From d4a4e06f81642f71067ef22ff0bb7af52e0e96c0 Mon Sep 17 00:00:00 2001
From: PrimalPimmy <Prashant20.pm@gmail.com>
Date: Thu, 15 Feb 2024 13:18:52 +0530
Subject: [PATCH] chore(fix): Fix Flakey CI

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Added another file

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Changes to tags

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

operator tag change

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

tag fixed

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Used sed to replace version in config

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Tag fix

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

chore(test): add sleep to reduce flakiness

apparmor profile take some time to generate. The gingkgo tests try to check the enforcement almost immediately after applying a policy which results in increased flakiness due to the time it takes to activate policies.

Signed-off-by: Barun Acharya <barun1024@gmail.com>

chore(fix) First iteration to add eventually in the CI

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Eventually in block posture added

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Ginkgo verbose for debugging

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Fixes

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Fixes-2

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

net-raw fix

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

AssertCommand

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

AssertCommand

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Improved eventual testing

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Minor fixes

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Minor fixes-2

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

minor fix

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

another minor fix

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

minor fix

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

minor fix

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>
---
 .github/workflows/ci-latest-release.yml       |  34 +-
 .github/workflows/ci-test-ginkgo.yml          |   2 +-
 KubeArmor/monitor/systemMonitor.go            |   4 +-
 tests/k8s_env/Makefile                        |   2 +-
 .../block_suite_test.go                       |   0
 .../{block => blockposture}/block_test.go     |   8 +-
 .../res/ksp-wordpress-allow-file.yaml         |   0
 .../res/ksp-wordpress-allow-tcp.yaml          |   0
 .../res/wordpress-mysql-deployment.yaml       |   0
 tests/k8s_env/ksp/ksp_test.go                 | 577 +++++++-----------
 tests/util/kartutil.go                        |  18 +
 11 files changed, 270 insertions(+), 375 deletions(-)
 rename tests/k8s_env/{block => blockposture}/block_suite_test.go (100%)
 rename tests/k8s_env/{block => blockposture}/block_test.go (93%)
 rename tests/k8s_env/{block => blockposture}/res/ksp-wordpress-allow-file.yaml (100%)
 rename tests/k8s_env/{block => blockposture}/res/ksp-wordpress-allow-tcp.yaml (100%)
 rename tests/k8s_env/{block => blockposture}/res/wordpress-mysql-deployment.yaml (100%)

diff --git a/.github/workflows/ci-latest-release.yml b/.github/workflows/ci-latest-release.yml
index 911b58c79..f9b4e2452 100644
--- a/.github/workflows/ci-latest-release.yml
+++ b/.github/workflows/ci-latest-release.yml
@@ -71,20 +71,38 @@ jobs:
           else
             echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
           fi
-          RUNTIME=docker ./contribution/k3s/install_k3s.sh
+          RUNTIME=containerd ./contribution/k3s/install_k3s.sh
 
       - name: Generate KubeArmor artifacts
         run: GITHUB_SHA=$GITHUB_SHA ./KubeArmor/build/build_kubearmor.sh ${{ steps.vars.outputs.tag }}
 
-      - name: Deploy KubeArmor into Kubernetes
+      - name: Build Kubearmor-Operator
+        working-directory: pkg/KubeArmorOperator
         run: |
-          helm upgrade --install kubearmor ./deployments/helm/KubeArmor \
-          --values ./KubeArmor/build/kubearmor-helm-test-values.yaml \
-          --set kubearmor.image.tag=${{ steps.vars.outputs.tag }} \
-          --set kubearmorInit.image.tag=${{ steps.vars.outputs.tag }} \
-          -n kubearmor --create-namespace;
+          make docker-build TAG=${{ steps.vars.outputs.tag }}
 
