func (v *validator) ValidateHost() error {
	return v.validateHostErr
}

// validateHost verifies that the host and runtime is capable of enforcing AppArmor profiles.
func validateHost() error {
	// Check feature-gates
	if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) {
		return errors.New("AppArmor disabled by feature-gate")
	}

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package apparmor

func init() {
	// If Kubernetes was not built for linux, apparmor is always disabled.
	isDisabledBuild = true

limitations under the License.
*/

package apparmor

import (
	"strings"

	v1 "k8s.io/api/core/v1"
	utilfeature "k8s.io/apiserver/pkg/util/feature"
	podutil "k8s.io/kubernetes/pkg/api/v1/pod"
	"k8s.io/kubernetes/pkg/features"
)

// Checks whether app armor is required for the pod to run. AppArmor is considered required if any
// non-unconfined profiles are specified.

// NewAppArmorAdmitHandler returns a PodAdmitHandler which is used to evaluate
// if a pod can be admitted from the perspective of AppArmor.
func NewAppArmorAdmitHandler(validator apparmor.Validator) PodAdmitHandler {
	return &appArmorAdmitHandler{
		Validator: validator,
	}
}

type appArmorAdmitHandler struct {
	apparmor.Validator
}

func (a *appArmorAdmitHandler) Admit(attrs *PodAdmitAttributes) PodAdmitResult {

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package apparmor

import (
	"testing"

	"github.com/stretchr/testify/assert"
	v1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/utils/ptr"
)

func TestGetProfile(t *testing.T) {

}

func getAppArmorProfile(pod *v1.Pod, container *v1.Container) (*runtimeapi.SecurityProfile, string, error) {
	profile := apparmor.GetProfile(pod, container)
	if profile == nil {
		return nil, "", nil
	}

	var (
		securityProfile   *runtimeapi.SecurityProfile
		deprecatedProfile string // Deprecated apparmor profile format, still provided for backwards compatibility with older runtimes.
	)

	switch profile.Type {

	// DeprecatedAppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile.
	// Deprecated: use a pod or container security context `appArmorProfile` field instead.
	DeprecatedAppArmorBetaContainerAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/"

	// DeprecatedAppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default.

	// DeprecatedAppArmorAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile.
	// Deprecated: use a pod or container security context `appArmorProfile` field instead.
	DeprecatedAppArmorAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/"

	// DeprecatedAppArmorAnnotationValueRuntimeDefault is the profile specifying the runtime default.

      - k8s.io/kubernetes/pkg/features
      - k8s.io/kubernetes/pkg/fieldpath
      - k8s.io/kubernetes/pkg/kubelet/types
      - k8s.io/kubernetes/pkg/kubelet/util/format
      - k8s.io/kubernetes/pkg/security/apparmor
      - k8s.io/kubernetes/pkg/securitycontext
      - k8s.io/kubernetes/pkg/util/hash
      - k8s.io/kubernetes/pkg/util/node
      - k8s.io/kubernetes/pkg/util/parsers
      - k8s.io/kubernetes/pkg/util/taints

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package apparmor

import (
	"errors"
	"fmt"
	"testing"

	v1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

	"github.com/stretchr/testify/assert"
)