From ad4e4c90ce4e8d78dc6990a761dc047f98edaad7 Mon Sep 17 00:00:00 2001 From: Paul Weil Date: Mon, 18 May 2015 11:37:03 -0400 Subject: [PATCH] remove deprecated fields from v1 types --- pkg/api/v1/conversion.go | 194 +----------------- pkg/api/v1/conversion_generated.go | 312 +++++++++++++++++++++++------ pkg/api/v1/conversion_test.go | 59 ------ pkg/api/v1/defaults.go | 44 ---- pkg/api/v1/defaults_test.go | 101 ---------- pkg/api/v1/types.go | 4 - 6 files changed, 251 insertions(+), 463 deletions(-) diff --git a/pkg/api/v1/conversion.go b/pkg/api/v1/conversion.go index 673d93a650d..4a8f57e0bf1 100644 --- a/pkg/api/v1/conversion.go +++ b/pkg/api/v1/conversion.go @@ -18,17 +18,12 @@ package v1 import ( "fmt" - "reflect" newer "github.com/GoogleCloudPlatform/kubernetes/pkg/api" - "github.com/GoogleCloudPlatform/kubernetes/pkg/conversion" ) func addConversionFuncs() { - err := newer.Scheme.AddConversionFuncs( - convert_v1_Container_To_api_Container, - convert_api_Container_To_v1_Container, - ) + err := newer.Scheme.AddConversionFuncs() if err != nil { // If one of the conversion functions is malformed, detect it immediately. panic(err) @@ -115,190 +110,3 @@ func addConversionFuncs() { panic(err) } } - -func convert_v1_Container_To_api_Container(in *Container, out *newer.Container, s conversion.Scope) error { - if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { - defaulting.(func(*Container))(in) - } - out.Name = in.Name - out.Image = in.Image - if in.Command != nil { - out.Command = make([]string, len(in.Command)) - for i := range in.Command { - out.Command[i] = in.Command[i] - } - } - if in.Args != nil { - out.Args = make([]string, len(in.Args)) - for i := range in.Args { - out.Args[i] = in.Args[i] - } - } - out.WorkingDir = in.WorkingDir - if in.Ports != nil { - out.Ports = make([]newer.ContainerPort, len(in.Ports)) - for i := range in.Ports { - if err := convert_v1_ContainerPort_To_api_ContainerPort(&in.Ports[i], &out.Ports[i], s); err != nil { - return err - } - } - } - if in.Env != nil { - out.Env = make([]newer.EnvVar, len(in.Env)) - for i := range in.Env { - if err := convert_v1_EnvVar_To_api_EnvVar(&in.Env[i], &out.Env[i], s); err != nil { - return err - } - } - } - if err := s.Convert(&in.Resources, &out.Resources, 0); err != nil { - return err - } - if in.VolumeMounts != nil { - out.VolumeMounts = make([]newer.VolumeMount, len(in.VolumeMounts)) - for i := range in.VolumeMounts { - if err := convert_v1_VolumeMount_To_api_VolumeMount(&in.VolumeMounts[i], &out.VolumeMounts[i], s); err != nil { - return err - } - } - } - if in.LivenessProbe != nil { - out.LivenessProbe = new(newer.Probe) - if err := convert_v1_Probe_To_api_Probe(in.LivenessProbe, out.LivenessProbe, s); err != nil { - return err - } - } else { - out.LivenessProbe = nil - } - if in.ReadinessProbe != nil { - out.ReadinessProbe = new(newer.Probe) - if err := convert_v1_Probe_To_api_Probe(in.ReadinessProbe, out.ReadinessProbe, s); err != nil { - return err - } - } else { - out.ReadinessProbe = nil - } - if in.Lifecycle != nil { - out.Lifecycle = new(newer.Lifecycle) - if err := convert_v1_Lifecycle_To_api_Lifecycle(in.Lifecycle, out.Lifecycle, s); err != nil { - return err - } - } else { - out.Lifecycle = nil - } - out.TerminationMessagePath = in.TerminationMessagePath - out.ImagePullPolicy = newer.PullPolicy(in.ImagePullPolicy) - if in.SecurityContext != nil { - if in.SecurityContext.Capabilities != nil { - if !reflect.DeepEqual(in.SecurityContext.Capabilities.Add, in.Capabilities.Add) || - !reflect.DeepEqual(in.SecurityContext.Capabilities.Drop, in.Capabilities.Drop) { - return