Commit 344dd908 authored by Thomas Gamble's avatar Thomas Gamble Committed by Thomas Gamble

Fix golint failures in pkg/securitycontext

parent b1fea1bd
...@@ -314,7 +314,6 @@ pkg/security/podsecuritypolicy/seccomp ...@@ -314,7 +314,6 @@ pkg/security/podsecuritypolicy/seccomp
pkg/security/podsecuritypolicy/selinux pkg/security/podsecuritypolicy/selinux
pkg/security/podsecuritypolicy/user pkg/security/podsecuritypolicy/user
pkg/security/podsecuritypolicy/util pkg/security/podsecuritypolicy/util
pkg/securitycontext
pkg/serviceaccount pkg/serviceaccount
pkg/ssh pkg/ssh
pkg/util/bandwidth pkg/util/bandwidth
......
...@@ -201,6 +201,7 @@ func (w *podSecurityContextWrapper) SetFSGroup(v *int64) { ...@@ -201,6 +201,7 @@ func (w *podSecurityContextWrapper) SetFSGroup(v *int64) {
w.podSC.FSGroup = v w.podSC.FSGroup = v
} }
// ContainerSecurityContextAccessor allows reading the values of a SecurityContext object
type ContainerSecurityContextAccessor interface { type ContainerSecurityContextAccessor interface {
Capabilities() *api.Capabilities Capabilities() *api.Capabilities
Privileged() *bool Privileged() *bool
...@@ -213,6 +214,7 @@ type ContainerSecurityContextAccessor interface { ...@@ -213,6 +214,7 @@ type ContainerSecurityContextAccessor interface {
AllowPrivilegeEscalation() *bool AllowPrivilegeEscalation() *bool
} }
// ContainerSecurityContextMutator allows reading and writing the values of a SecurityContext object
type ContainerSecurityContextMutator interface { type ContainerSecurityContextMutator interface {
ContainerSecurityContextAccessor ContainerSecurityContextAccessor
...@@ -228,10 +230,14 @@ type ContainerSecurityContextMutator interface { ...@@ -228,10 +230,14 @@ type ContainerSecurityContextMutator interface {
SetAllowPrivilegeEscalation(*bool) SetAllowPrivilegeEscalation(*bool)
} }
// NewContainerSecurityContextAccessor returns an accessor for the provided container security context
// May be initialized with a nil SecurityContext
func NewContainerSecurityContextAccessor(containerSC *api.SecurityContext) ContainerSecurityContextAccessor { func NewContainerSecurityContextAccessor(containerSC *api.SecurityContext) ContainerSecurityContextAccessor {
return &containerSecurityContextWrapper{containerSC: containerSC} return &containerSecurityContextWrapper{containerSC: containerSC}
} }
// NewContainerSecurityContextMutator returns a mutator for the provided container security context
// May be initialized with a nil SecurityContext
func NewContainerSecurityContextMutator(containerSC *api.SecurityContext) ContainerSecurityContextMutator { func NewContainerSecurityContextMutator(containerSC *api.SecurityContext) ContainerSecurityContextMutator {
return &containerSecurityContextWrapper{containerSC: containerSC} return &containerSecurityContextWrapper{containerSC: containerSC}
} }
...@@ -365,10 +371,14 @@ func (w *containerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) { ...@@ -365,10 +371,14 @@ func (w *containerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) {
w.containerSC.AllowPrivilegeEscalation = v w.containerSC.AllowPrivilegeEscalation = v
} }
// NewEffectiveContainerSecurityContextAccessor returns an accessor for reading effective values
// for the provided pod security context and container security context
func NewEffectiveContainerSecurityContextAccessor(podSC PodSecurityContextAccessor, containerSC ContainerSecurityContextMutator) ContainerSecurityContextAccessor { func NewEffectiveContainerSecurityContextAccessor(podSC PodSecurityContextAccessor, containerSC ContainerSecurityContextMutator) ContainerSecurityContextAccessor {
return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC} return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC}
} }
// NewEffectiveContainerSecurityContextMutator returns a mutator for reading and writing effective values
// for the provided pod security context and container security context
func NewEffectiveContainerSecurityContextMutator(podSC PodSecurityContextAccessor, containerSC ContainerSecurityContextMutator) ContainerSecurityContextMutator { func NewEffectiveContainerSecurityContextMutator(podSC PodSecurityContextAccessor, containerSC ContainerSecurityContextMutator) ContainerSecurityContextMutator {
return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC} return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC}
} }
......
...@@ -44,6 +44,9 @@ func HasCapabilitiesRequest(container *v1.Container) bool { ...@@ -44,6 +44,9 @@ func HasCapabilitiesRequest(container *v1.Container) bool {
return len(container.SecurityContext.Capabilities.Add) > 0 || len(container.SecurityContext.Capabilities.Drop) > 0 return len(container.SecurityContext.Capabilities.Add) > 0 || len(container.SecurityContext.Capabilities.Drop) > 0
} }
// DetermineEffectiveSecurityContext returns a synthesized SecurityContext for reading effective configurations
// from the provided pod's and container's security context. Container's fields take precedence in cases where both
// are set
func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext { func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext {
effectiveSc := securityContextFromPodSecurityContext(pod) effectiveSc := securityContextFromPodSecurityContext(pod)
containerSc := container.SecurityContext containerSc := container.SecurityContext
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment