tests: k8s-policy-pod: add workaround for #10297

If the CI platform being tested doesn't support yet the prometheus container image: - Use busybox instead of prometheus. - Skip the test cases that depend on the prometheus image. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-04-27 19:35:32 +00:00 · 2024-09-12 16:31:14 +00:00 · 2024-09-12 16:31:14 +00:00 · 0c5ac042e7
commit 0c5ac042e7
parent 94d95fc055
1 changed files with 25 additions and 0 deletions
--- a/tests/integration/kubernetes/k8s-policy-pod.bats
+++ b/tests/integration/kubernetes/k8s-policy-pod.bats
@ -8,6 +8,8 @@
 load "${BATS_TEST_DIRNAME}/../../common.bash"
 load "${BATS_TEST_DIRNAME}/tests_common.sh"

+issue="https://github.com/kata-containers/kata-containers/issues/10297"
+
 setup() {
 	auto_generate_policy_enabled || skip "Auto-generated policy tests are disabled."

@ -37,6 +39,9 @@ setup() {

    # Save some time by executing genpolicy a single time.
    if [ "${BATS_TEST_NUMBER}" == "1" ]; then
+		# Work around #10297 if needed.
+		prometheus_image_supported || replace_prometheus_image
+
 		# Save pre-generated yaml files
 		cp "${correct_configmap_yaml}" "${pre_generate_configmap_yaml}" 
 		cp "${correct_pod_yaml}" "${pre_generate_pod_yaml}"
@ -54,6 +59,22 @@ setup() {
 	cp "${pre_generate_pod_yaml}" "${testcase_pre_generate_pod_yaml}"
 }

+prometheus_image_supported() {
+	[[ "${SNAPSHOTTER:-}" == "nydus" ]] && return 1
+	return 0
+}
+
+replace_prometheus_image() {
+	info "Replacing prometheus image with busybox to work around ${issue}"
+
+	yq -i \
+		'.spec.containers[0].name = "busybox"' \
+		"${correct_pod_yaml}"
+	yq -i \
+		'.spec.containers[0].image = "quay.io/prometheus/busybox:latest"' \
+		"${correct_pod_yaml}"
+}
+
 # Common function for several test cases from this bats script.
 wait_for_pod_ready() {
 	kubectl create -f "${correct_configmap_yaml}"
@ -210,6 +231,8 @@ test_pod_policy_error() {
 }

@test "Successful pod: runAsUser having the same value as the UID from the container image" {
+	prometheus_image_supported || skip "Test case not supported due to ${issue}"
+
 	# This container image specifies user = "nobody" that corresponds to UID = 65534. Setting
 	# the same value for runAsUser in the YAML file doesn't change the auto-generated Policy.
 	yq -i \
@ -222,6 +245,8 @@ test_pod_policy_error() {
 }

@test "Policy failure: unexpected UID = 0" {
+	prometheus_image_supported || skip "Test case not supported due to ${issue}"
+
 	# Change the container UID to 0 after the policy has been generated, and verify that the
 	# change gets rejected by the policy. UID = 0 is the default value from genpolicy, but
 	# this container image specifies user = "nobody" that corresponds to UID = 65534.