Since we have comprehensive unit tests that exercise all these scenarios. Will verify this directly. Verified with OCP build 4.3.0-0.nightly-2020-02-17-110952, Related test code can cover the fix: $ cd ~ $ git clone https://github.com/openshift/apiserver-library-go.git# or git pull if already cloned $ cd apiserver-library-go $ git branch -a $ git checkout -b remotes/origin/release-4.3 $ cd pkg/securitycontextconstraints/sccadmission $ ls admission.go admission_test.go intializers.go scc_exec.go scc_exec_test.go $ go test -v -run Test* === RUN TestFailClosedOnInvalidPod --- PASS: TestFailClosedOnInvalidPod (0.00s) === RUN TestAdmitCaps --- PASS: TestAdmitCaps (0.00s) === RUN TestAdmitSuccess --- PASS: TestAdmitSuccess (0.00s) === RUN TestAdmitFailure --- PASS: TestAdmitFailure (0.00s) === RUN TestCreateProvidersFromConstraints --- PASS: TestCreateProvidersFromConstraints (0.00s) === RUN TestMatchingSecurityContextConstraints --- PASS: TestMatchingSecurityContextConstraints (0.00s) === RUN TestAdmitWithPrioritizedSCC --- PASS: TestAdmitWithPrioritizedSCC (0.00s) === RUN TestAdmitSeccomp --- PASS: TestAdmitSeccomp (0.00s) === RUN TestAdmitPreferNonmutatingWhenPossible --- PASS: TestAdmitPreferNonmutatingWhenPossible (0.00s) === RUN TestExecAdmit --- PASS: TestExecAdmit (0.00s) scc_exec_test.go:115: attach check: testing.GetActionImpl{ActionImpl:testing.ActionImpl{Namespace:"namespace", Verb:"get", Resource:schema.GroupVersionResource{Group:"", Version:"v1", Resource:"pods"}, Subresource:""}, Name:"pod-name"} scc_exec_test.go:115: exec check: testing.GetActionImpl{ActionImpl:testing.ActionImpl{Namespace:"namespace", Verb:"get", Resource:schema.GroupVersionResource{Group:"", Version:"v1", Resource:"pods"}, Subresource:""}, Name:"pod-name"} PASS ok github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccadmission 0.025s We can see all related test cases have been passed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0528