Skip to content

Commit

Permalink
pr feedback: move configOpt to securitypolicy package.
Browse files Browse the repository at this point in the history
Signed-off-by: Maksim An <maksiman@microsoft.com>
  • Loading branch information
anmaxvl committed Apr 7, 2022
1 parent 866b1fb commit 77e0f86
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 28 deletions.
27 changes: 27 additions & 0 deletions pkg/securitypolicy/opts.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
package securitypolicy

type ContainerConfigOpt func(*ContainerConfig) error

// WithEnvVarRules adds environment variable constraints to container policy config.
func WithEnvVarRules(envs []EnvRuleConfig) ContainerConfigOpt {
return func(c *ContainerConfig) error {
c.EnvRules = append(c.EnvRules, envs...)
return nil
}
}

// WithExpectedMounts adds expected mounts to container policy config.
func WithExpectedMounts(em []string) ContainerConfigOpt {
return func(c *ContainerConfig) error {
c.ExpectedMounts = append(c.ExpectedMounts, em...)
return nil
}
}

// WithWorkingDir sets working directory in container policy config.
func WithWorkingDir(wd string) ContainerConfigOpt {
return func(c *ContainerConfig) error {
c.WorkingDir = wd
return nil
}
}
33 changes: 5 additions & 28 deletions test/cri-containerd/policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,29 +20,6 @@ var (
validPolicyAlpineCommand = []string{"ash", "-c", "echo 'Hello'"}
)

type configOpt func(*securitypolicy.ContainerConfig) error

func withExpectedMounts(em []string) configOpt {
return func(conf *securitypolicy.ContainerConfig) error {
conf.ExpectedMounts = append(conf.ExpectedMounts, em...)
return nil
}
}

func withEnvVarRules(envRules []securitypolicy.EnvRuleConfig) configOpt {
return func(config *securitypolicy.ContainerConfig) error {
config.EnvRules = append(config.EnvRules, envRules...)
return nil
}
}

func withWorkingDir(workingDir string) configOpt {
return func(config *securitypolicy.ContainerConfig) error {
config.WorkingDir = workingDir
return nil
}
}

func securityPolicyFromContainers(containers []securitypolicy.ContainerConfig) (string, error) {
pc, err := helpers.PolicyContainersFromConfigs(containers)
if err != nil {
Expand All @@ -65,7 +42,7 @@ func sandboxSecurityPolicy(t *testing.T) string {
return policyString
}

func alpineSecurityPolicy(t *testing.T, opts ...configOpt) string {
func alpineSecurityPolicy(t *testing.T, opts ...securitypolicy.ContainerConfigOpt) string {
defaultContainers := helpers.DefaultContainerConfigs()
alpineContainer := securitypolicy.NewContainerConfig(
"alpine:latest",
Expand Down Expand Up @@ -287,7 +264,7 @@ func Test_RunContainer_ValidContainerConfigs_Allowed(t *testing.T) {
type config struct {
name string
sf sideEffect
opts []configOpt
opts []securitypolicy.ContainerConfigOpt
}

requireFeatures(t, featureLCOW, featureLCOWIntegrity)
Expand All @@ -303,7 +280,7 @@ func Test_RunContainer_ValidContainerConfigs_Allowed(t *testing.T) {
sf: func(req *runtime.CreateContainerRequest) {
req.Config.WorkingDir = "/root"
},
opts: []configOpt{withWorkingDir("/root")},
opts: []securitypolicy.ContainerConfigOpt{securitypolicy.WithWorkingDir("/root")},
},
{
name: "EnvironmentVariable",
Expand All @@ -313,8 +290,8 @@ func Test_RunContainer_ValidContainerConfigs_Allowed(t *testing.T) {
Value: "VALUE",
})
},
opts: []configOpt{
withEnvVarRules(
opts: []securitypolicy.ContainerConfigOpt{
securitypolicy.WithEnvVarRules(
[]securitypolicy.EnvRuleConfig{
{
Strategy: securitypolicy.EnvVarRuleString,
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 77e0f86

Please sign in to comment.