github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-11 11:47:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

pull out messages into separate file, some rephrasing

Browse Source 
phrasing

fix tests
This commit is contained in:
Bobby Brennan
2019-04-10 21:00:24 +00:00
parent 8ee2f77c30
commit bcff5f10bc
4 changed files with 185 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
pkg/validator/container.go
View File

@@ -19,6 +19,7 @@ import (
"strings"
conf "github.com/reactiveops/fairwinds/pkg/config"
"github.com/reactiveops/fairwinds/pkg/validator/messages"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
)
@@ -63,27 +64,27 @@ func (cv *ContainerValidation) validateResources(resConf *conf.Resources) {
res := cv.Container.Resources
if resConf.CPURequestsMissing.IsActionable() && res.Requests.Cpu().MilliValue() == 0 {
cv.addFailure("CPU Requests are not set", resConf.CPURequestsMissing)
cv.addFailure(messages.CPURequestsMissing, resConf.CPURequestsMissing)
} else {
cv.validateResourceRange("CPU Requests", &resConf.CPURequestRanges, res.Requests.Cpu())
cv.validateResourceRange(messages.CPURequestsLabel, &resConf.CPURequestRanges, res.Requests.Cpu())
}
if resConf.CPULimitsMissing.IsActionable() && res.Limits.Cpu().MilliValue() == 0 {
cv.addFailure("CPU Limits are not set", resConf.CPULimitsMissing)
cv.addFailure(messages.CPULimitsMissing, resConf.CPULimitsMissing)
} else {
cv.validateResourceRange("CPU Limits", &resConf.CPULimitRanges, res.Requests.Cpu())
cv.validateResourceRange(messages.CPULimitsLabel, &resConf.CPULimitRanges, res.Requests.Cpu())
}
if resConf.MemoryRequestsMissing.IsActionable() && res.Requests.Memory().MilliValue() == 0 {
cv.addFailure("Memory Requests are not set", resConf.MemoryRequestsMissing)
cv.addFailure(messages.MemoryRequestsMissing, resConf.MemoryRequestsMissing)
} else {
cv.validateResourceRange("Memory Requests", &resConf.MemoryRequestRanges, res.Requests.Memory())
cv.validateResourceRange(messages.MemoryRequestsLabel, &resConf.MemoryRequestRanges, res.Requests.Memory())
}
if resConf.MemoryLimitsMissing.IsActionable() && res.Limits.Memory().MilliValue() == 0 {
cv.addFailure("Memory Limits are not set", resConf.MemoryLimitsMissing)
cv.addFailure(messages.MemoryLimitsMissing, resConf.MemoryLimitsMissing)
} else {
cv.validateResourceRange("Memory Limits", &resConf.MemoryLimitRanges, res.Limits.Memory())
cv.validateResourceRange(messages.MemoryLimitsLabel, &resConf.MemoryLimitRanges, res.Limits.Memory())
}
}
@@ -94,32 +95,32 @@ func (cv *ContainerValidation) validateResourceRange(resourceName string, rangeC
errorBelow := rangeConf.Error.Below
if errorAbove != nil && errorAbove.MilliValue() < res.MilliValue() {
cv.addError(fmt.Sprintf("%s are too high", resourceName))
cv.addError(fmt.Sprintf(messages.ResourceAmountTooHigh, resourceName, errorAbove.String()))
} else if warnAbove != nil && warnAbove.MilliValue() < res.MilliValue() {
cv.addWarning(fmt.Sprintf("%s are too high", resourceName))
cv.addWarning(fmt.Sprintf(messages.ResourceAmountTooHigh, resourceName, warnAbove.String()))
} else if errorBelow != nil && errorBelow.MilliValue() > res.MilliValue() {
cv.addError(fmt.Sprintf("%s are too low", resourceName))
cv.addError(fmt.Sprintf(messages.ResourceAmountTooLow, resourceName, errorBelow.String()))
} else if warnBelow != nil && warnBelow.MilliValue() > res.MilliValue() {
cv.addWarning(fmt.Sprintf("%s are too low", resourceName))
cv.addWarning(fmt.Sprintf(messages.ResourceAmountTooLow, resourceName, warnBelow.String()))
} else {
cv.addSuccess(fmt.Sprintf("%s are within the expected range", resourceName))
cv.addSuccess(fmt.Sprintf(messages.ResourceAmountCorrect, resourceName))
}
}
func (cv *ContainerValidation) validateHealthChecks(conf *conf.HealthChecks) {
