool {
108-
return c.Name == "pbm-init"
109-
}))
114+
var pbmInit *corev1.Container
115+
for i := range updatedSTS.Spec.Template.Spec.InitContainers {
116+
if updatedSTS.Spec.Template.Spec.InitContainers[i].Name == "pbm-init" {
117+
pbmInit = &updatedSTS.Spec.Template.Spec.InitContainers[i]
118+
break
119+
}
120+
}
121+
assert.NotNil(t, pbmInit)
122+
assert.Equal(t, cluster.Spec.InitContainerSecurityContext, pbmInit.SecurityContext)
110123

111124
assert.Equal(t, "/opt/percona/physical-restore-ps-entry.sh", updatedSTS.Spec.Template.Spec.Containers[0].Command[0])
112125

@@ -121,95 +134,3 @@ func TestUpdateStatefulSetForPhysicalRestore(t *testing.T) {
121134
assert.Equal(t, "PBM_MONGODB_URI", lastEnvVar.Name)
122135
assert.Equal(t, expectedURI, lastEnvVar.Value)
123136
}
124-
125-
func TestUpdateStatefulSetForPhysicalRestoreSecurityContext(t *testing.T) {
126-
ctx := context.Background()
127-
128-
nonRoot := true
129-
allowPrivEsc := false
130-
cluster := &psmdbv1.PerconaServerMongoDB{
131-
ObjectMeta: metav1.ObjectMeta{
132-
Name: "my-cluster",
133-
Namespace: "default",
134-
},
135-
Spec: psmdbv1.PerconaServerMongoDBSpec{
136-
CRVersion: version.Version(),
137-
Backup: psmdbv1.BackupSpec{
138-
Image: "percona/percona-backup-mongodb:latest",
139-
},
140-
ImagePullPolicy: corev1.PullIfNotPresent,
141-
Secrets: &psmdbv1.SecretsSpec{
142-
Users: "users-secret",
143-
SSL: "ssl-secret",
144-
},
145-
InitContainerSecurityContext: &corev1.SecurityContext{
146-
RunAsNonRoot: &nonRoot,
147-
AllowPrivilegeEscalation: &allowPrivEsc,
148-
},
149-
},
150-
}
151-
152-
sts := &appsv1.StatefulSet{
153-
ObjectMeta: metav1.ObjectMeta{
154-
Name: "my-cluster-rs0",
155-
Namespace: "default",
156-
},
157-
Spec: appsv1.StatefulSetSpec{
158-
Selector: &metav1.LabelSelector{
159-
MatchLabels: map[string]string{"app": "my-cluster"},
160-
},
161-
Template: corev1.PodTemplateSpec{
162-
ObjectMeta: metav1.ObjectMeta{
163-
Labels: map[string]string{"app": "my-cluster"},
164-
},
165-
Spec: corev1.PodSpec{
166-
Containers: []corev1.Container{
167-
{
168-
Name: "mongod",
169-
Image: "percona/percona-server-mongodb:latest",
170-
},
171-
{
172-
Name: naming.ContainerBackupAgent,
173-
Image: "percona/percona-backup-agent:latest",
174-
},
175-
},
176-
},
177-
},
178-
},
179-
}
180-
181-
secretTLS := &corev1.Secret{
182-
ObjectMeta: metav1.ObjectMeta{
183-
Name: cluster.Spec.Secrets.SSL,
184-
Namespace: cluster.Namespace,
185-
},
186-
Data: map[string][]byte{
187-
"ca.crt": {},
188-
"tls.crt": {},
189-
"tls.key": {},
190-
},
191-
}
192-
193-
r := fakeReconciler(cluster, sts, secretTLS)
194-
namespacedName := types.NamespacedName{
195-
Name: sts.Name,
196-
Namespace: sts.Namespace,
197-
}
198-
199-
err := r.updateStatefulSetForPhysicalRestore(ctx, cluster, namespacedName, 27017)
200-
assert.NoError(t, err)
201-
202-
updatedSTS := &appsv1.StatefulSet{}
203-
err = r.client.Get(ctx, namespacedName, updatedSTS)
204-
assert.NoError(t, err)
205-
206-
var pbmInit *corev1.Container
207-
for i := range updatedSTS.Spec.Template.Spec.InitContainers {
208-
if updatedSTS.Spec.Template.Spec.InitContainers[i].Name == "pbm-init" {
209-
pbmInit = &updatedSTS.Spec.Template.Spec.InitContainers[i]
210-
break
211-
}
212-
}
213-
assert.NotNil(t, pbmInit)
214-
assert.Equal(t, cluster.Spec.InitContainerSecurityContext, pbmInit.SecurityContext)
215-
}

0 commit comments

Comments
 (0)