Merge pull request #63438 from php-coder/psp_unix_user_and_group_id

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Use single struct in internal type to reduce difference with external type

**What this PR does / why we need it**:
This PR reduces the differences between internal and external types by removing leftovers after revert of one of the changes.

**Special notes for your reviewer**:
We had `IDRange` in both types prior 9440a68744 commit (https://github.com/kubernetes/kubernetes/pull/44714) that splitted it into `UserIDRange`/`GroupIDRange`. Later, in c91a12d205 commit (https://github.com/kubernetes/kubernetes/pull/47824) we had to revert these changes because they broke backward compatibility but `UserIDRange`/`GroupIDRange` structs were left in the internal type.

pkg/apis/extensions/v1beta1/zz_generated.conversion.go

@@ -89,6 +89,8 @@ func RegisterConversions(scheme *runtime.Scheme) error {
 		Convert_extensions_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue,
 		Convert_v1beta1_HostPortRange_To_policy_HostPortRange,
 		Convert_policy_HostPortRange_To_v1beta1_HostPortRange,
+		Convert_v1beta1_IDRange_To_policy_IDRange,
+		Convert_policy_IDRange_To_v1beta1_IDRange,
 		Convert_v1beta1_Ingress_To_extensions_Ingress,
 		Convert_extensions_Ingress_To_v1beta1_Ingress,
 		Convert_v1beta1_IngressBackend_To_extensions_IngressBackend,
@@ -718,7 +720,7 @@ func autoConvert_extensions_DeploymentStrategy_To_v1beta1_DeploymentStrategy(in
 
 func autoConvert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(in *v1beta1.FSGroupStrategyOptions, out *policy.FSGroupStrategyOptions, s conversion.Scope) error {
 	out.Rule = policy.FSGroupStrategyType(in.Rule)
-	out.Ranges = *(*[]policy.GroupIDRange)(unsafe.Pointer(&in.Ranges))
+	out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
 	return nil
 }
 
@@ -806,6 +808,28 @@ func Convert_policy_HostPortRange_To_v1beta1_HostPortRange(in *policy.HostPortRa
 	return autoConvert_policy_HostPortRange_To_v1beta1_HostPortRange(in, out, s)
 }
 
+func autoConvert_v1beta1_IDRange_To_policy_IDRange(in *v1beta1.IDRange, out *policy.IDRange, s conversion.Scope) error {
+	out.Min = in.Min
+	out.Max = in.Max
+	return nil
+}
+
+// Convert_v1beta1_IDRange_To_policy_IDRange is an autogenerated conversion function.
+func Convert_v1beta1_IDRange_To_policy_IDRange(in *v1beta1.IDRange, out *policy.IDRange, s conversion.Scope) error {
+	return autoConvert_v1beta1_IDRange_To_policy_IDRange(in, out, s)
+}
+
+func autoConvert_policy_IDRange_To_v1beta1_IDRange(in *policy.IDRange, out *v1beta1.IDRange, s conversion.Scope) error {
+	out.Min = in.Min
+	out.Max = in.Max
+	return nil
+}
+
+// Convert_policy_IDRange_To_v1beta1_IDRange is an autogenerated conversion function.
+func Convert_policy_IDRange_To_v1beta1_IDRange(in *policy.IDRange, out *v1beta1.IDRange, s conversion.Scope) error {
+	return autoConvert_policy_IDRange_To_v1beta1_IDRange(in, out, s)
+}
+
 func autoConvert_v1beta1_Ingress_To_extensions_Ingress(in *v1beta1.Ingress, out *extensions.Ingress, s conversion.Scope) error {
 	out.ObjectMeta = in.ObjectMeta
 	if err := Convert_v1beta1_IngressSpec_To_extensions_IngressSpec(&in.Spec, &out.Spec, s); err != nil {
@@ -1360,7 +1384,7 @@ func autoConvert_extensions_RollingUpdateDeployment_To_v1beta1_RollingUpdateDepl
 
 func autoConvert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in *v1beta1.RunAsUserStrategyOptions, out *policy.RunAsUserStrategyOptions, s conversion.Scope) error {
 	out.Rule = policy.RunAsUserStrategy(in.Rule)
-	out.Ranges = *(*[]policy.UserIDRange)(unsafe.Pointer(&in.Ranges))
+	out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
 	return nil
 }
 
