diff --git a/pkg/api/types.go b/pkg/api/types.go index 412d6d08cc..b59f7202e4 100644 --- a/pkg/api/types.go +++ b/pkg/api/types.go @@ -2263,7 +2263,7 @@ type PodSecurityContext struct { // PodSecurityContext, the value specified in SecurityContext takes precedence // for that container. // +optional - RunAsUser *types.UnixUserID + RunAsUser *int64 // Indicates that the container must run as a non-root user. // If true, the Kubelet will validate the image at runtime to ensure that it // does not run as UID 0 (root) and fail to start the container if it does. @@ -2276,7 +2276,7 @@ type PodSecurityContext struct { // to the container's primary GID. If unspecified, no groups will be added to // any container. // +optional - SupplementalGroups []types.UnixGroupID + SupplementalGroups []int64 // A special supplemental group that applies to all containers in a pod. // Some volume types allow the Kubelet to change the ownership of that volume // to be owned by the pod: @@ -2287,7 +2287,7 @@ type PodSecurityContext struct { // // If unset, the Kubelet will not modify the ownership and permissions of any volume. // +optional - FSGroup *types.UnixGroupID + FSGroup *int64 } // PodQOSClass defines the supported qos classes of Pods. @@ -3924,7 +3924,7 @@ type SecurityContext struct { // May also be set in PodSecurityContext. If set in both SecurityContext and // PodSecurityContext, the value specified in SecurityContext takes precedence. // +optional - RunAsUser *types.UnixUserID + RunAsUser *int64 // Indicates that the container must run as a non-root user. // If true, the Kubelet will validate the image at runtime to ensure that it // does not run as UID 0 (root) and fail to start the container if it does. diff --git a/pkg/api/v1/types.go b/pkg/api/v1/types.go index ba7723296f..8ec3b0beee 100644 --- a/pkg/api/v1/types.go +++ b/pkg/api/v1/types.go @@ -2548,7 +2548,7 @@ type PodSecurityContext struct { // PodSecurityContext, the value specified in SecurityContext takes precedence // for that container. // +optional - RunAsUser *types.UnixUserID `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser,casttype=k8s.io/apimachinery/pkg/types.UnixUserID"` + RunAsUser *int64 `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser"` // Indicates that the container must run as a non-root user. // If true, the Kubelet will validate the image at runtime to ensure that it // does not run as UID 0 (root) and fail to start the container if it does. @@ -2561,7 +2561,7 @@ type PodSecurityContext struct { // to the container's primary GID. If unspecified, no groups will be added to // any container. // +optional - SupplementalGroups []types.UnixGroupID `json:"supplementalGroups,omitempty" protobuf:"varint,4,rep,name=supplementalGroups,casttype=k8s.io/apimachinery/pkg/types.UnixGroupID"` + SupplementalGroups []int64 `json:"supplementalGroups,omitempty" protobuf:"varint,4,rep,name=supplementalGroups"` // A special supplemental group that applies to all containers in a pod. // Some volume types allow the Kubelet to change the ownership of that volume // to be owned by the pod: @@ -2572,7 +2572,7 @@ type PodSecurityContext struct { // // If unset, the Kubelet will not modify the ownership and permissions of any volume. // +optional - FSGroup *types.UnixGroupID `json:"fsGroup,omitempty" protobuf:"varint,5,opt,name=fsGroup,casttype=k8s.io/apimachinery/pkg/types.UnixGroupID"` + FSGroup *int64 `json:"fsGroup,omitempty" protobuf:"varint,5,opt,name=fsGroup"` } // PodQOSClass defines the supported qos classes of Pods. @@ -4511,7 +4511,7 @@ type SecurityContext struct { // May also be set in PodSecurityContext. If set in both SecurityContext and // PodSecurityContext, the value specified in SecurityContext takes precedence. // +optional - RunAsUser *types.UnixUserID `json:"runAsUser,omitempty" protobuf:"varint,4,opt,name=runAsUser,casttype=k8s.io/apimachinery/pkg/types.UnixUserID"` + RunAsUser *int64 `json:"runAsUser,omitempty" protobuf:"varint,4,opt,name=runAsUser"` // Indicates that the container must run as a non-root user. // If true, the Kubelet will validate the image at runtime to ensure that it // does not run as UID 0 (root) and fail to start the container if it does. diff --git a/pkg/api/validation/validation_test.go b/pkg/api/validation/validation_test.go index df81535578..2aa6b4541c 100644 --- a/pkg/api/validation/validation_test.go +++ b/pkg/api/validation/validation_test.go @@ -24,7 +24,6 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation/field" @@ -3612,10 +3611,10 @@ func TestValidatePodSpec(t *testing.T) { activeDeadlineSeconds := int64(30) activeDeadlineSecondsMax := int64(math.MaxInt32) - minUserID := types.UnixUserID(0) - maxUserID := types.UnixUserID(2147483647) - minGroupID := types.UnixGroupID(0) - maxGroupID := types.UnixGroupID(2147483647) + minUserID := int64(0) + maxUserID := int64(2147483647) + minGroupID := int64(0) + maxGroupID := int64(2147483647) successCases := []api.PodSpec{ { // Populate basic fields, leave defaults for most. @@ -3670,7 +3669,7 @@ func TestValidatePodSpec(t *testing.T) { { // Populate RunAsUser SupplementalGroups FSGroup with minID 0 Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}}, SecurityContext: &api.PodSecurityContext{ - SupplementalGroups: []types.UnixGroupID{minGroupID}, + SupplementalGroups: []int64{minGroupID}, RunAsUser: &minUserID, FSGroup: &minGroupID, }, @@ -3680,7 +3679,7 @@ func TestValidatePodSpec(t *testing.T) { { // Populate RunAsUser SupplementalGroups FSGroup with maxID 2147483647 Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}}, SecurityContext: &api.PodSecurityContext{ - SupplementalGroups: []types.UnixGroupID{maxGroupID}, + SupplementalGroups: []int64{maxGroupID}, RunAsUser: &maxUserID, FSGroup: &maxGroupID, }, @@ -3735,10 +3734,10 @@ func TestValidatePodSpec(t *testing.T) { activeDeadlineSeconds = int64(0) activeDeadlineSecondsTooLarge := int64(math.MaxInt32 + 1) - minUserID = types.UnixUserID(-1) - maxUserID = types.UnixUserID(2147483648) - minGroupID = types.UnixGroupID(-1) - maxGroupID = types.UnixGroupID(2147483648) + minUserID = int64(-1) + maxUserID = int64(2147483648) + minGroupID = int64(-1) + maxGroupID = int64(2147483648) failureCases := map[string]api.PodSpec{ "bad volume": { @@ -3812,7 +3811,7 @@ func TestValidatePodSpec(t *testing.T) { Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}}, SecurityContext: &api.PodSecurityContext{ HostNetwork: false, - SupplementalGroups: []types.UnixGroupID{maxGroupID, 1234}, + SupplementalGroups: []int64{maxGroupID, 1234}, }, RestartPolicy: api.RestartPolicyAlways, DNSPolicy: api.DNSClusterFirst, @@ -3821,7 +3820,7 @@ func TestValidatePodSpec(t *testing.T) { Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}}, SecurityContext: &api.PodSecurityContext{ HostNetwork: false, - SupplementalGroups: []types.UnixGroupID{minGroupID, 1234}, + SupplementalGroups: []int64{minGroupID, 1234}, }, RestartPolicy: api.RestartPolicyAlways, DNSPolicy: api.DNSClusterFirst, @@ -9582,7 +9581,7 @@ func TestValidateTLSSecret(t *testing.T) { func TestValidateSecurityContext(t *testing.T) { priv := false - runAsUser := types.UnixUserID(1) + runAsUser := int64(1) fullValidSC := func() *api.SecurityContext { return &api.SecurityContext{ Privileged: &priv, @@ -9634,7 +9633,7 @@ func TestValidateSecurityContext(t *testing.T) { privRequestWithGlobalDeny.Privileged = &requestPrivileged negativeRunAsUser := fullValidSC() - negativeUser := types.UnixUserID(-1) + negativeUser := int64(-1) negativeRunAsUser.RunAsUser = &negativeUser errorCases := map[string]struct { diff --git a/pkg/apis/extensions/types.go b/pkg/apis/extensions/types.go index fb6b15f69d..a06d63cfb2 100644 --- a/pkg/apis/extensions/types.go +++ b/pkg/apis/extensions/types.go @@ -31,7 +31,6 @@ package extensions import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/kubernetes/pkg/api" ) @@ -980,17 +979,17 @@ type RunAsUserStrategyOptions struct { // UserIDRange provides a min/max of an allowed range of UserIDs. type UserIDRange struct { // Min is the start of the range, inclusive. - Min types.UnixUserID + Min int64 // Max is the end of the range, inclusive. - Max types.UnixUserID + Max int64 } // GroupIDRange provides a min/max of an allowed range of GroupIDs. type GroupIDRange struct { // Min is the start of the range, inclusive. - Min types.UnixGroupID + Min int64 // Max is the end of the range, inclusive. - Max types.UnixGroupID + Max int64 } // RunAsUserStrategy denotes strategy types for generating RunAsUser values for a diff --git a/pkg/kubelet/dockershim/securitycontext/provider_test.go b/pkg/kubelet/dockershim/securitycontext/provider_test.go index 3df2f2f657..858e43c957 100644 --- a/pkg/kubelet/dockershim/securitycontext/provider_test.go +++ b/pkg/kubelet/dockershim/securitycontext/provider_test.go @@ -23,14 +23,13 @@ import ( "testing" dockercontainer "github.com/docker/engine-api/types/container" - "k8s.io/apimachinery/pkg/types" apitesting "k8s.io/kubernetes/pkg/api/testing" "k8s.io/kubernetes/pkg/api/v1" ) func TestModifyContainerConfig(t *testing.T) { - userID := types.UnixUserID(123) - overrideUserID := types.UnixUserID(321) + userID := int64(123) + overrideUserID := int64(321) cases := []struct { name string @@ -177,7 +176,7 @@ func TestModifyHostConfig(t *testing.T) { func TestModifyHostConfigPodSecurityContext(t *testing.T) { supplementalGroupsSC := &v1.PodSecurityContext{} - supplementalGroupsSC.SupplementalGroups = []types.UnixGroupID{2222} + supplementalGroupsSC.SupplementalGroups = []int64{2222} supplementalGroupHC := fullValidHostConfig() supplementalGroupHC.GroupAdd = []string{"2222"} fsGroupHC := fullValidHostConfig() @@ -186,7 +185,7 @@ func TestModifyHostConfigPodSecurityContext(t *testing.T) { extraSupplementalGroupHC.GroupAdd = []string{"1234"} bothHC := fullValidHostConfig() bothHC.GroupAdd = []string{"2222", "1234"} - fsGroup := types.UnixGroupID(1234) + fsGroup := int64(1234) extraSupplementalGroup := []int64{1234} testCases := map[string]struct { @@ -211,7 +210,7 @@ func TestModifyHostConfigPodSecurityContext(t *testing.T) { }, "FSGroup + SupplementalGroups": { securityContext: &v1.PodSecurityContext{ - SupplementalGroups: []types.UnixGroupID{2222}, + SupplementalGroups: []int64{2222}, FSGroup: &fsGroup, }, expected: bothHC, diff --git a/pkg/kubelet/kubelet_volumes_test.go b/pkg/kubelet/kubelet_volumes_test.go index 739bdbe064..98e8e099a8 100644 --- a/pkg/kubelet/kubelet_volumes_test.go +++ b/pkg/kubelet/kubelet_volumes_test.go @@ -453,10 +453,10 @@ func (f *stubVolume) CanMount() error { return nil } -func (f *stubVolume) SetUp(fsGroup *types.UnixGroupID) error { +func (f *stubVolume) SetUp(fsGroup *int64) error { return nil } -func (f *stubVolume) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (f *stubVolume) SetUpAt(dir string, fsGroup *int64) error { return nil } diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container_test.go b/pkg/kubelet/kuberuntime/kuberuntime_container_test.go index 478b778b82..3b1328414a 100644 --- a/pkg/kubelet/kuberuntime/kuberuntime_container_test.go +++ b/pkg/kubelet/kuberuntime/kuberuntime_container_test.go @@ -24,7 +24,6 @@ import ( "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api/v1" runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" @@ -227,7 +226,7 @@ func TestGenerateContainerConfig(t *testing.T) { assert.NoError(t, err) assert.Equal(t, expectedConfig, containerConfig, "generate container config for kubelet runtime v1.") - runAsUser := types.UnixUserID(0) + runAsUser := int64(0) runAsNonRootTrue := true podWithContainerSecurityContext := &v1.Pod{ ObjectMeta: metav1.ObjectMeta{ diff --git a/pkg/kubelet/kuberuntime/security_context_test.go b/pkg/kubelet/kuberuntime/security_context_test.go index 1cbeca2e20..a8bfcd57e8 100644 --- a/pkg/kubelet/kuberuntime/security_context_test.go +++ b/pkg/kubelet/kuberuntime/security_context_test.go @@ -18,7 +18,6 @@ package kuberuntime import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api/v1" "github.com/stretchr/testify/assert" @@ -45,7 +44,7 @@ func TestVerifyRunAsNonRoot(t *testing.T) { }, } - rootUser := types.UnixUserID(0) + rootUser := int64(0) runAsNonRootTrue := true runAsNonRootFalse := false imageRootUser := int64(0) diff --git a/pkg/kubelet/rkt/rkt_test.go b/pkg/kubelet/rkt/rkt_test.go index 4614052685..16c661733b 100644 --- a/pkg/kubelet/rkt/rkt_test.go +++ b/pkg/kubelet/rkt/rkt_test.go @@ -983,10 +983,10 @@ func TestSetApp(t *testing.T) { } defer os.RemoveAll(tmpDir) - rootUser := kubetypes.UnixUserID(0) - nonRootUser := kubetypes.UnixUserID(42) + rootUser := int64(0) + nonRootUser := int64(42) runAsNonRootTrue := true - fsgid := kubetypes.UnixGroupID(3) + fsgid := int64(3) tests := []struct { container *v1.Container @@ -1092,9 +1092,9 @@ func TestSetApp(t *testing.T) { RunAsNonRoot: &runAsNonRootTrue, }, podCtx: &v1.PodSecurityContext{ - SupplementalGroups: []kubetypes.UnixGroupID{ - kubetypes.UnixGroupID(1), - kubetypes.UnixGroupID(2), + SupplementalGroups: []int64{ + int64(1), + int64(2), }, FSGroup: &fsgid, }, @@ -1157,9 +1157,9 @@ func TestSetApp(t *testing.T) { RunAsNonRoot: &runAsNonRootTrue, }, podCtx: &v1.PodSecurityContext{ - SupplementalGroups: []kubetypes.UnixGroupID{ - kubetypes.UnixGroupID(1), - kubetypes.UnixGroupID(2), + SupplementalGroups: []int64{ + int64(1), + int64(2), }, FSGroup: &fsgid, }, diff --git a/pkg/kubelet/volumemanager/volume_manager_test.go b/pkg/kubelet/volumemanager/volume_manager_test.go index 4794ceaa7d..33f29f2e88 100644 --- a/pkg/kubelet/volumemanager/volume_manager_test.go +++ b/pkg/kubelet/volumemanager/volume_manager_test.go @@ -24,7 +24,6 @@ import ( "time" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - kubetypes "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/tools/record" utiltesting "k8s.io/client-go/util/testing" @@ -239,7 +238,7 @@ func createObjects() (*v1.Node, *v1.Pod, *v1.PersistentVolume, *v1.PersistentVol }, }, SecurityContext: &v1.PodSecurityContext{ - SupplementalGroups: []kubetypes.UnixGroupID{555}, + SupplementalGroups: []int64{555}, }, }, } diff --git a/pkg/security/podsecuritypolicy/group/mustrunas.go b/pkg/security/podsecuritypolicy/group/mustrunas.go index 30763853f9..6413ed2d4d 100644 --- a/pkg/security/podsecuritypolicy/group/mustrunas.go +++ b/pkg/security/podsecuritypolicy/group/mustrunas.go @@ -19,7 +19,6 @@ package group import ( "fmt" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/extensions" @@ -47,14 +46,14 @@ func NewMustRunAs(ranges []extensions.GroupIDRange, field string) (GroupStrategy // Generate creates the group based on policy rules. By default this returns the first group of the // first range (min val). -func (s *mustRunAs) Generate(pod *api.Pod) ([]types.UnixGroupID, error) { - return []types.UnixGroupID{s.ranges[0].Min}, nil +func (s *mustRunAs) Generate(pod *api.Pod) ([]int64, error) { + return []int64{s.ranges[0].Min}, nil } // Generate a single value to be applied. This is used for FSGroup. This strategy will return // the first group of the first range (min val). -func (s *mustRunAs) GenerateSingle(pod *api.Pod) (*types.UnixGroupID, error) { - single := new(types.UnixGroupID) +func (s *mustRunAs) GenerateSingle(pod *api.Pod) (*int64, error) { + single := new(int64) *single = s.ranges[0].Min return single, nil } @@ -62,7 +61,7 @@ func (s *mustRunAs) GenerateSingle(pod *api.Pod) (*types.UnixGroupID, error) { // Validate ensures that the specified values fall within the range of the strategy. // Groups are passed in here to allow this strategy to support multiple group fields (fsgroup and // supplemental groups). -func (s *mustRunAs) Validate(pod *api.Pod, groups []types.UnixGroupID) field.ErrorList { +func (s *mustRunAs) Validate(pod *api.Pod, groups []int64) field.ErrorList { allErrs := field.ErrorList{} if pod.Spec.SecurityContext == nil { @@ -84,7 +83,7 @@ func (s *mustRunAs) Validate(pod *api.Pod, groups []types.UnixGroupID) field.Err return allErrs } -func (s *mustRunAs) isGroupValid(group types.UnixGroupID) bool { +func (s *mustRunAs) isGroupValid(group int64) bool { for _, rng := range s.ranges { if psputil.GroupFallsInRange(group, rng) { return true diff --git a/pkg/security/podsecuritypolicy/group/mustrunas_test.go b/pkg/security/podsecuritypolicy/group/mustrunas_test.go index 3e6ff6c218..554e8a19a2 100644 --- a/pkg/security/podsecuritypolicy/group/mustrunas_test.go +++ b/pkg/security/podsecuritypolicy/group/mustrunas_test.go @@ -19,7 +19,6 @@ package group import ( "testing" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/extensions" ) @@ -54,26 +53,26 @@ func TestMustRunAsOptions(t *testing.T) { func TestGenerate(t *testing.T) { tests := map[string]struct { ranges []extensions.GroupIDRange - expected []types.UnixGroupID + expected []int64 }{ "multi value": { ranges: []extensions.GroupIDRange{ {Min: 1, Max: 2}, }, - expected: []types.UnixGroupID{1}, + expected: []int64{1}, }, "single value": { ranges: []extensions.GroupIDRange{ {Min: 1, Max: 1}, }, - expected: []types.UnixGroupID{1}, + expected: []int64{1}, }, "multi range": { ranges: []extensions.GroupIDRange{ {Min: 1, Max: 1}, {Min: 2, Max: 500}, }, - expected: []types.UnixGroupID{1}, + expected: []int64{1}, }, } @@ -121,7 +120,7 @@ func TestValidate(t *testing.T) { tests := map[string]struct { ranges []extensions.GroupIDRange pod *api.Pod - groups []types.UnixGroupID + groups []int64 pass bool }{ "nil security context": { @@ -138,7 +137,7 @@ func TestValidate(t *testing.T) { }, "not in range": { pod: validPod(), - groups: []types.UnixGroupID{5}, + groups: []int64{5}, ranges: []extensions.GroupIDRange{ {Min: 1, Max: 3}, {Min: 4, Max: 4}, @@ -146,7 +145,7 @@ func TestValidate(t *testing.T) { }, "in range 1": { pod: validPod(), - groups: []types.UnixGroupID{2}, + groups: []int64{2}, ranges: []extensions.GroupIDRange{ {Min: 1, Max: 3}, }, @@ -154,7 +153,7 @@ func TestValidate(t *testing.T) { }, "in range boundry min": { pod: validPod(), - groups: []types.UnixGroupID{1}, + groups: []int64{1}, ranges: []extensions.GroupIDRange{ {Min: 1, Max: 3}, }, @@ -162,7 +161,7 @@ func TestValidate(t *testing.T) { }, "in range boundry max": { pod: validPod(), - groups: []types.UnixGroupID{3}, + groups: []int64{3}, ranges: []extensions.GroupIDRange{ {Min: 1, Max: 3}, }, @@ -170,7 +169,7 @@ func TestValidate(t *testing.T) { }, "singular range": { pod: validPod(), - groups: []types.UnixGroupID{4}, + groups: []int64{4}, ranges: []extensions.GroupIDRange{ {Min: 4, Max: 4}, }, diff --git a/pkg/security/podsecuritypolicy/group/runasany.go b/pkg/security/podsecuritypolicy/group/runasany.go index e2f728e5d7..0d3f1182e0 100644 --- a/pkg/security/podsecuritypolicy/group/runasany.go +++ b/pkg/security/podsecuritypolicy/group/runasany.go @@ -17,7 +17,6 @@ limitations under the License. package group import ( - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/kubernetes/pkg/api" ) @@ -34,17 +33,17 @@ func NewRunAsAny() (GroupStrategy, error) { } // Generate creates the group based on policy rules. This strategy returns an empty slice. -func (s *runAsAny) Generate(pod *api.Pod) ([]types.UnixGroupID, error) { - return []types.UnixGroupID{}, nil +func (s *runAsAny) Generate(pod *api.Pod) ([]int64, error) { + return []int64{}, nil } // Generate a single value to be applied. This is used for FSGroup. This strategy returns nil. -func (s *runAsAny) GenerateSingle(pod *api.Pod) (*types.UnixGroupID, error) { +func (s *runAsAny) GenerateSingle(pod *api.Pod) (*int64, error) { return nil, nil } // Validate ensures that the specified values fall within the range of the strategy. -func (s *runAsAny) Validate(pod *api.Pod, groups []types.UnixGroupID) field.ErrorList { +func (s *runAsAny) Validate(pod *api.Pod, groups []int64) field.ErrorList { return field.ErrorList{} } diff --git a/pkg/security/podsecuritypolicy/group/types.go b/pkg/security/podsecuritypolicy/group/types.go index 50245f539c..fa3a11d97d 100644 --- a/pkg/security/podsecuritypolicy/group/types.go +++ b/pkg/security/podsecuritypolicy/group/types.go @@ -17,7 +17,6 @@ limitations under the License. package group import ( - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/kubernetes/pkg/api" ) @@ -27,10 +26,10 @@ type GroupStrategy interface { // Generate creates the group based on policy rules. The underlying implementation can // decide whether it will return a full range of values or a subset of values from the // configured ranges. - Generate(pod *api.Pod) ([]types.UnixGroupID, error) + Generate(pod *api.Pod) ([]int64, error) // Generate a single value to be applied. The underlying implementation decides which // value to return if configured with multiple ranges. This is used for FSGroup. - GenerateSingle(pod *api.Pod) (*types.UnixGroupID, error) + GenerateSingle(pod *api.Pod) (*int64, error) // Validate ensures that the specified values fall within the range of the strategy. - Validate(pod *api.Pod, groups []types.UnixGroupID) field.ErrorList + Validate(pod *api.Pod, groups []int64) field.ErrorList } diff --git a/pkg/security/podsecuritypolicy/provider.go b/pkg/security/podsecuritypolicy/provider.go index 9fc80fa889..42edabf064 100644 --- a/pkg/security/podsecuritypolicy/provider.go +++ b/pkg/security/podsecuritypolicy/provider.go @@ -19,7 +19,6 @@ package podsecuritypolicy import ( "fmt" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/extensions" @@ -195,7 +194,7 @@ func (s *simpleProvider) ValidatePodSecurityContext(pod *api.Pod, fldPath *field return allErrs } - fsGroups := []types.UnixGroupID{} + fsGroups := []int64{} if pod.Spec.SecurityContext.FSGroup != nil { fsGroups = append(fsGroups, *pod.Spec.SecurityContext.FSGroup) } diff --git a/pkg/security/podsecuritypolicy/provider_test.go b/pkg/security/podsecuritypolicy/provider_test.go index 71d241d86a..eb9c616624 100644 --- a/pkg/security/podsecuritypolicy/provider_test.go +++ b/pkg/security/podsecuritypolicy/provider_test.go @@ -25,7 +25,6 @@ import ( "github.com/davecgh/go-spew/spew" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/diff" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/kubernetes/pkg/api" @@ -134,7 +133,7 @@ func TestCreateContainerSecurityContextNonmutating(t *testing.T) { // Create a PSP with strategies that will populate a blank security context createPSP := func() *extensions.PodSecurityPolicy { - uid := types.UnixUserID(1) + uid := int64(1) return &extensions.PodSecurityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "psp-sa", @@ -206,7 +205,7 @@ func TestValidatePodSecurityContextFailures(t *testing.T) { failHostIPCPod.Spec.SecurityContext.HostIPC = true failSupplementalGroupPod := defaultPod() - failSupplementalGroupPod.Spec.SecurityContext.SupplementalGroups = []types.UnixGroupID{999} + failSupplementalGroupPod.Spec.SecurityContext.SupplementalGroups = []int64{999} failSupplementalGroupPSP := defaultPSP() failSupplementalGroupPSP.Spec.SupplementalGroups = extensions.SupplementalGroupsStrategyOptions{ Rule: extensions.SupplementalGroupsStrategyMustRunAs, @@ -216,7 +215,7 @@ func TestValidatePodSecurityContextFailures(t *testing.T) { } failFSGroupPod := defaultPod() - fsGroup := types.UnixGroupID(999) + fsGroup := int64(999) failFSGroupPod.Spec.SecurityContext.FSGroup = &fsGroup failFSGroupPSP := defaultPSP() failFSGroupPSP.Spec.FSGroup = extensions.FSGroupStrategyOptions{ @@ -383,8 +382,8 @@ func TestValidatePodSecurityContextFailures(t *testing.T) { func TestValidateContainerSecurityContextFailures(t *testing.T) { // fail user strat failUserPSP := defaultPSP() - uid := types.UnixUserID(999) - badUID := types.UnixUserID(1) + uid := int64(999) + badUID := int64(1) failUserPSP.Spec.RunAsUser = extensions.RunAsUserStrategyOptions{ Rule: extensions.RunAsUserStrategyMustRunAs, Ranges: []extensions.UserIDRange{{Min: uid, Max: uid}}, @@ -547,7 +546,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) { }, } supGroupPod := defaultPod() - supGroupPod.Spec.SecurityContext.SupplementalGroups = []types.UnixGroupID{3} + supGroupPod.Spec.SecurityContext.SupplementalGroups = []int64{3} fsGroupPSP := defaultPSP() fsGroupPSP.Spec.FSGroup = extensions.FSGroupStrategyOptions{ @@ -557,7 +556,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) { }, } fsGroupPod := defaultPod() - fsGroup := types.UnixGroupID(3) + fsGroup := int64(3) fsGroupPod.Spec.SecurityContext.FSGroup = &fsGroup seLinuxPod := defaultPod() @@ -680,7 +679,7 @@ func TestValidateContainerSecurityContextSuccess(t *testing.T) { // success user strat userPSP := defaultPSP() - uid := types.UnixUserID(999) + uid := int64(999) userPSP.Spec.RunAsUser = extensions.RunAsUserStrategyOptions{ Rule: extensions.RunAsUserStrategyMustRunAs, Ranges: []extensions.UserIDRange{{Min: uid, Max: uid}}, diff --git a/pkg/security/podsecuritypolicy/user/mustrunas.go b/pkg/security/podsecuritypolicy/user/mustrunas.go index 5e32bd222f..abc631e280 100644 --- a/pkg/security/podsecuritypolicy/user/mustrunas.go +++ b/pkg/security/podsecuritypolicy/user/mustrunas.go @@ -19,7 +19,6 @@ package user import ( "fmt" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/extensions" @@ -45,7 +44,7 @@ func NewMustRunAs(options *extensions.RunAsUserStrategyOptions) (RunAsUserStrate } // Generate creates the uid based on policy rules. MustRunAs returns the first range's Min. -func (s *mustRunAs) Generate(pod *api.Pod, container *api.Container) (*types.UnixUserID, error) { +func (s *mustRunAs) Generate(pod *api.Pod, container *api.Container) (*int64, error) { return &s.opts.Ranges[0].Min, nil } @@ -75,7 +74,7 @@ func (s *mustRunAs) Validate(pod *api.Pod, container *api.Container) field.Error return allErrs } -func (s *mustRunAs) isValidUID(id types.UnixUserID) bool { +func (s *mustRunAs) isValidUID(id int64) bool { for _, rng := range s.opts.Ranges { if psputil.UserFallsInRange(id, rng) { return true diff --git a/pkg/security/podsecuritypolicy/user/mustrunas_test.go b/pkg/security/podsecuritypolicy/user/mustrunas_test.go index fa439382b1..02edf0e4a8 100644 --- a/pkg/security/podsecuritypolicy/user/mustrunas_test.go +++ b/pkg/security/podsecuritypolicy/user/mustrunas_test.go @@ -20,7 +20,6 @@ import ( "strings" "testing" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/extensions" ) @@ -85,8 +84,8 @@ func TestValidate(t *testing.T) { }, } - validID := types.UnixUserID(15) - invalidID := types.UnixUserID(21) + validID := int64(15) + invalidID := int64(21) tests := map[string]struct { container *api.Container diff --git a/pkg/security/podsecuritypolicy/user/nonroot.go b/pkg/security/podsecuritypolicy/user/nonroot.go index 7d16883607..f53880a9a6 100644 --- a/pkg/security/podsecuritypolicy/user/nonroot.go +++ b/pkg/security/podsecuritypolicy/user/nonroot.go @@ -19,7 +19,6 @@ package user import ( "fmt" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/extensions" @@ -35,7 +34,7 @@ func NewRunAsNonRoot(options *extensions.RunAsUserStrategyOptions) (RunAsUserStr // Generate creates the uid based on policy rules. This strategy does return a UID. It assumes // that the user will specify a UID or the container image specifies a UID. -func (s *nonRoot) Generate(pod *api.Pod, container *api.Container) (*types.UnixUserID, error) { +func (s *nonRoot) Generate(pod *api.Pod, container *api.Container) (*int64, error) { return nil, nil } diff --git a/pkg/security/podsecuritypolicy/user/nonroot_test.go b/pkg/security/podsecuritypolicy/user/nonroot_test.go index 3e8662cb56..d2ec55ae06 100644 --- a/pkg/security/podsecuritypolicy/user/nonroot_test.go +++ b/pkg/security/podsecuritypolicy/user/nonroot_test.go @@ -19,7 +19,6 @@ package user import ( "testing" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/extensions" ) @@ -50,8 +49,8 @@ func TestNonRootGenerate(t *testing.T) { } func TestNonRootValidate(t *testing.T) { - goodUID := types.UnixUserID(1) - badUID := types.UnixUserID(0) + goodUID := int64(1) + badUID := int64(0) untrue := false unfalse := true s, err := NewRunAsNonRoot(&extensions.RunAsUserStrategyOptions{}) diff --git a/pkg/security/podsecuritypolicy/user/runasany.go b/pkg/security/podsecuritypolicy/user/runasany.go index ddd8833ff0..ffee679320 100644 --- a/pkg/security/podsecuritypolicy/user/runasany.go +++ b/pkg/security/podsecuritypolicy/user/runasany.go @@ -17,7 +17,6 @@ limitations under the License. package user import ( - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/extensions" @@ -34,7 +33,7 @@ func NewRunAsAny(options *extensions.RunAsUserStrategyOptions) (RunAsUserStrateg } // Generate creates the uid based on policy rules. -func (s *runAsAny) Generate(pod *api.Pod, container *api.Container) (*types.UnixUserID, error) { +func (s *runAsAny) Generate(pod *api.Pod, container *api.Container) (*int64, error) { return nil, nil } diff --git a/pkg/security/podsecuritypolicy/user/types.go b/pkg/security/podsecuritypolicy/user/types.go index 8a2ba06499..8e754c32f6 100644 --- a/pkg/security/podsecuritypolicy/user/types.go +++ b/pkg/security/podsecuritypolicy/user/types.go @@ -17,7 +17,6 @@ limitations under the License. package user import ( - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/kubernetes/pkg/api" ) @@ -25,7 +24,7 @@ import ( // RunAsUserStrategy defines the interface for all uid constraint strategies. type RunAsUserStrategy interface { // Generate creates the uid based on policy rules. - Generate(pod *api.Pod, container *api.Container) (*types.UnixUserID, error) + Generate(pod *api.Pod, container *api.Container) (*int64, error) // Validate ensures that the specified values fall within the range of the strategy. Validate(pod *api.Pod, container *api.Container) field.ErrorList } diff --git a/pkg/security/podsecuritypolicy/util/util.go b/pkg/security/podsecuritypolicy/util/util.go index 51e255391e..27f4826b58 100644 --- a/pkg/security/podsecuritypolicy/util/util.go +++ b/pkg/security/podsecuritypolicy/util/util.go @@ -20,7 +20,6 @@ import ( "fmt" "strings" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/extensions" @@ -164,12 +163,12 @@ func PSPAllowsFSType(psp *extensions.PodSecurityPolicy, fsType extensions.FSType } // UserFallsInRange is a utility to determine it the id falls in the valid range. -func UserFallsInRange(id types.UnixUserID, rng extensions.UserIDRange) bool { +func UserFallsInRange(id int64, rng extensions.UserIDRange) bool { return id >= rng.Min && id <= rng.Max } // GroupFallsInRange is a utility to determine it the id falls in the valid range. -func GroupFallsInRange(id types.UnixGroupID, rng extensions.GroupIDRange) bool { +func GroupFallsInRange(id int64, rng extensions.GroupIDRange) bool { return id >= rng.Min && id <= rng.Max } diff --git a/pkg/securitycontext/util.go b/pkg/securitycontext/util.go index c01cac4e35..dacc25f202 100644 --- a/pkg/securitycontext/util.go +++ b/pkg/securitycontext/util.go @@ -20,7 +20,6 @@ import ( "fmt" "strings" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api/v1" ) @@ -120,7 +119,7 @@ func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1 } if containerSc.RunAsUser != nil { - effectiveSc.RunAsUser = new(types.UnixUserID) + effectiveSc.RunAsUser = new(int64) *effectiveSc.RunAsUser = *containerSc.RunAsUser } @@ -149,7 +148,7 @@ func securityContextFromPodSecurityContext(pod *v1.Pod) *v1.SecurityContext { *synthesized.SELinuxOptions = *pod.Spec.SecurityContext.SELinuxOptions } if pod.Spec.SecurityContext.RunAsUser != nil { - synthesized.RunAsUser = new(types.UnixUserID) + synthesized.RunAsUser = new(int64) *synthesized.RunAsUser = *pod.Spec.SecurityContext.RunAsUser } @@ -192,7 +191,7 @@ func InternalDetermineEffectiveSecurityContext(pod *api.Pod, container *api.Cont } if containerSc.RunAsUser != nil { - effectiveSc.RunAsUser = new(types.UnixUserID) + effectiveSc.RunAsUser = new(int64) *effectiveSc.RunAsUser = *containerSc.RunAsUser } @@ -221,7 +220,7 @@ func internalSecurityContextFromPodSecurityContext(pod *api.Pod) *api.SecurityCo *synthesized.SELinuxOptions = *pod.Spec.SecurityContext.SELinuxOptions } if pod.Spec.SecurityContext.RunAsUser != nil { - synthesized.RunAsUser = new(types.UnixUserID) + synthesized.RunAsUser = new(int64) *synthesized.RunAsUser = *pod.Spec.SecurityContext.RunAsUser } diff --git a/pkg/securitycontext/util_test.go b/pkg/securitycontext/util_test.go index b0bbc46fbf..889352d772 100644 --- a/pkg/securitycontext/util_test.go +++ b/pkg/securitycontext/util_test.go @@ -19,7 +19,6 @@ package securitycontext import ( "testing" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api/v1" ) @@ -85,13 +84,13 @@ func compareContexts(name string, ex, ac *v1.SELinuxOptions, t *testing.T) { } } -func containerWithUser(ptr *types.UnixUserID) *v1.Container { +func containerWithUser(ptr *int64) *v1.Container { return &v1.Container{SecurityContext: &v1.SecurityContext{RunAsUser: ptr}} } func TestHaRootUID(t *testing.T) { - nonRoot := types.UnixUserID(1) - root := types.UnixUserID(0) + nonRoot := int64(1) + root := int64(0) tests := map[string]struct { container *v1.Container @@ -121,7 +120,7 @@ func TestHaRootUID(t *testing.T) { } func TestHasRunAsUser(t *testing.T) { - runAsUser := types.UnixUserID(0) + runAsUser := int64(0) tests := map[string]struct { container *v1.Container @@ -148,8 +147,8 @@ func TestHasRunAsUser(t *testing.T) { } func TestHasRootRunAsUser(t *testing.T) { - nonRoot := types.UnixUserID(1) - root := types.UnixUserID(0) + nonRoot := int64(1) + root := int64(0) tests := map[string]struct { container *v1.Container diff --git a/pkg/volume/aws_ebs/aws_ebs.go b/pkg/volume/aws_ebs/aws_ebs.go index d0c3d3a541..93ad1003f1 100644 --- a/pkg/volume/aws_ebs/aws_ebs.go +++ b/pkg/volume/aws_ebs/aws_ebs.go @@ -294,12 +294,12 @@ func (b *awsElasticBlockStoreMounter) CanMount() error { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *awsElasticBlockStoreMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *awsElasticBlockStoreMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } // SetUpAt attaches the disk and bind mounts to the volume path. -func (b *awsElasticBlockStoreMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *awsElasticBlockStoreMounter) SetUpAt(dir string, fsGroup *int64) error { // TODO: handle failed mounts here. notMnt, err := b.