@@ -179,24 +179,8 @@ func TestAdmitSuccess(t *testing.T) {
179179 defaultGroup := int64 (2 )
180180
181181 // create scc that requires allocation retrieval
182- saSCC := & securityapi.SecurityContextConstraints {
183- ObjectMeta : metav1.ObjectMeta {
184- Name : "scc-sa" ,
185- },
186- RunAsUser : securityapi.RunAsUserStrategyOptions {
187- Type : securityapi .RunAsUserStrategyMustRunAsRange ,
188- },
189- SELinuxContext : securityapi.SELinuxContextStrategyOptions {
190- Type : securityapi .SELinuxStrategyMustRunAs ,
191- },
192- FSGroup : securityapi.FSGroupStrategyOptions {
193- Type : securityapi .FSGroupStrategyMustRunAs ,
194- },
195- SupplementalGroups : securityapi.SupplementalGroupsStrategyOptions {
196- Type : securityapi .SupplementalGroupsStrategyMustRunAs ,
197- },
198- Groups : []string {"system:serviceaccounts" },
199- }
182+ saSCC := saSCC ()
183+
200184 // create scc that has specific requirements that shouldn't match but is permissioned to
201185 // service accounts to test that even though this has matching priorities (0) and a
202186 // lower point value score (which will cause it to be sorted in front of scc-sa) it should not
@@ -337,24 +321,8 @@ func TestAdmitFailure(t *testing.T) {
337321 tc := setupClientSet ()
338322
339323 // create scc that requires allocation retrieval
340- saSCC := & securityapi.SecurityContextConstraints {
341- ObjectMeta : metav1.ObjectMeta {
342- Name : "scc-sa" ,
343- },
344- RunAsUser : securityapi.RunAsUserStrategyOptions {
345- Type : securityapi .RunAsUserStrategyMustRunAsRange ,
346- },
347- SELinuxContext : securityapi.SELinuxContextStrategyOptions {
348- Type : securityapi .SELinuxStrategyMustRunAs ,
349- },
350- FSGroup : securityapi.FSGroupStrategyOptions {
351- Type : securityapi .FSGroupStrategyMustRunAs ,
352- },
353- SupplementalGroups : securityapi.SupplementalGroupsStrategyOptions {
354- Type : securityapi .SupplementalGroupsStrategyMustRunAs ,
355- },
356- Groups : []string {"system:serviceaccounts" },
357- }
324+ saSCC := saSCC ()
325+
358326 // create scc that has specific requirements that shouldn't match but is permissioned to
359327 // service accounts to test that even though this has matching priorities (0) and a
360328 // lower point value score (which will cause it to be sorted in front of scc-sa) it should not
@@ -1083,6 +1051,27 @@ func restrictiveSCC() *securityapi.SecurityContextConstraints {
10831051 }
10841052}
10851053
1054+ func saSCC () * securityapi.SecurityContextConstraints {
1055+ return & securityapi.SecurityContextConstraints {
1056+ ObjectMeta : metav1.ObjectMeta {
1057+ Name : "scc-sa" ,
1058+ },
1059+ RunAsUser : securityapi.RunAsUserStrategyOptions {
1060+ Type : securityapi .RunAsUserStrategyMustRunAsRange ,
1061+ },
1062+ SELinuxContext : securityapi.SELinuxContextStrategyOptions {
1063+ Type : securityapi .SELinuxStrategyMustRunAs ,
1064+ },
1065+ FSGroup : securityapi.FSGroupStrategyOptions {
1066+ Type : securityapi .FSGroupStrategyMustRunAs ,
1067+ },
1068+ SupplementalGroups : securityapi.SupplementalGroupsStrategyOptions {
1069+ Type : securityapi .SupplementalGroupsStrategyMustRunAs ,
1070+ },
1071+ Groups : []string {"system:serviceaccounts" },
1072+ }
1073+ }
1074+
10861075func saExactSCC () * securityapi.SecurityContextConstraints {
10871076 var exactUID int64 = 999
10881077 return & securityapi.SecurityContextConstraints {
0 commit comments