github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-11 12:52:23 +00:00
Code Issues Projects Releases Wiki Activity

tests: k8s: k8s-file-volume auto-generated policy

Browse Source 
Auto-generate policy for k8s-file-volume.bats.

Fixes: #9072

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
This commit is contained in:
Dan Mihai 2024-02-08 20:24:28 +00:00
parent d84f50db5b
commit 41c2bcbdc5
1 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
tests/integration/kubernetes/k8s-file-volume.bats
View File

@ -19,32 +19,49 @@ setup() {
mount_path="/tmp/foo.txt" mount_path="/tmp/foo.txt"
file_body="test" file_body="test"
get_pod_config_dir get_pod_config_dir
}
@test "Test readonly volume for pods" {
# Write test body to temp file # Write test body to temp file
exec_host "$node" "echo "$file_body" > $tmp_file" exec_host "$node" "echo "$file_body" > $tmp_file"
# Create test yaml # Create test yaml
sed -e "s|HOST_FILE|$tmp_file|" ${pod_config_dir}/pod-file-volume.yaml > ${pod_config_dir}/test-pod-file-volume.yaml test_yaml="${pod_config_dir}/test-pod-file-volume.yaml"
sed -i "s|MOUNT_PATH|$mount_path|" ${pod_config_dir}/test-pod-file-volume.yaml
sed -i "s|NODE|$node|" ${pod_config_dir}/test-pod-file-volume.yaml
sed -e "s|HOST_FILE|$tmp_file|" ${pod_config_dir}/pod-file-volume.yaml > "${test_yaml}"
sed -i "s|MOUNT_PATH|$mount_path|" "${test_yaml}"
sed -i "s|NODE|$node|" "${test_yaml}"
# Add policy to the yaml file
policy_settings_dir="$(create_tmp_policy_settings_dir "${pod_config_dir}")"
command="cat $mount_path"
add_exec_to_policy_settings "${policy_settings_dir}" "${command}"
add_requests_to_policy_settings "${policy_settings_dir}" "ReadStreamRequest"
auto_generate_policy "${policy_settings_dir}" "${test_yaml}"
return 0
}
@test "Test readonly volume for pods" {
# Create pod # Create pod
kubectl create -f "${pod_config_dir}/test-pod-file-volume.yaml" kubectl create -f "${test_yaml}"
# Check pod creation # Check pod creation
kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name" kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name"
# Validate file volume body inside the pod # Validate file volume body inside the pod
file_in_container=$(kubectl exec $pod_name -- cat $mount_path) file_in_container=$(kubectl exec $pod_name -- $command)
[ "$file_body" == "$file_in_container" ] [ "$file_body" == "$file_in_container" ]
} }
teardown() { teardown() {
[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}" [ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
[ "${KATA_HYPERVISOR}" == "fc" ] && skip "test not working see: ${fc_limitations}" [ "${KATA_HYPERVISOR}" == "fc" ] && skip "test not working see: ${fc_limitations}"
kubectl describe pod "$pod_name"
kubectl delete pod "$pod_name" kubectl delete pod "$pod_name"
exec_host "$node" rm -f $tmp_file exec_host "$node" rm -f $tmp_file
rm -f ${pod_config_dir}/test-pod-file-volume.yaml.yaml rm -f "${test_yaml}"
delete_tmp_policy_settings_dir "${policy_settings_dir}"
} }