Skip to content

Commit b661428

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request kubernetes#128700 from jsafrane/selinux-changepolicy-e2e
selinux: Add e2e tests for SElinuxChangePolicy
2 parents 9e0353b + c478e4b commit b661428

File tree

2 files changed

+193
-13
lines changed

2 files changed

+193
-13
lines changed

test/e2e/storage/csimock/base.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -465,7 +465,7 @@ func (m *mockDriverSetup) createPodWithFSGroup(ctx context.Context, fsGroup *int
465465
return class, claim, pod
466466
}
467467

468-
func (m *mockDriverSetup) createPodWithSELinux(ctx context.Context, accessModes []v1.PersistentVolumeAccessMode, mountOptions []string, seLinuxOpts *v1.SELinuxOptions) (*storagev1.StorageClass, *v1.PersistentVolumeClaim, *v1.Pod) {
468+
func (m *mockDriverSetup) createPodWithSELinux(ctx context.Context, accessModes []v1.PersistentVolumeAccessMode, mountOptions []string, seLinuxOpts *v1.SELinuxOptions, policy *v1.PodSELinuxChangePolicy) (*storagev1.StorageClass, *v1.PersistentVolumeClaim, *v1.Pod) {
469469
ginkgo.By("Creating pod with SELinux context")
470470
f := m.f
471471
nodeSelection := m.config.ClientNodeSelection
@@ -482,7 +482,7 @@ func (m *mockDriverSetup) createPodWithSELinux(ctx context.Context, accessModes
482482
ReclaimPolicy: m.tp.reclaimPolicy,
483483
}
484484
class, claim := createClaim(ctx, f.ClientSet, scTest, nodeSelection, m.tp.scName, f.Namespace.Name, accessModes)
485-
pod, err := startPausePodWithSELinuxOptions(f.ClientSet, claim, nodeSelection, f.Namespace.Name, seLinuxOpts)
485+
pod, err := startPausePodWithSELinuxOptions(f.ClientSet, claim, nodeSelection, f.Namespace.Name, seLinuxOpts, policy)
486486
framework.ExpectNoError(err, "Failed to create pause pod with SELinux context %s: %v", seLinuxOpts, err)
487487

488488
if class != nil {
@@ -804,14 +804,15 @@ func startBusyBoxPodWithVolumeSource(cs clientset.Interface, volumeSource v1.Vol
804804
return cs.CoreV1().Pods(ns).Create(context.TODO(), pod, metav1.CreateOptions{})
805805
}
806806

807-
func startPausePodWithSELinuxOptions(cs clientset.Interface, pvc *v1.PersistentVolumeClaim, node e2epod.NodeSelection, ns string, seLinuxOpts *v1.SELinuxOptions) (*v1.Pod, error) {
807+
func startPausePodWithSELinuxOptions(cs clientset.Interface, pvc *v1.PersistentVolumeClaim, node e2epod.NodeSelection, ns string, seLinuxOpts *v1.SELinuxOptions, policy *v1.PodSELinuxChangePolicy) (*v1.Pod, error) {
808808
pod := &v1.Pod{
809809
ObjectMeta: metav1.ObjectMeta{
810810
GenerateName: "pvc-volume-tester-",
811811
},
812812
Spec: v1.PodSpec{
813813
SecurityContext: &v1.PodSecurityContext{
814-
SELinuxOptions: seLinuxOpts,
814+
SELinuxOptions: seLinuxOpts,
815+
SELinuxChangePolicy: policy,
815816
},
816817
Containers: []v1.Container{
817818
{

0 commit comments

Comments
 (0)