aboutsummaryrefslogtreecommitdiffstats
path: root/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py
diff options
context:
space:
mode:
Diffstat (limited to 'sdv/docker/sdvstate/internal/validator/kuberef/security_check.py')
-rw-r--r--sdv/docker/sdvstate/internal/validator/kuberef/security_check.py26
1 files changed, 25 insertions, 1 deletions
diff --git a/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py b/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py
index f49048c..a6c15ee 100644
--- a/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py
+++ b/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py
@@ -2,6 +2,8 @@
Security Checks
"""
+#pylint: disable=broad-except
+
import time
import logging
from tools.kube_utils import kube_api, kube_curl
@@ -62,6 +64,12 @@ def capability_check():
except RuntimeError as error:
status.append(error)
+ except Exception as error:
+ kube.delete_namespaced_pod(name=pod_cap.metadata.name, namespace='default')
+ result['criteria'] = 'fail'
+ status.append(error)
+
+
result['details'].append(status)
store_result(logger, result)
return result
@@ -118,6 +126,11 @@ def privilege_check():
except RuntimeError as error:
status.append(error)
+ except Exception as error:
+ kube.delete_namespaced_pod(name=pod_priv.metadata.name, namespace='default')
+ result['criteria'] = 'fail'
+ status.append(error)
+
result['details'].append(status)
store_result(logger, result)
@@ -157,7 +170,7 @@ def host_network_check():
try:
pod_nw = kube.create_namespaced_pod(body=pod_manifest, namespace='default')
- time.sleep(5)
+ time.sleep(6)
kube.delete_namespaced_pod(name=pod_nw.metadata.name, namespace='default')
result['criteria'] = 'fail'
@@ -168,6 +181,12 @@ def host_network_check():
except RuntimeError as error:
status.append(error)
+ except Exception as error:
+ kube.delete_namespaced_pod(name=pod_nw.metadata.name, namespace='default')
+ result['criteria'] = 'fail'
+ status.append(error)
+
+
result['details'].append(status)
store_result(logger, result)
@@ -227,6 +246,11 @@ def host_path_vol_check():
except RuntimeError as error:
status.append(error)
+ except Exception as error:
+ kube.delete_namespaced_pod(name=pod_vol.metadata.name, namespace='default')
+ result['criteria'] = 'fail'
+ status.append(error)
+
result['details'].append(status)
store_result(logger, result)