diff --git a/pkg/security/podsecuritypolicy/provider.go b/pkg/security/podsecuritypolicy/provider.go index 0f12241f62..5ef7123876 100644 --- a/pkg/security/podsecuritypolicy/provider.go +++ b/pkg/security/podsecuritypolicy/provider.go @@ -324,7 +324,7 @@ func (s *simpleProvider) ValidateContainerSecurityContext(pod *api.Pod, containe return allErrs } -// hasHostPort checks the port definitions on the container for HostPort > 0. +// hasInvalidHostPort checks whether the port definitions on the container fall outside of the ranges allowed by the PSP. func (s *simpleProvider) hasInvalidHostPort(container *api.Container, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} for _, cp := range container.Ports { diff --git a/pkg/security/podsecuritypolicy/provider_test.go b/pkg/security/podsecuritypolicy/provider_test.go index b1f34b39d8..2670a31f53 100644 --- a/pkg/security/podsecuritypolicy/provider_test.go +++ b/pkg/security/podsecuritypolicy/provider_test.go @@ -575,7 +575,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) { api.SeccompPodAnnotationKey: "foo", } - errorCases := map[string]struct { + successCases := map[string]struct { pod *api.Pod psp *extensions.PodSecurityPolicy }{ @@ -625,7 +625,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) { }, } - for k, v := range errorCases { + for k, v := range successCases { provider, err := NewSimpleProvider(v.psp, "namespace", NewSimpleStrategyFactory()) if err != nil { t.Fatalf("unable to create provider %v", err) @@ -639,25 +639,6 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) { } func TestValidateContainerSecurityContextSuccess(t *testing.T) { - var notPriv bool = false - defaultPod := func() *api.Pod { - return &api.Pod{ - Spec: api.PodSpec{ - SecurityContext: &api.PodSecurityContext{}, - Containers: []api.Container{ - { - Name: defaultContainerName, - SecurityContext: &api.SecurityContext{ - // expected to be set by defaulting mechanisms - Privileged: ¬Priv, - // fill in the rest for test cases - }, - }, - }, - }, - } - } - // success user strat userPSP := defaultPSP() uid := int64(999) @@ -751,7 +732,7 @@ func TestValidateContainerSecurityContextSuccess(t *testing.T) { api.SeccompPodAnnotationKey: "foo", } - errorCases := map[string]struct { + successCases := map[string]struct { pod *api.Pod psp *extensions.PodSecurityPolicy }{ @@ -809,7 +790,7 @@ func TestValidateContainerSecurityContextSuccess(t *testing.T) { }, } - for k, v := range errorCases { + for k, v := range successCases { provider, err := NewSimpleProvider(v.psp, "namespace", NewSimpleStrategyFactory()) if err != nil { t.Fatalf("unable to create provider %v", err)