test: ensure securityContext and resources are part of workload

Add test coverage; this is in preparation for an upcoming change where we are going to read these values from a different place.

Author: ivanstanev

test/fixtures/java-deployment.yaml

@@ -21,4 +21,12 @@ spec:
         name: java
         command: ['/bin/sleep']
         args: ['9999999']
-      securityContext: {}
+        securityContext:
+          privileged: false
+          capabilities:
+            drop:
+              - ALL
+        resources:
+            limits:
+              cpu: '1'
+              memory: '1Gi'

test/system/kind.test.ts

@@ -105,6 +105,14 @@ tap.test('Kubernetes-Monitor with KinD', async (t) => {
         'all properties are present in the workload metadata',
       );
       t.ok('agentId' in requestBody, 'agent ID is present in workload payload');
+      
+      const podSpec = requestBody.workloadMetadata.podSpec;
+      const resources = podSpec.containers[0].resources;
+      t.same(resources?.limits, { cpu: '1', memory: '1Gi' });
+
+      const securityContext = podSpec.containers[0].securityContext;
+      t.same(securityContext?.privileged, false);
+      t.same(securityContext?.capabilities?.drop, ['ALL']);
     });
 
   nock('https://kubernetes-upstream.snyk.io')

test/unit/supervisor/watchers.test.ts

@@ -32,6 +32,8 @@ tap.test('isKubernetesInternalNamespace', async (t) => {
     'kube-public is a k8s internal namespace');
   t.ok(watchers.isKubernetesInternalNamespace('kube-system'),
     'kube-system is a k8s internal namespace');
+  t.ok(watchers.isKubernetesInternalNamespace('local-path-storage'),
+    'local-path-storage is a k8s internal namespace');
   t.ok(watchers.isKubernetesInternalNamespace('openshift-apiserver'),
     'openshift-apiserver is a k8s internal namespace');
   t.ok(watchers.isKubernetesInternalNamespace('openshift-apiserver-operator'),