Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
eecef462
Commit
eecef462
authored
Mar 29, 2018
by
Mayank Kumar
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
remove unused code in securitycontext
parent
99fd98a8
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
0 additions
and
114 deletions
+0
-114
util.go
pkg/securitycontext/util.go
+0
-21
util_test.go
pkg/securitycontext/util_test.go
+0
-93
No files found.
pkg/securitycontext/util.go
View file @
eecef462
...
@@ -67,27 +67,6 @@ func ParseSELinuxOptions(context string) (*v1.SELinuxOptions, error) {
...
@@ -67,27 +67,6 @@ func ParseSELinuxOptions(context string) (*v1.SELinuxOptions, error) {
},
nil
},
nil
}
}
// HasNonRootUID returns true if the runAsUser is set and is greater than 0.
func
HasRootUID
(
container
*
v1
.
Container
)
bool
{
if
container
.
SecurityContext
==
nil
{
return
false
}
if
container
.
SecurityContext
.
RunAsUser
==
nil
{
return
false
}
return
*
container
.
SecurityContext
.
RunAsUser
==
0
}
// HasRunAsUser determines if the sc's runAsUser field is set.
func
HasRunAsUser
(
container
*
v1
.
Container
)
bool
{
return
container
.
SecurityContext
!=
nil
&&
container
.
SecurityContext
.
RunAsUser
!=
nil
}
// HasRootRunAsUser returns true if the run as user is set and it is set to 0.
func
HasRootRunAsUser
(
container
*
v1
.
Container
)
bool
{
return
HasRunAsUser
(
container
)
&&
HasRootUID
(
container
)
}
func
DetermineEffectiveSecurityContext
(
pod
*
v1
.
Pod
,
container
*
v1
.
Container
)
*
v1
.
SecurityContext
{
func
DetermineEffectiveSecurityContext
(
pod
*
v1
.
Pod
,
container
*
v1
.
Container
)
*
v1
.
SecurityContext
{
effectiveSc
:=
securityContextFromPodSecurityContext
(
pod
)
effectiveSc
:=
securityContextFromPodSecurityContext
(
pod
)
containerSc
:=
container
.
SecurityContext
containerSc
:=
container
.
SecurityContext
...
...
pkg/securitycontext/util_test.go
View file @
eecef462
...
@@ -84,99 +84,6 @@ func compareContexts(name string, ex, ac *v1.SELinuxOptions, t *testing.T) {
...
@@ -84,99 +84,6 @@ func compareContexts(name string, ex, ac *v1.SELinuxOptions, t *testing.T) {
}
}
}
}
func
containerWithUser
(
ptr
*
int64
)
*
v1
.
Container
{
return
&
v1
.
Container
{
SecurityContext
:
&
v1
.
SecurityContext
{
RunAsUser
:
ptr
}}
}
func
TestHaRootUID
(
t
*
testing
.
T
)
{
nonRoot
:=
int64
(
1
)
root
:=
int64
(
0
)
tests
:=
map
[
string
]
struct
{
container
*
v1
.
Container
expect
bool
}{
"nil sc"
:
{
container
:
&
v1
.
Container
{
SecurityContext
:
nil
},
},
"nil runAsuser"
:
{
container
:
containerWithUser
(
nil
),
},
"runAsUser non-root"
:
{
container
:
containerWithUser
(
&
nonRoot
),
},
"runAsUser root"
:
{
container
:
containerWithUser
(
&
root
),
expect
:
true
,
},
}
for
k
,
v
:=
range
tests
{
actual
:=
HasRootUID
(
v
.
container
)
if
actual
!=
v
.
expect
{
t
.
Errorf
(
"%s failed, expected %t but received %t"
,
k
,
v
.
expect
,
actual
)
}
}
}
func
TestHasRunAsUser
(
t
*
testing
.
T
)
{
runAsUser
:=
int64
(
0
)
tests
:=
map
[
string
]
struct
{
container
*
v1
.
Container
expect
bool
}{
"nil sc"
:
{
container
:
&
v1
.
Container
{
SecurityContext
:
nil
},
},
"nil runAsUser"
:
{
container
:
containerWithUser
(
nil
),
},
"valid runAsUser"
:
{
container
:
containerWithUser
(
&
runAsUser
),
expect
:
true
,
},
}
for
k
,
v
:=
range
tests
{
actual
:=
HasRunAsUser
(
v
.
container
)
if
actual
!=
v
.
expect
{
t
.
Errorf
(
"%s failed, expected %t but received %t"
,
k
,
v
.
expect
,
actual
)
}
}
}
func
TestHasRootRunAsUser
(
t
*
testing
.
T
)
{
nonRoot
:=
int64
(
1
)
root
:=
int64
(
0
)
tests
:=
map
[
string
]
struct
{
container
*
v1
.
Container
expect
bool
}{
"nil sc"
:
{
container
:
&
v1
.
Container
{
SecurityContext
:
nil
},
},
"nil runAsuser"
:
{
container
:
containerWithUser
(
nil
),
},
"runAsUser non-root"
:
{
container
:
containerWithUser
(
&
nonRoot
),
},
"runAsUser root"
:
{
container
:
containerWithUser
(
&
root
),
expect
:
true
,
},
}
for
k
,
v
:=
range
tests
{
actual
:=
HasRootRunAsUser
(
v
.
container
)
if
actual
!=
v
.
expect
{
t
.
Errorf
(
"%s failed, expected %t but received %t"
,
k
,
v
.
expect
,
actual
)
}
}
}
func
TestAddNoNewPrivileges
(
t
*
testing
.
T
)
{
func
TestAddNoNewPrivileges
(
t
*
testing
.
T
)
{
pfalse
:=
false
pfalse
:=
false
ptrue
:=
true
ptrue
:=
true
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment