From 1a5a1ad36edcb3d8e6d041aa9ea1f622206c37f5 Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek
Date: Wed, 18 Nov 2020 16:49:21 +0100
Subject: Add namespace filtering to SSL endpoints check
Utility "sslendpoints" now supports scanning only selected Kubernetes
cluster namespace. To do so, add "-namespace" flag with namespace of
your choice as its argument to the executed command.
Default behavior remained unchanged, i.e. scan covers all namespaces.
Issue-ID: INT-1582
Change-Id: If5534b76bca94248a5003d735c25328648e478a1
Signed-off-by: Pawel Wieczorek
---
test/security/sslendpoints/main.go | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
(limited to 'test')
diff --git a/test/security/sslendpoints/main.go b/test/security/sslendpoints/main.go
index 331979e38..ce5948cc5 100644
--- a/test/security/sslendpoints/main.go
+++ b/test/security/sslendpoints/main.go
@@ -28,6 +28,7 @@ const (
var (
kubeconfig *string
+ namespace *string
xfailName *string
)
@@ -37,9 +38,15 @@ func main() {
} else {
kubeconfig = flag.String("kubeconfig", "", "absolute path to the kubeconfig file")
}
+ namespace = flag.String("namespace", "", "(optional) name of specific namespace to scan")
xfailName = flag.String("xfail", "", "(optional) absolute path to the expected failures file")
flag.Parse()
+ var listOptions metav1.ListOptions
+ if *namespace != "" {
+ listOptions = metav1.ListOptions{FieldSelector: "metadata.namespace=" + *namespace}
+ }
+
xfails := make(map[uint16]string)
if *xfailName != "" {
xfailFile, err := os.Open(*xfailName)
@@ -94,7 +101,7 @@ func main() {
}
// get list of services to extract nodeport information
- services, err := clientset.CoreV1().Services("").List(metav1.ListOptions{})
+ services, err := clientset.CoreV1().Services("").List(listOptions)
if err != nil {
log.Panicf("Unable to get list of services: %v", err)
}
--
cgit 1.2.3-korg