github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-04 23:17:50 +00:00
Code Issues Projects Releases Wiki Activity

'*' is valid for allowed seccomp profiles

Browse Source
This commit is contained in:
Tim Allclair
2017-09-11 11:47:03 -07:00
parent db809c0eb7
commit 49a38728aa
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/apis/extensions/validation/validation_test.go
View File

@@ -2496,6 +2496,10 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
invalidSeccompDefault.Annotations = map[string]string{
seccomp.DefaultProfileAnnotationKey: "not-good",
}
invalidSeccompAllowAnyDefault := validPSP()
invalidSeccompAllowAnyDefault.Annotations = map[string]string{
seccomp.DefaultProfileAnnotationKey: "*",
}
invalidSeccompAllowed := validPSP()
invalidSeccompAllowed.Annotations = map[string]string{
seccomp.AllowedProfilesAnnotationKey: "docker/default,not-good",
@@ -2616,6 +2620,11 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
errorType: field.ErrorTypeInvalid,
errorDetail: "must be a valid seccomp profile",
},
"invalid seccomp allow any default profile": {
psp: invalidSeccompAllowAnyDefault,
errorType: field.ErrorTypeInvalid,
errorDetail: "must be a valid seccomp profile",
},
"invalid seccomp allowed profile": {
psp: invalidSeccompAllowed,
errorType: field.ErrorTypeInvalid,
@@ -2707,7 +2716,7 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
validSeccomp := validPSP()
validSeccomp.Annotations = map[string]string{
seccomp.DefaultProfileAnnotationKey: "docker/default",
seccomp.AllowedProfilesAnnotationKey: "docker/default,unconfined,localhost/foo",
seccomp.AllowedProfilesAnnotationKey: "docker/default,unconfined,localhost/foo,*",
}
validDefaultAllowPrivilegeEscalation := validPSP()