From 84afa32493335e74d6094c3723c53cf38ac9e6bb Mon Sep 17 00:00:00 2001
From: Matthew Heon <matthew.heon@gmail.com>
Date: Thu, 19 Jul 2018 12:04:44 -0400
Subject: Ensure pods are part of the set namespace when added

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
---
 libpod/in_memory_state.go |  4 ++++
 libpod/state_test.go      | 41 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)

(limited to 'libpod')

diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go
index 55be89d4c..e323b069c 100644
--- a/libpod/in_memory_state.go
+++ b/libpod/in_memory_state.go
@@ -542,6 +542,10 @@ func (s *InMemoryState) AddPod(pod *Pod) error {
 		return errors.Wrapf(ErrPodRemoved, "pod %s is not valid and cannot be added", pod.ID())
 	}
 
+	if err := s.checkNSMatch(pod.ID(), pod.Namespace()); err != nil {
+		return err
+	}
+
 	if _, ok := s.pods[pod.ID()]; ok {
 		return errors.Wrapf(ErrPodExists, "pod with ID %s already exists in state", pod.ID())
 	}
diff --git a/libpod/state_test.go b/libpod/state_test.go
index 4e9ba8850..30638024c 100644
--- a/libpod/state_test.go
+++ b/libpod/state_test.go
@@ -1790,6 +1790,47 @@ func TestAddPodCtrNameConflictFails(t *testing.T) {
 	})
 }
 
+func TestAddPodSameNamespaceSucceeds(t *testing.T) {
+	runForAllStates(t, func(t *testing.T, state State, lockPath string) {
+		testPod, err := getTestPod1(lockPath)
+		assert.NoError(t, err)
+
+		testPod.config.Namespace = "test1"
+
+		state.SetNamespace("test1")
+
+		err = state.AddPod(testPod)
+		assert.NoError(t, err)
+
+		allPods, err := state.AllPods()
+		assert.NoError(t, err)
+		assert.Equal(t, 1, len(allPods))
+
+		testPodsEqual(t, testPod, allPods[0])
+		assert.Equal(t, testPod.valid, allPods[0].valid)
+	})
+}
+
+func TestAddPodDifferentNamespaceFails(t *testing.T) {
+	runForAllStates(t, func(t *testing.T, state State, lockPath string) {
+		testPod, err := getTestPod1(lockPath)
+		assert.NoError(t, err)
+
+		testPod.config.Namespace = "test1"
+
+		state.SetNamespace("test2")
+
+		err = state.AddPod(testPod)
+		assert.Error(t, err)
+
+		state.SetNamespace("")
+
+		allPods, err := state.AllPods()
+		assert.NoError(t, err)
+		assert.Equal(t, 0, len(allPods))
+	})
+}
+
 func TestRemovePodInvalidPodErrors(t *testing.T) {
 	runForAllStates(t, func(t *testing.T, state State, lockPath string) {
 		err := state.RemovePod(&Pod{config: &PodConfig{}})
-- 
cgit v1.2.3-54-g00ecf