@@ -1469,7 +1493,7 @@ func autoConvert_autoscaling_ScaleStatus_To_v1beta1_ScaleStatus(in *autoscaling.
 
 func autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(in *v1beta1.SupplementalGroupsStrategyOptions, out *policy.SupplementalGroupsStrategyOptions, s conversion.Scope) error {
 	out.Rule = policy.SupplementalGroupsStrategyType(in.Rule)
-	out.Ranges = *(*[]policy.GroupIDRange)(unsafe.Pointer(&in.Ranges))
+	out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
 	return nil
 }
 

pkg/apis/policy/types.go

@@ -312,19 +312,11 @@ type RunAsUserStrategyOptions struct {
 	// Ranges are the allowed ranges of uids that may be used. If you would like to force a single uid
 	// then supply a single range with the same start and end. Required for MustRunAs.
 	// +optional
-	Ranges []UserIDRange
+	Ranges []IDRange
 }
 
-// UserIDRange provides a min/max of an allowed range of UserIDs.
-type UserIDRange struct {
-	// Min is the start of the range, inclusive.
-	Min int64
-	// Max is the end of the range, inclusive.
-	Max int64
-}
-
-// GroupIDRange provides a min/max of an allowed range of GroupIDs.
-type GroupIDRange struct {
+// IDRange provides a min/max of an allowed range of IDs.
+type IDRange struct {
 	// Min is the start of the range, inclusive.
 	Min int64
 	// Max is the end of the range, inclusive.
@@ -352,7 +344,7 @@ type FSGroupStrategyOptions struct {
 	// Ranges are the allowed ranges of fs groups.  If you would like to force a single
 	// fs group then supply a single range with the same start and end. Required for MustRunAs.
 	// +optional
-	Ranges []GroupIDRange
+	Ranges []IDRange
 }
 
 // FSGroupStrategyType denotes strategy types for generating FSGroup values for a
@@ -374,7 +366,7 @@ type SupplementalGroupsStrategyOptions struct {
 	// Ranges are the allowed ranges of supplemental groups.  If you would like to force a single
 	// supplemental group then supply a single range with the same start and end. Required for MustRunAs.
 	// +optional
-	Ranges []GroupIDRange
+	Ranges []IDRange
 }
 
 // SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental

pkg/apis/policy/v1beta1/zz_generated.conversion.go

@@ -51,6 +51,8 @@ func RegisterConversions(scheme *runtime.Scheme) error {
 		Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions,
 		Convert_v1beta1_HostPortRange_To_policy_HostPortRange,
 		Convert_policy_HostPortRange_To_v1beta1_HostPortRange,
+		Convert_v1beta1_IDRange_To_policy_IDRange,
+		Convert_policy_IDRange_To_v1beta1_IDRange,
 		Convert_v1beta1_PodDisruptionBudget_To_policy_PodDisruptionBudget,
 		Convert_policy_PodDisruptionBudget_To_v1beta1_PodDisruptionBudget,
 		Convert_v1beta1_PodDisruptionBudgetList_To_policy_PodDisruptionBudgetList,
@@ -138,7 +140,7 @@ func Convert_policy_Eviction_To_v1beta1_Eviction(in *policy.Eviction, out *v1bet
 
 func autoConvert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(in *v1beta1.FSGroupStrategyOptions, out *policy.FSGroupStrategyOptions, s conversion.Scope) error {
 	out.Rule = policy.FSGroupStrategyType(in.Rule)
-	out.Ranges = *(*[]policy.GroupIDRange)(unsafe.Pointer(&in.Ranges))
+	out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
 	return nil
 }
 