-          kubectl wait --for=condition=ready --timeout=5m -n kubearmor pod -l kubearmor-app
+      - name: deploy pre existing pod 
+        run: |
+          kubectl apply -f ./tests/k8s_env/ksp/pre-run-pod.yaml
+          sleep 60
+          kubectl get pods -A
+
+      - name: Run KubeArmor
+        run: |
+          docker save kubearmor/kubearmor-init:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
+          docker save kubearmor/kubearmor:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
+          docker save kubearmor/kubearmor-operator:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
+          docker save kubearmor/kubearmor-snitch:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
+        
+          helm upgrade --install kubearmor-operator ./deployments/helm/KubeArmorOperator -n kubearmor --create-namespace
+          kubectl wait --for=condition=ready --timeout=5m -n kubearmor pod -l kubearmor-app=kubearmor-operator
+          kubectl get pods -A
+          if [[ ${{ steps.vars.outputs.tag }} == v* ]]; then
+            sed -i '/image: kubearmor\/kubearmor-controller:latest/!{/image: kubearmor\/kubearmor-relay-server:latest/!s/latest/${{ steps.vars.outputs.tag }}/g}' pkg/KubeArmorOperator/config/samples/kubearmor-test.yaml
+          fi
+          kubectl apply -f pkg/KubeArmorOperator/config/samples/kubearmor-test.yaml
+          kubectl wait -n kubearmor --timeout=5m --for=jsonpath='{.status.phase}'=Running kubearmorconfigs/kubearmorconfig-test
+          kubectl wait --timeout=5m --for=condition=ready pod -l kubearmor-app,kubearmor-app!=kubearmor-snitch -n kubearmor
           kubectl get pods -A
 
       - name: Test KubeArmor using Ginkgo
diff --git a/.github/workflows/ci-test-ginkgo.yml b/.github/workflows/ci-test-ginkgo.yml
index e4e33286c..cea3742c6 100644
--- a/.github/workflows/ci-test-ginkgo.yml
+++ b/.github/workflows/ci-test-ginkgo.yml
@@ -87,7 +87,7 @@ jobs:
           kubectl get pods -A
           kubectl apply -f pkg/KubeArmorOperator/config/samples/kubearmor-test.yaml
           kubectl wait -n kubearmor --timeout=5m --for=jsonpath='{.status.phase}'=Running kubearmorconfigs/kubearmorconfig-test
-          kubectl wait --timeout=5m --for=condition=ready pod -l kubearmor-app,kubearmor-app!=kubearmor-snitch -n kubearmor
+          kubectl wait --timeout=7m --for=condition=ready pod -l kubearmor-app,kubearmor-app!=kubearmor-snitch -n kubearmor
           kubectl get pods -A
 
       - name: Test KubeArmor using Ginkgo
diff --git a/KubeArmor/monitor/systemMonitor.go b/KubeArmor/monitor/systemMonitor.go
index 1f73ddcfa..c52ee7679 100644
--- a/KubeArmor/monitor/systemMonitor.go
+++ b/KubeArmor/monitor/systemMonitor.go
@@ -617,7 +617,7 @@ func (mon *SystemMonitor) TraceSyscall() {
 
 			now := time.Now()
 			if now.After(time.Unix(int64(ctx.Ts), 0).Add(10 * time.Second)) {
-				mon.Logger.Warn("Event dropped due to replay timeout")
+				mon.Logger.Debug("Event dropped due to replay timeout")
 				continue
 			}
 
