@@ -3237,3 +3237,156 @@ func TestMarkPodProposedForResize(t *testing.T) {
3237
3237
})
3238
3238
}
3239
3239
}
3240
+
3241
+ func TestDropClusterTrustBundleProjectedVolumes (t * testing.T ) {
3242
+ testCases := []struct {
3243
+ description string
3244
+ clusterTrustBundleProjectionEnabled bool
3245
+ oldPod * api.PodSpec
3246
+ newPod * api.PodSpec
3247
+ wantPod * api.PodSpec
3248
+ }{
3249
+ {
3250
+ description : "feature gate disabled, cannot add CTB volume to pod" ,
3251
+ oldPod : & api.PodSpec {
3252
+ Volumes : []api.Volume {},
3253
+ },
3254
+ newPod : & api.PodSpec {
3255
+ Volumes : []api.Volume {
3256
+ {
3257
+ Name : "foo" ,
3258
+ VolumeSource : api.VolumeSource {
3259
+ Projected : & api.ProjectedVolumeSource {
3260
+ Sources : []api.VolumeProjection {
3261
+ {
3262
+ ClusterTrustBundle : & api.ClusterTrustBundleProjection {
3263
+ Name : pointer .String ("foo" ),
3264
+ },
3265
+ },
3266
+ },
3267
+ }},
3268
+ },
3269
+ },
3270
+ },
3271
+ wantPod : & api.PodSpec {
3272
+ Volumes : []api.Volume {
3273
+ {
3274
+ Name : "foo" ,
3275
+ VolumeSource : api.VolumeSource {
3276
+ Projected : & api.ProjectedVolumeSource {
3277
+ Sources : []api.VolumeProjection {
3278
+ {},
3279
+ },
3280
+ }},
3281
+ },
3282
+ },
3283
+ },
3284
+ },
3285
+ {
3286
+ description : "feature gate disabled, can keep CTB volume on pod" ,
3287
+ oldPod : & api.PodSpec {
3288
+ Volumes : []api.Volume {
3289
+ {
3290
+ Name : "foo" ,
3291
+ VolumeSource : api.VolumeSource {
3292
+ Projected : & api.ProjectedVolumeSource {
3293
+ Sources : []api.VolumeProjection {
3294
+ {
3295
+ ClusterTrustBundle : & api.ClusterTrustBundleProjection {
3296
+ Name : pointer .String ("foo" ),
3297
+ },
3298
+ },
3299
+ },
3300
+ }},
3301
+ },
3302
+ },
3303
+ },
3304
+ newPod : & api.PodSpec {
3305
+ Volumes : []api.Volume {
3306
+ {
3307
+ Name : "foo" ,
3308
+ VolumeSource : api.VolumeSource {
3309
+ Projected : & api.ProjectedVolumeSource {
3310
+ Sources : []api.VolumeProjection {
3311
+ {
3312
+ ClusterTrustBundle : & api.ClusterTrustBundleProjection {
3313
+ Name : pointer .String ("foo" ),
3314
+ },
3315
+ },
3316
+ },
3317
+ }},
3318
+ },
3319
+ },
3320
+ },
3321
+ wantPod : & api.PodSpec {
3322
+ Volumes : []api.Volume {
3323
+ {
3324
+ Name : "foo" ,
3325
+ VolumeSource : api.VolumeSource {
3326
+ Projected : & api.ProjectedVolumeSource {
3327
+ Sources : []api.VolumeProjection {
3328
+ {
3329
+ ClusterTrustBundle : & api.ClusterTrustBundleProjection {
3330
+ Name : pointer .String ("foo" ),
3331
+ },
3332
+ },
3333
+ },
3334
+ }},
3335
+ },
3336
+ },
3337
+ },
3338
+ },
3339
+ {
3340
+ description : "feature gate enabled, can add CTB volume to pod" ,
3341
+ clusterTrustBundleProjectionEnabled : true ,
3342
+ oldPod : & api.PodSpec {
3343
+ Volumes : []api.Volume {},
3344
+ },
3345
+ newPod : & api.PodSpec {
3346
+ Volumes : []api.Volume {
3347
+ {
3348
+ Name : "foo" ,
3349
+ VolumeSource : api.VolumeSource {
3350
+ Projected : & api.ProjectedVolumeSource {
3351
+ Sources : []api.VolumeProjection {
3352
+ {
3353
+ ClusterTrustBundle : & api.ClusterTrustBundleProjection {
3354
+ Name : pointer .String ("foo" ),
3355
+ },
3356
+ },
3357
+ },
3358
+ }},
3359
+ },
3360
+ },
3361
+ },
3362
+ wantPod : & api.PodSpec {
3363
+ Volumes : []api.Volume {
3364
+ {
3365
+ Name : "foo" ,
3366
+ VolumeSource : api.VolumeSource {
3367
+ Projected : & api.ProjectedVolumeSource {
3368
+ Sources : []api.VolumeProjection {
3369
+ {
3370
+ ClusterTrustBundle : & api.ClusterTrustBundleProjection {
3371
+ Name : pointer .String ("foo" ),
3372
+ },
3373
+ },
3374
+ },
3375
+ }},
3376
+ },
3377
+ },
3378
+ },
3379
+ },
3380
+ }
3381
+
3382
+ for _ , tc := range testCases {
3383
+ t .Run (tc .description , func (t * testing.T ) {
3384
+ defer featuregatetesting .SetFeatureGateDuringTest (t , utilfeature .DefaultFeatureGate , features .ClusterTrustBundleProjection , tc .clusterTrustBundleProjectionEnabled )()
3385
+
3386
+ dropDisabledClusterTrustBundleProjection (tc .newPod , tc .oldPod )
3387
+ if diff := cmp .Diff (tc .newPod , tc .wantPod ); diff != "" {
3388
+ t .Fatalf ("Unexpected modification to new pod; diff (-got +want)\n %s" , diff )
3389
+ }
3390
+ })
3391
+ }
3392
+ }
0 commit comments