github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 19:56:01 +00:00
Code Issues Projects Releases Wiki Activity

e2e/framework:security/ remove direct import /k8s.io/kubernetes/pkg/

Browse Source
This commit is contained in:
tanjunchen 2020-03-31 09:54:43 +08:00
parent a256498ba4
commit 6003ff44e8
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
test/e2e/framework/security/BUILD
View File

@ -6,7 +6,6 @@ go_library(
importpath = "k8s.io/kubernetes/test/e2e/framework/security",
visibility = ["//visibility:public"],
deps = [
"//pkg/security/apparmor:go_default_library",
"//staging/src/k8s.io/api/core/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library",

13
test/e2e/framework/security/apparmor.go
View File

@ -24,7 +24,6 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
clientset "k8s.io/client-go/kubernetes"
"k8s.io/kubernetes/pkg/security/apparmor"
"k8s.io/kubernetes/test/e2e/framework"
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
imageutils "k8s.io/kubernetes/test/utils/image"
@ -37,6 +36,14 @@ const (
loaderLabelKey = "name"
loaderLabelValue = "e2e-apparmor-loader"
// TODO: import this from the k8s.io/api once it's moved there (ref: https://github.com/kubernetes/kubernetes/pull/89198)
// Unconfined profile
profileNameUnconfined = "unconfined"
// TODO: import this from the k8s.io/api once it's moved there (ref: https://github.com/kubernetes/kubernetes/pull/89198)
// The prefix to an annotation key specifying a container profile.
containerAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/"
)
// LoadAppArmorProfiles creates apparmor-profiles ConfigMap and apparmor-loader ReplicationController.
@ -64,7 +71,7 @@ elif [[ $(< /proc/self/attr/current) != "%[3]s" ]]; then
fi`, appArmorDeniedPath, appArmorAllowedPath, appArmorProfilePrefix+nsName)
if unconfined {
profile = apparmor.ProfileNameUnconfined
profile = profileNameUnconfined
testCmd = `
if cat /proc/sysrq-trigger 2>&1 | grep 'Permission denied'; then
echo 'FAILURE: reading /proc/sysrq-trigger should be allowed'
@ -98,7 +105,7 @@ done`, testCmd)
ObjectMeta: metav1.ObjectMeta{
GenerateName: "test-apparmor-",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "test": profile,
containerAnnotationKeyPrefix + "test": profile,
},
Labels: map[string]string{
"test": "apparmor",