crowci/crow
1
0
Fork 0
mirror of https://codeberg.org/crowci/crow.git synced 2025-08-06 09:22:46 +03:00
Code Activity

Add user as docker backend_option (#4526)

Browse Source
This commit is contained in:
Robert Kaussow
2024-12-08 12:02:35 +01:00
committed by GitHub
parent d35d950c44
commit 786a8fb003
9 changed files with 226 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
pipeline/backend/kubernetes/backend_options_test.go
View File

@@ -9,97 +9,122 @@ import (
)
func Test_parseBackendOptions(t *testing.T) {
got, err := parseBackendOptions(&backend.Step{BackendOptions: nil})
assert.NoError(t, err)
assert.Equal(t, BackendOptions{}, got)
got, err = parseBackendOptions(&backend.Step{BackendOptions: map[string]any{}})
assert.NoError(t, err)
assert.Equal(t, BackendOptions{}, got)
got, err = parseBackendOptions(&backend.Step{
BackendOptions: map[string]any{
"kubernetes": map[string]any{
"nodeSelector": map[string]string{"storage": "ssd"},
"serviceAccountName": "wp-svc-acc",
"labels": map[string]string{"app": "test"},
"annotations": map[string]string{"apps.kubernetes.io/pod-index": "0"},
"tolerations": []map[string]any{
{"key": "net-port", "value": "100Mbit", "effect": TaintEffectNoSchedule},
},
"resources": map[string]any{
"requests": map[string]string{"memory": "128Mi", "cpu": "1000m"},
"limits": map[string]string{"memory": "256Mi", "cpu": "2"},
},
"securityContext": map[string]any{
"privileged": newBool(true),
"runAsNonRoot": newBool(true),
"runAsUser": newInt64(101),
"runAsGroup": newInt64(101),
"fsGroup": newInt64(101),
"seccompProfile": map[string]any{
"type": "Localhost",
"localhostProfile": "profiles/audit.json",
},
"apparmorProfile": map[string]any{
"type": "Localhost",
"localhostProfile": "k8s-apparmor-example-deny-write",
},
},
"secrets": []map[string]any{
{
"name": "aws",
"key": "access-key",
"target": map[string]any{
"env": "AWS_SECRET_ACCESS_KEY",
tests := []struct {
name string
step *backend.Step
want BackendOptions
wantErr bool
}{
{
name: "nil options",
step: &backend.Step{BackendOptions: nil},
want: BackendOptions{},
},
{
name: "empty options",
step: &backend.Step{BackendOptions: map[string]any{}},
want: BackendOptions{},
},
{
name: "full k8s options",
step: &backend.Step{
BackendOptions: map[string]any{
"kubernetes": map[string]any{
"nodeSelector": map[string]string{"storage": "ssd"},
"serviceAccountName": "wp-svc-acc",
"labels": map[string]string{"app": "test"},
"annotations": map[string]string{"apps.kubernetes.io/pod-index": "0"},
"tolerations": []map[string]any{
{"key": "net-port", "value": "100Mbit", "effect": TaintEffectNoSchedule},
},
},
{
"name": "reg-cred",
"key": ".dockerconfigjson",
"target": map[string]any{
"file": "~/.docker/config.json",
"resources": map[string]any{
"requests": map[string]string{"memory": "128Mi", "cpu": "1000m"},
"limits": map[string]string{"memory": "256Mi", "cpu": "2"},
},
"securityContext": map[string]any{
"privileged": newBool(true),
"runAsNonRoot": newBool(true),
"runAsUser": newInt64(101),
"runAsGroup": newInt64(101),
"fsGroup": newInt64(101),
"seccompProfile": map[string]any{
"type": "Localhost",
"localhostProfile": "profiles/audit.json",
},
"apparmorProfile": map[string]any{
"type": "Localhost",
"localhostProfile": "k8s-apparmor-example-deny-write",
},
},
"secrets": []map[string]any{
{
"name": "aws",
"key": "access-key",
"target": map[string]any{
"env": "AWS_SECRET_ACCESS_KEY",
},
},
{
"name": "reg-cred",
"key": ".dockerconfigjson",
"target": map[string]any{
"file": "~/.docker/config.json",
},
},
},
},
},
},
},
})
assert.NoError(t, err)
assert.Equal(t, BackendOptions{
NodeSelector: map[string]string{"storage": "ssd"},
ServiceAccountName: "wp-svc-acc",
Labels: map[string]string{"app": "test"},
Annotations: map[string]string{"apps.kubernetes.io/pod-index": "0"},
Tolerations: []Toleration{{Key: "net-port", Value: "100Mbit", Effect: TaintEffectNoSchedule}},
Resources: Resources{
Requests: map[string]string{"memory": "128Mi", "cpu": "1000m"},
Limits: map[string]string{"memory": "256Mi", "cpu": "2"},
},
SecurityContext: &SecurityContext{
Privileged: newBool(true),
RunAsNonRoot: newBool(true),
RunAsUser: newInt64(101),
RunAsGroup: newInt64(101),
FSGroup: newInt64(101),
SeccompProfile: &SecProfile{
Type: "Localhost",
LocalhostProfile: "profiles/audit.json",
},
ApparmorProfile: &SecProfile{
Type: "Localhost",
LocalhostProfile: "k8s-apparmor-example-deny-write",
want: BackendOptions{
NodeSelector: map[string]string{"storage": "ssd"},
ServiceAccountName: "wp-svc-acc",
Labels: map[string]string{"app": "test"},
Annotations: map[string]string{"apps.kubernetes.io/pod-index": "0"},
Tolerations: []Toleration{{Key: "net-port", Value: "100Mbit", Effect: TaintEffectNoSchedule}},
Resources: Resources{
Requests: map[string]string{"memory": "128Mi", "cpu": "1000m"},
Limits: map[string]string{"memory": "256Mi", "cpu": "2"},
},
SecurityContext: &SecurityContext{
Privileged: newBool(true),
RunAsNonRoot: newBool(true),
RunAsUser: newInt64(101),
RunAsGroup: newInt64(101),
FSGroup: newInt64(101),
SeccompProfile: &SecProfile{
Type: "Localhost",
LocalhostProfile: "profiles/audit.json",
},
ApparmorProfile: &SecProfile{
Type: "Localhost",
LocalhostProfile: "k8s-apparmor-example-deny-write",
},
},
Secrets: []SecretRef{
{
Name: "aws",
Key: "access-key",
Target: SecretTarget{Env: "AWS_SECRET_ACCESS_KEY"},
},
{
Name: "reg-cred",
Key: ".dockerconfigjson",
Target: SecretTarget{File: "~/.docker/config.json"},
},
},
},
},
Secrets: []SecretRef{
{
Name: "aws",
Key: "access-key",
Target: SecretTarget{Env: "AWS_SECRET_ACCESS_KEY"},
},
{
Name: "reg-cred",
Key: ".dockerconfigjson",
Target: SecretTarget{File: "~/.docker/config.json"},
},
},
}, got)
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := parseBackendOptions(tt.step)
if tt.wantErr {
assert.Error(t, err)
return
}
assert.NoError(t, err)
assert.Equal(t, tt.want, got)
})
}
}