diff --git a/check/data b/check/data index 1e88841..435940e 100644 --- a/check/data +++ b/check/data @@ -116,3 +116,45 @@ groups: op: eq value: "600" set: true + + - id: 10 + text: "flag value includes some value in a comma-separated list, value is last in list" + tests: + test_items: + - flag: "--admission-control" + compare: + op: has + value: RBAC + set: true + + - id: 11 + text: "flag value includes some value in a comma-separated list, value is first in list" + tests: + test_items: + - flag: "--admission-control" + compare: + op: has + value: WebHook + set: true + + - id: 12 + text: "flag value includes some value in a comma-separated list, value middle of list" + tests: + test_items: + - flag: "--admission-control" + compare: + op: has + value: Something + set: true + + - id: 13 + text: "flag value includes some value in a comma-separated list, value only one in list" + tests: + test_items: + - flag: "--admission-control" + compare: + op: has + value: Something + set: true + + diff --git a/check/test_test.go b/check/test_test.go index a0228c2..b2d9ac8 100644 --- a/check/test_test.go +++ b/check/test_test.go @@ -94,6 +94,22 @@ func TestTestExecute(t *testing.T) { controls.Groups[0].Checks[9], "600", }, + { + controls.Groups[0].Checks[10], + "2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,RBAC ---audit-log-maxage=40", + }, + { + controls.Groups[0].Checks[11], + "2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,RBAC ---audit-log-maxage=40", + }, + { + controls.Groups[0].Checks[12], + "2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,Something,RBAC ---audit-log-maxage=40", + }, + { + controls.Groups[0].Checks[13], + "2:45 ../kubernetes/kube-apiserver --option --admission-control=Something ---audit-log-maxage=40", + }, } for _, c := range cases {