Skip to content

test: add new e2e test cases for kubectl plugin#671

Merged
venkateshjayagopal merged 1 commit into
rancher-sandbox:mainfrom
venkateshjayagopal:main
Jun 22, 2026
Merged

test: add new e2e test cases for kubectl plugin#671
venkateshjayagopal merged 1 commit into
rancher-sandbox:mainfrom
venkateshjayagopal:main

Conversation

@venkateshjayagopal

@venkateshjayagopal venkateshjayagopal commented Jun 4, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

What this PR does / why we need it:

Adding new test cases for testing "kubectl runtime-enforcer plugin"

Which issue(s) this PR fixes

fixes #N/A

Special notes for your reviewer:
In-progress

Checklist:

  • squashed commits into logical changes
  • includes documentation
  • adds unit tests
  • adds or updates e2e tests

@venkateshjayagopal venkateshjayagopal changed the title e2e: add new test cases for kubectl plugin test: add new e2e test cases for kubectl plugin Jun 4, 2026
@venkateshjayagopal venkateshjayagopal marked this pull request as draft June 4, 2026 21:35
@venkateshjayagopal

venkateshjayagopal commented Jun 4, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator Author

test execution log,

neuvector@Host-01-RKE2:~/runtime-enforcer$ sudo E2E_USE_EXISTING_CLUSTER=true E2E_SKIP_DEPENDENCIES=true /usr/local/go/bin/go test -v -timeout 20m -run TestKubectl ./test/e2e/
{"time":"2026-06-05T17:12:10.584877664Z","level":"INFO","msg":"uninstall helm release if present","name":"runtime-enforcer","namespace":"run-enf-e2e-runtime-enforcer"}
{"time":"2026-06-05T17:12:10.725344813Z","level":"INFO","msg":"remove helm repo if present","repo":"run-enf-e2e-runtime-enforcer-repo"}
{"time":"2026-06-05T17:12:10.802249332Z","level":"INFO","msg":"installing helm release","path":"../../charts/runtime-enforcer/","name":"runtime-enforcer","namespace":"run-enf-e2e-runtime-enforcer"}
{"time":"2026-06-05T17:12:39.706104154Z","level":"INFO","msg":"Downloading and installing kubectl runtime-enforcer plugin."}
=== RUN   TestKubectlPluginProposalPromoteTest
    e2e_test.go:69: test kubectl runtime-enforcer proposal promote PROPOSAL_NAME [flags]
=== RUN   TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote
    helpers_test.go:39: setup shared k8s client
    e2e_test.go:71: creating test namespace: "run-enf-e2e-f6a1fd9f362fdb062c49"
    kubectl_plugin_test.go:66: installing test Opensuse deployment
=== RUN   TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/required_resources_become_available
=== RUN   TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/the_workload_proposal_is_created_successfully_for_the_opensuse_pod
=== RUN   TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/the_running_process_is_learned
    kubectl_plugin_test.go:106: waiting for policy proposal to be created:  deploy-opensuse-deployment
    kubectl_plugin_test.go:118: waiting for processes to be learned
=== RUN   TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/dry-run_flag_works_correctly
=== RUN   TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/kubectl_plugin_promotes_proposal_successfully
    kubectl_plugin_test.go:163: stdout: Promoted WorkloadPolicyProposal "deploy-opensuse-deployment" in namespace "run-enf-e2e-f6a1fd9f362fdb062c49" to WorkloadPolicy.
        WorkloadPolicy "deploy-opensuse-deployment" in namespace "run-enf-e2e-f6a1fd9f362fdb062c49" has been created.
    kubectl_plugin_test.go:164: stderr:
=== RUN   TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/WorkloadPolicy_was_created_in_monitor_mode
=== RUN   TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/WorkloadPolicyProposal_was_deleted_after_promotion
=== NAME  TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote
    kubectl_plugin_test.go:214: deleting test Opensuse deployment
    kubectl_plugin_test.go:214: waiting for Opensuse deployment to be deleted
--- PASS: TestKubectlPluginProposalPromoteTest (42.04s)
    --- PASS: TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote (42.04s)
        --- PASS: TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/required_resources_become_available (10.02s)
        --- PASS: TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/the_workload_proposal_is_created_successfully_for_the_opensuse_pod (5.01s)
        --- PASS: TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/the_running_process_is_learned (5.01s)
        --- PASS: TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/dry-run_flag_works_correctly (0.27s)
        --- PASS: TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/kubectl_plugin_promotes_proposal_successfully (0.77s)
