diff options
author | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2020-11-18 16:49:21 +0100 |
---|---|---|
committer | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2020-11-25 15:55:49 +0100 |
commit | 1a5a1ad36edcb3d8e6d041aa9ea1f622206c37f5 (patch) | |
tree | 95d8d271e23cbd14f0700e0363412e1e9015ed98 /test | |
parent | 8e134bf7afafbaa99b11e98da809c495f32bf7d4 (diff) |
Add namespace filtering to SSL endpoints check
Utility "sslendpoints" now supports scanning only selected Kubernetes
cluster namespace. To do so, add "-namespace" flag with namespace of
your choice as its argument to the executed command.
Default behavior remained unchanged, i.e. scan covers all namespaces.
Issue-ID: INT-1582
Change-Id: If5534b76bca94248a5003d735c25328648e478a1
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/security/sslendpoints/main.go | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/test/security/sslendpoints/main.go b/test/security/sslendpoints/main.go index 331979e38..ce5948cc5 100644 --- a/test/security/sslendpoints/main.go +++ b/test/security/sslendpoints/main.go @@ -28,6 +28,7 @@ const ( var ( kubeconfig *string + namespace *string xfailName *string ) @@ -37,9 +38,15 @@ func main() { } else { kubeconfig = flag.String("kubeconfig", "", "absolute path to the kubeconfig file") } + namespace = flag.String("namespace", "", "(optional) name of specific namespace to scan") xfailName = flag.String("xfail", "", "(optional) absolute path to the expected failures file") flag.Parse() + var listOptions metav1.ListOptions + if *namespace != "" { + listOptions = metav1.ListOptions{FieldSelector: "metadata.namespace=" + *namespace} + } + xfails := make(map[uint16]string) if *xfailName != "" { xfailFile, err := os.Open(*xfailName) @@ -94,7 +101,7 @@ func main() { } // get list of services to extract nodeport information - services, err := clientset.CoreV1().Services("").List(metav1.ListOptions{}) + services, err := clientset.CoreV1().Services("").List(listOptions) if err != nil { log.Panicf("Unable to get list of services: %v", err) } |