Exemple #1
0
// createUserStrategy creates a new user strategy.
func createUserStrategy(opts *api.RunAsUserStrategyOptions) (user.RunAsUserSecurityContextConstraintsStrategy, error) {
	switch opts.Type {
	case api.RunAsUserStrategyMustRunAs:
		return user.NewMustRunAs(opts)
	case api.RunAsUserStrategyMustRunAsRange:
		return user.NewMustRunAsRange(opts)
	case api.RunAsUserStrategyMustRunAsNonRoot:
		return user.NewRunAsNonRoot(opts)
	case api.RunAsUserStrategyRunAsAny:
		return user.NewRunAsAny(opts)
	default:
		return nil, fmt.Errorf("Unrecognized RunAsUser strategy type %s", opts.Type)
	}
}
Exemple #2
0
// NewSimpleProvider creates a new SecurityContextConstraintsProvider instance.
func NewSimpleProvider(scc *api.SecurityContextConstraints) (SecurityContextConstraintsProvider, error) {
	if scc == nil {
		return nil, fmt.Errorf("NewSimpleProvider requires a SecurityContextConstraints")
	}

	var userStrat user.RunAsUserSecurityContextConstraintsStrategy = nil
	var err error = nil
	switch scc.RunAsUser.Type {
	case api.RunAsUserStrategyMustRunAs:
		userStrat, err = user.NewMustRunAs(&scc.RunAsUser)
	case api.RunAsUserStrategyMustRunAsRange:
		userStrat, err = user.NewMustRunAsRange(&scc.RunAsUser)
	case api.RunAsUserStrategyMustRunAsNonRoot:
		userStrat, err = user.NewRunAsNonRoot(&scc.RunAsUser)
	case api.RunAsUserStrategyRunAsAny:
		userStrat, err = user.NewRunAsAny(&scc.RunAsUser)
	default:
		err = fmt.Errorf("Unrecognized RunAsUser strategy type %s", scc.RunAsUser.Type)
	}
	if err != nil {
		return nil, err
	}

	var seLinuxStrat selinux.SELinuxSecurityContextConstraintsStrategy = nil
	err = nil
	switch scc.SELinuxContext.Type {
	case api.SELinuxStrategyMustRunAs:
		seLinuxStrat, err = selinux.NewMustRunAs(&scc.SELinuxContext)
	case api.SELinuxStrategyRunAsAny:
		seLinuxStrat, err = selinux.NewRunAsAny(&scc.SELinuxContext)
	default:
		err = fmt.Errorf("Unrecognized SELinuxContext strategy type %s", scc.SELinuxContext.Type)
	}
	if err != nil {
		return nil, err
	}

	return &simpleProvider{
		scc:               scc,
		runAsUserStrategy: userStrat,
		seLinuxStrategy:   seLinuxStrat,
	}, nil
}