tests: k8s-security-context auto-generated policy

Auto-generate the policy in k8s-security-context.bats - previously blocked by lacking support for PodSecurityContext.runAsUser. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-09-12 20:39:30 +00:00 · 2024-07-13 01:21:52 +00:00
parent f087044ecb
commit 7040fb8c50
1 changed files with 9 additions and 2 deletions
--- a/tests/integration/kubernetes/k8s-security-context.bats
+++ b/tests/integration/kubernetes/k8s-security-context.bats
@@ -12,7 +12,14 @@ setup() {
 	get_pod_config_dir

 	yaml_file="${pod_config_dir}/pod-security-context.yaml"
-	add_allow_all_policy_to_yaml "${yaml_file}"
+	policy_settings_dir="$(create_tmp_policy_settings_dir "${pod_config_dir}")"
+
+	cmd="ps --user 1000 -f"
+	exec_command="sh -c ${cmd}"
+	add_exec_to_policy_settings "${policy_settings_dir}" "${exec_command}"
+
+	add_requests_to_policy_settings "${policy_settings_dir}" "ReadStreamRequest"
+	auto_generate_policy "${policy_settings_dir}" "${yaml_file}"
 }

@test "Security context" {
@@ -25,7 +32,6 @@ setup() {
 	kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name"

 	# Check user
-	cmd="ps --user 1000 -f"
 	process="tail -f /dev/null"
 	kubectl exec $pod_name -- sh -c $cmd | grep "$process"
 }
@@ -35,4 +41,5 @@ teardown() {
 	kubectl describe "pod/$pod_name"

 	kubectl delete pod "$pod_name"
+	delete_tmp_policy_settings_dir "${policy_settings_dir}"
 }