From 71ede4ea3ff2d3138117f58b84a4cf0ffa07ff8a Mon Sep 17 00:00:00 2001
From: Dan Mihai <dmihai@microsoft.com>
Date: Wed, 11 Sep 2024 17:29:07 +0000
Subject: [PATCH] tests: k8s-policy-pod: use prometheus container

Change quay.io/prometheus/busybox to quay.io/prometheus/prometheus in
this test. The prometheus image will be helpful for testing the future
fix for #9928 because it specifies user = "nobody".

Also, change:

sh -c "ls -l /"

to:

echo -n "readinessProbe with space characters"

as the test readinessProbe command line. Both include a command line
argument containing space characters, but "sh -c" behaves differently
when using the prometheus container image (causes the readinessProbe
to time out, etc.).

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
---
 tests/integration/kubernetes/k8s-policy-pod.bats     |  2 +-
 .../runtimeclass_workloads/k8s-policy-pod.yaml       | 12 +++++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/tests/integration/kubernetes/k8s-policy-pod.bats b/tests/integration/kubernetes/k8s-policy-pod.bats
index 140507fdf0..d8ed91c9d9 100644
--- a/tests/integration/kubernetes/k8s-policy-pod.bats
+++ b/tests/integration/kubernetes/k8s-policy-pod.bats
@@ -216,7 +216,7 @@ test_pod_policy_error() {
 
 	# Execute commands allowed by the policy.
 	pod_exec_allowed_command "${pod_name}" "echo" "livenessProbe" "test"
-	pod_exec_allowed_command "${pod_name}" "sh" "-c" "ls -l /"
+	pod_exec_allowed_command "${pod_name}" "echo" "-n" "readinessProbe with space characters"
 	pod_exec_allowed_command "${pod_name}" "echo" "startupProbe" "test"
 
 	# Try to execute commands disallowed by the policy.
diff --git a/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml
index d6bc21afee..db4a988d67 100644
--- a/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml
+++ b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml
@@ -11,8 +11,10 @@ spec:
   terminationGracePeriodSeconds: 0
   runtimeClassName: kata
   containers:
-    - name: busybox
-      image: quay.io/prometheus/busybox:latest
+    - name: prometheus
+      image: quay.io/prometheus/prometheus:latest
+      command:
+        - /bin/sh
       env:
         - name: KUBE_CONFIG_1
           valueFrom:
@@ -40,9 +42,9 @@ spec:
       readinessProbe:
         exec:
           command:
-            - "sh"
-            - "-c"
-            - "ls -l /"
+            - "echo"
+            - "-n"
+            - "readinessProbe with space characters"
       startupProbe:
         exec:
           command: