Merge pull request #47638 from xilabao/update-hostports-log

Automatic merge from submit-queue (batch tested with PRs 47417, 47638, 46930) update the err of hostPorts in psp **What this PR does / why we need it**: change `Allowed ports: [{8000 8080}]` to `Allowed ports: [8000-8080]` **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
2017-07-16 16:33:03 -07:00 · 2017-07-16 16:33:03 -07:00 · 35794a8f2d
parent 1cbb7b1405 c9b772e9a9
commit 35794a8f2d
2 changed files with 20 additions and 3 deletions
--- a/pkg/security/podsecuritypolicy/provider.go
+++ b/pkg/security/podsecuritypolicy/provider.go
@ -18,6 +18,7 @@ package podsecuritypolicy

 import (
 	"fmt"
+	"strings"

 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kubernetes/pkg/api"
@ -308,7 +309,7 @@ func (s *simpleProvider) hasInvalidHostPort(container *api.Container, fldPath *f
 	allErrs := field.ErrorList{}
 	for _, cp := range container.Ports {
 		if cp.HostPort > 0 && !s.isValidHostPort(int(cp.HostPort)) {
-			detail := fmt.Sprintf("Host port %d is not allowed to be used.  Allowed ports: %v", cp.HostPort, s.psp.Spec.HostPorts)
+			detail := fmt.Sprintf("Host port %d is not allowed to be used. Allowed ports: [%s]", cp.HostPort, hostPortRangesToString(s.psp.Spec.HostPorts))
 			allErrs = append(allErrs, field.Invalid(fldPath.Child("hostPort"), cp.HostPort, detail))
 		}
 	}
@ -329,3 +330,19 @@ func (s *simpleProvider) isValidHostPort(port int) bool {
 func (s *simpleProvider) GetPSPName() string {
 	return s.psp.Name
 }
+
+func hostPortRangesToString(ranges []extensions.HostPortRange) string {
+	formattedString := ""
+	if ranges != nil {
+		strRanges := []string{}
+		for _, r := range ranges {
+			if r.Min == r.Max {
+				strRanges = append(strRanges, fmt.Sprintf("%d", r.Min))
+			} else {
+				strRanges = append(strRanges, fmt.Sprintf("%d-%d", r.Min, r.Max))
+			}
+		}
+		formattedString = strings.Join(strRanges, ",")
+	}
+	return formattedString
+}
--- a/pkg/security/podsecuritypolicy/provider_test.go
+++ b/pkg/security/podsecuritypolicy/provider_test.go
@ -463,7 +463,7 @@ func TestValidateContainerSecurityContextFailures(t *testing.T) {
 		"failHostPortPSP": {
 			pod:           failHostPortPod,
 			psp:           defaultPSP(),
-			expectedError: "Host port 1 is not allowed to be used.  Allowed ports: []",
+			expectedError: "Host port 1 is not allowed to be used. Allowed ports: []",
 		},
 		"failReadOnlyRootFS - nil": {
 			pod:           defaultPod(),
@ -498,7 +498,7 @@ func TestValidateContainerSecurityContextFailures(t *testing.T) {
 			continue
 		}
 		if !strings.Contains(errs[0].Error(), v.expectedError) {
-			t.Errorf("%s received unexpected error %v", k, errs)
+			t.Errorf("%s received unexpected error %v\nexpected: %s", k, errs, v.expectedError)
 		}
 	}
 }