diff --git a/tests/templates/kuttl/authentication/00-rbac.yaml.j2 b/tests/templates/kuttl/authentication/00-rbac.yaml.j2 new file mode 100644 index 00000000..9cbf0351 --- /dev/null +++ b/tests/templates/kuttl/authentication/00-rbac.yaml.j2 @@ -0,0 +1,29 @@ +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +rules: +{% if test_scenario['values']['openshift'] == "true" %} + - apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{% endif %} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: integration-tests-sa +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +subjects: + - kind: ServiceAccount + name: integration-tests-sa +roleRef: + kind: Role + name: use-integration-tests-scc + apiGroup: rbac.authorization.k8s.io diff --git a/tests/templates/kuttl/authentication/03-install-test-trino.yaml b/tests/templates/kuttl/authentication/03-install-test-trino.yaml index efb27097..1e903d54 100644 --- a/tests/templates/kuttl/authentication/03-install-test-trino.yaml +++ b/tests/templates/kuttl/authentication/03-install-test-trino.yaml @@ -15,6 +15,7 @@ spec: labels: app: test-trino spec: + serviceAccount: integration-tests-sa containers: - name: test-trino image: docker.stackable.tech/stackable/testing-tools:0.2.0-stackable0.0.0-dev diff --git a/tests/templates/kuttl/logging/00-rbac.yaml.j2 b/tests/templates/kuttl/logging/00-rbac.yaml.j2 new file mode 100644 index 00000000..9cbf0351 --- /dev/null +++ b/tests/templates/kuttl/logging/00-rbac.yaml.j2 @@ -0,0 +1,29 @@ +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +rules: +{% if test_scenario['values']['openshift'] == "true" %} + - apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{% endif %} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: integration-tests-sa +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +subjects: + - kind: ServiceAccount + name: integration-tests-sa +roleRef: + kind: Role + name: use-integration-tests-scc + apiGroup: rbac.authorization.k8s.io diff --git a/tests/templates/kuttl/logging/03-install-trino-test-runner.yaml b/tests/templates/kuttl/logging/03-install-trino-test-runner.yaml index 4558c54b..24860ccd 100644 --- a/tests/templates/kuttl/logging/03-install-trino-test-runner.yaml +++ b/tests/templates/kuttl/logging/03-install-trino-test-runner.yaml @@ -15,6 +15,7 @@ spec: labels: app: trino-test-runner spec: + serviceAccount: integration-tests-sa containers: - name: trino-test-runner image: docker.stackable.tech/stackable/testing-tools:0.2.0-stackable0.0.0-dev diff --git a/tests/templates/kuttl/smoke/00-rbac.yaml.j2 b/tests/templates/kuttl/smoke/00-rbac.yaml.j2 new file mode 100644 index 00000000..9cbf0351 --- /dev/null +++ b/tests/templates/kuttl/smoke/00-rbac.yaml.j2 @@ -0,0 +1,29 @@ +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +rules: +{% if test_scenario['values']['openshift'] == "true" %} + - apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{% endif %} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: integration-tests-sa +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +subjects: + - kind: ServiceAccount + name: integration-tests-sa +roleRef: + kind: Role + name: use-integration-tests-scc + apiGroup: rbac.authorization.k8s.io diff --git a/tests/templates/kuttl/smoke/20-install-check.yaml b/tests/templates/kuttl/smoke/20-install-check.yaml index 6042a32f..0eb24d02 100644 --- a/tests/templates/kuttl/smoke/20-install-check.yaml +++ b/tests/templates/kuttl/smoke/20-install-check.yaml @@ -15,6 +15,7 @@ spec: labels: app: trino-test-helper spec: + serviceAccount: integration-tests-sa containers: - name: trino-test-helper image: docker.stackable.tech/stackable/testing-tools:0.2.0-stackable0.0.0-dev diff --git a/tests/templates/kuttl/tls/00-rbac.yaml.j2 b/tests/templates/kuttl/tls/00-rbac.yaml.j2 new file mode 100644 index 00000000..9cbf0351 --- /dev/null +++ b/tests/templates/kuttl/tls/00-rbac.yaml.j2 @@ -0,0 +1,29 @@ +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +rules: +{% if test_scenario['values']['openshift'] == "true" %} + - apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{% endif %} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: integration-tests-sa +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +subjects: + - kind: ServiceAccount + name: integration-tests-sa +roleRef: + kind: Role + name: use-integration-tests-scc + apiGroup: rbac.authorization.k8s.io diff --git a/tests/templates/kuttl/tls/20-install-check.yaml.j2 b/tests/templates/kuttl/tls/20-install-check.yaml.j2 index 8740db44..801b6360 100644 --- a/tests/templates/kuttl/tls/20-install-check.yaml.j2 +++ b/tests/templates/kuttl/tls/20-install-check.yaml.j2 @@ -15,6 +15,7 @@ spec: labels: app: trino-test-helper spec: + serviceAccount: integration-tests-sa securityContext: runAsUser: 1000 runAsGroup: 1000 @@ -41,4 +42,4 @@ spec: requests: storage: "1" storageClassName: secrets.stackable.tech -{% endif %} \ No newline at end of file +{% endif %} diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index 1ee0606a..2048290f 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -69,6 +69,7 @@ tests: - use-authentication - use-tls - use-internal-tls + - openshift - name: resources dimensions: - trino-latest @@ -83,6 +84,7 @@ tests: - name: logging dimensions: - trino + - openshift - name: cluster-operation dimensions: - trino-latest