added tests of mixed privileged falgs in container

mifitous · mifitous · commit 8b79bffc0cbb · 2023-04-20T16:51:34.000+03:00
diff --git a/src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest.java b/src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest.java
@@ -123,7 +123,8 @@ public void upgradeFrom_1_15_9_invalid() {
         assertEquals("blah", template.getYaml());
         assertEquals(Collections.singletonList("blah"), template.getYamls());
         assertNull(template._getYamls());
-        log.getMessages().stream().anyMatch(msg -> msg.contains("Found several persisted YAML fragments in pod template java"));
+        log.getMessages().stream()
+                .anyMatch(msg -> msg.contains("Found several persisted YAML fragments in pod template java"));
     }
 
     @Test
@@ -183,7 +184,7 @@ public void upgradeFrom_0_12() throws Exception {
     public void upgradeFrom_0_10() throws Exception {
         List<PodTemplate> templates = cloud.getTemplates();
         PodTemplate template = templates.get(0);
-        DescribableList<NodeProperty<?>,NodePropertyDescriptor> nodeProperties = template.getNodeProperties();
+        DescribableList<NodeProperty<?>, NodePropertyDescriptor> nodeProperties = template.getNodeProperties();
         assertEquals(1, nodeProperties.size());
         ToolLocationNodeProperty property = (ToolLocationNodeProperty) nodeProperties.get(0);
         assertEquals(1, property.getLocations().size());
@@ -202,11 +203,24 @@ public void upgradeFrom_0_8() throws Exception {
         assertEquals(cloud.DEFAULT_WAIT_FOR_POD_SEC, cloud.getWaitForPodSec());
     }
 
-    private void assertPodTemplates(List<PodTemplate> templates) {
-        assertEquals(1, templates.size());
+    @Test
+    @LocalData()
+    @Issue("JENKINS-70287")
+    public void mixedPrivivilegedPodTemplates() throws Exception {
+        List<PodTemplate> templates = cloud.getTemplates();
+        assertPodTemplates(templates, 2, 2);
+        PodTemplate template = templates.get(0);
+        assertEquals(true, template.getContainers().get(0).isPrivileged());
+        assertEquals(false, template.getContainers().get(1).isPrivileged());
+        assertEquals(Collections.emptyList(), template.getYamls());
+        assertNull(template.getYaml());
+    }
+
+    private void assertPodTemplates(List<PodTemplate> templates, Integer... numbers) {
+        assertEquals(numbers.length > 0 ? numbers[0] : 1, templates.size());
         PodTemplate podTemplate = templates.get(0);
         assertEquals(Integer.MAX_VALUE, podTemplate.getInstanceCap());
-        assertEquals(1, podTemplate.getContainers().size());
+        assertEquals(numbers.length > 1 ? numbers[1] : 1, podTemplate.getContainers().size());
         ContainerTemplate containerTemplate = podTemplate.getContainers().get(0);
         assertEquals("jenkins/inbound-agent", containerTemplate.getImage());
         assertEquals("jnlp", containerTemplate.getName());
diff --git a/src/test/resources/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest/mixedPrivivilegedPodTemplates/config.xml b/src/test/resources/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest/mixedPrivivilegedPodTemplates/config.xml
@@ -0,0 +1,239 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<hudson>
+  <disabledAdministrativeMonitors/>
+  <version>2.235.2</version>
+  <installStateName>DEVELOPMENT</installStateName>
+  <numExecutors>2</numExecutors>
+  <mode>NORMAL</mode>
+  <useSecurity>true</useSecurity>
+  <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
+  <securityRealm class="hudson.security.SecurityRealm$None"/>
+  <disableRememberMe>false</disableRememberMe>
+  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
+  <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
+  <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
+  <jdks/>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
+  <clouds>
+    <org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@1.27.1">
+      <name>kubernetes</name>
+      <defaultsProviderTemplate>jnlp-base</defaultsProviderTemplate>
+      <templates>
+        <org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
+          <inheritFrom>jnlp-base</inheritFrom>
+          <name>java</name>
+          <privileged>false</privileged>
+          <capOnlyOnAlivePods>false</capOnlyOnAlivePods>
+          <alwaysPullImage>true</alwaysPullImage>
+          <instanceCap>2147483647</instanceCap>
+          <slaveConnectTimeout>100</slaveConnectTimeout>
+          <idleMinutes>0</idleMinutes>
+          <activeDeadlineSeconds>0</activeDeadlineSeconds>
+          <label>java</label>
