Replace UserIDRange/GroupIDRange by IDRange in internal type to reduce difference with external type.

We had IDRange in both types prior 9440a68744 commit that splitted it into UserIDRange/GroupIDRange. Later, in c91a12d205 commit we had to revert this changes because they broke backward compatibility but UserIDRange/GroupIDRange struct left in the internal type. This commit removes these leftovers and reduces the differences between internal and external types.
2025-07-28 05:57:25 +00:00 · 2018-05-04 17:37:12 +02:00 · 2018-05-04 17:37:12 +02:00 · f49a0fbd5f
commit f49a0fbd5f
parent 54cf942a05
10 changed files with 55 additions and 75 deletions
--- a/pkg/apis/policy/types.go
+++ b/pkg/apis/policy/types.go
@ -312,19 +312,11 @@ type RunAsUserStrategyOptions struct {
 	// Ranges are the allowed ranges of uids that may be used. If you would like to force a single uid
 	// then supply a single range with the same start and end. Required for MustRunAs.
 	// +optional
-	Ranges []UserIDRange
+	Ranges []IDRange
 }
-// UserIDRange provides a min/max of an allowed range of UserIDs.
+// IDRange provides a min/max of an allowed range of IDs.
-type UserIDRange struct {
+type IDRange struct {
 	// Min is the start of the range, inclusive.
 	Min int64
 	// Max is the end of the range, inclusive.
 	Max int64
 }
 // GroupIDRange provides a min/max of an allowed range of GroupIDs.
 type GroupIDRange struct {
 	// Min is the start of the range, inclusive.
 	Min int64
 	// Max is the end of the range, inclusive.
@ -352,7 +344,7 @@ type FSGroupStrategyOptions struct {
 	// Ranges are the allowed ranges of fs groups.  If you would like to force a single
 	// fs group then supply a single range with the same start and end. Required for MustRunAs.
 	// +optional
-	Ranges []GroupIDRange
+	Ranges []IDRange
 }
 // FSGroupStrategyType denotes strategy types for generating FSGroup values for a
@ -374,7 +366,7 @@ type SupplementalGroupsStrategyOptions struct {
 	// Ranges are the allowed ranges of supplemental groups.  If you would like to force a single
 	// supplemental group then supply a single range with the same start and end. Required for MustRunAs.
 	// +optional
-	Ranges []GroupIDRange
+	Ranges []IDRange
 }
 // SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental
--- a/pkg/apis/policy/validation/validation.go
+++ b/pkg/apis/policy/validation/validation.go
@ -325,12 +325,12 @@ func validatePodSecurityPolicySysctls(fldPath *field.Path, sysctls []string) fie
 	return allErrs
 }
-func validateUserIDRange(fldPath *field.Path, rng policy.UserIDRange) field.ErrorList {
+func validateUserIDRange(fldPath *field.Path, rng policy.IDRange) field.ErrorList {
-	return validateIDRanges(fldPath, int64(rng.Min), int64(rng.Max))
+	return validateIDRanges(fldPath, rng.Min, rng.Max)
 }
-func validateGroupIDRange(fldPath *field.Path, rng policy.GroupIDRange) field.ErrorList {
+func validateGroupIDRange(fldPath *field.Path, rng policy.IDRange) field.ErrorList {
-	return validateIDRanges(fldPath, int64(rng.Min), int64(rng.Max))
+	return validateIDRanges(fldPath, rng.Min, rng.Max)
 }
 // validateIDRanges ensures the range is valid.
