github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 12:43:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #89198 from tanjunchen/cleanup20200318

Browse Source 
e2e/framework: security/ and /service remove direct import /k8s.io/kubernetes/pkg/
This commit is contained in:
Kubernetes Prow Robot 2020-04-01 22:15:05 -07:00 committed by GitHub
commit 1130e8910f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
test/e2e/framework/security/BUILD
View File

@ -6,7 +6,6 @@ go_library(
importpath = "k8s.io/kubernetes/test/e2e/framework/security",
visibility = ["//visibility:public"],
deps = [
"//pkg/security/apparmor:go_default_library",
"//staging/src/k8s.io/api/core/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library",

13
test/e2e/framework/security/apparmor.go
View File

@ -24,7 +24,6 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
clientset "k8s.io/client-go/kubernetes"
"k8s.io/kubernetes/pkg/security/apparmor"
"k8s.io/kubernetes/test/e2e/framework"
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
imageutils "k8s.io/kubernetes/test/utils/image"
@ -37,6 +36,14 @@ const (
loaderLabelKey = "name"
loaderLabelValue = "e2e-apparmor-loader"
// TODO: import this from the k8s.io/api once it's moved there (ref: https://github.com/kubernetes/kubernetes/pull/89198)
// Unconfined profile
profileNameUnconfined = "unconfined"
// TODO: import this from the k8s.io/api once it's moved there (ref: https://github.com/kubernetes/kubernetes/pull/89198)
// The prefix to an annotation key specifying a container profile.
containerAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/"
)
// LoadAppArmorProfiles creates apparmor-profiles ConfigMap and apparmor-loader ReplicationController.
@ -64,7 +71,7 @@ elif [[ $(< /proc/self/attr/current) != "%[3]s" ]]; then
fi`, appArmorDeniedPath, appArmorAllowedPath, appArmorProfilePrefix+nsName)
if unconfined {
profile = apparmor.ProfileNameUnconfined
profile = profileNameUnconfined
testCmd = `
if cat /proc/sysrq-trigger 2>&1 | grep 'Permission denied'; then
echo 'FAILURE: reading /proc/sysrq-trigger should be allowed'
@ -98,7 +105,7 @@ done`, testCmd)
ObjectMeta: metav1.ObjectMeta{
GenerateName: "test-apparmor-",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "test": profile,
containerAnnotationKeyPrefix + "test": profile,
},
Labels: map[string]string{
"test": "apparmor",