+          <nodeSelector></nodeSelector>
+          <nodeUsageMode>NORMAL</nodeUsageMode>
+          <customWorkspaceVolumeEnabled>false</customWorkspaceVolumeEnabled>
+          <workspaceVolume class="org.csanchez.jenkins.plugins.kubernetes.volumes.workspace.EmptyDirWorkspaceVolume">
+            <memory>false</memory>
+          </workspaceVolume>
+          <volumes>
+            <org.csanchez.jenkins.plugins.kubernetes.volumes.EmptyDirVolume>
+              <mountPath>/mnt</mountPath>
+              <memory>false</memory>
+            </org.csanchez.jenkins.plugins.kubernetes.volumes.EmptyDirVolume>
+            <org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume>
+              <mountPath>/host</mountPath>
+              <hostPath>/mnt/host</hostPath>
+            </org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume>
+          </volumes>
+          <containers>
+            <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
+              <name>jnlp</name>
+              <image>jenkins/inbound-agent</image>
+              <privileged>true</privileged>
+              <alwaysPullImage>true</alwaysPullImage>
+              <workingDir>/home/jenkins</workingDir>
+              <command></command>
+              <args>${computer.jnlpmac} ${computer.name}</args>
+              <ttyEnabled>true</ttyEnabled>
+              <resourceRequestCpu>500m</resourceRequestCpu>
+              <resourceRequestMemory>250Mi</resourceRequestMemory>
+              <resourceLimitCpu>500m</resourceLimitCpu>
+              <resourceLimitMemory>250Mi</resourceLimitMemory>
+              <envVars>
+                <org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
+                  <key>a</key>
+                  <value>b</value>
+                </org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
+                  <key>c</key>
+                  <value>d</value>
+                </org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
+              </envVars>
+              <ports/>
+              <livenessProbe>
+                <execArgs></execArgs>
+                <timeoutSeconds>0</timeoutSeconds>
+                <initialDelaySeconds>0</initialDelaySeconds>
+                <failureThreshold>0</failureThreshold>
+                <periodSeconds>0</periodSeconds>
+                <successThreshold>0</successThreshold>
+              </livenessProbe>
+            </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
+            <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
+              <name>busybox</name>
+              <image>busybox</image>
+              <privileged>false</privileged>
+              <runAsUser>600002</runAsUser>
+              <runAsGroup>1000</runAsGroup>
+              <alwaysPullImage>true</alwaysPullImage>
+              <workingDir>/home/jenkins</workingDir>
+              <command>cat</command>
+              <args></args>
+              <ttyEnabled>true</ttyEnabled>
+              <resourceRequestCpu>500m</resourceRequestCpu>
+              <resourceRequestMemory>250Mi</resourceRequestMemory>
+              <resourceLimitCpu>500m</resourceLimitCpu>
+              <resourceLimitMemory>250Mi</resourceLimitMemory>
+              <envVars/>
+              <ports/>
+              <livenessProbe>
+                <execArgs></execArgs>
+                <timeoutSeconds>0</timeoutSeconds>
+                <initialDelaySeconds>0</initialDelaySeconds>
+                <failureThreshold>0</failureThreshold>
+                <periodSeconds>0</periodSeconds>
+                <successThreshold>0</successThreshold>
+              </livenessProbe>
+            </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
+          </containers>
+          <envVars>
+            <org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
+              <key>a</key>
+              <value>b</value>
+            </org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
+            <org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
+              <key>c</key>
+              <value>d</value>
+            </org.csanchez.jenkins.plugins.kubernetes.PodEnvVar>
+          </envVars>
+          <annotations>
+            <org.csanchez.jenkins.plugins.kubernetes.PodAnnotation>
+              <key>aa</key>
+              <value>bb</value>
+            </org.csanchez.jenkins.plugins.kubernetes.PodAnnotation>
+          </annotations>
+          <imagePullSecrets>
+            <org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
+              <name></name>
+            </org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
+          </imagePullSecrets>
