github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-09 12:49:12 +00:00
Code Issues Projects Releases Wiki Activity

tests: k8s-security-context auto-generated policy

Browse Source 
Auto-generate the policy in k8s-security-context.bats - previously
blocked by lacking support for PodSecurityContext.runAsUser.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
This commit is contained in:
Dan Mihai
2024-07-13 01:21:52 +00:00
parent f087044ecb
commit 7040fb8c50
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
tests/integration/kubernetes/k8s-security-context.bats
View File

@@ -12,7 +12,14 @@ setup() {
get_pod_config_dir get_pod_config_dir
yaml_file="${pod_config_dir}/pod-security-context.yaml" yaml_file="${pod_config_dir}/pod-security-context.yaml"
add_allow_all_policy_to_yaml "${yaml_file}" policy_settings_dir="$(create_tmp_policy_settings_dir "${pod_config_dir}")"
cmd="ps --user 1000 -f"
exec_command="sh -c ${cmd}"
add_exec_to_policy_settings "${policy_settings_dir}" "${exec_command}"
add_requests_to_policy_settings "${policy_settings_dir}" "ReadStreamRequest"
auto_generate_policy "${policy_settings_dir}" "${yaml_file}"
} }
@test "Security context" { @test "Security context" {
@@ -25,7 +32,6 @@ setup() {
kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name" kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name"
# Check user # Check user
cmd="ps --user 1000 -f"
process="tail -f /dev/null" process="tail -f /dev/null"
kubectl exec $pod_name -- sh -c $cmd | grep "$process" kubectl exec $pod_name -- sh -c $cmd | grep "$process"
} }
@@ -35,4 +41,5 @@ teardown() {
kubectl describe "pod/$pod_name" kubectl describe "pod/$pod_name"
kubectl delete pod "$pod_name" kubectl delete pod "$pod_name"
delete_tmp_policy_settings_dir "${policy_settings_dir}"
} }