Move privilege e2e test to common

2025-11-04 07:49:35 +00:00 · 2019-09-26 15:33:59 -07:00
parent 7fab683455
commit 40976754b5
3 changed files with 14 additions and 46 deletions
--- a/test/e2e/common/privileged.go
+++ b/test/e2e/common/privileged.go
@@ -27,6 +27,7 @@ import (
 )

 // PrivilegedPodTestConfig is configuration struct for privileged pod test
+// TODO: Merge with tests in security_context.go
 type PrivilegedPodTestConfig struct {
 	f *framework.Framework

--- a/test/e2e/common/security_context.go
+++ b/test/e2e/common/security_context.go
@@ -271,6 +271,19 @@ var _ = framework.KubeDescribe("Security Context", func() {
 				framework.Failf("unprivileged container shouldn't be able to create dummy device")
 			}
 		})
+
+		ginkgo.It("should run the container as privileged when true [LinuxOnly] [NodeFeature:HostAccess]", func() {
+			podName := createAndWaitUserPod(true)
+			logs, err := e2epod.GetPodLogs(f.ClientSet, f.Namespace.Name, podName, podName)
+			if err != nil {
+				framework.Failf("GetPodLogs for pod %q failed: %v", podName, err)
+			}
+
+			framework.Logf("Got logs for pod %q: %q", podName, logs)
+			if strings.Contains(logs, "Operation not permitted") {
+				framework.Failf("privileged container should be able to create dummy device")
+			}
+		})
 	})

 	ginkgo.Context("when creating containers with AllowPrivilegeEscalation", func() {
--- a/test/e2e_node/security_context_test.go
+++ b/test/e2e_node/security_context_test.go
@@ -350,50 +350,4 @@ var _ = framework.KubeDescribe("Security Context", func() {
 			}
 		})
 	})
-
-	ginkgo.Context("When creating a pod with privileged", func() {
-		makeUserPod := func(podName, image string, command []string, privileged bool) *v1.Pod {
-			return &v1.Pod{
-				ObjectMeta: metav1.ObjectMeta{
-					Name: podName,
-				},
-				Spec: v1.PodSpec{
-					RestartPolicy: v1.RestartPolicyNever,
-					Containers: []v1.Container{
-						{
-							Image:   image,
-							Name:    podName,
-							Command: command,
-							SecurityContext: &v1.SecurityContext{
-								Privileged: &privileged,
-							},
-						},
-					},
-				},
-			}
-		}
-		createAndWaitUserPod := func(privileged bool) string {
-			podName := fmt.Sprintf("busybox-privileged-%v-%s", privileged, uuid.NewUUID())
-			podClient.Create(makeUserPod(podName,
-				busyboxImage,
-				[]string{"sh", "-c", "ip link add dummy0 type dummy || true"},
-				privileged,
-			))
-			podClient.WaitForSuccess(podName, framework.PodStartTimeout)
-			return podName
-		}
-
-		ginkgo.It("should run the container as privileged when true [NodeFeature:HostAccess]", func() {
-			podName := createAndWaitUserPod(true)
-			logs, err := e2epod.GetPodLogs(f.ClientSet, f.Namespace.Name, podName, podName)
-			if err != nil {
-				framework.Failf("GetPodLogs for pod %q failed: %v", podName, err)
-			}
-
-			framework.Logf("Got logs for pod %q: %q", podName, logs)
-			if strings.Contains(logs, "Operation not permitted") {
-				framework.Failf("privileged container should be able to create dummy device")
-			}
-		})
-	})
 })