@@ -644,7 +644,7 @@ func (mon *SystemMonitor) TraceSyscall() {
 					}
 
 				}
-				mon.Logger.Warn("Event dropped due to replay timeout")
+				mon.Logger.Debug("Event dropped due to replay timeout")
 			}()
 		}
 	}()
diff --git a/tests/k8s_env/Makefile b/tests/k8s_env/Makefile
index dbb6ab51b..ef96bc28e 100644
--- a/tests/k8s_env/Makefile
+++ b/tests/k8s_env/Makefile
@@ -10,4 +10,4 @@ build:
 	@ginkgo -r --vv --flake-attempts=10 --timeout=30m --skip-package "syscalls"
 .PHONY: test
 test:
-	@ginkgo -r
\ No newline at end of file
+	@ginkgo -r -v
\ No newline at end of file
diff --git a/tests/k8s_env/block/block_suite_test.go b/tests/k8s_env/blockposture/block_suite_test.go
similarity index 100%
rename from tests/k8s_env/block/block_suite_test.go
rename to tests/k8s_env/blockposture/block_suite_test.go
diff --git a/tests/k8s_env/block/block_test.go b/tests/k8s_env/blockposture/block_test.go
similarity index 93%
rename from tests/k8s_env/block/block_test.go
rename to tests/k8s_env/blockposture/block_test.go
index ef9150f2a..5e3bc6b1f 100644
--- a/tests/k8s_env/block/block_test.go
+++ b/tests/k8s_env/blockposture/block_test.go
@@ -69,10 +69,10 @@ var _ = Describe("Posture", func() {
 			err = KarmorLogStart("policy", "wordpress-mysql", "Network", wp)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "curl google.com"})
-			Expect(err).To(BeNil())
-			fmt.Printf("---START---\n%s---END---\n", sout)
-			Expect(sout).To(MatchRegexp("curl.*Could not resolve host: google.com"))
+			AssertCommand(
+				wp, "wordpress-mysql", []string{"bash", "-c", "curl google.com"},
+				MatchRegexp("curl.*Could not resolve host: google.com"), true,
+			)
 
 			out, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "curl 142.250.193.46"})
 			Expect(err).To(BeNil())
diff --git a/tests/k8s_env/block/res/ksp-wordpress-allow-file.yaml b/tests/k8s_env/blockposture/res/ksp-wordpress-allow-file.yaml
similarity index 100%
rename from tests/k8s_env/block/res/ksp-wordpress-allow-file.yaml
rename to tests/k8s_env/blockposture/res/ksp-wordpress-allow-file.yaml
diff --git a/tests/k8s_env/block/res/ksp-wordpress-allow-tcp.yaml b/tests/k8s_env/blockposture/res/ksp-wordpress-allow-tcp.yaml
similarity index 100%
rename from tests/k8s_env/block/res/ksp-wordpress-allow-tcp.yaml
rename to tests/k8s_env/blockposture/res/ksp-wordpress-allow-tcp.yaml
diff --git a/tests/k8s_env/block/res/wordpress-mysql-deployment.yaml b/tests/k8s_env/blockposture/res/wordpress-mysql-deployment.yaml
similarity index 100%
rename from tests/k8s_env/block/res/wordpress-mysql-deployment.yaml
rename to tests/k8s_env/blockposture/res/wordpress-mysql-deployment.yaml
diff --git a/tests/k8s_env/ksp/ksp_test.go b/tests/k8s_env/ksp/ksp_test.go
index 1c6be4157..22595f268 100644
--- a/tests/k8s_env/ksp/ksp_test.go
+++ b/tests/k8s_env/ksp/ksp_test.go
@@ -144,11 +144,10 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Network", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "arping -c 1 127.0.0.1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("CAP_NET_RAW.*required"))
+			// to wait for apparmor policy to be generated
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "arping -c 1 127.0.0.1"},
+				MatchRegexp("CAP_NET_RAW.*required"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-block-net-raw-cap",
@@ -170,12 +169,9 @@ var _ = Describe("Ksp", func() {
 
 			err := KarmorLogStart("system", "multiubuntu", "Network", ub1)
 			Expect(err).To(BeNil())
-
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "curl 142.250.193.46"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("<A HREF=\"http://www.google.com/\">here</A>"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "curl 142.250.193.46"},
+				MatchRegexp("<A HREF=\"http://www.google.com/\">here</A>"), true,
+			)
 
 			expect := protobuf.Log{
 				Result: "Passed",
@@ -196,11 +192,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Network", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "curl google.com"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("Could not resolve host: google.com"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "curl google.com"},
+				MatchRegexp("Could not resolve host: google.com"), true,
+			)
 
 			expectAlert := protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -226,8 +220,6 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Network", ub1)
 			Expect(err).To(BeNil())
 
