mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-05-09 18:56:57 +00:00
4c7429efbc
* Fixing Container Security Context Logic Kubernetes rationalizes Container Security Context in conjunction with the Pod Spec Security Context. In this scenario you can 'leave out' certain security context settings and rely on the pod spec definition to still set these settings for you. The RunAsNonRoot setting originally only checked to see if the value was set at the container level, vs also checking if it was enabled at the pod level. I have attached the container's parent pod spec to the container validate struct in case any other things like this arise in the future. I have also refactored the logic for validating bool pointers, since these can be tricky, if you want to avoid dereferences pointer issues. Changes: - Added parent pod spec of container to validate certain settings which affect container spec - Refactored the logic statements for validating bool pointers (used helpers) - Added tests for this pod.container.securityContext condition