github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move AppArmor feature-gate checking out of validation

Browse Source
This commit is contained in:
Jordan Liggitt
2019-01-07 15:10:11 -05:00
parent 12dd768bee
commit cd4f626f66
4 changed files with 108 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/apis/core/validation/validation.go
View File

@@ -3348,11 +3348,6 @@ func ValidateAppArmorPodAnnotations(annotations map[string]string, spec *core.Po
if !strings.HasPrefix(k, apparmor.ContainerAnnotationKeyPrefix) {
continue
}
// TODO: this belongs to admission, not general pod validation:
if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) {
allErrs = append(allErrs, field.Forbidden(fldPath.Key(k), "AppArmor is disabled by feature-gate"))
continue
}
containerName := strings.TrimPrefix(k, apparmor.ContainerAnnotationKeyPrefix)
if !podSpecHasContainer(spec, containerName) {
allErrs = append(allErrs, field.Invalid(fldPath.Key(k), containerName, "container not found"))