From 0f000c2df2353219b3c72354a74c630470065ede Mon Sep 17 00:00:00 2001 From: Dmitry Sharshakov Date: Tue, 26 Nov 2024 22:31:07 +0100 Subject: [PATCH] fix: fix e2e test with extensions and SELinux Skip SELinux test when system extensions are active, we'll work on that in a bit. Also elaborate more on SELinux test errors. Signed-off-by: Dmitry Sharshakov --- internal/integration/api/selinux.go | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/internal/integration/api/selinux.go b/internal/integration/api/selinux.go index 1073d17477f..9ba41931805 100644 --- a/internal/integration/api/selinux.go +++ b/internal/integration/api/selinux.go @@ -26,6 +26,7 @@ import ( "github.com/siderolabs/talos/pkg/machinery/client" "github.com/siderolabs/talos/pkg/machinery/config/machine" "github.com/siderolabs/talos/pkg/machinery/constants" + runtimeres "github.com/siderolabs/talos/pkg/machinery/resources/runtime" ) // SELinuxSuite ... @@ -152,6 +153,13 @@ func (suite *SELinuxSuite) checkFileLabels(nodes []string, expectedLabels map[st suite.T().Skip("skipping SELinux test since SELinux is disabled") } + // TODO: do not skip the test if system extensions are enabled + extensionsResult, err := suite.Client.COSI.List(nodeCtx, runtimeres.NewExtensionStatus(runtimeres.NamespaceName, "1").Metadata()) + suite.Require().NoError(err) + if len(extensionsResult.Items) > 0 { + suite.T().Skip("skipping SELinux test since system extensions are enabled") + } + // We should check both folders and their contents for proper labels for _, dir := range []bool{true, false} { for path, label := range expectedLabels { @@ -173,14 +181,14 @@ func (suite *SELinuxSuite) checkFileLabels(nodes []string, expectedLabels map[st return nil } - suite.Require().NotNil(info.Xattrs) + suite.Require().NotNil(info.Xattrs, "no xattrs for %s", info.Name) found := false for _, l := range info.Xattrs { if l.Name == "security.selinux" { got := string(bytes.Trim(l.Data, "\x00\n")) - suite.Require().Contains(got, label, "expected %s to have label %s, got %s", path, label, got) + suite.Require().Contains(got, label, "expected %s to have label %s, got %s", info.Name, label, got) found = true @@ -188,15 +196,15 @@ func (suite *SELinuxSuite) checkFileLabels(nodes []string, expectedLabels map[st } } - suite.Require().True(found) + suite.Require().True(found, "could not find security.selinux xattr for %s", info.Name) return nil }) if allowMissing { if err != nil { - suite.Require().Contains(err.Error(), "lstat") - suite.Require().Contains(err.Error(), "no such file or directory") + suite.Require().Contains(err.Error(), "lstat", "expected error to be due to missing file %s", path) + suite.Require().Contains(err.Error(), "no such file or directory", "expected error to be due to missing file %s", path) } } else { suite.Require().NoError(err)