@@ -180,6 +182,28 @@ func Convert_policy_HostPortRange_To_v1beta1_HostPortRange(in *policy.HostPortRa
 	return autoConvert_policy_HostPortRange_To_v1beta1_HostPortRange(in, out, s)
 }
 
+func autoConvert_v1beta1_IDRange_To_policy_IDRange(in *v1beta1.IDRange, out *policy.IDRange, s conversion.Scope) error {
+	out.Min = in.Min
+	out.Max = in.Max
+	return nil
+}
+
+// Convert_v1beta1_IDRange_To_policy_IDRange is an autogenerated conversion function.
+func Convert_v1beta1_IDRange_To_policy_IDRange(in *v1beta1.IDRange, out *policy.IDRange, s conversion.Scope) error {
+	return autoConvert_v1beta1_IDRange_To_policy_IDRange(in, out, s)
+}
+
+func autoConvert_policy_IDRange_To_v1beta1_IDRange(in *policy.IDRange, out *v1beta1.IDRange, s conversion.Scope) error {
+	out.Min = in.Min
+	out.Max = in.Max
+	return nil
+}
+
+// Convert_policy_IDRange_To_v1beta1_IDRange is an autogenerated conversion function.
+func Convert_policy_IDRange_To_v1beta1_IDRange(in *policy.IDRange, out *v1beta1.IDRange, s conversion.Scope) error {
+	return autoConvert_policy_IDRange_To_v1beta1_IDRange(in, out, s)
+}
+
 func autoConvert_v1beta1_PodDisruptionBudget_To_policy_PodDisruptionBudget(in *v1beta1.PodDisruptionBudget, out *policy.PodDisruptionBudget, s conversion.Scope) error {
 	out.ObjectMeta = in.ObjectMeta
 	if err := Convert_v1beta1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec(&in.Spec, &out.Spec, s); err != nil {
@@ -432,7 +456,7 @@ func Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *p
 
 func autoConvert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in *v1beta1.RunAsUserStrategyOptions, out *policy.RunAsUserStrategyOptions, s conversion.Scope) error {
 	out.Rule = policy.RunAsUserStrategy(in.Rule)
-	out.Ranges = *(*[]policy.UserIDRange)(unsafe.Pointer(&in.Ranges))
+	out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
 	return nil
 }
 
@@ -476,7 +500,7 @@ func Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in
 
 func autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(in *v1beta1.SupplementalGroupsStrategyOptions, out *policy.SupplementalGroupsStrategyOptions, s conversion.Scope) error {
 	out.Rule = policy.SupplementalGroupsStrategyType(in.Rule)
-	out.Ranges = *(*[]policy.GroupIDRange)(unsafe.Pointer(&in.Ranges))
+	out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
 	return nil
 }
 

pkg/apis/policy/validation/validation.go

@@ -325,12 +325,12 @@ func validatePodSecurityPolicySysctls(fldPath *field.Path, sysctls []string) fie
 	return allErrs
 }
 
-func validateUserIDRange(fldPath *field.Path, rng policy.UserIDRange) field.ErrorList {
-	return validateIDRanges(fldPath, int64(rng.Min), int64(rng.Max))
+func validateUserIDRange(fldPath *field.Path, rng policy.IDRange) field.ErrorList {
+	return validateIDRanges(fldPath, rng.Min, rng.Max)
 }
 
-func validateGroupIDRange(fldPath *field.Path, rng policy.GroupIDRange) field.ErrorList {
-	return validateIDRanges(fldPath, int64(rng.Min), int64(rng.Max))
+func validateGroupIDRange(fldPath *field.Path, rng policy.IDRange) field.ErrorList {
+	return validateIDRanges(fldPath, rng.Min, rng.Max)
 }
 
 // validateIDRanges ensures the range is valid.

