Revert "Enable PSA FG on Kubevirt (#2093)" (#2136)

* Revert "Enable PSA FG on Kubevirt (#2093)" This reverts commit 4731026. Signed-off-by: Simone Tiraboschi <stirabos@redhat.com> * hack: brutal workaround to bypass SCC->PSA on OCP brutal workaround to bypass SCC -> PSA on OCP >= 4.12 remove ASAP!!! Signed-off-by: Simone Tiraboschi <stirabos@redhat.com> * Another workaround for PSA on OCP/OKD 4.12 Remove once kubevirt/kubevirt#8748 lands in Kubevirt v0.59.0 Signed-off-by: Simone Tiraboschi <stirabos@redhat.com> Signed-off-by: Simone Tiraboschi <stirabos@redhat.com>
kubevirt · Nov 15, 2022 · e2d6f31 · e2d6f31
1 parent 437ce92
commit e2d6f31
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 6 deletions.
diff --git a/controllers/hyperconverged/hyperconverged_controller_test.go b/controllers/hyperconverged/hyperconverged_controller_test.go
@@ -209,7 +209,6 @@ var _ = Describe("HyperconvergedController", func() {
 					"NUMA",
 					"WithHostPassthroughCPU",
 					"VMExport",
-					"PSA",
 				}
 				// Get the KV
 				kvList := &kubevirtcorev1.KubeVirtList{}

diff --git a/controllers/operands/kubevirt.go b/controllers/operands/kubevirt.go
@@ -95,9 +95,6 @@ const (
 
 	// Export VMs to outside of the cluster
 	kvVMExportGate = "VMExport"
-
-	// enable Pod Security Admission handling
-	kvPSA = "PSA"
 )
 
 var (
@@ -114,7 +111,6 @@ var (
 		kvDownwardMetricsGate,
 		kvNUMA,
 		kvVMExportGate,
-		kvPSA,
 	}
 
 	// holds a list of mandatory KubeVirt feature gates. Some of them are the hard coded feature gates and some of

diff --git a/hack/kv-smoke-tests.sh b/hack/kv-smoke-tests.sh
@@ -13,9 +13,19 @@ BIN_DIR="$(pwd)/_out" && mkdir -p "${BIN_DIR}"
 export BIN_DIR
 
 TESTS_BINARY="$BIN_DIR/kv_smoke_tests.test"
-curl -Lo "$TESTS_BINARY" "https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/tests.test"
+######
+# workaround for PSA on OCP 4.12:
+# TODO: remove this once https://github.com/kubevirt/kubevirt/pull/8748 will land in
+# Kubevirt v0.59.0
+#curl -Lo "$TESTS_BINARY" "https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/tests.test"
+curl -Lo "$TESTS_BINARY" "https://storage.googleapis.com/kubevirt-prow/devel/nightly/release/kubevirt/kubevirt/20221115/testing/tests.test"
+######
 chmod +x "$TESTS_BINARY"
 
+# TODO: brutal workaround to bypass SCC -> PSA on OCP >= 4.12, remove ASAP!!!
+${CMD} adm policy add-scc-to-group privileged system:authenticated
+######
+
 echo "create testing infrastructure"
 
 cat <<EOF | ${CMD} apply -f -

diff --git a/hack/run-tests.sh b/hack/run-tests.sh
@@ -17,6 +17,9 @@ fi
 
 if [ -n "${OPENSHIFT_BUILD_NAMESPACE:-}" ]; then
     KUBECTL_BINARY="oc"
+    # TODO: brutal workaround to bypass SCC -> PSA on OCP >= 4.12, remove ASAP!!!
+    ${KUBECTL_BINARY} adm policy add-scc-to-group privileged system:authenticated
+    ######
 fi
 
 # when the tests are run in a pod, in-cluster config will be used