Merge pull request #8271 from microsoft/danmihai1/exec-test-failure

tests: more k8s-exec-rejected debug output

tests/integration/kubernetes/k8s-exec-rejected.bats

@@ -10,8 +10,8 @@ load "${BATS_TEST_DIRNAME}/tests_common.sh"
 
 setup() {
 	get_pod_config_dir
-	pod_name="busybox"
-	pod_yaml="${pod_config_dir}/busybox-pod.yaml"
+	pod_name="policy-exec-rejected"
+	pod_yaml="${pod_config_dir}/k8s-policy-exec-rejected.yaml"
 	allow_all_except_exec_policy=$(base64 -w 0 "${pod_config_dir}/allow-all-except-exec-process.rego")
 }
 
@@ -25,10 +25,14 @@ setup() {
 	kubectl create -f "${pod_yaml}"
 
 	# Wait for pod to start
+	echo "timeout=${timeout}"
 	kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name"
 
 	# Try executing a command in the Pod - an action rejected by the agent policy.
-	kubectl exec "$pod_name" -- date 2>&1 | grep "ExecProcessRequest is blocked by policy"
+	exec_output=$(kubectl exec "$pod_name" -- date 2>&1) || true
+	echo "$exec_output"
+
+	echo "$exec_output" | grep "ExecProcessRequest is blocked by policy"
 }
 
 teardown() {

tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-exec-rejected.yaml

@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2023 Microsoft
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+apiVersion: v1
+kind: Pod
+metadata:
+  name: policy-exec-rejected
+spec:
+  terminationGracePeriodSeconds: 0
+  shareProcessNamespace: true
+  runtimeClassName: kata
+  containers:
+    - name: first-test-container
+      image: quay.io/prometheus/busybox:latest
+      env:
+        - name: CONTAINER_NAME
+          value: "first-test-container"
+      command:
+        - sleep
+        - "120"