Unverified Commit 71e00a6b authored by Kubernetes Submit Queue's avatar Kubernetes Submit Queue Committed by GitHub

Merge pull request #61608 from php-coder/psp_move_internal_types_to_policy

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. PSP: move internal types to policy API group **What this PR does / why we need it**: This is a part of the PSP migration from extensions to policy API group. This PR moves internal types to the its final destination. **Which issue(s) this PR fixes**: Addressed to https://github.com/kubernetes/features/issues/5
parents 4b26d70d 6767e233
......@@ -3,20 +3,12 @@ package(default_visibility = ["//visibility:public"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_library",
"go_test",
)
go_test(
name = "go_default_test",
srcs = ["helpers_test.go"],
embed = [":go_default_library"],
)
go_library(
name = "go_default_library",
srcs = [
"doc.go",
"helpers.go",
"register.go",
"types.go",
"zz_generated.deepcopy.go",
......@@ -26,6 +18,7 @@ go_library(
"//pkg/apis/autoscaling:go_default_library",
"//pkg/apis/core:go_default_library",
"//pkg/apis/networking:go_default_library",
"//pkg/apis/policy:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
......
......@@ -54,34 +54,6 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
j.RollingUpdate = &rollingUpdate
}
},
func(psp *extensions.PodSecurityPolicySpec, c fuzz.Continue) {
c.FuzzNoCustom(psp) // fuzz self without calling this function again
runAsUserRules := []extensions.RunAsUserStrategy{
extensions.RunAsUserStrategyMustRunAsNonRoot,
extensions.RunAsUserStrategyMustRunAs,
extensions.RunAsUserStrategyRunAsAny,
}
psp.RunAsUser.Rule = runAsUserRules[c.Rand.Intn(len(runAsUserRules))]
seLinuxRules := []extensions.SELinuxStrategy{
extensions.SELinuxStrategyMustRunAs,
extensions.SELinuxStrategyRunAsAny,
}
psp.SELinux.Rule = seLinuxRules[c.Rand.Intn(len(seLinuxRules))]
supplementalGroupsRules := []extensions.SupplementalGroupsStrategyType{
extensions.SupplementalGroupsStrategyRunAsAny,
extensions.SupplementalGroupsStrategyMustRunAs,
}
psp.SupplementalGroups.Rule = supplementalGroupsRules[c.Rand.Intn(len(supplementalGroupsRules))]
fsGroupRules := []extensions.FSGroupStrategyType{
extensions.FSGroupStrategyMustRunAs,
extensions.FSGroupStrategyRunAsAny,
}
psp.FSGroup.Rule = fsGroupRules[c.Rand.Intn(len(fsGroupRules))]
},
func(j *extensions.DaemonSetSpec, c fuzz.Continue) {
c.FuzzNoCustom(j) // fuzz self without calling this function again
rhl := int32(c.Rand.Int31())
......
......@@ -21,6 +21,7 @@ import (
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/kubernetes/pkg/apis/autoscaling"
"k8s.io/kubernetes/pkg/apis/networking"
"k8s.io/kubernetes/pkg/apis/policy"
)
// GroupName is the group name use in this package
......@@ -58,8 +59,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&IngressList{},
&ReplicaSet{},
&ReplicaSetList{},
&PodSecurityPolicy{},
&PodSecurityPolicyList{},
&policy.PodSecurityPolicy{},
&policy.PodSecurityPolicyList{},
&autoscaling.Scale{},
&networking.NetworkPolicy{},
&networking.NetworkPolicyList{},
......
......@@ -23,6 +23,7 @@ go_library(
"//pkg/apis/core/v1:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/networking:go_default_library",
"//pkg/apis/policy:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/api/extensions/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
......
......@@ -61,7 +61,6 @@ func addConversionFuncs(scheme *runtime.Scheme) error {
Convert_networking_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort,
Convert_v1beta1_NetworkPolicySpec_To_networking_NetworkPolicySpec,
Convert_networking_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec,
Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec,
Convert_v1beta1_IPBlock_To_networking_IPBlock,
Convert_networking_IPBlock_To_v1beta1_IPBlock,
Convert_networking_NetworkPolicyEgressRule_To_v1beta1_NetworkPolicyEgressRule,
......@@ -503,7 +502,3 @@ func Convert_networking_NetworkPolicyList_To_v1beta1_NetworkPolicyList(in *netwo
}
return nil
}
func Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *extensions.PodSecurityPolicySpec, out *extensionsv1beta1.PodSecurityPolicySpec, s conversion.Scope) error {
return autoConvert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in, out, s)
}
......@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/policy
// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/extensions
// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/autoscaling
// +k8s:conversion-gen-external-types=k8s.io/api/extensions/v1beta1
......
......@@ -14,15 +14,11 @@ go_library(
"//pkg/apis/core:go_default_library",
"//pkg/apis/core/validation:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/security/apparmor:go_default_library",
"//pkg/security/podsecuritypolicy/seccomp:go_default_library",
"//pkg/security/podsecuritypolicy/util:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/equality:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1/validation:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/labels:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
],
......@@ -35,9 +31,6 @@ go_test(
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/security/apparmor:go_default_library",
"//pkg/security/podsecuritypolicy/seccomp:go_default_library",
"//pkg/security/podsecuritypolicy/util:go_default_library",
"//vendor/github.com/davecgh/go-spew/spew:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
......
......@@ -3,19 +3,21 @@ package(default_visibility = ["//visibility:public"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_library",
"go_test",
)
go_library(
name = "go_default_library",
srcs = [
"doc.go",
"helpers.go",
"register.go",
"types.go",
"zz_generated.deepcopy.go",
],
importpath = "k8s.io/kubernetes/pkg/apis/policy",
deps = [
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/core:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
......@@ -41,3 +43,9 @@ filegroup(
],
tags = ["automanaged"],
)
go_test(
name = "go_default_test",
srcs = ["helpers_test.go"],
embed = [":go_default_library"],
)
......@@ -30,5 +30,33 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
c.FuzzNoCustom(s) // fuzz self without calling this function again
s.PodDisruptionsAllowed = int32(c.Rand.Intn(2))
},
func(psp *policy.PodSecurityPolicySpec, c fuzz.Continue) {
c.FuzzNoCustom(psp) // fuzz self without calling this function again
runAsUserRules := []policy.RunAsUserStrategy{
policy.RunAsUserStrategyMustRunAsNonRoot,
policy.RunAsUserStrategyMustRunAs,
policy.RunAsUserStrategyRunAsAny,
}
psp.RunAsUser.Rule = runAsUserRules[c.Rand.Intn(len(runAsUserRules))]
seLinuxRules := []policy.SELinuxStrategy{
policy.SELinuxStrategyMustRunAs,
policy.SELinuxStrategyRunAsAny,
}
psp.SELinux.Rule = seLinuxRules[c.Rand.Intn(len(seLinuxRules))]
supplementalGroupsRules := []policy.SupplementalGroupsStrategyType{
policy.SupplementalGroupsStrategyRunAsAny,
policy.SupplementalGroupsStrategyMustRunAs,
}
psp.SupplementalGroups.Rule = supplementalGroupsRules[c.Rand.Intn(len(supplementalGroupsRules))]
fsGroupRules := []policy.FSGroupStrategyType{
policy.FSGroupStrategyMustRunAs,
policy.FSGroupStrategyRunAsAny,
}
psp.FSGroup.Rule = fsGroupRules[c.Rand.Intn(len(fsGroupRules))]
},
}
}
......@@ -14,14 +14,14 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
package extensions
package policy
import (
"strings"
)
// SysctlsFromPodSecurityPolicyAnnotation parses an annotation value of the key
// SysctlsSecurityPolocyAnnotationKey into a slice of sysctls. An empty slice
// SysctlsSecurityPolicyAnnotationKey into a slice of sysctls. An empty slice
// is returned if annotation is the empty string.
func SysctlsFromPodSecurityPolicyAnnotation(annotation string) ([]string, error) {
if len(annotation) == 0 {
......
......@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
package extensions
package policy
import (
"reflect"
......
......@@ -19,7 +19,6 @@ package policy
import (
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/kubernetes/pkg/apis/extensions"
)
// GroupName is the group name use in this package
......@@ -49,8 +48,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&PodDisruptionBudget{},
&PodDisruptionBudgetList{},
&extensions.PodSecurityPolicy{},
&extensions.PodSecurityPolicyList{},
&PodSecurityPolicy{},
&PodSecurityPolicyList{},
&Eviction{},
)
return nil
......
......@@ -17,7 +17,6 @@ go_library(
importpath = "k8s.io/kubernetes/pkg/apis/policy/v1beta1",
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/api/policy/v1beta1:go_default_library",
......
......@@ -15,7 +15,6 @@ limitations under the License.
*/
// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/policy
// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/extensions
// +k8s:conversion-gen-external-types=k8s.io/api/policy/v1beta1
// +k8s:defaulter-gen=TypeMeta
// +k8s:defaulter-gen-input=../../../../vendor/k8s.io/api/policy/v1beta1
......
......@@ -11,10 +11,15 @@ go_library(
srcs = ["validation.go"],
importpath = "k8s.io/kubernetes/pkg/apis/policy/validation",
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/core/validation:go_default_library",
"//pkg/apis/extensions/validation:go_default_library",
"//pkg/apis/policy:go_default_library",
"//pkg/security/apparmor:go_default_library",
"//pkg/security/podsecuritypolicy/seccomp:go_default_library",
"//pkg/security/podsecuritypolicy/util:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1/validation:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
],
)
......@@ -24,7 +29,12 @@ go_test(
srcs = ["validation_test.go"],
embed = [":go_default_library"],
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/policy:go_default_library",
"//pkg/security/apparmor:go_default_library",
"//pkg/security/podsecuritypolicy/seccomp:go_default_library",
"//pkg/security/podsecuritypolicy/util:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
],
......
......@@ -24,9 +24,42 @@ import (
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
intstr "k8s.io/apimachinery/pkg/util/intstr"
core "k8s.io/kubernetes/pkg/apis/core"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AllowedFlexVolume) DeepCopyInto(out *AllowedFlexVolume) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedFlexVolume.
func (in *AllowedFlexVolume) DeepCopy() *AllowedFlexVolume {
if in == nil {
return nil
}
out := new(AllowedFlexVolume)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AllowedHostPath) DeepCopyInto(out *AllowedHostPath) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedHostPath.
func (in *AllowedHostPath) DeepCopy() *AllowedHostPath {
if in == nil {
return nil
}
out := new(AllowedHostPath)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Eviction) DeepCopyInto(out *Eviction) {
*out = *in
out.TypeMeta = in.TypeMeta
......@@ -62,6 +95,59 @@ func (in *Eviction) DeepCopyObject() runtime.Object {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions) {
*out = *in
if in.Ranges != nil {
in, out := &in.Ranges, &out.Ranges
*out = make([]GroupIDRange, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FSGroupStrategyOptions.
func (in *FSGroupStrategyOptions) DeepCopy() *FSGroupStrategyOptions {
if in == nil {
return nil
}
out := new(FSGroupStrategyOptions)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GroupIDRange) DeepCopyInto(out *GroupIDRange) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupIDRange.
func (in *GroupIDRange) DeepCopy() *GroupIDRange {
if in == nil {
return nil
}
out := new(GroupIDRange)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HostPortRange) DeepCopyInto(out *HostPortRange) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPortRange.
func (in *HostPortRange) DeepCopy() *HostPortRange {
if in == nil {
return nil
}
out := new(HostPortRange)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodDisruptionBudget) DeepCopyInto(out *PodDisruptionBudget) {
*out = *in
out.TypeMeta = in.TypeMeta
......@@ -187,3 +273,210 @@ func (in *PodDisruptionBudgetStatus) DeepCopy() *PodDisruptionBudgetStatus {
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodSecurityPolicy) DeepCopyInto(out *PodSecurityPolicy) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicy.