-			time.Sleep(5 * time.Second) // for policy
-
 			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
 				[]string{"bash", "-c", "arping -c 1 127.0.0.1"})
 			Expect(err).To(BeNil())
@@ -257,11 +249,9 @@ var _ = Describe("Ksp", func() {
 			// Start KubeArmor Logs
 			err = KarmorLogStart("policy", "multiubuntu", "Network", ub1)
 			Expect(err).To(BeNil())
-
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "arping -c 1 127.0.0.1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "arping -c 1 127.0.0.1"},
+				MatchRegexp("arping.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-block-net-raw",
@@ -295,11 +285,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Capabilities", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "arping -c 1 127.0.0.1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("CAP_NET_RAW.*required"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "arping -c 1 127.0.0.1"},
+				MatchRegexp("CAP_NET_RAW.*required"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-block-net-raw-cap",
@@ -327,11 +315,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Capabilities", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "arping -c 1 127.0.0.1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("CAP_NET_RAW.*required"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "arping -c 1 127.0.0.1"},
+				MatchRegexp("CAP_NET_RAW.*required"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-block-net-raw-cap-from-source",
@@ -360,11 +346,10 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Process", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "sleep 1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("sleep.*Permission denied"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "sleep 1"},
+				MatchRegexp("sleep.*Permission denied"), true,
+			)
+			//BREAKING
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-group-1-block-proc-path",
@@ -383,11 +368,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Process", ub3)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "sleep 1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("sleep.*Permission denied"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "sleep 1"},
+				MatchRegexp("sleep.*Permission denied"), true,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-group-1-block-proc-path",
@@ -413,8 +396,6 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Process", ub4)
 			Expect(err).To(BeNil())
 
-			time.Sleep(5 * time.Second) // wait for policy
-
 			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
 				[]string{"bash", "-c", "sleep 1"})
 			Expect(err).To(BeNil())
@@ -443,11 +424,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Process", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "route"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("route.*Permission denied"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "route"},
+				MatchRegexp("route.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-block-proc-dir",
@@ -472,11 +451,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Process", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "whoami"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("whoami.*Permission denied"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "whoami"},
+				MatchRegexp("whoami.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-block-proc-dir-recursive",
@@ -504,11 +481,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Process", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "/bin/dash -c ls"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("dash.*ls.*Permission denied"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "/bin/dash -c ls"},
+				MatchRegexp("dash.*ls.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-group-1-block-proc-path-from-source",
@@ -528,11 +503,10 @@ var _ = Describe("Ksp", func() {
 			Expect(err).To(BeNil())
 
 			// /bin/bash -c pwd shoud passed as only /bin/ls is blocked by policy
-			sout, _, err = K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "/bin/dash -c pwd"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			// Expect(sout).To(Equal("/\r\n"))
+
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "/bin/dash -c pwd"},
+				MatchRegexp("/"), false,
+			)
 
 			expectLog := protobuf.Log{
 				Resource: "/bin/dash",
@@ -557,12 +531,9 @@ var _ = Describe("Ksp", func() {
 			// Start KubeArmor Logs
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub3)
 			Expect(err).To(BeNil())
-
-			sout, _, err := K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "cat /etc/hostname"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("hostname.*Permission denied"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "cat /etc/hostname"},
+				MatchRegexp("hostname.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -577,12 +548,9 @@ var _ = Describe("Ksp", func() {
 			Expect(res.Found).To(BeTrue())
 
 			// Test 2: accesss to the permitted files and processes should be allowed
-
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "cat /credentials/password"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("password file"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "cat /credentials/password"},
+				ContainSubstring("password file"), false,
+			)
 
 		})
 
@@ -598,11 +566,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Process", ub3)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "/home/user1/hello"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("hello.*Permission denied"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "/home/user1/hello"},
+				MatchRegexp("hello.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -616,12 +582,9 @@ var _ = Describe("Ksp", func() {
 			Expect(res.Found).To(BeTrue())
 
 			// Test 2: owner can execute the binary
-
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c '/home/user1/hello'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("helloworld"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "su - user1 -c '/home/user1/hello'"},
+				ContainSubstring("helloworld"), false,
+			)
 		})
 
 		It("it can block all the accesses to a process path except access by the owner", func() {
@@ -637,6 +600,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Process", ub3)
 			Expect(err).To(BeNil())
 
