diff options
Diffstat (limited to 'test/security/k8s/src/check/validators/master/api.go')
-rw-r--r-- | test/security/k8s/src/check/validators/master/api.go | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/test/security/k8s/src/check/validators/master/api.go b/test/security/k8s/src/check/validators/master/api.go index ea0d9ece9..bc25d9922 100644 --- a/test/security/k8s/src/check/validators/master/api.go +++ b/test/security/k8s/src/check/validators/master/api.go @@ -262,12 +262,17 @@ func hasFlagArgumentIncluded(flag string, argument string, params []string) bool return false } -// IsAlwaysAllowAuthorizationModeExcluded validates AlwaysAllow is excluded from admission control plugins. +// IsAlwaysAllowAuthorizationModeExcluded validates AlwaysAllow is excluded from authorization modes. func IsAlwaysAllowAuthorizationModeExcluded(params []string) bool { return isSingleFlagPresent("--authorization-mode=", params) && !hasFlagArgumentIncluded("--authorization-mode=", "AlwaysAllow", params) } +// IsNodeAuthorizationModeIncluded validates Node is included in authorization modes. +func IsNodeAuthorizationModeIncluded(params []string) bool { + return hasFlagArgumentIncluded("--authorization-mode=", "Node", params) +} + // IsAuditLogPathSet validates there is single "--audit-log-path" flag and has non-empty argument. func IsAuditLogPathSet(params []string) bool { return hasSingleFlagNonemptyArgument("--audit-log-path=", params) |