func (in *PodSecurityPolicy) DeepCopy() *PodSecurityPolicy {
if in == nil {
return nil
}
out := new(PodSecurityPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *PodSecurityPolicy) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodSecurityPolicyList) DeepCopyInto(out *PodSecurityPolicyList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]PodSecurityPolicy, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyList.
func (in *PodSecurityPolicyList) DeepCopy() *PodSecurityPolicyList {
if in == nil {
return nil
}
out := new(PodSecurityPolicyList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *PodSecurityPolicyList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec) {
*out = *in
if in.DefaultAddCapabilities != nil {
in, out := &in.DefaultAddCapabilities, &out.DefaultAddCapabilities
*out = make([]core.Capability, len(*in))
copy(*out, *in)
}
if in.RequiredDropCapabilities != nil {
in, out := &in.RequiredDropCapabilities, &out.RequiredDropCapabilities
*out = make([]core.Capability, len(*in))
copy(*out, *in)
}
if in.AllowedCapabilities != nil {
in, out := &in.AllowedCapabilities, &out.AllowedCapabilities
*out = make([]core.Capability, len(*in))
copy(*out, *in)
}
if in.Volumes != nil {
in, out := &in.Volumes, &out.Volumes
*out = make([]FSType, len(*in))
copy(*out, *in)
}
if in.HostPorts != nil {
in, out := &in.HostPorts, &out.HostPorts
*out = make([]HostPortRange, len(*in))
copy(*out, *in)
}
in.SELinux.DeepCopyInto(&out.SELinux)
in.RunAsUser.DeepCopyInto(&out.RunAsUser)
in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups)
in.FSGroup.DeepCopyInto(&out.FSGroup)
if in.DefaultAllowPrivilegeEscalation != nil {
in, out := &in.DefaultAllowPrivilegeEscalation, &out.DefaultAllowPrivilegeEscalation
if *in == nil {
*out = nil
} else {
*out = new(bool)
**out = **in
}
}
if in.AllowedHostPaths != nil {
in, out := &in.AllowedHostPaths, &out.AllowedHostPaths
*out = make([]AllowedHostPath, len(*in))
copy(*out, *in)
}
if in.AllowedFlexVolumes != nil {
in, out := &in.AllowedFlexVolumes, &out.AllowedFlexVolumes
*out = make([]AllowedFlexVolume, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySpec.
func (in *PodSecurityPolicySpec) DeepCopy() *PodSecurityPolicySpec {
if in == nil {
return nil
}
out := new(PodSecurityPolicySpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions) {
*out = *in
if in.Ranges != nil {
in, out := &in.Ranges, &out.Ranges
*out = make([]UserIDRange, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsUserStrategyOptions.
func (in *RunAsUserStrategyOptions) DeepCopy() *RunAsUserStrategyOptions {
if in == nil {
return nil
}
out := new(RunAsUserStrategyOptions)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SELinuxStrategyOptions) DeepCopyInto(out *SELinuxStrategyOptions) {
*out = *in
if in.SELinuxOptions != nil {
in, out := &in.SELinuxOptions, &out.SELinuxOptions
if *in == nil {
*out = nil
} else {
*out = new(core.SELinuxOptions)
**out = **in
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxStrategyOptions.
func (in *SELinuxStrategyOptions) DeepCopy() *SELinuxStrategyOptions {
if in == nil {
return nil
}
out := new(SELinuxStrategyOptions)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SupplementalGroupsStrategyOptions) DeepCopyInto(out *SupplementalGroupsStrategyOptions) {
*out = *in
if in.Ranges != nil {
in, out := &in.Ranges, &out.Ranges
*out = make([]GroupIDRange, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SupplementalGroupsStrategyOptions.
func (in *SupplementalGroupsStrategyOptions) DeepCopy() *SupplementalGroupsStrategyOptions {
if in == nil {
return nil
}
out := new(SupplementalGroupsStrategyOptions)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *UserIDRange) DeepCopyInto(out *UserIDRange) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserIDRange.
func (in *UserIDRange) DeepCopy() *UserIDRange {
if in == nil {
return nil
}
out := new(UserIDRange)
in.DeepCopyInto(out)
return out
}
......@@ -15,7 +15,6 @@ go_library(
"extensions_client.go",
"generated_expansion.go",
"ingress.go",
"podsecuritypolicy.go",
"replicaset.go",
],
importpath = "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion",
......
......@@ -28,7 +28,6 @@ type ExtensionsInterface interface {
DaemonSetsGetter
DeploymentsGetter
IngressesGetter
PodSecurityPoliciesGetter
ReplicaSetsGetter
}
......@@ -49,10 +48,6 @@ func (c *ExtensionsClient) Ingresses(namespace string) IngressInterface {
return newIngresses(c, namespace)
}
func (c *ExtensionsClient) PodSecurityPolicies() PodSecurityPolicyInterface {
return newPodSecurityPolicies(c)
}
func (c *ExtensionsClient) ReplicaSets(namespace string) ReplicaSetInterface {
return newReplicaSets(c, namespace)
}
......
......@@ -14,7 +14,6 @@ go_library(
"fake_deployment_expansion.go",
"fake_extensions_client.go",
"fake_ingress.go",
"fake_podsecuritypolicy.go",
"fake_replicaset.go",
],
importpath = "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake",
......
......@@ -40,10 +40,6 @@ func (c *FakeExtensions) Ingresses(namespace string) internalversion.IngressInte
return &FakeIngresses{c, namespace}
}
func (c *FakeExtensions) PodSecurityPolicies() internalversion.PodSecurityPolicyInterface {
return &FakePodSecurityPolicies{c}
}
func (c *FakeExtensions) ReplicaSets(namespace string) internalversion.ReplicaSetInterface {
return &FakeReplicaSets{c, namespace}
}
......
......@@ -22,6 +22,4 @@ type DaemonSetExpansion interface{}
type IngressExpansion interface{}
type PodSecurityPolicyExpansion interface{}
type ReplicaSetExpansion interface{}
......@@ -13,6 +13,7 @@ go_library(
"eviction_expansion.go",
"generated_expansion.go",
"poddisruptionbudget.go",
"podsecuritypolicy.go",
"policy_client.go",
],
importpath = "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/policy/internalversion",
......
......@@ -12,6 +12,7 @@ go_library(
"fake_eviction.go",
"fake_eviction_expansion.go",
"fake_poddisruptionbudget.go",
"fake_podsecuritypolicy.go",
"fake_policy_client.go",
],
importpath = "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/policy/internalversion/fake",
......
......@@ -25,32 +25,32 @@ import (
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
extensions "k8s.io/kubernetes/pkg/apis/extensions"
policy "k8s.io/kubernetes/pkg/apis/policy"
)
// FakePodSecurityPolicies implements PodSecurityPolicyInterface
type FakePodSecurityPolicies struct {
Fake *FakeExtensions
Fake *FakePolicy
}
var podsecuritypoliciesResource = schema.GroupVersionResource{Group: "extensions", Version: "", Resource: "podsecuritypolicies"}
var podsecuritypoliciesResource = schema.GroupVersionResource{Group: "policy", Version: "", Resource: "podsecuritypolicies"}
var podsecuritypoliciesKind = schema.GroupVersionKind{Group: "extensions", Version: "", Kind: "PodSecurityPolicy"}
var podsecuritypoliciesKind = schema.GroupVersionKind{Group: "policy", Version: "", Kind: "PodSecurityPolicy"}
// Get takes name of the podSecurityPolicy, and returns the corresponding podSecurityPolicy object, and an error if there is any.
func (c *FakePodSecurityPolicies) Get(name string, options v1.GetOptions) (result *extensions.PodSecurityPolicy, err error) {
func (c *FakePodSecurityPolicies) Get(name string, options v1.GetOptions) (result *policy.PodSecurityPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(podsecuritypoliciesResource, name), &extensions.PodSecurityPolicy{})
Invokes(testing.NewRootGetAction(podsecuritypoliciesResource, name), &policy.PodSecurityPolicy{})
if obj == nil {
return nil, err
}
return obj.(*extensions.PodSecurityPolicy), err
return obj.(*policy.PodSecurityPolicy), err
}
// List takes label and field selectors, and returns the list of PodSecurityPolicies that match those selectors.
func (c *FakePodSecurityPolicies) List(opts v1.ListOptions) (result *extensions.PodSecurityPolicyList, err error) {
func (c *FakePodSecurityPolicies) List(opts v1.ListOptions) (result *policy.PodSecurityPolicyList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(podsecuritypoliciesResource, podsecuritypoliciesKind, opts), &extensions.PodSecurityPolicyList{})
Invokes(testing.NewRootListAction(podsecuritypoliciesResource, podsecuritypoliciesKind, opts), &policy.PodSecurityPolicyList{})
if obj == nil {
return nil, err
}
......@@ -59,8 +59,8 @@ func (c *FakePodSecurityPolicies) List(opts v1.ListOptions) (result *extensions.
if label == nil {
label = labels.Everything()
}
list := &extensions.PodSecurityPolicyList{}
for _, item := range obj.(*extensions.PodSecurityPolicyList).Items {
list := &policy.PodSecurityPolicyList{}
for _, item := range obj.(*policy.PodSecurityPolicyList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
......@@ -75,29 +75,29 @@ func (c *FakePodSecurityPolicies) Watch(opts v1.ListOptions) (watch.Interface, e
}
// Create takes the representation of a podSecurityPolicy and creates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
func (c *FakePodSecurityPolicies) Create(podSecurityPolicy *extensions.PodSecurityPolicy) (result *extensions.PodSecurityPolicy, err error) {
func (c *FakePodSecurityPolicies) Create(podSecurityPolicy *policy.PodSecurityPolicy) (result *policy.PodSecurityPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(podsecuritypoliciesResource, podSecurityPolicy), &extensions.PodSecurityPolicy{})
Invokes(testing.NewRootCreateAction(podsecuritypoliciesResource, podSecurityPolicy), &policy.PodSecurityPolicy{})
if obj == nil {
return nil, err
}
return obj.(*extensions.PodSecurityPolicy), err
return obj.(*policy.PodSecurityPolicy), err
}
// Update takes the representation of a podSecurityPolicy and updates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
func (c *FakePodSecurityPolicies) Update(podSecurityPolicy *extensions.PodSecurityPolicy) (result *extensions.PodSecurityPolicy, err error) {
func (c *FakePodSecurityPolicies) Update(podSecurityPolicy *policy.PodSecurityPolicy) (result *policy.PodSecurityPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(podsecuritypoliciesResource, podSecurityPolicy), &extensions.PodSecurityPolicy{})
Invokes(testing.NewRootUpdateAction(podsecuritypoliciesResource, podSecurityPolicy), &policy.PodSecurityPolicy{})
if obj == nil {
return nil, err
}
return obj.(*extensions.PodSecurityPolicy), err
return obj.(*policy.PodSecurityPolicy), err
}
// Delete takes name of the podSecurityPolicy and deletes it. Returns an error if one occurs.
func (c *FakePodSecurityPolicies) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(podsecuritypoliciesResource, name), &extensions.PodSecurityPolicy{})
Invokes(testing.NewRootDeleteAction(podsecuritypoliciesResource, name), &policy.PodSecurityPolicy{})
return err
}
......@@ -105,16 +105,16 @@ func (c *FakePodSecurityPolicies) Delete(name string, options *v1.DeleteOptions)
func (c *FakePodSecurityPolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(podsecuritypoliciesResource, listOptions)
_, err := c.Fake.Invokes(action, &extensions.PodSecurityPolicyList{})
_, err := c.Fake.Invokes(action, &policy.PodSecurityPolicyList{})
return err
}
// Patch applies the patch and returns the patched podSecurityPolicy.
func (c *FakePodSecurityPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *extensions.PodSecurityPolicy, err error) {
func (c *FakePodSecurityPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *policy.PodSecurityPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(podsecuritypoliciesResource, name, data, subresources...), &extensions.PodSecurityPolicy{})
Invokes(testing.NewRootPatchSubresourceAction(podsecuritypoliciesResource, name, data, subresources...), &policy.PodSecurityPolicy{})
if obj == nil {
return nil, err
}
return obj.(*extensions.PodSecurityPolicy), err
return obj.(*policy.PodSecurityPolicy), err
}
......@@ -36,6 +36,10 @@ func (c *FakePolicy) PodDisruptionBudgets(namespace string) internalversion.PodD
return &FakePodDisruptionBudgets{c, namespace}
}
func (c *FakePolicy) PodSecurityPolicies() internalversion.PodSecurityPolicyInterface {
return &FakePodSecurityPolicies{c}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakePolicy) RESTClient() rest.Interface {
......