--- a/pkg/apis/policy/validation/validation_test.go
+++ b/pkg/apis/policy/validation/validation_test.go
@ -270,7 +270,7 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
 	invalidUIDPSP := validPSP()
 	invalidUIDPSP.Spec.RunAsUser.Rule = policy.RunAsUserStrategyMustRunAs
-	invalidUIDPSP.Spec.RunAsUser.Ranges = []policy.UserIDRange{{Min: -1, Max: 1}}
+	invalidUIDPSP.Spec.RunAsUser.Ranges = []policy.IDRange{{Min: -1, Max: 1}}
 	missingObjectMetaName := validPSP()
 	missingObjectMetaName.ObjectMeta.Name = ""
@ -288,17 +288,17 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
 	invalidSupGroupStratType.Spec.SupplementalGroups.Rule = "invalid"
 	invalidRangeMinGreaterThanMax := validPSP()
-	invalidRangeMinGreaterThanMax.Spec.FSGroup.Ranges = []policy.GroupIDRange{
+	invalidRangeMinGreaterThanMax.Spec.FSGroup.Ranges = []policy.IDRange{
 		{Min: 2, Max: 1},
 	}
 	invalidRangeNegativeMin := validPSP()
-	invalidRangeNegativeMin.Spec.FSGroup.Ranges = []policy.GroupIDRange{
+	invalidRangeNegativeMin.Spec.FSGroup.Ranges = []policy.IDRange{
 		{Min: -1, Max: 10},
 	}
 	invalidRangeNegativeMax := validPSP()
-	invalidRangeNegativeMax.Spec.FSGroup.Ranges = []policy.GroupIDRange{
+	invalidRangeNegativeMax.Spec.FSGroup.Ranges = []policy.IDRange{
 		{Min: 1, Max: -10},
 	}
@ -539,7 +539,7 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
 	mustRunAs.Spec.FSGroup.Rule = policy.FSGroupStrategyMustRunAs
 	mustRunAs.Spec.SupplementalGroups.Rule = policy.SupplementalGroupsStrategyMustRunAs
 	mustRunAs.Spec.RunAsUser.Rule = policy.RunAsUserStrategyMustRunAs
-	mustRunAs.Spec.RunAsUser.Ranges = []policy.UserIDRange{
+	mustRunAs.Spec.RunAsUser.Ranges = []policy.IDRange{
 		{Min: 1, Max: 1},
 	}
 	mustRunAs.Spec.SELinux.Rule = policy.SELinuxStrategyMustRunAs
@ -733,8 +733,8 @@ func Test_validatePSPRunAsUser(t *testing.T) {
 		{"Invalid RunAsUserStrategy", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategy("someInvalidStrategy")}, true},
 		{"RunAsUserStrategyMustRunAs", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategyMustRunAs}, false},
 		{"RunAsUserStrategyMustRunAsNonRoot", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategyMustRunAsNonRoot}, false},
-		{"RunAsUserStrategyMustRunAsNonRoot With Valid Range", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategyMustRunAs, Ranges: []policy.UserIDRange{{Min: 2, Max: 3}, {Min: 4, Max: 5}}}, false},
+		{"RunAsUserStrategyMustRunAsNonRoot With Valid Range", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategyMustRunAs, Ranges: []policy.IDRange{{Min: 2, Max: 3}, {Min: 4, Max: 5}}}, false},
-		{"RunAsUserStrategyMustRunAsNonRoot With Invalid Range", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategyMustRunAs, Ranges: []policy.UserIDRange{{Min: 2, Max: 3}, {Min: 5, Max: 4}}}, true},
+		{"RunAsUserStrategyMustRunAsNonRoot With Invalid Range", policy.RunAsUserStrategyOptions{Rule: policy.RunAsUserStrategyMustRunAs, Ranges: []policy.IDRange{{Min: 2, Max: 3}, {Min: 5, Max: 4}}}, true},
 	}
 	for _, testCase := range testCases {
--- a/pkg/printers/internalversion/describe.go
+++ b/pkg/printers/internalversion/describe.go
@ -3535,13 +3535,13 @@ func describePodSecurityPolicy(psp *policy.PodSecurityPolicy) (string, error) {
 		w.Write(LEVEL_2, "Level:\t%s\n", stringOrNone(level))
 		w.Write(LEVEL_1, "Run As User Strategy: %s\t\n", string(psp.Spec.RunAsUser.Rule))
-		w.Write(LEVEL_2, "Ranges:\t%s\n", userIDRangeToString(psp.Spec.RunAsUser.Ranges))
+		w.Write(LEVEL_2, "Ranges:\t%s\n", idRangeToString(psp.Spec.RunAsUser.Ranges))
 		w.Write(LEVEL_1, "FSGroup Strategy: %s\t\n", string(psp.Spec.FSGroup.Rule))
-		w.Write(LEVEL_2, "Ranges:\t%s\n", groupIDRangeToString(psp.Spec.FSGroup.Ranges))
