Skip to content

Commit 1166c60

Browse files
everpeaceeverpeace
committed
filled out "Test Plan"
1 parent 922b5f6 commit 1166c60

File tree

1 file changed

+12
-4
lines changed
  • keps/sig-node/3619-supplemental-groups-policy

1 file changed

+12
-4
lines changed

keps/sig-node/3619-supplemental-groups-policy/README.md

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -575,7 +575,7 @@ when drafting this test plan.
575575
[testing-guidelines]: https://git.k8s.io/community/contributors/devel/sig-testing/testing.md
576576
-->
577577

578-
[ ] I/we understand the owners of the involved components may require updates to
578+
[x] I/we understand the owners of the involved components may require updates to
579579
existing tests to make this code solid enough prior to committing the changes necessary
580580
to implement this enhancement.
581581

@@ -607,7 +607,8 @@ This can inform certain test coverage improvements that we want to do before
607607
extending the production code to implement this enhancement.
608608
-->
609609

610-
- `<package>`: `<date>` - `<test coverage>`
610+
- `k8s.io/kubernetes/pkg/apis/core/validation`: `<date>(t.b.d.)` - `<test coverage>(t.b.d.)`
611+
- validation tests for `PodSecurityContext.SupplementalGroups`, `ContainerStatus.User`
611612

612613
##### Integration tests
613614

@@ -619,7 +620,12 @@ For Beta and GA, add links to added tests together with links to k8s-triage for
619620
https://storage.googleapis.com/k8s-triage/index.html
620621
-->
621622

622-
- <test>: <link to test coverage>
623+
- Kubernetes API
624+
- When `SupplementalGroupsPolicy=Strict`, groups of the container process must be ones specified by API: <link to test coverage(t.b.d.)>
625+
- When `SupplementalGroupsPolicy=Merge`, groups of the container process contains both groups specified by API and groups of the primary user from the image: <link to test coverage(t.b.d.)>
626+
- For running pods, `ContainerStatus.User` contains the correct identities of the containers: <link to test coverage(t.b.d.)>
627+
- CRI
628+
- I will also add symmetrical integration tests to https://github.com/kubernetes-sigs/cri-tools
623629

624630
##### e2e tests
625631

@@ -633,7 +639,9 @@ https://storage.googleapis.com/k8s-triage/index.html
633639
We expect no non-infra related flakes in the last month as a GA graduation criteria.
634640
-->
635641

636-
- <test>: <link to test coverage>
642+
- When creating a Pod with `SupplementalGroupsPolicy=Strict`, the pods will run with only groups specified by API: <link to test coverage(t.b.d.)>
643+
- When creating a Pod with `SupplementalGroupsPolicy=Merge`, the pods will run with groups specified by API and groups from the image: <link to test coverage(t.b.d.)>
644+
- When creating a Pod and it starts, each `ContainerStatus.User` contain the correct identities of the containers: <link to test coverage(t.b.d.)>
637645

638646
### Graduation Criteria
639647

0 commit comments

Comments
 (0)