Merge pull request #20 from carmark/test

first round test cases fix

Author: feiskyer

examples/examples_test.go

@@ -86,6 +86,8 @@ func validateObject(obj runtime.Object) (errors []error) {
 		errors = validation.ValidateEndpoints(t)
 	case *api.Namespace:
 		errors = validation.ValidateNamespace(t)
+	case *api.Tenant:
+		errors = validation.ValidateTenant(t)
 	case *api.Secret:
 		if t.Namespace == "" {
 			t.Namespace = api.NamespaceDefault
@@ -219,6 +221,8 @@ func TestExampleObjectSchemas(t *testing.T) {
 		},
 		"../docs/user-guide": {
 			"multi-pod":   nil,
+			"ns":          &api.Namespace{},
+			"te":          &api.Tenant{},
 			"pod":         &api.Pod{},
 			"replication": &api.ReplicationController{},
 			"job":         &experimental.Job{},

pkg/api/meta/meta_test.go

@@ -28,6 +28,7 @@ func TestGenericTypeMeta(t *testing.T) {
 	type TypeMeta struct {
 		Kind              string            `json:"kind,omitempty"`
 		Namespace         string            `json:"namespace,omitempty"`
+		Tenant            string            `json:"tenant,omitempty"`
 		Name              string            `json:"name,omitempty"`
 		GenerateName      string            `json:"generateName,omitempty"`
 		UID               string            `json:"uid,omitempty"`
@@ -44,6 +45,7 @@ func TestGenericTypeMeta(t *testing.T) {
 	j := Object{
 		TypeMeta{
 			Namespace:       "bar",
+			Tenant:          "hah",
 			Name:            "foo",
 			GenerateName:    "prefix",
 			UID:             "uid",
@@ -62,6 +64,9 @@ func TestGenericTypeMeta(t *testing.T) {
 	if e, a := "bar", accessor.Namespace(); e != a {
 		t.Errorf("expected %v, got %v", e, a)
 	}
+	if e, a := "hah", accessor.Tenant(); e != a {
+		t.Errorf("expected %v, got %v", e, a)
+	}
 	if e, a := "foo", accessor.Name(); e != a {
 		t.Errorf("expected %v, got %v", e, a)
 	}
@@ -96,6 +101,7 @@ func TestGenericTypeMeta(t *testing.T) {
 	}
 