        --- PASS: TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/WorkloadPolicy_was_created_in_monitor_mode (5.01s)
        --- PASS: TestKubectlPluginProposalPromoteTest/kubectl_plugin:_proposal_promote/WorkloadPolicyProposal_was_deleted_after_promotion (5.01s)
=== RUN   TestKubectlPluginPolicyModeTest
    e2e_test.go:75: test kubectl runtime-enforcer policy monitor POLICY_NAME [flags]
=== RUN   TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode
    helpers_test.go:39: setup shared k8s client
    e2e_test.go:77: creating test namespace: "run-enf-e2e-c6f51c4eb6b0708ef070"
    kubectl_plugin_test.go:251: creating workload policy "run-enf-e2e-c6f51c4eb6b0708ef070/mode-test-policy" and waiting for it to become Ready
    helpers_test.go:135: checking workloadpolicy status: {1 map[] 3 3 0 0 [] Ready 0 []}
=== RUN   TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode/required_resources_become_available
=== RUN   TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode/kubectl_plugin_switches_mode_to_protect
    kubectl_plugin_test.go:266: stdout: Successfully set WorkloadPolicy "mode-test-policy" in namespace "run-enf-e2e-c6f51c4eb6b0708ef070" to "protect" mode.
    kubectl_plugin_test.go:267: stderr:
=== RUN   TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode/kubectl_plugin_switches_mode_back_to_monitor
    kubectl_plugin_test.go:297: stdout: Successfully set WorkloadPolicy "mode-test-policy" in namespace "run-enf-e2e-c6f51c4eb6b0708ef070" to "monitor" mode.
    kubectl_plugin_test.go:298: stderr:
=== RUN   TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode/setting_mode_to_same_value_is_idempotent
=== RUN   TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode/dry-run_flag_works_for_mode_change
=== RUN   TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode/error_handling_for_non-existent_policy
=== NAME  TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode
    kubectl_plugin_test.go:379: deleting workload policy "run-enf-e2e-c6f51c4eb6b0708ef070/mode-test-policy" and waiting for it to be deleted
--- PASS: TestKubectlPluginPolicyModeTest (21.42s)
    --- PASS: TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode (21.42s)
        --- PASS: TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode/required_resources_become_available (10.01s)
        --- PASS: TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode/kubectl_plugin_switches_mode_to_protect (0.28s)
        --- PASS: TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode/kubectl_plugin_switches_mode_back_to_monitor (0.27s)
        --- PASS: TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode/setting_mode_to_same_value_is_idempotent (0.26s)
        --- PASS: TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode/dry-run_flag_works_for_mode_change (0.27s)
        --- PASS: TestKubectlPluginPolicyModeTest/kubectl_plugin:_policy_mode/error_handling_for_non-existent_policy (0.26s)
=== RUN   TestKubectlPluginPolicyExecAllowTest
    e2e_test.go:81: test kubectl runtime-enforcer policy allow POLICY_NAME <container-name> <executable-name> [<executable-name>...] [flags]
=== RUN   TestKubectlPluginPolicyExecAllowTest/kubectl_plugin:_policy_exec_allow
    helpers_test.go:39: setup shared k8s client
    e2e_test.go:83: creating test namespace: "run-enf-e2e-e2cd8e18fb32a317e4cf"
    kubectl_plugin_test.go:412: creating workload policy "run-enf-e2e-e2cd8e18fb32a317e4cf/exec-allow-test-policy" and waiting for it to become Ready
    helpers_test.go:135: checking workloadpolicy status: {1 map[] 3 3 0 0 [] Ready 0 []}
=== RUN   TestKubectlPluginPolicyExecAllowTest/kubectl_plugin:_policy_exec_allow/required_resources_become_available
=== RUN   TestKubectlPluginPolicyExecAllowTest/kubectl_plugin:_policy_exec_allow/kubectl_plugin_allows_new_executables
    kubectl_plugin_test.go:426: stdout: Successfully updated executables for WorkloadPolicy "exec-allow-test-policy" in namespace "run-enf-e2e-e2cd8e18fb32a317e4cf".
    kubectl_plugin_test.go:427: stderr:
=== RUN   TestKubectlPluginPolicyExecAllowTest/kubectl_plugin:_policy_exec_allow/allowing_already-allowed_executable_is_idempotent
    kubectl_plugin_test.go:462: stdout: No changes required for WorkloadPolicy "exec-allow-test-policy" in namespace "run-enf-e2e-e2cd8e18fb32a317e4cf".
    kubectl_plugin_test.go:463: stderr:
=== RUN   TestKubectlPluginPolicyExecAllowTest/kubectl_plugin:_policy_exec_allow/dry-run_flag_works_for_allow
=== NAME  TestKubectlPluginPolicyExecAllowTest/kubectl_plugin:_policy_exec_allow
