github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tests: Fixes tests for Windows (containerd, RunAsUserName)

Browse Source 
Since we've added support for RunAsUserName, we can now run some new
tests. However, the [LinuxOnly] tag will have to remain until the
WindowsRunAsUserName feature becomes enabled by default.

Additionally, Containerd supports file mounting on Windows, and some
tests will be able to pass on Windows with Containerd instead of Docker.
This commit is contained in:
Claudiu Belu
2019-07-05 12:23:04 +00:00
parent ef479c1a6f
commit f0e6d8ed09
10 changed files with 89 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
test/e2e/common/security_context.go
View File

@@ -123,11 +123,11 @@ var _ = framework.KubeDescribe("Security Context", func() {
// creates a pod with RunAsUser, which is not supported on Windows.
framework.SkipIfNodeOSDistroIs("windows")
name := "explicit-nonroot-uid"
pod := makeNonRootPod(name, rootImage, pointer.Int64Ptr(1234))
pod := makeNonRootPod(name, rootImage, pointer.Int64Ptr(nonRootTestUserID))
podClient.Create(pod)
podClient.WaitForSuccess(name, framework.PodStartTimeout)
framework.ExpectNoError(podClient.MatchContainerOutput(name, name, "1234"))
framework.ExpectNoError(podClient.MatchContainerOutput(name, name, "1000"))
})
ginkgo.It("should not run with an explicit root user ID [LinuxOnly]", func() {
// creates a pod with RunAsUser, which is not supported on Windows.
@@ -327,7 +327,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
*/
ginkgo.It("should allow privilege escalation when not explicitly set and uid != 0 [LinuxOnly] [NodeConformance]", func() {
podName := "alpine-nnp-nil-" + string(uuid.NewUUID())
if err := createAndMatchOutput(podName, "Effective uid: 0", nil, 1000); err != nil {
if err := createAndMatchOutput(podName, "Effective uid: 0", nil, nonRootTestUserID); err != nil {
framework.Failf("Match output for pod %q failed: %v", podName, err)
}
})
@@ -343,7 +343,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
framework.ConformanceIt("should not allow privilege escalation when false [LinuxOnly] [NodeConformance]", func() {
podName := "alpine-nnp-false-" + string(uuid.NewUUID())
apeFalse := false
if err := createAndMatchOutput(podName, "Effective uid: 1000", &apeFalse, 1000); err != nil {
if err := createAndMatchOutput(podName, fmt.Sprintf("Effective uid: %d", nonRootTestUserID), &apeFalse, nonRootTestUserID); err != nil {
framework.Failf("Match output for pod %q failed: %v", podName, err)
}
})
@@ -360,7 +360,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
ginkgo.It("should allow privilege escalation when true [LinuxOnly] [NodeConformance]", func() {
podName := "alpine-nnp-true-" + string(uuid.NewUUID())
apeTrue := true
if err := createAndMatchOutput(podName, "Effective uid: 0", &apeTrue, 1000); err != nil {
if err := createAndMatchOutput(podName, "Effective uid: 0", &apeTrue, nonRootTestUserID); err != nil {
framework.Failf("Match output for pod %q failed: %v", podName, err)
}
})