pkg/apis/policy/validation/validation_test.go

@@ -270,7 +270,7 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
 
 	invalidUIDPSP := validPSP()
 	invalidUIDPSP.Spec.RunAsUser.Rule = policy.RunAsUserStrategyMustRunAs
-	invalidUIDPSP.Spec.RunAsUser.Ranges = []policy.UserIDRange{{Min: -1, Max: 1}}
+	invalidUIDPSP.Spec.RunAsUser.Ranges = []policy.IDRange{{Min: -1, Max: 1}}
 
 	missingObjectMetaName := validPSP()
 	missingObjectMetaName.ObjectMeta.Name = ""
@@ -288,17 +288,17 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
 	invalidSupGroupStratType.Spec.SupplementalGroups.Rule = "invalid"
 
 	invalidRangeMinGreaterThanMax := validPSP()
-	invalidRangeMinGreaterThanMax.Spec.FSGroup.Ranges = []policy.GroupIDRange{
+	invalidRangeMinGreaterThanMax.Spec.FSGroup.Ranges = []policy.IDRange{
 		{Min: 2, Max: 1},
 	}
 
 	invalidRangeNegativeMin := validPSP()
-	invalidRangeNegativeMin.Spec.FSGroup.Ranges = []policy.GroupIDRange{
+	invalidRangeNegativeMin.Spec.FSGroup.Ranges = []policy.IDRange{
 		{Min: -1, Max: 10},
 	}
 
 	invalidRangeNegativeMax := validPSP()
-	invalidRangeNegativeMax.Spec.FSGroup.Ranges = []policy.GroupIDRange{
+	invalidRangeNegativeMax.Spec.FSGroup.Ranges = []policy.IDRange{
 		{Min: 1, Max: -10},
 	}
 
@@ -539,7 +539,7 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
 	mustRunAs.Spec.FSGroup.Rule = policy.FSGroupStrategyMustRunAs
 	mustRunAs.Spec.SupplementalGroups.Rule = policy.SupplementalGroupsStrategyMustRunAs
 	mustRunAs.Spec.RunAsUser.Rule = policy.RunAsUserStrategyMustRunAs
-	mustRunAs.Spec.RunAsUser.Ranges = []policy.UserIDRange{
+	mustRunAs.Spec.RunAsUser.Ranges = []policy.IDRange{
 		{Min: 1, Max: 1},
 	}
 	mustRunAs.Spec.SELinux.Rule = policy.SELinuxStrategyMustRunAs
@@ -733,8 +733,8 @@ func Test_validatePSPRunAsUser(t *testing.T) {
 		{"Invalid RunAsUserStrategy", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategy("someInvalidStrategy")}, true},
 		{"RunAsUserStrategyMustRunAs", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategyMustRunAs}, false},
 		{"RunAsUserStrategyMustRunAsNonRoot", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategyMustRunAsNonRoot}, false},
-		{"RunAsUserStrategyMustRunAsNonRoot With Valid Range", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategyMustRunAs, Ranges: []policy.UserIDRange{{Min: 2, Max: 3}, {Min: 4, Max: 5}}}, false},
-		{"RunAsUserStrategyMustRunAsNonRoot With Invalid Range", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategyMustRunAs, Ranges: []policy.UserIDRange{{Min: 2, Max: 3}, {Min: 5, Max: 4}}}, true},
+		{"RunAsUserStrategyMustRunAsNonRoot With Valid Range", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategyMustRunAs, Ranges: []policy.IDRange{{Min: 2, Max: 3}, {Min: 4, Max: 5}}}, false},
+		{"RunAsUserStrategyMustRunAsNonRoot With Invalid Range", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategyMustRunAs, Ranges: []policy.IDRange{{Min: 2, Max: 3}, {Min: 5, Max: 4}}}, true},
 	}
 
