marko/pspmigrator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Change psaApi to psaapi

Browse Source
This commit is contained in:
Sam Stoelinga 2022-07-21 14:54:11 -07:00
parent a4087a538f
commit 1b5b747437
3 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/migrate.go
View File

@ -26,7 +26,7 @@ import (
"github.com/olekukonko/tablewriter" "github.com/olekukonko/tablewriter"
"github.com/spf13/cobra" "github.com/spf13/cobra"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
psaApi "k8s.io/pod-security-admission/api" psaapi "k8s.io/pod-security-admission/api"
) )
var DryRun bool var DryRun bool
@ -87,7 +87,7 @@ var MigrateCmd = &cobra.Command{
namespace.Name, namespace.Labels) namespace.Name, namespace.Labels)
continue continue
} }
suggestions := make(map[psaApi.Level]bool) suggestions := make(map[psaapi.Level]bool)
podList, err := GetPodsByNamespace(namespace.Name) podList, err := GetPodsByNamespace(namespace.Name)
if err != nil { if err != nil {
log.Printf("Error getting pods for namespace %v. Error: %v\n", namespace.Name, err.Error()) log.Printf("Error getting pods for namespace %v. Error: %v\n", namespace.Name, err.Error())
@ -108,15 +108,15 @@ var MigrateCmd = &cobra.Command{
} }
suggestions[level] = true suggestions[level] = true
} }
var suggested psaApi.Level var suggested psaapi.Level
if suggestions["restricted"] { if suggestions["restricted"] {
suggested = psaApi.LevelRestricted suggested = psaapi.LevelRestricted
} }
if suggestions["baseline"] { if suggestions["baseline"] {
suggested = psaApi.LevelBaseline suggested = psaapi.LevelBaseline
} }
if suggestions["privileged"] { if suggestions["privileged"] {
suggested = psaApi.LevelPrivileged suggested = psaapi.LevelPrivileged
} }
fmt.Printf("Suggest using %v in namespace %v\n", suggested, namespace.Name) fmt.Printf("Suggest using %v in namespace %v\n", suggested, namespace.Name)
if DryRun == true { if DryRun == true {

4
cmd/utils.go
View File

@ -23,7 +23,7 @@ import (
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/fields"
psaApi "k8s.io/pod-security-admission/api" psaapi "k8s.io/pod-security-admission/api"
) )
func IgnoreNamespaceSelector(field string) string { func IgnoreNamespaceSelector(field string) string {
@ -53,7 +53,7 @@ func GetNamespaces() (*v1.NamespaceList, error) {
return namespaces, err return namespaces, err
} }
func ApplyPSSLevel(namespace *v1.Namespace, level psaApi.Level, control string) error { func ApplyPSSLevel(namespace *v1.Namespace, level psaapi.Level, control string) error {
namespace.Labels["pod-security.kubernetes.io/"+control] = string(level) namespace.Labels["pod-security.kubernetes.io/"+control] = string(level)
_, err := clientset.CoreV1().Namespaces().Update(context.TODO(), namespace, metav1.UpdateOptions{}) _, err := clientset.CoreV1().Namespaces().Update(context.TODO(), namespace, metav1.UpdateOptions{})
return err return err

8
migrator.go
View File

@ -20,11 +20,11 @@ import (
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
"k8s.io/pod-security-admission/api" "k8s.io/pod-security-admission/api"
psaApi "k8s.io/pod-security-admission/api" psaapi "k8s.io/pod-security-admission/api"
"k8s.io/pod-security-admission/policy" "k8s.io/pod-security-admission/policy"
) )
func SuggestedPodSecurityStandard(pod *v1.Pod) (psaApi.Level, error) { func SuggestedPodSecurityStandard(pod *v1.Pod) (psaapi.Level, error) {
evaluator, err := policy.NewEvaluator(policy.DefaultChecks()) evaluator, err := policy.NewEvaluator(policy.DefaultChecks())
if err != nil { if err != nil {
return "", err return "", err
@ -34,12 +34,12 @@ func SuggestedPodSecurityStandard(pod *v1.Pod) (psaApi.Level, error) {
return "", err return "", err
} }
for _, level := range []string{"restricted", "baseline"} { for _, level := range []string{"restricted", "baseline"} {
apiLevel, err := psaApi.ParseLevel(level) apiLevel, err := psaapi.ParseLevel(level)
if err != nil { if err != nil {
return "", err return "", err
} }
result := policy.AggregateCheckResults(evaluator.EvaluatePod( result := policy.AggregateCheckResults(evaluator.EvaluatePod(
psaApi.LevelVersion{Level: apiLevel, Version: apiVersion}, &pod.ObjectMeta, &pod.Spec)) psaapi.LevelVersion{Level: apiLevel, Version: apiVersion}, &pod.ObjectMeta, &pod.Spec))
if result.Allowed { if result.Allowed {
return apiLevel, nil return apiLevel, nil