+		w.Write(LEVEL_2, "Ranges:\t%s\n", idRangeToString(psp.Spec.FSGroup.Ranges))
 		w.Write(LEVEL_1, "Supplemental Groups Strategy: %s\t\n", string(psp.Spec.SupplementalGroups.Rule))
-		w.Write(LEVEL_2, "Ranges:\t%s\n", groupIDRangeToString(psp.Spec.SupplementalGroups.Ranges))
+		w.Write(LEVEL_2, "Ranges:\t%s\n", idRangeToString(psp.Spec.SupplementalGroups.Ranges))
 		return nil
 	})
@ -3586,19 +3586,7 @@ func hostPortRangeToString(ranges []policy.HostPortRange) string {
 	return stringOrNone(formattedString)
 }
-func userIDRangeToString(ranges []policy.UserIDRange) string {
+func idRangeToString(ranges []policy.IDRange) string {
 	formattedString := ""
 	if ranges != nil {
 		strRanges := []string{}
 		for _, r := range ranges {
 			strRanges = append(strRanges, fmt.Sprintf("%d-%d", r.Min, r.Max))
 		}
 		formattedString = strings.Join(strRanges, ",")
 	}
 	return stringOrNone(formattedString)
 }
 func groupIDRangeToString(ranges []policy.GroupIDRange) string {
 	formattedString := ""
 	if ranges != nil {
 		strRanges := []string{}
--- a/pkg/security/podsecuritypolicy/group/mustrunas.go
+++ b/pkg/security/podsecuritypolicy/group/mustrunas.go
@ -27,14 +27,14 @@ import (
 // mustRunAs implements the GroupStrategy interface
 type mustRunAs struct {
-	ranges []policy.GroupIDRange
+	ranges []policy.IDRange
 	field  string
 }
 var _ GroupStrategy = &mustRunAs{}
 // NewMustRunAs provides a new MustRunAs strategy based on ranges.
-func NewMustRunAs(ranges []policy.GroupIDRange, field string) (GroupStrategy, error) {
+func NewMustRunAs(ranges []policy.IDRange, field string) (GroupStrategy, error) {
 	if len(ranges) == 0 {
 		return nil, fmt.Errorf("ranges must be supplied for MustRunAs")
 	}
--- a/pkg/security/podsecuritypolicy/group/mustrunas_test.go
+++ b/pkg/security/podsecuritypolicy/group/mustrunas_test.go
@ -25,14 +25,14 @@ import (
 func TestMustRunAsOptions(t *testing.T) {
 	tests := map[string]struct {
-		ranges []policy.GroupIDRange
+		ranges []policy.IDRange
 		pass   bool
 	}{
 		"empty": {
-			ranges: []policy.GroupIDRange{},
+			ranges: []policy.IDRange{},
 		},
 		"ranges": {
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 1},
 			},
 			pass: true,
@ -52,23 +52,23 @@ func TestMustRunAsOptions(t *testing.T) {
 func TestGenerate(t *testing.T) {
 	tests := map[string]struct {
-		ranges   []policy.GroupIDRange
+		ranges   []policy.IDRange
 		expected []int64
 	}{
 		"multi value": {
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 2},
 			},
 			expected: []int64{1},
 		},
 		"single value": {
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 1},
 			},
 			expected: []int64{1},
 		},
 		"multi range": {
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 1},
 				{Min: 2, Max: 500},
 			},
@ -110,25 +110,25 @@ func TestGenerate(t *testing.T) {
 func TestValidate(t *testing.T) {
 	tests := map[string]struct {
-		ranges        []policy.GroupIDRange
+		ranges        []policy.IDRange
 		groups        []int64
 		expectedError string
 	}{
 		"nil security context": {
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 3},
 			},
 			expectedError: "unable to validate empty groups against required ranges",
 		},
 		"empty groups": {
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 3},
 			},
 			expectedError: "unable to validate empty groups against required ranges",
 		},
 		"not in range": {
 			groups: []int64{5},
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 3},
 				{Min: 4, Max: 4},
 			},
@ -136,25 +136,25 @@ func TestValidate(t *testing.T) {
 		},
 		"in range 1": {
 			groups: []int64{2},
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 3},
 			},
 		},
 		"in range boundary min": {
 			groups: []int64{1},
