From a24b752e05801478f9ce110c45bdba54c5095edc Mon Sep 17 00:00:00 2001
From: Gerlando Falauto <gerlando.falauto@sysdig.com>
Date: Wed, 18 Dec 2024 14:29:29 +0100
Subject: [PATCH] add unit tests

---
 .../openshift-securitycontextconstraint_test.yaml | 15 +++++++++++++++
 .../openshift-securitycontextconstraint_test.yaml | 15 +++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/charts/shield/tests/cluster/openshift-securitycontextconstraint_test.yaml b/charts/shield/tests/cluster/openshift-securitycontextconstraint_test.yaml
index 39f72d163..6e0165cb6 100644
--- a/charts/shield/tests/cluster/openshift-securitycontextconstraint_test.yaml
+++ b/charts/shield/tests/cluster/openshift-securitycontextconstraint_test.yaml
@@ -26,3 +26,18 @@ tests:
       - contains:
           path: users
           content: "system:serviceaccount:shield-namespace:release-name-shield-cluster"
+
+  - it: Creates SecurityContextConstraints when the extraCapability has been set
+    set:
+      extra_capabilities_api_versions:
+        - security.openshift.io/v1
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: SecurityContextConstraints
+          apiVersion: security.openshift.io/v1
+          name: release-name-shield-cluster
+      - contains:
+          path: users
+          content: "system:serviceaccount:shield-namespace:release-name-shield-cluster"
diff --git a/charts/shield/tests/host/openshift-securitycontextconstraint_test.yaml b/charts/shield/tests/host/openshift-securitycontextconstraint_test.yaml
index 0cf896fcb..3fe020875 100644
--- a/charts/shield/tests/host/openshift-securitycontextconstraint_test.yaml
+++ b/charts/shield/tests/host/openshift-securitycontextconstraint_test.yaml
@@ -27,6 +27,21 @@ tests:
           path: users
           content: "system:serviceaccount:shield-namespace:release-name-shield-host"
 
+  - it: Creates SecurityContextConstraints when the extraCapability has been set
+    set:
+      extra_capabilities_api_versions:
+        - security.openshift.io/v1
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: SecurityContextConstraints
+          apiVersion: security.openshift.io/v1
+          name: release-name-shield-host
+      - contains:
+          path: users
+          content: "system:serviceaccount:shield-namespace:release-name-shield-host"
+
   - it: SecurityContextConstraints allowedCapabilities is empty when host.privileged is true
     capabilities:
       apiVersions: