diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-05-09 15:50:29 +0200 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-05-10 09:09:14 +0200 |
commit | 82a4b8f01c8061c022e7c9222746865a44f25d64 (patch) | |
tree | 4f4d97c7b62c45ada362e9804ece38b0c1fe5f5c /pkg/specgen/generate/kube | |
parent | 21c816bb169912bc98e77735ba7bece103c0d799 (diff) | |
download | podman-82a4b8f01c8061c022e7c9222746865a44f25d64.tar.gz podman-82a4b8f01c8061c022e7c9222746865a44f25d64.tar.bz2 podman-82a4b8f01c8061c022e7c9222746865a44f25d64.zip |
kube: refactor setupSecurityContext to accept directly the security ctx
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/specgen/generate/kube')
-rw-r--r-- | pkg/specgen/generate/kube/kube.go | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index d56b50fd5..c04b94d4e 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -188,7 +188,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener s.InitContainerType = opts.InitContainerType - setupSecurityContext(s, opts.Container) + setupSecurityContext(s, opts.Container.SecurityContext) err := setupLivenessProbe(s, opts.Container, opts.RestartPolicy) if err != nil { return nil, errors.Wrap(err, "Failed to configure livenessProbe") @@ -531,22 +531,22 @@ func makeHealthCheck(inCmd string, interval int32, retries int32, timeout int32, return &hc, nil } -func setupSecurityContext(s *specgen.SpecGenerator, containerYAML v1.Container) { - if containerYAML.SecurityContext == nil { +func setupSecurityContext(s *specgen.SpecGenerator, securityContext *v1.SecurityContext) { + if securityContext == nil { return } - if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil { - s.ReadOnlyFilesystem = *containerYAML.SecurityContext.ReadOnlyRootFilesystem + if securityContext.ReadOnlyRootFilesystem != nil { + s.ReadOnlyFilesystem = *securityContext.ReadOnlyRootFilesystem } - if containerYAML.SecurityContext.Privileged != nil { - s.Privileged = *containerYAML.SecurityContext.Privileged + if securityContext.Privileged != nil { + s.Privileged = *securityContext.Privileged } - if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil { - s.NoNewPrivileges = !*containerYAML.SecurityContext.AllowPrivilegeEscalation + if securityContext.AllowPrivilegeEscalation != nil { + s.NoNewPrivileges = !*securityContext.AllowPrivilegeEscalation } - if seopt := containerYAML.SecurityContext.SELinuxOptions; seopt != nil { + if seopt := securityContext.SELinuxOptions; seopt != nil { if seopt.User != "" { s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("user:%s", seopt.User)) } @@ -560,7 +560,7 @@ func setupSecurityContext(s *specgen.SpecGenerator, containerYAML v1.Container) s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("level:%s", seopt.Level)) } } - if caps := containerYAML.SecurityContext.Capabilities; caps != nil { + if caps := securityContext.Capabilities; caps != nil { for _, capability := range caps.Add { s.CapAdd = append(s.CapAdd, string(capability)) } @@ -568,14 +568,14 @@ func setupSecurityContext(s *specgen.SpecGenerator, containerYAML v1.Container) s.CapDrop = append(s.CapDrop, string(capability)) } } - if containerYAML.SecurityContext.RunAsUser != nil { - s.User = fmt.Sprintf("%d", *containerYAML.SecurityContext.RunAsUser) + if securityContext.RunAsUser != nil { + s.User = fmt.Sprintf("%d", *securityContext.RunAsUser) } - if containerYAML.SecurityContext.RunAsGroup != nil { + if securityContext.RunAsGroup != nil { if s.User == "" { s.User = "0" } - s.User = fmt.Sprintf("%s:%d", s.User, *containerYAML.SecurityContext.RunAsGroup) + s.User = fmt.Sprintf("%s:%d", s.User, *securityContext.RunAsGroup) } } |