Merge pull request kubernetes#126182 from sohankunkerkar/fix-procmount

k8s-ci-robot · web-flow · commit 320f1ab30d6c · 2024-07-23T14:39:51.000-07:00
test/e2e/windows: drop securityContext test for ProcMount
diff --git a/test/e2e/windows/security_context.go b/test/e2e/windows/security_context.go
@@ -136,7 +136,7 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func()
 		e2eoutput.TestContainerOutput(ctx, f, "check pod SecurityContext username", pod, 1, []string{"ContainerAdministrator"})
 	})
 
-	ginkgo.It("should ignore SELinux Specific SecurityContext if set", func(ctx context.Context) {
+	ginkgo.It("should ignore Linux Specific SecurityContext if set", func(ctx context.Context) {
 		ginkgo.By("Creating a pod with SELinux options")
 		// It is sufficient to show that the pod comes up here. Since we're stripping the SELinux and other linux
 		// security contexts in apiserver and not updating the pod object in the apiserver, we cannot validate the
@@ -160,30 +160,6 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func()
 			f.Namespace.Name), "failed to wait for pod %s to be running", windowsPodWithSELinux.Name)
 	})
 
-	ginkgo.It("should ignore ProcMount Specific SecurityContext if set", func(ctx context.Context) {
-		ginkgo.By("Creating a pod with ProcMount options")
-		// It is sufficient to show that the pod comes up here. Since we're stripping the SELinux and other linux
-		// security contexts in apiserver and not updating the pod object in the apiserver, we cannot validate the
-		// pod object to not have those security contexts. However the pod coming to running state is a sufficient
-		// enough condition for us to validate since prior to https://github.com/kubernetes/kubernetes/pull/93475
-		// the pod would have failed to come up.
-		windowsPodWithSELinux := createTestPod(f, imageutils.GetE2EImage(imageutils.Agnhost), windowsOS)
-		windowsPodWithSELinux.Spec.Containers[0].Args = []string{"test-webserver-with-selinux"}
-		windowsPodWithSELinux.Spec.SecurityContext = &v1.PodSecurityContext{}
-		pmt := v1.UnmaskedProcMount
-		containerUserName := "ContainerAdministrator"
-		windowsPodWithSELinux.Spec.Containers[0].SecurityContext = &v1.SecurityContext{
-			ProcMount:      &pmt,
-			WindowsOptions: &v1.WindowsSecurityContextOptions{RunAsUserName: &containerUserName}}
-		windowsPodWithSELinux.Spec.Tolerations = []v1.Toleration{{Key: "os", Value: "Windows"}}
-		windowsPodWithSELinux, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(ctx,
-			windowsPodWithSELinux, metav1.CreateOptions{})
-		framework.ExpectNoError(err)
-		framework.Logf("Created pod %v", windowsPodWithSELinux)
-		framework.ExpectNoError(e2epod.WaitForPodNameRunningInNamespace(ctx, f.ClientSet, windowsPodWithSELinux.Name,
-			f.Namespace.Name), "failed to wait for pod %s to be running", windowsPodWithSELinux.Name)
-	})
-
 	ginkgo.It("should not be able to create pods with containers running as ContainerAdministrator when runAsNonRoot is true", func(ctx context.Context) {
 		ginkgo.By("Creating a pod")
 
