github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security context initial implementation - squash

Browse Source
This commit is contained in:
Paul Weil
2015-05-05 12:37:23 -04:00
parent 20ea35105d
commit 982bf19c20
47 changed files with 2359 additions and 606 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
pkg/api/v1/conversion.go
View File

@@ -18,6 +18,7 @@ package v1
import (
"fmt"
"reflect"
newer "github.com/GoogleCloudPlatform/kubernetes/pkg/api"
"github.com/GoogleCloudPlatform/kubernetes/pkg/api/resource"
@@ -237,9 +238,22 @@ func init() {
return err
}
out.TerminationMessagePath = in.TerminationMessagePath
out.Privileged = in.Privileged
out.ImagePullPolicy = newer.PullPolicy(in.ImagePullPolicy)
if err := s.Convert(&in.Capabilities, &out.Capabilities, 0); err != nil {
if in.SecurityContext != nil {
if in.SecurityContext.Capabilities != nil {
if !reflect.DeepEqual(in.SecurityContext.Capabilities.Add, in.Capabilities.Add) ||
!reflect.DeepEqual(in.SecurityContext.Capabilities.Drop, in.Capabilities.Drop) {
return fmt.Errorf("container capability settings do not match security context settings, cannot convert")
}
}
if in.SecurityContext.Privileged != nil {
if in.Privileged != *in.SecurityContext.Privileged {
return fmt.Errorf("container privileged settings do not match security context settings, cannot convert")
}
}
}
if err := s.Convert(&in.SecurityContext, &out.SecurityContext, 0); err != nil {
return err
}
return nil
@@ -297,11 +311,19 @@ func init() {
return err
}
out.TerminationMessagePath = in.TerminationMessagePath
out.Privileged = in.Privileged
out.ImagePullPolicy = PullPolicy(in.ImagePullPolicy)
if err := s.Convert(&in.Capabilities, &out.Capabilities, 0); err != nil {
if err := s.Convert(&in.SecurityContext, &out.SecurityContext, 0); err != nil {
return err
}
// now that we've converted set the container field from security context
if out.SecurityContext != nil && out.SecurityContext.Privileged != nil {
out.Privileged = *out.SecurityContext.Privileged
}
// now that we've converted set the container field from security context
if out.SecurityContext != nil && out.SecurityContext.Capabilities != nil {
out.Capabilities = *out.SecurityContext.Capabilities
}
return nil
},
func(in *ContainerPort, out *newer.ContainerPort, s conversion.Scope) error {