......@@ -19,3 +19,5 @@ limitations under the License.
package internalversion
type PodDisruptionBudgetExpansion interface{}
type PodSecurityPolicyExpansion interface{}
......@@ -23,7 +23,7 @@ import (
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
extensions "k8s.io/kubernetes/pkg/apis/extensions"
policy "k8s.io/kubernetes/pkg/apis/policy"
scheme "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/scheme"
)
......@@ -35,14 +35,14 @@ type PodSecurityPoliciesGetter interface {
// PodSecurityPolicyInterface has methods to work with PodSecurityPolicy resources.
type PodSecurityPolicyInterface interface {
Create(*extensions.PodSecurityPolicy) (*extensions.PodSecurityPolicy, error)
Update(*extensions.PodSecurityPolicy) (*extensions.PodSecurityPolicy, error)
Create(*policy.PodSecurityPolicy) (*policy.PodSecurityPolicy, error)
Update(*policy.PodSecurityPolicy) (*policy.PodSecurityPolicy, error)
Delete(name string, options *v1.DeleteOptions) error
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
Get(name string, options v1.GetOptions) (*extensions.PodSecurityPolicy, error)
List(opts v1.ListOptions) (*extensions.PodSecurityPolicyList, error)
Get(name string, options v1.GetOptions) (*policy.PodSecurityPolicy, error)
List(opts v1.ListOptions) (*policy.PodSecurityPolicyList, error)
Watch(opts v1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *extensions.PodSecurityPolicy, err error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *policy.PodSecurityPolicy, err error)
PodSecurityPolicyExpansion
}
......@@ -52,15 +52,15 @@ type podSecurityPolicies struct {
}
// newPodSecurityPolicies returns a PodSecurityPolicies
func newPodSecurityPolicies(c *ExtensionsClient) *podSecurityPolicies {
func newPodSecurityPolicies(c *PolicyClient) *podSecurityPolicies {
return &podSecurityPolicies{
client: c.RESTClient(),
}
}
// Get takes name of the podSecurityPolicy, and returns the corresponding podSecurityPolicy object, and an error if there is any.
func (c *podSecurityPolicies) Get(name string, options v1.GetOptions) (result *extensions.PodSecurityPolicy, err error) {
result = &extensions.PodSecurityPolicy{}
func (c *podSecurityPolicies) Get(name string, options v1.GetOptions) (result *policy.PodSecurityPolicy, err error) {
result = &policy.PodSecurityPolicy{}
err = c.client.Get().
Resource("podsecuritypolicies").
Name(name).
......@@ -71,8 +71,8 @@ func (c *podSecurityPolicies) Get(name string, options v1.GetOptions) (result *e
}
// List takes label and field selectors, and returns the list of PodSecurityPolicies that match those selectors.
func (c *podSecurityPolicies) List(opts v1.ListOptions) (result *extensions.PodSecurityPolicyList, err error) {
result = &extensions.PodSecurityPolicyList{}
func (c *podSecurityPolicies) List(opts v1.ListOptions) (result *policy.PodSecurityPolicyList, err error) {
result = &policy.PodSecurityPolicyList{}
err = c.client.Get().
Resource("podsecuritypolicies").
VersionedParams(&opts, scheme.ParameterCodec).
......@@ -91,8 +91,8 @@ func (c *podSecurityPolicies) Watch(opts v1.ListOptions) (watch.Interface, error
}
// Create takes the representation of a podSecurityPolicy and creates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
func (c *podSecurityPolicies) Create(podSecurityPolicy *extensions.PodSecurityPolicy) (result *extensions.PodSecurityPolicy, err error) {
result = &extensions.PodSecurityPolicy{}
func (c *podSecurityPolicies) Create(podSecurityPolicy *policy.PodSecurityPolicy) (result *policy.PodSecurityPolicy, err error) {
result = &policy.PodSecurityPolicy{}
err = c.client.Post().
Resource("podsecuritypolicies").
Body(podSecurityPolicy).
......@@ -102,8 +102,8 @@ func (c *podSecurityPolicies) Create(podSecurityPolicy *extensions.PodSecurityPo
}
// Update takes the representation of a podSecurityPolicy and updates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
func (c *podSecurityPolicies) Update(podSecurityPolicy *extensions.PodSecurityPolicy) (result *extensions.PodSecurityPolicy, err error) {
result = &extensions.PodSecurityPolicy{}
func (c *podSecurityPolicies) Update(podSecurityPolicy *policy.PodSecurityPolicy) (result *policy.PodSecurityPolicy, err error) {
result = &policy.PodSecurityPolicy{}
err = c.client.Put().
Resource("podsecuritypolicies").
Name(podSecurityPolicy.Name).
......@@ -134,8 +134,8 @@ func (c *podSecurityPolicies) DeleteCollection(options *v1.DeleteOptions, listOp
}
// Patch applies the patch and returns the patched podSecurityPolicy.
func (c *podSecurityPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *extensions.PodSecurityPolicy, err error) {
result = &extensions.PodSecurityPolicy{}
func (c *podSecurityPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *policy.PodSecurityPolicy, err error) {
result = &policy.PodSecurityPolicy{}
err = c.client.Patch(pt).
Resource("podsecuritypolicies").
SubResource(subresources...).
......
......@@ -27,6 +27,7 @@ type PolicyInterface interface {
RESTClient() rest.Interface
EvictionsGetter
PodDisruptionBudgetsGetter
PodSecurityPoliciesGetter
}
// PolicyClient is used to interact with features provided by the policy group.
......@@ -42,6 +43,10 @@ func (c *PolicyClient) PodDisruptionBudgets(namespace string) PodDisruptionBudge
return newPodDisruptionBudgets(c, namespace)
}
func (c *PolicyClient) PodSecurityPolicies() PodSecurityPolicyInterface {
return newPodSecurityPolicies(c)
}
// NewForConfig creates a new PolicyClient for the given config.
func NewForConfig(c *rest.Config) (*PolicyClient, error) {
config := *c
......
......@@ -12,7 +12,6 @@ go_library(
"deployment.go",
"ingress.go",
"interface.go",
"podsecuritypolicy.go",
"replicaset.go",
],
importpath = "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/extensions/internalversion",
......
......@@ -30,8 +30,6 @@ type Interface interface {
Deployments() DeploymentInformer
// Ingresses returns a IngressInformer.
Ingresses() IngressInformer
// PodSecurityPolicies returns a PodSecurityPolicyInformer.
PodSecurityPolicies() PodSecurityPolicyInformer
// ReplicaSets returns a ReplicaSetInformer.
ReplicaSets() ReplicaSetInformer
}
......@@ -62,11 +60,6 @@ func (v *version) Ingresses() IngressInformer {
return &ingressInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}
// PodSecurityPolicies returns a PodSecurityPolicyInformer.
func (v *version) PodSecurityPolicies() PodSecurityPolicyInformer {
return &podSecurityPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
// ReplicaSets returns a ReplicaSetInformer.
func (v *version) ReplicaSets() ReplicaSetInformer {
return &replicaSetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
......
......@@ -133,8 +133,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().InternalVersion().Deployments().Informer()}, nil
case extensions.SchemeGroupVersion.WithResource("ingresses"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().InternalVersion().Ingresses().Informer()}, nil
case extensions.SchemeGroupVersion.WithResource("podsecuritypolicies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().InternalVersion().PodSecurityPolicies().Informer()}, nil
case extensions.SchemeGroupVersion.WithResource("replicasets"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().InternalVersion().ReplicaSets().Informer()}, nil
......@@ -145,6 +143,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
// Group=policy, Version=internalVersion
case policy.SchemeGroupVersion.WithResource("poddisruptionbudgets"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().InternalVersion().PodDisruptionBudgets().Informer()}, nil
case policy.SchemeGroupVersion.WithResource("podsecuritypolicies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().InternalVersion().PodSecurityPolicies().Informer()}, nil
// Group=rbac.authorization.k8s.io, Version=internalVersion
case rbac.SchemeGroupVersion.WithResource("clusterroles"):
......
......@@ -10,6 +10,7 @@ go_library(
srcs = [
"interface.go",
"poddisruptionbudget.go",
"podsecuritypolicy.go",
],
importpath = "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/policy/internalversion",
deps = [
......
......@@ -26,6 +26,8 @@ import (
type Interface interface {
// PodDisruptionBudgets returns a PodDisruptionBudgetInformer.
PodDisruptionBudgets() PodDisruptionBudgetInformer
// PodSecurityPolicies returns a PodSecurityPolicyInformer.
PodSecurityPolicies() PodSecurityPolicyInformer
}
type version struct {
......@@ -43,3 +45,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
func (v *version) PodDisruptionBudgets() PodDisruptionBudgetInformer {
return &podDisruptionBudgetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}
// PodSecurityPolicies returns a PodSecurityPolicyInformer.
func (v *version) PodSecurityPolicies() PodSecurityPolicyInformer {
return &podSecurityPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
......@@ -25,10 +25,10 @@ import (
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
extensions "k8s.io/kubernetes/pkg/apis/extensions"
policy "k8s.io/kubernetes/pkg/apis/policy"
internalclientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
internalinterfaces "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/internalinterfaces"
internalversion "k8s.io/kubernetes/pkg/client/listers/extensions/internalversion"
internalversion "k8s.io/kubernetes/pkg/client/listers/policy/internalversion"
)
// PodSecurityPolicyInformer provides access to a shared informer and lister for
......@@ -60,16 +60,16 @@ func NewFilteredPodSecurityPolicyInformer(client internalclientset.Interface, re
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.Extensions().PodSecurityPolicies().List(options)
return client.Policy().PodSecurityPolicies().List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.Extensions().PodSecurityPolicies().Watch(options)
return client.Policy().PodSecurityPolicies().Watch(options)
},
},
&extensions.PodSecurityPolicy{},
&policy.PodSecurityPolicy{},
resyncPeriod,
indexers,
)
......@@ -80,7 +80,7 @@ func (f *podSecurityPolicyInformer) defaultInformer(client internalclientset.Int
}
func (f *podSecurityPolicyInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&extensions.PodSecurityPolicy{}, f.defaultInformer)
return f.factory.InformerFor(&policy.PodSecurityPolicy{}, f.defaultInformer)
}
func (f *podSecurityPolicyInformer) Lister() internalversion.PodSecurityPolicyLister {
......
......@@ -15,7 +15,6 @@ go_library(
"deployment_expansion.go",
"expansion_generated.go",
"ingress.go",
"podsecuritypolicy.go",
"replicaset.go",
"replicaset_expansion.go",
],
......
......@@ -25,7 +25,3 @@ type IngressListerExpansion interface{}
// IngressNamespaceListerExpansion allows custom methods to be added to
// IngressNamespaceLister.
type IngressNamespaceListerExpansion interface{}
// PodSecurityPolicyListerExpansion allows custom methods to be added to
// PodSecurityPolicyLister.
type PodSecurityPolicyListerExpansion interface{}
......@@ -12,6 +12,7 @@ go_library(
"expansion_generated.go",
"poddisruptionbudget.go",
"poddisruptionbudget_expansion.go",
"podsecuritypolicy.go",
],
importpath = "k8s.io/kubernetes/pkg/client/listers/policy/internalversion",
deps = [
......
