From e909e0cf738dec130139acaebf32b77947a86667 Mon Sep 17 00:00:00 2001 From: PatrickLaabs Date: Tue, 8 Jul 2025 09:48:56 +0200 Subject: [PATCH] chore: replacement of toPtr helper functions with ptr packge --- pkg/apis/core/validation/validation_test.go | 50 ++++++++++----------- test/e2e/windows/security_context.go | 20 ++++----- 2 files changed, 31 insertions(+), 39 deletions(-) diff --git a/pkg/apis/core/validation/validation_test.go b/pkg/apis/core/validation/validation_test.go index efe4bab43cb..f3ed3bca31d 100644 --- a/pkg/apis/core/validation/validation_test.go +++ b/pkg/apis/core/validation/validation_test.go @@ -22848,10 +22848,6 @@ func TestValidateOrSetClientIPAffinityConfig(t *testing.T) { } func TestValidateWindowsSecurityContextOptions(t *testing.T) { - toPtr := func(s string) *string { - return &s - } - testCases := []struct { testName string @@ -22865,26 +22861,26 @@ func TestValidateWindowsSecurityContextOptions(t *testing.T) { }, { testName: "a valid input", windowsOptions: &core.WindowsSecurityContextOptions{ - GMSACredentialSpecName: toPtr("dummy-gmsa-crep-spec-name"), - GMSACredentialSpec: toPtr("dummy-gmsa-crep-spec-contents"), + GMSACredentialSpecName: ptr.To("dummy-gmsa-crep-spec-name"), + GMSACredentialSpec: ptr.To("dummy-gmsa-crep-spec-contents"), }, }, { testName: "a GMSA cred spec name that is not a valid resource name", windowsOptions: &core.WindowsSecurityContextOptions{ // invalid because of the underscore - GMSACredentialSpecName: toPtr("not_a-valid-gmsa-crep-spec-name"), + GMSACredentialSpecName: ptr.To("not_a-valid-gmsa-crep-spec-name"), }, expectedErrorSubstring: dnsSubdomainLabelErrMsg, }, { testName: "empty GMSA cred spec contents", windowsOptions: &core.WindowsSecurityContextOptions{ - GMSACredentialSpec: toPtr(""), + GMSACredentialSpec: ptr.To(""), }, expectedErrorSubstring: "gmsaCredentialSpec cannot be an empty string", }, { testName: "GMSA cred spec contents that are too long", windowsOptions: &core.WindowsSecurityContextOptions{ - GMSACredentialSpec: toPtr(strings.Repeat("a", maxGMSACredentialSpecLength+1)), + GMSACredentialSpec: ptr.To(strings.Repeat("a", maxGMSACredentialSpecLength+1)), }, expectedErrorSubstring: "gmsaCredentialSpec size must be under", }, { @@ -22895,105 +22891,105 @@ func TestValidateWindowsSecurityContextOptions(t *testing.T) { }, { testName: "a valid RunAsUserName", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr("Container. User"), + RunAsUserName: ptr.To("Container. User"), }, }, { testName: "a valid RunAsUserName with NetBios Domain", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr("Network Service\\Container. User"), + RunAsUserName: ptr.To("Network Service\\Container. User"), }, }, { testName: "a valid RunAsUserName with DNS Domain", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr(strings.Repeat("fOo", 20) + ".liSH\\Container. User"), + RunAsUserName: ptr.To(strings.Repeat("fOo", 20) + ".liSH\\Container. User"), }, }, { testName: "a valid RunAsUserName with DNS Domain with a single character segment", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr(strings.Repeat("fOo", 20) + ".l\\Container. User"), + RunAsUserName: ptr.To(strings.Repeat("fOo", 20) + ".l\\Container. User"), }, }, { testName: "a valid RunAsUserName with a long single segment DNS Domain", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr(strings.Repeat("a", 42) + "\\Container. User"), + RunAsUserName: ptr.To(strings.Repeat("a", 42) + "\\Container. User"), }, }, { testName: "an empty RunAsUserName", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr(""), + RunAsUserName: ptr.To(""), }, expectedErrorSubstring: "runAsUserName cannot be an empty string", }, { testName: "RunAsUserName containing a control character", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr("Container\tUser"), + RunAsUserName: ptr.To("Container\tUser"), }, expectedErrorSubstring: "runAsUserName cannot contain control characters", }, { testName: "RunAsUserName containing too many backslashes", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr("Container\\Foo\\Lish"), + RunAsUserName: ptr.To("Container\\Foo\\Lish"), }, expectedErrorSubstring: "runAsUserName cannot contain more than one backslash", }, { testName: "RunAsUserName containing backslash but empty Domain", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr("\\User"), + RunAsUserName: ptr.To("\\User"), }, expectedErrorSubstring: "runAsUserName's Domain doesn't match the NetBios nor the DNS format", }, { testName: "RunAsUserName containing backslash but empty User", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr("Container\\"), + RunAsUserName: ptr.To("Container\\"), }, expectedErrorSubstring: "runAsUserName's User cannot be empty", }, { testName: "RunAsUserName's NetBios Domain is too long", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr("NetBios " + strings.Repeat("a", 8) + "\\user"), + RunAsUserName: ptr.To("NetBios " + strings.Repeat("a", 8) + "\\user"), }, expectedErrorSubstring: "runAsUserName's Domain doesn't match the NetBios", }, { testName: "RunAsUserName's DNS Domain is too long", windowsOptions: &core.WindowsSecurityContextOptions{ // even if this tests the max Domain length, the Domain should still be "valid". - RunAsUserName: toPtr(strings.Repeat(strings.Repeat("a", 63)+".", 4)[:253] + ".com\\user"), + RunAsUserName: ptr.To(strings.Repeat(strings.Repeat("a", 63)+".", 4)[:253] + ".com\\user"), }, expectedErrorSubstring: "runAsUserName's Domain length must be under", }, { testName: "RunAsUserName's User is too long", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr(strings.Repeat("a", maxRunAsUserNameUserLength+1)), + RunAsUserName: ptr.To(strings.Repeat("a", maxRunAsUserNameUserLength+1)), }, expectedErrorSubstring: "runAsUserName's User length must not be longer than", }, { testName: "RunAsUserName's User cannot contain only spaces or periods", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr("... ..."), + RunAsUserName: ptr.To("... ..."), }, expectedErrorSubstring: "runAsUserName's User cannot contain only periods or spaces", }, { testName: "RunAsUserName's NetBios Domain cannot start with a dot", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr(".FooLish\\User"), + RunAsUserName: ptr.To(".FooLish\\User"), }, expectedErrorSubstring: "runAsUserName's Domain doesn't match the NetBios", }, { testName: "RunAsUserName's NetBios Domain cannot contain invalid characters", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr("Foo? Lish?\\User"), + RunAsUserName: ptr.To("Foo? Lish?\\User"), }, expectedErrorSubstring: "runAsUserName's Domain doesn't match the NetBios", }, { testName: "RunAsUserName's DNS Domain cannot contain invalid characters", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr(strings.Repeat("a", 32) + ".com-\\user"), + RunAsUserName: ptr.To(strings.Repeat("a", 32) + ".com-\\user"), }, expectedErrorSubstring: "runAsUserName's Domain doesn't match the NetBios nor the DNS format", }, { testName: "RunAsUserName's User cannot contain invalid characters", windowsOptions: &core.WindowsSecurityContextOptions{ - RunAsUserName: toPtr("Container/User"), + RunAsUserName: ptr.To("Container/User"), }, expectedErrorSubstring: "runAsUserName's User cannot contain the following characters", }, diff --git a/test/e2e/windows/security_context.go b/test/e2e/windows/security_context.go index 1b7b4883522..92e638117c9 