Handle filetype field in kubernetes.yaml files #17302
Conversation
openshift-ci
bot
added
release-note
approved
test/system/helpers.bash
Outdated
| @@ -347,6 +347,11 @@ function is_aarch64() { | |||
| [ "$(uname -m)" == "aarch64" ] | |||
| } | |||
|
|
|||
| function is_selinux() { | |||
| /usr/sbin/selinuxenabled 2> /dev/null | |||
| return $? | |||
There was a problem hiding this comment.
Unnecessary; please remove, it's misleading.
| run_podman inspect pod1-test1 --format "{{ .MountLabel }}" | ||
| is "$output" "system_u:object_r:usr_t:s0:c1,c2" "Generated container should use filetype usr_t" | ||
| fi | ||
| } |
There was a problem hiding this comment.
There's probably some cleanup missing here?
There was a problem hiding this comment.
Yes, it looks like the initial pod/container used in kube generate need to be removed as well.
There was a problem hiding this comment.
run_podman pod rm --force pod1
Should remove it.
test/system/helpers.bash
Outdated
| @@ -347,6 +347,11 @@ function is_aarch64() { | |||
| [ "$(uname -m)" == "aarch64" ] | |||
| } | |||
|
|
|||
| function is_selinux() { | |||
There was a problem hiding this comment.
I mean, you're the expert, but wouldn't selinux_enabled be a better name?
|
tests LGTM, I can't review the code though |
test/system/700-play.bats
Outdated
| run_podman create --pod new:pod1 --security-opt label=level:s0:c1,c2 --security-opt label=filetype:usr_t --name test1 $IMAGE true | ||
| run_podman kube generate pod1 -f $YAML | ||
| run cat $YAML | ||
| is "$output" ".*filetype: usr_t" "Generated YAML file should container filetype usr_t" |
There was a problem hiding this comment.
| is "$output" ".*filetype: usr_t" "Generated YAML file should container filetype usr_t" | |
| is "$output" ".*filetype: usr_t" "Generated YAML file should contain filetype usr_t" |
There was a problem hiding this comment.
My fingers automatically add the er whenever I type contain ...
| run_podman inspect pod1-test1 --format "{{ .MountLabel }}" | ||
| is "$output" "system_u:object_r:usr_t:s0:c1,c2" "Generated container should use filetype usr_t" | ||
| fi | ||
| } |
There was a problem hiding this comment.
Yes, it looks like the initial pod/container used in kube generate need to be removed as well.
Signed-off-by: Daniel J Walsh <[email protected]>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rhatdan, vrothberg The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
Signed-off-by: Daniel J Walsh [email protected]
Does this PR introduce a user-facing change?