if conf.ReadinessProbeMissing.IsActionable() {
if cv.Container.ReadinessProbe == nil {
cv.addFailure("Readiness probe needs to be configured", conf.ReadinessProbeMissing)
cv.addFailure(messages.ReadinessProbeNotConfigured, conf.ReadinessProbeMissing)
} else {
cv.addSuccess("Readiness probe configured")
cv.addSuccess(messages.ReadinessProbeConfigured)
}
}
if conf.LivenessProbeMissing.IsActionable() {
if cv.Container.LivenessProbe == nil {
cv.addFailure("Liveness probe needs to be configured", conf.LivenessProbeMissing)
cv.addFailure(messages.LivenessProbeNotConfigured, conf.LivenessProbeMissing)
} else {
cv.addSuccess("Liveness probe configured")
cv.addSuccess(messages.LivenessProbeConfigured)
}
}
}
@@ -128,9 +129,9 @@ func (cv *ContainerValidation) validateImage(imageConf *conf.Images) {
if imageConf.TagNotSpecified.IsActionable() {
img := strings.Split(cv.Container.Image, ":")
if len(img) == 1 || img[1] == "latest" {
cv.addFailure("Image tag should be specified", imageConf.TagNotSpecified)
cv.addFailure(messages.ImageTagNotSpecified, imageConf.TagNotSpecified)
} else {
cv.addSuccess("Image tag specified")
cv.addSuccess(messages.ImageTagSpecified)
}
}
}
@@ -146,9 +147,9 @@ func (cv *ContainerValidation) validateNetworking(networkConf *conf.Networking)
}
if hostPortSet {
cv.addFailure("Host port is configured, but it shouldn't be", networkConf.HostAliasSet)
cv.addFailure(messages.HostPortSet, networkConf.HostAliasSet)
} else {
cv.addSuccess("Host port is not configured")
cv.addSuccess(messages.HostPortNotSet)
}
}
}
@@ -161,55 +162,68 @@ func (cv *ContainerValidation) validateSecurity(securityConf *conf.Security) {
if securityConf.RunAsRootAllowed.IsActionable() {
if securityContext.RunAsNonRoot == (*bool)(nil) || !*securityContext.RunAsNonRoot {
cv.addFailure("Container is allowed to run as root", securityConf.RunAsRootAllowed)
cv.addFailure(messages.RunAsRootEnabled, securityConf.RunAsRootAllowed)
} else {
cv.addSuccess("Container is not allowed to run as root")
cv.addSuccess(messages.RunAsRootDisabled)
}
}
if securityConf.RunAsPrivileged.IsActionable() {
if securityContext.Privileged == (*bool)(nil) || !*securityContext.Privileged {
cv.addSuccess("Container is not running as privileged")
cv.addSuccess(messages.RunAsPrivilegedDisabled)
} else {
cv.addFailure("Container is running as privileged", securityConf.RunAsPrivileged)
cv.addFailure(messages.RunAsPrivilegedEnabled, securityConf.RunAsPrivileged)
}
}
if securityConf.NotReadOnlyRootFileSystem.IsActionable() {
if securityContext.ReadOnlyRootFilesystem == (*bool)(nil) || !*securityContext.ReadOnlyRootFilesystem {
cv.addFailure("Container is not running with a read only filesystem", securityConf.NotReadOnlyRootFileSystem)
cv.addFailure(messages.WritableFilesystem, securityConf.NotReadOnlyRootFileSystem)
} else {
cv.addSuccess("Container is running with a read only filesystem")
cv.addSuccess(messages.ReadOnlyFilesystem)
}
}
if securityConf.PrivilegeEscalationAllowed.IsActionable() {
if securityContext.AllowPrivilegeEscalation == (*bool)(nil) || !*securityContext.AllowPrivilegeEscalation {
cv.addSuccess("Container does not allow privilege escalation")
cv.addSuccess(messages.PrivilegeEscalationDisallowed)
} else {
cv.addFailure("Container allows privilege escalation", securityConf.PrivilegeEscalationAllowed)
cv.addFailure(messages.PrivilegeEscalationAllowed, securityConf.PrivilegeEscalationAllowed)
}
}
cv.validateCapabilities(securityConf.Capabilities.Error, conf.SeverityError)
cv.validateCapabilities(securityConf.Capabilities.Warning, conf.SeverityWarning)
hasSecurityError :=
!cv.validateCapabilities(securityConf.Capabilities.Error, conf.SeverityError)
hasSecurityWarning :=
!cv.validateCapabilities(securityConf.Capabilities.Warning, conf.SeverityWarning)
