mirror of
https://github.com/k3s-io/kubernetes.git
synced 2026-01-04 23:17:50 +00:00
api changes for psp runasgroup policy
This commit is contained in:
Mayank Kumar
@@ -242,6 +242,9 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
|
||||
RunAsUser: policy.RunAsUserStrategyOptions{
|
||||
Rule: policy.RunAsUserStrategyRunAsAny,
|
||||
},
|
||||
RunAsGroup: &policy.RunAsGroupStrategyOptions{
|
||||
Rule: policy.RunAsGroupStrategyRunAsAny,
|
||||
},
|
||||
FSGroup: policy.FSGroupStrategyOptions{
|
||||
Rule: policy.FSGroupStrategyRunAsAny,
|
||||
},
|
||||
@@ -259,12 +262,18 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
|
||||
noUserOptions := validPSP()
|
||||
noUserOptions.Spec.RunAsUser.Rule = ""
|
||||
|
||||
noGroupOptions := validPSP()
|
||||
noGroupOptions.Spec.RunAsGroup.Rule = ""
|
||||
|
||||
noSELinuxOptions := validPSP()
|
||||
noSELinuxOptions.Spec.SELinux.Rule = ""
|
||||
|
||||
invalidUserStratType := validPSP()
|
||||
invalidUserStratType.Spec.RunAsUser.Rule = "invalid"
|
||||
|
||||
invalidGroupStratType := validPSP()
|
||||
invalidGroupStratType.Spec.RunAsGroup.Rule = "invalid"
|
||||
|
||||
invalidSELinuxStratType := validPSP()
|
||||
invalidSELinuxStratType.Spec.SELinux.Rule = "invalid"
|
||||
|
||||
@@ -272,6 +281,10 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
|
||||
invalidUIDPSP.Spec.RunAsUser.Rule = policy.RunAsUserStrategyMustRunAs
|
||||
invalidUIDPSP.Spec.RunAsUser.Ranges = []policy.IDRange{{Min: -1, Max: 1}}
|
||||
|
||||
invalidGIDPSP := validPSP()
|
||||
invalidGIDPSP.Spec.RunAsGroup.Rule = policy.RunAsGroupStrategyMustRunAs
|
||||
invalidGIDPSP.Spec.RunAsGroup.Ranges = []policy.IDRange{{Min: -1, Max: 1}}
|
||||
|
||||
missingObjectMetaName := validPSP()
|
||||
missingObjectMetaName.ObjectMeta.Name = ""
|
||||
|
||||
@@ -382,6 +395,11 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
|
||||
errorType: field.ErrorTypeNotSupported,
|
||||
errorDetail: `supported values: "MustRunAs", "MustRunAsNonRoot", "RunAsAny"`,
|
||||
},
|
||||
"no group options": {
|
||||
psp: noGroupOptions,
|
||||
errorType: field.ErrorTypeNotSupported,
|
||||
errorDetail: `supported values: "MustRunAs", "RunAsAny", "MayRunAs"`,
|
||||
},
|
||||
"no selinux options": {
|
||||
psp: noSELinuxOptions,
|
||||
errorType: field.ErrorTypeNotSupported,
|
||||
@@ -402,6 +420,11 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
|
||||
errorType: field.ErrorTypeNotSupported,
|
||||
errorDetail: `supported values: "MustRunAs", "MustRunAsNonRoot", "RunAsAny"`,
|
||||
},
|
||||
"invalid group strategy type": {
|
||||
psp: invalidGroupStratType,
|
||||
errorType: field.ErrorTypeNotSupported,
|
||||
errorDetail: `supported values: "MustRunAs", "RunAsAny", "MayRunAs"`,
|
||||
},
|
||||
"invalid selinux strategy type": {
|
||||
psp: invalidSELinuxStratType,
|
||||
errorType: field.ErrorTypeNotSupported,
|
||||
@@ -422,6 +445,11 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
|
||||
errorType: field.ErrorTypeInvalid,
|
||||
errorDetail: "min cannot be negative",
|
||||
},
|
||||
"invalid gid": {
|
||||
psp: invalidGIDPSP,
|
||||
errorType: field.ErrorTypeInvalid,
|
||||
errorDetail: "min cannot be negative",
|
||||
},
|
||||
"missing object meta name": {
|
||||
psp: missingObjectMetaName,
|
||||
errorType: field.ErrorTypeRequired,
|
||||
@@ -680,6 +708,9 @@ func TestValidatePSPVolumes(t *testing.T) {
|
||||
RunAsUser: policy.RunAsUserStrategyOptions{
|
||||
Rule: policy.RunAsUserStrategyRunAsAny,
|
||||
},
|
||||
RunAsGroup: &policy.RunAsGroupStrategyOptions{
|
||||
Rule: policy.RunAsGroupStrategyRunAsAny,
|
||||
},
|
||||
FSGroup: policy.FSGroupStrategyOptions{
|
||||
Rule: policy.FSGroupStrategyRunAsAny,
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user