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 3},
 			},
 		},
 		"in range boundary max": {
 			groups: []int64{3},
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 1, Max: 3},
 			},
 		},
 		"singular range": {
 			groups: []int64{4},
-			ranges: []policy.GroupIDRange{
+			ranges: []policy.IDRange{
 				{Min: 4, Max: 4},
 			},
 		},
--- a/pkg/security/podsecuritypolicy/provider_test.go
+++ b/pkg/security/podsecuritypolicy/provider_test.go
@ -186,7 +186,7 @@ func TestValidatePodSecurityContextFailures(t *testing.T) {
 	failSupplementalGroupPSP := defaultPSP()
 	failSupplementalGroupPSP.Spec.SupplementalGroups = policy.SupplementalGroupsStrategyOptions{
 		Rule: policy.SupplementalGroupsStrategyMustRunAs,
-		Ranges: []policy.GroupIDRange{
+		Ranges: []policy.IDRange{
 			{Min: 1, Max: 1},
 		},
 	}
@ -197,7 +197,7 @@ func TestValidatePodSecurityContextFailures(t *testing.T) {
 	failFSGroupPSP := defaultPSP()
 	failFSGroupPSP.Spec.FSGroup = policy.FSGroupStrategyOptions{
 		Rule: policy.FSGroupStrategyMustRunAs,
-		Ranges: []policy.GroupIDRange{
+		Ranges: []policy.IDRange{
 			{Min: 1, Max: 1},
 		},
 	}
@ -409,7 +409,7 @@ func TestValidateContainerSecurityContextFailures(t *testing.T) {
 	badUID := int64(1)
 	failUserPSP.Spec.RunAsUser = policy.RunAsUserStrategyOptions{
 		Rule:   policy.RunAsUserStrategyMustRunAs,
-		Ranges: []policy.UserIDRange{{Min: uid, Max: uid}},
+		Ranges: []policy.IDRange{{Min: uid, Max: uid}},
 	}
 	failUserPod := defaultPod()
 	failUserPod.Spec.Containers[0].SecurityContext.RunAsUser = &badUID
@ -564,7 +564,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) {
 	supGroupPSP := defaultPSP()
 	supGroupPSP.Spec.SupplementalGroups = policy.SupplementalGroupsStrategyOptions{
 		Rule: policy.SupplementalGroupsStrategyMustRunAs,
-		Ranges: []policy.GroupIDRange{
+		Ranges: []policy.IDRange{
 			{Min: 1, Max: 5},
 		},
 	}
@ -574,7 +574,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) {
 	fsGroupPSP := defaultPSP()
 	fsGroupPSP.Spec.FSGroup = policy.FSGroupStrategyOptions{
 		Rule: policy.FSGroupStrategyMustRunAs,
-		Ranges: []policy.GroupIDRange{
+		Ranges: []policy.IDRange{
 			{Min: 1, Max: 5},
 		},
 	}
@ -746,7 +746,7 @@ func TestValidateContainerSecurityContextSuccess(t *testing.T) {
 	uid := int64(999)
 	userPSP.Spec.RunAsUser = policy.RunAsUserStrategyOptions{
 		Rule:   policy.RunAsUserStrategyMustRunAs,
-		Ranges: []policy.UserIDRange{{Min: uid, Max: uid}},
+		Ranges: []policy.IDRange{{Min: uid, Max: uid}},
 	}
 	userPod := defaultPod()
 	userPod.Spec.Containers[0].SecurityContext.RunAsUser = &uid
--- a/pkg/security/podsecuritypolicy/user/mustrunas_test.go
+++ b/pkg/security/podsecuritypolicy/user/mustrunas_test.go
@ -38,7 +38,7 @@ func TestNewMustRunAs(t *testing.T) {
 		},
 		"valid opts": {
 			opts: &policy.RunAsUserStrategyOptions{
-				Ranges: []policy.UserIDRange{
+				Ranges: []policy.IDRange{
 					{Min: 1, Max: 1},
 				},
 			},
@ -58,7 +58,7 @@ func TestNewMustRunAs(t *testing.T) {
 func TestGenerate(t *testing.T) {
 	opts := &policy.RunAsUserStrategyOptions{
-		Ranges: []policy.UserIDRange{
+		Ranges: []policy.IDRange{
 			{Min: 1, Max: 1},
 		},
 	}
@ -77,7 +77,7 @@ func TestGenerate(t *testing.T) {
 func TestValidate(t *testing.T) {
 	opts := &policy.RunAsUserStrategyOptions{
-		Ranges: []policy.UserIDRange{
+		Ranges: []policy.IDRange{
 			{Min: 1, Max: 1},
 			{Min: 10, Max: 20},
 		},
--- a/pkg/security/podsecuritypolicy/util/util.go
+++ b/pkg/security/podsecuritypolicy/util/util.go
@ -164,12 +164,12 @@ func PSPAllowsFSType(psp *policy.PodSecurityPolicy, fsType policy.FSType) bool {
 }
 // UserFallsInRange is a utility to determine it the id falls in the valid range.
