diff options
Diffstat (limited to 'sdv/docker/sdvstate/internal/validator/kuberef/security_check.py')
-rw-r--r-- | sdv/docker/sdvstate/internal/validator/kuberef/security_check.py | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py b/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py index f49048c..a6c15ee 100644 --- a/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py +++ b/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py @@ -2,6 +2,8 @@ Security Checks """ +#pylint: disable=broad-except + import time import logging from tools.kube_utils import kube_api, kube_curl @@ -62,6 +64,12 @@ def capability_check(): except RuntimeError as error: status.append(error) + except Exception as error: + kube.delete_namespaced_pod(name=pod_cap.metadata.name, namespace='default') + result['criteria'] = 'fail' + status.append(error) + + result['details'].append(status) store_result(logger, result) return result @@ -118,6 +126,11 @@ def privilege_check(): except RuntimeError as error: status.append(error) + except Exception as error: + kube.delete_namespaced_pod(name=pod_priv.metadata.name, namespace='default') + result['criteria'] = 'fail' + status.append(error) + result['details'].append(status) store_result(logger, result) @@ -157,7 +170,7 @@ def host_network_check(): try: pod_nw = kube.create_namespaced_pod(body=pod_manifest, namespace='default') - time.sleep(5) + time.sleep(6) kube.delete_namespaced_pod(name=pod_nw.metadata.name, namespace='default') result['criteria'] = 'fail' @@ -168,6 +181,12 @@ def host_network_check(): except RuntimeError as error: status.append(error) + except Exception as error: + kube.delete_namespaced_pod(name=pod_nw.metadata.name, namespace='default') + result['criteria'] = 'fail' + status.append(error) + + result['details'].append(status) store_result(logger, result) @@ -227,6 +246,11 @@ def host_path_vol_check(): except RuntimeError as error: status.append(error) + except Exception as error: + kube.delete_namespaced_pod(name=pod_vol.metadata.name, namespace='default') + result['criteria'] = 'fail' + status.append(error) + result['details'].append(status) store_result(logger, result) |