hasSecurityCheck := func(confLists conf.SecurityCapabilityLists) bool {
return len(confLists.IfAnyAdded) > 0 ||
len(confLists.IfAnyAddedBeyond) > 0 ||
len(confLists.IfAnyNotDropped) > 0
}
if !hasSecurityError && !hasSecurityWarning &&
(hasSecurityCheck(securityConf.Capabilities.Error) ||
hasSecurityCheck(securityConf.Capabilities.Warning)) {
cv.addSuccess(messages.SecurityCapabilitiesOK)
}
}
func (cv *ContainerValidation) validateCapabilities(confLists conf.SecurityCapabilityLists, severity conf.Severity) {
func (cv *ContainerValidation) validateCapabilities(confLists conf.SecurityCapabilityLists, severity conf.Severity) bool {
capabilities := &corev1.Capabilities{}
if cv.Container.SecurityContext != nil && cv.Container.SecurityContext.Capabilities != nil {
capabilities = cv.Container.SecurityContext.Capabilities
}
everythingOK := true
if len(confLists.IfAnyAdded) > 0 {
intersectAdds := capIntersection(capabilities.Add, confLists.IfAnyAdded)
if len(intersectAdds) > 0 {
capsString := commaSeparatedCapabilities(intersectAdds)
cv.addFailure(fmt.Sprintf("Security capabilities added from %v list: %v", severity, capsString), severity)
cv.addFailure(fmt.Sprintf(messages.HasBadSecurityCapabilities, capsString), severity)
everythingOK = false
} else if capContains(capabilities.Add, "ALL") {
cv.addFailure(fmt.Sprintf("All security capabilities added, violating %v list", severity), severity)
} else {
cv.addSuccess(fmt.Sprintf("No security capabilities added from %v list", severity))
cv.addFailure(fmt.Sprintf(messages.HasBadSecurityCapabilities, "ALL"), severity)
everythingOK = false
}
}
@@ -217,24 +231,24 @@ func (cv *ContainerValidation) validateCapabilities(confLists conf.SecurityCapab
differentAdds := capDifference(capabilities.Add, confLists.IfAnyAddedBeyond)
if len(differentAdds) > 0 {
capsString := commaSeparatedCapabilities(differentAdds)
cv.addFailure(fmt.Sprintf("Security capabilities added beyond %v list: %v", severity, capsString), severity)
cv.addFailure(fmt.Sprintf(messages.HasBadSecurityCapabilities, capsString), severity)
everythingOK = false
} else if capContains(capabilities.Add, "ALL") {
cv.addFailure(fmt.Sprintf("All security capabilities added, going beyond %v list", severity), severity)
} else {
cv.addSuccess(fmt.Sprintf("No security capabilities added beyond %v list", severity))
cv.addFailure(fmt.Sprintf(messages.HasBadSecurityCapabilities, "ALL"), severity)
everythingOK = false
}
}
if len(confLists.IfAnyNotDropped) > 0 {
missingDrops := capDifference(confLists.IfAnyNotDropped, capabilities.Drop)
if len(missingDrops) > 0 && !capContains(capabilities.Drop, "ALL") {
capsString := commaSeparatedCapabilities(missingDrops)
cv.addFailure(fmt.Sprintf("Security capabilities not dropped from %v list: %v", severity, capsString), severity)
} else {
cv.addSuccess(fmt.Sprintf("Required security capabilities dropped from %v list", severity))
cv.addFailure(fmt.Sprintf(messages.SecurityCapabilitiesNotDropped, capsString), severity)
everythingOK = false
}
}
return everythingOK
}
func commaSeparatedCapabilities(caps []corev1.Capability) string {

90
pkg/validator/container_test.go
View File

@@ -89,22 +89,22 @@ func TestValidateResourcesEmptyContainer(t *testing.T) {
expectedWarnings := []*ResultMessage{
{
Type: "warning",
Message: "CPU Requests are not set",
Message: "CPU requests should be set",
},
{
Type: "warning",
Message: "Memory Requests are not set",
Message: "Memory requests should be set",
},
}
expectedErrors := []*ResultMessage{
{
Type: "error",
Message: "CPU Limits are not set",
Message: "CPU limits should be set",
},
{
Type: "error",
Message: "Memory Limits are not set",
Message: "Memory limits should be set",
},
}
@@ -133,22 +133,22 @@ func TestValidateResourcesPartiallyValid(t *testing.T) {
