github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 04:33:26 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #84111 from FayerZhang/master

Browse Source 
fix golint failures of kubernetes/pkg/security/apparmor
This commit is contained in:
Kubernetes Prow Robot 2019-11-05 08:46:39 -08:00 committed by GitHub
commit 0685cf29ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hack/.golint_failures
View File

@ -215,7 +215,6 @@ pkg/registry/storage/rest
pkg/registry/storage/storageclass pkg/registry/storage/storageclass
pkg/registry/storage/storageclass/storage pkg/registry/storage/storageclass/storage
pkg/scheduler/apis/config/v1alpha1 pkg/scheduler/apis/config/v1alpha1
pkg/security/apparmor
pkg/security/podsecuritypolicy pkg/security/podsecuritypolicy
pkg/security/podsecuritypolicy/group pkg/security/podsecuritypolicy/group
pkg/security/podsecuritypolicy/selinux pkg/security/podsecuritypolicy/selinux

6
pkg/security/apparmor/helpers.go
View File

@ -50,7 +50,7 @@ func isRequired(pod *v1.Pod) bool {
return false return false
} }
// Returns the name of the profile to use with the container. // GetProfileName returns the name of the profile to use with the container.
func GetProfileName(pod *v1.Pod, containerName string) string { func GetProfileName(pod *v1.Pod, containerName string) string {
return GetProfileNameFromPodAnnotations(pod.Annotations, containerName) return GetProfileNameFromPodAnnotations(pod.Annotations, containerName)
} }
@ -61,7 +61,7 @@ func GetProfileNameFromPodAnnotations(annotations map[string]string, containerNa
return annotations[ContainerAnnotationKeyPrefix+containerName] return annotations[ContainerAnnotationKeyPrefix+containerName]
} }
// Sets the name of the profile to use with the container. // SetProfileName sets the name of the profile to use with the container.
func SetProfileName(pod *v1.Pod, containerName, profileName string) error { func SetProfileName(pod *v1.Pod, containerName, profileName string) error {
if pod.Annotations == nil { if pod.Annotations == nil {
pod.Annotations = map[string]string{} pod.Annotations = map[string]string{}
@ -70,7 +70,7 @@ func SetProfileName(pod *v1.Pod, containerName, profileName string) error {
return nil return nil
} }
// Sets the name of the profile to use with the container. // SetProfileNameFromPodAnnotations sets the name of the profile to use with the container.
func SetProfileNameFromPodAnnotations(annotations map[string]string, containerName, profileName string) error { func SetProfileNameFromPodAnnotations(annotations map[string]string, containerName, profileName string) error {
if annotations == nil { if annotations == nil {
return nil return nil

10
pkg/security/apparmor/validate.go
View File

@ -37,12 +37,13 @@ import (
// Set to true if the wrong build tags are set (see validate_disabled.go). // Set to true if the wrong build tags are set (see validate_disabled.go).
var isDisabledBuild bool var isDisabledBuild bool
// Interface for validating that a pod with an AppArmor profile can be run by a Node. // Validator is a interface for validating that a pod with an AppArmor profile can be run by a Node.
type Validator interface { type Validator interface {
Validate(pod *v1.Pod) error Validate(pod *v1.Pod) error
ValidateHost() error ValidateHost() error
} }
// NewValidator is in order to find AppArmor FS
func NewValidator(runtime string) Validator { func NewValidator(runtime string) Validator {
if err := validateHost(runtime); err != nil { if err := validateHost(runtime); err != nil {
return &validator{validateHostErr: err} return &validator{validateHostErr: err}
@ -134,6 +135,7 @@ func validateProfile(profile string, loadedProfiles map[string]bool) error {
return nil return nil
} }
// ValidateProfileFormat checks the format of the profile.
func ValidateProfileFormat(profile string) error { func ValidateProfileFormat(profile string) error {
if profile == "" || profile == ProfileRuntimeDefault || profile == ProfileNameUnconfined { if profile == "" || profile == ProfileRuntimeDefault || profile == ProfileNameUnconfined {
return nil return nil
@ -198,12 +200,10 @@ func getAppArmorFS() (string, error) {
msg := fmt.Sprintf("path %s does not exist", appArmorFS) msg := fmt.Sprintf("path %s does not exist", appArmorFS)
if err != nil { if err != nil {
return "", fmt.Errorf("%s: %v", msg, err) return "", fmt.Errorf("%s: %v", msg, err)
} else {
return "", errors.New(msg)
} }
} else { return "", errors.New(msg)
return appArmorFS, nil
} }
return appArmorFS, nil
} }
} }
if err := scanner.Err(); err != nil { if err := scanner.Err(); err != nil {