From abc7c077e190e11ff93278a5f009a6512fc9e937 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <jliggitt@redhat.com>
Date: Sun, 15 Oct 2017 22:48:36 -0400
Subject: [PATCH] PodSecurityPolicy: avoid unnecessary mutation of supplemental
 groups

---
 pkg/security/podsecuritypolicy/group/runasany.go                | 2 +-
 pkg/security/podsecuritypolicy/provider.go                      | 2 +-
 .../pkg/admission/security/podsecuritypolicy/admission_test.go  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/security/podsecuritypolicy/group/runasany.go b/pkg/security/podsecuritypolicy/group/runasany.go
index 0d3f1182e09..aff046d50b5 100644
--- a/pkg/security/podsecuritypolicy/group/runasany.go
+++ b/pkg/security/podsecuritypolicy/group/runasany.go
@@ -34,7 +34,7 @@ func NewRunAsAny() (GroupStrategy, error) {
 
 // Generate creates the group based on policy rules.  This strategy returns an empty slice.
 func (s *runAsAny) Generate(pod *api.Pod) ([]int64, error) {
-	return []int64{}, nil
+	return nil, nil
 }
 
 // Generate a single value to be applied.  This is used for FSGroup.  This strategy returns nil.
diff --git a/pkg/security/podsecuritypolicy/provider.go b/pkg/security/podsecuritypolicy/provider.go
index ad43fa6d367..a3bfa0d7747 100644
--- a/pkg/security/podsecuritypolicy/provider.go
+++ b/pkg/security/podsecuritypolicy/provider.go
@@ -80,7 +80,7 @@ func (s *simpleProvider) CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurit
 	}
 	annotations := maps.CopySS(pod.Annotations)
 
-	if len(sc.SupplementalGroups) == 0 {
+	if sc.SupplementalGroups == nil {
 		supGroups, err := s.strategies.SupplementalGroupStrategy.Generate(pod)
 		if err != nil {
 			return nil, nil, err
diff --git a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
index b6bafdbbb82..585f2f8f10d 100644
--- a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
+++ b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
@@ -993,7 +993,7 @@ func TestAdmitSupplementalGroups(t *testing.T) {
 			pod:               goodPod(),
 			psps:              []*extensions.PodSecurityPolicy{runAsAny},
 			shouldPass:        true,
-			expectedSupGroups: []int64{},
+			expectedSupGroups: nil,
 			expectedPSP:       runAsAny.Name,
 		},
 		"runAsAny pod request": {