From aa4f8ae793954c01025f59f7594bf4f3af668990 Mon Sep 17 00:00:00 2001
From: Patrick Ohly <patrick.ohly@intel.com>
Date: Fri, 5 Feb 2021 11:46:19 +0100
Subject: [PATCH] security: another test case for generic ephemeral inline
 volumes

When the PSP contains some other volume types, generic ephemeral
inline volumes must be rejected.
---
 pkg/security/podsecuritypolicy/provider_test.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkg/security/podsecuritypolicy/provider_test.go b/pkg/security/podsecuritypolicy/provider_test.go
index a28372b3a5c..76c5a753d75 100644
--- a/pkg/security/podsecuritypolicy/provider_test.go
+++ b/pkg/security/podsecuritypolicy/provider_test.go
@@ -502,6 +502,15 @@ func TestValidatePodFailures(t *testing.T) {
 			psp:           defaultPSP(),
 			expectedError: "ephemeral volumes are not allowed to be used",
 		},
+		"generic ephemeral volumes with other volume type allowed": {
+			pod: failGenericEphemeralPod,
+			psp: func() *policy.PodSecurityPolicy {
+				psp := defaultPSP()
+				psp.Spec.Volumes = []policy.FSType{policy.NFS}
+				return psp
+			}(),
+			expectedError: "ephemeral volumes are not allowed to be used",
+		},
 	}
 	for name, test := range errorCases {
 		t.Run(name, func(t *testing.T) {