diff --git a/pkg/apis/policy/validation/validation.go b/pkg/apis/policy/validation/validation.go index 8936379c93e..03632c2b3e5 100644 --- a/pkg/apis/policy/validation/validation.go +++ b/pkg/apis/policy/validation/validation.go @@ -92,23 +92,19 @@ func ValidatePodDisruptionBudgetStatusUpdate(status, oldStatus policy.PodDisrupt // trailing dashes are allowed. var ValidatePodSecurityPolicyName = apimachineryvalidation.NameIsDNSSubdomain -// PodSecurityPolicyValidationOptions contains additional parameters for ValidatePodSecurityPolicy. -type PodSecurityPolicyValidationOptions struct { -} - // ValidatePodSecurityPolicy validates a PodSecurityPolicy and returns an ErrorList // with any errors. -func ValidatePodSecurityPolicy(psp *policy.PodSecurityPolicy, opts PodSecurityPolicyValidationOptions) field.ErrorList { +func ValidatePodSecurityPolicy(psp *policy.PodSecurityPolicy) field.ErrorList { allErrs := field.ErrorList{} allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&psp.ObjectMeta, false, ValidatePodSecurityPolicyName, field.NewPath("metadata"))...) allErrs = append(allErrs, ValidatePodSecurityPolicySpecificAnnotations(psp.Annotations, field.NewPath("metadata").Child("annotations"))...) - allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&psp.Spec, opts, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&psp.Spec, field.NewPath("spec"))...) return allErrs } // ValidatePodSecurityPolicySpec validates a PodSecurityPolicySpec and returns an ErrorList // with any errors. -func ValidatePodSecurityPolicySpec(spec *policy.PodSecurityPolicySpec, opts PodSecurityPolicyValidationOptions, fldPath *field.Path) field.ErrorList { +func ValidatePodSecurityPolicySpec(spec *policy.PodSecurityPolicySpec, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} allErrs = append(allErrs, validatePSPRunAsUser(fldPath.Child("runAsUser"), &spec.RunAsUser)...) @@ -116,7 +112,7 @@ func ValidatePodSecurityPolicySpec(spec *policy.PodSecurityPolicySpec, opts PodS allErrs = append(allErrs, validatePSPSELinux(fldPath.Child("seLinux"), &spec.SELinux)...) allErrs = append(allErrs, validatePSPSupplementalGroup(fldPath.Child("supplementalGroups"), &spec.SupplementalGroups)...) allErrs = append(allErrs, validatePSPFSGroup(fldPath.Child("fsGroup"), &spec.FSGroup)...) - allErrs = append(allErrs, validatePodSecurityPolicyVolumes(opts, fldPath, spec.Volumes)...) + allErrs = append(allErrs, validatePodSecurityPolicyVolumes(fldPath, spec.Volumes)...) if len(spec.RequiredDropCapabilities) > 0 && hasCap(policy.AllowAllCapabilities, spec.AllowedCapabilities) { allErrs = append(allErrs, field.Invalid(field.NewPath("requiredDropCapabilities"), spec.RequiredDropCapabilities, "must be empty when all capabilities are allowed by a wildcard")) @@ -324,7 +320,7 @@ func validatePSPSupplementalGroup(fldPath *field.Path, groupOptions *policy.Supp } // validatePodSecurityPolicyVolumes validates the volume fields of PodSecurityPolicy. -func validatePodSecurityPolicyVolumes(opts PodSecurityPolicyValidationOptions, fldPath *field.Path, volumes []policy.FSType) field.ErrorList { +func validatePodSecurityPolicyVolumes(fldPath *field.Path, volumes []policy.FSType) field.ErrorList { allErrs := field.ErrorList{} allowed := psputil.GetAllFSTypesAsSet() // add in the * value since that is a pseudo type that is not included by default @@ -523,11 +519,11 @@ func validateRuntimeClassStrategy(fldPath *field.Path, rc *policy.RuntimeClassSt } // ValidatePodSecurityPolicyUpdate validates a PSP for updates. -func ValidatePodSecurityPolicyUpdate(old *policy.PodSecurityPolicy, new *policy.PodSecurityPolicy, opts PodSecurityPolicyValidationOptions) field.ErrorList { +func ValidatePodSecurityPolicyUpdate(old *policy.PodSecurityPolicy, new *policy.PodSecurityPolicy) field.ErrorList { allErrs := field.ErrorList{} allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) allErrs = append(allErrs, ValidatePodSecurityPolicySpecificAnnotations(new.Annotations, field.NewPath("metadata").Child("annotations"))...) - allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&new.Spec, opts, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&new.Spec, field.NewPath("spec"))...) return allErrs } diff --git a/pkg/apis/policy/validation/validation_test.go b/pkg/apis/policy/validation/validation_test.go index c400e0ca766..e90f1ad8034 100644 --- a/pkg/apis/policy/validation/validation_test.go +++ b/pkg/apis/policy/validation/validation_test.go @@ -590,7 +590,7 @@ func TestValidatePodSecurityPolicy(t *testing.T) { } for k, v := range errorCases { - errs := ValidatePodSecurityPolicy(v.psp, PodSecurityPolicyValidationOptions{}) + errs := ValidatePodSecurityPolicy(v.psp) if len(errs) == 0 { t.Errorf("%s expected errors but got none", k) continue @@ -613,7 +613,7 @@ func TestValidatePodSecurityPolicy(t *testing.T) { // Should not be able to update to an invalid policy. for k, v := range errorCases { v.psp.ResourceVersion = "444" // Required for updates. - errs := ValidatePodSecurityPolicyUpdate(validPSP(), v.psp, PodSecurityPolicyValidationOptions{}) + errs := ValidatePodSecurityPolicyUpdate(validPSP(), v.psp) if len(errs) == 0 { t.Errorf("[%s] expected update errors but got none", k) continue @@ -743,13 +743,13 @@ func TestValidatePodSecurityPolicy(t *testing.T) { } for k, v := range successCases { - if errs := ValidatePodSecurityPolicy(v.psp, PodSecurityPolicyValidationOptions{}); len(errs) != 0 { + if errs := ValidatePodSecurityPolicy(v.psp); len(errs) != 0 { t.Errorf("Expected success for %s, got %v", k, errs) } // Should be able to update to a valid PSP. v.psp.ResourceVersion = "444" // Required for updates. - if errs := ValidatePodSecurityPolicyUpdate(validPSP(), v.psp, PodSecurityPolicyValidationOptions{}); len(errs) != 0 { + if errs := ValidatePodSecurityPolicyUpdate(validPSP(), v.psp); len(errs) != 0 { t.Errorf("Expected success for %s update, got %v", k, errs) } } @@ -786,7 +786,7 @@ func TestValidatePSPVolumes(t *testing.T) { for _, strVolume := range volumes.List() { psp := validPSP() psp.Spec.Volumes = []policy.FSType{policy.FSType(strVolume)} - errs := ValidatePodSecurityPolicy(psp, PodSecurityPolicyValidationOptions{}) + errs := ValidatePodSecurityPolicy(psp) if len(errs) != 0 { t.Errorf("%s validation expected no errors but received %v", strVolume, errs) } @@ -1127,12 +1127,11 @@ func TestAllowEphemeralVolumeType(t *testing.T) { } t.Run(fmt.Sprintf("old PodSecurityPolicySpec %v, new PodSecurityPolicySpec %v", oldPSPInfo.description, newPSPInfo.description), func(t *testing.T) { - opts := PodSecurityPolicyValidationOptions{} var errs field.ErrorList if oldPSP == nil { - errs = ValidatePodSecurityPolicy(newPSP, opts) + errs = ValidatePodSecurityPolicy(newPSP) } else { - errs = ValidatePodSecurityPolicyUpdate(oldPSP, newPSP, opts) + errs = ValidatePodSecurityPolicyUpdate(oldPSP, newPSP) } if len(errs) > 0 { t.Errorf("expected no errors, got: %v", errs) diff --git a/pkg/registry/policy/podsecuritypolicy/strategy.go b/pkg/registry/policy/podsecuritypolicy/strategy.go index 1f5472290fb..3654ebd8f8b 100644 --- a/pkg/registry/policy/podsecuritypolicy/strategy.go +++ b/pkg/registry/policy/podsecuritypolicy/strategy.go @@ -72,16 +72,14 @@ func (strategy) Canonicalize(obj runtime.Object) { } func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - opts := validation.PodSecurityPolicyValidationOptions{} - return validation.ValidatePodSecurityPolicy(obj.(*policy.PodSecurityPolicy), opts) + return validation.ValidatePodSecurityPolicy(obj.(*policy.PodSecurityPolicy)) } // WarningsOnCreate returns warnings for the creation of the given object. func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - opts := validation.PodSecurityPolicyValidationOptions{} - return validation.ValidatePodSecurityPolicyUpdate(old.(*policy.PodSecurityPolicy), obj.(*policy.PodSecurityPolicy), opts) + return validation.ValidatePodSecurityPolicyUpdate(old.(*policy.PodSecurityPolicy), obj.(*policy.PodSecurityPolicy)) } // WarningsOnUpdate returns warnings for the given update.