 	accessor.SetNamespace("baz")
+	accessor.SetTenant("uau")
 	accessor.SetName("bar")
 	accessor.SetGenerateName("generate")
 	accessor.SetUID("other")
@@ -108,6 +114,9 @@ func TestGenericTypeMeta(t *testing.T) {
 	if e, a := "baz", j.Namespace; e != a {
 		t.Errorf("expected %v, got %v", e, a)
 	}
+	if e, a := "uau", j.Tenant; e != a {
+		t.Errorf("expected %v, got %v", e, a)
+	}
 	if e, a := "bar", j.Name; e != a {
 		t.Errorf("expected %v, got %v", e, a)
 	}
@@ -143,6 +152,7 @@ func TestGenericTypeMeta(t *testing.T) {
 type InternalTypeMeta struct {
 	Kind              string            `json:"kind,omitempty"`
 	Namespace         string            `json:"namespace,omitempty"`
+	Tenant            string            `json:"tenant,omitempty"`
 	Name              string            `json:"name,omitempty"`
 	GenerateName      string            `json:"generateName,omitempty"`
 	UID               string            `json:"uid,omitempty"`
@@ -163,6 +173,7 @@ func TestGenericTypeMetaAccessor(t *testing.T) {
 	j := &InternalObject{
 		InternalTypeMeta{
 			Namespace:       "bar",
+			Tenant:          "hah",
 			Name:            "foo",
 			GenerateName:    "prefix",
 			UID:             "uid",
@@ -182,6 +193,13 @@ func TestGenericTypeMetaAccessor(t *testing.T) {
 	if e, a := "bar", namespace; e != a {
 		t.Errorf("expected %v, got %v", e, a)
 	}
+	tenant, err := accessor.Tenant(j)
+	if err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
+	if e, a := "hah", tenant; e != a {
+		t.Errorf("expected %v, got %v", e, a)
+	}
 	name, err := accessor.Name(j)
 	if err != nil {
 		t.Errorf("unexpected error: %v", err)
@@ -249,6 +267,9 @@ func TestGenericTypeMetaAccessor(t *testing.T) {
 	if err := accessor.SetNamespace(j, "baz"); err != nil {
 		t.Errorf("unexpected error: %v", err)
 	}
+	if err := accessor.SetTenant(j, "uau"); err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
 	if err := accessor.SetName(j, "bar"); err != nil {
 		t.Errorf("unexpected error: %v", err)
 	}
@@ -282,6 +303,9 @@ func TestGenericTypeMetaAccessor(t *testing.T) {
 	if e, a := "baz", j.TypeMeta.Namespace; e != a {
 		t.Errorf("expected %v, got %v", e, a)
 	}
+	if e, a := "uau", j.TypeMeta.Tenant; e != a {
+		t.Errorf("expected %v, got %v", e, a)
+	}
 	if e, a := "bar", j.TypeMeta.Name; e != a {
 		t.Errorf("expected %v, got %v", e, a)
 	}
@@ -318,6 +342,7 @@ func TestGenericObjectMeta(t *testing.T) {
 	}
 	type ObjectMeta struct {
 		Namespace         string            `json:"namespace,omitempty"`
+		Tenant            string            `json:"tenant,omitempty"`
 		Name              string            `json:"name,omitempty"`
 		GenerateName      string            `json:"generateName,omitempty"`
 		UID               string            `json:"uid,omitempty"`
@@ -338,6 +363,7 @@ func TestGenericObjectMeta(t *testing.T) {
 		},
 		ObjectMeta{
 			Namespace:       "bar",
+			Tenant:          "hah",
 			Name:            "foo",
 			GenerateName:    "prefix",
 			UID:             "uid",
@@ -354,6 +380,9 @@ func TestGenericObjectMeta(t *testing.T) {
 	if e, a := "bar", accessor.Namespace(); e != a {
 		t.Errorf("expected %v, got %v", e, a)
 	}
+	if e, a := "hah", accessor.Tenant(); e != a {
+		t.Errorf("expected %v, got %v", e, a)
+	}
 	if e, a := "foo", accessor.Name(); e != a {
 		t.Errorf("expected %v, got %v", e, a)
 	}
@@ -383,6 +412,7 @@ func TestGenericObjectMeta(t *testing.T) {
 	}
 
 	accessor.SetNamespace("baz")
+	accessor.SetTenant("uau")
 	accessor.SetName("bar")
 	accessor.SetGenerateName("generate")
 	accessor.SetUID("other")
@@ -397,6 +427,9 @@ func TestGenericObjectMeta(t *testing.T) {
 	if e, a := "baz", j.Namespace; e != a {
 		t.Errorf("expected %v, got %v", e, a)
 	}
+	if e, a := "uau", j.Tenant; e != a {
+		t.Errorf("expected %v, got %v", e, a)
+	}
 	if e, a := "bar", j.Name; e != a {
 		t.Errorf("expected %v, got %v", e, a)
 	}

pkg/api/validation/validation.go

@@ -1798,15 +1798,34 @@ func ValidateResourceQuotaStatusUpdate(newResourceQuota, oldResourceQuota *api.R
 
 // fake functions for 'tenant' validatation
 func ValidateTenant(tenant *api.Tenant) errs.ValidationErrorList {
-	return nil
+	allErrs := errs.ValidationErrorList{}
+	allErrs = append(allErrs, ValidateObjectMeta(&tenant.ObjectMeta, false, ValidateTenantName).Prefix("metadata")...)
+
+	return allErrs
 }
 
 func ValidateTenantUpdate(newTenant *api.Tenant, oldTenant *api.Tenant) errs.ValidationErrorList {
-	return nil
+	allErrs := errs.ValidationErrorList{}
+	allErrs = append(allErrs, ValidateObjectMetaUpdate(&newTenant.ObjectMeta, &oldTenant.ObjectMeta).Prefix("metadata")...)
+	newTenant.Spec = oldTenant.Spec
+	newTenant.Status = oldTenant.Status
+	return allErrs
 }
 