fmt.Errorf("container capability settings do not match security context settings, cannot convert") - } - } - if in.SecurityContext.Privileged != nil { - if in.Privileged != *in.SecurityContext.Privileged { - return fmt.Errorf("container privileged settings do not match security context settings, cannot convert") - } - } - } - if in.SecurityContext != nil { - out.SecurityContext = new(newer.SecurityContext) - if err := convert_v1_SecurityContext_To_api_SecurityContext(in.SecurityContext, out.SecurityContext, s); err != nil { - return err - } - } else { - out.SecurityContext = nil - } - return nil -} - -func convert_api_Container_To_v1_Container(in *newer.Container, out *Container, s conversion.Scope) error { - if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { - defaulting.(func(*newer.Container))(in) - } - out.Name = in.Name - out.Image = in.Image - if in.Command != nil { - out.Command = make([]string, len(in.Command)) - for i := range in.Command { - out.Command[i] = in.Command[i] - } - } - if in.Args != nil { - out.Args = make([]string, len(in.Args)) - for i := range in.Args { - out.Args[i] = in.Args[i] - } - } - out.WorkingDir = in.WorkingDir - if in.Ports != nil { - out.Ports = make([]ContainerPort, len(in.Ports)) - for i := range in.Ports { - if err := convert_api_ContainerPort_To_v1_ContainerPort(&in.Ports[i], &out.Ports[i], s); err != nil { - return err - } - } - } - if in.Env != nil { - out.Env = make([]EnvVar, len(in.Env)) - for i := range in.Env { - if err := convert_api_EnvVar_To_v1_EnvVar(&in.Env[i], &out.Env[i], s); err != nil { - return err - } - } - } - if err := s.Convert(&in.Resources, &out.Resources, 0); err != nil { - return err - } - if in.VolumeMounts != nil { - out.VolumeMounts = make([]VolumeMount, len(in.VolumeMounts)) - for i := range in.VolumeMounts { - if err := convert_api_VolumeMount_To_v1_VolumeMount(&in.VolumeMounts[i], &out.VolumeMounts[i], s); err != nil { - return err - } - } - } - if in.LivenessProbe != nil { - out.LivenessProbe = new(Probe) - if err := convert_api_Probe_To_v1_Probe(in.LivenessProbe, out.LivenessProbe, s); err != nil { - return err - } - } else { - out.LivenessProbe = nil - } - if in.ReadinessProbe != nil { - out.ReadinessProbe = new(Probe) - if err := convert_api_Probe_To_v1_Probe(in.ReadinessProbe, out.ReadinessProbe, s); err != nil { - return err - } - } else { - out.ReadinessProbe = nil - } - if in.Lifecycle != nil { - out.Lifecycle = new(Lifecycle) - if err := convert_api_Lifecycle_To_v1_Lifecycle(in.Lifecycle, out.Lifecycle, s); err != nil { - return err - } - } else { - out.Lifecycle = nil - } - out.TerminationMessagePath = in.TerminationMessagePath - out.ImagePullPolicy = PullPolicy(in.ImagePullPolicy) - if in.SecurityContext != nil { - out.SecurityContext = new(SecurityContext) - if err := convert_api_SecurityContext_To_v1_SecurityContext(in.SecurityContext, out.SecurityContext, s); err != nil { - return err - } - } else { - out.SecurityContext = nil - } - // now that we've converted set the container field from security context - if out.SecurityContext != nil && out.SecurityContext.Privileged != nil { - out.Privileged = *out.SecurityContext.Privileged - } - // now that we've converted set the container field from security context - if out.SecurityContext != nil && out.SecurityContext.Capabilities != nil { - out.Capabilities = *out.SecurityContext.Capabilities - } - return nil -} diff --git a/pkg/api/v1/conversion_generated.go b/pkg/api/v1/conversion_generated.go index 6ee42f21dde..6257c752680 100644 --- a/pkg/api/v1/conversion_generated.go +++ b/pkg/api/v1/conversion_generated.go @@ -79,29 +79,6 @@ func convert_api_Binding_To_v1_Binding(in *newer.Binding, out *Binding, s conver return nil } -func convert_api_Capabilities_To_v1_Capabilities(in *newer.Capabilities, out *Capabilities, s conversion.Scope) error { - if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { - defaulting.