Skip to content

Commit 4847c69

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request kubernetes#91442 from saschagrunert/seccomp-ga-e2e
Update seccomp e2e test for GA
2 parents cfaa2c4 + 3bef0e4 commit 4847c69

File tree

1 file changed

+8
-12
lines changed

1 file changed

+8
-12
lines changed

test/e2e/node/security_context.go

Lines changed: 8 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -146,33 +146,29 @@ var _ = SIGDescribe("Security Context", func() {
146146
testPodSELinuxLabeling(f, false, true)
147147
})
148148

149-
ginkgo.It("should support seccomp alpha unconfined annotation on the container [Feature:Seccomp] [LinuxOnly]", func() {
150-
// TODO: port to SecurityContext as soon as seccomp is out of alpha
149+
ginkgo.It("should support seccomp unconfined on the container [LinuxOnly]", func() {
151150
pod := scTestPod(false, false)
152-
pod.Annotations[v1.SeccompContainerAnnotationKeyPrefix+"test-container"] = "unconfined"
153-
pod.Annotations[v1.SeccompPodAnnotationKey] = v1.SeccompProfileRuntimeDefault
151+
pod.Spec.Containers[0].SecurityContext = &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeUnconfined}}
152+
pod.Spec.SecurityContext = &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeRuntimeDefault}}
154153
pod.Spec.Containers[0].Command = []string{"grep", "ecc", "/proc/self/status"}
155154
f.TestContainerOutput(v1.SeccompPodAnnotationKey, pod, 0, []string{"0"}) // seccomp disabled
156155
})
157156

158-
ginkgo.It("should support seccomp alpha unconfined annotation on the pod [Feature:Seccomp] [LinuxOnly]", func() {
159-
// TODO: port to SecurityContext as soon as seccomp is out of alpha
157+
ginkgo.It("should support seccomp unconfined on the pod [LinuxOnly]", func() {
160158
pod := scTestPod(false, false)
161-
pod.Annotations[v1.SeccompPodAnnotationKey] = "unconfined"
159+
pod.Spec.SecurityContext = &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeUnconfined}}
162160
pod.Spec.Containers[0].Command = []string{"grep", "ecc", "/proc/self/status"}
163161
f.TestContainerOutput(v1.SeccompPodAnnotationKey, pod, 0, []string{"0"}) // seccomp disabled
164162
})
165163

166-
ginkgo.It("should support seccomp alpha runtime/default annotation [Feature:Seccomp] [LinuxOnly]", func() {
167-
// TODO: port to SecurityContext as soon as seccomp is out of alpha
164+
ginkgo.It("should support seccomp runtime/default [LinuxOnly]", func() {
168165
pod := scTestPod(false, false)
169-
pod.Annotations[v1.SeccompContainerAnnotationKeyPrefix+"test-container"] = v1.SeccompProfileRuntimeDefault
166+
pod.Spec.Containers[0].SecurityContext = &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeRuntimeDefault}}
170167
pod.Spec.Containers[0].Command = []string{"grep", "ecc", "/proc/self/status"}
171168
f.TestContainerOutput(v1.SeccompPodAnnotationKey, pod, 0, []string{"2"}) // seccomp filtered
172169
})
173170

174-
ginkgo.It("should support seccomp default which is unconfined [Feature:Seccomp] [LinuxOnly]", func() {
175-
// TODO: port to SecurityContext as soon as seccomp is out of alpha
171+
ginkgo.It("should support seccomp default which is unconfined [LinuxOnly]", func() {
176172
pod := scTestPod(false, false)
177173
pod.Spec.Containers[0].Command = []string{"grep", "ecc", "/proc/self/status"}
178174
f.TestContainerOutput(v1.SeccompPodAnnotationKey, pod, 0, []string{"0"}) // seccomp disabled

0 commit comments

Comments
 (0)