......@@ -25,3 +25,7 @@ type EvictionListerExpansion interface{}
// EvictionNamespaceListerExpansion allows custom methods to be added to
// EvictionNamespaceLister.
type EvictionNamespaceListerExpansion interface{}
// PodSecurityPolicyListerExpansion allows custom methods to be added to
// PodSecurityPolicyLister.
type PodSecurityPolicyListerExpansion interface{}
......@@ -22,15 +22,15 @@ import (
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
extensions "k8s.io/kubernetes/pkg/apis/extensions"
policy "k8s.io/kubernetes/pkg/apis/policy"
)
// PodSecurityPolicyLister helps list PodSecurityPolicies.
type PodSecurityPolicyLister interface {
// List lists all PodSecurityPolicies in the indexer.
List(selector labels.Selector) (ret []*extensions.PodSecurityPolicy, err error)
List(selector labels.Selector) (ret []*policy.PodSecurityPolicy, err error)
// Get retrieves the PodSecurityPolicy from the index for a given name.
Get(name string) (*extensions.PodSecurityPolicy, error)
Get(name string) (*policy.PodSecurityPolicy, error)
PodSecurityPolicyListerExpansion
}
......@@ -45,21 +45,21 @@ func NewPodSecurityPolicyLister(indexer cache.Indexer) PodSecurityPolicyLister {
}
// List lists all PodSecurityPolicies in the indexer.
func (s *podSecurityPolicyLister) List(selector labels.Selector) (ret []*extensions.PodSecurityPolicy, err error) {
func (s *podSecurityPolicyLister) List(selector labels.Selector) (ret []*policy.PodSecurityPolicy, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*extensions.PodSecurityPolicy))
ret = append(ret, m.(*policy.PodSecurityPolicy))
})
return ret, err
}
// Get retrieves the PodSecurityPolicy from the index for a given name.
func (s *podSecurityPolicyLister) Get(name string) (*extensions.PodSecurityPolicy, error) {
func (s *podSecurityPolicyLister) Get(name string) (*policy.PodSecurityPolicy, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(extensions.Resource("podsecuritypolicy"), name)
return nil, errors.NewNotFound(policy.Resource("podsecuritypolicy"), name)
}
return obj.(*extensions.PodSecurityPolicy), nil
return obj.(*policy.PodSecurityPolicy), nil
}
......@@ -17,7 +17,7 @@ go_library(
deps = [
"//pkg/apis/core/v1/helper:go_default_library",
"//pkg/apis/core/validation:go_default_library",
"//pkg/apis/extensions/validation:go_default_library",
"//pkg/apis/policy/validation:go_default_library",
"//pkg/kubelet/container:go_default_library",
"//pkg/kubelet/lifecycle:go_default_library",
],
......
......@@ -22,7 +22,7 @@ import (
v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper"
"k8s.io/kubernetes/pkg/apis/core/validation"
extvalidation "k8s.io/kubernetes/pkg/apis/extensions/validation"
policyvalidation "k8s.io/kubernetes/pkg/apis/policy/validation"
"k8s.io/kubernetes/pkg/kubelet/lifecycle"
)
......@@ -64,11 +64,11 @@ func NewWhitelist(patterns []string, annotationKey string) (*patternWhitelist, e
}
for _, s := range patterns {
if !extvalidation.IsValidSysctlPattern(s) {
if !policyvalidation.IsValidSysctlPattern(s) {
return nil, fmt.Errorf("sysctl %q must have at most %d characters and match regex %s",
s,
validation.SysctlMaxLength,
extvalidation.SysctlPatternFmt,
policyvalidation.SysctlPatternFmt,
)
}
if strings.HasSuffix(s, "*") {
......
......@@ -3475,7 +3475,7 @@ type PodSecurityPolicyDescriber struct {
}
func (d *PodSecurityPolicyDescriber) Describe(namespace, name string, describerSettings printers.DescriberSettings) (string, error) {
psp, err := d.Extensions().PodSecurityPolicies().Get(name, metav1.GetOptions{})
psp, err := d.Policy().PodSecurityPolicies().Get(name, metav1.GetOptions{})
if err != nil {
return "", err
}
......@@ -3483,7 +3483,7 @@ func (d *PodSecurityPolicyDescriber) Describe(namespace, name string, describerS
return describePodSecurityPolicy(psp)
}
func describePodSecurityPolicy(psp *extensions.PodSecurityPolicy) (string, error) {
func describePodSecurityPolicy(psp *policy.PodSecurityPolicy) (string, error) {
return tabbedString(func(out io.Writer) error {
w := NewPrefixWriter(out)
w.Write(LEVEL_0, "Name:\t%s\n", psp.Name)
......@@ -3543,7 +3543,7 @@ func stringOrDefaultValue(s, defaultValue string) string {
return defaultValue
}
func fsTypeToString(volumes []extensions.FSType) string {
func fsTypeToString(volumes []policy.FSType) string {
strVolumes := []string{}
for _, v := range volumes {
strVolumes = append(strVolumes, string(v))
......@@ -3551,7 +3551,7 @@ func fsTypeToString(volumes []extensions.FSType) string {
return stringOrNone(strings.Join(strVolumes, ","))
}
func flexVolumesToString(flexVolumes []extensions.AllowedFlexVolume) string {
func flexVolumesToString(flexVolumes []policy.AllowedFlexVolume) string {
volumes := []string{}
for _, flexVolume := range flexVolumes {
volumes = append(volumes, "driver="+flexVolume.Driver)
......@@ -3559,7 +3559,7 @@ func flexVolumesToString(flexVolumes []extensions.AllowedFlexVolume) string {
return stringOrDefaultValue(strings.Join(volumes, ","), "<all>")
}
func hostPortRangeToString(ranges []extensions.HostPortRange) string {
func hostPortRangeToString(ranges []policy.HostPortRange) string {
formattedString := ""
if ranges != nil {
strRanges := []string{}
......@@ -3571,7 +3571,7 @@ func hostPortRangeToString(ranges []extensions.HostPortRange) string {
return stringOrNone(formattedString)
}
func userIDRangeToString(ranges []extensions.UserIDRange) string {
func userIDRangeToString(ranges []policy.UserIDRange) string {
formattedString := ""
if ranges != nil {
strRanges := []string{}
......@@ -3583,7 +3583,7 @@ func userIDRangeToString(ranges []extensions.UserIDRange) string {
return stringOrNone(formattedString)
}
func groupIDRangeToString(ranges []extensions.GroupIDRange) string {
func groupIDRangeToString(ranges []policy.GroupIDRange) string {
formattedString := ""
if ranges != nil {
strRanges := []string{}
......
......@@ -2187,22 +2187,22 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
"Supplemental Groups Strategy: RunAsAny",
}
fake := fake.NewSimpleClientset(&extensions.PodSecurityPolicy{
fake := fake.NewSimpleClientset(&policy.PodSecurityPolicy{
ObjectMeta: metav1.ObjectMeta{
Name: "mypsp",
},
Spec: extensions.PodSecurityPolicySpec{
SELinux: extensions.SELinuxStrategyOptions{
Rule: extensions.SELinuxStrategyRunAsAny,
Spec: policy.PodSecurityPolicySpec{
SELinux: policy.SELinuxStrategyOptions{
Rule: policy.SELinuxStrategyRunAsAny,
},
RunAsUser: extensions.RunAsUserStrategyOptions{
Rule: extensions.RunAsUserStrategyRunAsAny,
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyRunAsAny,
},
FSGroup: extensions.FSGroupStrategyOptions{
Rule: extensions.FSGroupStrategyRunAsAny,
FSGroup: policy.FSGroupStrategyOptions{
Rule: policy.FSGroupStrategyRunAsAny,
},
SupplementalGroups: extensions.SupplementalGroupsStrategyOptions{
Rule: extensions.SupplementalGroupsStrategyRunAsAny,
SupplementalGroups: policy.SupplementalGroupsStrategyOptions{
Rule: policy.SupplementalGroupsStrategyRunAsAny,
},
},
})
......
......@@ -1619,7 +1619,7 @@ func printConfigMapList(list *api.ConfigMapList, options printers.PrintOptions)
return rows, nil
}
func printPodSecurityPolicy(obj *extensions.PodSecurityPolicy, options printers.PrintOptions) ([]metav1beta1.TableRow, error) {
func printPodSecurityPolicy(obj *policy.PodSecurityPolicy, options printers.PrintOptions) ([]metav1beta1.TableRow, error) {
row := metav1beta1.TableRow{
Object: runtime.RawExtension{Object: obj},
}
......@@ -1640,7 +1640,7 @@ func printPodSecurityPolicy(obj *extensions.PodSecurityPolicy, options printers.
return []metav1beta1.TableRow{row}, nil
}
func printPodSecurityPolicyList(list *extensions.PodSecurityPolicyList, options printers.PrintOptions) ([]metav1beta1.TableRow, error) {
func printPodSecurityPolicyList(list *policy.PodSecurityPolicyList, options printers.PrintOptions) ([]metav1beta1.TableRow, error) {
rows := make([]metav1beta1.TableRow, 0, len(list.Items))
for i := range list.Items {
r, err := printPodSecurityPolicy(&list.Items[i], options)
......
......@@ -14,8 +14,8 @@ go_library(
importpath = "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy",
deps = [
"//pkg/api/legacyscheme:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/extensions/validation:go_default_library",
"//pkg/apis/policy:go_default_library",
"//pkg/apis/policy/validation:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
"//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
......
......@@ -11,9 +11,9 @@ go_test(
srcs = ["storage_test.go"],
embed = [":go_default_library"],
deps = [
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
"//pkg/registry/registrytest:go_default_library",
"//vendor/k8s.io/api/extensions/v1beta1:go_default_library",
"//vendor/k8s.io/api/policy/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/fields:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/labels:go_default_library",
......@@ -29,11 +29,12 @@ go_library(
srcs = ["storage.go"],
importpath = "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy/storage",
deps = [
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
"//pkg/printers:go_default_library",
"//pkg/printers/internalversion:go_default_library",
"//pkg/printers/storage:go_default_library",
"//pkg/registry/extensions/podsecuritypolicy:go_default_library",
"//vendor/k8s.io/api/extensions/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library",
"//vendor/k8s.io/apiserver/pkg/registry/generic/registry:go_default_library",
......
......@@ -17,10 +17,11 @@ limitations under the License.
package storage
import (
extensions "k8s.io/api/extensions/v1beta1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apiserver/pkg/registry/generic"
genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/printers"
printersinternal "k8s.io/kubernetes/pkg/printers/internalversion"
printerstorage "k8s.io/kubernetes/pkg/printers/storage"
......@@ -35,8 +36,8 @@ type REST struct {
// NewREST returns a RESTStorage object that will work against PodSecurityPolicy objects.
func NewREST(optsGetter generic.RESTOptionsGetter) *REST {
store := &genericregistry.Store{
NewFunc: func() runtime.Object { return &extensions.PodSecurityPolicy{} },
NewListFunc: func() runtime.Object { return &extensions.PodSecurityPolicyList{} },
NewFunc: func() runtime.Object { return &policy.PodSecurityPolicy{} },
NewListFunc: func() runtime.Object { return &policy.PodSecurityPolicyList{} },
DefaultQualifiedResource: extensions.Resource("podsecuritypolicies"),
CreateStrategy: podsecuritypolicy.Strategy,
......
......@@ -20,9 +20,9 @@ import (
"testing"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/kubernetes/pkg/apis/extensions"
// Ensure that extensions/v1beta1 package is initialized.
_ "k8s.io/api/extensions/v1beta1"
"k8s.io/kubernetes/pkg/apis/policy"
// Ensure that policy/v1beta1 package is initialized.
