Merge pull request #79725 from jaypipes/issue79721

Output boolean for AllowPrivilegeEscalation
This commit is contained in:
Kubernetes Prow Robot 2019-07-09 10:12:29 -07:00 committed by GitHub
commit f56cfbeb6d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 3 deletions

View File

@ -3865,7 +3865,11 @@ func describePodSecurityPolicy(psp *policyv1beta1.PodSecurityPolicy) (string, er
w.Write(LEVEL_0, "\nSettings:\n")
w.Write(LEVEL_1, "Allow Privileged:\t%t\n", psp.Spec.Privileged)
w.Write(LEVEL_1, "Allow Privilege Escalation:\t%v\n", psp.Spec.AllowPrivilegeEscalation)
if psp.Spec.AllowPrivilegeEscalation != nil {
w.Write(LEVEL_1, "Allow Privilege Escalation:\t%t\n", *psp.Spec.AllowPrivilegeEscalation)
} else {
w.Write(LEVEL_1, "Allow Privilege Escalation:\t<unset>\n")
}
w.Write(LEVEL_1, "Default Add Capabilities:\t%v\n", capsToString(psp.Spec.DefaultAddCapabilities))
w.Write(LEVEL_1, "Required Drop Capabilities:\t%s\n", capsToString(psp.Spec.RequiredDropCapabilities))
w.Write(LEVEL_1, "Allowed Capabilities:\t%s\n", capsToString(psp.Spec.AllowedCapabilities))

View File

@ -2683,6 +2683,7 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
expected := []string{
"Name:\\s*mypsp",
"Allow Privileged:\\s*false",
"Allow Privilege Escalation:\\s*false",
"Default Add Capabilities:\\s*<none>",
"Required Drop Capabilities:\\s*<none>",
"Allowed Capabilities:\\s*<none>",
@ -2704,13 +2705,15 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
"Supplemental Groups Strategy: RunAsAny",
}
falseVal := false
fake := fake.NewSimpleClientset(&policyv1beta1.PodSecurityPolicy{
ObjectMeta: metav1.ObjectMeta{
Name: "mypsp",
},
Spec: policyv1beta1.PodSecurityPolicySpec{
AllowedUnsafeSysctls: []string{"kernel.*", "net.ipv4.ip_local_port_range"},
ForbiddenSysctls: []string{"net.ipv4.ip_default_ttl"},
AllowPrivilegeEscalation: &falseVal,
AllowedUnsafeSysctls: []string{"kernel.*", "net.ipv4.ip_local_port_range"},
ForbiddenSysctls: []string{"net.ipv4.ip_default_ttl"},
SELinux: policyv1beta1.SELinuxStrategyOptions{
Rule: policyv1beta1.SELinuxStrategyRunAsAny,
},