E2E: add tests for PSP in the policy API Group #60319
Conversation
k8s-ci-robot
added
size/L
|
/release-note-none |
k8s-ci-robot
added
release-note-none
php-coder
changed the title
php-coder
force-pushed
the
psp_e2e_tests_and_policy_group
branch
from
fc03088 to
90617e8
Compare
test/e2e/framework/psp_util.go
Outdated
| }, | ||
| Labels: map[string]string{ | ||
| "kubernetes.io/cluster-service": "true", | ||
| "addonmanager.kubernetes.io/mode": "Reconcile", |
There was a problem hiding this comment.
@liggitt @tallclair BTW why we need these labels?
There was a problem hiding this comment.
P.S. And why we have it only for restricted PSP?
|
@tallclair @liggitt E2E tests also have |
|
/test pull-kubernetes-bazel-test |
|
@kubernetes/sig-auth-pr-reviews PTAL |
k8s-ci-robot
added
the
sig/auth
test/e2e/framework/psp_util.go
Outdated
|
|
||
| // RestrictedPSPInPolicy creates a PodSecurityPolicy (in the "policy" API Group) that is most strict. | ||
| // TODO: merge these helpers when PSP will be completely moved out of the extensions | ||
| func RestrictedPSPInPolicy(name string) *policy.PodSecurityPolicy { |
There was a problem hiding this comment.
I'd prefer keeping this private to the PSP test
test/e2e/framework/psp_util.go
Outdated
| @@ -75,6 +78,159 @@ func PrivilegedPSP(name string) *extensionsv1beta1.PodSecurityPolicy { | |||
| } | |||
| } | |||
|
|
|||
| // PrivilegedPSPInPolicy creates a PodSecurityPolicy (in the "policy" API Group) that allows everything. | |||
| // TODO: merge these helpers when PSP will be completely moved out of the extensions | |||
| func PrivilegedPSPInPolicy(name string) *policy.PodSecurityPolicy { | |||
|
a couple nits about visibility, LGTM otherwise |
|
/approve |
k8s-ci-robot
added
the
approved
php-coder
force-pushed
the
psp_e2e_tests_and_policy_group
branch
4 times, most recently
from
a2a97de to
3ce2832
Compare
|
I don't know why it fails :-| I run |
test/e2e/framework/psp_util.go
Outdated
| @@ -75,6 +77,61 @@ func PrivilegedPSP(name string) *extensionsv1beta1.PodSecurityPolicy { | |||
| } | |||
| } | |||
|
|
|||
| // RestrictedPSP creates a PodSecurityPolicy that is most strict. | |||
| func RestrictedPSP(name string) *extensionsv1beta1.PodSecurityPolicy { | |||
There was a problem hiding this comment.
same here, why not keep this private to the PSP test?
There was a problem hiding this comment.
To reduce a chances to introduce a duplicated function in other tests in future.
paging @mikedanese... |
|
Seems like I found why it was failing. It was my mistake. |
php-coder
force-pushed
the
psp_e2e_tests_and_policy_group
branch
from
3ce2832 to
0aa1fa3
Compare
php-coder
force-pushed
the
psp_e2e_tests_and_policy_group
branch
from
0aa1fa3 to
4e273a6
Compare
|
lgtm, @tallclair has final approval |
|
/lgtm There's a lot of duplication, but assuming we can remove it soon (1.11?) I'm ok with that. |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, php-coder, tallclair The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Automatic merge from submit-queue (batch tested with PRs 60475, 60514, 60506, 59903, 60319). If you want to cherry-pick this change to another branch, please follow the instructions here. |
What this PR does / why we need it:
E2E tests were added for testing PSP from the "policy" API Group. They are similar to the tests for PSP from the "extensions" API Group.
Which issue(s) this PR fixes:
Addressed to: kubernetes/enhancements#5
Follow-up to: #54933 and #60145