Merge pull request #15923 from adelton/issue-14530-sort-test

Automatic merge from submit-queue (batch tested with PRs 15923, 16172)

Check the order of bootstrapped SCCs.

Related to #14530 and #14825.

Cc @simo5 @openshift/sig-security

Author: openshift-merge-robot

pkg/cmd/server/bootstrappolicy/securitycontextconstraints_test.go

@@ -2,35 +2,43 @@ package bootstrappolicy
 
 import (
 	"reflect"
+	"sort"
 	"testing"
 
 	"k8s.io/apiserver/pkg/authentication/serviceaccount"
 
 	securityapi "github.com/openshift/origin/pkg/security/apis/security"
+	scc "github.com/openshift/origin/pkg/security/securitycontextconstraints"
 	sccutil "github.com/openshift/origin/pkg/security/securitycontextconstraints/util"
 )
 
 func TestBootstrappedConstraints(t *testing.T) {
-	expectedConstraints := []string{
-		SecurityContextConstraintPrivileged,
+	// ordering of expectedConstraintNames is important, we check it against scc.ByPriority
+	expectedConstraintNames := []string{
+		SecurityContextConstraintsAnyUID,
+		SecurityContextConstraintsHostNetwork,
 		SecurityContextConstraintRestricted,
 		SecurityContextConstraintNonRoot,
-		SecurityContextConstraintHostMountAndAnyUID,
 		SecurityContextConstraintHostNS,
-		SecurityContextConstraintsAnyUID,
-		SecurityContextConstraintsHostNetwork,
+		SecurityContextConstraintHostMountAndAnyUID,
+		SecurityContextConstraintPrivileged,
 	}
 	expectedGroups, expectedUsers := getExpectedAccess()
 	expectedVolumes := []securityapi.FSType{securityapi.FSTypeEmptyDir, securityapi.FSTypeSecret, securityapi.FSTypeDownwardAPI, securityapi.FSTypeConfigMap, securityapi.FSTypePersistentVolumeClaim}
 
 	groups, users := GetBoostrapSCCAccess(DefaultOpenShiftInfraNamespace)
 	bootstrappedConstraints := GetBootstrapSecurityContextConstraints(groups, users)
 
-	if len(expectedConstraints) != len(bootstrappedConstraints) {
-		t.Errorf("unexpected number of constraints: found %d, wanted %d", len(bootstrappedConstraints), len(expectedConstraints))
+	if len(expectedConstraintNames) != len(bootstrappedConstraints) {
+		t.Errorf("unexpected number of constraints: found %d, wanted %d", len(bootstrappedConstraints), len(expectedConstraintNames))
 	}
 
-	for _, constraint := range bootstrappedConstraints {
+	sort.Sort(scc.ByPriority(bootstrappedConstraints))
+
+	for i, constraint := range bootstrappedConstraints {
+		if constraint.Name != expectedConstraintNames[i] {
+			t.Errorf("unexpected contraint no. %d (by priority).  Found %v, wanted %v", i, constraint.Name, expectedConstraintNames[i])
+		}
 		g := expectedGroups[constraint.Name]
 		if !reflect.DeepEqual(g, constraint.Groups) {
 			t.Errorf("unexpected group access for %s.  Found %v, wanted %v", constraint.Name, constraint.Groups, g)