 func ValidateTenantStatusUpdate(newTenant, oldTenant *api.Tenant) errs.ValidationErrorList {
-	return nil
+	allErrs := errs.ValidationErrorList{}
+	allErrs = append(allErrs, ValidateObjectMetaUpdate(&newTenant.ObjectMeta, &oldTenant.ObjectMeta).Prefix("metadata")...)
+	newTenant.Spec = oldTenant.Spec
+	if newTenant.DeletionTimestamp.IsZero() {
+		if newTenant.Status.Phase != api.TenantActive {
+			allErrs = append(allErrs, errs.NewFieldInvalid("Status.Phase", newTenant.Status.Phase, "A tenant may only be in active status if it does not have a deletion timestamp."))
+		}
+	} else {
+		if newTenant.Status.Phase != api.TenantTerminating {
+			allErrs = append(allErrs, errs.NewFieldInvalid("Status.Phase", newTenant.Status.Phase, "A tenant may only be in terminating status if it has a deletion timestamp."))
+		}
+	}
+	return allErrs
 }
 
 // ValidateNamespace tests if required fields are set.

pkg/api/validation/validation_test.go

@@ -460,7 +460,7 @@ func TestValidateVolumes(t *testing.T) {
 		{Name: "glusterfs", VolumeSource: api.VolumeSource{Glusterfs: &api.GlusterfsVolumeSource{EndpointsName: "host1", Path: "path", ReadOnly: false}}},
 		{Name: "flocker", VolumeSource: api.VolumeSource{Flocker: &api.FlockerVolumeSource{DatasetName: "datasetName"}}},
 		{Name: "rbd", VolumeSource: api.VolumeSource{RBD: &api.RBDVolumeSource{CephMonitors: []string{"foo"}, RBDImage: "bar", FSType: "ext4"}}},
-		{Name: "cinder", VolumeSource: api.VolumeSource{Cinder: &api.CinderVolumeSource{"29ea5088-4f60-4757-962e-dba678767887", "ext4", false}}},
+		{Name: "cinder", VolumeSource: api.VolumeSource{Cinder: &api.CinderVolumeSource{"29ea5088-4f60-4757-962e-dba678767887", "ext4", false, false}}},
 		{Name: "cephfs", VolumeSource: api.VolumeSource{CephFS: &api.CephFSVolumeSource{Monitors: []string{"foo"}}}},
 		{Name: "downwardapi", VolumeSource: api.VolumeSource{DownwardAPI: &api.DownwardAPIVolumeSource{Items: []api.DownwardAPIVolumeFile{
 			{Path: "labels", FieldRef: api.ObjectFieldSelector{

pkg/apiserver/apiserver_test.go

@@ -2250,13 +2250,19 @@ type setTestSelfLinker struct {
 	expectedSet string
 	name        string
 	namespace   string
+	tenant      string
 	called      bool
 	err         error
 }
 
 func (s *setTestSelfLinker) Namespace(runtime.Object) (string, error) { return s.namespace, s.err }
-func (s *setTestSelfLinker) Name(runtime.Object) (string, error)      { return s.name, s.err }
-func (s *setTestSelfLinker) SelfLink(runtime.Object) (string, error)  { return "", s.err }
+func (s *setTestSelfLinker) Tenant(runtime.Object) (string, error)    { return s.tenant, s.err }
+func (s *setTestSelfLinker) SetTenant(obj runtime.Object, tenant string) error {
+	s.tenant = tenant
+	return s.err
+}
+func (s *setTestSelfLinker) Name(runtime.Object) (string, error)     { return s.name, s.err }
+func (s *setTestSelfLinker) SelfLink(runtime.Object) (string, error) { return "", s.err }
 func (s *setTestSelfLinker) SetSelfLink(obj runtime.Object, selfLink string) error {
 	if e, a := s.expectedSet, selfLink; e != a {
 		s.t.Errorf("expected '%v', got '%v'", e, a)