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "/home/user1/hello"},
+				MatchRegexp("hello.*Permission denied"), true,
+			)
 			sout, _, err := K8sExecInPod(ub3, "multiubuntu",
 				[]string{"bash", "-c", "/home/user1/hello"})
 			Expect(err).To(BeNil())
@@ -659,12 +625,9 @@ var _ = Describe("Ksp", func() {
 			// Start KubeArmor Logs
 			err = KarmorLogStart("system", "multiubuntu", "Process", ub3)
 			Expect(err).To(BeNil())
-
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c '/home/user1/hello'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("helloworld"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "su - user1 -c '/home/user1/hello'"},
+				ContainSubstring("helloworld"), false,
+			)
 
 			expectLog := protobuf.Log{
 				Resource: "/home/user1/hello",
@@ -692,11 +655,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "cat /etc/hostname"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("hostname.*Permission denied"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "cat /etc/hostname"},
+				MatchRegexp("hostname.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -713,11 +674,9 @@ var _ = Describe("Ksp", func() {
 			// Test 2: from source allowed file path can be accessed
 
 			// cat /secret.txt should result in passed as per the applied policy
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "cat /secret.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("secret file"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "cat /secret.txt"},
+				ContainSubstring("secret file"), false,
+			)
 
 		})
 
@@ -732,13 +691,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			time.Sleep(5 * time.Second) // for policy
-
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "cat /credentials/password"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("password.*Permission denied"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "cat /credentials/password"},
+				MatchRegexp("password.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-4-block-file-dir-recursive",
@@ -762,13 +717,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			time.Sleep(5 * time.Second) // for policy
-
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "cat /secret.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("secret file"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "cat /secret.txt"},
+				ContainSubstring("secret file"), false,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-group-2-audit-file-path-from-source-path",
@@ -796,13 +747,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub1)
 			Expect(err).To(BeNil())
 
-			time.Sleep(5 * time.Second) // for policy
-
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "cat /credentials/password"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("password file"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "cat /credentials/password"},
+				ContainSubstring("password file"), false,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-audit-file-dir",
@@ -816,12 +763,9 @@ var _ = Describe("Ksp", func() {
 			Expect(res.Found).To(BeTrue())
 
 			// test 2: check for subdirectory file access
-
-			sout, _, err = K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "cat /credentials/keys/priv.key"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("key file"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "cat /credentials/keys/priv.key"},
+				ContainSubstring("key file"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-audit-file-dir",
@@ -847,11 +791,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "cat /secret.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret.txt.*Permission denied"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "cat /secret.txt"},
+				MatchRegexp("secret.txt.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-group-2-block-file-path-from-source-path",
@@ -881,11 +823,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "cat /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "cat /home/user1/secret_data1.txt"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -900,12 +840,9 @@ var _ = Describe("Ksp", func() {
 			Expect(res.Found).To(BeTrue())
 
 			// Test 2: owner is allowed to access the file
-
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'cat secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("secret file user1"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat secret_data1.txt'"},
+				ContainSubstring("secret file user1"), false,
+			)
 
 		})
 
@@ -919,13 +856,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			time.Sleep(5 * time.Second) // for policy
-
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'cat secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("secret file user1"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat secret_data1.txt'"},
+				ContainSubstring("secret file user1"), false,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-group-2-audit-file-path-owner-from-source-path",
@@ -952,11 +885,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "cat /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "cat /home/user1/secret_data1.txt"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-group-2-block-file-path-owner-from-source-path",
@@ -975,11 +906,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'cat secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("secret file user1"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat secret_data1.txt'"},
+				ContainSubstring("secret file user1"), false,
+			)
 
 			expectLog := protobuf.Log{
 				Resource: "secret_data1.txt",
@@ -1008,11 +937,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "cat /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "cat /home/user1/secret_data1.txt"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-block-file-pattern-owner-readonly",
@@ -1031,11 +958,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'cat secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("secret file user1"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat secret_data1.txt'"},
+				ContainSubstring("secret file user1"), false,
+			)
 
 			expectLog := protobuf.Log{
 				Resource: "secret_data1.txt",
@@ -1053,11 +978,10 @@ var _ = Describe("Ksp", func() {
 			Expect(err).To(BeNil())
 
 			// as the file is read-only this should result in permission denied
-			sout, _, err = K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "echo root >> /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "echo root >> /home/user1/secret_data1.txt"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-block-file-pattern-owner-readonly",
@@ -1077,11 +1001,10 @@ var _ = Describe("Ksp", func() {
 			Expect(err).To(BeNil())
 
