github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

API Changes for RunAsGroup and Implementation and e2e

Browse Source
This commit is contained in:
Mayank Kumar
2017-05-12 23:29:25 -07:00
parent ded25445fe
commit b888415ebf
35 changed files with 1856 additions and 1243 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/apis/core/validation/validation.go
View File

@@ -3298,6 +3298,12 @@ func ValidatePodSecurityContext(securityContext *core.PodSecurityContext, spec *
allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsUser"), *(securityContext.RunAsUser), msg))
}
}
if securityContext.RunAsGroup != nil {
for _, msg := range validation.IsValidGroupID(*securityContext.RunAsGroup) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsGroup"), *(securityContext.RunAsGroup), msg))
}
}
for g, gid := range securityContext.SupplementalGroups {
for _, msg := range validation.IsValidGroupID(gid) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("supplementalGroups").Index(g), gid, msg))
@@ -4921,6 +4927,12 @@ func ValidateSecurityContext(sc *core.SecurityContext, fldPath *field.Path) fiel
}
}
if sc.RunAsGroup != nil {
for _, msg := range validation.IsValidGroupID(*sc.RunAsGroup) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsGroup"), *sc.RunAsGroup, msg))
}
}
if sc.AllowPrivilegeEscalation != nil && !*sc.AllowPrivilegeEscalation {
if sc.Privileged != nil && *sc.Privileged {
allErrs = append(allErrs, field.Invalid(fldPath, sc, "cannot set `allowPrivilegeEscalation` to false and `privileged` to true"))