expectedWarnings := []*ResultMessage{
{
Type: "warning",
Message: "CPU Requests are too low",
Message: "CPU requests should be higher than 200m",
},
{
Type: "warning",
Message: "CPU Limits are too low",
Message: "CPU limits should be higher than 300m",
},
}
expectedErrors := []*ResultMessage{
{
Type: "error",
Message: "Memory Requests are too low",
Message: "Memory requests should be higher than 100M",
},
{
Type: "error",
Message: "Memory Limits are too low",
Message: "Memory limits should be higher than 200M",
},
}
@@ -235,8 +235,8 @@ func TestValidateHealthChecks(t *testing.T) {
},
}
l := &ResultMessage{Type: "warning", Message: "Liveness probe needs to be configured"}
r := &ResultMessage{Type: "error", Message: "Readiness probe needs to be configured"}
l := &ResultMessage{Type: "warning", Message: "Liveness probe should be configured"}
r := &ResultMessage{Type: "error", Message: "Readiness probe should be configured"}
f1 := []*ResultMessage{}
f2 := []*ResultMessage{r}
w1 := []*ResultMessage{l}
@@ -437,22 +437,19 @@ func TestValidateSecurity(t *testing.T) {
securityConf: standardConf,
cv: emptyCV,
expectedMessages: []*ResultMessage{{
Message: "Container is allowed to run as root",
Message: "Should not be running as root",
Type: "warning",
}, {
Message: "Container is not running with a read only filesystem",
Message: "Filesystem should be read only",
Type: "warning",
}, {
Message: "Container is not running as privileged",
Message: "Not running as privileged",
Type: "success",
}, {
Message: "Container does not allow privilege escalation",
Message: "Privilege escalation not allowed",
Type: "success",
}, {
Message: "No security capabilities added from error list",
Type: "success",
}, {
Message: "No security capabilities added beyond warning list",
Message: "Security capabilities are within the configured limits",
Type: "success",
}},
},
@@ -461,22 +458,22 @@ func TestValidateSecurity(t *testing.T) {
securityConf: standardConf,
cv: badCV,
expectedMessages: []*ResultMessage{{
Message: "Security capabilities added from error list: SYS_ADMIN, NET_ADMIN",
Message: "The following security capabilities should not be added: SYS_ADMIN, NET_ADMIN",
Type: "error",
}, {
Message: "Container allows privilege escalation",
Message: "Privilege escalation should not be allowed",
Type: "error",
}, {
Message: "Container is running as privileged",
Message: "Should not be running as privileged",
Type: "error",
}, {
Message: "Security capabilities added beyond warning list: AUDIT_CONTROL, SYS_ADMIN, NET_ADMIN",
Message: "The following security capabilities should not be added: AUDIT_CONTROL, SYS_ADMIN, NET_ADMIN",
Type: "warning",
}, {
Message: "Container is allowed to run as root",
Message: "Should not be running as root",
Type: "warning",
}, {
Message: "Container is not running with a read only filesystem",
Message: "Filesystem should be read only",
Type: "warning",
}},
},
@@ -485,22 +482,19 @@ func TestValidateSecurity(t *testing.T) {
securityConf: standardConf,
cv: goodCV,
expectedMessages: []*ResultMessage{{
Message: "Container is not allowed to run as root",
Message: "Not running as root",
Type: "success",
}, {
Message: "Container is running with a read only filesystem",
Message: "Filesystem is read only",
Type: "success",
}, {
Message: "Container is not running as privileged",
Message: "Not running as privileged",
Type: "success",
}, {
Message: "Container does not allow privilege escalation",
Message: "Privilege escalation not allowed",
Type: "success",
}, {
Message: "No security capabilities added from error list",
Type: "success",
}, {
Message: "No security capabilities added beyond warning list",
Message: "Security capabilities are within the configured limits",
