kubevirt / hyperconverged-cluster-operator / 16339590247

coverage: 75.103% (-0.02%) from 75.124%
16339590247

Pull #3601

github

web-flow 
Merge bcff6906b into cb8d4dd66
Pull Request #3601: network,passt: Deploy Passt required objects

391 of 521 new or added lines in 10 files covered. (75.05%)

97 existing lines in 2 files now uncovered.

6908 of 9198 relevant lines covered (75.1%)

1.77 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

88.14
/controllers/operands/securityContextConstraintsHandler.go
1 
package operands
2 









3



import (










4



        "errors"










5



        "reflect"










6












7



        "k8s.io/apimachinery/pkg/runtime"










8



        "sigs.k8s.io/controller-runtime/pkg/client"










9












10



        securityv1 "github.com/openshift/api/security/v1"










11












12



        hcov1beta1 "github.com/kubevirt/hyperconverged-cluster-operator/api/v1beta1"










13



        "github.com/kubevirt/hyperconverged-cluster-operator/controllers/common"










14



        "github.com/kubevirt/hyperconverged-cluster-operator/pkg/util"










15



)










16












17



type newSecurityContextConstraintsFunc func(hc *hcov1beta1.HyperConverged) *securityv1.SecurityContextConstraints










18













19



func NewSecurityContextConstraintsHandler(Client client.Client, Scheme *runtime.Scheme, newCrFunc newSecurityContextConstraintsFunc) *GenericOperand {




3






20



        return NewGenericOperand(Client, Scheme, "SecurityContextConstraints", &securityContextConstraintsHooks{newCrFunc: newCrFunc}, false)




3






21



}




3





22












23



type securityContextConstraintsHooks struct {










24



        newCrFunc newSecurityContextConstraintsFunc










25



}










26













27



func (h securityContextConstraintsHooks) GetFullCr(hc *hcov1beta1.HyperConverged) (client.Object, error) {




1






28



        return h.newCrFunc(hc), nil




1






29



}




1





30













31



func (securityContextConstraintsHooks) GetEmptyCr() client.Object {




1






32



        return &securityv1.SecurityContextConstraints{}




1






33



}




1





34













35



func (securityContextConstraintsHooks) JustBeforeComplete(_ *common.HcoRequest) { /* no implementation */




1






36



}




1





37













38



func (securityContextConstraintsHooks) UpdateCR(req *common.HcoRequest, Client client.Client, exists runtime.Object, required runtime.Object) (bool, bool, error) {




1






39



        return updateSecurityContextConstraints(req, Client, exists, required)




1






40



}




1





41













42



func updateSecurityContextConstraints(req *common.HcoRequest, Client client.Client, exists runtime.Object, required runtime.Object) (bool, bool, error) {




1






43



        securityContextConstraints, ok1 := required.(*securityv1.SecurityContextConstraints)




1






44



        found, ok2 := exists.(*securityv1.SecurityContextConstraints)




1






45



        if !ok1 || !ok2 {




1






NEW


46



                return false, false, errors.New("can't convert to SecurityContextConstraints")




×








NEW


47



        }




×








48



        if !hasSecurityContextConstraintsRightFields(found, securityContextConstraints) {




2






49



                if req.HCOTriggered {




2






50



                        req.Logger.Info("Updating existing SecurityContextConstraints Spec to new opinionated values")




1






51



                } else {




1






NEW


52



                        req.Logger.Info("Reconciling an externally updated SecurityContextConstraints's Spec to its opinionated values")




×








NEW


53



                }




×








54



                util.MergeLabels(&securityContextConstraints.ObjectMeta, &found.ObjectMeta)




1






55



                // Copy only the security fields, not the entire object (to preserve ResourceVersion)




1






56



                found.AllowPrivilegedContainer = securityContextConstraints.AllowPrivilegedContainer




1






57



                found.AllowHostDirVolumePlugin = securityContextConstraints.AllowHostDirVolumePlugin




1






58



                found.AllowHostIPC = securityContextConstraints.AllowHostIPC




1






59



                found.AllowHostNetwork = securityContextConstraints.AllowHostNetwork




1






60



                found.AllowHostPID = securityContextConstraints.AllowHostPID




1






61



                found.AllowHostPorts = securityContextConstraints.AllowHostPorts




1






62



                found.ReadOnlyRootFilesystem = securityContextConstraints.ReadOnlyRootFilesystem




1






63



                found.RunAsUser = securityContextConstraints.RunAsUser




1






64



                found.SELinuxContext = securityContextConstraints.SELinuxContext




1






65



                found.Users = securityContextConstraints.Users




1






66



                found.Volumes = securityContextConstraints.Volumes




1






67



                err := Client.Update(req.Ctx, found)




1






68



                if err != nil {




1






NEW


69



                        return false, false, err




×








NEW


70



                }




×








71



                return true, !req.HCOTriggered, nil




1





72



        }











NEW


73



        return false, false, nil




×







74



}










75













76



func hasSecurityContextConstraintsRightFields(found *securityv1.SecurityContextConstraints, required *securityv1.SecurityContextConstraints) bool {




1






77



        return util.CompareLabels(required, found) &&




1






78



                reflect.DeepEqual(found.AllowPrivilegedContainer, required.AllowPrivilegedContainer) &&




1






79



                reflect.DeepEqual(found.AllowHostDirVolumePlugin, required.AllowHostDirVolumePlugin) &&




1






80



                reflect.DeepEqual(found.AllowHostIPC, required.AllowHostIPC) &&




1






81



                reflect.DeepEqual(found.AllowHostNetwork, required.AllowHostNetwork) &&




1






82



                reflect.DeepEqual(found.AllowHostPID, required.AllowHostPID) &&




1






83



                reflect.DeepEqual(found.AllowHostPorts, required.AllowHostPorts) &&




1






84



                reflect.DeepEqual(found.ReadOnlyRootFilesystem, required.ReadOnlyRootFilesystem) &&




1






85



                reflect.DeepEqual(found.RunAsUser, required.RunAsUser) &&




1






86



                reflect.DeepEqual(found.SELinuxContext, required.SELinuxContext) &&




1






87



                reflect.DeepEqual(found.Users, required.Users) &&




1






88



                reflect.DeepEqual(found.Volumes, required.Volumes)




1






89



}




1



















    

  • 

    •