_ "k8s.io/api/policy/v1beta1"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime"
......@@ -33,7 +33,7 @@ import (
)
func newStorage(t *testing.T) (*REST, *etcdtesting.EtcdTestServer) {
etcdStorage, server := registrytest.NewEtcdStorage(t, "extensions")
etcdStorage, server := registrytest.NewEtcdStorage(t, "policy")
restOptions := generic.RESTOptions{
StorageConfig: etcdStorage,
Decorator: generic.UndecoratedStorage,
......@@ -43,23 +43,23 @@ func newStorage(t *testing.T) (*REST, *etcdtesting.EtcdTestServer) {
return NewREST(restOptions), server
}
func validNewPodSecurityPolicy() *extensions.PodSecurityPolicy {
return &extensions.PodSecurityPolicy{
func validNewPodSecurityPolicy() *policy.PodSecurityPolicy {
return &policy.PodSecurityPolicy{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: extensions.PodSecurityPolicySpec{
SELinux: extensions.SELinuxStrategyOptions{
Rule: extensions.SELinuxStrategyRunAsAny,
Spec: policy.PodSecurityPolicySpec{
SELinux: policy.SELinuxStrategyOptions{
Rule: policy.SELinuxStrategyRunAsAny,
},
RunAsUser: extensions.RunAsUserStrategyOptions{
Rule: extensions.RunAsUserStrategyRunAsAny,
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyRunAsAny,
},
FSGroup: extensions.FSGroupStrategyOptions{
Rule: extensions.FSGroupStrategyRunAsAny,
FSGroup: policy.FSGroupStrategyOptions{
Rule: policy.FSGroupStrategyRunAsAny,
},
SupplementalGroups: extensions.SupplementalGroupsStrategyOptions{
Rule: extensions.SupplementalGroupsStrategyRunAsAny,
SupplementalGroups: policy.SupplementalGroupsStrategyOptions{
Rule: policy.SupplementalGroupsStrategyRunAsAny,
},
},
}
......@@ -76,7 +76,7 @@ func TestCreate(t *testing.T) {
// valid
psp,
// invalid
&extensions.PodSecurityPolicy{
&policy.PodSecurityPolicy{
ObjectMeta: metav1.ObjectMeta{Name: "name with spaces"},
},
)
......@@ -92,7 +92,7 @@ func TestUpdate(t *testing.T) {
validNewPodSecurityPolicy(),
// updateFunc
func(obj runtime.Object) runtime.Object {
object := obj.(*extensions.PodSecurityPolicy)
object := obj.(*policy.PodSecurityPolicy)
object.Labels = map[string]string{"a": "b"}
return object
},
......
......@@ -23,8 +23,8 @@ import (
"k8s.io/apiserver/pkg/registry/rest"
"k8s.io/apiserver/pkg/storage/names"
"k8s.io/kubernetes/pkg/api/legacyscheme"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/extensions/validation"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/apis/policy/validation"
)
// strategy implements behavior for PodSecurityPolicy objects
......@@ -63,9 +63,9 @@ func (strategy) Canonicalize(obj runtime.Object) {
}
func (strategy) Validate(ctx genericapirequest.Context, obj runtime.Object) field.ErrorList {
return validation.ValidatePodSecurityPolicy(obj.(*extensions.PodSecurityPolicy))
return validation.ValidatePodSecurityPolicy(obj.(*policy.PodSecurityPolicy))
}
func (strategy) ValidateUpdate(ctx genericapirequest.Context, obj, old runtime.Object) field.ErrorList {
return validation.ValidatePodSecurityPolicyUpdate(old.(*extensions.PodSecurityPolicy), obj.(*extensions.PodSecurityPolicy))
return validation.ValidatePodSecurityPolicyUpdate(old.(*policy.PodSecurityPolicy), obj.(*policy.PodSecurityPolicy))
}
......@@ -17,7 +17,7 @@ go_library(
importpath = "k8s.io/kubernetes/pkg/security/podsecuritypolicy",
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
"//pkg/security/podsecuritypolicy/apparmor:go_default_library",
"//pkg/security/podsecuritypolicy/capabilities:go_default_library",
"//pkg/security/podsecuritypolicy/group:go_default_library",
......@@ -39,7 +39,7 @@ go_test(
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/core/v1:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
"//pkg/security/apparmor:go_default_library",
"//pkg/security/podsecuritypolicy/seccomp:go_default_library",
"//pkg/security/podsecuritypolicy/util:go_default_library",
......
......@@ -16,7 +16,7 @@ go_library(
importpath = "k8s.io/kubernetes/pkg/security/podsecuritypolicy/capabilities",
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
],
......@@ -28,7 +28,7 @@ go_test(
embed = [":go_default_library"],
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
],
)
......
......@@ -22,7 +22,7 @@ import (
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/validation/field"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
)
// defaultCapabilities implements the Strategy interface
......@@ -100,7 +100,7 @@ func (s *defaultCapabilities) Validate(pod *api.Pod, container *api.Container, c
}
allowedAdd := makeCapSet(s.allowedCaps)
allowAllCaps := allowedAdd.Has(string(extensions.AllowAllCapabilities))
allowAllCaps := allowedAdd.Has(string(policy.AllowAllCapabilities))
if allowAllCaps {
// skip validation against allowed/defaultAdd/requiredDrop because all capabilities are allowed by a wildcard
return allErrs
......
......@@ -21,7 +21,7 @@ import (
"testing"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
)
func TestGenerateAdds(t *testing.T) {
......@@ -278,7 +278,7 @@ func TestValidateAdds(t *testing.T) {
},
},
"no required, all allowed, container requests valid": {
allowedCaps: []api.Capability{extensions.AllowAllCapabilities},
allowedCaps: []api.Capability{policy.AllowAllCapabilities},
containerCaps: &api.Capabilities{
Add: []api.Capability{"foo"},
},
......
......@@ -21,7 +21,7 @@ import (
"k8s.io/apimachinery/pkg/util/errors"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/security/podsecuritypolicy/apparmor"
"k8s.io/kubernetes/pkg/security/podsecuritypolicy/capabilities"
"k8s.io/kubernetes/pkg/security/podsecuritypolicy/group"
......@@ -39,7 +39,7 @@ func NewSimpleStrategyFactory() StrategyFactory {
return &simpleStrategyFactory{}
}
func (f *simpleStrategyFactory) CreateStrategies(psp *extensions.PodSecurityPolicy, namespace string) (*ProviderStrategies, error) {
func (f *simpleStrategyFactory) CreateStrategies(psp *policy.PodSecurityPolicy, namespace string) (*ProviderStrategies, error) {
errs := []error{}
userStrat, err := createUserStrategy(&psp.Spec.RunAsUser)
......@@ -78,9 +78,9 @@ func (f *simpleStrategyFactory) CreateStrategies(psp *extensions.PodSecurityPoli
}
var unsafeSysctls []string
if ann, found := psp.Annotations[extensions.SysctlsPodSecurityPolicyAnnotationKey]; found {
if ann, found := psp.Annotations[policy.SysctlsPodSecurityPolicyAnnotationKey]; found {
var err error
unsafeSysctls, err = extensions.SysctlsFromPodSecurityPolicyAnnotation(ann)
unsafeSysctls, err = policy.SysctlsFromPodSecurityPolicyAnnotation(ann)
if err != nil {
errs = append(errs, err)
}
......@@ -106,13 +106,13 @@ func (f *simpleStrategyFactory) CreateStrategies(psp *extensions.PodSecurityPoli
}
// createUserStrategy creates a new user strategy.
func createUserStrategy(opts *extensions.RunAsUserStrategyOptions) (user.RunAsUserStrategy, error) {
func createUserStrategy(opts *policy.RunAsUserStrategyOptions) (user.RunAsUserStrategy, error) {
switch opts.Rule {
case extensions.RunAsUserStrategyMustRunAs:
case policy.RunAsUserStrategyMustRunAs:
return user.NewMustRunAs(opts)
case extensions.RunAsUserStrategyMustRunAsNonRoot:
case policy.RunAsUserStrategyMustRunAsNonRoot:
return user.NewRunAsNonRoot(opts)
case extensions.RunAsUserStrategyRunAsAny:
case policy.RunAsUserStrategyRunAsAny:
return user.NewRunAsAny(opts)
default:
return nil, fmt.Errorf("Unrecognized RunAsUser strategy type %s", opts.Rule)
......@@ -120,11 +120,11 @@ func createUserStrategy(opts *extensions.RunAsUserStrategyOptions) (user.RunAsUs
}
// createSELinuxStrategy creates a new selinux strategy.
func createSELinuxStrategy(opts *extensions.SELinuxStrategyOptions) (selinux.SELinuxStrategy, error) {
func createSELinuxStrategy(opts *policy.SELinuxStrategyOptions) (selinux.SELinuxStrategy, error) {
switch opts.Rule {
case extensions.SELinuxStrategyMustRunAs:
case policy.SELinuxStrategyMustRunAs:
return selinux.NewMustRunAs(opts)
case extensions.SELinuxStrategyRunAsAny:
case policy.SELinuxStrategyRunAsAny:
return selinux.NewRunAsAny(opts)
default:
return nil, fmt.Errorf("Unrecognized SELinuxContext strategy type %s", opts.Rule)
......@@ -132,21 +132,21 @@ func createSELinuxStrategy(opts *extensions.SELinuxStrategyOptions) (selinux.SEL
}
// createAppArmorStrategy creates a new AppArmor strategy.
func createAppArmorStrategy(psp *extensions.PodSecurityPolicy) (apparmor.Strategy, error) {
func createAppArmorStrategy(psp *policy.PodSecurityPolicy) (apparmor.Strategy, error) {
return apparmor.NewStrategy(psp.Annotations), nil
}
// createSeccompStrategy creates a new seccomp strategy.
func createSeccompStrategy(psp *extensions.PodSecurityPolicy) (seccomp.Strategy, error) {
func createSeccompStrategy(psp *policy.PodSecurityPolicy) (seccomp.Strategy, error) {
return seccomp.NewStrategy(psp.Annotations), nil
}
// createFSGroupStrategy creates a new fsgroup strategy
func createFSGroupStrategy(opts *extensions.FSGroupStrategyOptions) (group.GroupStrategy, error) {
func createFSGroupStrategy(opts *policy.FSGroupStrategyOptions) (group.GroupStrategy, error) {
switch opts.Rule {
case extensions.FSGroupStrategyRunAsAny:
case policy.FSGroupStrategyRunAsAny:
return group.NewRunAsAny()
case extensions.FSGroupStrategyMustRunAs:
case policy.FSGroupStrategyMustRunAs:
return group.NewMustRunAs(opts.Ranges, fsGroupField)
default:
return nil, fmt.Errorf("Unrecognized FSGroup strategy type %s", opts.Rule)
......@@ -154,11 +154,11 @@ func createFSGroupStrategy(opts *extensions.FSGroupStrategyOptions) (group.Group
}
// createSupplementalGroupStrategy creates a new supplemental group strategy
func createSupplementalGroupStrategy(opts *extensions.SupplementalGroupsStrategyOptions) (group.GroupStrategy, error) {
func createSupplementalGroupStrategy(opts *policy.SupplementalGroupsStrategyOptions) (group.GroupStrategy, error) {
switch opts.Rule {
case extensions.SupplementalGroupsStrategyRunAsAny:
case policy.SupplementalGroupsStrategyRunAsAny:
return group.NewRunAsAny()
case extensions.SupplementalGroupsStrategyMustRunAs:
case policy.SupplementalGroupsStrategyMustRunAs:
return group.NewMustRunAs(opts.Ranges, supplementalGroupsField)
default:
return nil, fmt.Errorf("Unrecognized SupplementalGroups strategy type %s", opts.Rule)
......
......@@ -17,7 +17,7 @@ go_library(
importpath = "k8s.io/kubernetes/pkg/security/podsecuritypolicy/group",
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
"//pkg/security/podsecuritypolicy/util:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
],
......@@ -30,7 +30,7 @@ go_test(
"runasany_test.go",
],
embed = [":go_default_library"],
deps = ["//pkg/apis/extensions:go_default_library"],
deps = ["//pkg/apis/policy:go_default_library"],
)
filegroup(
......
