Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SCC Describer #7127

Merged
merged 2 commits into from
Feb 19, 2016
Merged

Add SCC Describer #7127

merged 2 commits into from
Feb 19, 2016

Conversation

pweil-
Copy link
Contributor

@pweil- pweil- commented Feb 8, 2016

fork PR: openshift/kubernetes#5

Adds a describer for SCC. Example output:

[pweil@localhost origin]$ oc describe scc anyuid
Name:               anyuid
Priority:           10
Access:             
  Users:            
  Groups:           system:cluster-admins
Settings:           
  Allow Privileged:     false
  Default Add Capabilities: 
  Required Drop Capabilities:   KILL,MKNOD,SYS_CHROOT,SETUID,SETGID
  Allowed Capabilities:     
  Allow Host Dir Volumes:   false
  Allow Host Network:       false
  Allow Host Ports:     false
  Allow Host PID:       false
  Allow Host IPC:       false
  Run As User Strategy:     
    Type:           RunAsAny
  SELinux Context Strategy: 
    Type:           MustRunAs
  FSGroup Strategy:     
    Type:           RunAsAny
    Ranges:         
  Supplemental Groups Strategy: 
    Type:           RunAsAny
    Ranges:         


[pweil@localhost origin]$ oc describe scc privileged
Name:               privileged
Access:             
  Users:            system:serviceaccount:openshift-infra:build-controller
  Groups:           system:cluster-admins,system:nodes
Settings:           
  Allow Privileged:     true
  Default Add Capabilities: 
  Required Drop Capabilities:   
  Allowed Capabilities:     
  Allow Host Dir Volumes:   true
  Allow Host Network:       true
  Allow Host Ports:     true
  Allow Host PID:       true
  Allow Host IPC:       true
  Run As User Strategy:     
    Type:           RunAsAny
  SELinux Context Strategy: 
    Type:           RunAsAny
  FSGroup Strategy:     
    Type:           RunAsAny
    Ranges:         
  Supplemental Groups Strategy: 
    Type:           RunAsAny
    Ranges:

Fixes #7051

@pweil- pweil- mentioned this pull request Feb 8, 2016
Closed
85 tasks
@smarterclayton
Copy link
Contributor

Looks good, please add some representative tests

@deads2k
Copy link
Contributor

deads2k commented Feb 11, 2016

@stevekuznetsov ptal

@stevekuznetsov
Copy link
Contributor

fixes #5299

stevekuznetsov
stevekuznetsov reviewed Feb 11, 2016
View reviewed changes
Godeps/_workspace/src/k8s.io/kubernetes/pkg/kubectl/describe.go
api.Kind("PersistentVolumeClaim"): &PersistentVolumeClaimDescriber{c},
api.Kind("Namespace"): &NamespaceDescriber{c},
api.Kind("Endpoints"): &EndpointsDescriber{c},
api.Kind("SecurityContextConstraints"): &SecurityContextConstraintsDescriber{c},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are endpoint and scc kinds plural?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's how they've been for a while. There is a special case for them in rest mapping for when the singular == the plural.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/twitch

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/twitch

yes. tough.

@stevekuznetsov
Copy link
Contributor

@pweil- need to update generated bash completions

@pweil-
Copy link
Contributor Author

pweil- commented Feb 18, 2016

@stevekuznetsov - updated - PTAL

@stevekuznetsov
Copy link
Contributor

Could you post example output for the changes?

@pweil-
Copy link
Contributor Author

pweil- commented Feb 18, 2016

Changes to move type inline

[pweil@localhost origin]$ oc describe scc restricted
Name:                       restricted
Access:                     
  Users:                    
  Groups:                   system:authenticated
Settings:                   
  Allow Privileged:             false
  Default Add Capabilities:         
  Required Drop Capabilities:           KILL,MKNOD,SYS_CHROOT,SETUID,SETGID
  Allowed Capabilities:             
  Allow Host Dir Volumes:           false
  Allow Host Network:               false
  Allow Host Ports:             false
  Allow Host PID:               false
  Allow Host IPC:               false
  Run As User Strategy: MustRunAsRange      
  SELinux Context Strategy: MustRunAs       
  FSGroup Strategy: RunAsAny            
    Ranges:                 
  Supplemental Groups Strategy: RunAsAny    
    Ranges:

@pweil-
Copy link
Contributor Author

pweil- commented Feb 18, 2016

actually, I'll me add a len check on the ranges as well. Let me know if there is anything else you see

Edit: on second though, knowing they are empty provides value...it indicates that they will pull from the namespace depending on the strategy. Leaving that alone

@smarterclayton
Copy link
Contributor

Instead of empty, print <none> or <empty>

@stevekuznetsov
Copy link
Contributor

It looks good other than the "empty" representation. It would be nice if things lined up and didn't look so awful, but I can't tell why that's occurring as you're using a TabWriter.

@pweil-
Copy link
Contributor Author

pweil- commented Feb 18, 2016 

[pweil@localhost origin]$ oc describe scc restricted
Name:                       restricted
Access:                     
  Users:                    <none>
  Groups:                   system:authenticated
Settings:                   
  Allow Privileged:             false
  Default Add Capabilities:         <none>
  Required Drop Capabilities:           KILL,MKNOD,SYS_CHROOT,SETUID,SETGID
  Allowed Capabilities:             <none>
  Allow Host Dir Volumes:           false
  Allow Host Network:               false
  Allow Host Ports:             false
  Allow Host PID:               false
  Allow Host IPC:               false
  Run As User Strategy: MustRunAsRange      
    UID:                    <none>
    UID Range Min:              <none>
    UID Range Max:              <none>
  SELinux Context Strategy: MustRunAs       
    User:                   <none>
    Role:                   <none>
    Type:                   <none>
    Level:                  <none>
  FSGroup Strategy: RunAsAny            
    Ranges:                 <none>
  Supplemental Groups Strategy: RunAsAny    
    Ranges:                 <none>

@smarterclayton
Copy link
Contributor

LGTM

@pweil-
Copy link
Contributor Author

pweil- commented Feb 18, 2016

[merge]

@openshift-bot
Copy link
Contributor

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_origin/5030/) (Image: devenv-rhel7_3478)

@openshift-bot
Copy link
Contributor

[Test]ing while waiting on the merge queue

@openshift-bot
Copy link
Contributor

Evaluated for origin test up to 6a835c5

@openshift-bot
Copy link
Contributor

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/1362/)

@openshift-bot
Copy link
Contributor

Evaluated for origin merge up to 6a835c5

openshift-bot pushed a commit that referenced this pull request Feb 19, 2016
Merge pull request #7127 from pweil-/scc-describer
c2fff08 
Merged by openshift-bot
@openshift-bot openshift-bot merged commit c2fff08 into openshift:master Feb 19, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@stevekuznetsov stevekuznetsov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@pweil- @smarterclayton @deads2k @stevekuznetsov @openshift-bot @liggitt