@@ -123,7 +123,7 @@ var _ = Describe("Managed Cluster Validating Webhooks", Ordered, func() {
123123 Expect (err ).ToNot (HaveOccurred ())
124124 })
125125
126- It ("should create a pod with the correct security context" , func () {
126+ It ("should create a pod with the correct security context" , func (ctx context. Context ) {
127127 pod := & v1.Pod {
128128 ObjectMeta : metav1.ObjectMeta {
129129 Name : "testpod" ,
@@ -149,29 +149,25 @@ var _ = Describe("Managed Cluster Validating Webhooks", Ordered, func() {
149149 },
150150 }
151151
152- err := client .Create (context . TODO () , pod )
152+ err := client .Create (ctx , pod )
153153 Expect (err ).NotTo (HaveOccurred ())
154154 err = client .Delete (ctx , pod )
155155 Expect (err ).NotTo (HaveOccurred ())
156156 })
157157
158158 Describe ("sre-pod-validation" , Ordered , func () {
159159 const (
160- privilegedNamespace = "openshift-backplane"
161- unprivilegedNamespace = "openshift-logging"
162-
163160 deletePodWaitDuration = 5 * time .Minute
164161 createPodWaitDuration = 1 * time .Minute
165162 )
166163
167164 var pod * v1.Pod
168165
169166 BeforeAll (func () {
170- name := envconf .RandomName ("testpod" , 12 )
171167 pod = & v1.Pod {
172168 ObjectMeta : metav1.ObjectMeta {
173- Name : name ,
174- Namespace : testNsName ,
169+ Name : envconf . RandomName ( "testpod" , 12 ) ,
170+ Namespace : privilegedNamespace ,
175171 },
176172 Spec : v1.PodSpec {
177173 Containers : []v1.Container {
@@ -220,20 +216,17 @@ var _ = Describe("Managed Cluster Validating Webhooks", Ordered, func() {
220216 }
221217 })
222218
223- withNamespace := func (pod * v1.Pod , namespace string ) * v1.Pod {
224- pod .SetNamespace (namespace )
225- return pod
226- }
227-
228219 It ("blocks pods scheduled onto master/infra nodes" , func (ctx context.Context ) {
229- err := dedicatedAdmink8s .Create (ctx , withNamespace ( pod , privilegedNamespace ) )
220+ err := dedicatedAdmink8s .Create (ctx , pod )
230221 Expect (errors .IsForbidden (err )).To (BeTrue ())
231222
232- err = userk8s .Create (ctx , withNamespace ( pod , privilegedNamespace ) )
223+ err = userk8s .Create (ctx , pod )
233224 Expect (errors .IsForbidden (err )).To (BeTrue ())
234225
235- err = userk8s .Create (ctx , withNamespace (pod , unprivilegedNamespace ))
226+ pod .SetNamespace (unprivilegedNamespace )
227+ err = userk8s .Create (ctx , pod )
236228 Expect (errors .IsForbidden (err )).To (BeTrue ())
229+ pod .SetNamespace (privilegedNamespace )
237230 }, SpecTimeout (createPodWaitDuration .Seconds ()+ deletePodWaitDuration .Seconds ()))
238231
239232 It ("allows cluster-admin to schedule pods onto master/infra nodes" , func (ctx context.Context ) {
@@ -248,7 +241,6 @@ var _ = Describe("Managed Cluster Validating Webhooks", Ordered, func() {
248241 err = client .Delete (ctx , sa )
249242 Expect (err ).ShouldNot (HaveOccurred (), "Unable to delete service account" )
250243
251- pod = withNamespace (pod , privilegedNamespace )
252244 err = client .Create (ctx , pod )
253245 Expect (err ).NotTo (HaveOccurred ())
254246 err = client .Delete (ctx , pod )
@@ -599,9 +591,6 @@ var _ = Describe("Managed Cluster Validating Webhooks", Ordered, func() {
599591 })
600592
601593 Describe ("sre-prometheusrule-validation" , func () {
602- const privilegedNamespace = "openshift-backplane"
603- const unprivilegedNamespace = "openshift-logging"
604-
605594 newPrometheusRule := func (namespace string ) * monitoringv1.PrometheusRule {
606595 return & monitoringv1.PrometheusRule {
607596 ObjectMeta : metav1.ObjectMeta {Name : "prometheus-example-app" , Namespace : namespace },
@@ -665,7 +654,7 @@ var _ = Describe("Managed Cluster Validating Webhooks", Ordered, func() {
665654 })
666655
667656 It ("allows non-privileged users to manage PrometheusRules in non-privileged namespaces" , func (ctx context.Context ) {
668- rule := newPrometheusRule ("osde2e-temp-ns" )
657+ rule := newPrometheusRule (testNsName )
669658
670659 err := dedicatedAdmink8s .Create (ctx , rule )
671660 Expect (err ).NotTo (HaveOccurred ())
0 commit comments