diff --git a/pkg/security/podsecuritypolicy/provider.go b/pkg/security/podsecuritypolicy/provider.go index 0d171e1db1b..1c608ef81da 100644 --- a/pkg/security/podsecuritypolicy/provider.go +++ b/pkg/security/podsecuritypolicy/provider.go @@ -334,7 +334,7 @@ func (s *simpleProvider) ValidateContainerSecurityContext(pod *api.Pod, containe return allErrs } -// hasHostPort checks the port definitions on the container for HostPort > 0. +// hasInvalidHostPort checks whether the port definitions on the container fall outside of the ranges allowed by the PSP. func (s *simpleProvider) hasInvalidHostPort(container *api.Container, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} for _, cp := range container.Ports { diff --git a/pkg/security/podsecuritypolicy/provider_test.go b/pkg/security/podsecuritypolicy/provider_test.go index 2dc6111c779..48846848b75 100644 --- a/pkg/security/podsecuritypolicy/provider_test.go +++ b/pkg/security/podsecuritypolicy/provider_test.go @@ -621,7 +621,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) { api.SeccompPodAnnotationKey: "foo", } - errorCases := map[string]struct { + successCases := map[string]struct { pod *api.Pod psp *extensions.PodSecurityPolicy }{ @@ -679,7 +679,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) { }, } - for k, v := range errorCases { + for k, v := range successCases { provider, err := NewSimpleProvider(v.psp, "namespace", NewSimpleStrategyFactory()) if err != nil { t.Fatalf("unable to create provider %v", err) @@ -693,25 +693,6 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) { } func TestValidateContainerSecurityContextSuccess(t *testing.T) { - var notPriv bool = false - defaultPod := func() *api.Pod { - return &api.Pod{ - Spec: api.PodSpec{ - SecurityContext: &api.PodSecurityContext{}, - Containers: []api.Container{ - { - Name: defaultContainerName, - SecurityContext: &api.SecurityContext{ - // expected to be set by defaulting mechanisms - Privileged: ¬Priv, - // fill in the rest for test cases - }, - }, - }, - }, - } - } - // success user strat userPSP := defaultPSP() uid := int64(999) @@ -805,7 +786,7 @@ func TestValidateContainerSecurityContextSuccess(t *testing.T) { api.SeccompPodAnnotationKey: "foo", } - errorCases := map[string]struct { + successCases := map[string]struct { pod *api.Pod psp *extensions.PodSecurityPolicy }{ @@ -863,7 +844,7 @@ func TestValidateContainerSecurityContextSuccess(t *testing.T) { }, } - for k, v := range errorCases { + for k, v := range successCases { provider, err := NewSimpleProvider(v.psp, "namespace", NewSimpleStrategyFactory()) if err != nil { t.Fatalf("unable to create provider %v", err)