From fdce8ef96098143569cfd0f441531b256c774bd0 Mon Sep 17 00:00:00 2001 From: "feifei.zhang@huawei.com" Date: Tue, 5 Nov 2019 18:56:15 +0800 Subject: [PATCH] fix golint failures of pkg/security/apparmor --- hack/.golint_failures | 1 - pkg/security/apparmor/helpers.go | 6 +++--- pkg/security/apparmor/validate.go | 10 +++++----- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/hack/.golint_failures b/hack/.golint_failures index 812757f2d41..732279ec3dc 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -215,7 +215,6 @@ pkg/registry/storage/rest pkg/registry/storage/storageclass pkg/registry/storage/storageclass/storage pkg/scheduler/apis/config/v1alpha1 -pkg/security/apparmor pkg/security/podsecuritypolicy pkg/security/podsecuritypolicy/group pkg/security/podsecuritypolicy/selinux diff --git a/pkg/security/apparmor/helpers.go b/pkg/security/apparmor/helpers.go index 5352f1332e2..2c67ff57861 100644 --- a/pkg/security/apparmor/helpers.go +++ b/pkg/security/apparmor/helpers.go @@ -50,7 +50,7 @@ func isRequired(pod *v1.Pod) bool { return false } -// Returns the name of the profile to use with the container. +// GetProfileName returns the name of the profile to use with the container. func GetProfileName(pod *v1.Pod, containerName string) string { return GetProfileNameFromPodAnnotations(pod.Annotations, containerName) } @@ -61,7 +61,7 @@ func GetProfileNameFromPodAnnotations(annotations map[string]string, containerNa return annotations[ContainerAnnotationKeyPrefix+containerName] } -// Sets the name of the profile to use with the container. +// SetProfileName sets the name of the profile to use with the container. func SetProfileName(pod *v1.Pod, containerName, profileName string) error { if pod.Annotations == nil { pod.Annotations = map[string]string{} @@ -70,7 +70,7 @@ func SetProfileName(pod *v1.Pod, containerName, profileName string) error { return nil } -// Sets the name of the profile to use with the container. +// SetProfileNameFromPodAnnotations sets the name of the profile to use with the container. func SetProfileNameFromPodAnnotations(annotations map[string]string, containerName, profileName string) error { if annotations == nil { return nil diff --git a/pkg/security/apparmor/validate.go b/pkg/security/apparmor/validate.go index 5be349e01e9..1742b4e040d 100644 --- a/pkg/security/apparmor/validate.go +++ b/pkg/security/apparmor/validate.go @@ -37,12 +37,13 @@ import ( // Set to true if the wrong build tags are set (see validate_disabled.go). var isDisabledBuild bool -// Interface for validating that a pod with an AppArmor profile can be run by a Node. +// Validator is a interface for validating that a pod with an AppArmor profile can be run by a Node. type Validator interface { Validate(pod *v1.Pod) error ValidateHost() error } +// NewValidator is in order to find AppArmor FS func NewValidator(runtime string) Validator { if err := validateHost(runtime); err != nil { return &validator{validateHostErr: err} @@ -134,6 +135,7 @@ func validateProfile(profile string, loadedProfiles map[string]bool) error { return nil } +// ValidateProfileFormat checks the format of the profile. func ValidateProfileFormat(profile string) error { if profile == "" || profile == ProfileRuntimeDefault || profile == ProfileNameUnconfined { return nil @@ -198,12 +200,10 @@ func getAppArmorFS() (string, error) { msg := fmt.Sprintf("path %s does not exist", appArmorFS) if err != nil { return "", fmt.Errorf("%s: %v", msg, err) - } else { - return "", errors.New(msg) } - } else { - return appArmorFS, nil + return "", errors.New(msg) } + return appArmorFS, nil } } if err := scanner.Err(); err != nil {