From f871475a5e57cfc0d6cbf4d09fa0b51e173aa53a Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <liggitt@google.com>
Date: Tue, 25 May 2021 16:27:33 -0400
Subject: [PATCH] Grant PSP permissions to all serviceaccounts in e2e, not just
 default

---
 test/e2e/framework/psp.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/test/e2e/framework/psp.go b/test/e2e/framework/psp.go
index c0d5f92f33b..6ebd6c24fdf 100644
--- a/test/e2e/framework/psp.go
+++ b/test/e2e/framework/psp.go
@@ -177,7 +177,13 @@ func CreatePrivilegedPSPBinding(kubeClient clientset.Interface, namespace string
 				Kind:      rbacv1.ServiceAccountKind,
 				Namespace: namespace,
 				Name:      "default",
-			})
+			},
+			rbacv1.Subject{
+				Kind:     rbacv1.GroupKind,
+				APIGroup: rbacv1.GroupName,
+				Name:     "system:serviceaccounts:" + namespace,
+			},
+		)
 		ExpectNoError(err)
 		ExpectNoError(e2eauth.WaitForNamedAuthorizationUpdate(kubeClient.AuthorizationV1(),
 			serviceaccount.MakeUsername(namespace, "default"), namespace, "use", podSecurityPolicyPrivileged,