Merge pull request #74285 from mourya007/selinux

Adding Selinux test in validation
2019-02-26 14:07:33 -08:00 · 2019-02-26 14:07:33 -08:00 · 3f605a2337
parent 32333b0fc7 3eada575b3
commit 3f605a2337
1 changed files with 31 additions and 0 deletions
--- a/pkg/apis/policy/validation/validation_test.go
+++ b/pkg/apis/policy/validation/validation_test.go
@ -906,3 +906,34 @@ func TestValidatePSPRunAsGroup(t *testing.T) {
 		})
 	}
 }
+
+func TestValidatePSPSELinux(t *testing.T) {
+	var testCases = []struct {
+		name    string
+		selinux policy.SELinuxStrategyOptions
+		fail    bool
+	}{
+		{"SELinuxStrategyMustRunAs",
+			policy.SELinuxStrategyOptions{
+				Rule:           policy.SELinuxStrategyMustRunAs,
+				SELinuxOptions: &api.SELinuxOptions{Level: "s9:z0,z1"}}, false},
+		{"SELinuxStrategyMustRunAs",
+			policy.SELinuxStrategyOptions{
+				Rule:           policy.SELinuxStrategyMustRunAs,
+				SELinuxOptions: &api.SELinuxOptions{Level: "s0"}}, false},
+	}
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			errList := validatePSPSELinux(field.NewPath("Status"), &testCase.selinux)
+			actualErrors := len(errList)
+			expectedErrors := 1
+			if !testCase.fail {
+				expectedErrors = 0
+			}
+			if actualErrors != expectedErrors {
+				t.Errorf("In testCase %v, expected %v errors, got %v errors", testCase.name, expectedErrors, actualErrors)
+			}
+		})
+	}
+
+}