From d55f7c85ef6f63ee646a4e855fad56a1c54be3be Mon Sep 17 00:00:00 2001 From: Patrick Ohly Date: Thu, 28 Oct 2021 17:25:07 +0200 Subject: [PATCH] psp: remove unused PodSecurityPolicyValidationOptions Since the only member of that struct is gone, the struct itself can also be removed. If for whatever reason the struct is needed again, then this commit can be reverted to bring it back. --- pkg/apis/policy/validation/validation.go | 18 +++++++----------- pkg/apis/policy/validation/validation_test.go | 15 +++++++-------- .../policy/podsecuritypolicy/strategy.go | 6 ++---- 3 files changed, 16 insertions(+), 23 deletions(-) diff --git a/pkg/apis/policy/validation/validation.go b/pkg/apis/policy/validation/validation.go index 8936379c93e..03632c2b3e5 100644 --- a/pkg/apis/policy/validation/validation.go +++ b/pkg/apis/policy/validation/validation.go @@ -92,23 +92,19 @@ func ValidatePodDisruptionBudgetStatusUpdate(status, oldStatus policy.PodDisrupt // trailing dashes are allowed. var ValidatePodSecurityPolicyName = apimachineryvalidation.NameIsDNSSubdomain -// PodSecurityPolicyValidationOptions contains additional parameters for ValidatePodSecurityPolicy. -type PodSecurityPolicyValidationOptions struct { -} - // ValidatePodSecurityPolicy validates a PodSecurityPolicy and returns an ErrorList // with any errors. -func ValidatePodSecurityPolicy(psp *policy.PodSecurityPolicy, opts PodSecurityPolicyValidationOptions) field.ErrorList { +func ValidatePodSecurityPolicy(psp *policy.PodSecurityPolicy) field.ErrorList { allErrs := field.ErrorList{} allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&psp.ObjectMeta, false, ValidatePodSecurityPolicyName, field.NewPath("metadata"))...) allErrs = append(allErrs, ValidatePodSecurityPolicySpecificAnnotations(psp.Annotations, field.NewPath("metadata").Child("annotations"))...) - allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&psp.Spec, opts, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&psp.Spec, field.NewPath("spec"))...) return allErrs } // ValidatePodSecurityPolicySpec validates a PodSecurityPolicySpec and returns an ErrorList // with any errors. -func ValidatePodSecurityPolicySpec(spec *policy.PodSecurityPolicySpec, opts PodSecurityPolicyValidationOptions, fldPath *field.Path) field.ErrorList { +func ValidatePodSecurityPolicySpec(spec *policy.PodSecurityPolicySpec, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} allErrs = append(allErrs, validatePSPRunAsUser(fldPath.Child("runAsUser"), &spec.RunAsUser)...) @@ -116,7 +112,7 @@ func ValidatePodSecurityPolicySpec(spec *policy.PodSecurityPolicySpec, opts PodS allErrs = append(allErrs, validatePSPSELinux(fldPath.Child("seLinux"), &spec.SELinux)...) allErrs = append(allErrs, validatePSPSupplementalGroup(fldPath.Child("supplementalGroups"), &spec.SupplementalGroups)...) allErrs = append(allErrs, validatePSPFSGroup(fldPath.Child("fsGroup"), &spec.FSGroup)...) - allErrs = append(allErrs, validatePodSecurityPolicyVolumes(opts, fldPath, spec.Volumes)...) + allErrs = append(allErrs, validatePodSecurityPolicyVolumes(fldPath, spec.Volumes)...) if len(spec.RequiredDropCapabilities) > 0 && hasCap(policy.AllowAllCapabilities, spec.AllowedCapabilities) { allErrs = append(allErrs, field.Invalid(field.NewPath("requiredDropCapabilities"), spec.RequiredDropCapabilities, "must be empty when all capabilities are allowed by a wildcard")) @@ -324,7 +320,7 @@ func validatePSPSupplementalGroup(fldPath *field.Path, groupOptions *policy.Supp } // validatePodSecurityPolicyVolumes validates the volume fields of PodSecurityPolicy. -func validatePodSecurityPolicyVolumes(opts PodSecurityPolicyValidationOptions, fldPath *field.Path, volumes []policy.FSType) field.ErrorList { +func validatePodSecurityPolicyVolumes(fldPath *field.Path, volumes []policy.FSType) field.ErrorList { allErrs := field.ErrorList{} allowed := psputil.GetAllFSTypesAsSet() // add in the * value since that is a pseudo type that is not included by default @@ -523,11 +519,11 @@ func validateRuntimeClassStrategy(fldPath *field.Path, rc *policy.RuntimeClassSt } // ValidatePodSecurityPolicyUpdate validates a PSP for updates. -func ValidatePodSecurityPolicyUpdate(old *policy.PodSecurityPolicy, new *policy.PodSecurityPolicy, opts PodSecurityPolicyValidationOptions) field.ErrorList { +func ValidatePodSecurityPolicyUpdate(old *policy.PodSecurityPolicy, new *policy.PodSecurityPolicy) field.ErrorList { allErrs := field.ErrorList{} allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) allErrs = append(allErrs, ValidatePodSecurityPolicySpecificAnnotations(new.Annotations, field.NewPath("metadata").Child("annotations"))...) - allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&new.Spec, opts, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&new.Spec, field.NewPath("spec"))...) return allErrs } diff --git a/pkg/apis/policy/validation/validation_test.go b/pkg/apis/policy/validation/validation_test.go index c400e0ca766..e90f1ad8034 100644 --- a/pkg/apis/policy/validation/validation_test.go +++ b/pkg/apis/policy/validation/validation_test.go @@ -590,7 +590,7 @@ func TestValidatePodSecurityPolicy(t *testing.T) { } for k, v := range errorCases { - errs := ValidatePodSecurityPolicy(v.psp, PodSecurityPolicyValidationOptions{}) + errs := ValidatePodSecurityPolicy(v.psp) if len(errs) == 0 { t.Errorf("%s expected errors but got none", k) continue @@ -613,7 +613,7 @@ func TestValidatePodSecurityPolicy(t *testing.T) { // Should not be able to update to an invalid policy. for k, v := range errorCases { v.psp.ResourceVersion = "444" // Required for updates. - errs := ValidatePodSecurityPolicyUpdate(validPSP(), v.psp, PodSecurityPolicyValidationOptions{}) + errs := ValidatePodSecurityPolicyUpdate(validPSP(), v.psp) if len(errs) == 0 { t.Errorf("[%s] expected update errors but got none", k) continue @@ -743,13 +743,13 @@ func TestValidatePodSecurityPolicy(t *testing.T) { } for k, v := range successCases { - if errs := ValidatePodSecurityPolicy(v.psp, PodSecurityPolicyValidationOptions{}); len(errs) != 0 { + if errs := ValidatePodSecurityPolicy(v.psp); len(errs) != 0 { t.Errorf("Expected success for %s, got %v", k, errs) } // Should be able to update to a valid PSP. v.psp.ResourceVersion = "444" // Required for updates. - if errs := ValidatePodSecurityPolicyUpdate(validPSP(), v.psp, PodSecurityPolicyValidationOptions{}); len(errs) != 0 { + if errs := ValidatePodSecurityPolicyUpdate(validPSP(), v.psp); len(errs) != 0 { t.Errorf("Expected success for %s update, got %v", k, errs) } } @@ -786,7 +786,7 @@ func TestValidatePSPVolumes(t *testing.T) { for _, strVolume := range volumes.List() { psp := validPSP() psp.Spec.Volumes = []policy.FSType{policy.FSType(strVolume)} - errs := ValidatePodSecurityPolicy(psp, PodSecurityPolicyValidationOptions{}) + errs := ValidatePodSecurityPolicy(psp) if len(errs) != 0 { t.Errorf("%s validation expected no errors but received %v", strVolume, errs) } @@ -1127,12 +1127,11 @@ func TestAllowEphemeralVolumeType(t *testing.T) { } t.Run(fmt.Sprintf("old PodSecurityPolicySpec %v, new PodSecurityPolicySpec %v", oldPSPInfo.description, newPSPInfo.description), func(t *testing.T) { - opts := PodSecurityPolicyValidationOptions{} var errs field.ErrorList if oldPSP == nil { - errs = ValidatePodSecurityPolicy(newPSP, opts) + errs = ValidatePodSecurityPolicy(newPSP) } else { - errs = ValidatePodSecurityPolicyUpdate(oldPSP, newPSP, opts) + errs = ValidatePodSecurityPolicyUpdate(oldPSP, newPSP) } if len(errs) > 0 { t.Errorf("expected no errors, got: %v", errs) diff --git a/pkg/registry/policy/podsecuritypolicy/strategy.go b/pkg/registry/policy/podsecuritypolicy/strategy.go index 1f5472290fb..3654ebd8f8b 100644 --- a/pkg/registry/policy/podsecuritypolicy/strategy.go +++ b/pkg/registry/policy/podsecuritypolicy/strategy.go @@ -72,16 +72,14 @@ func (strategy) Canonicalize(obj runtime.Object) { } func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - opts := validation.PodSecurityPolicyValidationOptions{} - return validation.ValidatePodSecurityPolicy(obj.(*policy.PodSecurityPolicy), opts) + return validation.ValidatePodSecurityPolicy(obj.(*policy.PodSecurityPolicy)) } // WarningsOnCreate returns warnings for the creation of the given object. func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - opts := validation.PodSecurityPolicyValidationOptions{} - return validation.ValidatePodSecurityPolicyUpdate(old.(*policy.PodSecurityPolicy), obj.(*policy.PodSecurityPolicy), opts) + return validation.ValidatePodSecurityPolicyUpdate(old.(*policy.PodSecurityPolicy), obj.(*policy.PodSecurityPolicy)) } // WarningsOnUpdate returns warnings for the given update.