-
Notifications
You must be signed in to change notification settings - Fork 24
Expand file tree
/
Copy pathexecutor_test.yaml
More file actions
133 lines (127 loc) · 3.73 KB
/
executor_test.yaml
File metadata and controls
133 lines (127 loc) · 3.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
suite: executor
templates:
- executor.Deployment.yaml
- executor.Service.yaml
- executor.ConfigMap.yaml
- executor.PersistentVolumeClaim.yaml
tests:
- it: should render the Deployment, Service, ConfigMap, PVC if executor is enabled
set:
executor:
queueName: "test"
asserts:
- containsDocument:
kind: Deployment
apiVersion: apps/v1
name: executor-test
template: executor.Deployment.yaml
- containsDocument:
kind: Service
apiVersion: v1
name: executor-test
template: executor.Service.yaml
- containsDocument:
kind: ConfigMap
apiVersion: v1
name: executor-test
template: executor.ConfigMap.yaml
- containsDocument:
kind: PersistentVolumeClaim
apiVersion: v1
name: sg-executor-test
template: executor.PersistentVolumeClaim.yaml
- it: should render default containerSecurityContext with privileged false
template: executor.Deployment.yaml
set:
executor:
queueName: "test"
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext.privileged
value: false
- it: should render custom containerSecurityContext
template: executor.Deployment.yaml
set:
executor:
queueName: "test"
containerSecurityContext:
privileged: true
runAsUser: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext
value:
privileged: true
runAsUser: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
- it: should render podSecurityContext when set
template: executor.Deployment.yaml
set:
executor:
queueName: "test"
podSecurityContext:
fsGroup: 2000
runAsUser: 1000
runAsGroup: 3000
asserts:
- equal:
path: spec.template.spec.securityContext
value:
fsGroup: 2000
runAsUser: 1000
runAsGroup: 3000
- it: should fall back to legacy securityContext fields when podSecurityContext is empty
template: executor.Deployment.yaml
set:
executor:
queueName: "test"
podSecurityContext: {}
securityContext:
fsGroup: 1001
runAsUser: 1001
runAsGroup: 1001
asserts:
- equal:
path: spec.template.spec.securityContext
value:
fsGroup: 1001
runAsUser: 1001
runAsGroup: 1001
- it: should not render legacy securityContext fields when podSecurityContext is set
template: executor.Deployment.yaml
set:
executor:
queueName: "test"
podSecurityContext:
fsGroup: 2000
securityContext:
fsGroup: 1001
runAsUser: 1001
runAsGroup: 1001
asserts:
- equal:
path: spec.template.spec.securityContext.fsGroup
value: 2000
- isNull:
path: spec.template.spec.securityContext.runAsUser
- isNull:
path: spec.template.spec.securityContext.runAsGroup
- it: should omit pod securityContext fields not set in legacy securityContext
template: executor.Deployment.yaml
set:
executor:
queueName: "test"
podSecurityContext: {}
securityContext:
fsGroup: 500
asserts:
- equal:
path: spec.template.spec.securityContext.fsGroup
value: 500
- isNull:
path: spec.template.spec.securityContext.runAsUser
- isNull:
path: spec.template.spec.securityContext.runAsGroup