From 23c9212d67c887377106168c39fd1714cbfc45fe Mon Sep 17 00:00:00 2001 From: Shuting Zhao Date: Tue, 1 Oct 2019 14:53:58 -0700 Subject: [PATCH] fix hostpid/hostipc test runner --- examples/best_practices/policy_validate_hostpid_hosipc.yaml | 4 ++-- .../resources/resource_validate_hostpid_hostipc.yaml | 4 ++-- test/scenarios/test/scenario_validate_hostpid_hostipc.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/best_practices/policy_validate_hostpid_hosipc.yaml b/examples/best_practices/policy_validate_hostpid_hosipc.yaml index f06b9b3785..30f7a6abf2 100644 --- a/examples/best_practices/policy_validate_hostpid_hosipc.yaml +++ b/examples/best_practices/policy_validate_hostpid_hosipc.yaml @@ -15,7 +15,7 @@ spec: - Pod validate: message: "Disallow use of host's pid namespace and host's ipc namespace" - anyPattern: - - spec: + pattern: + spec: hostPID: false hostIPC: false diff --git a/examples/best_practices/resources/resource_validate_hostpid_hostipc.yaml b/examples/best_practices/resources/resource_validate_hostpid_hostipc.yaml index 0fcd69d6ee..cd97c891ec 100644 --- a/examples/best_practices/resources/resource_validate_hostpid_hostipc.yaml +++ b/examples/best_practices/resources/resource_validate_hostpid_hostipc.yaml @@ -3,8 +3,8 @@ kind: Pod metadata: name: nginx-with-hostpid spec: - hostPID: true - hostIPC: false + hostPID: false + hostIPC: true containers: - name: nginx image: nginx diff --git a/test/scenarios/test/scenario_validate_hostpid_hostipc.yaml b/test/scenarios/test/scenario_validate_hostpid_hostipc.yaml index 81ffd13f24..78ab9ddc28 100644 --- a/test/scenarios/test/scenario_validate_hostpid_hostipc.yaml +++ b/test/scenarios/test/scenario_validate_hostpid_hostipc.yaml @@ -14,5 +14,5 @@ expected: rules: - name: validate-hostpid-hostipc type: Validation - message: Validation rule 'validate-hostpid-hostipc' failed to validate patterns defined in anyPattern. Disallow use of host's pid namespace and host's ipc namespace; anyPattern[0] failed at path /spec/hostIPC/ + message: Validation rule 'validate-hostpid-hostipc' failed at '/spec/hostIPC/' for resource Pod//nginx-with-hostpid. Disallow use of host's pid namespace and host's ipc namespace success: false \ No newline at end of file