(t *testing.T)
| 163 | } |
| 164 | |
| 165 | func TestInvalidPIDPod(t *testing.T) { |
| 166 | c := conf.Configuration{ |
| 167 | Checks: map[string]conf.Severity{ |
| 168 | "hostIPCSet": conf.SeverityDanger, |
| 169 | "hostPIDSet": conf.SeverityDanger, |
| 170 | "hostNetworkSet": conf.SeverityWarning, |
| 171 | "hostPortSet": conf.SeverityDanger, |
| 172 | }, |
| 173 | } |
| 174 | |
| 175 | p := test.MockPod() |
| 176 | p.Spec.HostPID = true |
| 177 | workload, err := kube.NewGenericResourceFromPod(p, nil) |
| 178 | assert.NoError(t, err) |
| 179 | expectedSum := CountSummary{ |
| 180 | Successes: uint(3), |
| 181 | Warnings: uint(0), |
| 182 | Dangers: uint(1), |
| 183 | } |
| 184 | |
| 185 | expectedResults := ResultSet{ |
| 186 | "hostPIDSet": {ID: "hostPIDSet", Message: "Host PID should not be configured", Success: false, Severity: "danger", Category: "Security"}, |
| 187 | "hostIPCSet": {ID: "hostIPCSet", Message: "Host IPC is not configured", Success: true, Severity: "danger", Category: "Security"}, |
| 188 | "hostNetworkSet": {ID: "hostNetworkSet", Message: "Host network is not configured", Success: true, Severity: "warning", Category: "Security"}, |
| 189 | } |
| 190 | |
| 191 | actualPodResult, err := applyControllerSchemaChecks(context.Background(), &c, nil, workload) |
| 192 | if err != nil { |
| 193 | panic(err) |
| 194 | } |
| 195 | |
| 196 | assert.Equal(t, 1, len(actualPodResult.PodResult.ContainerResults), "should be equal") |
| 197 | assert.EqualValues(t, expectedSum, actualPodResult.GetSummary()) |
| 198 | assert.EqualValues(t, expectedResults, actualPodResult.PodResult.Results) |
| 199 | } |
| 200 | |
| 201 | func TestExemption(t *testing.T) { |
| 202 | c := conf.Configuration{ |
nothing calls this directly
no test coverage detected