Rename to capabilities_restricted

This commit is contained in:
Jordan Liggitt 2021-07-07 10:46:52 -04:00
parent 08608a24f1
commit 250f47a45c
2 changed files with 8 additions and 8 deletions

View File

@ -33,25 +33,25 @@ const (
)
func init() {
addCheck(CheckDropCapabilities)
addCheck(CheckCapabilitiesRestricted)
}
// CheckDropCapabilities returns a restricted level check
// that ensures all capabilities are dropped in 1.22+
func CheckDropCapabilities() Check {
// CheckCapabilitiesRestricted returns a restricted level check
// that ensures ALL capabilities are dropped in 1.22+
func CheckCapabilitiesRestricted() Check {
return Check{
ID: "dropCapabilities",
ID: "capabilities_restricted",
Level: api.LevelRestricted,
Versions: []VersionedCheck{
{
MinimumVersion: api.MajorMinorVersion(1, 22),
CheckPod: dropCapabilities_1_22,
CheckPod: capabilitiesRestricted_1_22,
},
},
}
}
func dropCapabilities_1_22(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult {
func capabilitiesRestricted_1_22(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult {
var (
containersMissingDropAll []string
containersAddingForbidden []string

View File

@ -90,7 +90,7 @@ func init() {
}
registerFixtureGenerator(
fixtureKey{level: api.LevelRestricted, version: api.MajorMinorVersion(1, 22), check: "dropCapabilities"},
fixtureKey{level: api.LevelRestricted, version: api.MajorMinorVersion(1, 22), check: "capabilities_restricted"},
fixtureData_1_22,
)
}