From 88b7a442719cbb74b78306c28ef881aec604d31c Mon Sep 17 00:00:00 2001
From: Dan Mihai <dmihai@microsoft.com>
Date: Thu, 8 Feb 2024 15:27:58 +0000
Subject: [PATCH] tests: k8s: k8s-exec.bats auto-generated policy

Auto-generate policy for k8s-exec.bats.

Fixes: #9247

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
---
 tests/integration/kubernetes/k8s-exec.bats | 34 ++++++++++++++++++----
 1 file changed, 29 insertions(+), 5 deletions(-)

diff --git a/tests/integration/kubernetes/k8s-exec.bats b/tests/integration/kubernetes/k8s-exec.bats
index aa14d7160ff6..1fac31ad7224 100644
--- a/tests/integration/kubernetes/k8s-exec.bats
+++ b/tests/integration/kubernetes/k8s-exec.bats
@@ -13,11 +13,32 @@ setup() {
 	pod_name="busybox"
 	first_container_name="first-test-container"
 	second_container_name="second-test-container"
+
+	test_yaml_file="${pod_config_dir}/test-busybox-pod.yaml"
+	cp "$pod_config_dir/busybox-pod.yaml" "${test_yaml_file}"
+
+	policy_settings_dir="$(create_tmp_policy_settings_dir "${pod_config_dir}")"
+
+	date_command="date"
+	add_exec_to_policy_settings "${policy_settings_dir}" "${date_command}"
+	sh_command="sh"
+	add_exec_to_policy_settings "${policy_settings_dir}" "${sh_command}"
+	env_command="env"
+	add_exec_to_policy_settings "${policy_settings_dir}" "${env_command}"
+
+	allowed_requests=(
+		"CloseStdinRequest"
+		"ReadStreamRequest"
+		"WriteStreamRequest"
+	)
+	add_requests_to_policy_settings "${policy_settings_dir}" "${allowed_requests[@]}"
+
+	auto_generate_policy "${policy_settings_dir}" "${test_yaml_file}"
 }
 
 @test "Kubectl exec" {
 	# Create the pod
-	kubectl create -f "${pod_config_dir}/busybox-pod.yaml"
+	kubectl create -f "${test_yaml_file}"
 
 	# Get pod specification
 	kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name"
@@ -28,10 +49,10 @@ setup() {
 	# see: https://github.com/kata-containers/tests/issues/2770
 	# kubectl exec -i "$pod_name" -- ls -tl /
 	# kubectl exec -it "$pod_name" -- ls -tl /
-	kubectl exec "$pod_name" -- date
+	kubectl exec "$pod_name" -- "$date_command"
 
 	## Case for stdin
-	kubectl exec -i "$pod_name" -- sh <<-EOF
+	kubectl exec -i "$pod_name" -- "$sh_command" <<-EOF
 echo abc > /tmp/abc.txt
 grep abc /tmp/abc.txt
 exit
@@ -48,11 +69,11 @@ EOF"
 
 	## Cases for target container
 	### First container
-	container_name=$(kubectl exec $pod_name -c $first_container_name -- env | grep CONTAINER_NAME)
+	container_name=$(kubectl exec $pod_name -c $first_container_name -- $env_command | grep CONTAINER_NAME)
 	[ "$container_name" == "CONTAINER_NAME=$first_container_name" ]
 
 	### Second container
-	container_name=$(kubectl exec $pod_name -c $second_container_name -- env | grep CONTAINER_NAME)
+	container_name=$(kubectl exec $pod_name -c $second_container_name -- $env_command | grep CONTAINER_NAME)
 	[ "$container_name" == "CONTAINER_NAME=$second_container_name" ]
 
 }
@@ -62,4 +83,7 @@ teardown() {
 	kubectl describe "pod/$pod_name"
 
 	kubectl delete pod "$pod_name"
+
+	rm "${test_yaml_file}"
+	delete_tmp_policy_settings_dir "${policy_settings_dir}"
 }