From be1c85d915d98f7a8a069a8512b036410eb341ca Mon Sep 17 00:00:00 2001
From: wawa0210 <xiaozhang0210@hotmail.com>
Date: Sat, 19 Sep 2020 09:54:09 +0800
Subject: [PATCH] Enhance the prompt information of verifyRunAsNonRoot, add
 pod, container information

---
 pkg/kubelet/kuberuntime/security_context_others.go  |  7 ++++---
 pkg/kubelet/kuberuntime/security_context_windows.go | 11 ++++++-----
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/pkg/kubelet/kuberuntime/security_context_others.go b/pkg/kubelet/kuberuntime/security_context_others.go
index 1f847a56784..3ea7526b094 100644
--- a/pkg/kubelet/kuberuntime/security_context_others.go
+++ b/pkg/kubelet/kuberuntime/security_context_others.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 
 	"k8s.io/api/core/v1"
+	"k8s.io/kubernetes/pkg/kubelet/util/format"
 	"k8s.io/kubernetes/pkg/securitycontext"
 )
 
@@ -35,16 +36,16 @@ func verifyRunAsNonRoot(pod *v1.Pod, container *v1.Container, uid *int64, userna
 
 	if effectiveSc.RunAsUser != nil {
 		if *effectiveSc.RunAsUser == 0 {
-			return fmt.Errorf("container's runAsUser breaks non-root policy")
+			return fmt.Errorf("container's runAsUser breaks non-root policy (pod: %q, container: %s)", format.Pod(pod), container.Name)
 		}
 		return nil
 	}
 
 	switch {
 	case uid != nil && *uid == 0:
-		return fmt.Errorf("container has runAsNonRoot and image will run as root")
+		return fmt.Errorf("container has runAsNonRoot and image will run as root (pod: %q, container: %s)", format.Pod(pod), container.Name)
 	case uid == nil && len(username) > 0:
-		return fmt.Errorf("container has runAsNonRoot and image has non-numeric user (%s), cannot verify user is non-root", username)
+		return fmt.Errorf("container has runAsNonRoot and image has non-numeric user (%s), cannot verify user is non-root (pod: %q, container: %s)", username, format.Pod(pod), container.Name)
 	default:
 		return nil
 	}
diff --git a/pkg/kubelet/kuberuntime/security_context_windows.go b/pkg/kubelet/kuberuntime/security_context_windows.go
index 400116f7d1c..6320d217737 100644
--- a/pkg/kubelet/kuberuntime/security_context_windows.go
+++ b/pkg/kubelet/kuberuntime/security_context_windows.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"k8s.io/api/core/v1"
 	"k8s.io/klog/v2"
+	"k8s.io/kubernetes/pkg/kubelet/util/format"
 	"k8s.io/kubernetes/pkg/securitycontext"
 )
 
@@ -42,24 +43,24 @@ func verifyRunAsNonRoot(pod *v1.Pod, container *v1.Container, uid *int64, userna
 		return nil
 	}
 	if effectiveSc.RunAsUser != nil {
-		klog.Warningf("Windows container does not support SecurityContext.RunAsUser, please use SecurityContext.WindowsOptions")
+		klog.Warningf("Windows container does not support SecurityContext.RunAsUser, please use SecurityContext.WindowsOptions (pod: %q, container: %s)", format.Pod(pod), container.Name)
 	}
 	if effectiveSc.SELinuxOptions != nil {
-		klog.Warningf("Windows container does not support SecurityContext.SELinuxOptions, please use SecurityContext.WindowsOptions")
+		klog.Warningf("Windows container does not support SecurityContext.SELinuxOptions, please use SecurityContext.WindowsOptions (pod: %q, container: %s)", format.Pod(pod), container.Name)
 	}
 	if effectiveSc.RunAsGroup != nil {
-		klog.Warningf("Windows container does not support SecurityContext.RunAsGroup")
+		klog.Warningf("Windows container does not support SecurityContext.RunAsGroup (pod: %q, container: %s)", format.Pod(pod), container.Name)
 	}
 	if effectiveSc.WindowsOptions != nil {
 		if effectiveSc.WindowsOptions.RunAsUserName != nil {
 			if *effectiveSc.WindowsOptions.RunAsUserName == windowsRootUserName {
-				return fmt.Errorf("container's runAsUser (%s) which will be regarded as root identity and will break non-root policy", username)
+				return fmt.Errorf("container's runAsUser (%s) which will be regarded as root identity and will break non-root policy (pod: %q, container: %s)", username, format.Pod(pod), container.Name)
 			}
 			return nil
 		}
 	}
 	if len(username) > 0 && username == windowsRootUserName {
-		return fmt.Errorf("container's runAsUser (%s) which will be regarded as root identity and will break non-root policy", username)
+		return fmt.Errorf("container's runAsUser (%s) which will be regarded as root identity and will break non-root policy (pod: %q, container: %s)", username, format.Pod(pod), container.Name)
 	}
 	return nil
 }