forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathutil.go
62 lines (57 loc) · 1.74 KB
/
util.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package testing
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
kapi "k8s.io/kubernetes/pkg/apis/core"
allocator "github.com/openshift/origin/pkg/security"
securityapi "github.com/openshift/origin/pkg/security/apis/security"
)
// CreateSAForTest Build and Initializes a ServiceAccount for tests
func CreateSAForTest() *kapi.ServiceAccount {
return &kapi.ServiceAccount{
ObjectMeta: metav1.ObjectMeta{
Name: "default",
Namespace: "default",
},
}
}
// CreateNamespaceForTest builds and initializes a Namespaces for tests
func CreateNamespaceForTest() *kapi.Namespace {
return &kapi.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: "default",
Annotations: map[string]string{
allocator.UIDRangeAnnotation: "1/3",
allocator.MCSAnnotation: "s0:c1,c0",
allocator.SupplementalGroupsAnnotation: "2/3",
},
},
}
}
// UserScc creates a SCC for a given user name
func UserScc(user string) *securityapi.SecurityContextConstraints {
var uid int64 = 9999
fsGroup := int64(1)
return &securityapi.SecurityContextConstraints{
ObjectMeta: metav1.ObjectMeta{
SelfLink: "/api/version/securitycontextconstraints/" + user,
Name: user,
},
Users: []string{user},
SELinuxContext: securityapi.SELinuxContextStrategyOptions{
Type: securityapi.SELinuxStrategyRunAsAny,
},
RunAsUser: securityapi.RunAsUserStrategyOptions{
Type: securityapi.RunAsUserStrategyMustRunAs,
UID: &uid,
},
FSGroup: securityapi.FSGroupStrategyOptions{
Type: securityapi.FSGroupStrategyMustRunAs,
Ranges: []securityapi.IDRange{
{Min: fsGroup, Max: fsGroup},
},
},
SupplementalGroups: securityapi.SupplementalGroupsStrategyOptions{
Type: securityapi.SupplementalGroupsStrategyRunAsAny,
},
}
}