e2e: verify NROP machineconfigs are removed

Starting in version 4.18, NROP MachineConfigs containing the custom SELinux policy are expected to be removed unless a specific annotation is set in the NUMAResourcesOperator CR to enforce the use of the custom (legacy) SELinux policy. To ensure this behavior, we added a test that verifies MachineConfigs are removed when the annotation is absent in the CR. Signed-off-by: Ronny Baturov <[email protected]>
openshift-kni · Nov 25, 2024 · 8da6754 · 8da6754
1 parent 972f82b
commit 8da6754
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/test/e2e/install/install_test.go b/test/e2e/install/install_test.go
@@ -38,6 +38,7 @@ import (
 	"github.com/k8stopologyawareschedwg/deployer/pkg/manifests/rte"
 	nropv1 "github.com/openshift-kni/numaresources-operator/api/numaresourcesoperator/v1"
 	"github.com/openshift-kni/numaresources-operator/internal/api/annotations"
+	"github.com/openshift-kni/numaresources-operator/pkg/objectnames"
 	"github.com/openshift-kni/numaresources-operator/pkg/status"
 	machineconfigv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1"
 
@@ -70,7 +71,7 @@ var _ = Describe("[Install] continuousIntegration", func() {
 	})
 
 	Context("with a running cluster with all the components", func() {
-		It("[test_id:47574][tier0] should perform overall deployment and verify the condition is reported as available", func() {
+		FIt("[test_id:47574][tier0] should perform overall deployment and verify the condition is reported as available", func() {
 			deployedObj := deploy.OverallDeployment()
 			nname := client.ObjectKeyFromObject(deployedObj.NroObj)
 			Expect(nname.Name).ToNot(BeEmpty())
@@ -143,6 +144,22 @@ var _ = Describe("[Install] continuousIntegration", func() {
 			rteContainer, err := findContainerByName(*ds, containerNameRTE)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(rteContainer.SecurityContext.SELinuxOptions.Type).To(Equal(selinux.RTEContextType), "container %s is running with wrong selinux context", rteContainer.Name)
+
+			By("checking numaresources machineconfigs removed when no SELinux policy annotation is present")
+			if !annotations.IsCustomPolicyEnabled(updatedNROObj.Annotations) {
+				mcps, err := nropmcp.GetListByNodeGroupsV1(context.TODO(), e2eclient.Client, updatedNROObj.Spec.NodeGroups)
+				Expect(err).NotTo(HaveOccurred())
+				for _, mcp := range mcps {
+					mc := &machineconfigv1.MachineConfig{}
+					// Check mc not created
+					mcKey := client.ObjectKey{
+						Name: objectnames.GetMachineConfigName(updatedNROObj.Name, mcp.Name),
+					}
+					err := e2eclient.Client.Get(context.TODO(), mcKey, mc)
+					Expect(err).ToNot(BeNil(), "MachineConfig %s is not expected to to be present", mcKey.String())
+					Expect(errors.IsNotFound(err)).To(BeTrue(), "Unexpected error occurred while getting MachineConfig %s: %v", mcKey.String(), err)
+				}
+			}
 		})
 	})
 })