pkg/apiserver/authz_test.go

@@ -24,7 +24,7 @@ import (
 // and always return nil.
 func TestNewAlwaysAllowAuthorizer(t *testing.T) {
 	aaa := NewAlwaysAllowAuthorizer()
-	if result := aaa.Authorize(nil); result != nil {
+	if _, result := aaa.Authorize(nil); result != nil {
 		t.Errorf("AlwaysAllowAuthorizer.Authorize did not return nil. (%s)", result)
 	}
 }
@@ -33,39 +33,51 @@ func TestNewAlwaysAllowAuthorizer(t *testing.T) {
 // and always return an error as everything is forbidden.
 func TestNewAlwaysDenyAuthorizer(t *testing.T) {
 	ada := NewAlwaysDenyAuthorizer()
-	if result := ada.Authorize(nil); result == nil {
+	if _, result := ada.Authorize(nil); result == nil {
 		t.Errorf("AlwaysDenyAuthorizer.Authorize returned nil instead of error.")
 	}
 }
 
 // NewAuthorizerFromAuthorizationConfig has multiple return possibilities. This test
 // validates that errors are returned only when proper.
 func TestNewAuthorizerFromAuthorizationConfig(t *testing.T) {
+	testConfig := AuthorizerConfig{
+		AuthorizationModes:      []string{},
+		AuthorizationPolicyFile: "",
+		KeystonAuthURL:          "",
+	}
 	// Unknown modes should return errors
-	if _, err := NewAuthorizerFromAuthorizationConfig([]string{"DoesNotExist"}, ""); err == nil {
+	testConfig.AuthorizationModes = []string{"DoesNotExist"}
+	if _, err := NewAuthorizerFromAuthorizationConfig(testConfig); err == nil {
 		t.Errorf("NewAuthorizerFromAuthorizationConfig using a fake mode should have returned an error")
 	}
 
 	// ModeAlwaysAllow and ModeAlwaysDeny should return without authorizationPolicyFile
 	// but error if one is given
-	if _, err := NewAuthorizerFromAuthorizationConfig([]string{ModeAlwaysAllow, ModeAlwaysDeny}, ""); err != nil {
+	testConfig.AuthorizationModes = []string{ModeAlwaysAllow, ModeAlwaysDeny}
+	if _, err := NewAuthorizerFromAuthorizationConfig(testConfig); err != nil {
 		t.Errorf("NewAuthorizerFromAuthorizationConfig returned an error: %s", err)
 	}
 
 	// ModeABAC requires a policy file
-	if _, err := NewAuthorizerFromAuthorizationConfig([]string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABAC}, ""); err == nil {
+	testConfig.AuthorizationModes = []string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABAC}
+	if _, err := NewAuthorizerFromAuthorizationConfig(testConfig); err == nil {
 		t.Errorf("NewAuthorizerFromAuthorizationConfig using a fake mode should have returned an error")
 	}
 	// ModeABAC should not error if a valid policy path is provided
-	if _, err := NewAuthorizerFromAuthorizationConfig([]string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABAC}, "../auth/authorizer/abac/example_policy_file.jsonl"); err != nil {
+	testConfig.AuthorizationModes = []string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABAC}
+	testConfig.AuthorizationPolicyFile = "../auth/authorizer/abac/example_policy_file.jsonl"
+	if _, err := NewAuthorizerFromAuthorizationConfig(testConfig); err != nil {
 		t.Errorf("NewAuthorizerFromAuthorizationConfig errored while using a valid policy file: %s", err)
 	}
 	// Authorization Policy file cannot be used without ModeABAC
-	if _, err := NewAuthorizerFromAuthorizationConfig([]string{ModeAlwaysAllow, ModeAlwaysDeny}, "../auth/authorizer/abac/example_policy_file.jsonl"); err == nil {
+	testConfig.AuthorizationModes = []string{ModeAlwaysAllow, ModeAlwaysDeny}
+	if _, err := NewAuthorizerFromAuthorizationConfig(testConfig); err == nil {
 		t.Errorf("NewAuthorizerFromAuthorizationConfig should have errored when Authorization Policy File is used without ModeABAC")
 	}
 	// Atleast one authorizationMode is necessary
-	if _, err := NewAuthorizerFromAuthorizationConfig([]string{}, "../auth/authorizer/abac/example_policy_file.jsonl"); err == nil {
+	testConfig.AuthorizationModes = []string{}
+	if _, err := NewAuthorizerFromAuthorizationConfig(testConfig); err == nil {
 		t.Errorf("NewAuthorizerFromAuthorizationConfig should have errored when no authorization modes are passed")
 	}
 }

pkg/apiserver/resthandler_test.go

@@ -96,6 +96,7 @@ func (p *testPatcher) Get(ctx api.Context, name string) (runtime.Object, error)
 type testNamer struct {
 	namespace string
 	name      string
+	tenant    string
 }
 
 func (p *testNamer) Namespace(req *restful.Request) (namespace string, err error) {
@@ -114,6 +115,15 @@ func (p *testNamer) ObjectName(obj runtime.Object) (namespace, name string, err
 	return p.namespace, p.name, nil
 }
 