......@@ -21,20 +21,20 @@ import (
"k8s.io/apimachinery/pkg/util/validation/field"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
psputil "k8s.io/kubernetes/pkg/security/podsecuritypolicy/util"
)
// mustRunAs implements the GroupStrategy interface
type mustRunAs struct {
ranges []extensions.GroupIDRange
ranges []policy.GroupIDRange
field string
}
var _ GroupStrategy = &mustRunAs{}
// NewMustRunAs provides a new MustRunAs strategy based on ranges.
func NewMustRunAs(ranges []extensions.GroupIDRange, field string) (GroupStrategy, error) {
func NewMustRunAs(ranges []policy.GroupIDRange, field string) (GroupStrategy, error) {
if len(ranges) == 0 {
return nil, fmt.Errorf("ranges must be supplied for MustRunAs")
}
......
......@@ -20,19 +20,19 @@ import (
"strings"
"testing"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
)
func TestMustRunAsOptions(t *testing.T) {
tests := map[string]struct {
ranges []extensions.GroupIDRange
ranges []policy.GroupIDRange
pass bool
}{
"empty": {
ranges: []extensions.GroupIDRange{},
ranges: []policy.GroupIDRange{},
},
"ranges": {
ranges: []extensions.GroupIDRange{
ranges: []policy.GroupIDRange{
{Min: 1, Max: 1},
},
pass: true,
......@@ -52,23 +52,23 @@ func TestMustRunAsOptions(t *testing.T) {
func TestGenerate(t *testing.T) {
tests := map[string]struct {
ranges []extensions.GroupIDRange
ranges []policy.GroupIDRange
expected []int64
}{
"multi value": {
ranges: []extensions.GroupIDRange{
ranges: []policy.GroupIDRange{
{Min: 1, Max: 2},
},
expected: []int64{1},
},
"single value": {
ranges: []extensions.GroupIDRange{
ranges: []policy.GroupIDRange{
{Min: 1, Max: 1},
},
expected: []int64{1},
},
"multi range": {
ranges: []extensions.GroupIDRange{
ranges: []policy.GroupIDRange{
{Min: 1, Max: 1},
{Min: 2, Max: 500},
},
......@@ -110,25 +110,25 @@ func TestGenerate(t *testing.T) {
func TestValidate(t *testing.T) {
tests := map[string]struct {
ranges []extensions.GroupIDRange
ranges []policy.GroupIDRange
groups []int64
expectedError string
}{
"nil security context": {
ranges: []extensions.GroupIDRange{
ranges: []policy.GroupIDRange{
{Min: 1, Max: 3},
},
expectedError: "unable to validate empty groups against required ranges",
},
"empty groups": {
ranges: []extensions.GroupIDRange{
ranges: []policy.GroupIDRange{
{Min: 1, Max: 3},
},
expectedError: "unable to validate empty groups against required ranges",
},
"not in range": {
groups: []int64{5},
ranges: []extensions.GroupIDRange{
ranges: []policy.GroupIDRange{
{Min: 1, Max: 3},
{Min: 4, Max: 4},
},
......@@ -136,25 +136,25 @@ func TestValidate(t *testing.T) {
},
"in range 1": {
groups: []int64{2},
ranges: []extensions.GroupIDRange{
ranges: []policy.GroupIDRange{
{Min: 1, Max: 3},
},
},
"in range boundary min": {
groups: []int64{1},
ranges: []extensions.GroupIDRange{
ranges: []policy.GroupIDRange{
{Min: 1, Max: 3},
},
},
"in range boundary max": {
groups: []int64{3},
ranges: []extensions.GroupIDRange{
ranges: []policy.GroupIDRange{
{Min: 1, Max: 3},
},
},
"singular range": {
groups: []int64{4},
ranges: []extensions.GroupIDRange{
ranges: []policy.GroupIDRange{
{Min: 4, Max: 4},
},
},
......
......@@ -22,7 +22,7 @@ import (
"k8s.io/apimachinery/pkg/util/validation/field"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
psputil "k8s.io/kubernetes/pkg/security/podsecuritypolicy/util"
"k8s.io/kubernetes/pkg/securitycontext"
)
......@@ -36,7 +36,7 @@ const (
// simpleProvider is the default implementation of Provider.
type simpleProvider struct {
psp *extensions.PodSecurityPolicy
psp *policy.PodSecurityPolicy
strategies *ProviderStrategies
}
......@@ -44,7 +44,7 @@ type simpleProvider struct {
var _ Provider = &simpleProvider{}
// NewSimpleProvider creates a new Provider instance.
func NewSimpleProvider(psp *extensions.PodSecurityPolicy, namespace string, strategyFactory StrategyFactory) (Provider, error) {
func NewSimpleProvider(psp *policy.PodSecurityPolicy, namespace string, strategyFactory StrategyFactory) (Provider, error) {
if psp == nil {
return nil, fmt.Errorf("NewSimpleProvider requires a PodSecurityPolicy")
}
......@@ -144,7 +144,7 @@ func (s *simpleProvider) DefaultContainerSecurityContext(pod *api.Pod, container
// if we're using the non-root strategy set the marker that this container should not be
// run as root which will signal to the kubelet to do a final check either on the runAsUser
// or, if runAsUser is not set, the image UID will be checked.
if sc.RunAsNonRoot() == nil && sc.RunAsUser() == nil && s.psp.Spec.RunAsUser.Rule == extensions.RunAsUserStrategyMustRunAsNonRoot {
if sc.RunAsNonRoot() == nil && sc.RunAsUser() == nil && s.psp.Spec.RunAsUser.Rule == policy.RunAsUserStrategyMustRunAsNonRoot {
nonRoot := true
sc.SetRunAsNonRoot(&nonRoot)
}
......@@ -226,7 +226,7 @@ func (s *simpleProvider) ValidatePod(pod *api.Pod, fldPath *field.Path) field.Er
continue
}
if fsType == extensions.HostPath {
if fsType == policy.HostPath {
if !psputil.AllowsHostVolumePath(s.psp, v.HostPath.Path) {
allErrs = append(allErrs, field.Invalid(
field.NewPath("spec", "volumes").Index(i).Child("hostPath", "pathPrefix"), v.HostPath.Path,
......@@ -234,7 +234,7 @@ func (s *simpleProvider) ValidatePod(pod *api.Pod, fldPath *field.Path) field.Er
}
}
if fsType == extensions.FlexVolume && len(s.psp.Spec.AllowedFlexVolumes) > 0 {
if fsType == policy.FlexVolume && len(s.psp.Spec.AllowedFlexVolumes) > 0 {
found := false
driver := v.FlexVolume.Driver
for _, allowedFlexVolume := range s.psp.Spec.AllowedFlexVolumes {
......@@ -333,7 +333,7 @@ func (s *simpleProvider) GetPSPName() string {
return s.psp.Name
}
func hostPortRangesToString(ranges []extensions.HostPortRange) string {
func hostPortRangesToString(ranges []policy.HostPortRange) string {
formattedString := ""
if ranges != nil {
strRanges := []string{}
......
......@@ -17,7 +17,7 @@ go_library(
importpath = "k8s.io/kubernetes/pkg/security/podsecuritypolicy/selinux",
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
"//pkg/security/podsecuritypolicy/util:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
],
......@@ -32,7 +32,7 @@ go_test(
embed = [":go_default_library"],
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
],
)
......
......@@ -23,17 +23,17 @@ import (
"k8s.io/apimachinery/pkg/util/validation/field"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/security/podsecuritypolicy/util"
)
type mustRunAs struct {
opts *extensions.SELinuxStrategyOptions
opts *policy.SELinuxStrategyOptions
}
var _ SELinuxStrategy = &mustRunAs{}
func NewMustRunAs(options *extensions.SELinuxStrategyOptions) (SELinuxStrategy, error) {
func NewMustRunAs(options *policy.SELinuxStrategyOptions) (SELinuxStrategy, error) {
if options == nil {
return nil, fmt.Errorf("MustRunAs requires SELinuxContextStrategyOptions")
}
......
......@@ -18,7 +18,7 @@ package selinux
import (
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"reflect"
"strings"
"testing"
......@@ -26,7 +26,7 @@ import (
func TestMustRunAsOptions(t *testing.T) {
tests := map[string]struct {
opts *extensions.SELinuxStrategyOptions
opts *policy.SELinuxStrategyOptions
pass bool
}{
"nil opts": {
......@@ -34,11 +34,11 @@ func TestMustRunAsOptions(t *testing.T) {
pass: false,
},
"invalid opts": {
opts: &extensions.SELinuxStrategyOptions{},
opts: &policy.SELinuxStrategyOptions{},
pass: false,
},
"valid opts": {
opts: &extensions.SELinuxStrategyOptions{SELinuxOptions: &api.SELinuxOptions{}},
opts: &policy.SELinuxStrategyOptions{SELinuxOptions: &api.SELinuxOptions{}},
pass: true,
},
}
......@@ -54,7 +54,7 @@ func TestMustRunAsOptions(t *testing.T) {
}
func TestMustRunAsGenerate(t *testing.T) {
opts := &extensions.SELinuxStrategyOptions{
opts := &policy.SELinuxStrategyOptions{
SELinuxOptions: &api.SELinuxOptions{
User: "user",
Role: "role",
......@@ -145,7 +145,7 @@ func TestMustRunAsValidate(t *testing.T) {
}
for name, tc := range tests {
opts := &extensions.SELinuxStrategyOptions{
opts := &policy.SELinuxStrategyOptions{
SELinuxOptions: tc.pspSeLinux,
}
mustRunAs, err := NewMustRunAs(opts)
......
......@@ -19,7 +19,7 @@ package selinux
import (
"k8s.io/apimachinery/pkg/util/validation/field"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
)
// runAsAny implements the SELinuxStrategy interface.
......@@ -28,7 +28,7 @@ type runAsAny struct{}
var _ SELinuxStrategy = &runAsAny{}
// NewRunAsAny provides a strategy that will return the configured se linux context or nil.
func NewRunAsAny(options *extensions.SELinuxStrategyOptions) (SELinuxStrategy, error) {
func NewRunAsAny(options *policy.SELinuxStrategyOptions) (SELinuxStrategy, error) {
return &runAsAny{}, nil
}
......
......@@ -18,7 +18,7 @@ package selinux
import (
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"testing"
)
......@@ -27,14 +27,14 @@ func TestRunAsAnyOptions(t *testing.T) {
if err != nil {
t.Fatalf("unexpected error initializing NewRunAsAny %v", err)
}
_, err = NewRunAsAny(&extensions.SELinuxStrategyOptions{})
_, err = NewRunAsAny(&policy.SELinuxStrategyOptions{})
if err != nil {
t.Errorf("unexpected error initializing NewRunAsAny %v", err)
}
}
func TestRunAsAnyGenerate(t *testing.T) {
s, err := NewRunAsAny(&extensions.SELinuxStrategyOptions{})
s, err := NewRunAsAny(&policy.SELinuxStrategyOptions{})
if err != nil {
t.Fatalf("unexpected error initializing NewRunAsAny %v", err)
}
......@@ -48,7 +48,7 @@ func TestRunAsAnyGenerate(t *testing.T) {
}
func TestRunAsAnyValidate(t *testing.T) {
s, err := NewRunAsAny(&extensions.SELinuxStrategyOptions{
s, err := NewRunAsAny(&policy.SELinuxStrategyOptions{
SELinuxOptions: &api.SELinuxOptions{
Level: "foo",
},
......@@ -61,7 +61,7 @@ func TestRunAsAnyValidate(t *testing.T) {
if len(errs) != 0 {
t.Errorf("unexpected errors validating with ")
}
s, err = NewRunAsAny(&extensions.SELinuxStrategyOptions{})
s, err = NewRunAsAny(&policy.SELinuxStrategyOptions{})
if err != nil {
t.Fatalf("unexpected error initializing NewRunAsAny %v", err)
}
......
