Extract common functions for nonroot

Create util func `CanBeNonRoot(vmi)`, `MarkAsNonroot(vmi)` and `GetIdOfLauncher(vmi)` Signed-off-by: L. Pivarc <[email protected]>
ale0x78ey · Mar 3, 2022 · ec457ff · ec457ff
1 parent b15b758
commit ec457ff
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 26 deletions.
diff --git a/pkg/util/util.go b/pkg/util/util.go
@@ -170,4 +170,19 @@ func AlignImageSizeTo1MiB(size int64, logger *log.FilteredLogger) int64 {
 		}
 		return newSize
 	}
+
+}
+func CanBeNonRoot(vmi *v1.VirtualMachineInstance) error {
+	// VirtioFS doesn't work with session mode
+	if IsVMIVirtiofsEnabled(vmi) {
+		return fmt.Errorf("VirtioFS doesn't work with session mode(used by nonroot)")
+	}
+	return nil
+}
+
+func MarkAsNonroot(vmi *v1.VirtualMachineInstance) {
+	if vmi.ObjectMeta.Annotations == nil {
+		vmi.ObjectMeta.Annotations = make(map[string]string)
+	}
+	vmi.ObjectMeta.Annotations[v1.NonRootVMIAnnotation] = ""
 }
diff --git a/pkg/virt-api/webhooks/mutating-webhook/mutators/vmi-mutator.go b/pkg/virt-api/webhooks/mutating-webhook/mutators/vmi-mutator.go
@@ -139,18 +139,15 @@ func (mutator *VMIsMutator) Mutate(ar *admissionv1.AdmissionReview) *admissionv1
 		})
 
 		if mutator.ClusterConfig.NonRootEnabled() {
-			if err := canBeNonRoot(newVMI); err != nil {
+			if err := util.CanBeNonRoot(newVMI); err != nil {
 				return &admissionv1.AdmissionResponse{
 					Result: &metav1.Status{
 						Message: err.Error(),
 						Code:    http.StatusUnprocessableEntity,
 					},
 				}
 			} else {
-				if newVMI.ObjectMeta.Annotations == nil {
-					newVMI.ObjectMeta.Annotations = make(map[string]string)
-				}
-				newVMI.ObjectMeta.Annotations[v1.NonRootVMIAnnotation] = ""
+				util.MarkAsNonroot(newVMI)
 			}
 		}
 
@@ -358,14 +355,6 @@ func (mutator *VMIsMutator) setDefaultResourceRequests(vmi *v1.VirtualMachineIns
 
 }
 
-func canBeNonRoot(vmi *v1.VirtualMachineInstance) error {
-	// VirtioFS doesn't work with session mode
-	if util.IsVMIVirtiofsEnabled(vmi) {
-		return fmt.Errorf("VirtioFS doesn't work with session mode(used by nonroot)")
-	}
-	return nil
-}
-
 func addNodeSelector(vmi *v1.VirtualMachineInstance, label string) {
 	if vmi.Spec.NodeSelector == nil {
 		vmi.Spec.NodeSelector = map[string]string{}

diff --git a/tests/nonroot_test.go b/tests/nonroot_test.go
@@ -2,7 +2,6 @@ package tests_test
 
 import (
 	"fmt"
-	"strings"
 
 	. "github.com/onsi/ginkgo"
 	"github.com/onsi/ginkgo/extensions/table"
@@ -60,19 +59,8 @@ var _ = Describe("[sig-compute]NonRoot feature", func() {
 
 			tests.WaitForSuccessfulVMIStart(vmi)
 
-			vmiPod := tests.GetRunningPodByVirtualMachineInstance(vmi, util.NamespaceTestDefault)
-			podOutput, err := tests.ExecuteCommandOnPod(
-				virtClient,
-				vmiPod,
-				vmiPod.Spec.Containers[0].Name,
-				[]string{"id"},
-			)
-
-			groups := strings.Split(podOutput, "=")
-			uid := strings.Split(groups[1], "(")[0]
-
 			Expect(err).NotTo(HaveOccurred())
-			Expect(uid).To(Equal("107"))
+			Expect(tests.GetIdOfLauncher(vmi)).To(Equal("107"))
 		})
 	})
 })
diff --git a/tests/utils.go b/tests/utils.go
@@ -5321,3 +5321,19 @@ func GetPodsCgroupVersion(pod *k8sv1.Pod, virtClient kubecli.KubevirtClient) cgr
 		return cgroup.V1
 	}
 }
+
+func GetIdOfLauncher(vmi *v1.VirtualMachineInstance) string {
+	virtClient, err := kubecli.GetKubevirtClient()
+	util2.PanicOnError(err)
+
+	vmiPod := GetRunningPodByVirtualMachineInstance(vmi, util2.NamespaceTestDefault)
+	podOutput, err := ExecuteCommandOnPod(
+		virtClient,
+		vmiPod,
+		vmiPod.Spec.Containers[0].Name,
+		[]string{"id", "-u"},
+	)
+	Expect(err).NotTo(HaveOccurred())
+
+	return strings.TrimSpace(podOutput)
+}