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("PersistentDisk set up: %s %v %v", dir, !notMnt, err) diff --git a/pkg/volume/azure_dd/azure_dd.go b/pkg/volume/azure_dd/azure_dd.go index 7d4a41acfe..edffe4fd75 100644 --- a/pkg/volume/azure_dd/azure_dd.go +++ b/pkg/volume/azure_dd/azure_dd.go @@ -234,12 +234,12 @@ func (b *azureDiskMounter) CanMount() error { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *azureDiskMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *azureDiskMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } // SetUpAt attaches the disk and bind mounts to the volume path. -func (b *azureDiskMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *azureDiskMounter) SetUpAt(dir string, fsGroup *int64) error { b.plugin.volumeLocks.LockKey(b.diskName) defer b.plugin.volumeLocks.UnlockKey(b.diskName) diff --git a/pkg/volume/azure_file/azure_file.go b/pkg/volume/azure_file/azure_file.go index 0aeae26b8f..788df3f748 100644 --- a/pkg/volume/azure_file/azure_file.go +++ b/pkg/volume/azure_file/azure_file.go @@ -189,11 +189,11 @@ func (b *azureFileMounter) CanMount() error { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *azureFileMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *azureFileMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *azureFileMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *azureFileMounter) SetUpAt(dir string, fsGroup *int64) error { notMnt, err := b.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("AzureFile mount set up: %s %v %v", dir, !notMnt, err) if err != nil && !os.IsNotExist(err) { diff --git a/pkg/volume/cephfs/cephfs.go b/pkg/volume/cephfs/cephfs.go index 01f645d090..043124cec8 100644 --- a/pkg/volume/cephfs/cephfs.go +++ b/pkg/volume/cephfs/cephfs.go @@ -217,12 +217,12 @@ func (cephfsMounter *cephfsMounter) CanMount() error { } // SetUp attaches the disk and bind mounts to the volume path. -func (cephfsVolume *cephfsMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (cephfsVolume *cephfsMounter) SetUp(fsGroup *int64) error { return cephfsVolume.SetUpAt(cephfsVolume.GetPath(), fsGroup) } // SetUpAt attaches the disk and bind mounts to the volume path. -func (cephfsVolume *cephfsMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (cephfsVolume *cephfsMounter) SetUpAt(dir string, fsGroup *int64) error { notMnt, err := cephfsVolume.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("CephFS mount set up: %s %v %v", dir, !notMnt, err) if err != nil && !os.IsNotExist(err) { diff --git a/pkg/volume/cinder/cinder.go b/pkg/volume/cinder/cinder.go index 92a3e5710f..be6fea4e5d 100644 --- a/pkg/volume/cinder/cinder.go +++ b/pkg/volume/cinder/cinder.go @@ -298,12 +298,12 @@ func (b *cinderVolumeMounter) CanMount() error { return nil } -func (b *cinderVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *cinderVolumeMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } // SetUp bind mounts to the volume path. -func (b *cinderVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *cinderVolumeMounter) SetUpAt(dir string, fsGroup *int64) error { glog.V(5).Infof("Cinder SetUp %s to %s", b.pdName, dir) b.plugin.volumeLocks.LockKey(b.pdName) diff --git a/pkg/volume/configmap/configmap.go b/pkg/volume/configmap/configmap.go index 4e869293bd..8f087cb631 100644 --- a/pkg/volume/configmap/configmap.go +++ b/pkg/volume/configmap/configmap.go @@ -179,11 +179,11 @@ func (b *configMapVolumeMounter) CanMount() error { return nil } -func (b *configMapVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *configMapVolumeMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *configMapVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *configMapVolumeMounter) SetUpAt(dir string, fsGroup *int64) error { glog.V(3).Infof("Setting up volume %v for pod %v at %v", b.volName, b.pod.UID, dir) // Wrap EmptyDir, let it do the setup. diff --git a/pkg/volume/configmap/configmap_test.go b/pkg/volume/configmap/configmap_test.go index 9f6e401626..60682b751c 100644 --- a/pkg/volume/configmap/configmap_test.go +++ b/pkg/volume/configmap/configmap_test.go @@ -333,7 +333,7 @@ func TestPlugin(t *testing.T) { t.Errorf("Got unexpected path: %s", volumePath) } - fsGroup := types.UnixGroupID(1001) + fsGroup := int64(1001) err = mounter.SetUp(&fsGroup) if err != nil { t.Errorf("Failed to setup volume: %v", err) @@ -391,7 +391,7 @@ func TestPluginReboot(t *testing.T) { t.Errorf("Got unexpected path: %s", volumePath) } - fsGroup := types.UnixGroupID(1001) + fsGroup := int64(1001) err = mounter.SetUp(&fsGroup) if err != nil { t.Errorf("Failed to setup volume: %v", err) @@ -453,7 +453,7 @@ func TestPluginOptional(t *testing.T) { t.Errorf("Got unexpected path: %s", volumePath) } - fsGroup := types.UnixGroupID(1001) + fsGroup := int64(1001) err = mounter.SetUp(&fsGroup) if err != nil { t.Errorf("Failed to setup volume: %v", err) @@ -528,7 +528,7 @@ func TestPluginKeysOptional(t *testing.T) { t.Errorf("Got unexpected path: %s", volumePath) } - fsGroup := types.UnixGroupID(1001) + fsGroup := int64(1001) err = mounter.SetUp(&fsGroup) if err != nil { t.Errorf("Failed to setup volume: %v", err) diff --git a/pkg/volume/downwardapi/downwardapi.go b/pkg/volume/downwardapi/downwardapi.go index b31b01544c..aac6eb730c 100644 --- a/pkg/volume/downwardapi/downwardapi.go +++ b/pkg/volume/downwardapi/downwardapi.go @@ -168,11 +168,11 @@ func (b *downwardAPIVolumeMounter) CanMount() error { // This function is not idempotent by design. We want the data to be refreshed periodically. // The internal sync interval of kubelet will drive the refresh of data. // TODO: Add volume specific ticker and refresh loop -func (b *downwardAPIVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *downwardAPIVolumeMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *downwardAPIVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *downwardAPIVolumeMounter) SetUpAt(dir string, fsGroup *int64) error { glog.V(3).Infof("Setting up a downwardAPI volume %v for pod %v/%v at %v", b.volName, b.pod.Namespace, b.pod.Name, dir) // Wrap EmptyDir. Here we rely on the idempotency of the wrapped plugin to avoid repeatedly mounting wrapped, err := b.plugin.host.NewWrapperMounter(b.volName, wrappedVolumeSpec(), b.pod, *b.opts) diff --git a/pkg/volume/empty_dir/empty_dir.go b/pkg/volume/empty_dir/empty_dir.go index e2596471ab..a42121a492 100644 --- a/pkg/volume/empty_dir/empty_dir.go +++ b/pkg/volume/empty_dir/empty_dir.go @@ -191,12 +191,12 @@ func (b *emptyDir) CanMount() error { } // SetUp creates new directory. -func (ed *emptyDir) SetUp(fsGroup *types.UnixGroupID) error { +func (ed *emptyDir) SetUp(fsGroup *int64) error { return ed.SetUpAt(ed.GetPath(), fsGroup) } // SetUpAt creates new directory. -func (ed *emptyDir) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (ed *emptyDir) SetUpAt(dir string, fsGroup *int64) error { notMnt, err := ed.mounter.IsLikelyNotMountPoint(dir) // Getting an os.IsNotExist err from is a contingency; the directory // may not exist yet, in which case, setup should run. diff --git a/pkg/volume/fc/disk_manager.go b/pkg/volume/fc/disk_manager.go index e3324796d9..7a0e210fb7 100644 --- a/pkg/volume/fc/disk_manager.go +++ b/pkg/volume/fc/disk_manager.go @@ -20,7 +20,6 @@ import ( "os" "github.com/golang/glog" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/util/mount" "k8s.io/kubernetes/pkg/volume" ) @@ -35,7 +34,7 @@ type diskManager interface { } // utility to mount a disk based filesystem -func diskSetUp(manager diskManager, b fcDiskMounter, volPath string, mounter mount.Interface, fsGroup *types.UnixGroupID) error { +func diskSetUp(manager diskManager, b fcDiskMounter, volPath string, mounter mount.Interface, fsGroup *int64) error { globalPDPath := manager.MakeGlobalPDName(*b.fcDisk) // TODO: handle failed mounts here. noMnt, err := mounter.IsLikelyNotMountPoint(volPath) diff --git a/pkg/volume/fc/fc.go b/pkg/volume/fc/fc.go index ebbc92c2cf..2d98773a99 100644 --- a/pkg/volume/fc/fc.go +++ b/pkg/volume/fc/fc.go @@ -204,11 +204,11 @@ func (b *fcDiskMounter) CanMount() error { return nil } -func (b *fcDiskMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *fcDiskMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *fcDiskMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *fcDiskMounter) SetUpAt(dir string, fsGroup *int64) error { // diskSetUp checks mountpoints and prevent repeated calls err := diskSetUp(b.manager, *b, dir, b.mounter, fsGroup) if err != nil { diff --git a/pkg/volume/flexvolume/mounter-defaults.go b/pkg/volume/flexvolume/mounter-defaults.go index b51bfb482a..2d62f9b8a9 100644 --- a/pkg/volume/flexvolume/mounter-defaults.go +++ b/pkg/volume/flexvolume/mounter-defaults.go @@ -21,7 +21,6 @@ import ( "github.com/golang/glog" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/volume" ) @@ -29,7 +28,7 @@ type mounterDefaults flexVolumeMounter // SetUpAt is part of the volume.Mounter interface. // This implementation relies on the attacher's device mount path and does a bind mount to dir. -func (f *mounterDefaults) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (f *mounterDefaults) SetUpAt(dir string, fsGroup *int64) error { glog.Warning(logPrefix(f.plugin), "using default SetUpAt to ", dir) a, err := f.plugin.NewAttacher() diff --git a/pkg/volume/flexvolume/mounter.go b/pkg/volume/flexvolume/mounter.go index 87a67e1125..0fc791e678 100644 --- a/pkg/volume/flexvolume/mounter.go +++ b/pkg/volume/flexvolume/mounter.go @@ -19,7 +19,6 @@ package flexvolume import ( "strconv" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/util/exec" "k8s.io/kubernetes/pkg/util/mount" "k8s.io/kubernetes/pkg/volume" @@ -44,12 +43,12 @@ var _ volume.Mounter = &flexVolumeMounter{} // Mounter interface // SetUp creates new directory. -func (f *flexVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (f *flexVolumeMounter) SetUp(fsGroup *int64) error { return f.SetUpAt(f.GetPath(), fsGroup) } // SetUpAt creates new directory. -func (f *flexVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (f *flexVolumeMounter) SetUpAt(dir string, fsGroup *int64) error { // Mount only once. alreadyMounted, err := prepareForMount(f.mounter, dir) if err != nil { diff --git a/pkg/volume/flexvolume/mounter_test.go b/pkg/volume/flexvolume/mounter_test.go index e64248f064..54289f533b 100644 --- a/pkg/volume/flexvolume/mounter_test.go +++ b/pkg/volume/flexvolume/mounter_test.go @@ -67,6 +67,6 @@ func TestSetUpAt(t *testing.T) { m, _ := plugin.newMounterInternal(spec, pod, mounter, plugin.runner) m.SetUpAt(rootDir+"/mount-dir", nil) - fsGroup := types.UnixGroupID(42) + fsGroup := int64(42) m.SetUpAt(rootDir+"/mount-dir", &fsGroup) } diff --git a/pkg/volume/flocker/flocker.go b/pkg/volume/flocker/flocker.go index c46750660b..8f44fae6e4 100644 --- a/pkg/volume/flocker/flocker.go +++ b/pkg/volume/flocker/flocker.go @@ -232,7 +232,7 @@ func (b *flockerVolumeMounter) GetPath() string { } // SetUp bind mounts the disk global mount to the volume path. -func (b *flockerVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *flockerVolumeMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } @@ -274,7 +274,7 @@ control service: need to update the Primary UUID for this volume. 5. Wait until the Primary UUID was updated or timeout. */ -func (b *flockerVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *flockerVolumeMounter) SetUpAt(dir string, fsGroup *int64) error { var err error if b.flockerClient == nil { b.flockerClient, err = b.newFlockerClient() diff --git a/pkg/volume/gce_pd/gce_pd.go b/pkg/volume/gce_pd/gce_pd.go index 685d82d7f2..1c90fd5825 100644 --- a/pkg/volume/gce_pd/gce_pd.go +++ b/pkg/volume/gce_pd/gce_pd.go @@ -257,12 +257,12 @@ func (b *gcePersistentDiskMounter) CanMount() error { } // SetUp bind mounts the disk global mount to the volume path. -func (b *gcePersistentDiskMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *gcePersistentDiskMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } // SetUp bind mounts the disk global mount to the give volume path. -func (b *gcePersistentDiskMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *gcePersistentDiskMounter) SetUpAt(dir string, fsGroup *int64) error { // TODO: handle failed mounts here. notMnt, err := b.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("GCE PersistentDisk set up: Dir (%s) PD name (%q) Mounted (%t) Error (%v), ReadOnly (%t)", dir, b.pdName, !notMnt, err, b.readOnly) diff --git a/pkg/volume/git_repo/git_repo.go b/pkg/volume/git_repo/git_repo.go index ac6026ad5f..18b61d9c3e 100644 --- a/pkg/volume/git_repo/git_repo.go +++ b/pkg/volume/git_repo/git_repo.go @@ -171,12 +171,12 @@ func (b *gitRepoVolumeMounter) CanMount() error { } // SetUp creates new directory and clones a git repo. -func (b *gitRepoVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *gitRepoVolumeMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } // SetUpAt creates new directory and clones a git repo. -func (b *gitRepoVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *gitRepoVolumeMounter) SetUpAt(dir string, fsGroup *int64) error { if volumeutil.IsReady(b.getMetaDir()) { return nil } diff --git a/pkg/volume/glusterfs/glusterfs.go b/pkg/volume/glusterfs/glusterfs.go index 0e07876d2c..6c16d524c1 100644 --- a/pkg/volume/glusterfs/glusterfs.go +++ b/pkg/volume/glusterfs/glusterfs.go @@ -252,11 +252,11 @@ func (b *glusterfsMounter) CanMount() error { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *glusterfsMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *glusterfsMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *glusterfsMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *glusterfsMounter) SetUpAt(dir string, fsGroup *int64) error { notMnt, err := b.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("glusterfs: mount set up: %s %v %v", dir, !notMnt, err) if err != nil && !os.IsNotExist(err) { diff --git a/pkg/volume/host_path/host_path.go b/pkg/volume/host_path/host_path.go index eccf80fec6..f7c24fd6a4 100644 --- a/pkg/volume/host_path/host_path.go +++ b/pkg/volume/host_path/host_path.go @@ -206,7 +206,7 @@ func (b *hostPathMounter) CanMount() error { } // SetUp does nothing. -func (b *hostPathMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *hostPathMounter) SetUp(fsGroup *int64) error { err := validation.ValidatePathNoBacksteps(b.GetPath()) if err != nil { return fmt.Errorf("invalid HostPath `%s`: %v", b.GetPath(), err) @@ -215,7 +215,7 @@ func (b *hostPathMounter) SetUp(fsGroup *types.UnixGroupID) error { } // SetUpAt does not make sense for host paths - probably programmer error. -func (b *hostPathMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *hostPathMounter) SetUpAt(dir string, fsGroup *int64) error { return fmt.Errorf("SetUpAt() does not make sense for host paths") } diff --git a/pkg/volume/iscsi/disk_manager.go b/pkg/volume/iscsi/disk_manager.go index 31c189d148..2c470b9b1b 100644 --- a/pkg/volume/iscsi/disk_manager.go +++ b/pkg/volume/iscsi/disk_manager.go @@ -20,7 +20,6 @@ import ( "os" "github.com/golang/glog" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/util/mount" "k8s.io/kubernetes/pkg/volume" ) @@ -35,7 +34,7 @@ type diskManager interface { } // utility to mount a disk based filesystem -func diskSetUp(manager diskManager, b iscsiDiskMounter, volPath string, mounter mount.Interface, fsGroup *types.UnixGroupID) error { +func diskSetUp(manager diskManager, b iscsiDiskMounter, volPath string, mounter mount.Interface, fsGroup *int64) error { globalPDPath := manager.MakeGlobalPDName(*b.iscsiDisk) // TODO: handle failed mounts here. notMnt, err := mounter.IsLikelyNotMountPoint(volPath) diff --git a/pkg/volume/iscsi/iscsi.go b/pkg/volume/iscsi/iscsi.go index 408f707cdc..d1d4505076 100644 --- a/pkg/volume/iscsi/iscsi.go +++ b/pkg/volume/iscsi/iscsi.go @@ -236,11 +236,11 @@ func (b *iscsiDiskMounter) CanMount() error { return nil } -func (b *iscsiDiskMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *iscsiDiskMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *iscsiDiskMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *iscsiDiskMounter) SetUpAt(dir string, fsGroup *int64) error { // diskSetUp checks mountpoints and prevent repeated calls err := diskSetUp(b.manager, *b, dir, b.mounter, fsGroup) if err != nil { diff --git a/pkg/volume/local/local.go b/pkg/volume/local/local.go index 9e485c52b3..d4a2ff7535 100644 --- a/pkg/volume/local/local.go +++ b/pkg/volume/local/local.go @@ -181,12 +181,12 @@ func (m *localVolumeMounter) CanMount() error { } // SetUp bind mounts the directory to the volume path -func (m *localVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (m *localVolumeMounter) SetUp(fsGroup *int64) error { return m.SetUpAt(m.GetPath(), fsGroup) } // SetUpAt bind mounts the directory to the volume path and sets up volume ownership -func (m *localVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (m *localVolumeMounter) SetUpAt(dir string, fsGroup *int64) error { if m.globalPath == "" { err := fmt.Errorf("LocalVolume volume %q path is empty", m.volName) return err diff --git a/pkg/volume/nfs/nfs.go b/pkg/volume/nfs/nfs.go index 12ecd3aa9f..db8ab0e5ca 100644 --- a/pkg/volume/nfs/nfs.go +++ b/pkg/volume/nfs/nfs.go @@ -229,11 +229,11 @@ func (b *nfsMounter) GetAttributes() volume.Attributes { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *nfsMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *nfsMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *nfsMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *nfsMounter) SetUpAt(dir string, fsGroup *int64) error { notMnt, err := b.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("NFS mount set up: %s %v %v", dir, !notMnt, err) if err != nil && !os.IsNotExist(err) { diff --git a/pkg/volume/photon_pd/photon_pd.go b/pkg/volume/photon_pd/photon_pd.go index 7733de663c..189cf36df5 100644 --- a/pkg/volume/photon_pd/photon_pd.go +++ b/pkg/volume/photon_pd/photon_pd.go @@ -195,12 +195,12 @@ func (b *photonPersistentDiskMounter) CanMount() error { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *photonPersistentDiskMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *photonPersistentDiskMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } // SetUp attaches the disk and bind mounts to the volume path. -func (b *photonPersistentDiskMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *photonPersistentDiskMounter) SetUpAt(dir string, fsGroup *int64) error { glog.V(4).Infof("Photon Persistent Disk setup %s to %s", b.pdID, dir) // TODO: handle failed mounts here. diff --git a/pkg/volume/portworx/portworx.go b/pkg/volume/portworx/portworx.go index 9aa93bb849..291baa06e0 100644 --- a/pkg/volume/portworx/portworx.go +++ b/pkg/volume/portworx/portworx.go @@ -259,12 +259,12 @@ func (b *portworxVolumeMounter) CanMount() error { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *portworxVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *portworxVolumeMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } // SetUpAt attaches the disk and bind mounts to the volume path. -func (b *portworxVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *portworxVolumeMounter) SetUpAt(dir string, fsGroup *int64) error { notMnt, err := b.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("Portworx Volume set up: %s %v %v", dir, !notMnt, err) if err != nil && !os.IsNotExist(err) { diff --git a/pkg/volume/projected/projected.go b/pkg/volume/projected/projected.go index eb12cebb0c..a4d3e57e2b 100644 --- a/pkg/volume/projected/projected.go +++ b/pkg/volume/projected/projected.go @@ -177,11 +177,11 @@ func (s *projectedVolumeMounter) CanMount() error { return nil } -func (s *projectedVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (s *projectedVolumeMounter) SetUp(fsGroup *int64) error { return s.SetUpAt(s.GetPath(), fsGroup) } -func (s *projectedVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (s *projectedVolumeMounter) SetUpAt(dir string, fsGroup *int64) error { glog.V(3).Infof("Setting up volume %v for pod %v at %v", s.volName, s.pod.UID, dir) wrapped, err := s.plugin.host.NewWrapperMounter(s.volName, wrappedVolumeSpec(), s.pod, *s.opts) diff --git a/pkg/volume/quobyte/quobyte.go b/pkg/volume/quobyte/quobyte.go index 4aa2d99379..b6a29768b3 100644 --- a/pkg/volume/quobyte/quobyte.go +++ b/pkg/volume/quobyte/quobyte.go @@ -234,12 +234,12 @@ func (mounter *quobyteMounter) CanMount() error { } // SetUp attaches the disk and bind mounts to the volume path. -func (mounter *quobyteMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (mounter *quobyteMounter) SetUp(fsGroup *int64) error { pluginDir := mounter.plugin.host.GetPluginDir(strings.EscapeQualifiedNameForDisk(quobytePluginName)) return mounter.SetUpAt(pluginDir, fsGroup) } -func (mounter *quobyteMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (mounter *quobyteMounter) SetUpAt(dir string, fsGroup *int64) error { // Check if Quobyte is already mounted on the host in the Plugin Dir // if so we can use this mountpoint instead of creating a new one // IsLikelyNotMountPoint wouldn't check the mount type diff --git a/pkg/volume/rbd/disk_manager.go b/pkg/volume/rbd/disk_manager.go index 2d5de0eec7..b65c6e998b 100644 --- a/pkg/volume/rbd/disk_manager.go +++ b/pkg/volume/rbd/disk_manager.go @@ -26,7 +26,6 @@ import ( "os" "github.com/golang/glog" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/pkg/util/mount" "k8s.io/kubernetes/pkg/volume" @@ -46,7 +45,7 @@ type diskManager interface { } // utility to mount a disk based filesystem -func diskSetUp(manager diskManager, b rbdMounter, volPath string, mounter mount.Interface, fsGroup *types.UnixGroupID) error { +func diskSetUp(manager diskManager, b rbdMounter, volPath string, mounter mount.Interface, fsGroup *int64) error { globalPDPath := manager.MakeGlobalPDName(*b.rbd) // TODO: handle failed mounts here. notMnt, err := mounter.IsLikelyNotMountPoint(volPath) diff --git a/pkg/volume/rbd/rbd.go b/pkg/volume/rbd/rbd.go index 3163cb8b59..99bdc0ec47 100644 --- a/pkg/volume/rbd/rbd.go +++ b/pkg/volume/rbd/rbd.go @@ -403,11 +403,11 @@ func (b *rbdMounter) CanMount() error { return nil } -func (b *rbdMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *rbdMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *rbdMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *rbdMounter) SetUpAt(dir string, fsGroup *int64) error { // diskSetUp checks mountpoints and prevent repeated calls glog.V(4).Infof("rbd: attempting to SetUp and mount %s", dir) err := diskSetUp(b.manager, *b, dir, b.mounter, fsGroup) diff --git a/pkg/volume/scaleio/sio_volume.go b/pkg/volume/scaleio/sio_volume.go index c0bd76bc44..3abebd6a38 100644 --- a/pkg/volume/scaleio/sio_volume.go +++ b/pkg/volume/scaleio/sio_volume.go @@ -79,12 +79,12 @@ func (v *sioVolume) CanMount() error { return nil } -func (v *sioVolume) SetUp(fsGroup *types.UnixGroupID) error { +func (v *sioVolume) SetUp(fsGroup *int64) error { return v.SetUpAt(v.GetPath(), fsGroup) } // SetUp bind mounts the disk global mount to the volume path. -func (v *sioVolume) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (v *sioVolume) SetUpAt(dir string, fsGroup *int64) error { v.plugin.volumeMtx.LockKey(v.volSpecName) defer v.plugin.volumeMtx.UnlockKey(v.volSpecName) diff --git a/pkg/volume/secret/secret.go b/pkg/volume/secret/secret.go index 40af0d2028..f16d950560 100644 --- a/pkg/volume/secret/secret.go +++ b/pkg/volume/secret/secret.go @@ -178,11 +178,11 @@ func (b *secretVolumeMounter) CanMount() error { return nil } -func (b *secretVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *secretVolumeMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *secretVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *secretVolumeMounter) SetUpAt(dir string, fsGroup *int64) error { glog.V(3).Infof("Setting up volume %v for pod %v at %v", b.volName, b.pod.UID, dir) // Wrap EmptyDir, let it do the setup. diff --git a/pkg/volume/storageos/storageos.go b/pkg/volume/storageos/storageos.go index 0a5e3519a1..c0a67de761 100644 --- a/pkg/volume/storageos/storageos.go +++ b/pkg/volume/storageos/storageos.go @@ -333,7 +333,7 @@ func (b *storageosMounter) CanMount() error { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *storageosMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *storageosMounter) SetUp(fsGroup *int64) error { // Need a namespace to find the volume, try pod's namespace if not set. if b.volNamespace == "" { glog.V(2).Infof("Setting StorageOS volume namespace to pod namespace: %s", b.podNamespace) @@ -360,7 +360,7 @@ func (b *storageosMounter) SetUp(fsGroup *types.UnixGroupID) error { } // SetUp bind mounts the disk global mount to the give volume path. -func (b *storageosMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *storageosMounter) SetUpAt(dir string, fsGroup *int64) error { notMnt, err := b.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("StorageOS volume set up: %s %v %v", dir, !notMnt, err) if err != nil && !os.IsNotExist(err) { diff --git a/pkg/volume/testing/testing.go b/pkg/volume/testing/testing.go index e80a8a5271..a5d790f609 100644 --- a/pkg/volume/testing/testing.go +++ b/pkg/volume/testing/testing.go @@ -354,7 +354,7 @@ func (fv *FakeVolume) CanMount() error { return nil } -func (fv *FakeVolume) SetUp(fsGroup *types.UnixGroupID) error { +func (fv *FakeVolume) SetUp(fsGroup *int64) error { fv.Lock() defer fv.Unlock() fv.SetUpCallCount++ @@ -367,7 +367,7 @@ func (fv *FakeVolume) GetSetUpCallCount() int { return fv.SetUpCallCount } -func (fv *FakeVolume) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (fv *FakeVolume) SetUpAt(dir string, fsGroup *int64) error { return os.MkdirAll(dir, 0750) } diff --git a/pkg/volume/util/operationexecutor/operation_generator.go b/pkg/volume/util/operationexecutor/operation_generator.go index 419bf1e6ad..4c189d96dd 100644 --- a/pkg/volume/util/operationexecutor/operation_generator.go +++ b/pkg/volume/util/operationexecutor/operation_generator.go @@ -392,7 +392,7 @@ func (og *operationGenerator) GenerateMountVolumeFunc( volumeAttacher, _ = attachableVolumePlugin.NewAttacher() } - var fsGroup *types.UnixGroupID + var fsGroup *int64 if volumeToMount.Pod.Spec.SecurityContext != nil && volumeToMount.Pod.Spec.SecurityContext.FSGroup != nil { fsGroup = volumeToMount.Pod.Spec.SecurityContext.FSGroup diff --git a/pkg/volume/volume.go b/pkg/volume/volume.go index 86a8ff7404..76c96d2e22 100644 --- a/pkg/volume/volume.go +++ b/pkg/volume/volume.go @@ -109,14 +109,14 @@ type Mounter interface { // content should be owned by 'fsGroup' so that it can be // accessed by the pod. This may be called more than once, so // implementations must be idempotent. - SetUp(fsGroup *types.UnixGroupID) error + SetUp(fsGroup *int64) error // SetUpAt prepares and mounts/unpacks the volume to the // specified directory path, which may or may not exist yet. // The mount point and its content should be owned by // 'fsGroup' so that it can be accessed by the pod. This may // be called more than once, so implementations must be // idempotent. - SetUpAt(dir string, fsGroup *types.UnixGroupID) error + SetUpAt(dir string, fsGroup *int64) error // GetAttributes returns the attributes of the mounter. GetAttributes() Attributes } diff --git a/pkg/volume/volume_linux.go b/pkg/volume/volume_linux.go index c13ee2b81f..ef1f45208c 100644 --- a/pkg/volume/volume_linux.go +++ b/pkg/volume/volume_linux.go @@ -24,8 +24,6 @@ import ( "os" - "k8s.io/apimachinery/pkg/types" - "github.com/golang/glog" ) @@ -37,7 +35,7 @@ const ( // SetVolumeOwnership modifies the given volume to be owned by // fsGroup, and sets SetGid so that newly created files are owned by // fsGroup. If fsGroup is nil nothing is done. -func SetVolumeOwnership(mounter Mounter, fsGroup *types.UnixGroupID) error { +func SetVolumeOwnership(mounter Mounter, fsGroup *int64) error { if fsGroup == nil { return nil diff --git a/pkg/volume/volume_unsupported.go b/pkg/volume/volume_unsupported.go index db873f0f59..45a6cc5ca7 100644 --- a/pkg/volume/volume_unsupported.go +++ b/pkg/volume/volume_unsupported.go @@ -18,8 +18,6 @@ limitations under the License. package volume -import "k8s.io/apimachinery/pkg/types" - -func SetVolumeOwnership(mounter Mounter, fsGroup *types.UnixGroupID) error { +func SetVolumeOwnership(mounter Mounter, fsGroup *int64) error { return nil } diff --git a/pkg/volume/vsphere_volume/vsphere_volume.go b/pkg/volume/vsphere_volume/vsphere_volume.go index 2c6bf74be8..bfb1d9491d 100644 --- a/pkg/volume/vsphere_volume/vsphere_volume.go +++ b/pkg/volume/vsphere_volume/vsphere_volume.go @@ -194,7 +194,7 @@ func (b *vsphereVolumeMounter) GetAttributes() volume.Attributes { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *vsphereVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error { +func (b *vsphereVolumeMounter) SetUp(fsGroup *int64) error { return b.SetUpAt(b.GetPath(), fsGroup) } @@ -206,7 +206,7 @@ func (b *vsphereVolumeMounter) CanMount() error { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *vsphereVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error { +func (b *vsphereVolumeMounter) SetUpAt(dir string, fsGroup *int64) error { glog.V(5).Infof("vSphere volume setup %s to %s", b.volPath, dir) // TODO: handle failed mounts here. diff --git a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go index 5c6f86d858..53a1dcc5c3 100644 --- a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go +++ b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go @@ -25,7 +25,6 @@ import ( "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/diff" "k8s.io/apimachinery/pkg/util/sets" kadmission "k8s.io/apiserver/pkg/admission" @@ -835,7 +834,7 @@ func TestAdmitRunAsUser(t *testing.T) { // doesn't matter if we set it here or on the container, the // admission controller uses DetermineEffectiveSC to get the defaulting // behavior so it can validate what will be applied at runtime - userID := types.UnixUserID(user) + userID := int64(user) pod.Spec.SecurityContext.RunAsUser = &userID return pod } @@ -855,7 +854,7 @@ func TestAdmitRunAsUser(t *testing.T) { pod *kapi.Pod psps []*extensions.PodSecurityPolicy shouldPass bool - expectedRunAsUser *types.UnixUserID + expectedRunAsUser *int64 expectedPSP string }{ "runAsAny no pod request": { @@ -941,8 +940,8 @@ func TestAdmitSupplementalGroups(t *testing.T) { // doesn't matter if we set it here or on the container, the // admission controller uses DetermineEffectiveSC to get the defaulting // behavior so it can validate what will be applied at runtime - groupID := types.UnixGroupID(group) - pod.Spec.SecurityContext.SupplementalGroups = []types.UnixGroupID{groupID} + groupID := int64(group) + pod.Spec.SecurityContext.SupplementalGroups = []int64{groupID} return pod } @@ -957,28 +956,28 @@ func TestAdmitSupplementalGroups(t *testing.T) { pod *kapi.Pod psps []*extensions.PodSecurityPolicy shouldPass bool - expectedSupGroups []types.UnixGroupID + expectedSupGroups []int64 expectedPSP string }{ "runAsAny no pod request": { pod: goodPod(), psps: []*extensions.PodSecurityPolicy{runAsAny}, shouldPass: true, - expectedSupGroups: []types.UnixGroupID{}, + expectedSupGroups: []int64{}, expectedPSP: runAsAny.Name, }, "runAsAny pod request": { pod: createPodWithSupGroup(1), psps: []*extensions.PodSecurityPolicy{runAsAny}, shouldPass: true, - expectedSupGroups: []types.UnixGroupID{1}, + expectedSupGroups: []int64{1}, expectedPSP: runAsAny.Name, }, "mustRunAs no pod request": { pod: goodPod(), psps: []*extensions.PodSecurityPolicy{mustRunAs}, shouldPass: true, - expectedSupGroups: []types.UnixGroupID{mustRunAs.Spec.SupplementalGroups.Ranges[0].Min}, + expectedSupGroups: []int64{mustRunAs.Spec.SupplementalGroups.Ranges[0].Min}, expectedPSP: mustRunAs.Name, }, "mustRunAs bad pod request": { @@ -990,7 +989,7 @@ func TestAdmitSupplementalGroups(t *testing.T) { pod: createPodWithSupGroup(999), psps: []*extensions.PodSecurityPolicy{mustRunAs}, shouldPass: true, - expectedSupGroups: []types.UnixGroupID{999}, + expectedSupGroups: []int64{999}, expectedPSP: mustRunAs.Name, }, } @@ -1035,7 +1034,7 @@ func TestAdmitFSGroup(t *testing.T) { pod *kapi.Pod psps []*extensions.PodSecurityPolicy shouldPass bool - expectedFSGroup *types.UnixGroupID + expectedFSGroup *int64 expectedPSP string }{ "runAsAny no pod request": { @@ -1711,7 +1710,7 @@ func restrictivePSP() *extensions.PodSecurityPolicy { RunAsUser: extensions.RunAsUserStrategyOptions{ Rule: extensions.RunAsUserStrategyMustRunAs, Ranges: []extensions.UserIDRange{ - {Min: types.UnixUserID(999), Max: types.UnixUserID(999)}, + {Min: int64(999), Max: int64(999)}, }, }, SELinux: extensions.SELinuxStrategyOptions{ @@ -1723,13 +1722,13 @@ func restrictivePSP() *extensions.PodSecurityPolicy { FSGroup: extensions.FSGroupStrategyOptions{ Rule: extensions.FSGroupStrategyMustRunAs, Ranges: []extensions.GroupIDRange{ - {Min: types.UnixGroupID(999), Max: types.UnixGroupID(999)}, + {Min: int64(999), Max: int64(999)}, }, }, SupplementalGroups: extensions.SupplementalGroupsStrategyOptions{ Rule: extensions.SupplementalGroupsStrategyMustRunAs, Ranges: []extensions.GroupIDRange{ - {Min: types.UnixGroupID(999), Max: types.UnixGroupID(999)}, + {Min: int64(999), Max: int64(999)}, }, }, }, @@ -1774,12 +1773,12 @@ func goodPod() *kapi.Pod { } } -func userIDPtr(i int) *types.UnixUserID { - userID := types.UnixUserID(i) +func userIDPtr(i int) *int64 { + userID := int64(i) return &userID } -func groupIDPtr(i int) *types.UnixGroupID { - groupID := types.UnixGroupID(i) +func groupIDPtr(i int) *int64 { + groupID := int64(i) return &groupID } diff --git a/plugin/pkg/admission/securitycontext/scdeny/admission_test.go b/plugin/pkg/admission/securitycontext/scdeny/admission_test.go index 4b7758e23b..f3c498a1bf 100644 --- a/plugin/pkg/admission/securitycontext/scdeny/admission_test.go +++ b/plugin/pkg/admission/securitycontext/scdeny/admission_test.go @@ -19,7 +19,6 @@ package scdeny import ( "testing" - "k8s.io/apimachinery/pkg/types" "k8s.io/apiserver/pkg/admission" "k8s.io/kubernetes/pkg/api" ) @@ -28,7 +27,7 @@ import ( func TestAdmission(t *testing.T) { handler := NewSecurityContextDeny() - runAsUser := types.UnixUserID(1) + runAsUser := int64(1) priv := true cases := []struct { @@ -116,7 +115,7 @@ func TestPodSecurityContextAdmission(t *testing.T) { }, } - fsGroup := types.UnixGroupID(1001) + fsGroup := int64(1001) tests := []struct { securityContext api.PodSecurityContext @@ -128,7 +127,7 @@ func TestPodSecurityContextAdmission(t *testing.T) { }, { securityContext: api.PodSecurityContext{ - SupplementalGroups: []types.UnixGroupID{types.UnixGroupID(1234)}, + SupplementalGroups: []int64{int64(1234)}, }, errorExpected: true, }, diff --git a/staging/src/k8s.io/apimachinery/pkg/types/unix_user_id.go b/staging/src/k8s.io/apimachinery/pkg/types/unix_user_id.go deleted file mode 100644 index dc770c11e2..0000000000 --- a/staging/src/k8s.io/apimachinery/pkg/types/unix_user_id.