From 17bab33bd2b8719c84e5ede1bd21b435ebeedf0e Mon Sep 17 00:00:00 2001 From: Qi Wang Date: Fri, 21 Feb 2020 17:59:56 -0500 Subject: fix security-opt generate kube fix #4950 add selinux options from --security-opt of the container to generate kube result Signed-off-by: Qi Wang --- test/e2e/generate_kube_test.go | 47 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) (limited to 'test/e2e') diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index 603edbe6b..389f2c822 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -10,7 +10,7 @@ import ( "github.com/ghodss/yaml" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" ) var _ = Describe("Podman generate kube", func() { @@ -69,6 +69,51 @@ var _ = Describe("Podman generate kube", func() { Expect(numContainers).To(Equal(1)) }) + It("podman generate service kube on container with --security-opt level", func() { + session := podmanTest.Podman([]string{"create", "--name", "test", "--security-opt", "label=level:s0:c100,c200", "alpine"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + kube := podmanTest.Podman([]string{"generate", "kube", "test"}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + pod := new(v1.Pod) + err := yaml.Unmarshal(kube.Out.Contents(), pod) + Expect(err).To(BeNil()) + Expect(kube.OutputToString()).To(ContainSubstring("level: s0:c100,c200")) + }) + + It("podman generate service kube on container with --security-opt disable", func() { + session := podmanTest.Podman([]string{"create", "--name", "test-disable", "--security-opt", "label=disable", "alpine"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + kube := podmanTest.Podman([]string{"generate", "kube", "test-disable"}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + pod := new(v1.Pod) + err = yaml.Unmarshal(kube.Out.Contents(), pod) + Expect(err).To(BeNil()) + Expect(kube.OutputToString()).To(ContainSubstring("type: spc_t")) + }) + + It("podman generate service kube on container with --security-opt type", func() { + session := podmanTest.Podman([]string{"create", "--name", "test", "--security-opt", "label=type:foo_bar_t", "alpine"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + kube := podmanTest.Podman([]string{"generate", "kube", "test"}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + pod := new(v1.Pod) + err = yaml.Unmarshal(kube.Out.Contents(), pod) + Expect(err).To(BeNil()) + Expect(kube.OutputToString()).To(ContainSubstring("type: foo_bar_t")) + }) + It("podman generate service kube on container", func() { session := podmanTest.RunTopContainer("top") session.WaitWithDefaultTimeout() -- cgit v1.2.3-54-g00ecf