(func(*newer.Capabilities))(in) - } - if in.Add != nil { - out.Add = make([]CapabilityType, len(in.Add)) - for i := range in.Add { - out.Add[i] = CapabilityType(in.Add[i]) - } - } else { - out.Add = nil - } - if in.Drop != nil { - out.Drop = make([]CapabilityType, len(in.Drop)) - for i := range in.Drop { - out.Drop[i] = CapabilityType(in.Drop[i]) - } - } else { - out.Drop = nil - } - return nil -} - func convert_v1_Capabilities_To_api_Capabilities(in *Capabilities, out *newer.Capabilities, s conversion.Scope) error { if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { defaulting.(func(*Capabilities))(in) @@ -125,6 +102,29 @@ func convert_v1_Capabilities_To_api_Capabilities(in *Capabilities, out *newer.Ca return nil } +func convert_api_Capabilities_To_v1_Capabilities(in *newer.Capabilities, out *Capabilities, s conversion.Scope) error { + if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { + defaulting.(func(*newer.Capabilities))(in) + } + if in.Add != nil { + out.Add = make([]CapabilityType, len(in.Add)) + for i := range in.Add { + out.Add[i] = CapabilityType(in.Add[i]) + } + } else { + out.Add = nil + } + if in.Drop != nil { + out.Drop = make([]CapabilityType, len(in.Drop)) + for i := range in.Drop { + out.Drop[i] = CapabilityType(in.Drop[i]) + } + } else { + out.Drop = nil + } + return nil +} + func convert_v1_ComponentCondition_To_api_ComponentCondition(in *ComponentCondition, out *newer.ComponentCondition, s conversion.Scope) error { if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { defaulting.(func(*ComponentCondition))(in) @@ -239,6 +239,192 @@ func convert_api_ComponentStatusList_To_v1_ComponentStatusList(in *newer.Compone return nil } +func convert_v1_Container_To_api_Container(in *Container, out *newer.Container, s conversion.Scope) error { + if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { + defaulting.(func(*Container))(in) + } + out.Name = in.Name + out.Image = in.Image + if in.Command != nil { + out.Command = make([]string, len(in.Command)) + for i := range in.Command { + out.Command[i] = in.Command[i] + } + } else { + out.Command = nil + } + if in.Args != nil { + out.Args = make([]string, len(in.Args)) + for i := range in.Args { + out.Args[i] = in.Args[i] + } + } else { + out.Args = nil + } + out.WorkingDir = in.WorkingDir + if in.Ports != nil { + out.Ports = make([]newer.ContainerPort, len(in.Ports)) + for i := range in.Ports { + if err := convert_v1_ContainerPort_To_api_ContainerPort(&in.Ports[i], &out.Ports[i], s); err != nil { + return err + } + } + } else { + out.Ports = nil + } + if in.Env != nil { + out.Env = make([]newer.EnvVar, len(in.Env)) + for i := range in.Env { + if err := convert_v1_EnvVar_To_api_EnvVar(&in.Env[i], &out.Env[i], s); err != nil { + return err + } + } + } else { + out.Env = nil + } + if err := convert_v1_ResourceRequirements_To_api_ResourceRequirements(&in.Resources, &out.Resources, s); err != nil { + return err + } + if in.VolumeMounts != nil { + out.VolumeMounts = make([]newer.VolumeMount, len(in.VolumeMounts)) + for i := range in.VolumeMounts { + if err := convert_v1_VolumeMount_To_api_VolumeMount(&in.VolumeMounts[i], &out.VolumeMounts[i], s); err != nil { + return err + } + } + } else { + out.VolumeMounts = nil + } + if in.LivenessProbe != nil { + out.LivenessProbe = new(newer.Probe) + if err := convert_v1_Probe_To_api_Probe(in.LivenessProbe, out.LivenessProbe, s); err != nil { + return err + } + } else { + out.LivenessProbe = nil + } + if in.ReadinessProbe != nil { + out.ReadinessProbe = new(newer.Probe) + if err := convert_v1_Probe_To_api_Probe(in.ReadinessProbe, out.ReadinessProbe, s); err != nil { + return err + } + } else { + out.ReadinessProbe = nil + } + if in.Lifecycle != nil { + out.Lifecycle = new(newer.Lifecycle) + if err := convert_v1_Lifecycle_To_api_Lifecycle(in.Lifecycle, out.Lifecycle, s); err != nil { + return err + } + } else { + out.Lifecycle = nil + } + out.TerminationMessagePath = in.TerminationMessagePath + out.ImagePullPolicy = newer.PullPolicy(in.ImagePullPolicy) + if in.SecurityContext != nil { + out.SecurityContext = new(newer.SecurityContext) + if err := convert_v1_SecurityContext_To_api_SecurityContext(in.SecurityContext, out.SecurityContext, s); err != nil { + return err + } + } else { + out.SecurityContext = nil + } + return nil +} + +func convert_api_Container_To_v1_Container(in *newer.Container, out *Container, s conversion.Scope) error { + if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { + defaulting.(func(*newer.Container))(in) + } + out.Name = in.Name + out.Image = in.Image + if in.Command != nil { + out.Command = make([]string, len(in.Command)) + for i := range in.Command { + out.Command[i] = in.Command[i] + } + } else { + out.Command = nil + } + if in.Args != nil { + out.Args = make([]string, len(in.Args)) + for i := range in.Args { + out.Args[i] = in.Args[i] + } + } else { + out.Args = nil + } + out.WorkingDir = in.WorkingDir + if in.Ports != nil { + out.Ports = make([]ContainerPort, len(in.Ports)) + for i := range in.Ports { + if err := convert_api_ContainerPort_To_v1_ContainerPort(&in.Ports[i], &out.Ports[i], s); err != nil { + return err + } + } + } else { + out.Ports = nil + } + if in.Env != nil { + out.Env = make([]EnvVar, len(in.Env)) + for i := range in.Env { + if err := convert_api_EnvVar_To_v1_EnvVar(&in.Env[i], &out.Env[i], s); err != nil { + return err + } + } + } else { + out.Env = nil + } + if err := convert_api_ResourceRequirements_To_v1_ResourceRequirements(&in.Resources, &out.Resources, s); err != nil { + return err + } + if in.VolumeMounts != nil { + out.VolumeMounts = make([]VolumeMount, len(in.VolumeMounts)) + for i := range in.VolumeMounts { + if err := convert_api_VolumeMount_To_v1_VolumeMount(&in.VolumeMounts[i], &out.VolumeMounts[i], s); err != nil { + return err + } + } + } else { + out.VolumeMounts = nil + } + if in.LivenessProbe != nil { + out.LivenessProbe = new(Probe) + if err := convert_api_Probe_To_v1_Probe(in.LivenessProbe, out.LivenessProbe, s); err != nil { + return err + } + } else { + out.LivenessProbe = nil + } + if in.ReadinessProbe != nil { + out.ReadinessProbe = new(Probe) + if err := convert_api_Probe_To_v1_Probe(in.ReadinessProbe, out.ReadinessProbe, s); err != nil { + return err + } + } else { + out.ReadinessProbe = nil + } + if in.Lifecycle != nil { + out.Lifecycle = new(Lifecycle) + if err := convert_api_Lifecycle_To_v1_Lifecycle(in.Lifecycle, out.Lifecycle, s); err != nil { + return err + } + } else { + out.Lifecycle = nil + } + out.TerminationMessagePath = in.TerminationMessagePath + out.ImagePullPolicy = PullPolicy(in.ImagePullPolicy) + if in.SecurityContext != nil { + out.SecurityContext = new(SecurityContext) + if err := convert_api_SecurityContext_To_v1_SecurityContext(in.SecurityContext, out.SecurityContext, s); err != nil { + return err + } + } else { + out.SecurityContext = nil + } + return nil +} + func convert_v1_ContainerPort_To_api_ContainerPort(in *ContainerPort, out *newer.ContainerPort, s conversion.Scope) error { if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { defaulting.