mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
test/e2e/windows: drop securityContext test for ProcMount
Fixes https://github.com/kubernetes/kubernetes/issues/126180 As the ProcMountType feature is disabled by default in beta and relies on the UserNamespacesSupport feature, which is also set to false in beta, running this test is unnecessary. Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
This commit is contained in:
parent
04cc0a1034
commit
c5b01a30d3
@ -136,7 +136,7 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func()
|
||||
e2eoutput.TestContainerOutput(ctx, f, "check pod SecurityContext username", pod, 1, []string{"ContainerAdministrator"})
|
||||
})
|
||||
|
||||
ginkgo.It("should ignore SELinux Specific SecurityContext if set", func(ctx context.Context) {
|
||||
ginkgo.It("should ignore Linux Specific SecurityContext if set", func(ctx context.Context) {
|
||||
ginkgo.By("Creating a pod with SELinux options")
|
||||
// It is sufficient to show that the pod comes up here. Since we're stripping the SELinux and other linux
|
||||
// security contexts in apiserver and not updating the pod object in the apiserver, we cannot validate the
|
||||
@ -160,30 +160,6 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func()
|
||||
f.Namespace.Name), "failed to wait for pod %s to be running", windowsPodWithSELinux.Name)
|
||||
})
|
||||
|
||||
ginkgo.It("should ignore ProcMount Specific SecurityContext if set", func(ctx context.Context) {
|
||||
ginkgo.By("Creating a pod with ProcMount options")
|
||||
// It is sufficient to show that the pod comes up here. Since we're stripping the SELinux and other linux
|
||||
// security contexts in apiserver and not updating the pod object in the apiserver, we cannot validate the
|
||||
// pod object to not have those security contexts. However the pod coming to running state is a sufficient
|
||||
// enough condition for us to validate since prior to https://github.com/kubernetes/kubernetes/pull/93475
|
||||
// the pod would have failed to come up.
|
||||
windowsPodWithSELinux := createTestPod(f, imageutils.GetE2EImage(imageutils.Agnhost), windowsOS)
|
||||
windowsPodWithSELinux.Spec.Containers[0].Args = []string{"test-webserver-with-selinux"}
|
||||
windowsPodWithSELinux.Spec.SecurityContext = &v1.PodSecurityContext{}
|
||||
pmt := v1.UnmaskedProcMount
|
||||
containerUserName := "ContainerAdministrator"
|
||||
windowsPodWithSELinux.Spec.Containers[0].SecurityContext = &v1.SecurityContext{
|
||||
ProcMount: &pmt,
|
||||
WindowsOptions: &v1.WindowsSecurityContextOptions{RunAsUserName: &containerUserName}}
|
||||
windowsPodWithSELinux.Spec.Tolerations = []v1.Toleration{{Key: "os", Value: "Windows"}}
|
||||
windowsPodWithSELinux, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(ctx,
|
||||
windowsPodWithSELinux, metav1.CreateOptions{})
|
||||
framework.ExpectNoError(err)
|
||||
framework.Logf("Created pod %v", windowsPodWithSELinux)
|
||||
framework.ExpectNoError(e2epod.WaitForPodNameRunningInNamespace(ctx, f.ClientSet, windowsPodWithSELinux.Name,
|
||||
f.Namespace.Name), "failed to wait for pod %s to be running", windowsPodWithSELinux.Name)
|
||||
})
|
||||
|
||||
ginkgo.It("should not be able to create pods with containers running as ContainerAdministrator when runAsNonRoot is true", func(ctx context.Context) {
|
||||
ginkgo.By("Creating a pod")
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user