Add "MayRunAs" value among other GroupStrategies
Adds "MayRunAs" value among other group strategies. This strategy allows to define a certain range of GIDs for FSGroupStrategy and SupplementalGroupStrategy in a PSP. This new strategy works similarly to the "MustRunAs" one, except that when no GID is specified in a pod/container security context then no GID is generated for the respective containers. Resolves #56173
This commit is contained in:
@@ -239,6 +239,7 @@ func validatePSPFSGroup(fldPath *field.Path, groupOptions *policy.FSGroupStrateg
|
||||
|
||||
supportedRules := sets.NewString(
|
||||
string(policy.FSGroupStrategyMustRunAs),
|
||||
string(policy.FSGroupStrategyMayRunAs),
|
||||
string(policy.FSGroupStrategyRunAsAny),
|
||||
)
|
||||
if !supportedRules.Has(string(groupOptions.Rule)) {
|
||||
@@ -257,6 +258,7 @@ func validatePSPSupplementalGroup(fldPath *field.Path, groupOptions *policy.Supp
|
||||
|
||||
supportedRules := sets.NewString(
|
||||
string(policy.SupplementalGroupsStrategyRunAsAny),
|
||||
string(policy.SupplementalGroupsStrategyMayRunAs),
|
||||
string(policy.SupplementalGroupsStrategyMustRunAs),
|
||||
)
|
||||
if !supportedRules.Has(string(groupOptions.Rule)) {
|
||||
|
Reference in New Issue
Block a user