From 96a6e334e557a7997f719003592bc3d3435569c1 Mon Sep 17 00:00:00 2001 From: Pradipta Banerjee Date: Fri, 12 Jul 2024 11:21:30 +0530 Subject: [PATCH] e2e: Fix DoTestCreatePeerPodContainerWithExternalIPAccess Ping used to check external ip access requires privileged capabilities. Introduce a new method to create priv pod and execute the test case Signed-off-by: Pradipta Banerjee --- src/cloud-api-adaptor/test/e2e/common.go | 14 ++++++++++++++ src/cloud-api-adaptor/test/e2e/common_suite.go | 6 +++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/src/cloud-api-adaptor/test/e2e/common.go b/src/cloud-api-adaptor/test/e2e/common.go index 6c52da321..8664588e5 100644 --- a/src/cloud-api-adaptor/test/e2e/common.go +++ b/src/cloud-api-adaptor/test/e2e/common.go @@ -125,6 +125,13 @@ func WithLabel(data map[string]string) PodOption { } } +// Option to handle SecurityContext +func WithSecurityContext(sc *corev1.SecurityContext) PodOption { + return func(p *corev1.Pod) { + p.Spec.Containers[0].SecurityContext = sc + } +} + func NewPod(namespace string, podName string, containerName string, imageName string, options ...PodOption) *corev1.Pod { runtimeClassName := "kata-remote" pod := &corev1.Pod{ @@ -146,6 +153,13 @@ func NewBusyboxPod(namespace string) *corev1.Pod { return NewBusyboxPodWithName(namespace, "busybox") } +func NewPrivPod(namespace string, podName string) *corev1.Pod { + sc := &corev1.SecurityContext{ + Privileged: func(b bool) *bool { return &b }(true), + } + return NewPod(namespace, podName, "busybox", BUSYBOX_IMAGE, WithCommand([]string{"/bin/sh", "-c", "sleep 3600"}), WithSecurityContext(sc)) +} + func NewCurlPodWithName(namespace, podName string) *corev1.Pod { return NewPod(namespace, podName, "curl", CURL_IMAGE, WithCommand([]string{"/bin/sh", "-c", "sleep 3600"})) } diff --git a/src/cloud-api-adaptor/test/e2e/common_suite.go b/src/cloud-api-adaptor/test/e2e/common_suite.go index f1044ddd8..029f30099 100644 --- a/src/cloud-api-adaptor/test/e2e/common_suite.go +++ b/src/cloud-api-adaptor/test/e2e/common_suite.go @@ -124,7 +124,11 @@ func DoTestCreatePodWithSecret(t *testing.T, e env.Environment, assert CloudAsse } func DoTestCreatePeerPodContainerWithExternalIPAccess(t *testing.T, e env.Environment, assert CloudAssert) { - pod := NewBusyboxPod(E2eNamespace) + // This test requires a container with the right capability otherwise the following error will be thrown: + // / # ping 8.8.8.8 + // PING 8.8.8.8 (8.8.8.8): 56 data bytes + // ping: permission denied (are you root?) + pod := NewPrivPod(E2eNamespace, "busybox-priv") testCommands := []TestCommand{ { Command: []string{"ping", "-c", "1", "www.google.com"},