From 8777e192f286fecee79da58ef3f8e0ba00851045 Mon Sep 17 00:00:00 2001 From: Krzysztof Ostrowski Date: Thu, 15 Jan 2026 14:56:38 +0100 Subject: [PATCH] test/e2e: do not use ambiguous container image short names The e2e tests fail on OCP 4.22 because RHEL 9 enforces fully qualified container image names ("short name mode"). The backend image `nginxdemos/nginx-hello:plain-text` is rejected with ImageInspectError since Podman cannot determine which registry to pull from. Replace it with `registry.k8s.io/e2e-test-images/agnhost:2.53`, a fully qualified image that is the standard e2e test image across OpenShift repositories. The agnhost image requires running the `netexec` subcommand to start its HTTP server. Update test expectations from "URI: /" to "NOW:" to match agnhost's response format. Assisted-By: Claude Code --- test/e2e/proxy_test.go | 20 ++++++++++---------- test/e2e/util.go | 3 ++- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/test/e2e/proxy_test.go b/test/e2e/proxy_test.go index 708df21e2..9d3f07860 100644 --- a/test/e2e/proxy_test.go +++ b/test/e2e/proxy_test.go @@ -92,7 +92,7 @@ func TestOAuthProxyE2E(t *testing.T) { proxyArgs: []string{ "--upstream=http://localhost:8080", }, - pageResult: "URI: /", + pageResult: "NOW:", }, { name: "scope-full", @@ -108,7 +108,7 @@ func TestOAuthProxyE2E(t *testing.T) { "--upstream=http://localhost:8080", `--openshift-sar={"namespace":"` + ns + `","resource":"services","verb":"list"}`, }, - pageResult: "URI: /", + pageResult: "NOW:", }, { name: "sar-fail", @@ -124,7 +124,7 @@ func TestOAuthProxyE2E(t *testing.T) { "--upstream=http://localhost:8080", `--openshift-sar={"namespace":"` + ns + `","resource":"routes","resourceName":"proxy-route","verb":"get"}`, }, - pageResult: "URI: /", + pageResult: "NOW:", }, { name: "sar-name-fail", @@ -140,7 +140,7 @@ func TestOAuthProxyE2E(t *testing.T) { "--upstream=http://localhost:8080", `--openshift-sar=[{"namespace":"` + ns + `","resource":"services","verb":"list"}, {"namespace":"` + ns + `","resource":"routes","verb":"list"}]`, }, - pageResult: "URI: /", + pageResult: "NOW:", }, { name: "sar-multi-fail", @@ -157,7 +157,7 @@ func TestOAuthProxyE2E(t *testing.T) { `--skip-auth-regex=^/foo`, }, accessSubPath: "/foo", - pageResult: "URI: /foo\n", + pageResult: "NOW:", bypass: true, }, { @@ -167,7 +167,7 @@ func TestOAuthProxyE2E(t *testing.T) { `--skip-auth-regex=^/foo`, }, accessSubPath: "/bar", - pageResult: "URI: /bar", + pageResult: "NOW:", }, { name: "bypass-auth-foo", @@ -176,7 +176,7 @@ func TestOAuthProxyE2E(t *testing.T) { `--bypass-auth-for=^/foo`, }, accessSubPath: "/foo", - pageResult: "URI: /foo\n", + pageResult: "NOW:", bypass: true, }, { @@ -186,7 +186,7 @@ func TestOAuthProxyE2E(t *testing.T) { `--bypass-auth-except-for=^/foo`, }, accessSubPath: "/foo", - pageResult: "URI: /foo\n", + pageResult: "NOW:", }, { name: "bypass-auth-except-bypassed", @@ -195,7 +195,7 @@ func TestOAuthProxyE2E(t *testing.T) { `--bypass-auth-except-for=^/foo`, }, accessSubPath: "/bar", - pageResult: "URI: /bar", + pageResult: "NOW:", bypass: true, }, } @@ -227,7 +227,7 @@ func TestOAuthProxyE2E(t *testing.T) { openshiftTransport, err := rest.TransportFor(testConfig) require.NoError(t, err) - backendImage := "nginxdemos/nginx-hello:plain-text" + backendImage := "registry.k8s.io/e2e-test-images/agnhost:2.56" upstreamCA, upstreamCert, upstreamKey, err := createCAandCertSet("localhost") require.NoError(t, err, "Error creating upstream TLS certificates") diff --git a/test/e2e/util.go b/test/e2e/util.go index 4932639e1..9cf046a17 100644 --- a/test/e2e/util.go +++ b/test/e2e/util.go @@ -780,7 +780,8 @@ func newOAuthProxyPod(proxyImage, backendImage string, suffix string, extraProxy }, { Image: backendImage, - Name: "hello-openshift", + Name: "agnhost", + Args: []string{"netexec", "--http-port=8080"}, SecurityContext: &v1.SecurityContext{ AllowPrivilegeEscalation: pointer.Bool(false), Capabilities: &v1.Capabilities{Drop: []v1.Capability{"ALL"}},