MCPcopy
hub / github.com/FairwindsOps/polaris / TestExemption

Function TestExemption

pkg/validator/pod_test.go:201–242  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

199}
200
201func TestExemption(t *testing.T) {
202 c := conf.Configuration{
203 Checks: map[string]conf.Severity{
204 "hostIPCSet": conf.SeverityDanger,
205 "hostNetworkSet": conf.SeverityWarning,
206 "hostPIDSet": conf.SeverityDanger,
207 "hostPortSet": conf.SeverityDanger,
208 },
209 Exemptions: []conf.Exemption{
210 {
211 Rules: []string{"hostIPCSet"},
212 ControllerNames: []string{"foo"},
213 },
214 },
215 }
216
217 p := test.MockPod()
218 p.Spec.HostIPC = true
219 p.ObjectMeta = metav1.ObjectMeta{
220 Name: "foo",
221 }
222 workload, err := kube.NewGenericResourceFromPod(p, nil)
223 assert.NoError(t, err)
224 expectedSum := CountSummary{
225 Successes: uint(3),
226 Warnings: uint(0),
227 Dangers: uint(0),
228 }
229 expectedResults := ResultSet{
230 "hostNetworkSet": {ID: "hostNetworkSet", Message: "Host network is not configured", Success: true, Severity: "warning", Category: "Security"},
231 "hostPIDSet": {ID: "hostPIDSet", Message: "Host PID is not configured", Success: true, Severity: "danger", Category: "Security"},
232 }
233
234 actualPodResult, err := applyControllerSchemaChecks(context.Background(), &c, nil, workload)
235 if err != nil {
236 panic(err)
237 }
238
239 assert.Equal(t, 1, len(actualPodResult.PodResult.ContainerResults), "should be equal")
240 assert.EqualValues(t, expectedSum, actualPodResult.GetSummary())
241 assert.EqualValues(t, expectedResults, actualPodResult.PodResult.Results)
242}

Callers

nothing calls this directly

Calls 4

MockPodFunction · 0.92
GetSummaryMethod · 0.45

Tested by

no test coverage detected