func Convert_v1_PodSecurityContext_To_api_PodSecurityContext(in *PodSecurityContext, out *api.PodSecurityContext, s conversion.Scope) error { out.SupplementalGroups = in.SupplementalGroups if in.SELinuxOptions != nil { out.SELinuxOptions = new(api.SELinuxOptions) if err := Convert_v1_SELinuxOptions_To_api_SELinuxOptions(in.SELinuxOptions, out.SELinuxOptions, s); err != nil { return err } } else { out.SELinuxOptions = nil } out.RunAsUser = in.RunAsUser out.RunAsNonRoot = in.RunAsNonRoot out.FSGroup = in.FSGroup return nil }
// Create a PodSecurityContext based on the given constraints. If a setting is already set // on the PodSecurityContext it will not be changed. Validate should be used after the context // is created to ensure it complies with the required restrictions. // // NOTE: this method works on a copy of the PodSecurityContext. It is up to the caller to // apply the PSC if validation passes. func (s *simpleProvider) CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurityContext, error) { var sc *api.PodSecurityContext = nil if pod.Spec.SecurityContext != nil { // work with a copy copy := *pod.Spec.SecurityContext sc = © } else { sc = &api.PodSecurityContext{} } if len(sc.SupplementalGroups) == 0 { supGroups, err := s.strategies.SupplementalGroupStrategy.Generate(pod) if err != nil { return nil, err } sc.SupplementalGroups = supGroups } if sc.FSGroup == nil { fsGroup, err := s.strategies.FSGroupStrategy.GenerateSingle(pod) if err != nil { return nil, err } sc.FSGroup = fsGroup } if sc.SELinuxOptions == nil { seLinux, err := s.strategies.SELinuxStrategy.Generate(pod, nil) if err != nil { return nil, err } sc.SELinuxOptions = seLinux } return sc, nil }