    kubectl_plugin_test.go:509: deleting workload policy "run-enf-e2e-e2cd8e18fb32a317e4cf/exec-allow-test-policy" and waiting for it to be deleted
--- PASS: TestKubectlPluginPolicyExecAllowTest (20.90s)
    --- PASS: TestKubectlPluginPolicyExecAllowTest/kubectl_plugin:_policy_exec_allow (20.90s)
        --- PASS: TestKubectlPluginPolicyExecAllowTest/kubectl_plugin:_policy_exec_allow/required_resources_become_available (10.01s)
        --- PASS: TestKubectlPluginPolicyExecAllowTest/kubectl_plugin:_policy_exec_allow/kubectl_plugin_allows_new_executables (0.27s)
        --- PASS: TestKubectlPluginPolicyExecAllowTest/kubectl_plugin:_policy_exec_allow/allowing_already-allowed_executable_is_idempotent (0.26s)
        --- PASS: TestKubectlPluginPolicyExecAllowTest/kubectl_plugin:_policy_exec_allow/dry-run_flag_works_for_allow (0.28s)
=== RUN   TestKubectlPluginPolicyExecDenyTest
    e2e_test.go:87: test kubectl runtime-enforcer policy deny POLICY_NAME <container-name> <executable-name> [<executable-name>...] [flags]
=== RUN   TestKubectlPluginPolicyExecDenyTest/kubectl_plugin:_policy_exec_deny
    helpers_test.go:39: setup shared k8s client
    e2e_test.go:89: creating test namespace: "run-enf-e2e-1f19d923bba4db438236"
    kubectl_plugin_test.go:545: creating workload policy "run-enf-e2e-1f19d923bba4db438236/exec-deny-test-policy" and waiting for it to become Ready
    helpers_test.go:135: checking workloadpolicy status: {1 map[] 3 3 0 0 [] Ready 0 []}
=== RUN   TestKubectlPluginPolicyExecDenyTest/kubectl_plugin:_policy_exec_deny/required_resources_become_available
=== RUN   TestKubectlPluginPolicyExecDenyTest/kubectl_plugin:_policy_exec_deny/kubectl_plugin_denies_executables
    kubectl_plugin_test.go:559: stdout: Successfully updated executables for WorkloadPolicy "exec-deny-test-policy" in namespace "run-enf-e2e-1f19d923bba4db438236".
    kubectl_plugin_test.go:560: stderr:
=== RUN   TestKubectlPluginPolicyExecDenyTest/kubectl_plugin:_policy_exec_deny/denying_non-existent_executable_is_idempotent
=== RUN   TestKubectlPluginPolicyExecDenyTest/kubectl_plugin:_policy_exec_deny/dry-run_flag_works_for_deny
=== NAME  TestKubectlPluginPolicyExecDenyTest/kubectl_plugin:_policy_exec_deny
    kubectl_plugin_test.go:637: deleting workload policy "run-enf-e2e-1f19d923bba4db438236/exec-deny-test-policy" and waiting for it to be deleted
--- PASS: TestKubectlPluginPolicyExecDenyTest (20.88s)
    --- PASS: TestKubectlPluginPolicyExecDenyTest/kubectl_plugin:_policy_exec_deny (20.88s)
        --- PASS: TestKubectlPluginPolicyExecDenyTest/kubectl_plugin:_policy_exec_deny/required_resources_become_available (10.01s)
        --- PASS: TestKubectlPluginPolicyExecDenyTest/kubectl_plugin:_policy_exec_deny/kubectl_plugin_denies_executables (0.27s)
        --- PASS: TestKubectlPluginPolicyExecDenyTest/kubectl_plugin:_policy_exec_deny/denying_non-existent_executable_is_idempotent (0.26s)
        --- PASS: TestKubectlPluginPolicyExecDenyTest/kubectl_plugin:_policy_exec_deny/dry-run_flag_works_for_deny (0.28s)
=== RUN   TestKubectlPluginErrorHandlingTest
    e2e_test.go:93: test kubectl runtime-enforcer ERROR handling
=== RUN   TestKubectlPluginErrorHandlingTest/kubectl_plugin:_error_handling
    helpers_test.go:39: setup shared k8s client
    e2e_test.go:95: creating test namespace: "run-enf-e2e-1ccaf1e300d3adb99cd1"
=== RUN   TestKubectlPluginErrorHandlingTest/kubectl_plugin:_error_handling/required_resources_become_available
=== RUN   TestKubectlPluginErrorHandlingTest/kubectl_plugin:_error_handling/error_when_promoting_non-existent_proposal
=== RUN   TestKubectlPluginErrorHandlingTest/kubectl_plugin:_error_handling/error_when_modifying_non-existent_policy
=== RUN   TestKubectlPluginErrorHandlingTest/kubectl_plugin:_error_handling/error_when_allowing_executable_for_non-existent_container
--- PASS: TestKubectlPluginErrorHandlingTest (10.35s)
    --- PASS: TestKubectlPluginErrorHandlingTest/kubectl_plugin:_error_handling (10.35s)
        --- PASS: TestKubectlPluginErrorHandlingTest/kubectl_plugin:_error_handling/required_resources_become_available (10.02s)
        --- PASS: TestKubectlPluginErrorHandlingTest/kubectl_plugin:_error_handling/error_when_promoting_non-existent_proposal (0.27s)
        --- PASS: TestKubectlPluginErrorHandlingTest/kubectl_plugin:_error_handling/error_when_modifying_non-existent_policy (0.01s)
        --- PASS: TestKubectlPluginErrorHandlingTest/kubectl_plugin:_error_handling/error_when_allowing_executable_for_non-existent_container (0.02s)
PASS

