Merge pull request #79725 from jaypipes/issue79721

Output boolean for AllowPrivilegeEscalation
This commit is contained in:
Kubernetes Prow Robot 2019-07-09 10:12:29 -07:00 committed by GitHub
commit f56cfbeb6d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 3 deletions

View File

@ -3865,7 +3865,11 @@ func describePodSecurityPolicy(psp *policyv1beta1.PodSecurityPolicy) (string, er
w.Write(LEVEL_0, "\nSettings:\n") w.Write(LEVEL_0, "\nSettings:\n")
w.Write(LEVEL_1, "Allow Privileged:\t%t\n", psp.Spec.Privileged) w.Write(LEVEL_1, "Allow Privileged:\t%t\n", psp.Spec.Privileged)
w.Write(LEVEL_1, "Allow Privilege Escalation:\t%v\n", psp.Spec.AllowPrivilegeEscalation) if psp.Spec.AllowPrivilegeEscalation != nil {
w.Write(LEVEL_1, "Allow Privilege Escalation:\t%t\n", *psp.Spec.AllowPrivilegeEscalation)
} else {
w.Write(LEVEL_1, "Allow Privilege Escalation:\t<unset>\n")
}
w.Write(LEVEL_1, "Default Add Capabilities:\t%v\n", capsToString(psp.Spec.DefaultAddCapabilities)) w.Write(LEVEL_1, "Default Add Capabilities:\t%v\n", capsToString(psp.Spec.DefaultAddCapabilities))
w.Write(LEVEL_1, "Required Drop Capabilities:\t%s\n", capsToString(psp.Spec.RequiredDropCapabilities)) w.Write(LEVEL_1, "Required Drop Capabilities:\t%s\n", capsToString(psp.Spec.RequiredDropCapabilities))
w.Write(LEVEL_1, "Allowed Capabilities:\t%s\n", capsToString(psp.Spec.AllowedCapabilities)) w.Write(LEVEL_1, "Allowed Capabilities:\t%s\n", capsToString(psp.Spec.AllowedCapabilities))

View File

@ -2683,6 +2683,7 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
expected := []string{ expected := []string{
"Name:\\s*mypsp", "Name:\\s*mypsp",
"Allow Privileged:\\s*false", "Allow Privileged:\\s*false",
"Allow Privilege Escalation:\\s*false",
"Default Add Capabilities:\\s*<none>", "Default Add Capabilities:\\s*<none>",
"Required Drop Capabilities:\\s*<none>", "Required Drop Capabilities:\\s*<none>",
"Allowed Capabilities:\\s*<none>", "Allowed Capabilities:\\s*<none>",
@ -2704,13 +2705,15 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
"Supplemental Groups Strategy: RunAsAny", "Supplemental Groups Strategy: RunAsAny",
} }
falseVal := false
fake := fake.NewSimpleClientset(&policyv1beta1.PodSecurityPolicy{ fake := fake.NewSimpleClientset(&policyv1beta1.PodSecurityPolicy{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "mypsp", Name: "mypsp",
}, },
Spec: policyv1beta1.PodSecurityPolicySpec{ Spec: policyv1beta1.PodSecurityPolicySpec{
AllowedUnsafeSysctls: []string{"kernel.*", "net.ipv4.ip_local_port_range"}, AllowPrivilegeEscalation: &falseVal,
ForbiddenSysctls: []string{"net.ipv4.ip_default_ttl"}, AllowedUnsafeSysctls: []string{"kernel.*", "net.ipv4.ip_local_port_range"},
ForbiddenSysctls: []string{"net.ipv4.ip_default_ttl"},
SELinux: policyv1beta1.SELinuxStrategyOptions{ SELinux: policyv1beta1.SELinuxStrategyOptions{
Rule: policyv1beta1.SELinuxStrategyRunAsAny, Rule: policyv1beta1.SELinuxStrategyRunAsAny,
}, },