// FillPodSecurityPolicySubjectReviewStatus fills PodSecurityPolicySubjectReviewStatus assigning SecurityContectConstraint to the PodSpec func FillPodSecurityPolicySubjectReviewStatus(s *securityapi.PodSecurityPolicySubjectReviewStatus, provider kscc.SecurityContextConstraintsProvider, spec kapi.PodSpec, constraint *kapi.SecurityContextConstraints) (bool, error) { pod := &kapi.Pod{ Spec: spec, } if errs := oscc.AssignSecurityContext(provider, pod, field.NewPath(fmt.Sprintf("provider %s: ", provider.GetSCCName()))); len(errs) > 0 { glog.Errorf("unable to assign SecurityContextConstraints provider: %v", errs) s.Reason = "CantAssignSecurityContextConstraintProvider" return false, fmt.Errorf("unable to assign SecurityContextConstraints provider: %v", errs.ToAggregate()) } ref, err := kapi.GetReference(constraint) if err != nil { s.Reason = "CantObtainReference" return false, fmt.Errorf("unable to get SecurityContextConstraints reference: %v", err) } s.AllowedBy = ref if len(spec.ServiceAccountName) > 0 { s.Template.Spec = pod.Spec } return true, nil }