github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-13 21:25:09 +00:00
Code Issues Projects Releases Wiki Activity

Complete sysctl PSP tests

Browse Source
This commit is contained in:
Dr. Stefan Schimanski
2016-09-30 09:11:46 +02:00
parent a62a64550c
commit 4cc1e63856
1 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
View File

@@ -1106,6 +1106,38 @@ func TestAdmitSysctls(t *testing.T) {
psps: []*extensions.PodSecurityPolicy{emptySysctls},
shouldPass: false,
},
"pod with unsafe sysctls a, b request disallowed under aSysctls SCC": {
pod: podWithSysctls([]string{}, []string{"a", "b"}),
psps: []*extensions.PodSecurityPolicy{aSysctl},
shouldPass: false,
},
"pod with unsafe sysctls b request disallowed under aSysctls SCC": {
pod: podWithSysctls([]string{}, []string{"b"}),
psps: []*extensions.PodSecurityPolicy{aSysctl},
shouldPass: false,
},
"pod with unsafe sysctls a request allowed under aSysctls SCC": {
pod: podWithSysctls([]string{}, []string{"a"}),
psps: []*extensions.PodSecurityPolicy{aSysctl},
shouldPass: true,
expectedPSP: aSysctl.Name,
},
"pod with safe sysctls a, b request disallowed under aSysctls SCC": {
pod: podWithSysctls([]string{"a", "b"}, []string{}),
psps: []*extensions.PodSecurityPolicy{aSysctl},
shouldPass: false,
},
"pod with safe sysctls b request disallowed under aSysctls SCC": {
pod: podWithSysctls([]string{"b"}, []string{}),
psps: []*extensions.PodSecurityPolicy{aSysctl},
shouldPass: false,
},
"pod with safe sysctls a request allowed under aSysctls SCC": {
pod: podWithSysctls([]string{"a"}, []string{}),
psps: []*extensions.PodSecurityPolicy{aSysctl},
shouldPass: true,
expectedPSP: aSysctl.Name,
},
"pod with unsafe sysctls request disallowed under emptySysctls PSP": {
pod: podWithSysctls([]string{}, []string{"a", "b"}),
psps: []*extensions.PodSecurityPolicy{emptySysctls},