 	for _, testCase := range testCases {

pkg/apis/policy/zz_generated.deepcopy.go

@@ -99,7 +99,7 @@ func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions) {
 	*out = *in
 	if in.Ranges != nil {
 		in, out := &in.Ranges, &out.Ranges
-		*out = make([]GroupIDRange, len(*in))
+		*out = make([]IDRange, len(*in))
 		copy(*out, *in)
 	}
 	return
@@ -115,22 +115,6 @@ func (in *FSGroupStrategyOptions) DeepCopy() *FSGroupStrategyOptions {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *GroupIDRange) DeepCopyInto(out *GroupIDRange) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupIDRange.
-func (in *GroupIDRange) DeepCopy() *GroupIDRange {
-	if in == nil {
-		return nil
-	}
-	out := new(GroupIDRange)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HostPortRange) DeepCopyInto(out *HostPortRange) {
 	*out = *in
@@ -147,6 +131,22 @@ func (in *HostPortRange) DeepCopy() *HostPortRange {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *IDRange) DeepCopyInto(out *IDRange) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDRange.
+func (in *IDRange) DeepCopy() *IDRange {
+	if in == nil {
+		return nil
+	}
+	out := new(IDRange)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *PodDisruptionBudget) DeepCopyInto(out *PodDisruptionBudget) {
 	*out = *in
@@ -403,7 +403,7 @@ func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions)
 	*out = *in
 	if in.Ranges != nil {
 		in, out := &in.Ranges, &out.Ranges
-		*out = make([]UserIDRange, len(*in))
+		*out = make([]IDRange, len(*in))
 		copy(*out, *in)
 	}
 	return
@@ -449,7 +449,7 @@ func (in *SupplementalGroupsStrategyOptions) DeepCopyInto(out *SupplementalGroup
 	*out = *in
 	if in.Ranges != nil {
 		in, out := &in.Ranges, &out.Ranges
-		*out = make([]GroupIDRange, len(*in))
+		*out = make([]IDRange, len(*in))
 		copy(*out, *in)
 	}
 	return
@@ -464,19 +464,3 @@ func (in *SupplementalGroupsStrategyOptions) DeepCopy() *SupplementalGroupsStrat
 	in.DeepCopyInto(out)
 	return out
 }
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *UserIDRange) DeepCopyInto(out *UserIDRange) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserIDRange.
-func (in *UserIDRange) DeepCopy() *UserIDRange {
-	if in == nil {
-		return nil
-	}
-	out := new(UserIDRange)
-	in.DeepCopyInto(out)
-	return out
-}

pkg/printers/internalversion/describe.go

@@ -3535,13 +3535,13 @@ func describePodSecurityPolicy(psp *policy.PodSecurityPolicy) (string, error) {
 		w.Write(LEVEL_2, "Level:\t%s\n", stringOrNone(level))
 
 		w.Write(LEVEL_1, "Run As User Strategy: %s\t\n", string(psp.Spec.RunAsUser.Rule))
-		w.Write(LEVEL_2, "Ranges:\t%s\n", userIDRangeToString(psp.Spec.RunAsUser.Ranges))
+		w.Write(LEVEL_2, "Ranges:\t%s\n", idRangeToString(psp.Spec.RunAsUser.Ranges))
 
 		w.Write(LEVEL_1, "FSGroup Strategy: %s\t\n", string(psp.Spec.FSGroup.Rule))
-		w.Write(LEVEL_2, "Ranges:\t%s\n", groupIDRangeToString(psp.Spec.FSGroup.Ranges))
+		w.Write(LEVEL_2, "Ranges:\t%s\n", idRangeToString(psp.Spec.FSGroup.Ranges))
 
 		w.Write(LEVEL_1, "Supplemental Groups Strategy: %s\t\n", string(psp.Spec.SupplementalGroups.Rule))
-		w.Write(LEVEL_2, "Ranges:\t%s\n", groupIDRangeToString(psp.Spec.SupplementalGroups.Ranges))
+		w.Write(LEVEL_2, "Ranges:\t%s\n", idRangeToString(psp.Spec.SupplementalGroups.Ranges))
 
 		return nil
 	})
@@ -3586,19 +3586,7 @@ func hostPortRangeToString(ranges []policy.HostPortRange) string {
 	return stringOrNone(formattedString)
 }
 