(func(*ContainerPort))(in) @@ -3405,9 +3591,9 @@ func convert_api_ResourceRequirements_To_v1_ResourceRequirements(in *newer.Resou return nil } -func convert_api_SELinuxOptions_To_v1_SELinuxOptions(in *newer.SELinuxOptions, out *SELinuxOptions, s conversion.Scope) error { +func convert_v1_SELinuxOptions_To_api_SELinuxOptions(in *SELinuxOptions, out *newer.SELinuxOptions, s conversion.Scope) error { if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { - defaulting.(func(*newer.SELinuxOptions))(in) + defaulting.(func(*SELinuxOptions))(in) } out.User = in.User out.Role = in.Role @@ -3416,9 +3602,9 @@ func convert_api_SELinuxOptions_To_v1_SELinuxOptions(in *newer.SELinuxOptions, o return nil } -func convert_v1_SELinuxOptions_To_api_SELinuxOptions(in *SELinuxOptions, out *newer.SELinuxOptions, s conversion.Scope) error { +func convert_api_SELinuxOptions_To_v1_SELinuxOptions(in *newer.SELinuxOptions, out *SELinuxOptions, s conversion.Scope) error { if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { - defaulting.(func(*SELinuxOptions))(in) + defaulting.(func(*newer.SELinuxOptions))(in) } out.User = in.User out.Role = in.Role @@ -3541,41 +3727,6 @@ func convert_api_SecretVolumeSource_To_v1_SecretVolumeSource(in *newer.SecretVol return nil } -func convert_api_SecurityContext_To_v1_SecurityContext(in *newer.SecurityContext, out *SecurityContext, s conversion.Scope) error { - if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { - defaulting.(func(*newer.SecurityContext))(in) - } - if in.Capabilities != nil { - out.Capabilities = new(Capabilities) - if err := convert_api_Capabilities_To_v1_Capabilities(in.Capabilities, out.Capabilities, s); err != nil { - return err - } - } else { - out.Capabilities = nil - } - if in.Privileged != nil { - out.Privileged = new(bool) - *out.Privileged = *in.Privileged - } else { - out.Privileged = nil - } - if in.SELinuxOptions != nil { - out.SELinuxOptions = new(SELinuxOptions) - if err := convert_api_SELinuxOptions_To_v1_SELinuxOptions(in.SELinuxOptions, out.SELinuxOptions, s); err != nil { - return err - } - } else { - out.SELinuxOptions = nil - } - if in.RunAsUser != nil { - out.RunAsUser = new(int64) - *out.RunAsUser = *in.RunAsUser - } else { - out.RunAsUser = nil - } - return nil -} - func convert_v1_SecurityContext_To_api_SecurityContext(in *SecurityContext, out *newer.SecurityContext, s conversion.Scope) error { if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { defaulting.(func(*SecurityContext))(in) @@ -3611,6 +3762,41 @@ func convert_v1_SecurityContext_To_api_SecurityContext(in *SecurityContext, out return nil } +func convert_api_SecurityContext_To_v1_SecurityContext(in *newer.SecurityContext, out *SecurityContext, s conversion.Scope) error { + if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { + defaulting.(func(*newer.SecurityContext))(in) + } + if in.Capabilities != nil { + out.Capabilities = new(Capabilities) + if err := convert_api_Capabilities_To_v1_Capabilities(in.Capabilities, out.Capabilities, s); err != nil { + return err + } + } else { + out.Capabilities = nil + } + if in.Privileged != nil { + out.Privileged = new(bool) + *out.Privileged = *in.Privileged + } else { + out.Privileged = nil + } + if in.SELinuxOptions != nil { + out.SELinuxOptions = new(SELinuxOptions) + if err := convert_api_SELinuxOptions_To_v1_SELinuxOptions(in.SELinuxOptions, out.SELinuxOptions, s); err != nil { + return err + } + } else { + out.SELinuxOptions = nil + } + if in.RunAsUser != nil { + out.RunAsUser = new(int64) + *out.RunAsUser = *in.RunAsUser + } else { + out.RunAsUser = nil + } + return nil +} + func convert_v1_SerializedReference_To_api_SerializedReference(in *SerializedReference, out *newer.SerializedReference, s conversion.Scope) error { if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { defaulting.