From c0f33ddf087e93720710e9509c1c1d6bb47c51d1 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <liggitt@google.com>
Date: Wed, 27 Oct 2021 23:44:26 -0400
Subject: [PATCH] PodSecurity: fix level/version validation fieldpaths

---
 .../admission/api/helpers.go                  | 24 +++++++++----------
 .../pod-security-admission/api/helpers.go     | 12 +++++-----
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/staging/src/k8s.io/pod-security-admission/admission/api/helpers.go b/staging/src/k8s.io/pod-security-admission/admission/api/helpers.go
index 85313b5c262..86591615d15 100644
--- a/staging/src/k8s.io/pod-security-admission/admission/api/helpers.go
+++ b/staging/src/k8s.io/pod-security-admission/admission/api/helpers.go
@@ -34,45 +34,45 @@ func ToPolicy(defaults PodSecurityDefaults) (policyapi.Policy, error) {
 	)
 
 	if len(defaults.Enforce) == 0 {
-		errs = appendErr(errs, requiredErr, "Enforce.Level")
+		errs = appendErr(errs, requiredErr, "enforce")
 	} else {
 		p.Enforce.Level, err = policyapi.ParseLevel(defaults.Enforce)
-		errs = appendErr(errs, err, "Enforce.Level")
+		errs = appendErr(errs, err, "enforce")
 	}
 
 	if len(defaults.EnforceVersion) == 0 {
-		errs = appendErr(errs, requiredErr, "Enforce.Version")
+		errs = appendErr(errs, requiredErr, "enforce-version")
 	} else {
 		p.Enforce.Version, err = policyapi.ParseVersion(defaults.EnforceVersion)
-		errs = appendErr(errs, err, "Enforce.Version")
+		errs = appendErr(errs, err, "enforce-version")
 	}
 
 	if len(defaults.Audit) == 0 {
-		errs = appendErr(errs, requiredErr, "Audit.Level")
+		errs = appendErr(errs, requiredErr, "audit")
 	} else {
 		p.Audit.Level, err = policyapi.ParseLevel(defaults.Audit)
-		errs = appendErr(errs, err, "Audit.Level")
+		errs = appendErr(errs, err, "audit")
 	}
 
 	if len(defaults.AuditVersion) == 0 {
-		errs = appendErr(errs, requiredErr, "Audit.Version")
+		errs = appendErr(errs, requiredErr, "audit-version")
 	} else {
 		p.Audit.Version, err = policyapi.ParseVersion(defaults.AuditVersion)
-		errs = appendErr(errs, err, "Audit.Version")
+		errs = appendErr(errs, err, "audit-version")
 	}
 
 	if len(defaults.Warn) == 0 {
-		errs = appendErr(errs, requiredErr, "Warn.Level")
+		errs = appendErr(errs, requiredErr, "warn")
 	} else {
 		p.Warn.Level, err = policyapi.ParseLevel(defaults.Warn)
-		errs = appendErr(errs, err, "Warn.Level")
+		errs = appendErr(errs, err, "warn")
 	}
 
 	if len(defaults.WarnVersion) == 0 {
-		errs = appendErr(errs, requiredErr, "Warn.Version")
+		errs = appendErr(errs, requiredErr, "warn-version")
 	} else {
 		p.Warn.Version, err = policyapi.ParseVersion(defaults.WarnVersion)
-		errs = appendErr(errs, err, "Warn.Version")
+		errs = appendErr(errs, err, "warn-version")
 	}
 
 	return p, errors.NewAggregate(errs)
diff --git a/staging/src/k8s.io/pod-security-admission/api/helpers.go b/staging/src/k8s.io/pod-security-admission/api/helpers.go
index e3dafe6d0f0..4f946a92aa9 100644
--- a/staging/src/k8s.io/pod-security-admission/api/helpers.go
+++ b/staging/src/k8s.io/pod-security-admission/api/helpers.go
@@ -158,33 +158,33 @@ func PolicyToEvaluate(labels map[string]string, defaults Policy) (Policy, error)
 	)
 	if level, ok := labels[EnforceLevelLabel]; ok {
 		p.Enforce.Level, err = ParseLevel(level)
-		errs = appendErr(errs, err, "Enforce.Level")
+		errs = appendErr(errs, err, EnforceLevelLabel)
 	}
 	if version, ok := labels[EnforceVersionLabel]; ok {
 		p.Enforce.Version, err = ParseVersion(version)
-		errs = appendErr(errs, err, "Enforce.Version")
+		errs = appendErr(errs, err, EnforceVersionLabel)
 	}
 	if level, ok := labels[AuditLevelLabel]; ok {
 		p.Audit.Level, err = ParseLevel(level)
-		errs = appendErr(errs, err, "Audit.Level")
+		errs = appendErr(errs, err, AuditLevelLabel)
 		if err != nil {
 			p.Audit.Level = LevelPrivileged // Fail open for audit.
 		}
 	}
 	if version, ok := labels[AuditVersionLabel]; ok {
 		p.Audit.Version, err = ParseVersion(version)
-		errs = appendErr(errs, err, "Audit.Version")
+		errs = appendErr(errs, err, AuditVersionLabel)
 	}
 	if level, ok := labels[WarnLevelLabel]; ok {
 		p.Warn.Level, err = ParseLevel(level)
-		errs = appendErr(errs, err, "Warn.Level")
+		errs = appendErr(errs, err, WarnLevelLabel)
 		if err != nil {
 			p.Warn.Level = LevelPrivileged // Fail open for warn.
 		}
 	}
 	if version, ok := labels[WarnVersionLabel]; ok {
 		p.Warn.Version, err = ParseVersion(version)
-		errs = appendErr(errs, err, "Warn.Version")
+		errs = appendErr(errs, err, WarnVersionLabel)
 	}
 	return p, errors.NewAggregate(errs)
 }