upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-05-16 10:59:36 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/test/cmd/exec.sh
hunshcn b528be0a56
kubectl: strict check for exec command (#138214) 
* kubectl: strict check for exec command

Fix https://github.com/kubernetes/kubectl/issues/1745

The current implementation doesn't properly check for arguments between
the resource name and the dash separator. This can lead to unexpected
behavior when using commands like 'kubectl exec -it pod-0 bash -- run.sh',
which should raise an error but doesn't.

This fix ensures that when a dash separator (--) is used, there are no
extra arguments between the resource name and the dash.

- Only allow argsLenAtDash == 0 or == 1 (exactly one arg before --)
- Add test for extra args between pod and --
- Add test for flag-like args without dash separator

* test: add kubectl exec container flag coverage

* Apply suggestion from @soltysh

Co-authored-by: Maciej Szulik <soltysh@gmail.com>

---------

Co-authored-by: Maciej Szulik <soltysh@gmail.com>
2026-04-23 06:07:14 +05:30

147 lines
4.9 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
# Copyright 2019 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o errexit
set -o nounset
set -o pipefail
run_kubectl_exec_pod_tests() {
set -o nounset
set -o errexit
create_and_use_new_namespace
kube::log::status "Testing kubectl exec POD COMMAND"
### Test execute non-existing POD
output_message=$(! kubectl exec abc 2>&1 -- date)
# POD abc should error since it doesn't exist
kube::test::if_has_string "${output_message}" 'pods "abc" not found'
### Test execute multiple resources
output_message=$(! kubectl exec -f - 2>&1 -- echo test << __EOF__
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
containers:
- name: nginx
image: nginx
---
apiVersion: v1
kind: Pod
metadata:
name: test2
spec:
containers:
- name: nginx
image: nginx
__EOF__
)
kube::test::if_has_string "${output_message}" 'cannot exec into multiple objects at a time'
### Test execute existing POD
# Create test-pod
kubectl create -f hack/testdata/pod.yaml
# Execute existing POD
output_message=$(! kubectl exec test-pod date 2>&1)
# POD test-pod is exists this is shouldn't have output not found
kube::test::if_has_not_string "${output_message}" 'pods "test-pod" not found'
# These must be pass the validate
kube::test::if_has_not_string "${output_message}" 'pod or type/name must be specified'
### Test execute with invalid container name
output_message=$(! kubectl exec test-pod -c nonexistent -- date 2>&1)
kube::test::if_has_string "${output_message}" 'container nonexistent is not valid for pod test-pod out of: kubernetes-pause'
kubectl create -f - << __EOF__
apiVersion: v1
kind: Pod
metadata:
name: pod-test
spec:
containers:
- name: container-a
image: registry.k8s.io/pause:3.10.1
- name: container-b
image: registry.k8s.io/pause:3.10.1
__EOF__
### Test execute with pod and container before dash separator
output_message=$(! kubectl exec -it pod-test -c container-a -- echo "test" 2>&1)
kube::test::if_has_not_string "${output_message}" 'exec \[POD\] \[COMMAND\] is not supported anymore'
kube::test::if_has_not_string "${output_message}" 'container container-a is not valid for pod pod-test'
kube::test::if_has_not_string "${output_message}" 'pods "pod-test" not found'
# Clean up
kubectl delete pods pod-test
kubectl delete pods test-pod
set +o nounset
set +o errexit
}
run_kubectl_exec_resource_name_tests() {
set +o nounset
set +o errexit
create_and_use_new_namespace
kube::log::status "Testing kubectl exec TYPE/NAME COMMAND"
### Test execute invalid resource type
output_message=$(! kubectl exec foo/bar -- date 2>&1)
# resource type foo should error since it's invalid
kube::test::if_has_string "${output_message}" 'error:'
### Test execute non-existing resources
output_message=$(! kubectl exec deployments/bar -- date 2>&1)
# resource type foo should error since it doesn't exist
kube::test::if_has_string "${output_message}" '"bar" not found'
kubectl create -f hack/testdata/pod.yaml
kubectl create -f hack/testdata/frontend-replicaset.yaml
kubectl create -f hack/testdata/configmap.yaml
### Test execute non-implemented resources
output_message=$(! kubectl exec configmap/test-set-env-config -- date 2>&1)
# resource type configmap should error since configmap not implemented to be attached
kube::test::if_has_string "${output_message}" 'not implemented'
### Test execute exists and valid resource type.
# Just check the output, since test-cmd not run kubelet, pod never be assigned.
# and not really can run `kubectl exec` command
output_message=$(! kubectl exec pods/test-pod -- date 2>&1)
# POD test-pod is exists this is shouldn't have output not found
kube::test::if_has_not_string "${output_message}" 'not found'
# These must be pass the validate
kube::test::if_has_not_string "${output_message}" 'pod, type/name or --filename must be specified'
output_message=$(! kubectl exec replicaset/frontend -- date 2>&1)
# Replicaset frontend is valid and exists will select the first pod.
# and Shouldn't have output not found
kube::test::if_has_not_string "${output_message}" 'not found'
# These must be pass the validate
kube::test::if_has_not_string "${output_message}" 'pod, type/name or --filename must be specified'
# Clean up
kubectl delete pods/test-pod
kubectl delete replicaset/frontend
kubectl delete configmap/test-set-env-config
set +o nounset
set +o errexit
}
Reference in a new issue View git blame Copy permalink