Add helper functions for generating security policy and setup CRI tests #1309
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
anmaxvl
force-pushed
the
security-policy-test-utilities
branch
from
d390d07
to
f3ed7f0
Compare
Split dev tool logic to create security policy into several helper functions, which can be reused in other places, e.g., integration tests. Create a small helpers package under internal/tools/securitypolicy, which hosts the above functions. Another option would be to put these functions into securitypolicy package, however the dev-tool does network requests, which didn't look like a good dependency to add for the securitypolicy package itself, since creating a policy by itself doesn't require any network access, given that caller knows all the necessary information, mainly root hashes. Add simple integration tests for running a pod with container and security policy passed via annotations. Signed-off-by: Maksim An <maksiman@microsoft.com>
anmaxvl
force-pushed
the
security-policy-test-utilities
branch
from
f3ed7f0
to
22bb051
Compare
dcantah
reviewed
Mar 9, 2022
dcantah
approved these changes
Mar 9, 2022
Signed-off-by: Maksim An <maksiman@microsoft.com>
princepereira
pushed a commit
to princepereira/hcsshim
that referenced
this pull request
Aug 29, 2024
…ts (microsoft#1309) Split dev tool logic to create security policy into several helper functions, which can be reused in other places, e.g., integration tests. Create a small helpers package under internal/tools/securitypolicy, which hosts the above functions. Another option would be to put these functions into securitypolicy package, however the dev-tool does network requests, which didn't look like a good dependency to add for the securitypolicy package itself, since creating a policy by itself doesn't require any network access, given that caller knows all the necessary information, mainly root hashes. Add simple integration tests for running a pod with container and security policy passed via annotations. Signed-off-by: Maksim An <maksiman@microsoft.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Split dev tool logic to create security policy into several helper
functions, which can be reused in other places, e.g., integration tests.
Create a small helpers package under internal/tools/securitypolicy,
which hosts the above functions. Another option would be to put these
functions into securitypolicy package, however the dev-tool does
network requests, which didn't look like a good dependency to add for
the securitypolicy package itself, since creating a policy by itself
doesn't require any network access, given that caller knows all the
necessary information, mainly root hashes.
Add simple integration tests for running a pod with container and
security policy passed via annotations.
Signed-off-by: Maksim An maksiman@microsoft.com