Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
344dd908
Commit
344dd908
authored
Apr 20, 2019
by
Thomas Gamble
Committed by
Thomas Gamble
Apr 20, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix golint failures in pkg/securitycontext
parent
b1fea1bd
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
13 additions
and
1 deletion
+13
-1
.golint_failures
hack/.golint_failures
+0
-1
accessors.go
pkg/securitycontext/accessors.go
+10
-0
util.go
pkg/securitycontext/util.go
+3
-0
No files found.
hack/.golint_failures
View file @
344dd908
...
@@ -314,7 +314,6 @@ pkg/security/podsecuritypolicy/seccomp
...
@@ -314,7 +314,6 @@ pkg/security/podsecuritypolicy/seccomp
pkg/security/podsecuritypolicy/selinux
pkg/security/podsecuritypolicy/selinux
pkg/security/podsecuritypolicy/user
pkg/security/podsecuritypolicy/user
pkg/security/podsecuritypolicy/util
pkg/security/podsecuritypolicy/util
pkg/securitycontext
pkg/serviceaccount
pkg/serviceaccount
pkg/ssh
pkg/ssh
pkg/util/bandwidth
pkg/util/bandwidth
...
...
pkg/securitycontext/accessors.go
View file @
344dd908
...
@@ -201,6 +201,7 @@ func (w *podSecurityContextWrapper) SetFSGroup(v *int64) {
...
@@ -201,6 +201,7 @@ func (w *podSecurityContextWrapper) SetFSGroup(v *int64) {
w
.
podSC
.
FSGroup
=
v
w
.
podSC
.
FSGroup
=
v
}
}
// ContainerSecurityContextAccessor allows reading the values of a SecurityContext object
type
ContainerSecurityContextAccessor
interface
{
type
ContainerSecurityContextAccessor
interface
{
Capabilities
()
*
api
.
Capabilities
Capabilities
()
*
api
.
Capabilities
Privileged
()
*
bool
Privileged
()
*
bool
...
@@ -213,6 +214,7 @@ type ContainerSecurityContextAccessor interface {
...
@@ -213,6 +214,7 @@ type ContainerSecurityContextAccessor interface {
AllowPrivilegeEscalation
()
*
bool
AllowPrivilegeEscalation
()
*
bool
}
}
// ContainerSecurityContextMutator allows reading and writing the values of a SecurityContext object
type
ContainerSecurityContextMutator
interface
{
type
ContainerSecurityContextMutator
interface
{
ContainerSecurityContextAccessor
ContainerSecurityContextAccessor
...
@@ -228,10 +230,14 @@ type ContainerSecurityContextMutator interface {
...
@@ -228,10 +230,14 @@ type ContainerSecurityContextMutator interface {
SetAllowPrivilegeEscalation
(
*
bool
)
SetAllowPrivilegeEscalation
(
*
bool
)
}
}
// NewContainerSecurityContextAccessor returns an accessor for the provided container security context
// May be initialized with a nil SecurityContext
func
NewContainerSecurityContextAccessor
(
containerSC
*
api
.
SecurityContext
)
ContainerSecurityContextAccessor
{
func
NewContainerSecurityContextAccessor
(
containerSC
*
api
.
SecurityContext
)
ContainerSecurityContextAccessor
{
return
&
containerSecurityContextWrapper
{
containerSC
:
containerSC
}
return
&
containerSecurityContextWrapper
{
containerSC
:
containerSC
}
}
}
// NewContainerSecurityContextMutator returns a mutator for the provided container security context
// May be initialized with a nil SecurityContext
func
NewContainerSecurityContextMutator
(
containerSC
*
api
.
SecurityContext
)
ContainerSecurityContextMutator
{
func
NewContainerSecurityContextMutator
(
containerSC
*
api
.
SecurityContext
)
ContainerSecurityContextMutator
{
return
&
containerSecurityContextWrapper
{
containerSC
:
containerSC
}
return
&
containerSecurityContextWrapper
{
containerSC
:
containerSC
}
}
}
...
@@ -365,10 +371,14 @@ func (w *containerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) {
...
@@ -365,10 +371,14 @@ func (w *containerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) {
w
.
containerSC
.
AllowPrivilegeEscalation
=
v
w
.
containerSC
.
AllowPrivilegeEscalation
=
v
}
}
// NewEffectiveContainerSecurityContextAccessor returns an accessor for reading effective values
// for the provided pod security context and container security context
func
NewEffectiveContainerSecurityContextAccessor
(
podSC
PodSecurityContextAccessor
,
containerSC
ContainerSecurityContextMutator
)
ContainerSecurityContextAccessor
{
func
NewEffectiveContainerSecurityContextAccessor
(
podSC
PodSecurityContextAccessor
,
containerSC
ContainerSecurityContextMutator
)
ContainerSecurityContextAccessor
{
return
&
effectiveContainerSecurityContextWrapper
{
podSC
:
podSC
,
containerSC
:
containerSC
}
return
&
effectiveContainerSecurityContextWrapper
{
podSC
:
podSC
,
containerSC
:
containerSC
}
}
}
// NewEffectiveContainerSecurityContextMutator returns a mutator for reading and writing effective values
// for the provided pod security context and container security context
func
NewEffectiveContainerSecurityContextMutator
(
podSC
PodSecurityContextAccessor
,
containerSC
ContainerSecurityContextMutator
)
ContainerSecurityContextMutator
{
func
NewEffectiveContainerSecurityContextMutator
(
podSC
PodSecurityContextAccessor
,
containerSC
ContainerSecurityContextMutator
)
ContainerSecurityContextMutator
{
return
&
effectiveContainerSecurityContextWrapper
{
podSC
:
podSC
,
containerSC
:
containerSC
}
return
&
effectiveContainerSecurityContextWrapper
{
podSC
:
podSC
,
containerSC
:
containerSC
}
}
}
...
...
pkg/securitycontext/util.go
View file @
344dd908
...
@@ -44,6 +44,9 @@ func HasCapabilitiesRequest(container *v1.Container) bool {
...
@@ -44,6 +44,9 @@ func HasCapabilitiesRequest(container *v1.Container) bool {
return
len
(
container
.
SecurityContext
.
Capabilities
.
Add
)
>
0
||
len
(
container
.
SecurityContext
.
Capabilities
.
Drop
)
>
0
return
len
(
container
.
SecurityContext
.
Capabilities
.
Add
)
>
0
||
len
(
container
.
SecurityContext
.
Capabilities
.
Drop
)
>
0
}
}
// DetermineEffectiveSecurityContext returns a synthesized SecurityContext for reading effective configurations
// from the provided pod's and container's security context. Container's fields take precedence in cases where both
// are set
func
DetermineEffectiveSecurityContext
(
pod
*
v1
.
Pod
,
container
*
v1
.
Container
)
*
v1
.
SecurityContext
{
func
DetermineEffectiveSecurityContext
(
pod
*
v1
.
Pod
,
container
*
v1
.
Container
)
*
v1
.
SecurityContext
{
effectiveSc
:=
securityContextFromPodSecurityContext
(
pod
)
effectiveSc
:=
securityContextFromPodSecurityContext
(
pod
)
containerSc
:=
container
.
SecurityContext
containerSc
:=
container
.
SecurityContext
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment