github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-05 18:24:07 +00:00
Code Issues Projects Releases Wiki Activity

Add namespace to DRA adminAccess ValidatingAdmissionPolicy message

Browse Source
This commit is contained in:
Jon Huhn 2025-01-08 11:06:36 -06:00
parent d9441212d3
commit 5b2c1dde79
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test/e2e/dra/dra.go
View File

@ -922,7 +922,7 @@ var _ = framework.SIGDescribe("node")("DRA", feature.DynamicResourceAllocation,
claim.Spec.Devices.Requests[0].AdminAccess = ptr.To(true) claim.Spec.Devices.Requests[0].AdminAccess = ptr.To(true)
_, claimTemplate := b.podInline() _, claimTemplate := b.podInline()
claimTemplate.Spec.Spec.Devices.Requests[0].AdminAccess = ptr.To(true) claimTemplate.Spec.Spec.Devices.Requests[0].AdminAccess = ptr.To(true)
matchVAPError := gomega.MatchError(gomega.ContainSubstring("admin access to devices not enabled" /* in namespace " + b.f.Namespace.Name */)) matchVAPError := gomega.MatchError(gomega.ContainSubstring("admin access to devices not enabled in namespace " + b.f.Namespace.Name))
gomega.Eventually(ctx, func(ctx context.Context) error { gomega.Eventually(ctx, func(ctx context.Context) error {
// First delete, in case that it succeeded earlier. // First delete, in case that it succeeded earlier.
if err := b.f.ClientSet.ResourceV1beta1().ResourceClaims(b.f.Namespace.Name).Delete(ctx, claim.Name, metav1.DeleteOptions{}); err != nil && !apierrors.IsNotFound(err) { if err := b.f.ClientSet.ResourceV1beta1().ResourceClaims(b.f.Namespace.Name).Delete(ctx, claim.Name, metav1.DeleteOptions{}); err != nil && !apierrors.IsNotFound(err) {

4
test/e2e/dra/test-driver/deploy/example/admin-access-policy.yaml
View File

@ -25,7 +25,7 @@ spec:
validations: validations:
- expression: '! object.spec.devices.requests.exists(e, has(e.adminAccess) && e.adminAccess)' - expression: '! object.spec.devices.requests.exists(e, has(e.adminAccess) && e.adminAccess)'
reason: Forbidden reason: Forbidden
messageExpression: '"admin access to devices not enabled"' # in namespace " + object.metadata.namespace' - need to use __namespace__, but somehow that also doesn't work. messageExpression: '"admin access to devices not enabled in namespace " + namespaceObject.metadata.name'
--- ---
apiVersion: admissionregistration.k8s.io/v1 apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicyBinding kind: ValidatingAdmissionPolicyBinding
@ -55,7 +55,7 @@ spec:
validations: validations:
- expression: '! object.spec.spec.devices.requests.exists(e, has(e.adminAccess) && e.adminAccess)' - expression: '! object.spec.spec.devices.requests.exists(e, has(e.adminAccess) && e.adminAccess)'
reason: Forbidden reason: Forbidden
messageExpression: '"admin access to devices not enabled"' # in namespace " + object.metadata.namespace' - need to use __namespace__, but somehow that also doesn't work. messageExpression: '"admin access to devices not enabled in namespace " + namespaceObject.metadata.name'
--- ---
apiVersion: admissionregistration.k8s.io/v1 apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicyBinding kind: ValidatingAdmissionPolicyBinding