diff options
Diffstat (limited to 'test/security/k8s/src/check/validators/master/api.go')
-rw-r--r-- | test/security/k8s/src/check/validators/master/api.go | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/test/security/k8s/src/check/validators/master/api.go b/test/security/k8s/src/check/validators/master/api.go index bc25d9922..c2a99641e 100644 --- a/test/security/k8s/src/check/validators/master/api.go +++ b/test/security/k8s/src/check/validators/master/api.go @@ -18,6 +18,8 @@ const ( "_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM" + "_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM" + "_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" + + requestTimeout = 60 ) // IsBasicAuthFileAbsent validates there is no basic authentication file specified. @@ -363,3 +365,27 @@ func hasSingleFlagRecommendedNumericArgument(flag string, recommendation int, pa } return true } + +// IsRequestTimeoutValid validates request timeout is set and it has recommended value. +func IsRequestTimeoutValid(params []string) bool { + return isFlagAbsent("--request-timeout", params) || + hasSingleFlagValidTimeout("--request-timeout", requestTimeout, 2*requestTimeout, params) +} + +// hasSingleFlagValidTimeout checks whether selected flag has valid timeout as an argument in given command. +func hasSingleFlagValidTimeout(flag string, min int, max int, params []string) bool { + found := filterFlags(params, flag) + if len(found) != 1 { + return false + } + + _, value := splitKV(found[0], "=") + timeout, err := strconv.Atoi(value) // what about empty parameter? + if err != nil { + return false + } + if timeout < min || timeout > max { + return false + } + return true +} |