From eecef462c83dd411034a25359db00d0bedee264c Mon Sep 17 00:00:00 2001 From: Mayank Kumar Date: Thu, 29 Mar 2018 23:32:48 -0700 Subject: [PATCH] remove unused code in securitycontext --- pkg/securitycontext/util.go | 21 -------- pkg/securitycontext/util_test.go | 93 -------------------------------- 2 files changed, 114 deletions(-) diff --git a/pkg/securitycontext/util.go b/pkg/securitycontext/util.go index 38377f40f57..5ade5588146 100644 --- a/pkg/securitycontext/util.go +++ b/pkg/securitycontext/util.go @@ -67,27 +67,6 @@ func ParseSELinuxOptions(context string) (*v1.SELinuxOptions, error) { }, nil } -// HasNonRootUID returns true if the runAsUser is set and is greater than 0. -func HasRootUID(container *v1.Container) bool { - if container.SecurityContext == nil { - return false - } - if container.SecurityContext.RunAsUser == nil { - return false - } - return *container.SecurityContext.RunAsUser == 0 -} - -// HasRunAsUser determines if the sc's runAsUser field is set. -func HasRunAsUser(container *v1.Container) bool { - return container.SecurityContext != nil && container.SecurityContext.RunAsUser != nil -} - -// HasRootRunAsUser returns true if the run as user is set and it is set to 0. -func HasRootRunAsUser(container *v1.Container) bool { - return HasRunAsUser(container) && HasRootUID(container) -} - func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext { effectiveSc := securityContextFromPodSecurityContext(pod) containerSc := container.SecurityContext diff --git a/pkg/securitycontext/util_test.go b/pkg/securitycontext/util_test.go index 5cc3fa71ada..475356c4074 100644 --- a/pkg/securitycontext/util_test.go +++ b/pkg/securitycontext/util_test.go @@ -84,99 +84,6 @@ func compareContexts(name string, ex, ac *v1.SELinuxOptions, t *testing.T) { } } -func containerWithUser(ptr *int64) *v1.Container { - return &v1.Container{SecurityContext: &v1.SecurityContext{RunAsUser: ptr}} -} - -func TestHaRootUID(t *testing.T) { - nonRoot := int64(1) - root := int64(0) - - tests := map[string]struct { - container *v1.Container - expect bool - }{ - "nil sc": { - container: &v1.Container{SecurityContext: nil}, - }, - "nil runAsuser": { - container: containerWithUser(nil), - }, - "runAsUser non-root": { - container: containerWithUser(&nonRoot), - }, - "runAsUser root": { - container: containerWithUser(&root), - expect: true, - }, - } - - for k, v := range tests { - actual := HasRootUID(v.container) - if actual != v.expect { - t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual) - } - } -} - -func TestHasRunAsUser(t *testing.T) { - runAsUser := int64(0) - - tests := map[string]struct { - container *v1.Container - expect bool - }{ - "nil sc": { - container: &v1.Container{SecurityContext: nil}, - }, - "nil runAsUser": { - container: containerWithUser(nil), - }, - "valid runAsUser": { - container: containerWithUser(&runAsUser), - expect: true, - }, - } - - for k, v := range tests { - actual := HasRunAsUser(v.container) - if actual != v.expect { - t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual) - } - } -} - -func TestHasRootRunAsUser(t *testing.T) { - nonRoot := int64(1) - root := int64(0) - - tests := map[string]struct { - container *v1.Container - expect bool - }{ - "nil sc": { - container: &v1.Container{SecurityContext: nil}, - }, - "nil runAsuser": { - container: containerWithUser(nil), - }, - "runAsUser non-root": { - container: containerWithUser(&nonRoot), - }, - "runAsUser root": { - container: containerWithUser(&root), - expect: true, - }, - } - - for k, v := range tests { - actual := HasRootRunAsUser(v.container) - if actual != v.expect { - t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual) - } - } -} - func TestAddNoNewPrivileges(t *testing.T) { pfalse := false ptrue := true