github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #73895 from WanLinghao/context_util_clean 

Clean unused code in pkg/securitycontext/util.go
pull/564/head
Kubernetes Prow Robot 2019-02-13 17:31:54 -08:00 committed by GitHub
parent d457fb7771 e9edbf1d52
commit a3877b1776
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 0 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
pkg/securitycontext/util.go
View File

@ -17,9 +17,6 @@ limitations under the License.
package securitycontext package securitycontext
import ( import (
"fmt"
"strings"
"k8s.io/api/core/v1" "k8s.io/api/core/v1"
) )
@ -47,26 +44,6 @@ func HasCapabilitiesRequest(container *v1.Container) bool {
return len(container.SecurityContext.Capabilities.Add) > 0 || len(container.SecurityContext.Capabilities.Drop) > 0 return len(container.SecurityContext.Capabilities.Add) > 0 || len(container.SecurityContext.Capabilities.Drop) > 0
} }
const expectedSELinuxFields = 4
// ParseSELinuxOptions parses a string containing a full SELinux context
// (user, role, type, and level) into an SELinuxOptions object. If the
// context is malformed, an error is returned.
func ParseSELinuxOptions(context string) (*v1.SELinuxOptions, error) {
fields := strings.SplitN(context, ":", expectedSELinuxFields)
if len(fields) != expectedSELinuxFields {
return nil, fmt.Errorf("expected %v fields in selinux; got %v (context: %v)", expectedSELinuxFields, len(fields), context)
}
return &v1.SELinuxOptions{
User: fields[0],
Role: fields[1],
Type: fields[2],
Level: fields[3],
}, nil
}
func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext { func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext {
effectiveSc := securityContextFromPodSecurityContext(pod) effectiveSc := securityContextFromPodSecurityContext(pod)
containerSc := container.SecurityContext containerSc := container.SecurityContext

62
pkg/securitycontext/util_test.go
View File

@ -23,68 +23,6 @@ import (
"k8s.io/api/core/v1" "k8s.io/api/core/v1"
) )
func TestParseSELinuxOptions(t *testing.T) {
cases := []struct {
name string
input string
expected *v1.SELinuxOptions
}{
{
name: "simple",
input: "user_t:role_t:type_t:s0",
expected: &v1.SELinuxOptions{
User: "user_t",
Role: "role_t",
Type: "type_t",
Level: "s0",
},
},
{
name: "simple + categories",
input: "user_t:role_t:type_t:s0:c0",
expected: &v1.SELinuxOptions{
User: "user_t",
Role: "role_t",
Type: "type_t",
Level: "s0:c0",
},
},
{
name: "not enough fields",
input: "type_t:s0:c0",
},
}
for _, tc := range cases {
result, err := ParseSELinuxOptions(tc.input)
if err != nil {
if tc.expected == nil {
continue
} else {
t.Errorf("%v: unexpected error: %v", tc.name, err)
}
}
compareContexts(tc.name, tc.expected, result, t)
}
}
func compareContexts(name string, ex, ac *v1.SELinuxOptions, t *testing.T) {
if e, a := ex.User, ac.User; e != a {
t.Errorf("%v: expected user: %v, got: %v", name, e, a)
}
if e, a := ex.Role, ac.Role; e != a {
t.Errorf("%v: expected role: %v, got: %v", name, e, a)
}
if e, a := ex.Type, ac.Type; e != a {
t.Errorf("%v: expected type: %v, got: %v", name, e, a)
}
if e, a := ex.Level, ac.Level; e != a {
t.Errorf("%v: expected level: %v, got: %v", name, e, a)
}
}
func TestAddNoNewPrivileges(t *testing.T) { func TestAddNoNewPrivileges(t *testing.T) {
pfalse := false pfalse := false
ptrue := true ptrue := true