github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Clean up TODOs

Browse Source
This commit is contained in:
Jordan Liggitt 2019-10-03 09:23:10 -04:00
parent bce9d225b1
commit 92ea33efc5
2 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plugin/pkg/admission/noderestriction/admission.go
View File

@ -357,7 +357,7 @@ func (p *Plugin) admitNode(nodeName string, a admission.Attributes) error {
return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to set the following labels: %s", nodeName, strings.Join(forbiddenLabels.List(), ", "))) return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to set the following labels: %s", nodeName, strings.Join(forbiddenLabels.List(), ", ")))
} }
// check and warn if nodes set labels on create that would have been forbidden on update // check and warn if nodes set labels on create that would have been forbidden on update
// TODO(liggitt): in 1.17, expand getForbiddenCreateLabels to match getForbiddenUpdateLabels and drop this // TODO(liggitt): in 1.19, expand getForbiddenCreateLabels to match getForbiddenUpdateLabels and drop this
if forbiddenUpdateLabels := p.getForbiddenUpdateLabels(modifiedLabels); len(forbiddenUpdateLabels) > 0 { if forbiddenUpdateLabels := p.getForbiddenUpdateLabels(modifiedLabels); len(forbiddenUpdateLabels) > 0 {
klog.Warningf("node %q added disallowed labels on node creation: %s", nodeName, strings.Join(forbiddenUpdateLabels.List(), ", ")) klog.Warningf("node %q added disallowed labels on node creation: %s", nodeName, strings.Join(forbiddenUpdateLabels.List(), ", "))
} }
@ -435,7 +435,7 @@ func getLabelNamespace(key string) string {
} }
// getForbiddenCreateLabels returns the set of labels that may not be set by the node. // getForbiddenCreateLabels returns the set of labels that may not be set by the node.
// TODO(liggitt): in 1.17, expand to match getForbiddenUpdateLabels() // TODO(liggitt): in 1.19, expand to match getForbiddenUpdateLabels()
func (p *Plugin) getForbiddenCreateLabels(modifiedLabels sets.String) sets.String { func (p *Plugin) getForbiddenCreateLabels(modifiedLabels sets.String) sets.String {
if len(modifiedLabels) == 0 { if len(modifiedLabels) == 0 {
return nil return nil

2
plugin/pkg/admission/security/podsecuritypolicy/admission.go
View File

@ -118,7 +118,6 @@ func (p *Plugin) Admit(ctx context.Context, a admission.Attributes, o admission.
} }
// only mutate if this is a CREATE request. On updates we only validate. // only mutate if this is a CREATE request. On updates we only validate.
// TODO(liggitt): allow spec mutation during initializing updates?
if a.GetOperation() != admission.Create { if a.GetOperation() != admission.Create {
return nil return nil
} }
@ -228,7 +227,6 @@ func (p *Plugin) computeSecurityContext(ctx context.Context, a admission.Attribu
// sort policies by name to make order deterministic // sort policies by name to make order deterministic
// If mutation is not allowed and validatedPSPHint is provided, check the validated policy first. // If mutation is not allowed and validatedPSPHint is provided, check the validated policy first.
// TODO(liggitt): add priority field to allow admins to bucket differently
sort.SliceStable(policies, func(i, j int) bool { sort.SliceStable(policies, func(i, j int) bool {
if !specMutationAllowed { if !specMutationAllowed {
if policies[i].Name == validatedPSPHint { if policies[i].Name == validatedPSPHint {