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package types - -// int64 is used as a safe bet against wrap-around (uid's are general -// int32) and to support uid_t -1, and -2. - -type UnixUserID int64 -type UnixGroupID int64 diff --git a/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go b/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go index 1e5b85047c..b1fcc57081 100644 --- a/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go +++ b/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go @@ -22,8 +22,6 @@ import ( "net" "regexp" "strings" - - "k8s.io/apimachinery/pkg/types" ) const qnameCharFmt string = "[A-Za-z0-9]" @@ -200,7 +198,7 @@ const ( ) // IsValidGroupID tests that the argument is a valid Unix GID. -func IsValidGroupID(gid types.UnixGroupID) []string { +func IsValidGroupID(gid int64) []string { if minGroupID <= gid && gid <= maxGroupID { return nil } @@ -208,7 +206,7 @@ func IsValidGroupID(gid types.UnixGroupID) []string { } // IsValidUserID tests that the argument is a valid Unix UID. -func IsValidUserID(uid types.UnixUserID) []string { +func IsValidUserID(uid int64) []string { if minUserID <= uid && uid <= maxUserID { return nil } diff --git a/staging/src/k8s.io/apimachinery/pkg/util/validation/validation_test.go b/staging/src/k8s.io/apimachinery/pkg/util/validation/validation_test.go index cb807c899d..061be1a6e6 100644 --- a/staging/src/k8s.io/apimachinery/pkg/util/validation/validation_test.go +++ b/staging/src/k8s.io/apimachinery/pkg/util/validation/validation_test.go @@ -19,8 +19,6 @@ package validation import ( "strings" "testing" - - "k8s.io/apimachinery/pkg/types" ) func TestIsDNS1123Label(t *testing.T) { @@ -156,18 +154,18 @@ func TestIsValidPortNum(t *testing.T) { } } -func createGroupIDs(ids ...int64) []types.UnixGroupID { - var output []types.UnixGroupID +func createGroupIDs(ids ...int64) []int64 { + var output []int64 for _, id := range ids { - output = append(output, types.UnixGroupID(id)) + output = append(output, int64(id)) } return output } -func createUserIDs(ids ...int64) []types.UnixUserID { - var output []types.UnixUserID +func createUserIDs(ids ...int64) []int64 { + var output []int64 for _, id := range ids { - output = append(output, types.UnixUserID(id)) + output = append(output, int64(id)) } return output } diff --git a/staging/src/k8s.io/client-go/pkg/api/types.go b/staging/src/k8s.io/client-go/pkg/api/types.go index 412d6d08cc..b59f7202e4 100644 --- a/staging/src/k8s.io/client-go/pkg/api/types.go +++ b/staging/src/k8s.io/client-go/pkg/api/types.go @@ -2263,7 +2263,7 @@ type PodSecurityContext struct { // PodSecurityContext, the value specified in SecurityContext takes precedence // for that container. // +optional - RunAsUser *types.UnixUserID + RunAsUser *int64 // Indicates that the container must run as a non-root user. // If true, the Kubelet will validate the image at runtime to ensure that it // does not run as UID 0 (root) and fail to start the container if it does. @@ -2276,7 +2276,7 @@ type PodSecurityContext struct { // to the container's primary GID. If unspecified, no groups will be added to // any container. // +optional - SupplementalGroups []types.UnixGroupID + SupplementalGroups []int64 // A special supplemental group that applies to all containers in a pod. // Some volume types allow the Kubelet to change the ownership of that volume // to be owned by the pod: @@ -2287,7 +2287,7 @@ type PodSecurityContext struct { // // If unset, the Kubelet will not modify the ownership and permissions of any volume. // +optional - FSGroup *types.UnixGroupID + FSGroup *int64 } // PodQOSClass defines the supported qos classes of Pods. @@ -3924,7 +3924,7 @@ type SecurityContext struct { // May also be set in PodSecurityContext. If set in both SecurityContext and // PodSecurityContext, the value specified in SecurityContext takes precedence. // +optional - RunAsUser *types.UnixUserID + RunAsUser *int64 // Indicates that the container must run as a non-root user. // If true, the Kubelet will validate the image at runtime to ensure that it // does not run as UID 0 (root) and fail to start the container if it does. diff --git a/staging/src/k8s.io/client-go/pkg/api/v1/types.go b/staging/src/k8s.io/client-go/pkg/api/v1/types.go index ba7723296f..8ec3b0beee 100644 --- a/staging/src/k8s.io/client-go/pkg/api/v1/types.go +++ b/staging/src/k8s.io/client-go/pkg/api/v1/types.go @@ -2548,7 +2548,7 @@ type PodSecurityContext struct { // PodSecurityContext, the value specified in SecurityContext takes precedence // for that container. // +optional - RunAsUser *types.UnixUserID `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser,casttype=k8s.io/apimachinery/pkg/types.UnixUserID"` + RunAsUser *int64 `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser"` // Indicates that the container must run as a non-root user. // If true, the Kubelet will validate the image at runtime to ensure that it // does not run as UID 0 (root) and fail to start the container if it does. @@ -2561,7 +2561,7 @@ type PodSecurityContext struct { // to the container's primary GID. If unspecified, no groups will be added to // any container. // +optional - SupplementalGroups []types.UnixGroupID `json:"supplementalGroups,omitempty" protobuf:"varint,4,rep,name=supplementalGroups,casttype=k8s.io/apimachinery/pkg/types.UnixGroupID"` + SupplementalGroups []int64 `json:"supplementalGroups,omitempty" protobuf:"varint,4,rep,name=supplementalGroups"` // A special supplemental group that applies to all containers in a pod. // Some volume types allow the Kubelet to change the ownership of that volume // to be owned by the pod: @@ -2572,7 +2572,7 @@ type PodSecurityContext struct { // // If unset, the Kubelet will not modify the ownership and permissions of any volume. // +optional - FSGroup *types.UnixGroupID `json:"fsGroup,omitempty" protobuf:"varint,5,opt,name=fsGroup,casttype=k8s.io/apimachinery/pkg/types.UnixGroupID"` + FSGroup *int64 `json:"fsGroup,omitempty" protobuf:"varint,5,opt,name=fsGroup"` } // PodQOSClass defines the supported qos classes of Pods. @@ -4511,7 +4511,7 @@ type SecurityContext struct { // May also be set in PodSecurityContext. If set in both SecurityContext and // PodSecurityContext, the value specified in SecurityContext takes precedence. // +optional - RunAsUser *types.UnixUserID `json:"runAsUser,omitempty" protobuf:"varint,4,opt,name=runAsUser,casttype=k8s.io/apimachinery/pkg/types.UnixUserID"` + RunAsUser *int64 `json:"runAsUser,omitempty" protobuf:"varint,4,opt,name=runAsUser"` // Indicates that the container must run as a non-root user. // If true, the Kubelet will validate the image at runtime to ensure that it // does not run as UID 0 (root) and fail to start the container if it does. diff --git a/staging/src/k8s.io/client-go/pkg/apis/extensions/types.go b/staging/src/k8s.io/client-go/pkg/apis/extensions/types.go index 161158dcbf..e4afc0f8c2 100644 --- a/staging/src/k8s.io/client-go/pkg/apis/extensions/types.go +++ b/staging/src/k8s.io/client-go/pkg/apis/extensions/types.go @@ -31,7 +31,6 @@ package extensions import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/pkg/api" ) @@ -980,17 +979,17 @@ type RunAsUserStrategyOptions struct { // UserIDRange provides a min/max of an allowed range of UserIDs. type UserIDRange struct { // Min is the start of the range, inclusive. - Min types.UnixUserID + Min int64 // Max is the end of the range, inclusive. - Max types.UnixUserID + Max int64 } // GroupIDRange provides a min/max of an allowed range of GroupIDs. type GroupIDRange struct { // Min is the start of the range, inclusive. - Min types.UnixGroupID + Min int64 // Max is the end of the range, inclusive. - Max types.UnixGroupID + Max int64 } // RunAsUserStrategy denotes strategy types for generating RunAsUser values for a diff --git a/test/e2e/common/configmap.go b/test/e2e/common/configmap.go index 58421952c2..427574cd54 100644 --- a/test/e2e/common/configmap.go +++ b/test/e2e/common/configmap.go @@ -25,7 +25,6 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/uuid" "k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/test/e2e/framework" @@ -523,8 +522,8 @@ func newEnvFromConfigMap(f *framework.Framework, name string) *v1.ConfigMap { } func doConfigMapE2EWithoutMappings(f *framework.Framework, uid, fsGroup int64, defaultMode *int32) { - userID := types.UnixUserID(uid) - groupID := types.UnixGroupID(fsGroup) + userID := int64(uid) + groupID := int64(fsGroup) var ( name = "configmap-test-volume-" + string(uuid.NewUUID()) @@ -602,8 +601,8 @@ func doConfigMapE2EWithoutMappings(f *framework.Framework, uid, fsGroup int64, d } func doConfigMapE2EWithMappings(f *framework.Framework, uid, fsGroup int64, itemMode *int32) { - userID := types.UnixUserID(uid) - groupID := types.UnixGroupID(fsGroup) + userID := int64(uid) + groupID := int64(fsGroup) var ( name = "configmap-test-volume-map-" + string(uuid.NewUUID()) diff --git a/test/e2e/common/downwardapi_volume.go b/test/e2e/common/downwardapi_volume.go index 65dc7d617c..2e85ccd64d 100644 --- a/test/e2e/common/downwardapi_volume.go +++ b/test/e2e/common/downwardapi_volume.go @@ -28,7 +28,6 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "k8s.io/apimachinery/pkg/types" ) var _ = framework.KubeDescribe("Downward API volume", func() { @@ -71,8 +70,8 @@ var _ = framework.KubeDescribe("Downward API volume", func() { It("should provide podname as non-root with fsgroup [Feature:FSGroup] [Volume]", func() { podName := "metadata-volume-" + string(uuid.NewUUID()) - uid := types.UnixUserID(1001) - gid := types.UnixGroupID(1234) + uid := int64(1001) + gid := int64(1234) pod := downwardAPIVolumePodForSimpleTest(podName, "/etc/podname") pod.Spec.SecurityContext = &v1.PodSecurityContext{ RunAsUser: &uid, @@ -85,8 +84,8 @@ var _ = framework.KubeDescribe("Downward API volume", func() { It("should provide podname as non-root with fsgroup and defaultMode [Feature:FSGroup] [Volume]", func() { podName := "metadata-volume-" + string(uuid.NewUUID()) - uid := types.UnixUserID(1001) - gid := types.UnixGroupID(1234) + uid := int64(1001) + gid := int64(1234) mode := int32(0440) /* setting fsGroup sets mode to at least 440 */ pod := downwardAPIVolumePodForModeTest(podName, "/etc/podname", &mode, nil) pod.Spec.SecurityContext = &v1.PodSecurityContext{ diff --git a/test/e2e/common/empty_dir.go b/test/e2e/common/empty_dir.go index 760d906cb6..7f4415205a 100644 --- a/test/e2e/common/empty_dir.go +++ b/test/e2e/common/empty_dir.go @@ -27,7 +27,6 @@ import ( "k8s.io/kubernetes/test/e2e/framework" . "github.com/onsi/ginkgo" - "k8s.io/apimachinery/pkg/types" ) const ( @@ -142,7 +141,7 @@ func doTestSetgidFSGroup(f *framework.Framework, image string, medium v1.Storage fmt.Sprintf("--file_owner=%v", filePath), } - fsGroup := types.UnixGroupID(123) + fsGroup := int64(123) pod.Spec.SecurityContext.FSGroup = &fsGroup msg := fmt.Sprintf("emptydir 0644 on %v", formatMedium(medium)) @@ -172,7 +171,7 @@ func doTestSubPathFSGroup(f *framework.Framework, image string, medium v1.Storag pod.Spec.Containers[0].VolumeMounts[0].SubPath = subPath - fsGroup := types.UnixGroupID(123) + fsGroup := int64(123) pod.Spec.SecurityContext.FSGroup = &fsGroup msg := fmt.Sprintf("emptydir subpath on %v", formatMedium(medium)) @@ -198,7 +197,7 @@ func doTestVolumeModeFSGroup(f *framework.Framework, image string, medium v1.Sto fmt.Sprintf("--file_perm=%v", volumePath), } - fsGroup := types.UnixGroupID(1001) + fsGroup := int64(1001) pod.Spec.SecurityContext.FSGroup = &fsGroup msg := fmt.Sprintf("emptydir volume type on %v", formatMedium(medium)) @@ -224,7 +223,7 @@ func doTest0644FSGroup(f *framework.Framework, image string, medium v1.StorageMe fmt.Sprintf("--file_perm=%v", filePath), } - fsGroup := types.UnixGroupID(123) + fsGroup := int64(123) pod.Spec.SecurityContext.FSGroup = &fsGroup msg := fmt.Sprintf("emptydir 0644 on %v", formatMedium(medium)) diff --git a/test/e2e/common/projected.go b/test/e2e/common/projected.go index 02c75e409a..3af9acb548 100644 --- a/test/e2e/common/projected.go +++ b/test/e2e/common/projected.go @@ -29,7 +29,6 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "k8s.io/apimachinery/pkg/types" ) var _ = framework.KubeDescribe("Projected", func() { @@ -47,8 +46,8 @@ var _ = framework.KubeDescribe("Projected", func() { It("should be consumable from pods in volume as non-root with defaultMode and fsGroup set [Conformance] [Volume]", func() { defaultMode := int32(0440) /* setting fsGroup sets mode to at least 440 */ - fsGroup := types.UnixGroupID(1001) - uid := types.UnixUserID(1000) + fsGroup := int64(1001) + uid := int64(1000) doProjectedSecretE2EWithoutMapping(f, &defaultMode, "projected-secret-test-"+string(uuid.NewUUID()), &fsGroup, &uid) }) @@ -834,8 +833,8 @@ var _ = framework.KubeDescribe("Projected", func() { It("should provide podname as non-root with fsgroup [Feature:FSGroup] [Volume]", func() { podName := "metadata-volume-" + string(uuid.NewUUID()) - uid := types.UnixUserID(1001) - gid := types.UnixGroupID(1234) + uid := int64(1001) + gid := int64(1234) pod := downwardAPIVolumePodForSimpleTest(podName, "/etc/podname") pod.Spec.SecurityContext = &v1.PodSecurityContext{ RunAsUser: &uid, @@ -848,8 +847,8 @@ var _ = framework.KubeDescribe("Projected", func() { It("should provide podname as non-root with fsgroup and defaultMode [Feature:FSGroup] [Volume]", func() { podName := "metadata-volume-" + string(uuid.NewUUID()) - uid := types.UnixUserID(1001) - gid := types.UnixGroupID(1234) + uid := int64(1001) + gid := int64(1234) mode := int32(0440) /* setting fsGroup sets mode to at least 440 */ pod := projectedDownwardAPIVolumePodForModeTest(podName, "/etc/podname", &mode, nil) pod.Spec.SecurityContext = &v1.PodSecurityContext{ @@ -1025,7 +1024,7 @@ var _ = framework.KubeDescribe("Projected", func() { }) func doProjectedSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32, - secretName string, fsGroup *types.UnixGroupID, uid *types.UnixUserID) { + secretName string, fsGroup *int64, uid *int64) { var ( volumeName = "projected-secret-volume" volumeMountPath = "/etc/projected-secret-volume" @@ -1185,8 +1184,8 @@ func doProjectedSecretE2EWithMapping(f *framework.Framework, mode *int32) { } func doProjectedConfigMapE2EWithoutMappings(f *framework.Framework, uid, fsGroup int64, defaultMode *int32) { - userID := types.UnixUserID(uid) - groupID := types.UnixGroupID(fsGroup) + userID := int64(uid) + groupID := int64(fsGroup) var ( name = "projected-configmap-test-volume-" + string(uuid.NewUUID()) @@ -1269,8 +1268,8 @@ func doProjectedConfigMapE2EWithoutMappings(f *framework.Framework, uid, fsGroup } func doProjectedConfigMapE2EWithMappings(f *framework.Framework, uid, fsGroup int64, itemMode *int32) { - userID := types.UnixUserID(uid) - groupID := types.UnixGroupID(fsGroup) + userID := int64(uid) + groupID := int64(fsGroup) var ( name = "projected-configmap-test-volume-map-" + string(uuid.NewUUID()) diff --git a/test/e2e/common/secrets.go b/test/e2e/common/secrets.go index 4dd0e5308e..be804dbbdd 100644 --- a/test/e2e/common/secrets.go +++ b/test/e2e/common/secrets.go @@ -29,7 +29,6 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "k8s.io/apimachinery/pkg/types" ) var _ = framework.KubeDescribe("Secrets", func() { @@ -46,8 +45,8 @@ var _ = framework.KubeDescribe("Secrets", func() { It("should be consumable from pods in volume as non-root with defaultMode and fsGroup set [Conformance] [Volume]", func() { defaultMode := int32(0440) /* setting fsGroup sets mode to at least 440 */ - fsGroup := types.UnixGroupID(1001) - uid := types.UnixUserID(1000) + fsGroup := int64(1001) + uid := int64(1000) doSecretE2EWithoutMapping(f, &defaultMode, "secret-test-"+string(uuid.NewUUID()), &fsGroup, &uid) }) @@ -455,7 +454,7 @@ func secretForTest(namespace, name string) *v1.Secret { } func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32, secretName string, - fsGroup *types.UnixGroupID, uid *types.UnixUserID) { + fsGroup *int64, uid *int64) { var ( volumeName = "secret-volume" volumeMountPath = "/etc/secret-volume" diff --git a/test/e2e/framework/volume_util.go b/test/e2e/framework/volume_util.go index 718a84ad2e..c35d5bcf09 100644 --- a/test/e2e/framework/volume_util.go +++ b/test/e2e/framework/volume_util.go @@ -46,7 +46,6 @@ import ( apierrs "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/pkg/client/clientset_generated/clientset" @@ -243,7 +242,7 @@ func VolumeTestCleanup(f *Framework, config VolumeTestConfig) { // and check that the pod sees expected data, e.g. from the server pod. // Multiple VolumeTests can be specified to mount multiple volumes to a single // pod. -func TestVolumeClient(client clientset.Interface, config VolumeTestConfig, fsGroup *types.UnixGroupID, tests []VolumeTest) { +func TestVolumeClient(client clientset.Interface, config VolumeTestConfig, fsGroup *int64, tests []VolumeTest) { By(fmt.Sprint("starting ", config.Prefix, " client")) clientPod := &v1.Pod{ TypeMeta: metav1.TypeMeta{ diff --git a/test/e2e/security_context.go b/test/e2e/security_context.go index 0656943bdd..871b6f870d 100644 --- a/test/e2e/security_context.go +++ b/test/e2e/security_context.go @@ -26,7 +26,6 @@ import ( "fmt" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/uuid" "k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/test/e2e/framework" @@ -66,14 +65,14 @@ var _ = framework.KubeDescribe("Security Context [Feature:SecurityContext]", fun It("should support pod.Spec.SecurityContext.SupplementalGroups", func() { pod := scTestPod(false, false) pod.Spec.Containers[0].Command = []string{"id", "-G"} - pod.Spec.SecurityContext.SupplementalGroups = []types.UnixGroupID{1234, 5678} + pod.Spec.SecurityContext.SupplementalGroups = []int64{1234, 5678} groups := []string{"1234", "5678"} f.TestContainerOutput("pod.Spec.SecurityContext.SupplementalGroups", pod, 0, groups) }) It("should support pod.Spec.SecurityContext.RunAsUser", func() { pod := scTestPod(false, false) - userID := types.UnixUserID(1001) + userID := int64(1001) pod.Spec.SecurityContext.RunAsUser = &userID pod.Spec.Containers[0].Command = []string{"sh", "-c", "id -u"} @@ -84,8 +83,8 @@ var _ = framework.KubeDescribe("Security Context [Feature:SecurityContext]", fun It("should support container.SecurityContext.RunAsUser", func() { pod := scTestPod(false, false) - userID := types.UnixUserID(1001) - overrideUserID := types.UnixUserID(1002) + userID := int64(1001) + overrideUserID := int64(1002) pod.Spec.SecurityContext.RunAsUser = &userID pod.Spec.Containers[0].SecurityContext = new(v1.SecurityContext) pod.Spec.Containers[0].SecurityContext.RunAsUser = &overrideUserID diff --git a/test/e2e/storage/volumes.go b/test/e2e/storage/volumes.go index 9eb37922e0..fed03ccaf6 100644 --- a/test/e2e/storage/volumes.go +++ b/test/e2e/storage/volumes.go @@ -264,7 +264,7 @@ var _ = framework.KubeDescribe("Volumes [Volume]", func() { ExpectedContent: "Hello from iSCSI", }, } - fsGroup := types.UnixGroupID(1234) + fsGroup := int64(1234) framework.TestVolumeClient(cs, config, &fsGroup, tests) }) }) @@ -343,7 +343,7 @@ var _ = framework.KubeDescribe("Volumes [Volume]", func() { ExpectedContent: "Hello from RBD", }, } - fsGroup := types.UnixGroupID(1234) + fsGroup := int64(1234) framework.TestVolumeClient(cs, config, &fsGroup, tests) }) }) @@ -496,7 +496,7 @@ var _ = framework.KubeDescribe("Volumes [Volume]", func() { framework.InjectHtml(cs, config, tests[0].Volume, tests[0].ExpectedContent) - fsGroup := types.UnixGroupID(1234) + fsGroup := int64(1234) framework.TestVolumeClient(cs, config, &fsGroup, tests) }) }) @@ -550,7 +550,7 @@ var _ = framework.KubeDescribe("Volumes [Volume]", func() { framework.InjectHtml(cs, config, tests[0].Volume, tests[0].ExpectedContent) - fsGroup := types.UnixGroupID(1234) + fsGroup := int64(1234) framework.TestVolumeClient(cs, config, &fsGroup, tests) }) }) @@ -682,7 +682,7 @@ var _ = framework.KubeDescribe("Volumes [Volume]", func() { framework.InjectHtml(cs, config, tests[0].Volume, tests[0].ExpectedContent) - fsGroup := types.UnixGroupID(1234) + fsGroup := int64(1234) framework.TestVolumeClient(cs, config, &fsGroup, tests) }) }) @@ -732,7 +732,7 @@ var _ = framework.KubeDescribe("Volumes [Volume]", func() { framework.InjectHtml(cs, config, tests[0].Volume, tests[0].ExpectedContent) - fsGroup := types.UnixGroupID(1234) + fsGroup := int64(1234) framework.TestVolumeClient(cs, config, &fsGroup, tests) }) }) diff --git a/test/e2e_node/runtime_conformance_test.go b/test/e2e_node/runtime_conformance_test.go index 2099396193..9dfd45829d 100644 --- a/test/e2e_node/runtime_conformance_test.go +++ b/test/e2e_node/runtime_conformance_test.go @@ -21,7 +21,6 @@ import ( "path" "time" - "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/uuid" "k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/pkg/kubelet/images" @@ -130,8 +129,8 @@ while true; do sleep 1; done } }) - rootUser := types.UnixUserID(0) - nonRootUser := types.UnixUserID(10000) + rootUser := int64(0) + nonRootUser := int64(10000) for _, testCase := range []struct { name string container v1.Container