From e7af381538b7af178af31a678ffde48091d719e9 Mon Sep 17 00:00:00 2001
From: David Zhu <dyzz@google.com>
Date: Tue, 2 Oct 2018 14:42:14 -0700
Subject: [PATCH] Add Pod Security Policy back in to GCE PD Cluster Role

---
 test/e2e/storage/csi_volumes.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/test/e2e/storage/csi_volumes.go b/test/e2e/storage/csi_volumes.go
index 720660efc44..aa5f9121003 100644
--- a/test/e2e/storage/csi_volumes.go
+++ b/test/e2e/storage/csi_volumes.go
@@ -406,6 +406,8 @@ func (g *gcePDCSIDriver) createCSIDriver() {
 	g.nodeServiceAccount = csiServiceAccount(cs, config, "gce-node", false /* teardown */)
 	csiClusterRoleBindings(cs, config, false /* teardown */, g.controllerServiceAccount, g.controllerClusterRoles)
 	csiClusterRoleBindings(cs, config, false /* teardown */, g.nodeServiceAccount, g.nodeClusterRoles)
+	utils.PrivilegedTestPSPClusterRoleBinding(cs, config.Namespace, false, /* teardown */
+		[]string{g.controllerServiceAccount.Name, g.nodeServiceAccount.Name})
 	role := csiControllerRole(cs, config, false)
 	csiControllerRoleBinding(cs, config, false, role, g.controllerServiceAccount)
 	deployGCEPDCSIDriver(cs, config, false /* teardown */, f, g.nodeServiceAccount, g.controllerServiceAccount)
@@ -419,6 +421,8 @@ func (g *gcePDCSIDriver) cleanupCSIDriver() {
 	deployGCEPDCSIDriver(cs, config, true /* teardown */, f, g.nodeServiceAccount, g.controllerServiceAccount)
 	csiClusterRoleBindings(cs, config, true /* teardown */, g.controllerServiceAccount, g.controllerClusterRoles)
 	csiClusterRoleBindings(cs, config, true /* teardown */, g.nodeServiceAccount, g.nodeClusterRoles)
+	utils.PrivilegedTestPSPClusterRoleBinding(cs, config.Namespace, true, /* teardown */
+		[]string{g.controllerServiceAccount.Name, g.nodeServiceAccount.Name})
 	role := csiControllerRole(cs, config, true)
 	csiControllerRoleBinding(cs, config, true, role, g.controllerServiceAccount)
 	csiServiceAccount(cs, config, "gce-controller", true /* teardown */)