vendor updates

2025-06-13 10:33:35 +00:00 · 2018-03-06 17:33:18 -05:00
parent 4b3ebc171b
commit e9033989a0
5854 changed files with 248382 additions and 119809 deletions
--- a/vendor/k8s.io/kubernetes/pkg/securitycontext/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/securitycontext/BUILD
@ -27,8 +27,7 @@ go_test(
        "accessors_test.go",
        "util_test.go",
    ],
-    importpath = "k8s.io/kubernetes/pkg/securitycontext",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
    deps = [
        "//pkg/apis/core:go_default_library",
        "//vendor/k8s.io/api/core/v1:go_default_library",
--- a/vendor/k8s.io/kubernetes/pkg/securitycontext/util.go
+++ b/vendor/k8s.io/kubernetes/pkg/securitycontext/util.go
@ -21,7 +21,6 @@ import (
 	"strings"

 	"k8s.io/api/core/v1"
-	api "k8s.io/kubernetes/pkg/apis/core"
 )

 // HasPrivilegedRequest returns the value of SecurityContext.Privileged, taking into account
@ -165,83 +164,6 @@ func securityContextFromPodSecurityContext(pod *v1.Pod) *v1.SecurityContext {
 	return synthesized
 }

-// TODO: remove the duplicate code
-func InternalDetermineEffectiveSecurityContext(pod *api.Pod, container *api.Container) *api.SecurityContext {
-	effectiveSc := internalSecurityContextFromPodSecurityContext(pod)
-	containerSc := container.SecurityContext
-
-	if effectiveSc == nil && containerSc == nil {
-		return nil
-	}
-	if effectiveSc != nil && containerSc == nil {
-		return effectiveSc
-	}
-	if effectiveSc == nil && containerSc != nil {
-		return containerSc
-	}
-
-	if containerSc.SELinuxOptions != nil {
-		effectiveSc.SELinuxOptions = new(api.SELinuxOptions)
-		*effectiveSc.SELinuxOptions = *containerSc.SELinuxOptions
-	}
-
-	if containerSc.Capabilities != nil {
-		effectiveSc.Capabilities = new(api.Capabilities)
-		*effectiveSc.Capabilities = *containerSc.Capabilities
-	}
-
-	if containerSc.Privileged != nil {
-		effectiveSc.Privileged = new(bool)
-		*effectiveSc.Privileged = *containerSc.Privileged
-	}
-
-	if containerSc.RunAsUser != nil {
-		effectiveSc.RunAsUser = new(int64)
-		*effectiveSc.RunAsUser = *containerSc.RunAsUser
-	}
-
-	if containerSc.RunAsNonRoot != nil {
-		effectiveSc.RunAsNonRoot = new(bool)
-		*effectiveSc.RunAsNonRoot = *containerSc.RunAsNonRoot
-	}
-
-	if containerSc.ReadOnlyRootFilesystem != nil {
-		effectiveSc.ReadOnlyRootFilesystem = new(bool)
-		*effectiveSc.ReadOnlyRootFilesystem = *containerSc.ReadOnlyRootFilesystem
-	}
-
-	if containerSc.AllowPrivilegeEscalation != nil {
-		effectiveSc.AllowPrivilegeEscalation = new(bool)
-		*effectiveSc.AllowPrivilegeEscalation = *containerSc.AllowPrivilegeEscalation
-	}
-
-	return effectiveSc
-}
-
-func internalSecurityContextFromPodSecurityContext(pod *api.Pod) *api.SecurityContext {
-	if pod.Spec.SecurityContext == nil {
-		return nil
-	}
-
-	synthesized := &api.SecurityContext{}
-
-	if pod.Spec.SecurityContext.SELinuxOptions != nil {
-		synthesized.SELinuxOptions = &api.SELinuxOptions{}
-		*synthesized.SELinuxOptions = *pod.Spec.SecurityContext.SELinuxOptions
-	}
-	if pod.Spec.SecurityContext.RunAsUser != nil {
-		synthesized.RunAsUser = new(int64)
-		*synthesized.RunAsUser = *pod.Spec.SecurityContext.RunAsUser
-	}
-
-	if pod.Spec.SecurityContext.RunAsNonRoot != nil {
-		synthesized.RunAsNonRoot = new(bool)
-		*synthesized.RunAsNonRoot = *pod.Spec.SecurityContext.RunAsNonRoot
-	}
-
-	return synthesized
-}
-
 // AddNoNewPrivileges returns if we should add the no_new_privs option.
 func AddNoNewPrivileges(sc *v1.SecurityContext) bool {
 	if sc == nil {
--- a/vendor/k8s.io/kubernetes/pkg/securitycontext/util_test.go
+++ b/vendor/k8s.io/kubernetes/pkg/securitycontext/util_test.go
@ -178,56 +178,39 @@ func TestHasRootRunAsUser(t *testing.T) {
 }

 func TestAddNoNewPrivileges(t *testing.T) {
-	var nonRoot int64 = 1000
-	var root int64 = 0
 	pfalse := false
 	ptrue := true

 	tests := map[string]struct {
-		sc     v1.SecurityContext
+		sc     *v1.SecurityContext
 		expect bool
 	}{
-		"allowPrivilegeEscalation nil security context nil": {},
-		"allowPrivilegeEscalation nil nonRoot": {
-			sc: v1.SecurityContext{
-				RunAsUser: &nonRoot,
-			},
+		"allowPrivilegeEscalation nil security context nil": {
+			sc:     nil,
+			expect: false,
 		},
-		"allowPrivilegeEscalation nil root": {
-			sc: v1.SecurityContext{
-				RunAsUser: &root,
+		"allowPrivilegeEscalation nil": {
+			sc: &v1.SecurityContext{
+				AllowPrivilegeEscalation: nil,
 			},
+			expect: false,
 		},
-		"allowPrivilegeEscalation false nonRoot": {
-			sc: v1.SecurityContext{
-				RunAsUser:                &nonRoot,
+		"allowPrivilegeEscalation false": {
+			sc: &v1.SecurityContext{
 				AllowPrivilegeEscalation: &pfalse,
 			},
 			expect: true,
 		},
-		"allowPrivilegeEscalation false root": {
-			sc: v1.SecurityContext{
-				RunAsUser:                &root,
-				AllowPrivilegeEscalation: &pfalse,
-			},
-			expect: true,
-		},
-		"allowPrivilegeEscalation true nonRoot": {
-			sc: v1.SecurityContext{
-				RunAsUser:                &nonRoot,
-				AllowPrivilegeEscalation: &ptrue,
-			},
-		},
-		"allowPrivilegeEscalation true root": {
-			sc: v1.SecurityContext{
-				RunAsUser:                &root,
+		"allowPrivilegeEscalation true": {
+			sc: &v1.SecurityContext{
 				AllowPrivilegeEscalation: &ptrue,
 			},
+			expect: false,
 		},
 	}

 	for k, v := range tests {
-		actual := AddNoNewPrivileges(&v.sc)
+		actual := AddNoNewPrivileges(v.sc)
 		if actual != v.expect {
 			t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual)
 		}