From 2e0b4dfbfde774750cd3295a1436648e320f40ca Mon Sep 17 00:00:00 2001 From: Ronny Baturov Date: Thu, 14 Nov 2024 13:30:43 +0200 Subject: [PATCH] e2e: verify NROP machineconfigs are removed Starting in version 4.18, NROP MachineConfigs containing the custom SELinux policy are expected to be removed unless a specific annotation is set in the NUMAResourcesOperator CR to enforce the use of the custom (legacy) SELinux policy. To ensure this behavior, we added a test that verifies MachineConfigs are removed when the annotation is absent in the CR. Signed-off-by: Ronny Baturov --- test/e2e/install/install_test.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/test/e2e/install/install_test.go b/test/e2e/install/install_test.go index 6322a4592..a6defab29 100644 --- a/test/e2e/install/install_test.go +++ b/test/e2e/install/install_test.go @@ -38,6 +38,7 @@ import ( "github.com/k8stopologyawareschedwg/deployer/pkg/manifests/rte" nropv1 "github.com/openshift-kni/numaresources-operator/api/numaresourcesoperator/v1" "github.com/openshift-kni/numaresources-operator/internal/api/annotations" + "github.com/openshift-kni/numaresources-operator/pkg/objectnames" "github.com/openshift-kni/numaresources-operator/pkg/status" machineconfigv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" @@ -143,6 +144,21 @@ var _ = Describe("[Install] continuousIntegration", func() { rteContainer, err := findContainerByName(*ds, containerNameRTE) Expect(err).ToNot(HaveOccurred()) Expect(rteContainer.SecurityContext.SELinuxOptions.Type).To(Equal(selinux.RTEContextType), "container %s is running with wrong selinux context", rteContainer.Name) + + By("checking numaresources machineconfigs removed when no SELinux policy annotation is present") + if !annotations.IsCustomPolicyEnabled(updatedNROObj.Annotations) { + mcps, err := nropmcp.GetListByNodeGroupsV1(context.TODO(), e2eclient.Client, updatedNROObj.Spec.NodeGroups) + Expect(err).NotTo(HaveOccurred()) + for _, mcp := range mcps { + mc := &machineconfigv1.MachineConfig{} + // Check mc not created + mcKey := client.ObjectKey{ + Name: objectnames.GetMachineConfigName(updatedNROObj.Name, mcp.Name), + } + err := e2eclient.Client.Get(context.TODO(), mcKey, mc) + Expect(errors.IsNotFound(err)).To(BeTrue(), "MachineConfig %s is expected to not be found", mcKey.String()) + } + } }) }) })