From b92207aa3273efcc0ea14b75c5236ddbbccb78af Mon Sep 17 00:00:00 2001
From: Camila Macedo <cmacedo@redhat.com>
Date: Sat, 25 Jun 2022 17:12:09 +0100
Subject: [PATCH] :seedling: improve e2e tests to ensure that pods are
 restricted

---
 test/e2e/utils/test_context.go     | 29 +++++++++++++++--------------
 test/e2e/v3/plugin_cluster_test.go |  8 +++++---
 2 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/test/e2e/utils/test_context.go b/test/e2e/utils/test_context.go
index e58c765b7ca..dba50da222b 100644
--- a/test/e2e/utils/test_context.go
+++ b/test/e2e/utils/test_context.go
@@ -33,16 +33,16 @@ import (
 // TestContext specified to run e2e tests
 type TestContext struct {
 	*CmdContext
-	TestSuffix string
-	Domain     string
-	Group      string
-	Version    string
-	Kind       string
-	Resources  string
-	ImageName  string
-	BinaryName string
-	Kubectl    *Kubectl
-	K8sVersion *KubernetesVersion
+	TestSuffix   string
+	Domain       string
+	Group        string
+	Version      string
+	Kind         string
+	Resources    string
+	ImageName    string
+	BinaryName   string
+	Kubectl      *Kubectl
+	K8sVersion   *KubernetesVersion
 	IsRestricted bool
 }
 
@@ -263,21 +263,22 @@ func (t *TestContext) Destroy() {
 	}
 }
 
+// CreateManagerNamespace will create the namespace where the manager is deployed
 func (t *TestContext) CreateManagerNamespace() error {
-	_, err:= t.Kubectl.Command("create","ns", t.Kubectl.Namespace)
+	_, err := t.Kubectl.Command("create", "ns", t.Kubectl.Namespace)
 	return err
 }
 
-//  kubectl label --overwrite ns --all   pod-security.kubernetes.io/audit=restricted  pod-security.kubernetes.io/warn=restricted pod-security.kubernetes.io/enforce-version=v1.24
+// LabelAllNamespacesToWarnAboutRestricted will label all namespaces so that we can verify
+// if a warning with `Warning: would violate PodSecurity` will be raised when the manifests are applied
 func (t *TestContext) LabelAllNamespacesToWarnAboutRestricted() error {
-	_, err:= t.Kubectl.Command("label", "--overwrite", "ns", "--all",
+	_, err := t.Kubectl.Command("label", "--overwrite", "ns", "--all",
 		"pod-security.kubernetes.io/audit=restricted",
 		"pod-security.kubernetes.io/enforce-version=v1.24",
 		"pod-security.kubernetes.io/warn=restricted")
 	return err
 }
 
-
 // LoadImageToKindCluster loads a local docker image to the kind cluster
 func (t *TestContext) LoadImageToKindCluster() error {
 	cluster := "kind"
diff --git a/test/e2e/v3/plugin_cluster_test.go b/test/e2e/v3/plugin_cluster_test.go
index 35ad2f14923..222c7e24dc1 100644
--- a/test/e2e/v3/plugin_cluster_test.go
+++ b/test/e2e/v3/plugin_cluster_test.go
@@ -163,7 +163,7 @@ var _ = Describe("kubebuilder", func() {
 				}
 
 				kbc.IsRestricted = true
-				GenerateV3(kbc, "v1" )
+				GenerateV3(kbc, "v1")
 				Run(kbc)
 			})
 			It("should generate a runnable project with the golang base plugin v3 and kustomize v4-alpha"+
@@ -205,10 +205,12 @@ func Run(kbc *utils.TestContext) {
 	var err error
 
 	By("creating manager namespace")
-	kbc.CreateManagerNamespace()
+	err = kbc.CreateManagerNamespace()
+	ExpectWithOffset(1, err).NotTo(HaveOccurred())
 
 	By("labeling all namespaces to warn about restricted")
-	kbc.LabelAllNamespacesToWarnAboutRestricted()
+	err = kbc.LabelAllNamespacesToWarnAboutRestricted()
+	ExpectWithOffset(1, err).NotTo(HaveOccurred())
 
 	By("updating the go.mod")
 	err = kbc.Tidy()