+func (p *testNamer) ObjectTenant(obj runtime.Object) (tenant string, err error) {
+	return p.tenant, nil
+}
+
+func (p *testNamer) SetTenant(obj runtime.Object, tenant string) (err error) {
+	p.tenant = tenant
+	return nil
+}
+
 // SetSelfLink sets the provided URL onto the object. The method should return nil if the object
 // does not support selfLinks.
 func (p *testNamer) SetSelfLink(obj runtime.Object, url string) error {
@@ -151,6 +161,7 @@ func (tc *patchTestCase) Run(t *testing.T) {
 
 	namespace := tc.startingPod.Namespace
 	name := tc.startingPod.Name
+	tenant := tc.startingPod.Tenant
 
 	codec := latest.GroupOrDie("").Codec
 
@@ -161,7 +172,7 @@ func (tc *patchTestCase) Run(t *testing.T) {
 	ctx := api.NewDefaultContext()
 	ctx = api.WithNamespace(ctx, namespace)
 
-	namer := &testNamer{namespace, name}
+	namer := &testNamer{namespace, name, tenant}
 
 	versionedObj, err := api.Scheme.ConvertToVersion(&api.Pod{}, "v1")
 	if err != nil {

pkg/auth/authorizer/abac/abac_test.go

@@ -122,7 +122,7 @@ func TestNotAuthorized(t *testing.T) {
 			Namespace: tc.NS,
 		}
 		t.Logf("tc: %v -> attr %v", tc, attr)
-		err := a.Authorize(attr)
+		_, err := a.Authorize(attr)
 		actualAllow := bool(err == nil)
 		if tc.ExpectAllow != actualAllow {
 			t.Errorf("%d: Expected allowed=%v but actually allowed=%v\n\t%v",

pkg/auth/authorizer/union/union_test.go

@@ -28,14 +28,14 @@ type mockAuthzHandler struct {
 	err          error
 }
 
-func (mock *mockAuthzHandler) Authorize(a authorizer.Attributes) error {
+func (mock *mockAuthzHandler) Authorize(a authorizer.Attributes) (string, error) {
 	if mock.err != nil {
-		return mock.err
+		return "", mock.err
 	}
 	if !mock.isAuthorized {
-		return errors.New("Request unauthorized")
+		return "", errors.New("Request unauthorized")
 	} else {
-		return nil
+		return "", nil
 	}
 }
 
@@ -44,7 +44,7 @@ func TestAuthorizationSecondPasses(t *testing.T) {
 	handler2 := &mockAuthzHandler{isAuthorized: true}
 	authzHandler := New(handler1, handler2)
 
-	err := authzHandler.Authorize(nil)
+	_, err := authzHandler.Authorize(nil)
 	if err != nil {
 		t.Errorf("Unexpected error: %v", err)
 	}
@@ -55,7 +55,7 @@ func TestAuthorizationFirstPasses(t *testing.T) {
 	handler2 := &mockAuthzHandler{isAuthorized: false}
 	authzHandler := New(handler1, handler2)
 
-	err := authzHandler.Authorize(nil)
+	_, err := authzHandler.Authorize(nil)
 	if err != nil {
 		t.Errorf("Unexpected error: %v", err)
 	}
@@ -66,7 +66,7 @@ func TestAuthorizationNonePasses(t *testing.T) {
 	handler2 := &mockAuthzHandler{isAuthorized: false}
 	authzHandler := New(handler1, handler2)
 
-	err := authzHandler.Authorize(nil)
+	_, err := authzHandler.Authorize(nil)
 	if err == nil {
 		t.Errorf("Expected error: %v", err)
 	}