Change psaApi to psaapi
This commit is contained in:
Sam Stoelinga
parent
a4087a538f
commit
1b5b747437
@ -26,7 +26,7 @@ import (
|
||||
"github.com/olekukonko/tablewriter"
|
||||
"github.com/spf13/cobra"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
psaApi "k8s.io/pod-security-admission/api"
|
||||
psaapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
var DryRun bool
|
||||
@ -87,7 +87,7 @@ var MigrateCmd = &cobra.Command{
|
||||
namespace.Name, namespace.Labels)
|
||||
continue
|
||||
}
|
||||
suggestions := make(map[psaApi.Level]bool)
|
||||
suggestions := make(map[psaapi.Level]bool)
|
||||
podList, err := GetPodsByNamespace(namespace.Name)
|
||||
if err != nil {
|
||||
log.Printf("Error getting pods for namespace %v. Error: %v\n", namespace.Name, err.Error())
|
||||
@ -108,15 +108,15 @@ var MigrateCmd = &cobra.Command{
|
||||
}
|
||||
suggestions[level] = true
|
||||
}
|
||||
var suggested psaApi.Level
|
||||
var suggested psaapi.Level
|
||||
if suggestions["restricted"] {
|
||||
suggested = psaApi.LevelRestricted
|
||||
suggested = psaapi.LevelRestricted
|
||||
}
|
||||
if suggestions["baseline"] {
|
||||
suggested = psaApi.LevelBaseline
|
||||
suggested = psaapi.LevelBaseline
|
||||
}
|
||||
if suggestions["privileged"] {
|
||||
suggested = psaApi.LevelPrivileged
|
||||
suggested = psaapi.LevelPrivileged
|
||||
}
|
||||
fmt.Printf("Suggest using %v in namespace %v\n", suggested, namespace.Name)
|
||||
if DryRun == true {
|
||||
|
||||
@ -23,7 +23,7 @@ import (
|
||||
v1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/fields"
|
||||
psaApi "k8s.io/pod-security-admission/api"
|
||||
psaapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
func IgnoreNamespaceSelector(field string) string {
|
||||
@ -53,7 +53,7 @@ func GetNamespaces() (*v1.NamespaceList, error) {
|
||||
return namespaces, err
|
||||
}
|
||||
|
||||
func ApplyPSSLevel(namespace *v1.Namespace, level psaApi.Level, control string) error {
|
||||
func ApplyPSSLevel(namespace *v1.Namespace, level psaapi.Level, control string) error {
|
||||
namespace.Labels["pod-security.kubernetes.io/"+control] = string(level)
|
||||
_, err := clientset.CoreV1().Namespaces().Update(context.TODO(), namespace, metav1.UpdateOptions{})
|
||||
return err
|
||||
|
||||
@ -20,11 +20,11 @@ import (
|
||||
v1 "k8s.io/api/core/v1"
|
||||
|
||||
"k8s.io/pod-security-admission/api"
|
||||
psaApi "k8s.io/pod-security-admission/api"
|
||||
psaapi "k8s.io/pod-security-admission/api"
|
||||
"k8s.io/pod-security-admission/policy"
|
||||
)
|
||||
|
||||
func SuggestedPodSecurityStandard(pod *v1.Pod) (psaApi.Level, error) {
|
||||
func SuggestedPodSecurityStandard(pod *v1.Pod) (psaapi.Level, error) {
|
||||
evaluator, err := policy.NewEvaluator(policy.DefaultChecks())
|
||||
if err != nil {
|
||||
return "", err
|
||||
@ -34,12 +34,12 @@ func SuggestedPodSecurityStandard(pod *v1.Pod) (psaApi.Level, error) {
|
||||
return "", err
|
||||
}
|
||||
for _, level := range []string{"restricted", "baseline"} {
|
||||
apiLevel, err := psaApi.ParseLevel(level)
|
||||
apiLevel, err := psaapi.ParseLevel(level)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
result := policy.AggregateCheckResults(evaluator.EvaluatePod(
|
||||
psaApi.LevelVersion{Level: apiLevel, Version: apiVersion}, &pod.ObjectMeta, &pod.Spec))
|
||||
psaapi.LevelVersion{Level: apiLevel, Version: apiVersion}, &pod.ObjectMeta, &pod.Spec))
|
||||
|
||||
if result.Allowed {
|
||||
return apiLevel, nil
|
||||
|
||||
Loading…
Reference in New Issue
Block a user