github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 09:22:44 +00:00
Code Issues Projects Releases Wiki Activity

A policy with 0 rules should return an error

Browse Source
This commit is contained in:
Chao Wang 2017-09-08 20:02:03 +08:00
parent 034c40be6f
commit 0ad4282fd0
2 changed files with 46 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go
View File

@ -49,6 +49,10 @@ func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error) {
return nil, err.ToAggregate() return nil, err.ToAggregate()
} }
glog.V(4).Infof("Loaded %d audit policy rules from file %s\n", len(policy.Rules), filePath) policyCnt := len(policy.Rules)
if policyCnt == 0 {
return nil, fmt.Errorf("loaded illegal policy with 0 rules from file %s", filePath)
}
glog.V(4).Infof("Loaded %d audit policy rules from file %s", policyCnt, filePath)
return policy, nil return policy, nil
} }

58
staging/src/k8s.io/apiserver/pkg/audit/policy/reader_test.go
View File

@ -32,7 +32,7 @@ import (
) )
const policyDefV1alpha1 = ` const policyDefV1alpha1 = `
apiVersion: audit.k8s.io/v1beta1 apiVersion: audit.k8s.io/v1alpha1
kind: Policy kind: Policy
rules: rules:
- level: None - level: None
@ -91,16 +91,11 @@ var expectedPolicy = &audit.Policy{
} }
func TestParserV1alpha1(t *testing.T) { func TestParserV1alpha1(t *testing.T) {
// Create a policy file. f, err := writePolicy(policyDefV1alpha1, t)
f, err := ioutil.TempFile("", "policy.yaml")
require.NoError(t, err) require.NoError(t, err)
defer os.Remove(f.Name()) defer os.Remove(f)
_, err = f.WriteString(policyDefV1alpha1) policy, err := LoadPolicyFromFile(f)
require.NoError(t, err)
require.NoError(t, f.Close())
policy, err := LoadPolicyFromFile(f.Name())
require.NoError(t, err) require.NoError(t, err)
assert.Len(t, policy.Rules, 3) // Sanity check. assert.Len(t, policy.Rules, 3) // Sanity check.
@ -110,16 +105,11 @@ func TestParserV1alpha1(t *testing.T) {
} }
func TestParserV1beta1(t *testing.T) { func TestParserV1beta1(t *testing.T) {
// Create a policy file. f, err := writePolicy(policyDefV1beta1, t)
f, err := ioutil.TempFile("", "policy.yaml")
require.NoError(t, err) require.NoError(t, err)
defer os.Remove(f.Name()) defer os.Remove(f)
_, err = f.WriteString(policyDefV1beta1) policy, err := LoadPolicyFromFile(f)
require.NoError(t, err)
require.NoError(t, f.Close())
policy, err := LoadPolicyFromFile(f.Name())
require.NoError(t, err) require.NoError(t, err)
assert.Len(t, policy.Rules, 3) // Sanity check. assert.Len(t, policy.Rules, 3) // Sanity check.
@ -127,3 +117,37 @@ func TestParserV1beta1(t *testing.T) {
t.Errorf("Unexpected policy! Diff:\n%s", diff.ObjectDiff(policy, expectedPolicy)) t.Errorf("Unexpected policy! Diff:\n%s", diff.ObjectDiff(policy, expectedPolicy))
} }
} }
func TestPolicyCntCheck(t *testing.T) {
//a set of testCases
var testCases = []struct {
caseName, policy string
}{
{
"policyWithNoRule",
`apiVersion: audit.k8s.io/v1beta1
kind: Policy`,
},
{"emptyPolicyFile", ""},
}
for _, tc := range testCases {
f, err := writePolicy(tc.policy, t)
require.NoError(t, err)
defer os.Remove(f)
_, err = LoadPolicyFromFile(f)
assert.Errorf(t, err, "loaded illegal policy with 0 rules from testCase %s", tc.caseName)
}
}
func writePolicy(policy string, t *testing.T) (string, error) {
f, err := ioutil.TempFile("", "policy.yaml")
require.NoError(t, err)
_, err = f.WriteString(policy)
require.NoError(t, err)
require.NoError(t, f.Close())
return f.Name(), nil
}