github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-12 13:22:28 +00:00
Code Issues Projects Releases Wiki Activity

tests: k8s-policy-pod: add workaround for #10297

Browse Source 
If the CI platform being tested doesn't support yet the prometheus
container image:
- Use busybox instead of prometheus.
- Skip the test cases that depend on the prometheus image.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
This commit is contained in:
Dan Mihai 2024-09-12 16:31:14 +00:00
parent 94d95fc055
commit 0c5ac042e7
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
tests/integration/kubernetes/k8s-policy-pod.bats
View File

@ -8,6 +8,8 @@
load "${BATS_TEST_DIRNAME}/../../common.bash" load "${BATS_TEST_DIRNAME}/../../common.bash"
load "${BATS_TEST_DIRNAME}/tests_common.sh" load "${BATS_TEST_DIRNAME}/tests_common.sh"
issue="https://github.com/kata-containers/kata-containers/issues/10297"
setup() { setup() {
auto_generate_policy_enabled || skip "Auto-generated policy tests are disabled." auto_generate_policy_enabled || skip "Auto-generated policy tests are disabled."
@ -37,6 +39,9 @@ setup() {
# Save some time by executing genpolicy a single time. # Save some time by executing genpolicy a single time.
if [ "${BATS_TEST_NUMBER}" == "1" ]; then if [ "${BATS_TEST_NUMBER}" == "1" ]; then
# Work around #10297 if needed.
prometheus_image_supported || replace_prometheus_image
# Save pre-generated yaml files # Save pre-generated yaml files
cp "${correct_configmap_yaml}" "${pre_generate_configmap_yaml}" cp "${correct_configmap_yaml}" "${pre_generate_configmap_yaml}"
cp "${correct_pod_yaml}" "${pre_generate_pod_yaml}" cp "${correct_pod_yaml}" "${pre_generate_pod_yaml}"
@ -54,6 +59,22 @@ setup() {
cp "${pre_generate_pod_yaml}" "${testcase_pre_generate_pod_yaml}" cp "${pre_generate_pod_yaml}" "${testcase_pre_generate_pod_yaml}"
} }
prometheus_image_supported() {
[[ "${SNAPSHOTTER:-}" == "nydus" ]] && return 1
return 0
}
replace_prometheus_image() {
info "Replacing prometheus image with busybox to work around ${issue}"
yq -i \
'.spec.containers[0].name = "busybox"' \
"${correct_pod_yaml}"
yq -i \
'.spec.containers[0].image = "quay.io/prometheus/busybox:latest"' \
"${correct_pod_yaml}"
}
# Common function for several test cases from this bats script. # Common function for several test cases from this bats script.
wait_for_pod_ready() { wait_for_pod_ready() {
kubectl create -f "${correct_configmap_yaml}" kubectl create -f "${correct_configmap_yaml}"
@ -210,6 +231,8 @@ test_pod_policy_error() {
} }
@test "Successful pod: runAsUser having the same value as the UID from the container image" { @test "Successful pod: runAsUser having the same value as the UID from the container image" {
prometheus_image_supported || skip "Test case not supported due to ${issue}"
# This container image specifies user = "nobody" that corresponds to UID = 65534. Setting # This container image specifies user = "nobody" that corresponds to UID = 65534. Setting
# the same value for runAsUser in the YAML file doesn't change the auto-generated Policy. # the same value for runAsUser in the YAML file doesn't change the auto-generated Policy.
yq -i \ yq -i \
@ -222,6 +245,8 @@ test_pod_policy_error() {
} }
@test "Policy failure: unexpected UID = 0" { @test "Policy failure: unexpected UID = 0" {
prometheus_image_supported || skip "Test case not supported due to ${issue}"
# Change the container UID to 0 after the policy has been generated, and verify that the # Change the container UID to 0 after the policy has been generated, and verify that the
# change gets rejected by the policy. UID = 0 is the default value from genpolicy, but # change gets rejected by the policy. UID = 0 is the default value from genpolicy, but
# this container image specifies user = "nobody" that corresponds to UID = 65534. # this container image specifies user = "nobody" that corresponds to UID = 65534.