Cosmetical fixes for sysctl psp

2025-09-14 13:45:06 +00:00 · 2016-09-30 09:08:22 +02:00
parent 5e231d1312
commit a62a64550c
4 changed files with 8 additions and 15 deletions
--- a/pkg/security/podsecuritypolicy/factory.go
+++ b/pkg/security/podsecuritypolicy/factory.go
@@ -79,10 +79,7 @@ func (f *simpleStrategyFactory) CreateStrategies(psp *extensions.PodSecurityPoli
 			errs = append(errs, err)
 		}
 	}
-	sysctlsStrat, err := createSysctlsStrategy(unsafeSysctls)
-	if err != nil {
-		errs = append(errs, err)
-	}
+	sysctlsStrat := createSysctlsStrategy(unsafeSysctls)

 	if len(errs) > 0 {
 		return nil, errors.NewAggregate(errs)
@@ -162,6 +159,6 @@ func createCapabilitiesStrategy(defaultAddCaps, requiredDropCaps, allowedCaps []
 }

 // createSysctlsStrategy creates a new unsafe sysctls strategy.
-func createSysctlsStrategy(sysctlsPatterns []string) (sysctl.SysctlsStrategy, error) {
+func createSysctlsStrategy(sysctlsPatterns []string) sysctl.SysctlsStrategy {
 	return sysctl.NewMustMatchPatterns(sysctlsPatterns)
 }
--- a/pkg/security/podsecuritypolicy/sysctl/mustmatchpatterns.go
+++ b/pkg/security/podsecuritypolicy/sysctl/mustmatchpatterns.go
@@ -35,15 +35,15 @@ var (
 	defaultSysctlsPatterns = []string{"*"}
 )

-// NewMustMatchPatterns creates a new mustMatchPattern strategy that will provide validation.
+// NewMustMatchPatterns creates a new mustMatchPatterns strategy that will provide validation.
 // Passing nil means the default pattern, passing an empty list means to disallow all sysctls.
-func NewMustMatchPatterns(patterns []string) (SysctlsStrategy, error) {
+func NewMustMatchPatterns(patterns []string) SysctlsStrategy {
 	if patterns == nil {
 		patterns = defaultSysctlsPatterns
 	}
 	return &mustMatchPatterns{
 		patterns: patterns,
-	}, nil
+	}
 }

 // Validate ensures that the specified values fall within the range of the strategy.
--- a/pkg/security/podsecuritypolicy/sysctl/mustmatchpatterns_test.go
+++ b/pkg/security/podsecuritypolicy/sysctl/mustmatchpatterns_test.go
@@ -58,11 +58,7 @@ func TestValidate(t *testing.T) {
 	}

 	for k, v := range tests {
-		strategy, err := NewMustMatchPatterns(v.patterns)
-		if err != nil {
-			t.Errorf("%s failed: %v", k, err)
-			continue
-		}
+		strategy := NewMustMatchPatterns(v.patterns)

 		pod := &api.Pod{}
 		errs := strategy.Validate(pod)
--- a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
+++ b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
@@ -1117,12 +1117,12 @@ func TestAdmitSysctls(t *testing.T) {
 			shouldPass:  true,
 			expectedPSP: mixedSysctls.Name,
 		},
-		"pod with not-matching unsafe sysctls request allowed under mixedSysctls PSP": {
+		"pod with not-matching unsafe sysctls request disallowed under mixedSysctls PSP": {
 			pod:        podWithSysctls([]string{"a.b", "b.c", "c", "d.e.f"}, []string{"e"}),
 			psps:       []*extensions.PodSecurityPolicy{mixedSysctls},
 			shouldPass: false,
 		},
-		"pod with not-matching safe sysctls request allowed under mixedSysctls PSP": {
+		"pod with not-matching safe sysctls request disallowed under mixedSysctls PSP": {
 			pod:        podWithSysctls([]string{"a.b", "b.c", "c", "d.e.f", "e"}, []string{}),
 			psps:       []*extensions.PodSecurityPolicy{mixedSysctls},
 			shouldPass: false,