-func UserFallsInRange(id int64, rng policy.UserIDRange) bool {
+func UserFallsInRange(id int64, rng policy.IDRange) bool {
 	return id >= rng.Min && id <= rng.Max
 }
 // GroupFallsInRange is a utility to determine it the id falls in the valid range.
-func GroupFallsInRange(id int64, rng policy.GroupIDRange) bool {
+func GroupFallsInRange(id int64, rng policy.IDRange) bool {
 	return id >= rng.Min && id <= rng.Max
 }
--- a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
+++ b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
@ -324,11 +324,11 @@ func defaultPod(t *testing.T, pod *kapi.Pod) *kapi.Pod {
 func TestAdmitPreferNonmutating(t *testing.T) {
 	mutating1 := restrictivePSP()
 	mutating1.Name = "mutating1"
-	mutating1.Spec.RunAsUser.Ranges = []policy.UserIDRange{{Min: int64(1), Max: int64(1)}}
+	mutating1.Spec.RunAsUser.Ranges = []policy.IDRange{{Min: int64(1), Max: int64(1)}}
 	mutating2 := restrictivePSP()
 	mutating2.Name = "mutating2"
-	mutating2.Spec.RunAsUser.Ranges = []policy.UserIDRange{{Min: int64(2), Max: int64(2)}}
+	mutating2.Spec.RunAsUser.Ranges = []policy.IDRange{{Min: int64(2), Max: int64(2)}}
 	privilegedPSP := permissivePSP()
 	privilegedPSP.Name = "privileged"
@ -1194,7 +1194,7 @@ func TestAdmitRunAsUser(t *testing.T) {
 	mustRunAs := permissivePSP()
 	mustRunAs.Name = "mustRunAs"
 	mustRunAs.Spec.RunAsUser.Rule = policy.RunAsUserStrategyMustRunAs
-	mustRunAs.Spec.RunAsUser.Ranges = []policy.UserIDRange{
+	mustRunAs.Spec.RunAsUser.Ranges = []policy.IDRange{
 		{Min: int64(999), Max: int64(1000)},
 	}
@ -1357,7 +1357,7 @@ func TestAdmitSupplementalGroups(t *testing.T) {
 	mustRunAs := permissivePSP()
 	mustRunAs.Name = "mustRunAs"
 	mustRunAs.Spec.SupplementalGroups.Rule = policy.SupplementalGroupsStrategyMustRunAs
-	mustRunAs.Spec.SupplementalGroups.Ranges = []policy.GroupIDRange{{Min: int64(999), Max: int64(1000)}}
+	mustRunAs.Spec.SupplementalGroups.Ranges = []policy.IDRange{{Min: int64(999), Max: int64(1000)}}
 	tests := map[string]struct {
 		pod                *kapi.Pod
@ -2354,7 +2354,7 @@ func restrictivePSP() *policy.PodSecurityPolicy {
 		Spec: policy.PodSecurityPolicySpec{
 			RunAsUser: policy.RunAsUserStrategyOptions{
 				Rule: policy.RunAsUserStrategyMustRunAs,
-				Ranges: []policy.UserIDRange{
+				Ranges: []policy.IDRange{
 					{Min: int64(999), Max: int64(999)},
 				},
 			},
@ -2366,13 +2366,13 @@ func restrictivePSP() *policy.PodSecurityPolicy {
 			},
 			FSGroup: policy.FSGroupStrategyOptions{
 				Rule: policy.FSGroupStrategyMustRunAs,
-				Ranges: []policy.GroupIDRange{
+				Ranges: []policy.IDRange{
 					{Min: int64(999), Max: int64(999)},
 				},
 			},
 			SupplementalGroups: policy.SupplementalGroupsStrategyOptions{
 				Rule: policy.SupplementalGroupsStrategyMustRunAs,
-				Ranges: []policy.GroupIDRange{
+				Ranges: []policy.IDRange{
 					{Min: int64(999), Max: int64(999)},
 				},
 			},