 			// as the file is read-only this should result in permission denied
-			sout, _, err = K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'echo test >> /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'echo test >> /home/user1/secret_data1.txt'"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-block-file-pattern-owner-readonly",
@@ -1110,11 +1033,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub3)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "cat /home/user1/dir1/key1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("key1\\.txt.*Permission denied"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "cat /home/user1/dir1/key1.txt"},
+				MatchRegexp("key1\\.txt.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-3-block-file-dir-recursive-owner-readonly",
@@ -1129,30 +1050,24 @@ var _ = Describe("Ksp", func() {
 
 			// Test 2: readonly access by the owner is allowed
 
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("secret file user1"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"},
+				ContainSubstring("secret file user1"), false,
+			)
 
 			// Test 3: readonly access to a file in a subdirectory by the owner is allowed
 
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'cat /home/user1/dir1/key1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("key file 1"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat /home/user1/dir1/key1.txt'"},
+				ContainSubstring("key file 1"), false,
+			)
 
 			// Test 4: write operation by the non-owner shoudl also be blocked
 			// Start KubeArmor Logs
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub3)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "echo root >> /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "echo root >> /home/user1/secret_data1.txt"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-3-block-file-dir-recursive-owner-readonly",
@@ -1167,11 +1082,9 @@ var _ = Describe("Ksp", func() {
 
 			// Test 5: owner also not allowed write operation on the file
 
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'echo user1 >> /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'echo user1 >> /home/user1/secret_data1.txt'"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-3-block-file-dir-recursive-owner-readonly",
@@ -1186,11 +1099,9 @@ var _ = Describe("Ksp", func() {
 
 			// Test 6: owner also not allowed write operation on the file in subdirectory too
 
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'echo user1 >> /home/user1/dir1/key1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("key1\\.txt.*Permission denied"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'echo user1 >> /home/user1/dir1/key1.txt'"},
+				MatchRegexp("key1\\.txt.*Permission denied"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-3-block-file-dir-recursive-owner-readonly",
@@ -1219,11 +1130,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub3)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "cat /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "cat /home/user1/secret_data1.txt"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-3-block-file-dir-owner-readonly",
@@ -1241,11 +1150,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub3)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("secret file user1"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"},
+				ContainSubstring("secret file user1"), false,
+			)
 
 			expectLog := protobuf.Log{
 				Resource: "secret_data1.txt",
@@ -1261,11 +1168,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub3)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "echo root >> /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "echo root >> /home/user1/secret_data1.txt"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-3-block-file-dir-owner-readonly",
@@ -1280,11 +1185,9 @@ var _ = Describe("Ksp", func() {
 
 			// Test 4: owner also not allowed write operation on the file
 
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'echo user1 >> /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'echo user1 >> /home/user1/secret_data1.txt'"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-3-block-file-dir-owner-readonly",
@@ -1311,10 +1214,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "./readwrite -r /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -r /home/user1/secret_data1.txt"},
+				MatchRegexp("./readwrite: Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -1329,10 +1231,9 @@ var _ = Describe("Ksp", func() {
 
 			// Test 2: write operation from source path by non-owner user should be blocked
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "./readwrite -w /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -w /home/user1/secret_data1.txt"},
+				MatchRegexp("./readwrite: Permission denied"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -1351,11 +1252,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c './readwrite -r /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			// Expect(sout).To(ContainSubstring("s"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c './readwrite -r /home/user1/secret_data1.txt'"},
+				ContainSubstring("s"), false,
+			)
 
 			expectLog := protobuf.Log{
 				Source: "/home/user1/secret_data1.txt",
@@ -1383,11 +1282,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c '/readwrite -w /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("Error"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c '/readwrite -w /home/user1/secret_data1.txt'"},
+				MatchRegexp("Error"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-4-block-file-path-owner-readonly",
@@ -1402,11 +1299,9 @@ var _ = Describe("Ksp", func() {
 