-func userIDRangeToString(ranges []policy.UserIDRange) string {
-	formattedString := ""
-	if ranges != nil {
-		strRanges := []string{}
-		for _, r := range ranges {
-			strRanges = append(strRanges, fmt.Sprintf("%d-%d", r.Min, r.Max))
-		}
-		formattedString = strings.Join(strRanges, ",")
-	}
-	return stringOrNone(formattedString)
-}
-
-func groupIDRangeToString(ranges []policy.GroupIDRange) string {
+func idRangeToString(ranges []policy.IDRange) string {
 	formattedString := ""
 	if ranges != nil {
 		strRanges := []string{}

pkg/security/podsecuritypolicy/group/mustrunas.go

@@ -27,14 +27,14 @@ import (
 
 // mustRunAs implements the GroupStrategy interface
 type mustRunAs struct {
-	ranges []policy.GroupIDRange
+	ranges []policy.IDRange
 	field  string
 }
 
 var _ GroupStrategy = &mustRunAs{}
 
 // NewMustRunAs provides a new MustRunAs strategy based on ranges.
-func NewMustRunAs(ranges []policy.GroupIDRange, field string) (GroupStrategy, error) {
+func NewMustRunAs(ranges []policy.IDRange, field string) (GroupStrategy, error) {
 	if len(ranges) == 0 {
 		return nil, fmt.Errorf("ranges must be supplied for MustRunAs")
 	}

pkg/security/podsecuritypolicy/group/mustrunas_test.go

@@ -25,14 +25,14 @@ import (
 
 func TestMustRunAsOptions(t *testing.T) {
 	tests := map[string]struct {
-		ranges []policy.GroupIDRange
+		ranges []policy.IDRange
 		pass   bool
 	}{
 		"empty": {
-			ranges: []policy.GroupIDRange{},
+			ranges: []policy.IDRange{},
 		},
 		"ranges": {
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 1},
 			},
 			pass: true,
@@ -52,23 +52,23 @@ func TestMustRunAsOptions(t *testing.T) {
 
 func TestGenerate(t *testing.T) {
 	tests := map[string]struct {
-		ranges   []policy.GroupIDRange
+		ranges   []policy.IDRange
 		expected []int64
 	}{
 		"multi value": {
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 2},
 			},
 			expected: []int64{1},
 		},
 		"single value": {
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 1},
 			},
 			expected: []int64{1},
 		},
 		"multi range": {
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 1},
 				{Min: 2, Max: 500},
 			},
@@ -110,25 +110,25 @@ func TestGenerate(t *testing.T) {
 
 func TestValidate(t *testing.T) {
 	tests := map[string]struct {
-		ranges        []policy.GroupIDRange
+		ranges        []policy.IDRange
 		groups        []int64
 		expectedError string
 	}{
 		"nil security context": {
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 3},
 			},
 			expectedError: "unable to validate empty groups against required ranges",
 		},
 		"empty groups": {
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 3},
 			},
 			expectedError: "unable to validate empty groups against required ranges",
 		},
 		"not in range": {
 			groups: []int64{5},
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 3},
 				{Min: 4, Max: 4},
 			},
@@ -136,25 +136,25 @@ func TestValidate(t *testing.T) {
 		},
 		"in range 1": {
 			groups: []int64{2},
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 3},
 			},
 		},
 		"in range boundary min": {
 			groups: []int64{1},
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 3},
 			},
 		},
 		"in range boundary max": {
 			groups: []int64{3},
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 3},
 			},
 		},
 		"singular range": {
 			groups: []int64{4},
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 4, Max: 4},
 			},
 		},

