Documentation
¶
Overview ¶
Package test contains tests for PodSecurity admission
Index ¶
- func DefaultCreateNamespace(client kubernetes.Interface, name string, labels map[string]string) (*corev1.Namespace, error)
- func GetMinimalValidLinuxPod(level api.Level, version api.Version) (*corev1.Pod, error)
- func GetMinimalValidPod(level api.Level, version api.Version) (*corev1.Pod, error)
- func GetMinimalValidWindowsPod(level api.Level, version api.Version) (*corev1.Pod, error)
- func Run(t *testing.T, opts Options)
- type Options
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultCreateNamespace ¶
func GetMinimalValidLinuxPod ¶ added in v0.25.0
GetMinimalValidLinuxPod returns a minimal valid linux pod for the specified level and version.
func GetMinimalValidPod ¶ added in v0.23.0
GetMinimalValidPod returns a minimal valid OS neutral pod for the specified level and version.
func GetMinimalValidWindowsPod ¶ added in v0.25.0
GetMinimalValidWindowsPod returns a minimal valid windows pod for the specified level and version.
Types ¶
type Options ¶
type Options struct {
// ClientConfig is a client configuration with sufficient permission to create, update, and delete
// namespaces, pods, and pod-template-containing objects.
// Required.
ClientConfig *rest.Config
// Features optionally provides information about which feature gates are enabled.
// This is used to skip failure cases for negative tests of data in alpha/beta fields.
// If unset, all testcases are run.
Features featuregate.FeatureGate
// CreateNamespace is an optional stub for creating a namespace with the given name and labels.
// Returning an error fails the test.
// If nil, DefaultCreateNamespace is used.
CreateNamespace func(client kubernetes.Interface, name string, labels map[string]string) (*corev1.Namespace, error)
// These are the check ids/starting versions to exercise.
// If unset, policy.DefaultChecks() are used.
Checks []policy.Check
// ExemptClient is an optional client interface to exercise behavior of an exempt client.
ExemptClient kubernetes.Interface
// ExemptNamespaces are optional namespaces not expected to have PodSecurity controls enforced.
ExemptNamespaces []string
// ExemptRuntimeClasses are optional runtimeclasses not expected to have PodSecurity controls enforced.
ExemptRuntimeClasses []string
}
Options hold configuration for running integration tests against an existing server.
Source Files
¶
- doc.go
- fixtures.go
- fixtures_allowPrivilegeEscalation.go
- fixtures_appArmorProfile.go
- fixtures_capabilities_baseline.go
- fixtures_capabilities_restricted.go
- fixtures_hostNamespaces.go
- fixtures_hostPathVolumes.go
- fixtures_hostPorts.go
- fixtures_privileged.go
- fixtures_procMount.go
- fixtures_restrictedVolumes.go
- fixtures_runAsNonRoot.go
- fixtures_runAsUser.go
- fixtures_seLinuxOptions.go
- fixtures_seccompProfile_baseline.go
- fixtures_seccompProfile_restricted.go
- fixtures_sysctls.go
- fixtures_windowsHostProcess.go
- helpers.go
- helpers_seccomp.go
- run.go
Click to show internal directories.
Click to hide internal directories.