 			// Test 2: write operation on the file by non-owner user should be blocked
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "./readwrite -w /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("Error"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -w /home/user1/secret_data1.txt"},
+				ContainSubstring("Error"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-4-block-file-path-owner-readonly",
@@ -1425,11 +1320,9 @@ var _ = Describe("Ksp", func() {
 			// err = KarmorLogStart("system", "multiubuntu", "File", ub4)
 			// Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "cat /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "cat /home/user1/secret_data1.txt"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-4-block-file-path-owner-readonly",
@@ -1448,11 +1341,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("secret file user1"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"},
+				ContainSubstring("secret file user1"), false,
+			)
 
 			expectLog := protobuf.Log{
 				Resource: "secret_data1.txt",
@@ -1480,10 +1371,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c '/readwrite -w /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c '/readwrite -w /home/user1/secret_data1.txt'"},
+				MatchRegexp("Error"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-4-block-file-path-owner-readonly-from-source-path",
@@ -1498,10 +1388,9 @@ var _ = Describe("Ksp", func() {
 
 			// Test 2: write operation on the file from source path by non-owner user should be blocked
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "./readwrite -w /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -w /home/user1/secret_data1.txt"},
+				MatchRegexp("Error"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-4-block-file-path-owner-readonly-from-source-path",
@@ -1516,10 +1405,9 @@ var _ = Describe("Ksp", func() {
 
 			// Test 3: write operation on the file from source by the owner should also be blocked
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c '/readwrite -w /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c '/readwrite -w /home/user1/secret_data1.txt'"},
+				MatchRegexp("Error!"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-4-block-file-path-owner-readonly-from-source-path",
@@ -1538,7 +1426,7 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
+			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
 				[]string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"})
 			Expect(err).To(BeNil())
 			fmt.Printf("OUTPUT: %s\n", sout)
@@ -1569,11 +1457,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "cat /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "cat /home/user1/secret_data1.txt"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -1589,11 +1475,9 @@ var _ = Describe("Ksp", func() {
 
 			// Test 2: readonly access by the owner shoudl be allowed
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("secret file user1"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"},
+				MatchRegexp("secret file user1"), false,
+			)
 
 			// Test 3: access to some other file by the owner shoudl be blocked by default
 
@@ -1601,11 +1485,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'cat /home/user1/otherfile.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("otherfile\\.txt.*Permission denied"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat /home/user1/otherfile.txt'"},
+				MatchRegexp("otherfile\\.txt.*Permission denied"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -1637,11 +1519,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub3)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "cat /home/user1/secret_data1.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("secret_data1\\.txt.*Permission denied"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "cat /home/user1/secret_data1.txt"},
+				MatchRegexp("secret_data1\\.txt.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -1657,15 +1537,13 @@ var _ = Describe("Ksp", func() {
 
 			// Test 2: access by the owner should be allowed
 
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("secret file user1"))
+			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"},
+				ContainSubstring("secret file user1"), false,
+			)
 
 			// Test 3: write operation on the file by the owner should also be allowed
-
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
+			// No need for AssertCommand here since there is nothing to match
+			sout, _, err := K8sExecInPod(ub3, "multiubuntu",
 				[]string{"bash", "-c", "su - user1 -c 'echo user1 >> /home/user1/secret_data1.txt'"})
 			Expect(err).To(BeNil())
 			fmt.Printf("OUTPUT: %s\n", sout)
@@ -1687,11 +1565,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "./readwrite -r /credentials/password"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("p"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -r /credentials/password"},
+				ContainSubstring("p"), true,
+			)
 
 			expectLog := protobuf.Log{
 				Resource: "/credentials/password",
@@ -1708,10 +1584,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "./readwrite -w /credentials/password"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -w /credentials/password"},
+				MatchRegexp("Error!"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-4-block-file-path-readonly-from-source-path",
@@ -1730,7 +1605,7 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
+			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
 				[]string{"bash", "-c", "./readwrite -r /secret.txt"})
 			Expect(err).To(BeNil())
 			fmt.Printf("OUTPUT: %s\n", sout)
@@ -1758,11 +1633,9 @@ var _ = Describe("Ksp", func() {
 			err := K8sApplyFile("multiubuntu/ksp-ubuntu-4-allow-file-path-readonly-from-source-path.yaml")
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "./readwrite -r /credentials/password"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("p"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -r /credentials/password"},
+				ContainSubstring("p"), true,
+			)
 
 			// Test 2: wrinting to the file even from source path shoould be denied
 
@@ -1770,7 +1643,7 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
+			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
 				[]string{"bash", "-c", "./readwrite -w /credentials/password"})
 			Expect(err).To(BeNil())
 			fmt.Printf("OUTPUT: %s\n", sout)
@@ -1824,11 +1697,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "echo test >> /credentials/password"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("password.*Permission denied"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "echo test >> /credentials/password"},
+				MatchRegexp("password.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-4-block-file-path-readonly",
@@ -1847,11 +1718,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "cat /credentials/password"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("password file"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "cat /credentials/password"},
+				ContainSubstring("password file"), true,
+			)
 
 			expectLog := protobuf.Log{
 				Source: "/credentials/password",
@@ -1881,11 +1750,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "cat /etc/shadow"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("shadow.*Permission denied"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "cat /etc/shadow"},
+				MatchRegexp("shadow.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-block-file-pattern",
@@ -1900,11 +1767,9 @@ var _ = Describe("Ksp", func() {
 
 			// Test 2 : trying to access another file following the pattern
 
-			sout, _, err = K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "cat /etc/gshadow"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("gshadow.*Permission denied"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "cat /etc/gshadow"},
+				MatchRegexp("gshadow.*Permission denied"), false,
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-block-file-pattern",
@@ -1931,11 +1796,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "cat /run/secrets/kubernetes.io/serviceaccount/token"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("token.*Permission denied"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "cat /run/secrets/kubernetes.io/serviceaccount/token"},
+				MatchRegexp("token.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-block-file-dir-recursive",
@@ -1963,11 +1826,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "cat /etc/hostname"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("hostname.*Permission denied"))
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "cat /etc/hostname"},
+				MatchRegexp("hostname.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -1998,11 +1859,9 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "echo test >> /credentials/password"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("password.*Permission denied"))
+			AssertCommand(ub4, "multiubuntu", []string{"bash", "-c", "echo test >> /credentials/password"},
+				MatchRegexp("password.*Permission denied"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -2022,7 +1881,7 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
+			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
 				[]string{"bash", "-c", "cat /credentials/password"})
 			Expect(err).To(BeNil())
 			fmt.Printf("OUTPUT: %s\n", sout)
diff --git a/tests/util/kartutil.go b/tests/util/kartutil.go
index e07315ba5..3de0f43d3 100644
--- a/tests/util/kartutil.go
+++ b/tests/util/kartutil.go
@@ -9,6 +9,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	gomegaTypes "github.com/onsi/gomega/types"
 	"math/rand"
 	"os"
 	"os/exec"
@@ -22,6 +23,7 @@ import (
 	pb "github.com/kubearmor/KubeArmor/protobuf"
 	kcli "github.com/kubearmor/kubearmor-client/k8s"
 	kclient "github.com/kubearmor/kubearmor-client/vm"
+	. "github.com/onsi/gomega"
 	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc"
 	"google.golang.org/protobuf/types/known/emptypb"
@@ -609,6 +611,22 @@ func RunDockerCommand(cmdstr string) (string, error) {
 	return string(sout), err
 }
 
+func AssertCommand(wp string, namespace string, cmd []string, match gomegaTypes.GomegaMatcher, eventual bool) {
+	if eventual {
+		Eventually(func() string {
+			sout, _, err := K8sExecInPod(wp, namespace, cmd)
+			Expect(err).To(BeNil())
+			fmt.Printf("---START---\n%s---END---\n", sout)
+			return sout
+		}, 10*time.Second, 2*time.Second).Should(match)
+	} else {
+		sout, _, err := K8sExecInPod(wp, namespace, cmd)
+		Expect(err).To(BeNil())
+		fmt.Printf("---START---\n%s---END---\n", sout)
+		Expect(sout).To(match)
+	}
+}
+
 // SendPolicy sends kubearmor policy using grpc client
 func SendPolicy(eventType, path string) error {
 	var policyOptions kclient.PolicyOptions