Adds tests for NET_BIND_SERVICE from here: #4066

hashicorp · Jun 26, 2024 · cd4a687 · cd4a687
1 parent 0ae97a0
commit cd4a687
Showing 1 changed file with 16 additions and 3 deletions.
diff --git a/control-plane/connect-inject/webhook/consul_dataplane_sidecar_test.go b/control-plane/connect-inject/webhook/consul_dataplane_sidecar_test.go
@@ -806,6 +806,9 @@ func TestHandlerConsulDataplaneSidecar_withSecurityContext(t *testing.T) {
 				RunAsNonRoot:             pointer.Bool(true),
 				ReadOnlyRootFilesystem:   pointer.Bool(true),
 				AllowPrivilegeEscalation: pointer.Bool(false),
+				Capabilities: &corev1.Capabilities{
+					Add: []corev1.Capability{"NET_BIND_SERVICE"},
+				},
 			},
 		},
 		"tproxy enabled; openshift disabled": {
@@ -817,12 +820,19 @@ func TestHandlerConsulDataplaneSidecar_withSecurityContext(t *testing.T) {
 				RunAsNonRoot:             pointer.Bool(true),
 				ReadOnlyRootFilesystem:   pointer.Bool(true),
 				AllowPrivilegeEscalation: pointer.Bool(false),
+				Capabilities: &corev1.Capabilities{
+					Add: []corev1.Capability{"NET_BIND_SERVICE"},
+				},
 			},
 		},
 		"tproxy disabled; openshift enabled": {
-			tproxyEnabled:      false,
-			openShiftEnabled:   true,
-			expSecurityContext: nil,
+			tproxyEnabled:    false,
+			openShiftEnabled: true,
+			expSecurityContext: &corev1.SecurityContext{
+				Capabilities: &corev1.Capabilities{
+					Add: []corev1.Capability{"NET_BIND_SERVICE"},
+				},
+			},
 		},
 		"tproxy enabled; openshift enabled": {
 			tproxyEnabled:    true,
@@ -833,6 +843,9 @@ func TestHandlerConsulDataplaneSidecar_withSecurityContext(t *testing.T) {
 				RunAsNonRoot:             pointer.Bool(true),
 				ReadOnlyRootFilesystem:   pointer.Bool(true),
 				AllowPrivilegeEscalation: pointer.Bool(false),
+				Capabilities: &corev1.Capabilities{
+					Add: []corev1.Capability{"NET_BIND_SERVICE"},
+				},
 			},
 		},
 	}