@@ -24,7 +24,6 @@ import (
2424 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2525 "k8s.io/apimachinery/pkg/labels"
2626 clientset "k8s.io/client-go/kubernetes"
27- "k8s.io/kubernetes/pkg/security/apparmor"
2827 "k8s.io/kubernetes/test/e2e/framework"
2928 e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
3029 imageutils "k8s.io/kubernetes/test/utils/image"
@@ -37,6 +36,14 @@ const (
3736
3837 loaderLabelKey = "name"
3938 loaderLabelValue = "e2e-apparmor-loader"
39+
40+ // TODO: import this from the k8s.io/api once it's moved there (ref: https://github.com/kubernetes/kubernetes/pull/89198)
41+ // Unconfined profile
42+ profileNameUnconfined = "unconfined"
43+
44+ // TODO: import this from the k8s.io/api once it's moved there (ref: https://github.com/kubernetes/kubernetes/pull/89198)
45+ // The prefix to an annotation key specifying a container profile.
46+ containerAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/"
4047)
4148
4249// LoadAppArmorProfiles creates apparmor-profiles ConfigMap and apparmor-loader ReplicationController.
@@ -64,7 +71,7 @@ elif [[ $(< /proc/self/attr/current) != "%[3]s" ]]; then
6471fi` , appArmorDeniedPath , appArmorAllowedPath , appArmorProfilePrefix + nsName )
6572
6673 if unconfined {
67- profile = apparmor . ProfileNameUnconfined
74+ profile = profileNameUnconfined
6875 testCmd = `
6976if cat /proc/sysrq-trigger 2>&1 | grep 'Permission denied'; then
7077 echo 'FAILURE: reading /proc/sysrq-trigger should be allowed'
@@ -98,7 +105,7 @@ done`, testCmd)
98105 ObjectMeta : metav1.ObjectMeta {
99106 GenerateName : "test-apparmor-" ,
100107 Annotations : map [string ]string {
101- apparmor . ContainerAnnotationKeyPrefix + "test" : profile ,
108+ containerAnnotationKeyPrefix + "test" : profile ,
102109 },
103110 Labels : map [string ]string {
104111 "test" : "apparmor" ,
0 commit comments