istio.io/istio@v0.0.0-20240520182934-d79c90f27776/cni/pkg/nodeagent/podcgroupns_test.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/cni/pkg/nodeagent/podcgroupns_test.go (about)

     1  // Copyright Istio Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package nodeagent
    16  
    17  import (
    18  	"testing"
    19  
    20  	corev1 "k8s.io/api/core/v1"
    21  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    22  	"k8s.io/apimachinery/pkg/types"
    23  
    24  	"istio.io/istio/pkg/test/util/assert"
    25  )
    26  
    27  func TestWithProcFs(t *testing.T) {
    28  	n := NewPodNetnsProcFinder(fakeFs())
    29  	pod := &corev1.Pod{ObjectMeta: metav1.ObjectMeta{
    30  		Name:      "foo",
    31  		Namespace: "bar",
    32  		UID:       types.UID("863b91d4-4b68-4efa-917f-4b560e3e86aa"),
    33  	}}
    34  	podUIDNetns, err := n.FindNetnsForPods(map[types.UID]*corev1.Pod{
    35  		pod.UID: pod,
    36  	})
    37  	if err != nil {
    38  		panic(err)
    39  	}
    40  	defer podUIDNetns.Close()
    41  
    42  	if len(podUIDNetns) == 0 {
    43  		t.Fatal("expected to find pod netns")
    44  	}
    45  
    46  	expectedUID := "863b91d4-4b68-4efa-917f-4b560e3e86aa"
    47  	if podUIDNetns[expectedUID] == (WorkloadInfo{}) {
    48  		t.Fatal("expected to find pod netns under pod uid")
    49  	}
    50  }
    51  
    52  // copied and modified from spire
    53  
    54  func TestGetContainerIDFromCGroups(t *testing.T) {
    55  	makeCGroups := func(groupPaths []string) []Cgroup {
    56  		var out []Cgroup
    57  		for _, groupPath := range groupPaths {
    58  			out = append(out, Cgroup{
    59  				GroupPath: groupPath,
    60  			})
    61  		}
    62  		return out
    63  	}
    64  
    65  	//nolint: lll
    66  	for _, tt := range []struct {
    67  		name              string
    68  		cgroupPaths       []string
    69  		expectPodUID      types.UID
    70  		expectContainerID string
    71  		expectMsg         string
    72  	}{
    73  		{
    74  			name:              "no cgroups",
    75  			cgroupPaths:       []string{},
    76  			expectPodUID:      "",
    77  			expectContainerID: "",
    78  		},
    79  		{
    80  			name: "no container ID in cgroups",
    81  			cgroupPaths: []string{
    82  				"/user.slice",
    83  			},
    84  			expectPodUID:      "",
    85  			expectContainerID: "",
    86  		},
    87  		{
    88  			name: "one container ID in cgroups",
    89  			cgroupPaths: []string{
    90  				"/user.slice",
    91  				"/kubepods/pod2c48913c-b29f-11e7-9350-020968147796/9bca8d63d5fa610783847915bcff0ecac1273e5b4bed3f6fa1b07350e0135961",
    92  			},
    93  			expectPodUID:      "2c48913c-b29f-11e7-9350-020968147796",
    94  			expectContainerID: "9bca8d63d5fa610783847915bcff0ecac1273e5b4bed3f6fa1b07350e0135961",
    95  		},
    96  		{
    97  			name: "pod UID canonicalized",
    98  			cgroupPaths: []string{
    99  				"/user.slice",
   100  				"/kubepods/pod2c48913c_b29f_11e7_9350_020968147796/9bca8d63d5fa610783847915bcff0ecac1273e5b4bed3f6fa1b07350e0135961",
   101  			},
   102  			expectPodUID:      "2c48913c-b29f-11e7-9350-020968147796",
   103  			expectContainerID: "9bca8d63d5fa610783847915bcff0ecac1273e5b4bed3f6fa1b07350e0135961",
   104  		},
   105  		{
   106  			name: "cri-o",
   107  			cgroupPaths: []string{
   108  				"0::/../crio-45490e76e0878aaa4d9808f7d2eefba37f093c3efbba9838b6d8ab804d9bd814.scope",
   109  			},
   110  			expectPodUID:      "",
   111  			expectContainerID: "45490e76e0878aaa4d9808f7d2eefba37f093c3efbba9838b6d8ab804d9bd814",
   112  		},
   113  		{
   114  			name: "more than one container ID in cgroups",
   115  			cgroupPaths: []string{
   116  				"/user.slice",
   117  				"/kubepods/pod2c48913c-b29f-11e7-9350-020968147796/9bca8d63d5fa610783847915bcff0ecac1273e5b4bed3f6fa1b07350e0135961",
   118  				"/kubepods/kubepods/besteffort/pod2c48913c-b29f-11e7-9350-020968147796/a55d9ac3b312d8a2627824b6d6dd8af66fbec439bf4e0ec22d6d9945ad337a38",
   119  			},
   120  			expectPodUID:      "",
   121  			expectContainerID: "",
   122  			expectMsg:         "multiple container IDs found in cgroups (9bca8d63d5fa610783847915bcff0ecac1273e5b4bed3f6fa1b07350e0135961, a55d9ac3b312d8a2627824b6d6dd8af66fbec439bf4e0ec22d6d9945ad337a38)",
   123  		},
   124  		{
   125  			name: "more than one pod UID in cgroups",
   126  			cgroupPaths: []string{
   127  				"/user.slice",
   128  				"/kubepods/pod11111111-b29f-11e7-9350-020968147796/9bca8d63d5fa610783847915bcff0ecac1273e5b4bed3f6fa1b07350e0135961",
   129  				"/kubepods/kubepods/besteffort/pod22222222-b29f-11e7-9350-020968147796/9bca8d63d5fa610783847915bcff0ecac1273e5b4bed3f6fa1b07350e0135961",
   130  			},
   131  			expectPodUID:      "",
   132  			expectContainerID: "",
   133  			expectMsg:         "multiple pod UIDs found in cgroups (11111111-b29f-11e7-9350-020968147796, 22222222-b29f-11e7-9350-020968147796)",
   134  		},
   135  	} {
   136  		tt := tt
   137  		t.Run(tt.name, func(t *testing.T) {
   138  			podUID, containerID, err := getPodUIDAndContainerIDFromCGroups(makeCGroups(tt.cgroupPaths))
   139  
   140  			if tt.expectMsg != "" {
   141  				assert.Equal(t, tt.expectMsg, err.Error())
   142  				return
   143  			}
   144  			assert.Equal(t, tt.expectPodUID, podUID)
   145  			assert.Equal(t, tt.expectContainerID, containerID)
   146  		})
   147  	}
   148  }