@dottorblaster dottorblaster moved this to In Progress in Runtime Enforcer Jun 5, 2026
@dottorblaster dottorblaster added this to the 0.7.0 milestone Jun 8, 2026
@venkateshjayagopal venkateshjayagopal marked this pull request as ready for review June 8, 2026 17:10
@venkateshjayagopal venkateshjayagopal moved this from In Progress to Pending Review in Runtime Enforcer Jun 8, 2026
Andreagit97
Andreagit97 reviewed Jun 10, 2026
View reviewed changes

@Andreagit97 Andreagit97 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for all these tests!
Just left some high level comments on the architecture

Comment thread test/e2e/e2e_suite_test.go Outdated
Comment thread test/e2e/kubectl_plugin_test.go
Andreagit97
Andreagit97 reviewed Jun 16, 2026
View reviewed changes

@Andreagit97 Andreagit97 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, just a couple of comments

Comment thread test/e2e/e2e_suite_test.go Outdated
Comment thread test/e2e/kubectl_plugin_test.go
@venkateshjayagopal
test: add new e2e test cases for kubectl plugin
2b629f8 
Signed-off-by: Venkatesh Jayagopal <venkatesh.jayagopal@suse.com>
Andreagit97
Andreagit97 approved these changes Jun 22, 2026
View reviewed changes

@Andreagit97 Andreagit97 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for addressing the comments! Great job!

@venkateshjayagopal venkateshjayagopal merged commit 68a3c57 into rancher-sandbox:main Jun 22, 2026
13 checks passed
@github-project-automation github-project-automation Bot moved this from Pending Review to Done in Runtime Enforcer Jun 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Andreagit97 Andreagit97 Andreagit97 approved these changes
@holyspectral holyspectral Awaiting requested review from holyspectral
@dottorblaster dottorblaster Awaiting requested review from dottorblaster

Assignees

@venkateshjayagopal venkateshjayagopal

Labels

None yet

Projects

Runtime Enforcer
Archived in project

Milestone

0.7.0

Development

Successfully merging this pull request may close these issues.

3 participants

@venkateshjayagopal @Andreagit97 @dottorblaster