Fix OperatorAutomountTokens reversed result (#2381)

* Fix OperatorAutomountTokens reversed result * fix expected results
redhat-best-practices-for-k8s · Aug 28, 2024 · 40a76a8 · 40a76a8
1 parent 8fc3751
commit 40a76a8
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/expected_results.yaml b/expected_results.yaml
@@ -55,7 +55,6 @@ testCases:
     - observability-crd-status
     - observability-pod-disruption-budget
     - observability-termination-policy
-    - operator-automount-tokens
     - operator-crd-openapi-schema
     - operator-crd-versioning
     - operator-install-source
@@ -73,6 +72,7 @@ testCases:
     - affiliated-certification-container-is-certified-digest # test container image is not certified
     - operator-read-only-file-system
     - operator-run-as-non-root
+    - operator-automount-tokens
   skip:
     - access-control-sys-ptrace-capability
     - affiliated-certification-helm-version

diff --git a/tests/operator/suite.go b/tests/operator/suite.go
@@ -429,7 +429,7 @@ func testOperatorPodsAutomountTokens(check *checksdb.Check, env *provider.TestEn
 			// Evaluate the pod's automount service tokens and any attached service accounts
 			client := clientsholder.GetClientsHolder()
 			podPassed, newMsg := rbac.EvaluateAutomountTokens(client.K8sClient.CoreV1(), pod)
-			if !podPassed {
+			if podPassed {
 				check.LogInfo("Pod %q in namespace %q has automount service account token set to false", pod.Name, pod.Namespace)
 				compliantObjects = append(compliantObjects, testhelper.NewPodReportObject(pod.Namespace, pod.Name, "Pod has automount service account token set to false", true))
 			} else {