aboutsummaryrefslogtreecommitdiffstats
path: root/test/security/k8s/src/check/validators/master/api_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'test/security/k8s/src/check/validators/master/api_test.go')
-rw-r--r--test/security/k8s/src/check/validators/master/api_test.go10
1 files changed, 10 insertions, 0 deletions
diff --git a/test/security/k8s/src/check/validators/master/api_test.go b/test/security/k8s/src/check/validators/master/api_test.go
index 4e125663a..233662a63 100644
--- a/test/security/k8s/src/check/validators/master/api_test.go
+++ b/test/security/k8s/src/check/validators/master/api_test.go
@@ -305,5 +305,15 @@ var _ = Describe("Api", func() {
Entry("Is not present on Dublin cluster", kubeApiServerDublin, false),
Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
)
+
+ DescribeTable("NamespaceLifecycle admission control plugin",
+ func(params []string, expected bool) {
+ Expect(IsNamespaceLifecycleAdmissionControlPluginNotExcluded(params)).To(Equal(expected))
+ },
+ Entry("Is explicitly disabled on insecure cluster", []string{"--disable-admission-plugins=Foo,Bar,NamespaceLifecycle,Baz,Quuz"}, false),
+ Entry("Should not be disabled on CIS-compliant cluster", kubeApiServerCISCompliant, true),
+ Entry("Should not be disabled on Casablanca cluster", kubeApiServerCasablanca, true),
+ Entry("Should not be disabled on Dublin cluster", kubeApiServerDublin, true),
+ )
})
})