Merge pull request kata-containers#9248 from microsoft/danmihai1/k8s-…

…exec.bats2 tests: k8s: k8s-exec.bats auto-generated policy
taoohong · Mar 13, 2024 · ac27caf · ac27caf
2 parents 8f4cbd4 + 88b7a44
commit ac27caf
Showing 1 changed file with 29 additions and 5 deletions.
diff --git a/tests/integration/kubernetes/k8s-exec.bats b/tests/integration/kubernetes/k8s-exec.bats
@@ -13,11 +13,32 @@ setup() {
 	pod_name="busybox"
 	first_container_name="first-test-container"
 	second_container_name="second-test-container"
+
+	test_yaml_file="${pod_config_dir}/test-busybox-pod.yaml"
+	cp "$pod_config_dir/busybox-pod.yaml" "${test_yaml_file}"
+
+	policy_settings_dir="$(create_tmp_policy_settings_dir "${pod_config_dir}")"
+
+	date_command="date"
+	add_exec_to_policy_settings "${policy_settings_dir}" "${date_command}"
+	sh_command="sh"
+	add_exec_to_policy_settings "${policy_settings_dir}" "${sh_command}"
+	env_command="env"
+	add_exec_to_policy_settings "${policy_settings_dir}" "${env_command}"
+
+	allowed_requests=(
+		"CloseStdinRequest"
+		"ReadStreamRequest"
+		"WriteStreamRequest"
+	)
+	add_requests_to_policy_settings "${policy_settings_dir}" "${allowed_requests[@]}"
+
+	auto_generate_policy "${policy_settings_dir}" "${test_yaml_file}"
 }
 
 @test "Kubectl exec" {
 	# Create the pod
-	kubectl create -f "${pod_config_dir}/busybox-pod.yaml"
+	kubectl create -f "${test_yaml_file}"
 
 	# Get pod specification
 	kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name"
@@ -28,10 +49,10 @@ setup() {
 	# see: https://github.com/kata-containers/tests/issues/2770
 	# kubectl exec -i "$pod_name" -- ls -tl /
 	# kubectl exec -it "$pod_name" -- ls -tl /
-	kubectl exec "$pod_name" -- date
+	kubectl exec "$pod_name" -- "$date_command"
 
 	## Case for stdin
-	kubectl exec -i "$pod_name" -- sh <<-EOF
+	kubectl exec -i "$pod_name" -- "$sh_command" <<-EOF
 echo abc > /tmp/abc.txt
 grep abc /tmp/abc.txt
 exit
@@ -48,11 +69,11 @@ EOF"
 
 	## Cases for target container
 	### First container
-	container_name=$(kubectl exec $pod_name -c $first_container_name -- env | grep CONTAINER_NAME)
+	container_name=$(kubectl exec $pod_name -c $first_container_name -- $env_command | grep CONTAINER_NAME)
 	[ "$container_name" == "CONTAINER_NAME=$first_container_name" ]
 
 	### Second container
-	container_name=$(kubectl exec $pod_name -c $second_container_name -- env | grep CONTAINER_NAME)
+	container_name=$(kubectl exec $pod_name -c $second_container_name -- $env_command | grep CONTAINER_NAME)
 	[ "$container_name" == "CONTAINER_NAME=$second_container_name" ]
 
 }
@@ -62,4 +83,7 @@ teardown() {
 	kubectl describe "pod/$pod_name"
 
 	kubectl delete pod "$pod_name"
+
+	rm "${test_yaml_file}"
+	delete_tmp_policy_settings_dir "${policy_settings_dir}"
 }