Merge pull request #83211 from Jefftree/move_privilege_test

Move privilege e2e test to common
2025-07-25 20:53:33 +00:00 · 2019-10-08 10:57:23 -07:00 · 2019-10-08 10:57:23 -07:00 · e856613dd5
commit e856613dd5
parent cc8bfd1cdd 40976754b5
3 changed files with 14 additions and 46 deletions
--- a/test/e2e/common/privileged.go
+++ b/test/e2e/common/privileged.go
@ -27,6 +27,7 @@ import (
 )
 // PrivilegedPodTestConfig is configuration struct for privileged pod test
 // TODO: Merge with tests in security_context.go
 type PrivilegedPodTestConfig struct {
 	f *framework.Framework
--- a/test/e2e/common/security_context.go
+++ b/test/e2e/common/security_context.go
@ -271,6 +271,19 @@ var _ = framework.KubeDescribe("Security Context", func() {
 				framework.Failf("unprivileged container shouldn't be able to create dummy device")
 			}
 		})
 		ginkgo.It("should run the container as privileged when true [LinuxOnly] [NodeFeature:HostAccess]", func() {
 			podName := createAndWaitUserPod(true)
 			logs, err := e2epod.GetPodLogs(f.ClientSet, f.Namespace.Name, podName, podName)
 			if err != nil {
 				framework.Failf("GetPodLogs for pod %q failed: %v", podName, err)
 			}
 			framework.Logf("Got logs for pod %q: %q", podName, logs)
 			if strings.Contains(logs, "Operation not permitted") {
 				framework.Failf("privileged container should be able to create dummy device")
 			}
 		})
 	})
 	ginkgo.Context("when creating containers with AllowPrivilegeEscalation", func() {
--- a/test/e2e_node/security_context_test.go
+++ b/test/e2e_node/security_context_test.go
@ -350,50 +350,4 @@ var _ = framework.KubeDescribe("Security Context", func() {
 			}
 		})
 	})
 	ginkgo.Context("When creating a pod with privileged", func() {
 		makeUserPod := func(podName, image string, command []string, privileged bool) *v1.Pod {
 			return &v1.Pod{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: podName,
 				},
 				Spec: v1.PodSpec{
 					RestartPolicy: v1.RestartPolicyNever,
 					Containers: []v1.Container{
 						{
 							Image:   image,
 							Name:    podName,
 							Command: command,
 							SecurityContext: &v1.SecurityContext{
 								Privileged: &privileged,
 							},
 						},
 					},
 				},
 			}
 		}
 		createAndWaitUserPod := func(privileged bool) string {
 			podName := fmt.Sprintf("busybox-privileged-%v-%s", privileged, uuid.NewUUID())
 			podClient.Create(makeUserPod(podName,
 				busyboxImage,
 				[]string{"sh", "-c", "ip link add dummy0 type dummy || true"},
 				privileged,
 			))
 			podClient.WaitForSuccess(podName, framework.PodStartTimeout)
 			return podName
 		}
 		ginkgo.It("should run the container as privileged when true [NodeFeature:HostAccess]", func() {
 			podName := createAndWaitUserPod(true)
 			logs, err := e2epod.GetPodLogs(f.ClientSet, f.Namespace.Name, podName, podName)
 			if err != nil {
 				framework.Failf("GetPodLogs for pod %q failed: %v", podName, err)
 			}
 			framework.Logf("Got logs for pod %q: %q", podName, logs)
 			if strings.Contains(logs, "Operation not permitted") {
 				framework.Failf("privileged container should be able to create dummy device")
 			}
 		})
 	})
 })