github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 14:07:14 +00:00
Code Issues Projects Releases Wiki Activity

security: another test case for generic ephemeral inline volumes

Browse Source 
When the PSP contains some other volume types, generic ephemeral
inline volumes must be rejected.
This commit is contained in:
Patrick Ohly 2021-02-05 11:46:19 +01:00
parent 38384d5c13
commit aa4f8ae793
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/security/podsecuritypolicy/provider_test.go
View File

@ -502,6 +502,15 @@ func TestValidatePodFailures(t *testing.T) {
psp: defaultPSP(), psp: defaultPSP(),
expectedError: "ephemeral volumes are not allowed to be used", expectedError: "ephemeral volumes are not allowed to be used",
}, },
"generic ephemeral volumes with other volume type allowed": {
pod: failGenericEphemeralPod,
psp: func() *policy.PodSecurityPolicy {
psp := defaultPSP()
psp.Spec.Volumes = []policy.FSType{policy.NFS}
return psp
}(),
expectedError: "ephemeral volumes are not allowed to be used",
},
} }
for name, test := range errorCases { for name, test := range errorCases {
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {