@@ -285,7 +285,7 @@ func TestPodExtractContent(t *testing.T) {
285285 ObjectMeta : metav1.ObjectMeta {
286286 GenerateName : "test-" ,
287287 Namespace : "testns" ,
288- Labels : map [string ]string {"olm.pod-spec-hash" : "5MSUJs07MqD3fl9supmPaRNxD9N6tK8Bjo4OFl " , "olm.managed" : "true" },
288+ Labels : map [string ]string {"olm.pod-spec-hash" : "r86WYqCuUPyC9whJJfiyFBVtwoKEghJ74gCQO " , "olm.managed" : "true" },
289289 Annotations : map [string ]string {"cluster-autoscaler.kubernetes.io/safe-to-evict" : "true" },
290290 },
291291 Spec : corev1.PodSpec {
@@ -307,6 +307,9 @@ func TestPodExtractContent(t *testing.T) {
307307 Args : []string {"/bin/copy-content" , "/utilities/copy-content" },
308308 VolumeMounts : []corev1.VolumeMount {{Name : "utilities" , MountPath : "/utilities" }},
309309 TerminationMessagePolicy : "FallbackToLogsOnError" ,
310+ SecurityContext : & corev1.SecurityContext {
311+ ReadOnlyRootFilesystem : ptr .To (true ),
312+ },
310313 },
311314 {
312315 Name : "extract-content" ,
@@ -324,6 +327,9 @@ func TestPodExtractContent(t *testing.T) {
324327 {Name : "catalog-content" , MountPath : "/extracted-catalog" },
325328 },
326329 TerminationMessagePolicy : "FallbackToLogsOnError" ,
330+ SecurityContext : & corev1.SecurityContext {
331+ ReadOnlyRootFilesystem : ptr .To (true ),
332+ },
327333 },
328334 },
329335 Containers : []corev1.Container {
@@ -368,7 +374,7 @@ func TestPodExtractContent(t *testing.T) {
368374 },
369375 },
370376 SecurityContext : & corev1.SecurityContext {
371- ReadOnlyRootFilesystem : ptr .To (false ),
377+ ReadOnlyRootFilesystem : ptr .To (true ),
372378 },
373379 ImagePullPolicy : image .InferImagePullPolicy ("image" ),
374380 TerminationMessagePolicy : "FallbackToLogsOnError" ,
@@ -400,7 +406,7 @@ func TestPodExtractContent(t *testing.T) {
400406 ObjectMeta : metav1.ObjectMeta {
401407 GenerateName : "test-" ,
402408 Namespace : "testns" ,
403- Labels : map [string ]string {"olm.pod-spec-hash" : "b4ns9MTvaRBYOarmuFe6PLYK0r2kxj5Vo06WTU " , "olm.managed" : "true" },
409+ Labels : map [string ]string {"olm.pod-spec-hash" : "5ToGGS7RLuy9Fq91z7IjESOJXfurg09nHAxtfK " , "olm.managed" : "true" },
404410 Annotations : map [string ]string {"cluster-autoscaler.kubernetes.io/safe-to-evict" : "true" },
405411 },
406412 Spec : corev1.PodSpec {
@@ -422,6 +428,9 @@ func TestPodExtractContent(t *testing.T) {
422428 Args : []string {"/bin/copy-content" , "/utilities/copy-content" },
423429 VolumeMounts : []corev1.VolumeMount {{Name : "utilities" , MountPath : "/utilities" }},
424430 TerminationMessagePolicy : "FallbackToLogsOnError" ,
431+ SecurityContext : & corev1.SecurityContext {
432+ ReadOnlyRootFilesystem : ptr .To (true ),
433+ },
425434 },
426435 {
427436 Name : "extract-content" ,
@@ -437,6 +446,9 @@ func TestPodExtractContent(t *testing.T) {
437446 {Name : "catalog-content" , MountPath : "/extracted-catalog" },
438447 },
439448 TerminationMessagePolicy : "FallbackToLogsOnError" ,
449+ SecurityContext : & corev1.SecurityContext {
