// createUserStrategy creates a new user strategy.
func createUserStrategy(opts *api.RunAsUserStrategyOptions) (user.RunAsUserSecurityContextConstraintsStrategy, error) {
switch opts.Type {
case api.RunAsUserStrategyMustRunAs:
return user.NewMustRunAs(opts)
case api.RunAsUserStrategyMustRunAsRange:
return user.NewMustRunAsRange(opts)
case api.RunAsUserStrategyMustRunAsNonRoot:
return user.NewRunAsNonRoot(opts)
case api.RunAsUserStrategyRunAsAny:
return user.NewRunAsAny(opts)
default:
return nil, fmt.Errorf("Unrecognized RunAsUser strategy type %s", opts.Type)
}
}
// NewSimpleProvider creates a new SecurityContextConstraintsProvider instance.
func NewSimpleProvider(scc *api.SecurityContextConstraints) (SecurityContextConstraintsProvider, error) {
if scc == nil {
return nil, fmt.Errorf("NewSimpleProvider requires a SecurityContextConstraints")
}
var userStrat user.RunAsUserSecurityContextConstraintsStrategy = nil
var err error = nil
switch scc.RunAsUser.Type {
case api.RunAsUserStrategyMustRunAs:
userStrat, err = user.NewMustRunAs(&scc.RunAsUser)
case api.RunAsUserStrategyMustRunAsRange:
userStrat, err = user.NewMustRunAsRange(&scc.RunAsUser)
case api.RunAsUserStrategyMustRunAsNonRoot:
userStrat, err = user.NewRunAsNonRoot(&scc.RunAsUser)
case api.RunAsUserStrategyRunAsAny:
userStrat, err = user.NewRunAsAny(&scc.RunAsUser)
default:
err = fmt.Errorf("Unrecognized RunAsUser strategy type %s", scc.RunAsUser.Type)
}
if err != nil {
return nil, err
}
var seLinuxStrat selinux.SELinuxSecurityContextConstraintsStrategy = nil
err = nil
switch scc.SELinuxContext.Type {
case api.SELinuxStrategyMustRunAs:
seLinuxStrat, err = selinux.NewMustRunAs(&scc.SELinuxContext)
case api.SELinuxStrategyRunAsAny:
seLinuxStrat, err = selinux.NewRunAsAny(&scc.SELinuxContext)
default:
err = fmt.Errorf("Unrecognized SELinuxContext strategy type %s", scc.SELinuxContext.Type)
}
if err != nil {
return nil, err
}
return &simpleProvider{
scc: scc,
runAsUserStrategy: userStrat,
seLinuxStrategy: seLinuxStrat,
}, nil
}