[E2E][OCP] Set privileged SCC to additional Agents and Beats instances (

#8376)

* [E2E][OCP] Set privileged SCC to additional Agents and Beats instances

* Fix logstash on OCP

test/e2e/agent/config_test.go

@@ -34,6 +34,7 @@ func TestSystemIntegrationConfig(t *testing.T) {
 
 	agentBuilder := agent.NewBuilder(name).
 		WithElasticsearchRefs(agent.ToOutput(esBuilder.Ref(), "default")).
+		WithOpenShiftRoles(test.UseSCCRole).
 		WithDefaultESValidation(agent.HasWorkingDataStream(agent.LogsType, "elastic_agent", "default")).
 		WithDefaultESValidation(agent.HasWorkingDataStream(agent.LogsType, "elastic_agent.filebeat", "default")).
 		WithDefaultESValidation(agent.HasWorkingDataStream(agent.LogsType, "elastic_agent.metricbeat", "default")).
@@ -73,6 +74,7 @@ func TestAgentConfigRef(t *testing.T) {
 		WithConfigRef(secretName).
 		WithObjects(secret).
 		WithElasticsearchRefs(agent.ToOutput(esBuilder.Ref(), "default")).
+		WithOpenShiftRoles(test.UseSCCRole).
 		WithDefaultESValidation(agent.HasWorkingDataStream(agent.LogsType, "elastic_agent", "default")).
 		WithDefaultESValidation(agent.HasWorkingDataStream(agent.LogsType, "elastic_agent.filebeat", "default")).
 		WithDefaultESValidation(agent.HasWorkingDataStream(agent.LogsType, "elastic_agent.metricbeat", "default")).
@@ -105,6 +107,7 @@ func TestMultipleOutputConfig(t *testing.T) {
 			agent.ToOutput(esBuilder1.Ref(), "default"),
 			agent.ToOutput(esBuilder2.Ref(), "monitoring"),
 		).
+		WithOpenShiftRoles(test.UseSCCRole).
 		WithESValidation(agent.HasWorkingDataStream(agent.LogsType, "elastic_agent", "default"), "monitoring").
 		WithESValidation(agent.HasWorkingDataStream(agent.LogsType, "elastic_agent.filebeat", "default"), "monitoring").
 		WithESValidation(agent.HasWorkingDataStream(agent.LogsType, "elastic_agent.metricbeat", "default"), "monitoring").

test/e2e/beat/config_test.go

@@ -117,6 +117,7 @@ func TestHeartbeatConfig(t *testing.T) {
 		WithType(heartbeat.Type).
 		WithDeployment().
 		WithElasticsearchRef(esBuilder.Ref()).
+		WithOpenShiftRoles(test.UseSCCRole).
 		WithESValidations(
 			beat.HasEventFromBeat(heartbeat.Type),
 			beat.HasEvent("monitor.status:up"))

test/e2e/global_ca_test.go

@@ -59,9 +59,11 @@ func TestGlobalCA(t *testing.T) {
 	testPod := beat.NewPodBuilder(name)
 	agent := elasticagent.NewBuilder(name).
 		WithElasticsearchRefs(elasticagent.ToOutput(es.Ref(), "default")).
-		WithDefaultESValidation(elasticagent.HasWorkingDataStream(elasticagent.LogsType, "elastic_agent", "default"))
+		WithDefaultESValidation(elasticagent.HasWorkingDataStream(elasticagent.LogsType, "elastic_agent", "default")).
+		WithOpenShiftRoles(test.UseSCCRole)
 	agent = elasticagent.ApplyYamls(t, agent, e2e_agent.E2EAgentSystemIntegrationConfig, e2e_agent.E2EAgentSystemIntegrationPodTemplate)
 	ls := logstash.NewBuilder(name).
+		WithRestrictedSecurityContext().
 		WithNodeCount(1).
 		WithElasticsearchRefs(
 			logstashv1alpha1.ElasticsearchCluster{

test/e2e/logstash/keystore_test.go

@@ -169,7 +169,7 @@ filter {
 					},
 				},
 			},
-		})
+		}).WithRestrictedSecurityContext()
 
 	steps := test.StepsFunc(func(k *test.K8sClient) test.StepList {
 		return test.StepList{

test/e2e/logstash/logstash_test.go

@@ -41,7 +41,7 @@ func TestLogstashWithEnv(t *testing.T) {
 					},
 				},
 			},
-		})
+		}).WithRestrictedSecurityContext()
 	test.Sequence(nil, test.EmptySteps, logstashBuilder).RunSequential(t)
 }
 

test/e2e/logstash/stack_monitoring_test.go

@@ -116,7 +116,8 @@ func TestLogstashResolvingDollarVariableInStackMonitoring(t *testing.T) {
 			"api.auth.basic.username":   "${API_USERNAME}",
 			"api.auth.basic.password":   "${API_PASSWORD}",
 		}).
-		WithExpectedAPIServer(configs.APIServer{Username: username, Password: password})
+		WithExpectedAPIServer(configs.APIServer{Username: username, Password: password}).
+		WithRestrictedSecurityContext()
 
 	// checks that the sidecar beats have sent data in the monitoring clusters
 	// check config secret has correct API_KEYSTORE_PASS value

test/e2e/stack_test.go

@@ -60,12 +60,13 @@ func initialBuildersToUpgrade(t *testing.T, initialVersion string) ([]test.Build
 	ent := enterprisesearch.NewBuilder("ent").
 		WithNodeCount(1).
 		WithVersion(initialVersion). // pre 8.x doesn't require any config, but we change the version after calling
-		WithoutConfig().             // NewBuilder which relies on the version from test.Ctx(), so removing config here
+		WithoutConfig(). // NewBuilder which relies on the version from test.Ctx(), so removing config here
 		WithElasticsearchRef(esRef).
 		WithRestrictedSecurityContext()
 	fb := beat.NewBuilder("fb").
 		WithType(filebeat.Type).
 		WithRoles(beat.AutodiscoverClusterRoleName).
+		WithOpenShiftRoles(test.UseSCCRole).
 		WithVersion(initialVersion).
 		WithElasticsearchRef(esRef).
 		WithKibanaRef(kbRef)
@@ -97,10 +98,11 @@ func TestVersionUpgradeOrdering(t *testing.T) {
 }
 
 func TestVersionUpgradeOrderingWithLogstash(t *testing.T) {
-	initialVersion := "8.6.0"
-	initialBuilders, updatedBuilders, stackVersions := initialBuildersToUpgrade(t, "8.6.0")
+	initialVersion := "8.12.0"
+	initialBuilders, updatedBuilders, stackVersions := initialBuildersToUpgrade(t, initialVersion)
 
 	ls := logstash.NewBuilder("ls").WithVersion(initialVersion).
+		WithRestrictedSecurityContext().
 		WithElasticsearchRefs(
 			// associate logstash to the es ref stored in the stackVersions
 			logstashv1alpha1.ElasticsearchCluster{

test/e2e/test/logstash/builder.go

@@ -51,6 +51,7 @@ func newBuilder(name, randSuffix string) Builder {
 			},
 		},
 	}.
+		WithRestrictedSecurityContext().
 		WithSuffix(randSuffix).
 		WithLabel(run.TestNameLabel, name).
 		WithPodLabel(run.TestNameLabel, name).