From b88a640ef82a97e0f6b5d88002b4058b72e9d2c9 Mon Sep 17 00:00:00 2001
From: Slava Semushin <vsemushi@redhat.com>
Date: Fri, 6 Oct 2017 18:00:23 +0200
Subject: [PATCH] PSP: teach fuzzer about fsGroup/supplementalGroups
 strategies.

---
 pkg/apis/extensions/fuzzer/fuzzer.go | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/pkg/apis/extensions/fuzzer/fuzzer.go b/pkg/apis/extensions/fuzzer/fuzzer.go
index a36148b79d7..f8f3b3d374a 100644
--- a/pkg/apis/extensions/fuzzer/fuzzer.go
+++ b/pkg/apis/extensions/fuzzer/fuzzer.go
@@ -57,10 +57,31 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
 		},
 		func(psp *extensions.PodSecurityPolicySpec, c fuzz.Continue) {
 			c.FuzzNoCustom(psp) // fuzz self without calling this function again
-			runAsUserRules := []extensions.RunAsUserStrategy{extensions.RunAsUserStrategyMustRunAsNonRoot, extensions.RunAsUserStrategyMustRunAs, extensions.RunAsUserStrategyRunAsAny}
+
+			runAsUserRules := []extensions.RunAsUserStrategy{
+				extensions.RunAsUserStrategyMustRunAsNonRoot,
+				extensions.RunAsUserStrategyMustRunAs,
+				extensions.RunAsUserStrategyRunAsAny,
+			}
 			psp.RunAsUser.Rule = runAsUserRules[c.Rand.Intn(len(runAsUserRules))]
-			seLinuxRules := []extensions.SELinuxStrategy{extensions.SELinuxStrategyRunAsAny, extensions.SELinuxStrategyMustRunAs}
+
+			seLinuxRules := []extensions.SELinuxStrategy{
+				extensions.SELinuxStrategyMustRunAs,
+				extensions.SELinuxStrategyRunAsAny,
+			}
 			psp.SELinux.Rule = seLinuxRules[c.Rand.Intn(len(seLinuxRules))]
+
+			supplementalGroupsRules := []extensions.SupplementalGroupsStrategyType{
+				extensions.SupplementalGroupsStrategyRunAsAny,
+				extensions.SupplementalGroupsStrategyMustRunAs,
+			}
+			psp.SupplementalGroups.Rule = supplementalGroupsRules[c.Rand.Intn(len(supplementalGroupsRules))]
+
+			fsGroupRules := []extensions.FSGroupStrategyType{
+				extensions.FSGroupStrategyMustRunAs,
+				extensions.FSGroupStrategyRunAsAny,
+			}
+			psp.FSGroup.Rule = fsGroupRules[c.Rand.Intn(len(fsGroupRules))]
 		},
 		func(s *extensions.Scale, c fuzz.Continue) {
 			c.FuzzNoCustom(s) // fuzz self without calling this function again