......@@ -19,7 +19,7 @@ package podsecuritypolicy
import (
"k8s.io/apimachinery/pkg/util/validation/field"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/security/podsecuritypolicy/apparmor"
"k8s.io/kubernetes/pkg/security/podsecuritypolicy/capabilities"
"k8s.io/kubernetes/pkg/security/podsecuritypolicy/group"
......@@ -54,7 +54,7 @@ type Provider interface {
type StrategyFactory interface {
// CreateStrategies creates the strategies that a provider will use. The namespace argument
// should be the namespace of the object being checked (the pod's namespace).
CreateStrategies(psp *extensions.PodSecurityPolicy, namespace string) (*ProviderStrategies, error)
CreateStrategies(psp *policy.PodSecurityPolicy, namespace string) (*ProviderStrategies, error)
}
// ProviderStrategies is a holder for all strategies that the provider requires to be populated.
......
......@@ -18,7 +18,7 @@ go_library(
importpath = "k8s.io/kubernetes/pkg/security/podsecuritypolicy/user",
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
"//pkg/security/podsecuritypolicy/util:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
],
......@@ -34,7 +34,7 @@ go_test(
embed = [":go_default_library"],
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
],
)
......
......@@ -21,17 +21,17 @@ import (
"k8s.io/apimachinery/pkg/util/validation/field"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
psputil "k8s.io/kubernetes/pkg/security/podsecuritypolicy/util"
)
// mustRunAs implements the RunAsUserStrategy interface
type mustRunAs struct {
opts *extensions.RunAsUserStrategyOptions
opts *policy.RunAsUserStrategyOptions
}
// NewMustRunAs provides a strategy that requires the container to run as a specific UID in a range.
func NewMustRunAs(options *extensions.RunAsUserStrategyOptions) (RunAsUserStrategy, error) {
func NewMustRunAs(options *policy.RunAsUserStrategyOptions) (RunAsUserStrategy, error) {
if options == nil {
return nil, fmt.Errorf("MustRunAs requires run as user options")
}
......
......@@ -18,14 +18,14 @@ package user
import (
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"strings"
"testing"
)
func TestNewMustRunAs(t *testing.T) {
tests := map[string]struct {
opts *extensions.RunAsUserStrategyOptions
opts *policy.RunAsUserStrategyOptions
pass bool
}{
"nil opts": {
......@@ -33,12 +33,12 @@ func TestNewMustRunAs(t *testing.T) {
pass: false,
},
"invalid opts": {
opts: &extensions.RunAsUserStrategyOptions{},
opts: &policy.RunAsUserStrategyOptions{},
pass: false,
},
"valid opts": {
opts: &extensions.RunAsUserStrategyOptions{
Ranges: []extensions.UserIDRange{
opts: &policy.RunAsUserStrategyOptions{
Ranges: []policy.UserIDRange{
{Min: 1, Max: 1},
},
},
......@@ -57,8 +57,8 @@ func TestNewMustRunAs(t *testing.T) {
}
func TestGenerate(t *testing.T) {
opts := &extensions.RunAsUserStrategyOptions{
Ranges: []extensions.UserIDRange{
opts := &policy.RunAsUserStrategyOptions{
Ranges: []policy.UserIDRange{
{Min: 1, Max: 1},
},
}
......@@ -76,8 +76,8 @@ func TestGenerate(t *testing.T) {
}
func TestValidate(t *testing.T) {
opts := &extensions.RunAsUserStrategyOptions{
Ranges: []extensions.UserIDRange{
opts := &policy.RunAsUserStrategyOptions{
Ranges: []policy.UserIDRange{
{Min: 1, Max: 1},
{Min: 10, Max: 20},
},
......
......@@ -19,14 +19,14 @@ package user
import (
"k8s.io/apimachinery/pkg/util/validation/field"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
)
type nonRoot struct{}
var _ RunAsUserStrategy = &nonRoot{}
func NewRunAsNonRoot(options *extensions.RunAsUserStrategyOptions) (RunAsUserStrategy, error) {
func NewRunAsNonRoot(options *policy.RunAsUserStrategyOptions) (RunAsUserStrategy, error) {
return &nonRoot{}, nil
}
......
......@@ -18,7 +18,7 @@ package user
import (
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"testing"
)
......@@ -27,14 +27,14 @@ func TestNonRootOptions(t *testing.T) {
if err != nil {
t.Fatalf("unexpected error initializing NewRunAsNonRoot %v", err)
}
_, err = NewRunAsNonRoot(&extensions.RunAsUserStrategyOptions{})
_, err = NewRunAsNonRoot(&policy.RunAsUserStrategyOptions{})
if err != nil {
t.Errorf("unexpected error initializing NewRunAsNonRoot %v", err)
}
}
func TestNonRootGenerate(t *testing.T) {
s, err := NewRunAsNonRoot(&extensions.RunAsUserStrategyOptions{})
s, err := NewRunAsNonRoot(&policy.RunAsUserStrategyOptions{})
if err != nil {
t.Fatalf("unexpected error initializing NewRunAsNonRoot %v", err)
}
......@@ -52,7 +52,7 @@ func TestNonRootValidate(t *testing.T) {
badUID := int64(0)
untrue := false
unfalse := true
s, err := NewRunAsNonRoot(&extensions.RunAsUserStrategyOptions{})
s, err := NewRunAsNonRoot(&policy.RunAsUserStrategyOptions{})
if err != nil {
t.Fatalf("unexpected error initializing NewMustRunAs %v", err)
}
......
......@@ -19,7 +19,7 @@ package user
import (
"k8s.io/apimachinery/pkg/util/validation/field"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
)
// runAsAny implements the interface RunAsUserStrategy.
......@@ -28,7 +28,7 @@ type runAsAny struct{}
var _ RunAsUserStrategy = &runAsAny{}
// NewRunAsAny provides a strategy that will return nil.
func NewRunAsAny(options *extensions.RunAsUserStrategyOptions) (RunAsUserStrategy, error) {
func NewRunAsAny(options *policy.RunAsUserStrategyOptions) (RunAsUserStrategy, error) {
return &runAsAny{}, nil
}
......
......@@ -19,7 +19,7 @@ package user
import (
"testing"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
)
func TestRunAsAnyOptions(t *testing.T) {
......@@ -27,14 +27,14 @@ func TestRunAsAnyOptions(t *testing.T) {
if err != nil {
t.Fatalf("unexpected error initializing NewRunAsAny %v", err)
}
_, err = NewRunAsAny(&extensions.RunAsUserStrategyOptions{})
_, err = NewRunAsAny(&policy.RunAsUserStrategyOptions{})
if err != nil {
t.Errorf("unexpected error initializing NewRunAsAny %v", err)
}
}
func TestRunAsAnyGenerate(t *testing.T) {
s, err := NewRunAsAny(&extensions.RunAsUserStrategyOptions{})
s, err := NewRunAsAny(&policy.RunAsUserStrategyOptions{})
if err != nil {
t.Fatalf("unexpected error initializing NewRunAsAny %v", err)
}
......@@ -48,7 +48,7 @@ func TestRunAsAnyGenerate(t *testing.T) {
}
func TestRunAsAnyValidate(t *testing.T) {
s, err := NewRunAsAny(&extensions.RunAsUserStrategyOptions{})
s, err := NewRunAsAny(&policy.RunAsUserStrategyOptions{})
if err != nil {
t.Fatalf("unexpected error initializing NewRunAsAny %v", err)
}
......
......@@ -15,7 +15,7 @@ go_library(
importpath = "k8s.io/kubernetes/pkg/security/podsecuritypolicy/util",
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
],
)
......@@ -26,7 +26,7 @@ go_test(
embed = [":go_default_library"],
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
],
)
......
......@@ -22,7 +22,7 @@ import (
"k8s.io/apimachinery/pkg/util/sets"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
)
const (
......@@ -40,102 +40,102 @@ func GetAllFSTypesExcept(exceptions ...string) sets.String {
func GetAllFSTypesAsSet() sets.String {
fstypes := sets.NewString()
fstypes.Insert(
string(extensions.HostPath),
string(extensions.AzureFile),
string(extensions.Flocker),
string(extensions.FlexVolume),
string(extensions.EmptyDir),
string(extensions.GCEPersistentDisk),
string(extensions.AWSElasticBlockStore),
string(extensions.GitRepo),
string(extensions.Secret),
string(extensions.NFS),
string(extensions.ISCSI),
string(extensions.Glusterfs),
string(extensions.PersistentVolumeClaim),
string(extensions.RBD),
string(extensions.Cinder),
string(extensions.CephFS),
string(extensions.DownwardAPI),
string(extensions.FC),
string(extensions.ConfigMap),
string(extensions.VsphereVolume),
string(extensions.Quobyte),
string(extensions.AzureDisk),
string(extensions.PhotonPersistentDisk),
string(extensions.StorageOS),
string(extensions.Projected),
string(extensions.PortworxVolume),
string(extensions.ScaleIO),
string(extensions.CSI),
string(policy.HostPath),
string(policy.AzureFile),
string(policy.Flocker),
string(policy.FlexVolume),
string(policy.EmptyDir),
string(policy.GCEPersistentDisk),
string(policy.AWSElasticBlockStore),
string(policy.GitRepo),
string(policy.Secret),
string(policy.NFS),
string(policy.ISCSI),
string(policy.Glusterfs),
string(policy.PersistentVolumeClaim),
string(policy.RBD),
string(policy.Cinder),
string(policy.CephFS),
string(policy.DownwardAPI),
string(policy.FC),
string(policy.ConfigMap),
string(policy.VsphereVolume),
string(policy.Quobyte),
string(policy.AzureDisk),
string(policy.PhotonPersistentDisk),
string(policy.StorageOS),
string(policy.Projected),
string(policy.PortworxVolume),
string(policy.ScaleIO),
string(policy.CSI),
)
return fstypes
}
// getVolumeFSType gets the FSType for a volume.
func GetVolumeFSType(v api.Volume) (extensions.FSType, error) {
func GetVolumeFSType(v api.Volume) (policy.FSType, error) {
switch {
case v.HostPath != nil:
return extensions.HostPath, nil
return policy.HostPath, nil
case v.EmptyDir != nil:
return extensions.EmptyDir, nil
return policy.EmptyDir, nil
case v.GCEPersistentDisk != nil:
return extensions.GCEPersistentDisk, nil
return policy.GCEPersistentDisk, nil
case v.AWSElasticBlockStore != nil:
return extensions.AWSElasticBlockStore, nil
return policy.AWSElasticBlockStore, nil
case v.GitRepo != nil:
return extensions.GitRepo, nil
return policy.GitRepo, nil
case v.Secret != nil:
return extensions.Secret, nil
return policy.Secret, nil
case v.NFS != nil:
return extensions.NFS, nil
return policy.NFS, nil
case v.ISCSI != nil:
return extensions.ISCSI, nil
return policy.ISCSI, nil
case v.Glusterfs != nil:
return extensions.Glusterfs, nil
return policy.Glusterfs, nil
case v.PersistentVolumeClaim != nil:
return extensions.PersistentVolumeClaim, nil
return policy.PersistentVolumeClaim, nil
case v.RBD != nil:
return extensions.RBD, nil
return policy.RBD, nil
case v.FlexVolume != nil:
return extensions.FlexVolume, nil
return policy.FlexVolume, nil
case v.Cinder != nil:
return extensions.Cinder, nil
return policy.Cinder, nil
case v.CephFS != nil:
return extensions.CephFS, nil
return policy.CephFS, nil
case v.Flocker != nil:
return extensions.Flocker, nil
return policy.Flocker, nil
case v.DownwardAPI != nil:
return extensions.DownwardAPI, nil
return policy.DownwardAPI, nil
case v.FC != nil:
return extensions.FC, nil
return policy.FC, nil
case v.AzureFile != nil:
return extensions.AzureFile, nil
return policy.AzureFile, nil
case v.ConfigMap != nil:
return extensions.ConfigMap, nil
return policy.ConfigMap, nil
case v.VsphereVolume != nil:
return extensions.VsphereVolume, nil
return policy.VsphereVolume, nil
case v.Quobyte != nil:
return extensions.Quobyte, nil
return policy.Quobyte, nil
case v.AzureDisk != nil:
return extensions.AzureDisk, nil
return policy.AzureDisk, nil
case v.PhotonPersistentDisk != nil:
return extensions.PhotonPersistentDisk, nil
return policy.PhotonPersistentDisk, nil
case v.StorageOS != nil:
return extensions.StorageOS, nil
return policy.StorageOS, nil
case v.Projected != nil:
return extensions.Projected, nil
return policy.Projected, nil
case v.PortworxVolume != nil:
return extensions.PortworxVolume, nil
return policy.PortworxVolume, nil
case v.ScaleIO != nil:
return extensions.ScaleIO, nil
return policy.ScaleIO, nil
}
return "", fmt.Errorf("unknown volume type for volume: %#v", v)
}
// FSTypeToStringSet converts an FSType slice to a string set.
