Skip to content

Commit

Permalink
[export tests]: Specify fsGroup so we can write the exported PVC
Browse files Browse the repository at this point in the history
As non-root out of the box, most storage's won't give us a PVC that is world writeable.
Noticed this on OpenShift testing lanes where cephcsi is used instead of the "local" SC
that is used in kubevirtci.

Ceph stopping chmod 777 reference:
ceph/ceph-csi#2697

Signed-off-by: Alex Kalenyuk <[email protected]>
  • Loading branch information
akalenyu committed Nov 9, 2022
1 parent 1fed84b commit 78ca036
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion tests/storage/export.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,7 @@ var _ = SIGDescribe("Export", func() {
var err error
var token *k8sv1.Secret
var virtClient kubecli.KubevirtClient
var nonRootUser = int64(107)

BeforeEach(func() {
virtClient, err = kubecli.GetKubevirtClient()
Expand Down Expand Up @@ -172,6 +173,10 @@ var _ = SIGDescribe("Export", func() {
},
},
})
if pod.Spec.SecurityContext == nil {
pod.Spec.SecurityContext = &k8sv1.PodSecurityContext{}
}
pod.Spec.SecurityContext.FSGroup = &nonRootUser

volumeMode := pvc.Spec.VolumeMode
if volumeMode != nil && *volumeMode == k8sv1.PersistentVolumeBlock {
Expand All @@ -184,7 +189,6 @@ var _ = SIGDescribe("Export", func() {
}

createSourcePodChecker := func(pvc *k8sv1.PersistentVolumeClaim) *k8sv1.Pod {
nonRootUser := int64(107)
volumeName := pvc.GetName()
podName := "download-pod"
pod := tests.RenderPod(podName, []string{"/bin/sh", "-c", "sleep 360"}, []string{})
Expand Down

0 comments on commit 78ca036

Please sign in to comment.