From 0fe5a065ddce944fb8e64fa3952a0d05dd32a1f2 Mon Sep 17 00:00:00 2001 From: Shuting Zhao Date: Mon, 9 Sep 2019 15:06:54 -0700 Subject: [PATCH] add validate_hostpath testrunner --- .../resources/resource_validate_host_path.yaml | 18 ++++++++++++++++++ pkg/testrunner/testrunner_test.go | 4 ++++ .../test/scenario_validate_host_path.yaml | 18 ++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 examples/best_practices/resources/resource_validate_host_path.yaml create mode 100644 test/scenarios/test/scenario_validate_host_path.yaml diff --git a/examples/best_practices/resources/resource_validate_host_path.yaml b/examples/best_practices/resources/resource_validate_host_path.yaml new file mode 100644 index 0000000000..91f5e7a998 --- /dev/null +++ b/examples/best_practices/resources/resource_validate_host_path.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Pod +metadata: + name: image-with-hostpath + labels: + app.type: prod + namespace: "my-namespace" +spec: + containers: + - name: image-with-hostpath + image: docker.io/nautiker/curl + volumeMounts: + - name: var-lib-etcd + mountPath: /var/lib + volumes: + - name: var-lib-etcd + hostPath: + path: /var/lib \ No newline at end of file diff --git a/pkg/testrunner/testrunner_test.go b/pkg/testrunner/testrunner_test.go index a8e0152edd..c0f75a170b 100644 --- a/pkg/testrunner/testrunner_test.go +++ b/pkg/testrunner/testrunner_test.go @@ -83,3 +83,7 @@ func Test_mutate_pod_disable_automoutingapicred_pass(t *testing.T) { func Test_validate_default_namespace(t *testing.T) { testScenario(t, "test/scenarios/test/scenario_validate_default_namespace.yaml") } + +func Test_validate_host_path(t *testing.T) { + testScenario(t, "test/scenarios/test/scenario_validate_host_path.yaml") +} diff --git a/test/scenarios/test/scenario_validate_host_path.yaml b/test/scenarios/test/scenario_validate_host_path.yaml new file mode 100644 index 0000000000..ef78123675 --- /dev/null +++ b/test/scenarios/test/scenario_validate_host_path.yaml @@ -0,0 +1,18 @@ +# file path relative to project root +input: + policy: examples/best_practices/policy_validate_host_path.yaml + resource: examples/best_practices/resources/resource_validate_host_path.yaml +expected: + validation: + policyresponse: + policy: validate-host-path + resource: + kind: Pod + apiVersion: v1 + namespace: '' + name: "image-with-hostpath" + rules: + - name: validate-host-path + type: Validation + message: Validation rule 'validate-host-path' failed at '/spec/volumes/0/hostPath/path/' for resource Pod//image-with-hostpath. Host path '/var/lib/' is not allowed + success: false \ No newline at end of file