func autoConvert_v1_PodSecurityPolicySubjectReviewStatus_To_api_PodSecurityPolicySubjectReviewStatus(in *PodSecurityPolicySubjectReviewStatus, out *api.PodSecurityPolicySubjectReviewStatus, s conversion.Scope) error { if in.AllowedBy != nil { in, out := &in.AllowedBy, &out.AllowedBy *out = new(pkg_api.ObjectReference) if err := api_v1.Convert_v1_ObjectReference_To_api_ObjectReference(*in, *out, s); err != nil { return err } } else { out.AllowedBy = nil } out.Reason = in.Reason if err := api_v1.Convert_v1_PodTemplateSpec_To_api_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { return err } return nil }
func autoConvert_v1_PodSecurityPolicySubjectReviewStatus_To_api_PodSecurityPolicySubjectReviewStatus(in *PodSecurityPolicySubjectReviewStatus, out *security_api.PodSecurityPolicySubjectReviewStatus, s conversion.Scope) error { if in.AllowedBy != nil { in, out := &in.AllowedBy, &out.AllowedBy *out = new(api.ObjectReference) // TODO: Inefficient conversion - can we improve it? if err := s.Convert(*in, *out, 0); err != nil { return err } } else { out.AllowedBy = nil } out.Reason = in.Reason if err := api_v1.Convert_v1_PodSpec_To_api_PodSpec(&in.PodSpec, &out.PodSpec, s); err != nil { return err } return nil }
// FillPodSecurityPolicySubjectReviewStatus fills PodSecurityPolicySubjectReviewStatus assigning SecurityContectConstraint to the PodSpec func FillPodSecurityPolicySubjectReviewStatus(s *securityapi.PodSecurityPolicySubjectReviewStatus, provider kscc.SecurityContextConstraintsProvider, spec kapi.PodSpec, constraint *kapi.SecurityContextConstraints) (bool, error) { pod := &kapi.Pod{ Spec: spec, } if errs := oscc.AssignSecurityContext(provider, pod, field.NewPath(fmt.Sprintf("provider %s: ", provider.GetSCCName()))); len(errs) > 0 { glog.Errorf("unable to assign SecurityContextConstraints provider: %v", errs) s.Reason = "CantAssignSecurityContextConstraintProvider" return false, fmt.Errorf("unable to assign SecurityContextConstraints provider: %v", errs.ToAggregate()) } ref, err := kapi.GetReference(constraint) if err != nil { s.Reason = "CantObtainReference" return false, fmt.Errorf("unable to get SecurityContextConstraints reference: %v", err) } s.AllowedBy = ref if len(spec.ServiceAccountName) > 0 { s.Template.Spec = pod.Spec } return true, nil }