Merge pull request #130931 from nojnhuh/dra-vap-e2e

Remove unused VAP for DRA admin access e2e test
2025-07-23 11:50:44 +00:00 · 2025-03-20 01:36:51 -07:00 · 2025-03-20 01:36:51 -07:00 · 6b8e5a9457
commit 6b8e5a9457
parent 10bdb0a155 7d74a504ca
1 changed files with 0 additions and 71 deletions
--- a/test/e2e/dra/test-driver/deploy/example/admin-access-policy.yaml
+++ b/test/e2e/dra/test-driver/deploy/example/admin-access-policy.yaml
@ -1,71 +0,0 @@
-# This example shows how to use a validating admission policy (VAP)
-# to control who may use "admin access", a privileged mode which
-# grants access to devices which are currently in use, potentially
-# by some other user.
-#
-# The policy applies in any namespace which does not have the
-# "admin-access.dra.example.com" label. Other ways of making that decision are
-# also possible.
-#
-# Cluster administrators need to adapt at least the names and replace
-# "dra.example.com".
-
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingAdmissionPolicy
-metadata:
-  name: resourceclaim-policy.dra.example.com
-spec:
-  failurePolicy: Fail
-  matchConstraints:
-    resourceRules:
-    - apiGroups:   ["resource.k8s.io"]
-      apiVersions: ["v1alpha3", "v1beta1"]
-      operations:  ["CREATE", "UPDATE"]
-      resources:   ["resourceclaims"]
-  validations:
-    - expression: '! object.spec.devices.requests.exists(e, has(e.adminAccess) && e.adminAccess)'
-      reason: Forbidden
-      messageExpression: '"admin access to devices not enabled in namespace " + namespaceObject.metadata.name'
---
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingAdmissionPolicyBinding
-metadata:
-  name: resourceclaim-binding.dra.example.com
-spec:
-  policyName:  resourceclaim-policy.dra.example.com
-  validationActions: [Deny]
-  matchResources:
-    namespaceSelector:
-      matchExpressions:
-      - key: admin-access.dra.example.com
-        operator: DoesNotExist
---
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingAdmissionPolicy
-metadata:
-  name: resourceclaimtemplate-policy.dra.example.com
-spec:
-  failurePolicy: Fail
-  matchConstraints:
-    resourceRules:
-    - apiGroups:   ["resource.k8s.io"]
-      apiVersions: ["v1alpha3", "v1beta1"]
-      operations:  ["CREATE", "UPDATE"]
-      resources:   ["resourceclaimtemplates"]
-  validations:
-    - expression: '! object.spec.spec.devices.requests.exists(e, has(e.adminAccess) && e.adminAccess)'
-      reason: Forbidden
-      messageExpression: '"admin access to devices not enabled in namespace " + namespaceObject.metadata.name'
---
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingAdmissionPolicyBinding
-metadata:
-  name: resourceclaimtemplate-binding.dra.example.com
-spec:
-  policyName:  resourceclaimtemplate-policy.dra.example.com
-  validationActions: [Deny]
-  matchResources:
-    namespaceSelector:
-      matchExpressions:
-      - key: admin-access.dra.example.com
-        operator: DoesNotExist