Type: "success",
}},
},
@@ -509,25 +503,19 @@ func TestValidateSecurity(t *testing.T) {
securityConf: strongConf,
cv: goodCV,
expectedMessages: []*ResultMessage{{
Message: "Security capabilities not dropped from error list: DAC_OVERRIDE, SYS_CHROOT",
Message: "The following security capabilities should be dropped: DAC_OVERRIDE, SYS_CHROOT",
Type: "error",
}, {
Message: "Container is not allowed to run as root",
Message: "Not running as root",
Type: "success",
}, {
Message: "Container is running with a read only filesystem",
Message: "Filesystem is read only",
Type: "success",
}, {
Message: "Container is not running as privileged",
Message: "Not running as privileged",
Type: "success",
}, {
Message: "Container does not allow privilege escalation",
Type: "success",
}, {
Message: "No security capabilities added from error list",
Type: "success",
}, {
Message: "No security capabilities added beyond warning list",
Message: "Privilege escalation not allowed",
Type: "success",
}},
},
@@ -536,25 +524,19 @@ func TestValidateSecurity(t *testing.T) {
securityConf: strongConf,
cv: strongCV,
expectedMessages: []*ResultMessage{{
Message: "Container is not allowed to run as root",
Message: "Not running as root",
Type: "success",
}, {
Message: "Container is running with a read only filesystem",
Message: "Filesystem is read only",
Type: "success",
}, {
Message: "Container is not running as privileged",
Message: "Not running as privileged",
Type: "success",
}, {
Message: "Container does not allow privilege escalation",
Message: "Privilege escalation not allowed",
Type: "success",
}, {
Message: "No security capabilities added from error list",
Type: "success",
}, {
Message: "Required security capabilities dropped from error list",
Type: "success",
}, {
Message: "No security capabilities added beyond warning list",
Message: "Security capabilities are within the configured limits",
Type: "success",
}},
},

82
pkg/validator/messages/messages.go Normal file
View File

@@ -0,0 +1,82 @@
package messages
const (
// CPURequestsLabel label
CPURequestsLabel = "CPU requests"
// CPULimitsLabel label
CPULimitsLabel = "CPU limits"
// MemoryRequestsLabel label
MemoryRequestsLabel = "Memory requests"
// MemoryLimitsLabel label
MemoryLimitsLabel = "Memory limits"
// CPURequestsMissing message
CPURequestsMissing = "CPU requests should be set"
// CPULimitsMissing message
CPULimitsMissing = "CPU limits should be set"
// MemoryRequestsMissing message
MemoryRequestsMissing = "Memory requests should be set"
// MemoryLimitsMissing message
MemoryLimitsMissing = "Memory limits should be set"
// ResourceAmountTooHigh message
ResourceAmountTooHigh = "%s should be lower than %s"
// ResourceAmountTooLow message
ResourceAmountTooLow = "%s should be higher than %s"
// ResourceAmountCorrect message
ResourceAmountCorrect = "%s are within the expected range"
// ReadinessProbeNotConfigured message
ReadinessProbeNotConfigured = "Readiness probe should be configured"
// ReadinessProbeConfigured message
ReadinessProbeConfigured = "Readiness probe configured"
// LivenessProbeNotConfigured message
LivenessProbeNotConfigured = "Liveness probe should be configured"
// LivenessProbeConfigured message
LivenessProbeConfigured = "Liveness probe is configured"
// ImageTagNotSpecified message
ImageTagNotSpecified = "Image tag should be specified"
// ImageTagSpecified message
ImageTagSpecified = "Image tag is specified"
// HostPortSet message
HostPortSet = "Host port should not be configured"
// HostPortNotSet message
HostPortNotSet = "Host port is not configured"
// RunAsRootEnabled message
RunAsRootEnabled = "Should not be running as root"
// RunAsRootDisabled message
RunAsRootDisabled = "Not running as root"
// RunAsPrivilegedEnabled message
