From b4ce63e1ac814e7fb0c01266b7f8b2d91ac2457a Mon Sep 17 00:00:00 2001 From: Ronny Baturov Date: Thu, 14 Nov 2024 13:30:43 +0200 Subject: [PATCH] e2e: verify NROP machineconfigs are removed Starting in version 4.18, NROP MachineConfigs containing the custom SELinux policy are expected to be removed unless a specific annotation is set in the NUMAResourcesOperator CR to enforce the use of the custom (legacy) SELinux policy. To ensure this behavior, we added a test that verifies MachineConfigs are removed when the annotation is absent in the CR. Signed-off-by: Ronny Baturov --- test/e2e/install/install_test.go | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/test/e2e/install/install_test.go b/test/e2e/install/install_test.go index 6322a4592..211c30819 100644 --- a/test/e2e/install/install_test.go +++ b/test/e2e/install/install_test.go @@ -38,6 +38,7 @@ import ( "github.com/k8stopologyawareschedwg/deployer/pkg/manifests/rte" nropv1 "github.com/openshift-kni/numaresources-operator/api/numaresourcesoperator/v1" "github.com/openshift-kni/numaresources-operator/internal/api/annotations" + "github.com/openshift-kni/numaresources-operator/pkg/objectnames" "github.com/openshift-kni/numaresources-operator/pkg/status" machineconfigv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" @@ -70,7 +71,7 @@ var _ = Describe("[Install] continuousIntegration", func() { }) Context("with a running cluster with all the components", func() { - It("[test_id:47574][tier0] should perform overall deployment and verify the condition is reported as available", func() { + FIt("[test_id:47574][tier0] should perform overall deployment and verify the condition is reported as available", func() { deployedObj := deploy.OverallDeployment() nname := client.ObjectKeyFromObject(deployedObj.NroObj) Expect(nname.Name).ToNot(BeEmpty()) @@ -143,6 +144,22 @@ var _ = Describe("[Install] continuousIntegration", func() { rteContainer, err := findContainerByName(*ds, containerNameRTE) Expect(err).ToNot(HaveOccurred()) Expect(rteContainer.SecurityContext.SELinuxOptions.Type).To(Equal(selinux.RTEContextType), "container %s is running with wrong selinux context", rteContainer.Name) + + By("checking numaresources machineconfigs removed when no SELinux policy annotation is present") + if !annotations.IsCustomPolicyEnabled(updatedNROObj.Annotations) { + mcps, err := nropmcp.GetListByNodeGroupsV1(context.TODO(), e2eclient.Client, updatedNROObj.Spec.NodeGroups) + Expect(err).NotTo(HaveOccurred()) + for _, mcp := range mcps { + mc := &machineconfigv1.MachineConfig{} + // Check mc not created + mcKey := client.ObjectKey{ + Name: objectnames.GetMachineConfigName(updatedNROObj.Name, mcp.Name), + } + err := e2eclient.Client.Get(context.TODO(), mcKey, mc) + Expect(err).ToNot(BeNil(), "MachineConfig %s is not expected to to be present", mcKey.String()) + Expect(errors.IsNotFound(err)).To(BeTrue(), "Unexpected error occurred while getting MachineConfig %s: %v", mcKey.String(), err) + } + } }) }) })