450+ ReadOnlyRootFilesystem : ptr .To (true ),
451+ },
440452 },
441453 },
442454 Containers : []corev1.Container {
@@ -481,7 +493,7 @@ func TestPodExtractContent(t *testing.T) {
481493 },
482494 },
483495 SecurityContext : & corev1.SecurityContext {
484- ReadOnlyRootFilesystem : ptr .To (false ),
496+ ReadOnlyRootFilesystem : ptr .To (true ),
485497 },
486498 ImagePullPolicy : image .InferImagePullPolicy ("image" ),
487499 TerminationMessagePolicy : "FallbackToLogsOnError" ,
@@ -506,7 +518,7 @@ func TestPodExtractContent(t *testing.T) {
506518 ObjectMeta : metav1.ObjectMeta {
507519 GenerateName : "test-" ,
508520 Namespace : "testns" ,
509- Labels : map [string ]string {"olm.pod-spec-hash" : "2ZOz2dIc08OnA6K8YLykbH5TuFNbwrpktFugq3 " , "olm.managed" : "true" },
521+ Labels : map [string ]string {"olm.pod-spec-hash" : "3sDLk8MMNptrqUfdnruY2gUi1g8O4wpMWC6Q52 " , "olm.managed" : "true" },
510522 Annotations : map [string ]string {"cluster-autoscaler.kubernetes.io/safe-to-evict" : "true" },
511523 },
512524 Spec : corev1.PodSpec {
@@ -553,7 +565,7 @@ func TestPodExtractContent(t *testing.T) {
553565 SecurityContext : & corev1.SecurityContext {
554566 Capabilities : & corev1.Capabilities {Drop : []corev1.Capability {"ALL" }},
555567 AllowPrivilegeEscalation : ptr .To (false ),
556- ReadOnlyRootFilesystem : ptr .To (true ),
568+ ReadOnlyRootFilesystem : ptr .To (false ),
557569 },
558570 TerminationMessagePolicy : "FallbackToLogsOnError" ,
559571 },
@@ -1021,7 +1033,7 @@ func TestPodContainerSecurityContext(t *testing.T) {
10211033 Capabilities : & corev1.Capabilities {
10221034 Drop : []corev1.Capability {"ALL" },
10231035 },
1024- ReadOnlyRootFilesystem : ptr .To (true ), // Reflecting expected 'restricted' settings
1036+ ReadOnlyRootFilesystem : ptr .To (false ), // Reflecting expected 'restricted' settings
10251037 },
10261038 expectedSecurityContext : & corev1.PodSecurityContext {
10271039 SeccompProfile : & corev1.SeccompProfile {Type : corev1 .SeccompProfileTypeRuntimeDefault },
@@ -1056,7 +1068,7 @@ func TestPodContainerSecurityContext(t *testing.T) {
10561068 Capabilities : & corev1.Capabilities {
10571069 Drop : []corev1.Capability {"ALL" },
10581070 },
1059- ReadOnlyRootFilesystem : ptr .To (true ),
1071+ ReadOnlyRootFilesystem : ptr .To (false ),
10601072 },
10611073 expectedSecurityContext : & corev1.PodSecurityContext {
10621074 SeccompProfile : & corev1.SeccompProfile {Type : corev1 .SeccompProfileTypeRuntimeDefault },
@@ -1111,7 +1123,7 @@ func TestPodContainerSecurityContext(t *testing.T) {
11111123 },
11121124 namespacePodSecurityConfig : v1alpha1 .Legacy , // set to the opposite of the config to catch possible errors
11131125 expectedContainerSecurityContext : & corev1.SecurityContext {
1114- ReadOnlyRootFilesystem : ptr .To (true ),
1126+ ReadOnlyRootFilesystem : ptr .To (false ),
11151127 AllowPrivilegeEscalation : ptr .To (false ),
11161128 Capabilities : & corev1.Capabilities {
11171129 Drop : []corev1.Capability {"ALL" },
0 commit comments