RunAsPrivilegedEnabled = "Should not be running as privileged"
// RunAsPrivilegedDisabled message
RunAsPrivilegedDisabled = "Not running as privileged"
// ReadOnlyFilesystem message
ReadOnlyFilesystem = "Filesystem is read only"
// WritableFilesystem message
WritableFilesystem = "Filesystem should be read only"
// PrivilegeEscalationAllowed message
PrivilegeEscalationAllowed = "Privilege escalation should not be allowed"
// PrivilegeEscalationDisallowed message
PrivilegeEscalationDisallowed = "Privilege escalation not allowed"
// HasBadSecurityCapabilities message
HasBadSecurityCapabilities = "The following security capabilities should not be added: %v"
// SecurityCapabilitiesOK message
SecurityCapabilitiesOK = "Security capabilities are within the configured limits"
// SecurityCapabilitiesNotDropped message
SecurityCapabilitiesNotDropped = "The following security capabilities should be dropped: %v"
// HostAliasConfigured message
HostAliasConfigured = "Host alias should not be configured"
// HostAliasNotConfigured message
HostAliasNotConfigured = "Host alias is not configured"
// HostIPCConfigured message
HostIPCConfigured = "Host IPC should not be configured"
// HostIPCNotConfigured message
HostIPCNotConfigured = "Host IPC is not configured"
// HostPIDConfigured message
HostPIDConfigured = "Host PID should not be configured"
// HostPIDNotConfigured message
HostPIDNotConfigured = "Host PID is not configured"
// HostNetworkConfigured message
HostNetworkConfigured = "Host network should not be configured"
// HostNetworkNotConfigured message
HostNetworkNotConfigured = "Host network is not configured"
)

17
pkg/validator/pod.go
View File

@@ -16,6 +16,7 @@ package validator
import (
conf "github.com/reactiveops/fairwinds/pkg/config"
"github.com/reactiveops/fairwinds/pkg/validator/messages"
corev1 "k8s.io/api/core/v1"
logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
)
@@ -87,9 +88,9 @@ func (pv *PodValidation) validateHostAlias(networkConf *conf.Networking) {
}
if hostAliasSet {
pv.addFailure("Host alias should is configured, but it shouldn't be", networkConf.HostAliasSet)
pv.addFailure(messages.HostAliasConfigured, networkConf.HostAliasSet)
} else {
pv.addSuccess("Host alias is not configured")
pv.addSuccess(messages.HostAliasNotConfigured)
}
}
}
@@ -97,9 +98,9 @@ func (pv *PodValidation) validateHostAlias(networkConf *conf.Networking) {
func (pv *PodValidation) validateHostIPC(networkConf *conf.Networking) {
if networkConf.HostIPCSet.IsActionable() {
if pv.Pod.HostIPC {
pv.addFailure("Host IPC is configured, but it shouldn't be", networkConf.HostIPCSet)
pv.addFailure(messages.HostIPCConfigured, networkConf.HostIPCSet)
} else {
pv.addSuccess("Host IPC is not configured")
pv.addSuccess(messages.HostIPCNotConfigured)
}
}
}
@@ -107,9 +108,9 @@ func (pv *PodValidation) validateHostIPC(networkConf *conf.Networking) {
func (pv *PodValidation) validateHostPID(networkConf *conf.Networking) {
if networkConf.HostPIDSet.IsActionable() {
if pv.Pod.HostPID {
pv.addFailure("Host PID is configured, but it shouldn't be", networkConf.HostPIDSet)
pv.addFailure(messages.HostPIDConfigured, networkConf.HostPIDSet)
} else {
pv.addSuccess("Host PID is not configured")
pv.addSuccess(messages.HostPIDNotConfigured)
}
}
}
@@ -117,9 +118,9 @@ func (pv *PodValidation) validateHostPID(networkConf *conf.Networking) {
func (pv *PodValidation) validateHostNetwork(networkConf *conf.Networking) {
if networkConf.HostNetworkSet.IsActionable() {
if pv.Pod.HostNetwork {
pv.addFailure("Host network is configured, but it shouldn't be", networkConf.HostNetworkSet)
pv.addFailure(messages.HostNetworkConfigured, networkConf.HostNetworkSet)
} else {
pv.addSuccess("Host network is not configured")
pv.addSuccess(messages.HostNetworkNotConfigured)
}
}
}