Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 2086519: authorization: add a test checking that the restricted-v2 SCC mutates securityContext to match restricted PSa #27257

Merged
merged 1 commit into from
Jun 22, 2022
Merged

Bug 2086519: authorization: add a test checking that the restricted-v2 SCC mutates securityContext to match restricted PSa #27257

merged 1 commit into from
Jun 22, 2022

Conversation

stlaz
Copy link
Contributor

@stlaz stlaz commented Jun 15, 2022

This is a test to check that our SCC system by default mutates container and pod security context so that they can run with the restricted security profile

/assign @deads2k

@stlaz
Copy link
Contributor Author

stlaz commented Jun 20, 2022

/retest

ibihim
ibihim reviewed Jun 20, 2022
View reviewed changes
test/extended/authorization/podsecurity_admission.go
Name: "sleeper",
Image: "fedora:latest",
Command: []string{"sleep"},
Args: []string{"infinity"},
Copy link
Contributor

@ibihim ibihim Jun 20, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to clean it up, don't we?

defer oc.KubeClient().
    CoreV1().
    Pods(oc.Namespace()).
    Delete(context.Background(), "psa-testpod", metav1.DeleteOptions{})

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no, the NS is removed after the test is complete

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 20, 2022

@stlaz: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-single-node a4372eb link false /test e2e-aws-single-node
ci/prow/e2e-aws-single-node-upgrade a4372eb link false /test e2e-aws-single-node-upgrade

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

ibihim
ibihim approved these changes Jun 21, 2022
View reviewed changes
Copy link
Contributor

@ibihim ibihim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test Machinery removes namespaces, interesting.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jun 21, 2022
@stlaz stlaz changed the title authorization: add a test checking that the restricted-v2 SCC mutates securityContext to match restricted PSa Bug 2086519: authorization: add a test checking that the restricted-v2 SCC mutates securityContext to match restricted PSa Jun 21, 2022
@openshift-ci openshift-ci bot added bugzilla/severity-urgent Referenced Bugzilla bug's severity is urgent for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Jun 21, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 21, 2022

@stlaz: This pull request references Bugzilla bug 2086519, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.11.0) matches configured target release for branch (4.11.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

No GitHub users were found matching the public email listed for the QA contact in Bugzilla (ytripath@redhat.com), skipping review request.

In response to this:

Bug 2086519: authorization: add a test checking that the restricted-v2 SCC mutates securityContext to match restricted PSa

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

soltysh
soltysh approved these changes Jun 22, 2022
View reviewed changes
Copy link
Contributor

@soltysh soltysh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 22, 2022
@ibihim
Copy link
Contributor

ibihim commented Jun 22, 2022

/lgtm

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 22, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ibihim, soltysh, stlaz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@wallylewis
Copy link

/test e2e-aws-fips

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 2 against base HEAD 6438b04 and 8 for PR HEAD a4372eb in total

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 1 against base HEAD 6438b04 and 7 for PR HEAD a4372eb in total

@openshift-ci openshift-ci bot merged commit 05becc1 into openshift:master Jun 22, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 22, 2022

@stlaz: Some pull requests linked via external trackers have merged:

The following pull requests linked via external trackers have not merged:

These pull request must merge or be unlinked from the Bugzilla bug in order for it to move to the next state. Once unlinked, request a bug refresh with /bugzilla refresh.

Bugzilla bug 2086519 has not been moved to the MODIFIED state.

In response to this:

Bug 2086519: authorization: add a test checking that the restricted-v2 SCC mutates securityContext to match restricted PSa

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot mentioned this pull request Jun 23, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ibihim ibihim ibihim approved these changes

@soltysh soltysh soltysh approved these changes

@sinnykumari sinnykumari Awaiting requested review from sinnykumari

Assignees

@deads2k deads2k

@ibihim ibihim

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-urgent Referenced Bugzilla bug's severity is urgent for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@stlaz @ibihim @wallylewis @openshift-ci-robot @soltysh @deads2k