From 1a5a1ad36edcb3d8e6d041aa9ea1f622206c37f5 Mon Sep 17 00:00:00 2001 From: Pawel Wieczorek Date: Wed, 18 Nov 2020 16:49:21 +0100 Subject: Add namespace filtering to SSL endpoints check Utility "sslendpoints" now supports scanning only selected Kubernetes cluster namespace. To do so, add "-namespace" flag with namespace of your choice as its argument to the executed command. Default behavior remained unchanged, i.e. scan covers all namespaces. Issue-ID: INT-1582 Change-Id: If5534b76bca94248a5003d735c25328648e478a1 Signed-off-by: Pawel Wieczorek --- test/security/sslendpoints/main.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/security/sslendpoints/main.go b/test/security/sslendpoints/main.go index 331979e38..ce5948cc5 100644 --- a/test/security/sslendpoints/main.go +++ b/test/security/sslendpoints/main.go @@ -28,6 +28,7 @@ const ( var ( kubeconfig *string + namespace *string xfailName *string ) @@ -37,9 +38,15 @@ func main() { } else { kubeconfig = flag.String("kubeconfig", "", "absolute path to the kubeconfig file") } + namespace = flag.String("namespace", "", "(optional) name of specific namespace to scan") xfailName = flag.String("xfail", "", "(optional) absolute path to the expected failures file") flag.Parse() + var listOptions metav1.ListOptions + if *namespace != "" { + listOptions = metav1.ListOptions{FieldSelector: "metadata.namespace=" + *namespace} + } + xfails := make(map[uint16]string) if *xfailName != "" { xfailFile, err := os.Open(*xfailName) @@ -94,7 +101,7 @@ func main() { } // get list of services to extract nodeport information - services, err := clientset.CoreV1().Services("").List(metav1.ListOptions{}) + services, err := clientset.CoreV1().Services("").List(listOptions) if err != nil { log.Panicf("Unable to get list of services: %v", err) } -- cgit 1.2.3-korg