(func(*SerializedReference))(in) @@ -4305,6 +4491,7 @@ func init() { convert_api_ContainerStateWaiting_To_v1_ContainerStateWaiting, convert_api_ContainerState_To_v1_ContainerState, convert_api_ContainerStatus_To_v1_ContainerStatus, + convert_api_Container_To_v1_Container, convert_api_DeleteOptions_To_v1_DeleteOptions, convert_api_EmptyDirVolumeSource_To_v1_EmptyDirVolumeSource, convert_api_EndpointAddress_To_v1_EndpointAddress, @@ -4414,6 +4601,7 @@ func init() { convert_v1_ContainerStateWaiting_To_api_ContainerStateWaiting, convert_v1_ContainerState_To_api_ContainerState, convert_v1_ContainerStatus_To_api_ContainerStatus, + convert_v1_Container_To_api_Container, convert_v1_DeleteOptions_To_api_DeleteOptions, convert_v1_EmptyDirVolumeSource_To_api_EmptyDirVolumeSource, convert_v1_EndpointAddress_To_api_EndpointAddress, diff --git a/pkg/api/v1/conversion_test.go b/pkg/api/v1/conversion_test.go index 33c1ff02ff7..3722d84d7d7 100644 --- a/pkg/api/v1/conversion_test.go +++ b/pkg/api/v1/conversion_test.go @@ -45,62 +45,3 @@ func TestNodeConversion(t *testing.T) { t.Fatalf("unexpected error: %v", err) } } - -func TestBadSecurityContextConversion(t *testing.T) { - priv := false - testCases := map[string]struct { - c *current.Container - err string - }{ - // this use case must use true for the container and false for the sc. Otherwise the defaulter - // will assume privileged was left undefined (since it is the default value) and copy the - // sc setting upwards - "mismatched privileged": { - c: ¤t.Container{ - Privileged: true, - SecurityContext: ¤t.SecurityContext{ - Privileged: &priv, - }, - }, - err: "container privileged settings do not match security context settings, cannot convert", - }, - "mismatched caps add": { - c: ¤t.Container{ - Capabilities: current.Capabilities{ - Add: []current.CapabilityType{"foo"}, - }, - SecurityContext: ¤t.SecurityContext{ - Capabilities: ¤t.Capabilities{ - Add: []current.CapabilityType{"bar"}, - }, - }, - }, - err: "container capability settings do not match security context settings, cannot convert", - }, - "mismatched caps drop": { - c: ¤t.Container{ - Capabilities: current.Capabilities{ - Drop: []current.CapabilityType{"foo"}, - }, - SecurityContext: ¤t.SecurityContext{ - Capabilities: ¤t.Capabilities{ - Drop: []current.CapabilityType{"bar"}, - }, - }, - }, - err: "container capability settings do not match security context settings, cannot convert", - }, - } - - for k, v := range testCases { - got := newer.Container{} - err := newer.Scheme.Convert(v.c, &got) - if err == nil { - t.Errorf("expected error for case %s but got none", k) - } else { - if err.Error() != v.err { - t.Errorf("unexpected error for case %s. Expected: %s but got: %s", k, v.err, err.Error()) - } - } - } -} diff --git a/pkg/api/v1/defaults.go b/pkg/api/v1/defaults.go index ab5ab09fa6a..10515332a11 100644 --- a/pkg/api/v1/defaults.go +++ b/pkg/api/v1/defaults.go @@ -19,8 +19,6 @@ package v1 import ( "strings" - "github.com/golang/glog" - "github.com/GoogleCloudPlatform/kubernetes/pkg/api" "github.com/GoogleCloudPlatform/kubernetes/pkg/util" ) @@ -68,7 +66,6 @@ func addDefaultingFuncs() { if obj.TerminationMessagePath == "" { obj.TerminationMessagePath = TerminationMessagePathDefault } - defaultSecurityContext(obj) }, func(obj *ServiceSpec) { if obj.SessionAffinity == "" { @@ -159,44 +156,3 @@ func defaultHostNetworkPorts(containers *[]Container) { } } } - -// defaultSecurityContext performs the downward and upward merges of a pod definition -func defaultSecurityContext(container *Container) { - if container.SecurityContext == nil { - glog.V(4).Infof("creating security context for container %s", container.Name) - container.SecurityContext = &SecurityContext{} - } - // if there are no capabilities defined on the SecurityContext then copy the container settings - if container.SecurityContext.Capabilities == nil { - glog.V(4).Infof("downward merge of container.Capabilities for container %s", container.Name) - container.SecurityContext.Capabilities = &container.Capabilities - } else { - // if there are capabilities defined on the security context and the container setting is - // empty then assume that it was left off the pod definition and ensure that the container - // settings match the security context settings (checked by the convert functions). If - // there are settings in both then don't touch it, the converter will error if they don't - // match - if len(container.Capabilities.Add) == 0 { - glog.V(4).Infof("upward merge of container.Capabilities.Add for container %s", container.Name) - container.Capabilities.Add = container.SecurityContext.Capabilities.Add - } - if len(container.Capabilities.Drop) == 0 { - glog.V(4).Infof("upward merge of container.Capabilities.Drop for container %s", container.Name) - container.Capabilities.Drop = container.SecurityContext.Capabilities.Drop - } - } - // if there are no privileged settings on the security context then copy the container settings - if container.SecurityContext.Privileged == nil { - glog.V(4).Infof("downward merge of container.Privileged for container %s", container.Name) - container.SecurityContext.Privileged = &container.Privileged - } else { - // we don't have a good way to know if container.Privileged was set or just defaulted to false - // so the best we can do here is check if the securityContext is set to true and the - // container is set to false and assume that the Privileged field was left off the container - // definition and not an intentional mismatch - if *container.SecurityContext.Privileged && !container.Privileged { - glog.V(4).Infof("upward merge of container.Privileged for container %s", container.Name) - container.Privileged = *container.SecurityContext.Privileged - } - } -} diff --git a/pkg/api/v1/defaults_test.go b/pkg/api/v1/defaults_test.go index 4b2a4fd30a5..09667ef841c 100644 --- a/pkg/api/v1/defaults_test.go +++ b/pkg/api/v1/defaults_test.go @@ -349,104 +349,3 @@ func TestSetDefaultObjectFieldSelectorAPIVersion(t *testing.T) { t.Errorf("Expected default APIVersion v1, got: %v", apiVersion) } } - -func TestSetDefaultSecurityContext(t *testing.T) { - priv := false - privTrue := true - testCases := map[string]struct { - c current.Container - }{ - "downward defaulting caps": { - c: current.Container{ - Privileged: false, - Capabilities: current.Capabilities{ - Add: []current.CapabilityType{"foo"}, - Drop: []current.CapabilityType{"bar"}, - }, - SecurityContext: ¤t.SecurityContext{ - Privileged: &priv, - }, - }, - }, - "downward defaulting priv": { - c: current.Container{ - Privileged: false, - Capabilities: current.Capabilities{ - Add: []current.CapabilityType{"foo"}, - Drop: []current.CapabilityType{"bar"}, - }, - SecurityContext: ¤t.SecurityContext{ - Capabilities: ¤t.Capabilities{ - Add: []current.CapabilityType{"foo"}, - Drop: []current.CapabilityType{"bar"}, - }, - }, - }, - }, - "upward defaulting caps": { - c: current.Container{ - Privileged: false, - SecurityContext: ¤t.SecurityContext{ - Privileged: &priv, - Capabilities: ¤t.Capabilities{ - Add: []current.CapabilityType{"biz"}, - Drop: []current.CapabilityType{"baz"}, - }, - }, - }, - }, - "upward defaulting priv": { - c: current.Container{ - Capabilities: current.Capabilities{ - Add: []current.CapabilityType{"foo"}, - Drop: []current.CapabilityType{"bar"}, - }, - SecurityContext: ¤t.SecurityContext{ - Privileged: &privTrue, - Capabilities: ¤t.Capabilities{ - Add: []current.CapabilityType{"foo"}, - Drop: []current.CapabilityType{"bar"}, - }, - }, - }, - }, - } - - pod := ¤t.Pod{ - Spec: current.PodSpec{}, - } - - for k, v := range testCases { - pod.Spec.Containers = []current.Container{v.c} - obj := roundTrip(t, runtime.Object(pod)) - defaultedPod := obj.(*current.Pod) - c := defaultedPod.Spec.Containers[0] - if isEqual, issues := areSecurityContextAndContainerEqual(&c); !isEqual { - t.Errorf("test case %s expected the security context to have the same values as the container but found %#v", k, issues) - } - } -} - -func areSecurityContextAndContainerEqual(c *current.Container) (bool, []string) { - issues := make([]string, 0) - equal := true - - if c.SecurityContext == nil || c.SecurityContext.Privileged == nil || c.SecurityContext.Capabilities == nil { - equal = false - issues = append(issues, "Expected non nil settings for SecurityContext") - return equal, issues - } - if *c.SecurityContext.Privileged != c.Privileged { - equal = false - issues = append(issues, "The defaulted SecurityContext.Privileged value did not match the container value") - } - if !reflect.DeepEqual(c.Capabilities.Add, c.Capabilities.Add) { - equal = false - issues = append(issues, "The defaulted SecurityContext.Capabilities.Add did not match the container settings") - } - if !reflect.DeepEqual(c.Capabilities.Drop, c.Capabilities.Drop) { - equal = false - issues = append(issues, "The defaulted SecurityContext.Capabilities.Drop did not match the container settings") - } - return equal, issues -} diff --git a/pkg/api/v1/types.go b/pkg/api/v1/types.go index 21980ab935d..028f8beafd9 100644 --- a/pkg/api/v1/types.go +++ b/pkg/api/v1/types.go @@ -639,12 +639,8 @@ type Container struct { Lifecycle *Lifecycle `json:"lifecycle,omitempty" description:"actions that the management system should take in response to container lifecycle events; cannot be updated"` // Optional: Defaults to /dev/termination-log TerminationMessagePath string `json:"terminationMessagePath,omitempty" description:"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"` - // Deprecated - see SecurityContext. Optional: Default to false. - Privileged bool `json:"privileged,omitempty" description:"hether or not the container is granted privileged status; defaults to false; cannot be updated; deprecated; See SecurityContext"` // Optional: Policy for pulling images for this container ImagePullPolicy PullPolicy `json:"imagePullPolicy,omitempty" description:"image pull policy; one of PullAlways, PullNever, PullIfNotPresent; defaults to PullAlways if :latest tag is specified, or PullIfNotPresent otherwise; cannot be updated"` - // Deprecated - see SecurityContext. Optional: Capabilities for container. - Capabilities Capabilities `json:"capabilities,omitempty" description:"capabilities for container; cannot be updated; deprecated; See SecurityContext"` // Optional: SecurityContext defines the security options the pod should be run with SecurityContext *SecurityContext `json:"securityContext,omitempty" description:"security options the pod should run with"` }