+          <yamls>
+            <string></string>
+          </yamls>
+          <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Default"/>
+          <yamlMergeStrategy class="org.csanchez.jenkins.plugins.kubernetes.pod.yaml.Overrides"/>
+          <showRawYaml>true</showRawYaml>
+        </org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
+        <org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
+          <name>jnlp-base</name>
+          <privileged>false</privileged>
+          <capOnlyOnAlivePods>false</capOnlyOnAlivePods>
+          <alwaysPullImage>false</alwaysPullImage>
+          <instanceCap>2147483647</instanceCap>
+          <slaveConnectTimeout>100</slaveConnectTimeout>
+          <idleMinutes>0</idleMinutes>
+          <activeDeadlineSeconds>0</activeDeadlineSeconds>
+          <label>jnlp-base</label>
+          <hostNetwork>false</hostNetwork>
+          <volumes>
+            <org.csanchez.jenkins.plugins.kubernetes.volumes.EmptyDirVolume>
+              <mountPath>/mnt</mountPath>
+              <memory>false</memory>
+            </org.csanchez.jenkins.plugins.kubernetes.volumes.EmptyDirVolume>
+            <org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume>
+              <mountPath>/host</mountPath>
+              <hostPath>/mnt/host</hostPath>
+            </org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume>
+          </volumes>
+          <containers>
+            <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
+              <name>jnlp-base</name>
+              <image>busybox</image>
+              <privileged>true</privileged>
+              <runAsUser>600002</runAsUser>
+              <runAsGroup>1000</runAsGroup>
+              <alwaysPullImage>true</alwaysPullImage>
+              <workingDir>/home/jenkins</workingDir>
+              <command>cat</command>
+              <args></args>
+              <ttyEnabled>true</ttyEnabled>
+              <resourceRequestCpu>500m</resourceRequestCpu>
+              <resourceRequestMemory>250Mi</resourceRequestMemory>
+              <resourceLimitCpu>500m</resourceLimitCpu>
+              <resourceLimitMemory>250Mi</resourceLimitMemory>
+              <envVars/>
+              <ports/>
+              <livenessProbe>
+                <execArgs></execArgs>
+                <timeoutSeconds>0</timeoutSeconds>
+                <initialDelaySeconds>0</initialDelaySeconds>
+                <failureThreshold>0</failureThreshold>
+                <periodSeconds>0</periodSeconds>
+                <successThreshold>0</successThreshold>
+              </livenessProbe>
+            </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
+          </containers>
+          <imagePullSecrets>
+            <org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
+              <name></name>
+            </org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
+          </imagePullSecrets>
+          <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Default"/>
+          <yamlMergeStrategy class="org.csanchez.jenkins.plugins.kubernetes.pod.yaml.Merge"/>
+          <showRawYaml>true</showRawYaml>
+        </org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
+      </templates>
+      <serverUrl>https://192.168.64.1</serverUrl>
+      <skipTlsVerify>true</skipTlsVerify>
+      <addMasterProxyEnvVars>false</addMasterProxyEnvVars>
+      <capOnlyOnAlivePods>false</capOnlyOnAlivePods>
+      <namespace>default</namespace>
+      <containerCap>10</containerCap>
+      <retentionTimeout>5</retentionTimeout>
+      <connectTimeout>0</connectTimeout>
+      <readTimeout>0</readTimeout>
+      <labels class="linked-hash-map">
+        <entry>
+          <string>jenkins</string>
+          <string>slave</string>
+        </entry>
+        <entry>
+          <string>biff</string>
+          <string>johnson</string>
+        </entry>
+      </labels>
+      <usageRestricted>false</usageRestricted>
+      <maxRequestsPerHost>32</maxRequestsPerHost>
+      <waitForPodSec>600</waitForPodSec>
+      <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Never"/>
+    </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
+  </clouds>
+  <quietPeriod>5</quietPeriod>
+  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
+  <views>
+    <hudson.model.AllView>
+      <owner class="hudson" reference="../../.."/>
+      <name>all</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View$PropertyList"/>
+    </hudson.model.AllView>
+  </views>
+  <primaryView>all</primaryView>
+  <slaveAgentPort>0</slaveAgentPort>
+  <label></label>
+  <nodeProperties/>
+  <globalNodeProperties/>
+</hudson>