pkg/security/podsecuritypolicy/provider_test.go

@@ -186,7 +186,7 @@ func TestValidatePodSecurityContextFailures(t *testing.T) {
 	failSupplementalGroupPSP := defaultPSP()
 	failSupplementalGroupPSP.Spec.SupplementalGroups = policy.SupplementalGroupsStrategyOptions{
 		Rule: policy.SupplementalGroupsStrategyMustRunAs,
-		Ranges: []policy.GroupIDRange{
+		Ranges: []policy.IDRange{
 			{Min: 1, Max: 1},
 		},
 	}
@@ -197,7 +197,7 @@ func TestValidatePodSecurityContextFailures(t *testing.T) {
 	failFSGroupPSP := defaultPSP()
 	failFSGroupPSP.Spec.FSGroup = policy.FSGroupStrategyOptions{
 		Rule: policy.FSGroupStrategyMustRunAs,
-		Ranges: []policy.GroupIDRange{
+		Ranges: []policy.IDRange{
 			{Min: 1, Max: 1},
 		},
 	}
@@ -409,7 +409,7 @@ func TestValidateContainerSecurityContextFailures(t *testing.T) {
 	badUID := int64(1)
 	failUserPSP.Spec.RunAsUser = policy.RunAsUserStrategyOptions{
 		Rule:   policy.RunAsUserStrategyMustRunAs,
-		Ranges: []policy.UserIDRange{{Min: uid, Max: uid}},
+		Ranges: []policy.IDRange{{Min: uid, Max: uid}},
 	}
 	failUserPod := defaultPod()
 	failUserPod.Spec.Containers[0].SecurityContext.RunAsUser = &badUID
@@ -564,7 +564,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) {
 	supGroupPSP := defaultPSP()
 	supGroupPSP.Spec.SupplementalGroups = policy.SupplementalGroupsStrategyOptions{
 		Rule: policy.SupplementalGroupsStrategyMustRunAs,
-		Ranges: []policy.GroupIDRange{
+		Ranges: []policy.IDRange{
 			{Min: 1, Max: 5},
 		},
 	}
@@ -574,7 +574,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) {
 	fsGroupPSP := defaultPSP()
 	fsGroupPSP.Spec.FSGroup = policy.FSGroupStrategyOptions{
 		Rule: policy.FSGroupStrategyMustRunAs,
-		Ranges: []policy.GroupIDRange{
+		Ranges: []policy.IDRange{
 			{Min: 1, Max: 5},
 		},
 	}
@@ -746,7 +746,7 @@ func TestValidateContainerSecurityContextSuccess(t *testing.T) {
 	uid := int64(999)
 	userPSP.Spec.RunAsUser = policy.RunAsUserStrategyOptions{
 		Rule:   policy.RunAsUserStrategyMustRunAs,
-		Ranges: []policy.UserIDRange{{Min: uid, Max: uid}},
+		Ranges: []policy.IDRange{{Min: uid, Max: uid}},
 	}
 	userPod := defaultPod()
 	userPod.Spec.Containers[0].SecurityContext.RunAsUser = &uid

pkg/security/podsecuritypolicy/user/mustrunas_test.go

@@ -38,7 +38,7 @@ func TestNewMustRunAs(t *testing.T) {
 		},
 		"valid opts": {
 			opts: &policy.RunAsUserStrategyOptions{
-				Ranges: []policy.UserIDRange{
+				Ranges: []policy.IDRange{
 					{Min: 1, Max: 1},
 				},
 			},
@@ -58,7 +58,7 @@ func TestNewMustRunAs(t *testing.T) {
 
 func TestGenerate(t *testing.T) {
 	opts := &policy.RunAsUserStrategyOptions{
-		Ranges: []policy.UserIDRange{
+		Ranges: []policy.IDRange{
 			{Min: 1, Max: 1},
 		},
 	}
@@ -77,7 +77,7 @@ func TestGenerate(t *testing.T) {
 
 func TestValidate(t *testing.T) {
 	opts := &policy.RunAsUserStrategyOptions{
-		Ranges: []policy.UserIDRange{
+		Ranges: []policy.IDRange{
 			{Min: 1, Max: 1},
 			{Min: 10, Max: 20},
 		},

pkg/security/podsecuritypolicy/util/util.go

@@ -164,12 +164,12 @@ func PSPAllowsFSType(psp *policy.PodSecurityPolicy, fsType policy.FSType) bool {
 }
 
