mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-09-25 18:53:44 +00:00
Merge pull request #11259 from fitzthum/bump-gc-0140
Update Trustee and Guest Components for CoCo v0.14.0
This commit is contained in:
Steve Horsman
GitHub
@@ -87,7 +87,7 @@ function setup_kbs_credentials() {
|
||||
echo "Pod ${kata_pod}: $(cat ${kata_pod})"
|
||||
|
||||
assert_pod_fail "${kata_pod}"
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" "failed to pull manifest Not authorized"
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" "failed to pull image"
|
||||
}
|
||||
|
||||
@test "Test that creating a container from an authenticated image, with no credentials fails" {
|
||||
@@ -100,7 +100,7 @@ function setup_kbs_credentials() {
|
||||
echo "Pod ${kata_pod}: $(cat ${kata_pod})"
|
||||
|
||||
assert_pod_fail "${kata_pod}"
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" "failed to pull manifest Not authorized"
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" "failed to pull image"
|
||||
}
|
||||
|
||||
teardown() {
|
||||
|
||||
@@ -52,8 +52,8 @@ function setup_kbs_decryption_key() {
|
||||
echo "Pod ${kata_pod}: $(cat ${kata_pod})"
|
||||
|
||||
assert_pod_fail "${kata_pod}"
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" 'failed to get decrypt key'
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" 'no suitable key found for decrypting layer key'
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" 'decrypt image (unwrap key) failed'
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" 'kms interface when get KEK failed'
|
||||
}
|
||||
|
||||
|
||||
@@ -80,8 +80,7 @@ function setup_kbs_decryption_key() {
|
||||
echo "Pod ${kata_pod}: $(cat ${kata_pod})"
|
||||
|
||||
assert_pod_fail "${kata_pod}"
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" 'failed to get decrypt key'
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" 'no suitable key found for decrypting layer key'
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" 'decrypt image (unwrap key) failed'
|
||||
}
|
||||
|
||||
teardown() {
|
||||
|
||||
@@ -97,7 +97,7 @@ EOF
|
||||
echo "Pod ${kata_pod}: $(cat ${kata_pod})"
|
||||
|
||||
assert_pod_fail "${kata_pod}"
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" "image security validation failed"
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" "failed to pull image"
|
||||
}
|
||||
|
||||
@test "Create a pod from a signed image, on a 'restricted registry' is successful" {
|
||||
@@ -123,7 +123,7 @@ EOF
|
||||
echo "Pod ${kata_pod}: $(cat ${kata_pod})"
|
||||
|
||||
assert_pod_fail "${kata_pod}"
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" "image security validation failed"
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" "failed to pull image"
|
||||
}
|
||||
|
||||
@test "Create a pod from an unsigned image, on a 'restricted registry' works if policy files isn't set" {
|
||||
|
||||
@@ -84,8 +84,7 @@ setup() {
|
||||
|
||||
# The pod should be failed because the unpacked image size is larger than the memory size in the guest.
|
||||
assert_pod_fail "$pod_config"
|
||||
assert_logs_contain "$node" kata "$node_start_time" \
|
||||
'No space left on device'
|
||||
assert_logs_contain "$node" kata "$node_start_time" "failed to pull image"
|
||||
}
|
||||
|
||||
@test "Test we can pull an image inside the guest using trusted storage" {
|
||||
|
||||
@@ -165,7 +165,7 @@ EOF
|
||||
echo "Pod ${kata_pod}: $(cat ${kata_pod})"
|
||||
|
||||
assert_pod_fail "${kata_pod}"
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" "image security validation failed"
|
||||
assert_logs_contain "${node}" kata "${node_start_time}" "failed to pull image"
|
||||
}
|
||||
|
||||
@test "Test that creating a container from an rejected image not configured by initdata, fails according to CDH error" {
|
||||
|
||||
Reference in New Issue
Block a user