admission_test.go(saSCC): extract function.

openshift · Nov 15, 2017 · 4eaeda2 · 4eaeda2
1 parent e8a9047
commit 4eaeda2
Showing 1 changed file with 25 additions and 36 deletions.
diff --git a/pkg/security/admission/admission_test.go b/pkg/security/admission/admission_test.go
@@ -179,24 +179,8 @@ func TestAdmitSuccess(t *testing.T) {
 	defaultGroup := int64(2)
 
 	// create scc that requires allocation retrieval
-	saSCC := &securityapi.SecurityContextConstraints{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "scc-sa",
-		},
-		RunAsUser: securityapi.RunAsUserStrategyOptions{
-			Type: securityapi.RunAsUserStrategyMustRunAsRange,
-		},
-		SELinuxContext: securityapi.SELinuxContextStrategyOptions{
-			Type: securityapi.SELinuxStrategyMustRunAs,
-		},
-		FSGroup: securityapi.FSGroupStrategyOptions{
-			Type: securityapi.FSGroupStrategyMustRunAs,
-		},
-		SupplementalGroups: securityapi.SupplementalGroupsStrategyOptions{
-			Type: securityapi.SupplementalGroupsStrategyMustRunAs,
-		},
-		Groups: []string{"system:serviceaccounts"},
-	}
+	saSCC := saSCC()
+
 	// create scc that has specific requirements that shouldn't match but is permissioned to
 	// service accounts to test that even though this has matching priorities (0) and a
 	// lower point value score (which will cause it to be sorted in front of scc-sa) it should not
@@ -337,24 +321,8 @@ func TestAdmitFailure(t *testing.T) {
 	tc := setupClientSet()
 
 	// create scc that requires allocation retrieval
-	saSCC := &securityapi.SecurityContextConstraints{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "scc-sa",
-		},
-		RunAsUser: securityapi.RunAsUserStrategyOptions{
-			Type: securityapi.RunAsUserStrategyMustRunAsRange,
-		},
-		SELinuxContext: securityapi.SELinuxContextStrategyOptions{
-			Type: securityapi.SELinuxStrategyMustRunAs,
-		},
-		FSGroup: securityapi.FSGroupStrategyOptions{
-			Type: securityapi.FSGroupStrategyMustRunAs,
-		},
-		SupplementalGroups: securityapi.SupplementalGroupsStrategyOptions{
-			Type: securityapi.SupplementalGroupsStrategyMustRunAs,
-		},
-		Groups: []string{"system:serviceaccounts"},
-	}
+	saSCC := saSCC()
+
 	// create scc that has specific requirements that shouldn't match but is permissioned to
 	// service accounts to test that even though this has matching priorities (0) and a
 	// lower point value score (which will cause it to be sorted in front of scc-sa) it should not
@@ -1083,6 +1051,27 @@ func restrictiveSCC() *securityapi.SecurityContextConstraints {
 	}
 }
 
+func saSCC() *securityapi.SecurityContextConstraints {
+	return &securityapi.SecurityContextConstraints{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "scc-sa",
+		},
+		RunAsUser: securityapi.RunAsUserStrategyOptions{
+			Type: securityapi.RunAsUserStrategyMustRunAsRange,
+		},
+		SELinuxContext: securityapi.SELinuxContextStrategyOptions{
+			Type: securityapi.SELinuxStrategyMustRunAs,
+		},
+		FSGroup: securityapi.FSGroupStrategyOptions{
+			Type: securityapi.FSGroupStrategyMustRunAs,
+		},
+		SupplementalGroups: securityapi.SupplementalGroupsStrategyOptions{
+			Type: securityapi.SupplementalGroupsStrategyMustRunAs,
+		},
+		Groups: []string{"system:serviceaccounts"},
+	}
+}
+
 func saExactSCC() *securityapi.SecurityContextConstraints {
 	var exactUID int64 = 999
 	return &securityapi.SecurityContextConstraints{