Fix golint failures in pkg/securitycontext

2019-04-20 18:13:45 +00:00 · 2019-04-20 18:13:45 +00:00 · 344dd90881
parent b1fea1bdf5
commit 344dd90881
3 changed files with 13 additions and 1 deletions
--- a/hack/.golint_failures
+++ b/hack/.golint_failures
@ -314,7 +314,6 @@ pkg/security/podsecuritypolicy/seccomp
 pkg/security/podsecuritypolicy/selinux
 pkg/security/podsecuritypolicy/user
 pkg/security/podsecuritypolicy/util
-pkg/securitycontext
 pkg/serviceaccount
 pkg/ssh
 pkg/util/bandwidth
--- a/pkg/securitycontext/accessors.go
+++ b/pkg/securitycontext/accessors.go
@ -201,6 +201,7 @@ func (w *podSecurityContextWrapper) SetFSGroup(v *int64) {
 	w.podSC.FSGroup = v
 }

+// ContainerSecurityContextAccessor allows reading the values of a SecurityContext object
 type ContainerSecurityContextAccessor interface {
 	Capabilities() *api.Capabilities
 	Privileged() *bool
@ -213,6 +214,7 @@ type ContainerSecurityContextAccessor interface {
 	AllowPrivilegeEscalation() *bool
 }

+// ContainerSecurityContextMutator allows reading and writing the values of a SecurityContext object
 type ContainerSecurityContextMutator interface {
 	ContainerSecurityContextAccessor

@ -228,10 +230,14 @@ type ContainerSecurityContextMutator interface {
 	SetAllowPrivilegeEscalation(*bool)
 }

+// NewContainerSecurityContextAccessor returns an accessor for the provided container security context
+// May be initialized with a nil SecurityContext
 func NewContainerSecurityContextAccessor(containerSC *api.SecurityContext) ContainerSecurityContextAccessor {
 	return &containerSecurityContextWrapper{containerSC: containerSC}
 }

+// NewContainerSecurityContextMutator returns a mutator for the provided container security context
+// May be initialized with a nil SecurityContext
 func NewContainerSecurityContextMutator(containerSC *api.SecurityContext) ContainerSecurityContextMutator {
 	return &containerSecurityContextWrapper{containerSC: containerSC}
 }
@ -365,10 +371,14 @@ func (w *containerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) {
 	w.containerSC.AllowPrivilegeEscalation = v
 }

+// NewEffectiveContainerSecurityContextAccessor returns an accessor for reading effective values
+// for the provided pod security context and container security context
 func NewEffectiveContainerSecurityContextAccessor(podSC PodSecurityContextAccessor, containerSC ContainerSecurityContextMutator) ContainerSecurityContextAccessor {
 	return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC}
 }

+// NewEffectiveContainerSecurityContextMutator returns a mutator for reading and writing effective values
+// for the provided pod security context and container security context
 func NewEffectiveContainerSecurityContextMutator(podSC PodSecurityContextAccessor, containerSC ContainerSecurityContextMutator) ContainerSecurityContextMutator {
 	return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC}
 }
--- a/pkg/securitycontext/util.go
+++ b/pkg/securitycontext/util.go
@ -44,6 +44,9 @@ func HasCapabilitiesRequest(container *v1.Container) bool {
 	return len(container.SecurityContext.Capabilities.Add) > 0 || len(container.SecurityContext.Capabilities.Drop) > 0
 }

+// DetermineEffectiveSecurityContext returns a synthesized SecurityContext for reading effective configurations
+// from the provided pod's and container's security context. Container's fields take precedence in cases where both
+// are set
 func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext {
 	effectiveSc := securityContextFromPodSecurityContext(pod)
 	containerSc := container.SecurityContext