🌱 improve e2e tests to ensure that pods are restricted

kubernetes-sigs · Jun 25, 2022 · b92207a · b92207a
1 parent 6290323
commit b92207a
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 17 deletions.
diff --git a/test/e2e/utils/test_context.go b/test/e2e/utils/test_context.go
@@ -33,16 +33,16 @@ import (
 // TestContext specified to run e2e tests
 type TestContext struct {
 	*CmdContext
-	TestSuffix string
-	Domain     string
-	Group      string
-	Version    string
-	Kind       string
-	Resources  string
-	ImageName  string
-	BinaryName string
-	Kubectl    *Kubectl
-	K8sVersion *KubernetesVersion
+	TestSuffix   string
+	Domain       string
+	Group        string
+	Version      string
+	Kind         string
+	Resources    string
+	ImageName    string
+	BinaryName   string
+	Kubectl      *Kubectl
+	K8sVersion   *KubernetesVersion
 	IsRestricted bool
 }
 
@@ -263,21 +263,22 @@ func (t *TestContext) Destroy() {
 	}
 }
 
+// CreateManagerNamespace will create the namespace where the manager is deployed
 func (t *TestContext) CreateManagerNamespace() error {
-	_, err:= t.Kubectl.Command("create","ns", t.Kubectl.Namespace)
+	_, err := t.Kubectl.Command("create", "ns", t.Kubectl.Namespace)
 	return err
 }
 
-//  kubectl label --overwrite ns --all   pod-security.kubernetes.io/audit=restricted  pod-security.kubernetes.io/warn=restricted pod-security.kubernetes.io/enforce-version=v1.24
+// LabelAllNamespacesToWarnAboutRestricted will label all namespaces so that we can verify
+// if a warning with `Warning: would violate PodSecurity` will be raised when the manifests are applied
 func (t *TestContext) LabelAllNamespacesToWarnAboutRestricted() error {
-	_, err:= t.Kubectl.Command("label", "--overwrite", "ns", "--all",
+	_, err := t.Kubectl.Command("label", "--overwrite", "ns", "--all",
 		"pod-security.kubernetes.io/audit=restricted",
 		"pod-security.kubernetes.io/enforce-version=v1.24",
 		"pod-security.kubernetes.io/warn=restricted")
 	return err
 }
 
-
 // LoadImageToKindCluster loads a local docker image to the kind cluster
 func (t *TestContext) LoadImageToKindCluster() error {
 	cluster := "kind"

diff --git a/test/e2e/v3/plugin_cluster_test.go b/test/e2e/v3/plugin_cluster_test.go
@@ -163,7 +163,7 @@ var _ = Describe("kubebuilder", func() {
 				}
 
 				kbc.IsRestricted = true
-				GenerateV3(kbc, "v1" )
+				GenerateV3(kbc, "v1")
 				Run(kbc)
 			})
 			It("should generate a runnable project with the golang base plugin v3 and kustomize v4-alpha"+
@@ -205,10 +205,12 @@ func Run(kbc *utils.TestContext) {
 	var err error
 
 	By("creating manager namespace")
-	kbc.CreateManagerNamespace()
+	err = kbc.CreateManagerNamespace()
+	ExpectWithOffset(1, err).NotTo(HaveOccurred())
 
 	By("labeling all namespaces to warn about restricted")
-	kbc.LabelAllNamespacesToWarnAboutRestricted()
+	err = kbc.LabelAllNamespacesToWarnAboutRestricted()
+	ExpectWithOffset(1, err).NotTo(HaveOccurred())
 
 	By("updating the go.mod")
 	err = kbc.Tidy()