aboutsummaryrefslogtreecommitdiffstats
path: root/test/security/k8s/src/check/validators/master/api.go
diff options
context:
space:
mode:
Diffstat (limited to 'test/security/k8s/src/check/validators/master/api.go')
-rw-r--r--test/security/k8s/src/check/validators/master/api.go26
1 files changed, 26 insertions, 0 deletions
diff --git a/test/security/k8s/src/check/validators/master/api.go b/test/security/k8s/src/check/validators/master/api.go
index bc25d9922..c2a99641e 100644
--- a/test/security/k8s/src/check/validators/master/api.go
+++ b/test/security/k8s/src/check/validators/master/api.go
@@ -18,6 +18,8 @@ const (
"_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM" +
"_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM" +
"_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256"
+
+ requestTimeout = 60
)
// IsBasicAuthFileAbsent validates there is no basic authentication file specified.
@@ -363,3 +365,27 @@ func hasSingleFlagRecommendedNumericArgument(flag string, recommendation int, pa
}
return true
}
+
+// IsRequestTimeoutValid validates request timeout is set and it has recommended value.
+func IsRequestTimeoutValid(params []string) bool {
+ return isFlagAbsent("--request-timeout", params) ||
+ hasSingleFlagValidTimeout("--request-timeout", requestTimeout, 2*requestTimeout, params)
+}
+
+// hasSingleFlagValidTimeout checks whether selected flag has valid timeout as an argument in given command.
+func hasSingleFlagValidTimeout(flag string, min int, max int, params []string) bool {
+ found := filterFlags(params, flag)
+ if len(found) != 1 {
+ return false
+ }
+
+ _, value := splitKV(found[0], "=")
+ timeout, err := strconv.Atoi(value) // what about empty parameter?
+ if err != nil {
+ return false
+ }
+ if timeout < min || timeout > max {
+ return false
+ }
+ return true
+}