Skip to content

Add CSI Addon Pod Security Validation Test #12034

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 7, 2025
Merged

Add CSI Addon Pod Security Validation Test #12034

merged 1 commit into from
May 7, 2025

Conversation

paraggit
Copy link
Contributor

This PR adds a new test case to validate the CSI Addon pods’ compliance with Pod Security Standards.
The test ensures that the csi-addons container inside the CSI RBD Nodeplugin pod:

  • Is securely reachable over HTTPS.
  • Correctly rejects insecure (plain HTTP) connections.

@paraggit paraggit requested review from a team as code owners April 29, 2025 14:13
@pull-request-size pull-request-size bot added the size/M PR that changes 30-99 lines label Apr 29, 2025
@paraggit paraggit requested a review from a team April 29, 2025 14:24
@paraggit paraggit force-pushed the csi-addon-security branch from 7672206 to 6d0e17c Compare April 29, 2025 14:26
ocs-ci
ocs-ci reviewed Apr 29, 2025
View reviewed changes
Copy link

@ocs-ci ocs-ci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR validation on existing cluster

Cluster Name: pakamble-ib419c28
Cluster Configuration:
PR Test Suite: tier1
PR Test Path: tests/functional/pod_and_daemons/test_csiaddon_pod_security.py
Additional Test Params:
OCP VERSION: 4.19
OCS VERSION: 4.19
tested against branch: master

Job PASSED.

@paraggit paraggit added the Verified Mark when PR was verified and log provided label Apr 29, 2025
@paraggit paraggit force-pushed the csi-addon-security branch from ffe550f to d7d2826 Compare April 29, 2025 14:51
@pull-request-size pull-request-size bot added size/L PR that changes 100-499 lines and removed size/M PR that changes 30-99 lines labels May 5, 2025
@paraggit paraggit force-pushed the csi-addon-security branch from b4f0af1 to 9b87706 Compare May 5, 2025 07:13
@paraggit paraggit force-pushed the csi-addon-security branch from f97a487 to eefa9a7 Compare May 6, 2025 02:50
@openshift-ci openshift-ci bot added the lgtm label May 6, 2025
keemano
keemano reviewed May 6, 2025
View reviewed changes
tests/functional/pod_and_daemons/test_csiaddon_pod_security.py

port_used_by_csi_addon = csi_addon_container[0]["ports"][0]["containerPort"]

# Querying to the container port with HTTPS
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this comment be like this? - "Verifying if the pod responds correctly to the secured HTTPS connection"

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented May 6, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ebenahar, jilju, paraggit

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ebenahar ebenahar merged commit 46abf29 into master May 7, 2025
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ocs-ci ocs-ci ocs-ci left review comments

@keemano keemano keemano left review comments

@ebenahar ebenahar ebenahar approved these changes

@jilju jilju jilju approved these changes

Assignees

@ebenahar ebenahar

@jilju jilju

Labels
lgtm size/L PR that changes 100-499 lines Verified Mark when PR was verified and log provided
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@paraggit @ebenahar @jilju @ocs-ci @keemano