100644 --- a/test/e2e/windows/security_context.go +++ b/test/e2e/windows/security_context.go @@ -54,13 +54,13 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func() podDefault := runAsUserNamePod(nil) e2eoutput.TestContainerOutput(ctx, f, "check default user", podDefault, 0, []string{"ContainerUser"}) - podUserName := runAsUserNamePod(toPtr("ContainerAdministrator")) + podUserName := runAsUserNamePod(ptr.To("ContainerAdministrator")) e2eoutput.TestContainerOutput(ctx, f, "check set user", podUserName, 0, []string{"ContainerAdministrator"}) }) ginkgo.It("should not be able to create pods with unknown usernames at Pod level", func(ctx context.Context) { ginkgo.By("Creating a pod with an invalid username") - podInvalid := e2epod.NewPodClient(f).Create(ctx, runAsUserNamePod(toPtr("FooLish"))) + podInvalid := e2epod.NewPodClient(f).Create(ctx, runAsUserNamePod(ptr.To("FooLish"))) failedSandboxEventSelector := fields.Set{ "involvedObject.kind": "Pod", @@ -107,8 +107,8 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func() ginkgo.It("should not be able to create pods with unknown usernames at Container level", func(ctx context.Context) { ginkgo.By("Creating a pod with an invalid username at container level and pod running as ContainerUser") - p := runAsUserNamePod(toPtr("FooLish")) - p.Spec.SecurityContext.WindowsOptions.RunAsUserName = toPtr("ContainerUser") + p := runAsUserNamePod(ptr.To("FooLish")) + p.Spec.SecurityContext.WindowsOptions.RunAsUserName = ptr.To("ContainerUser") podInvalid := e2epod.NewPodClient(f).Create(ctx, p) framework.Logf("Waiting for pod %s to enter the error state.", podInvalid.Name) @@ -124,8 +124,8 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func() ginkgo.It("should override SecurityContext username if set", func(ctx context.Context) { ginkgo.By("Creating a pod with 2 containers with different username configurations.") - pod := runAsUserNamePod(toPtr("ContainerAdministrator")) - pod.Spec.Containers[0].SecurityContext.WindowsOptions.RunAsUserName = toPtr("ContainerUser") + pod := runAsUserNamePod(ptr.To("ContainerAdministrator")) + pod.Spec.Containers[0].SecurityContext.WindowsOptions.RunAsUserName = ptr.To("ContainerUser") pod.Spec.Containers = append(pod.Spec.Containers, v1.Container{ Name: "run-as-username-new-container", Image: imageutils.GetE2EImage(imageutils.NonRoot), @@ -163,7 +163,7 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func() ginkgo.It("should not be able to create pods with containers running as ContainerAdministrator when runAsNonRoot is true", func(ctx context.Context) { ginkgo.By("Creating a pod") - p := runAsUserNamePod(toPtr("ContainerAdministrator")) + p := runAsUserNamePod(ptr.To("ContainerAdministrator")) p.Spec.SecurityContext.RunAsNonRoot = &trueVar podInvalid, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(ctx, p, metav1.CreateOptions{}) @@ -181,7 +181,7 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func() ginkgo.It("should not be able to create pods with containers running as CONTAINERADMINISTRATOR when runAsNonRoot is true", func(ctx context.Context) { ginkgo.By("Creating a pod") - p := runAsUserNamePod(toPtr("CONTAINERADMINISTRATOR")) + p := runAsUserNamePod(ptr.To("CONTAINERADMINISTRATOR")) p.Spec.SecurityContext.RunAsNonRoot = &trueVar podInvalid, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(ctx, p, metav1.CreateOptions{}) @@ -288,10 +288,6 @@ func runAsUserNamePod(username *string) *v1.Pod { } } -func toPtr(s string) *string { - return &s -} - func eventOccurred(ctx context.Context, c clientset.Interface, namespace, eventSelector, msg string) (bool, error) { options := metav1.ListOptions{FieldSelector: eventSelector}