Skip to content

Commit 067031b

Browse files
author
Rohit Patil
committed
fix lint errors
1 parent 61c7667 commit 067031b

File tree

1 file changed

+12
-2
lines changed

1 file changed

+12
-2
lines changed

security/v1/types.go

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -133,8 +133,9 @@ type SecurityContextConstraints struct {
133133
// +nullable
134134
FSGroup FSGroupStrategyOptions `json:"fsGroup,omitempty" protobuf:"bytes,16,opt,name=fsGroup"`
135135
// runAsGroup is the strategy that will dictate what RunAsGroup is used in the SecurityContext.
136-
// +nullable
137-
RunAsGroup RunAsGroupStrategyOptions `json:"runAsGroup,omitempty" protobuf:"bytes,27,opt,name=runAsGroup"`
136+
// When omitted, the RunAsGroup strategy will not be enforced and containers may run with any group ID.
137+
// +optional
138+
RunAsGroup RunAsGroupStrategyOptions `json:"runAsGroup,omitzero" protobuf:"bytes,27,opt,name=runAsGroup"`
138139
// readOnlyRootFilesystem when set to true will force containers to run with a read only root file
139140
// system. If the container specifically requests to run with a non-read only root file system
140141
// the SCC should deny the pod.
@@ -275,19 +276,28 @@ type SupplementalGroupsStrategyOptions struct {
275276
// RunAsGroupStrategyOptions defines the strategy type and options used to create the strategy.
276277
type RunAsGroupStrategyOptions struct {
277278
// type is the strategy that will dictate what RunAsGroup is used in the SecurityContext.
279+
// Valid values are "MustRunAs" and "RunAsAny".
280+
// +required
281+
// +kubebuilder:validation:MinLength=1
282+
// +kubebuilder:validation:MaxLength=32
278283
Type RunAsGroupStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=RunAsGroupStrategyType"`
279284
// ranges are the allowed ranges of gids. If you would like to force a single
280285
// gid then supply a single range with the same start and end.
286+
// When omitted, any gid is allowed (equivalent to RunAsAny strategy).
287+
// +optional
281288
// +listType=atomic
289+
// +kubebuilder:validation:MaxItems=256
282290
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
283291
}
284292

285293
// IDRange provides a min/max of an allowed range of IDs.
286294
// TODO: this could be reused for UIDs.
287295
type IDRange struct {
288296
// min is the start of the range, inclusive.
297+
// +kubebuilder:validation:Required
289298
Min int64 `json:"min,omitempty" protobuf:"varint,1,opt,name=min"`
290299
// max is the end of the range, inclusive.
300+
// +kubebuilder:validation:Required
291301
Max int64 `json:"max,omitempty" protobuf:"varint,2,opt,name=max"`
292302
}
293303

0 commit comments

Comments
 (0)