func FSTypeToStringSet(fsTypes []extensions.FSType) sets.String {
func FSTypeToStringSet(fsTypes []policy.FSType) sets.String {
set := sets.NewString()
for _, v := range fsTypes {
set.Insert(string(v))
......@@ -144,19 +144,19 @@ func FSTypeToStringSet(fsTypes []extensions.FSType) sets.String {
}
// PSPAllowsAllVolumes checks for FSTypeAll in the psp's allowed volumes.
func PSPAllowsAllVolumes(psp *extensions.PodSecurityPolicy) bool {
return PSPAllowsFSType(psp, extensions.All)
func PSPAllowsAllVolumes(psp *policy.PodSecurityPolicy) bool {
return PSPAllowsFSType(psp, policy.All)
}
// PSPAllowsFSType is a utility for checking if a PSP allows a particular FSType.
// If all volumes are allowed then this will return true for any FSType passed.
func PSPAllowsFSType(psp *extensions.PodSecurityPolicy, fsType extensions.FSType) bool {
func PSPAllowsFSType(psp *policy.PodSecurityPolicy, fsType policy.FSType) bool {
if psp == nil {
return false
}
for _, v := range psp.Spec.Volumes {
if v == fsType || v == extensions.All {
if v == fsType || v == policy.All {
return true
}
}
......@@ -164,18 +164,18 @@ func PSPAllowsFSType(psp *extensions.PodSecurityPolicy, fsType extensions.FSType
}
// UserFallsInRange is a utility to determine it the id falls in the valid range.
func UserFallsInRange(id int64, rng extensions.UserIDRange) bool {
func UserFallsInRange(id int64, rng policy.UserIDRange) bool {
return id >= rng.Min && id <= rng.Max
}
// GroupFallsInRange is a utility to determine it the id falls in the valid range.
func GroupFallsInRange(id int64, rng extensions.GroupIDRange) bool {
func GroupFallsInRange(id int64, rng policy.GroupIDRange) bool {
return id >= rng.Min && id <= rng.Max
}
// AllowsHostVolumePath is a utility for checking if a PSP allows the host volume path.
// This only checks the path. You should still check to make sure the host volume fs type is allowed.
func AllowsHostVolumePath(psp *extensions.PodSecurityPolicy, hostPath string) bool {
func AllowsHostVolumePath(psp *policy.PodSecurityPolicy, hostPath string) bool {
if psp == nil {
return false
}
......
......@@ -18,7 +18,7 @@ package util
import (
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
"reflect"
"testing"
)
......@@ -52,45 +52,45 @@ func TestVolumeSourceFSTypeDrift(t *testing.T) {
func TestPSPAllowsFSType(t *testing.T) {
tests := map[string]struct {
psp *extensions.PodSecurityPolicy
fsType extensions.FSType
psp *policy.PodSecurityPolicy
fsType policy.FSType
allows bool
}{
"nil psp": {
psp: nil,
fsType: extensions.HostPath,
fsType: policy.HostPath,
allows: false,
},
"empty volumes": {
psp: &extensions.PodSecurityPolicy{},
fsType: extensions.HostPath,
psp: &policy.PodSecurityPolicy{},
fsType: policy.HostPath,
allows: false,
},
"non-matching": {
psp: &extensions.PodSecurityPolicy{
Spec: extensions.PodSecurityPolicySpec{
Volumes: []extensions.FSType{extensions.AWSElasticBlockStore},
psp: &policy.PodSecurityPolicy{
Spec: policy.PodSecurityPolicySpec{
Volumes: []policy.FSType{policy.AWSElasticBlockStore},
},
},
fsType: extensions.HostPath,
fsType: policy.HostPath,
allows: false,
},
"match on FSTypeAll": {
psp: &extensions.PodSecurityPolicy{
Spec: extensions.PodSecurityPolicySpec{
Volumes: []extensions.FSType{extensions.All},
psp: &policy.PodSecurityPolicy{
Spec: policy.PodSecurityPolicySpec{
Volumes: []policy.FSType{policy.All},
},
},
fsType: extensions.HostPath,
fsType: policy.HostPath,
allows: true,
},
"match on direct match": {
psp: &extensions.PodSecurityPolicy{
Spec: extensions.PodSecurityPolicySpec{
Volumes: []extensions.FSType{extensions.HostPath},
psp: &policy.PodSecurityPolicy{
Spec: policy.PodSecurityPolicySpec{
Volumes: []policy.FSType{policy.HostPath},
},
},
fsType: extensions.HostPath,
fsType: policy.HostPath,
allows: true,
},
}
......@@ -105,7 +105,7 @@ func TestPSPAllowsFSType(t *testing.T) {
func TestAllowsHostVolumePath(t *testing.T) {
tests := map[string]struct {
psp *extensions.PodSecurityPolicy
psp *policy.PodSecurityPolicy
path string
allows bool
}{
......@@ -115,14 +115,14 @@ func TestAllowsHostVolumePath(t *testing.T) {
allows: false,
},
"empty allowed paths": {
psp: &extensions.PodSecurityPolicy{},
psp: &policy.PodSecurityPolicy{},
path: "/test",
allows: true,
},
"non-matching": {
psp: &extensions.PodSecurityPolicy{
Spec: extensions.PodSecurityPolicySpec{
AllowedHostPaths: []extensions.AllowedHostPath{
psp: &policy.PodSecurityPolicy{
Spec: policy.PodSecurityPolicySpec{
AllowedHostPaths: []policy.AllowedHostPath{
{PathPrefix: "/foo"},
},
},
......@@ -131,9 +131,9 @@ func TestAllowsHostVolumePath(t *testing.T) {
allows: false,
},
"match on direct match": {
psp: &extensions.PodSecurityPolicy{
Spec: extensions.PodSecurityPolicySpec{
AllowedHostPaths: []extensions.AllowedHostPath{
psp: &policy.PodSecurityPolicy{
Spec: policy.PodSecurityPolicySpec{
AllowedHostPaths: []policy.AllowedHostPath{
{PathPrefix: "/foo"},
},
},
......@@ -142,9 +142,9 @@ func TestAllowsHostVolumePath(t *testing.T) {
allows: true,
},
"match with trailing slash on host path": {
psp: &extensions.PodSecurityPolicy{
Spec: extensions.PodSecurityPolicySpec{
AllowedHostPaths: []extensions.AllowedHostPath{
psp: &policy.PodSecurityPolicy{
Spec: policy.PodSecurityPolicySpec{
AllowedHostPaths: []policy.AllowedHostPath{
{PathPrefix: "/foo"},
},
},
......@@ -153,9 +153,9 @@ func TestAllowsHostVolumePath(t *testing.T) {
allows: true,
},
"match with trailing slash on allowed path": {
psp: &extensions.PodSecurityPolicy{
Spec: extensions.PodSecurityPolicySpec{
AllowedHostPaths: []extensions.AllowedHostPath{
psp: &policy.PodSecurityPolicy{
Spec: policy.PodSecurityPolicySpec{
AllowedHostPaths: []policy.AllowedHostPath{
{PathPrefix: "/foo/"},
},
},
......@@ -164,9 +164,9 @@ func TestAllowsHostVolumePath(t *testing.T) {
allows: true,
},
"match child directory": {
psp: &extensions.PodSecurityPolicy{
Spec: extensions.PodSecurityPolicySpec{
AllowedHostPaths: []extensions.AllowedHostPath{
psp: &policy.PodSecurityPolicy{
Spec: policy.PodSecurityPolicySpec{
AllowedHostPaths: []policy.AllowedHostPath{
{PathPrefix: "/foo/"},
},
},
......@@ -175,9 +175,9 @@ func TestAllowsHostVolumePath(t *testing.T) {
allows: true,
},
"non-matching parent directory": {
psp: &extensions.PodSecurityPolicy{
Spec: extensions.PodSecurityPolicySpec{
AllowedHostPaths: []extensions.AllowedHostPath{
psp: &policy.PodSecurityPolicy{
Spec: policy.PodSecurityPolicySpec{
AllowedHostPaths: []policy.AllowedHostPath{
{PathPrefix: "/foo/bar"},
},
},
......
......@@ -15,7 +15,7 @@ go_library(
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
"//pkg/client/informers/informers_generated/internalversion:go_default_library",
"//pkg/client/listers/extensions/internalversion:go_default_library",
"//pkg/client/listers/policy/internalversion:go_default_library",
"//pkg/kubeapiserver/admission:go_default_library",
"//pkg/registry/rbac:go_default_library",
"//pkg/security/podsecuritypolicy:go_default_library",
......@@ -40,7 +40,6 @@ go_test(
"//pkg/api/legacyscheme:go_default_library",
"//pkg/apis/core:go_default_library",
"//pkg/apis/core/helper:go_default_library",
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/policy:go_default_library",
"//pkg/client/informers/informers_generated/internalversion:go_default_library",
"//pkg/controller:go_default_library",
......
......@@ -35,7 +35,7 @@ import (
"k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apis/policy"
informers "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion"
extensionslisters "k8s.io/kubernetes/pkg/client/listers/extensions/internalversion"
policylisters "k8s.io/kubernetes/pkg/client/listers/policy/internalversion"
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
rbacregistry "k8s.io/kubernetes/pkg/registry/rbac"
psp "k8s.io/kubernetes/pkg/security/podsecuritypolicy"
......@@ -61,7 +61,7 @@ type PodSecurityPolicyPlugin struct {
strategyFactory psp.StrategyFactory
failOnNoPolicies bool
authz authorizer.Authorizer
lister extensionslisters.PodSecurityPolicyLister
lister policylisters.PodSecurityPolicyLister
}
// SetAuthorizer sets the authorizer.
......@@ -95,7 +95,7 @@ func newPlugin(strategyFactory psp.StrategyFactory, failOnNoPolicies bool) *PodS
}
func (a *PodSecurityPolicyPlugin) SetInternalKubeInformerFactory(f informers.SharedInformerFactory) {
podSecurityPolicyInformer := f.Extensions().InternalVersion().PodSecurityPolicies()
podSecurityPolicyInformer := f.Policy().InternalVersion().PodSecurityPolicies()
a.lister = podSecurityPolicyInformer.Lister()
a.SetReadyFunc(podSecurityPolicyInformer.Informer().HasSynced)
}
......@@ -329,7 +329,7 @@ func assignSecurityContext(provider psp.Provider, pod *api.Pod, fldPath *field.P
}
// createProvidersFromPolicies creates providers from the constraints supplied.
func (c *PodSecurityPolicyPlugin) createProvidersFromPolicies(psps []*extensions.PodSecurityPolicy, namespace string) ([]psp.Provider, []error) {
func (c *PodSecurityPolicyPlugin) createProvidersFromPolicies(psps []*policy.PodSecurityPolicy, namespace string) ([]psp.Provider, []error) {
var (
// collected providers
providers []psp.Provider
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment