remove unused code in securitycontext

2018-03-29 23:32:48 -07:00 · 2018-03-29 23:32:48 -07:00 · eecef462c8
parent 99fd98a893
commit eecef462c8
2 changed files with 0 additions and 114 deletions
--- a/pkg/securitycontext/util.go
+++ b/pkg/securitycontext/util.go
@ -67,27 +67,6 @@ func ParseSELinuxOptions(context string) (*v1.SELinuxOptions, error) {
 	}, nil
 }

-// HasNonRootUID returns true if the runAsUser is set and is greater than 0.
-func HasRootUID(container *v1.Container) bool {
-	if container.SecurityContext == nil {
-		return false
-	}
-	if container.SecurityContext.RunAsUser == nil {
-		return false
-	}
-	return *container.SecurityContext.RunAsUser == 0
-}
-
-// HasRunAsUser determines if the sc's runAsUser field is set.
-func HasRunAsUser(container *v1.Container) bool {
-	return container.SecurityContext != nil && container.SecurityContext.RunAsUser != nil
-}
-
-// HasRootRunAsUser returns true if the run as user is set and it is set to 0.
-func HasRootRunAsUser(container *v1.Container) bool {
-	return HasRunAsUser(container) && HasRootUID(container)
-}
-
 func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext {
 	effectiveSc := securityContextFromPodSecurityContext(pod)
 	containerSc := container.SecurityContext
--- a/pkg/securitycontext/util_test.go
+++ b/pkg/securitycontext/util_test.go
@ -84,99 +84,6 @@ func compareContexts(name string, ex, ac *v1.SELinuxOptions, t *testing.T) {
 	}
 }

-func containerWithUser(ptr *int64) *v1.Container {
-	return &v1.Container{SecurityContext: &v1.SecurityContext{RunAsUser: ptr}}
-}
-
-func TestHaRootUID(t *testing.T) {
-	nonRoot := int64(1)
-	root := int64(0)
-
-	tests := map[string]struct {
-		container *v1.Container
-		expect    bool
-	}{
-		"nil sc": {
-			container: &v1.Container{SecurityContext: nil},
-		},
-		"nil runAsuser": {
-			container: containerWithUser(nil),
-		},
-		"runAsUser non-root": {
-			container: containerWithUser(&nonRoot),
-		},
-		"runAsUser root": {
-			container: containerWithUser(&root),
-			expect:    true,
-		},
-	}
-
-	for k, v := range tests {
-		actual := HasRootUID(v.container)
-		if actual != v.expect {
-			t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual)
-		}
-	}
-}
-
-func TestHasRunAsUser(t *testing.T) {
-	runAsUser := int64(0)
-
-	tests := map[string]struct {
-		container *v1.Container
-		expect    bool
-	}{
-		"nil sc": {
-			container: &v1.Container{SecurityContext: nil},
-		},
-		"nil runAsUser": {
-			container: containerWithUser(nil),
-		},
-		"valid runAsUser": {
-			container: containerWithUser(&runAsUser),
-			expect:    true,
-		},
-	}
-
-	for k, v := range tests {
-		actual := HasRunAsUser(v.container)
-		if actual != v.expect {
-			t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual)
-		}
-	}
-}
-
-func TestHasRootRunAsUser(t *testing.T) {
-	nonRoot := int64(1)
-	root := int64(0)
-
-	tests := map[string]struct {
-		container *v1.Container
-		expect    bool
-	}{
-		"nil sc": {
-			container: &v1.Container{SecurityContext: nil},
-		},
-		"nil runAsuser": {
-			container: containerWithUser(nil),
-		},
-		"runAsUser non-root": {
-			container: containerWithUser(&nonRoot),
-		},
-		"runAsUser root": {
-			container: containerWithUser(&root),
-			expect:    true,
-		},
-	}
-
-	for k, v := range tests {
-		actual := HasRootRunAsUser(v.container)
-		if actual != v.expect {
-			t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual)
-		}
-	}
-}
-
 func TestAddNoNewPrivileges(t *testing.T) {
 	pfalse := false
 	ptrue := true