Commit 4a72b32d authored by Kubernetes Submit Queue's avatar Kubernetes Submit Queue Committed by GitHub

Merge pull request #51782 from charrywanganthony/audit-1

Automatic merge from submit-queue (batch tested with PRs 51900, 51782, 52030) A policy with 0 rules should return an error **Which issue this PR fixes** [isuue#51565](https://github.com/kubernetes/kubernetes/issues/51565) **Release note**: ``` An audit policy file with 0 rule returns an error. ```
parents 63d6bdb5 0ad4282f
...@@ -49,6 +49,10 @@ func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error) { ...@@ -49,6 +49,10 @@ func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error) {
return nil, err.ToAggregate() return nil, err.ToAggregate()
} }
glog.V(4).Infof("Loaded %d audit policy rules from file %s\n", len(policy.Rules), filePath) policyCnt := len(policy.Rules)
if policyCnt == 0 {
return nil, fmt.Errorf("loaded illegal policy with 0 rules from file %s", filePath)
}
glog.V(4).Infof("Loaded %d audit policy rules from file %s", policyCnt, filePath)
return policy, nil return policy, nil
} }
...@@ -32,7 +32,7 @@ import ( ...@@ -32,7 +32,7 @@ import (
) )
const policyDefV1alpha1 = ` const policyDefV1alpha1 = `
apiVersion: audit.k8s.io/v1beta1 apiVersion: audit.k8s.io/v1alpha1
kind: Policy kind: Policy
rules: rules:
- level: None - level: None
...@@ -91,16 +91,11 @@ var expectedPolicy = &audit.Policy{ ...@@ -91,16 +91,11 @@ var expectedPolicy = &audit.Policy{
} }
func TestParserV1alpha1(t *testing.T) { func TestParserV1alpha1(t *testing.T) {
// Create a policy file. f, err := writePolicy(policyDefV1alpha1, t)
f, err := ioutil.TempFile("", "policy.yaml")
require.NoError(t, err)
defer os.Remove(f.Name())
_, err = f.WriteString(policyDefV1alpha1)
require.NoError(t, err) require.NoError(t, err)
require.NoError(t, f.Close()) defer os.Remove(f)
policy, err := LoadPolicyFromFile(f.Name()) policy, err := LoadPolicyFromFile(f)
require.NoError(t, err) require.NoError(t, err)
assert.Len(t, policy.Rules, 3) // Sanity check. assert.Len(t, policy.Rules, 3) // Sanity check.
...@@ -110,16 +105,11 @@ func TestParserV1alpha1(t *testing.T) { ...@@ -110,16 +105,11 @@ func TestParserV1alpha1(t *testing.T) {
} }
func TestParserV1beta1(t *testing.T) { func TestParserV1beta1(t *testing.T) {
// Create a policy file. f, err := writePolicy(policyDefV1beta1, t)
f, err := ioutil.TempFile("", "policy.yaml")
require.NoError(t, err) require.NoError(t, err)
defer os.Remove(f.Name()) defer os.Remove(f)
_, err = f.WriteString(policyDefV1beta1) policy, err := LoadPolicyFromFile(f)
require.NoError(t, err)
require.NoError(t, f.Close())
policy, err := LoadPolicyFromFile(f.Name())
require.NoError(t, err) require.NoError(t, err)
assert.Len(t, policy.Rules, 3) // Sanity check. assert.Len(t, policy.Rules, 3) // Sanity check.
...@@ -127,3 +117,37 @@ func TestParserV1beta1(t *testing.T) { ...@@ -127,3 +117,37 @@ func TestParserV1beta1(t *testing.T) {
t.Errorf("Unexpected policy! Diff:\n%s", diff.ObjectDiff(policy, expectedPolicy)) t.Errorf("Unexpected policy! Diff:\n%s", diff.ObjectDiff(policy, expectedPolicy))
} }
} }
func TestPolicyCntCheck(t *testing.T) {
//a set of testCases
var testCases = []struct {
caseName, policy string
}{
{
"policyWithNoRule",
`apiVersion: audit.k8s.io/v1beta1
kind: Policy`,
},
{"emptyPolicyFile", ""},
}
for _, tc := range testCases {
f, err := writePolicy(tc.policy, t)
require.NoError(t, err)
defer os.Remove(f)
_, err = LoadPolicyFromFile(f)
assert.Errorf(t, err, "loaded illegal policy with 0 rules from testCase %s", tc.caseName)
}
}
func writePolicy(policy string, t *testing.T) (string, error) {
f, err := ioutil.TempFile("", "policy.yaml")
require.NoError(t, err)
_, err = f.WriteString(policy)
require.NoError(t, err)
require.NoError(t, f.Close())
return f.Name(), nil
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment