diff --git a/pkg/config/template.go b/pkg/config/template.go index ce3100f5ff1..50aa6c70bf1 100644 --- a/pkg/config/template.go +++ b/pkg/config/template.go @@ -1408,6 +1408,9 @@ const templateStringCrioRuntimeWorkloads = `# The workloads table defines ways t {{ $.Comment }}[crio.runtime.workloads.{{ $workload_type }}] {{ $.Comment }}activation_annotation = "{{ $workload_config.ActivationAnnotation }}" {{ $.Comment }}annotation_prefix = "{{ $workload_config.AnnotationPrefix }}" +{{ $.Comment }}allowed_annotations = [ +{{ range $opt := $workload_config.AllowedAnnotations }}{{ $.Comment }}{{ printf "\t%q,\n" $opt }} +{{ end }}{{ $.Comment }}] {{ if $workload_config.Resources }}{{ $.Comment }}[crio.runtime.workloads.{{ $workload_type }}.resources] {{ $.Comment }}cpuset = "{{ $workload_config.Resources.CPUSet }}" {{ $.Comment }}cpuquota = {{ $workload_config.Resources.CPUQuota }} diff --git a/pkg/config/template_test.go b/pkg/config/template_test.go index d8812eb042a..78f446da66a 100644 --- a/pkg/config/template_test.go +++ b/pkg/config/template_test.go @@ -2,6 +2,7 @@ package config_test import ( "bytes" + "strings" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -23,6 +24,70 @@ var _ = t.Describe("Config", func() { // Then Expect(err).ToNot(HaveOccurred()) }) + + It("should include workload allowed_annotations in template output", func() { + // Given + sut.Workloads = config.Workloads{ + "test-workload": &config.WorkloadConfig{ + ActivationAnnotation: "io.test.workload", + AnnotationPrefix: "io.test.prefix", + AllowedAnnotations: []string{ + "io.kubernetes.cri-o.userns-mode", + "io.kubernetes.cri-o.umask", + "io.kubernetes.cri-o.Devices", + }, + }, + } + var wr bytes.Buffer + + // When + err := sut.WriteTemplate(true, &wr) + + // Then + Expect(err).ToNot(HaveOccurred()) + output := wr.String() + expected := `allowed_annotations = [ + "io.kubernetes.cri-o.userns-mode", + "io.kubernetes.cri-o.umask", + "io.kubernetes.cri-o.Devices", + ]` + Expect(output).To(ContainSubstring(expected)) + }) + + It("should not include workload allowed_annotations when empty", func() { + // Given + sut.Workloads = config.Workloads{ + "test-workload": &config.WorkloadConfig{ + ActivationAnnotation: "io.test.workload", + AnnotationPrefix: "io.test.prefix", + AllowedAnnotations: []string{}, + }, + } + var wr bytes.Buffer + + // When + err := sut.WriteTemplate(true, &wr) + + // Then + Expect(err).ToNot(HaveOccurred()) + output := wr.String() + + // Extract just the workload section to verify allowed_annotations is not present + lines := strings.Split(output, "\n") + workloadSection := "" + inWorkloadSection := false + for _, line := range lines { + if strings.Contains(line, "[crio.runtime.workloads.test-workload]") { + inWorkloadSection = true + } else if strings.HasPrefix(line, "[") && inWorkloadSection { + break // End of workload section + } + if inWorkloadSection { + workloadSection += line + "\n" + } + } + Expect(workloadSection).ToNot(ContainSubstring("allowed_annotations = [")) + }) }) t.Describe("RuntimesEqual", func() { It("not equal if different length", func() {