diff options
author | Peter Hunt <pehunt@redhat.com> | 2020-01-03 10:15:03 -0500 |
---|---|---|
committer | Peter Hunt <pehunt@redhat.com> | 2020-01-03 13:27:17 -0500 |
commit | b6792b61de7706ad6019a98db23c2a62753b1bde (patch) | |
tree | 75c4b9c1f428103b1b52565fcbba9607e186272a /test/e2e/play_kube_test.go | |
parent | 50b44463760a224cd72e0920f03ed2041689bc63 (diff) | |
download | podman-b6792b61de7706ad6019a98db23c2a62753b1bde.tar.gz podman-b6792b61de7706ad6019a98db23c2a62753b1bde.tar.bz2 podman-b6792b61de7706ad6019a98db23c2a62753b1bde.zip |
play kube: make seccomp handling better conform to k8s
Add flag --seccomp-profile-root in play kube to allow users to specify where to look for seccomp profiles
update tests
Signed-off-by: Peter Hunt <pehunt@redhat.com>
Diffstat (limited to 'test/e2e/play_kube_test.go')
-rw-r--r-- | test/e2e/play_kube_test.go | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 29c60d7ac..89a5eddf4 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -358,10 +358,11 @@ var _ = Describe("Podman generate kube", func() { ctrAnnotation := "container.seccomp.security.alpha.kubernetes.io/" + defaultCtrName ctr := getCtr(withCmd([]string{"pwd"})) - err = generateKubeYaml(getPod(withCtr(ctr), withAnnotation(ctrAnnotation, "localhost:"+jsonFile)), kubeYaml) + err = generateKubeYaml(getPod(withCtr(ctr), withAnnotation(ctrAnnotation, "localhost/"+filepath.Base(jsonFile))), kubeYaml) Expect(err).To(BeNil()) - kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + // CreateSeccompJson will put the profile into podmanTest.TempDir. Use --seccomp-profile-root to tell play kube where to look + kube := podmanTest.Podman([]string{"play", "kube", "--seccomp-profile-root", podmanTest.TempDir, kubeYaml}) kube.WaitWithDefaultTimeout() Expect(kube.ExitCode()).To(Equal(0)) @@ -378,13 +379,15 @@ var _ = Describe("Podman generate kube", func() { fmt.Println(err) Skip("Failed to prepare seccomp.json for test.") } + defer os.Remove(jsonFile) ctr := getCtr(withCmd([]string{"pwd"})) - err = generateKubeYaml(getPod(withCtr(ctr), withAnnotation("seccomp.security.alpha.kubernetes.io/pod", "localhost:"+jsonFile)), kubeYaml) + err = generateKubeYaml(getPod(withCtr(ctr), withAnnotation("seccomp.security.alpha.kubernetes.io/pod", "localhost/"+filepath.Base(jsonFile))), kubeYaml) Expect(err).To(BeNil()) - kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + // CreateSeccompJson will put the profile into podmanTest.TempDir. Use --seccomp-profile-root to tell play kube where to look + kube := podmanTest.Podman([]string{"play", "kube", "--seccomp-profile-root", podmanTest.TempDir, kubeYaml}) kube.WaitWithDefaultTimeout() Expect(kube.ExitCode()).To(Equal(0)) |