// NodeOSDistroIs returns true if the distro is the same as `--node-os-distro` // the package framework/pod can't import the framework package (see #81245) // we need to check if the --node-os-distro=windows is set and the framework package // is the one that's parsing the flags, as a workaround this method is looking for the same flag again // TODO: replace with `framework.NodeOSDistroIs` when #81245 is complete func NodeOSDistroIs(distro string) bool { … } const InfiniteSleepCommand … // GenerateScriptCmd generates the corresponding command lines to execute a command. func GenerateScriptCmd(command string) []string { … } // GetDefaultTestImage returns the default test image based on OS. // If the node OS is windows, currently we return Agnhost image for Windows node // due to the issue of #https://github.com/kubernetes-sigs/windows-testing/pull/35. // If the node OS is linux, return busybox image func GetDefaultTestImage() string { … } // GetDefaultTestImageID returns the default test image id based on OS. // If the node OS is windows, currently we return Agnhost image for Windows node // due to the issue of #https://github.com/kubernetes-sigs/windows-testing/pull/35. // If the node OS is linux, return busybox image func GetDefaultTestImageID() imageutils.ImageID { … } // GetTestImage returns the image name with the given input // If the Node OS is windows, currently we return Agnhost image for Windows node // due to the issue of #https://github.com/kubernetes-sigs/windows-testing/pull/35. func GetTestImage(id imageutils.ImageID) string { … } // GetTestImageID returns the image id with the given input // If the Node OS is windows, currently we return Agnhost image for Windows node // due to the issue of #https://github.com/kubernetes-sigs/windows-testing/pull/35. func GetTestImageID(id imageutils.ImageID) imageutils.ImageID { … } // GetDefaultNonRootUser returns default non root user // If the Node OS is windows, we return nill due to issue with invalid permissions set on projected volumes // https://github.com/kubernetes/kubernetes/issues/102849 func GetDefaultNonRootUser() *int64 { … } // GeneratePodSecurityContext generates the corresponding pod security context with the given inputs // If the Node OS is windows, currently we will ignore the inputs and return nil. // TODO: Will modify it after windows has its own security context func GeneratePodSecurityContext(fsGroup *int64, seLinuxOptions *v1.SELinuxOptions) *v1.PodSecurityContext { … } // GenerateContainerSecurityContext generates the corresponding container security context with the given inputs // If the Node OS is windows, currently we will ignore the inputs and return nil. // TODO: Will modify it after windows has its own security context func GenerateContainerSecurityContext(level psaapi.Level) *v1.SecurityContext { … } // GetLinuxLabel returns the default SELinuxLabel based on OS. // If the node OS is windows, it will return nil func GetLinuxLabel() *v1.SELinuxOptions { … } const DefaultNonRootUser … const DefaultNonRootUserName … // GetRestrictedPodSecurityContext returns a restricted pod security context. // This includes setting RunAsUser for convenience, to pass the RunAsNonRoot check. // Tests that require a specific user ID should override this. func GetRestrictedPodSecurityContext() *v1.PodSecurityContext { … } // GetRestrictedContainerSecurityContext returns a minimal restricted container security context. func GetRestrictedContainerSecurityContext() *v1.SecurityContext { … } var ( psaEvaluator … _ … ) // MustMixinRestrictedPodSecurity makes the given pod compliant with the restricted pod security level. // If doing so would overwrite existing non-conformant configuration, a test failure is triggered. func MustMixinRestrictedPodSecurity(pod *v1.Pod) *v1.Pod { … } // MixinRestrictedPodSecurity makes the given pod compliant with the restricted pod security level. // If doing so would overwrite existing non-conformant configuration, an error is returned. // Note that this sets a default RunAsUser. See GetRestrictedPodSecurityContext. // TODO(#105919): Handle PodOS for windows pods. func MixinRestrictedPodSecurity(pod *v1.Pod) error { … } // mixinRestrictedContainerSecurityContext adds the required container security context options to // be compliant with the restricted pod security level. Non-conformance checking is handled by the // caller. func mixinRestrictedContainerSecurityContext(container *v1.Container) { … } // FindPodConditionByType loops through all pod conditions in pod status and returns the specified condition. func FindPodConditionByType(podStatus *v1.PodStatus, conditionType v1.PodConditionType) *v1.PodCondition { … } // FindContainerStatusInPod finds a container status by its name in the provided pod func FindContainerStatusInPod(pod *v1.Pod, containerName string) *v1.ContainerStatus { … }