From ee72142730c71b66f211930c75cf7f0083fce968 Mon Sep 17 00:00:00 2001
From: Jay Pipes <jaypipes@gmail.com>
Date: Wed, 3 Jul 2019 08:35:57 -0400
Subject: [PATCH] Output boolean for AllowPrivilegeEscalation

`kubectl describe psp` was incorrectly outputting the hex-encoded value
of the pointer to bool AllowPrivilegeEscalation field of the PSP. This
patch simply fixes the output to be a stringified boolean value of the
field.

Fixes Issue #79721
---
 pkg/kubectl/describe/versioned/describe.go      | 6 +++++-
 pkg/kubectl/describe/versioned/describe_test.go | 7 +++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/pkg/kubectl/describe/versioned/describe.go b/pkg/kubectl/describe/versioned/describe.go
index 0b9515cc831..d7fc505933b 100644
--- a/pkg/kubectl/describe/versioned/describe.go
+++ b/pkg/kubectl/describe/versioned/describe.go
@@ -3865,7 +3865,11 @@ func describePodSecurityPolicy(psp *policyv1beta1.PodSecurityPolicy) (string, er
 		w.Write(LEVEL_0, "\nSettings:\n")
 
 		w.Write(LEVEL_1, "Allow Privileged:\t%t\n", psp.Spec.Privileged)
-		w.Write(LEVEL_1, "Allow Privilege Escalation:\t%v\n", psp.Spec.AllowPrivilegeEscalation)
+		if psp.Spec.AllowPrivilegeEscalation != nil {
+			w.Write(LEVEL_1, "Allow Privilege Escalation:\t%t\n", *psp.Spec.AllowPrivilegeEscalation)
+		} else {
+			w.Write(LEVEL_1, "Allow Privilege Escalation:\t<unset>\n")
+		}
 		w.Write(LEVEL_1, "Default Add Capabilities:\t%v\n", capsToString(psp.Spec.DefaultAddCapabilities))
 		w.Write(LEVEL_1, "Required Drop Capabilities:\t%s\n", capsToString(psp.Spec.RequiredDropCapabilities))
 		w.Write(LEVEL_1, "Allowed Capabilities:\t%s\n", capsToString(psp.Spec.AllowedCapabilities))
diff --git a/pkg/kubectl/describe/versioned/describe_test.go b/pkg/kubectl/describe/versioned/describe_test.go
index a1bddeb8303..a857645cf2a 100644
--- a/pkg/kubectl/describe/versioned/describe_test.go
+++ b/pkg/kubectl/describe/versioned/describe_test.go
@@ -2683,6 +2683,7 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
 	expected := []string{
 		"Name:\\s*mypsp",
 		"Allow Privileged:\\s*false",
+		"Allow Privilege Escalation:\\s*false",
 		"Default Add Capabilities:\\s*<none>",
 		"Required Drop Capabilities:\\s*<none>",
 		"Allowed Capabilities:\\s*<none>",
@@ -2704,13 +2705,15 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
 		"Supplemental Groups Strategy: RunAsAny",
 	}
 
+	falseVal := false
 	fake := fake.NewSimpleClientset(&policyv1beta1.PodSecurityPolicy{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "mypsp",
 		},
 		Spec: policyv1beta1.PodSecurityPolicySpec{
-			AllowedUnsafeSysctls: []string{"kernel.*", "net.ipv4.ip_local_port_range"},
-			ForbiddenSysctls:     []string{"net.ipv4.ip_default_ttl"},
+			AllowPrivilegeEscalation: &falseVal,
+			AllowedUnsafeSysctls:     []string{"kernel.*", "net.ipv4.ip_local_port_range"},
+			ForbiddenSysctls:         []string{"net.ipv4.ip_default_ttl"},
 			SELinux: policyv1beta1.SELinuxStrategyOptions{
 				Rule: policyv1beta1.SELinuxStrategyRunAsAny,
 			},