 // UserFallsInRange is a utility to determine it the id falls in the valid range.
-func UserFallsInRange(id int64, rng policy.UserIDRange) bool {
+func UserFallsInRange(id int64, rng policy.IDRange) bool {
 	return id >= rng.Min && id <= rng.Max
 }
 
 // GroupFallsInRange is a utility to determine it the id falls in the valid range.
-func GroupFallsInRange(id int64, rng policy.GroupIDRange) bool {
+func GroupFallsInRange(id int64, rng policy.IDRange) bool {
 	return id >= rng.Min && id <= rng.Max
 }
 

plugin/pkg/admission/security/podsecuritypolicy/admission_test.go

@@ -324,11 +324,11 @@ func defaultPod(t *testing.T, pod *kapi.Pod) *kapi.Pod {
 func TestAdmitPreferNonmutating(t *testing.T) {
 	mutating1 := restrictivePSP()
 	mutating1.Name = "mutating1"
-	mutating1.Spec.RunAsUser.Ranges = []policy.UserIDRange{{Min: int64(1), Max: int64(1)}}
+	mutating1.Spec.RunAsUser.Ranges = []policy.IDRange{{Min: int64(1), Max: int64(1)}}
 
 	mutating2 := restrictivePSP()
 	mutating2.Name = "mutating2"
-	mutating2.Spec.RunAsUser.Ranges = []policy.UserIDRange{{Min: int64(2), Max: int64(2)}}
+	mutating2.Spec.RunAsUser.Ranges = []policy.IDRange{{Min: int64(2), Max: int64(2)}}
 
 	privilegedPSP := permissivePSP()
 	privilegedPSP.Name = "privileged"
@@ -1194,7 +1194,7 @@ func TestAdmitRunAsUser(t *testing.T) {
 	mustRunAs := permissivePSP()
 	mustRunAs.Name = "mustRunAs"
 	mustRunAs.Spec.RunAsUser.Rule = policy.RunAsUserStrategyMustRunAs
-	mustRunAs.Spec.RunAsUser.Ranges = []policy.UserIDRange{
+	mustRunAs.Spec.RunAsUser.Ranges = []policy.IDRange{
 		{Min: int64(999), Max: int64(1000)},
 	}
 
@@ -1357,7 +1357,7 @@ func TestAdmitSupplementalGroups(t *testing.T) {
 	mustRunAs := permissivePSP()
 	mustRunAs.Name = "mustRunAs"
 	mustRunAs.Spec.SupplementalGroups.Rule = policy.SupplementalGroupsStrategyMustRunAs
-	mustRunAs.Spec.SupplementalGroups.Ranges = []policy.GroupIDRange{{Min: int64(999), Max: int64(1000)}}
+	mustRunAs.Spec.SupplementalGroups.Ranges = []policy.IDRange{{Min: int64(999), Max: int64(1000)}}
 
 	tests := map[string]struct {
 		pod                *kapi.Pod
@@ -2354,7 +2354,7 @@ func restrictivePSP() *policy.PodSecurityPolicy {
 		Spec: policy.PodSecurityPolicySpec{
 			RunAsUser: policy.RunAsUserStrategyOptions{
 				Rule: policy.RunAsUserStrategyMustRunAs,
-				Ranges: []policy.UserIDRange{
+				Ranges: []policy.IDRange{
 					{Min: int64(999), Max: int64(999)},
 				},
 			},
@@ -2366,13 +2366,13 @@ func restrictivePSP() *policy.PodSecurityPolicy {
 			},
 			FSGroup: policy.FSGroupStrategyOptions{
 				Rule: policy.FSGroupStrategyMustRunAs,
-				Ranges: []policy.GroupIDRange{
+				Ranges: []policy.IDRange{
 					{Min: int64(999), Max: int64(999)},
 				},
 			},
 			SupplementalGroups: policy.SupplementalGroupsStrategyOptions{
 				Rule: policy.SupplementalGroupsStrategyMustRunAs,
-				Ranges: []policy.GroupIDRange{
+				Ranges: []policy.IDRange{
 					{Min: int64(999), Max: int64(999)},
 				},
 			},