-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathe2e.bats
More file actions
79 lines (61 loc) · 3.26 KB
/
e2e.bats
File metadata and controls
79 lines (61 loc) · 3.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#!/usr/bin/env bats
@test "accept because the gpu is bound to the namespace" {
run kwctl run annotated-policy.wasm -r test_data/virtualmachine-gpu.json --settings-json '{"namespaceDeviceBindings": [{"namespace": "default", "device": "tekton27a-000001010"}]}'
# this prints the output when one the checks below fails
echo "output = ${output}"
# request accepted
[ "$status" -eq 0 ]
[ "$(expr "$output" : '.*allowed.*true')" -ne 0 ]
}
@test "accept because the pci device is bound to the namespace" {
run kwctl run annotated-policy.wasm -r test_data/virtualmachine-pci.json --settings-json '{"namespaceDeviceBindings": [{"namespace": "default", "device": "tekton27a-000001010"}]}'
# this prints the output when one the checks below fails
echo "output = ${output}"
# request accepted
[ "$status" -eq 0 ]
[ "$(expr "$output" : '.*allowed.*true')" -ne 0 ]
}
@test "accept because a gpu is not requested" {
run kwctl run annotated-policy.wasm -r test_data/virtualmachine-no-gpu.json
# this prints the output when one the checks below fails
echo "output = ${output}"
# request accepted
[ "$status" -eq 0 ]
[ "$(expr "$output" : '.*allowed.*true')" -ne 0 ]
}
@test "reject because gpu is not bound to namespace" {
run kwctl run annotated-policy.wasm -r test_data/virtualmachine-gpu.json --settings-json '{"namespaceDeviceBindings": [{"namespace": "foo", "device": "test-gpu"}]}'
# this prints the output when one the checks below fails
echo "output = ${output}"
# request rejected
[ "$status" -eq 0 ]
[ "$(expr "$output" : '.*allowed.*false')" -ne 0 ]
[ "$(expr "$output" : ".*PCI DEVICE 'tekton27a-000001010' is not allowed for namespace: 'default'.*")" -ne 0 ]
}
@test "reject because pci device is not bound to namespace" {
run kwctl run annotated-policy.wasm -r test_data/virtualmachine-pci.json --settings-json '{"namespaceDeviceBindings": [{"namespace": "foo", "device": "test-gpu"}]}'
# this prints the output when one the checks below fails
echo "output = ${output}"
# request rejected
[ "$status" -eq 0 ]
[ "$(expr "$output" : '.*allowed.*false')" -ne 0 ]
[ "$(expr "$output" : ".*PCI DEVICE 'tekton27a-000001010' is not allowed for namespace: 'default'.*")" -ne 0 ]
}
@test "reject because gpu is not bound to another namespace" {
run kwctl run annotated-policy.wasm -r test_data/virtualmachine-gpu.json --settings-json '{"namespaceDeviceBindings": [{"namespace": "foobar", "device": "tekton27a-000001010"}]}'
# this prints the output when one the checks below fails
echo "output = ${output}"
# request rejected
[ "$status" -eq 0 ]
[ "$(expr "$output" : '.*allowed.*false')" -ne 0 ]
[ "$(expr "$output" : ".*PCI DEVICE 'tekton27a-000001010' is not allowed for namespace: 'default'.*")" -ne 0 ]
}
@test "reject because pci device is not bound to another namespace" {
run kwctl run annotated-policy.wasm -r test_data/virtualmachine-pci.json --settings-json '{"namespaceDeviceBindings": [{"namespace": "foobar", "device": "tekton27a-000001010"}]}'
# this prints the output when one the checks below fails
echo "output = ${output}"
# request rejected
[ "$status" -eq 0 ]
[ "$(expr "$output" : '.*allowed.*false')" -ne 0 ]
[ "$(expr "$output" : ".*PCI DEVICE 'tekton27a-000001010' is not allowed for namespace: 'default'.*")" -ne 0 ]
}