From ba3fdea40387ddcf2bbacc4793877c364c9a0fc4 Mon Sep 17 00:00:00 2001
From: Paige Patton <64206430+paigerube14@users.noreply.github.com>
Date: Mon, 15 Dec 2025 11:46:48 -0500
Subject: [PATCH] adding pvc ttests (#1000)

Signed-off-by: Paige Patton <prubenda@redhat.com>
---
 .github/workflows/tests.yml              |  5 +++-
 CI/legacy/scenarios/volume_scenario.yaml | 38 +++++++++++++++++++++---
 CI/tests/test_pvc.sh                     | 18 +++++++++++
 scenarios/kind/pvc_scenario.yaml         |  7 +++++
 4 files changed, 63 insertions(+), 5 deletions(-)
 create mode 100755 CI/tests/test_pvc.sh
 create mode 100644 scenarios/kind/pvc_scenario.yaml

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index d774b666..c943deb0 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -67,6 +67,8 @@ jobs:
           kubectl wait --for=condition=ready pod -l scenario=time-skew --timeout=300s
           kubectl apply -f CI/templates/service_hijacking.yaml
           kubectl wait --for=condition=ready pod -l "app.kubernetes.io/name=proxy" --timeout=300s
+          kubectl apply -f CI/legacy/scenarios/volume_scenario.yaml
+          kubectl wait --for=condition=ready pod kraken-test-pod -n kraken --timeout=300s
       - name: Get Kind nodes
         run: |
           kubectl get nodes --show-labels=true
@@ -99,6 +101,7 @@ jobs:
             echo "test_io_hog" >> ./CI/tests/functional_tests
             echo "test_pod_network_filter" >> ./CI/tests/functional_tests
             echo "test_pod_server" >> ./CI/tests/functional_tests
+            echo "test_pvc" >> ./CI/tests/functional_tests
 
       # Push on main only steps + all other functional to collect coverage
       # for the badge
@@ -135,7 +138,7 @@ jobs:
           echo "test_io_hog" >> ./CI/tests/functional_tests
           echo "test_pod_network_filter" >> ./CI/tests/functional_tests
           echo "test_pod_server" >> ./CI/tests/functional_tests
-
+          echo "test_pvc" >> ./CI/tests/functional_tests
       # Final common steps
       - name: Run Functional tests
         env:
diff --git a/CI/legacy/scenarios/volume_scenario.yaml b/CI/legacy/scenarios/volume_scenario.yaml
index 2ea0b476..3b261bcb 100644
--- a/CI/legacy/scenarios/volume_scenario.yaml
+++ b/CI/legacy/scenarios/volume_scenario.yaml
@@ -45,6 +45,31 @@ metadata:
   name: kraken-test-pod
   namespace: kraken
 spec:
+  securityContext:
+    fsGroup: 1001
+  # initContainer to fix permissions on the mounted volume
+  initContainers:
+    - name: fix-permissions
+      image: 'quay.io/centos7/httpd-24-centos7:centos7'
+      command:
+        - sh
+        - -c
+        - |
+          echo "Setting up permissions for /home/kraken..."
+          # Create the directory if it doesn't exist
+          mkdir -p /home/kraken
+          # Set ownership to user 1001 and group 1001
+          chown -R 1001:1001 /home/kraken
+          # Set permissions to allow read/write
+          chmod -R 755 /home/kraken
+          rm -rf /home/kraken/*
+          echo "Permissions fixed. Current state:"
+          ls -la /home/kraken
+      volumeMounts:
+        - mountPath: "/home/kraken"
+          name: kraken-test-pv
+      securityContext:
+        runAsUser: 0  # Run as root to fix permissions
   volumes:
     - name: kraken-test-pv
       persistentVolumeClaim:
@@ -52,8 +77,13 @@ spec:
   containers:
     - name: kraken-test-container
       image: 'quay.io/centos7/httpd-24-centos7:centos7'
-      volumeMounts:
-        - mountPath: "/home/krake-dir/"
-          name: kraken-test-pv
       securityContext:
-        privileged: true
+        runAsUser: 1001
+        runAsNonRoot: true
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
+      volumeMounts:
+        - mountPath: "/home/kraken"
+          name: kraken-test-pv
diff --git a/CI/tests/test_pvc.sh b/CI/tests/test_pvc.sh
new file mode 100755
index 00000000..c115716d
--- /dev/null
+++ b/CI/tests/test_pvc.sh
@@ -0,0 +1,18 @@
+set -xeEo pipefail
+
+source CI/tests/common.sh
+
+trap error ERR
+trap finish EXIT
+
+function functional_test_pvc_fill {
+  export scenario_type="pvc_scenarios"
+  export scenario_file="scenarios/kind/pvc_scenario.yaml"
+  export post_config=""
+  envsubst < CI/config/common_test_config.yaml > CI/config/pvc_config.yaml
+  cat CI/config/pvc_config.yaml
+  python3 -m coverage run -a run_kraken.py -c CI/config/pvc_config.yaml --debug True
+  echo "PVC Fill scenario test: Success"
+}
+
+functional_test_pvc_fill
diff --git a/scenarios/kind/pvc_scenario.yaml b/scenarios/kind/pvc_scenario.yaml
new file mode 100644
index 00000000..9385ced9
--- /dev/null
+++ b/scenarios/kind/pvc_scenario.yaml
@@ -0,0 +1,7 @@
+pvc_scenario:
+  pvc_name: kraken-test-pvc         # Name of the target PVC
+  pod_name: kraken-test-pod      # Name of the pod where the PVC is mounted, it will be ignored if the pvc_name is defined
+  namespace: kraken  # Namespace where the PVC is
+  fill_percentage: 38           # Target percentage to fill up the cluster, value must be higher than current percentage, valid values are between 0 and 99
+  duration: 10                  # Duration in seconds for the fault
+  block_size: 102400            # used only by dd if fallocate not present in the container