Merge pull request #67802 from krmayankk/dockershimtests

Implement RunAsGroup Strategy in PSP
2025-10-22 06:59:03 +00:00 · 2018-10-12 11:19:39 -07:00
parent 6fc89ae92d bc3e3afc46
commit e23a3af013
34 changed files with 1588 additions and 391 deletions
--- a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
+++ b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
@@ -1907,6 +1907,9 @@ func TestCreateProvidersFromConstraints(t *testing.T) {
 						RunAsUser: policy.RunAsUserStrategyOptions{
 							Rule: policy.RunAsUserStrategyRunAsAny,
 						},
+						RunAsGroup: &policy.RunAsGroupStrategyOptions{
+							Rule: policy.RunAsGroupStrategyRunAsAny,
+						},
 						FSGroup: policy.FSGroupStrategyOptions{
 							Rule: policy.FSGroupStrategyRunAsAny,
 						},
@@ -1930,6 +1933,9 @@ func TestCreateProvidersFromConstraints(t *testing.T) {
 						RunAsUser: policy.RunAsUserStrategyOptions{
 							Rule: policy.RunAsUserStrategyMustRunAs,
 						},
+						RunAsGroup: &policy.RunAsGroupStrategyOptions{
+							Rule: policy.RunAsGroupStrategyRunAsAny,
+						},
 						FSGroup: policy.FSGroupStrategyOptions{
 							Rule: policy.FSGroupStrategyRunAsAny,
 						},
@@ -2343,6 +2349,12 @@ func restrictivePSP() *policy.PodSecurityPolicy {
 					{Min: int64(999), Max: int64(999)},
 				},
 			},
+			RunAsGroup: &policy.RunAsGroupStrategyOptions{
+				Rule: policy.RunAsGroupStrategyMustRunAs,
+				Ranges: []policy.IDRange{
+					{Min: int64(999), Max: int64(999)},
+				},
+			},
 			SELinux: policy.SELinuxStrategyOptions{
 				Rule: policy.SELinuxStrategyMustRunAs,
 				SELinuxOptions: &kapi.SELinuxOptions{
@@ -2382,6 +2394,9 @@ func permissivePSP() *policy.PodSecurityPolicy {
 			RunAsUser: policy.RunAsUserStrategyOptions{
 				Rule: policy.RunAsUserStrategyRunAsAny,
 			},
+			RunAsGroup: &policy.RunAsGroupStrategyOptions{
+				Rule: policy.RunAsGroupStrategyRunAsAny,
+			},
 			SELinux: policy.SELinuxStrategyOptions{
 				Rule: policy.SELinuxStrategyRunAsAny,
 			},