Skip to content

Commit ee72142

Browse files
committed
Output boolean for AllowPrivilegeEscalation
`kubectl describe psp` was incorrectly outputting the hex-encoded value of the pointer to bool AllowPrivilegeEscalation field of the PSP. This patch simply fixes the output to be a stringified boolean value of the field. Fixes Issue kubernetes#79721
1 parent 7bf55da commit ee72142

File tree

2 files changed

+10
-3
lines changed

2 files changed

+10
-3
lines changed

pkg/kubectl/describe/versioned/describe.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3865,7 +3865,11 @@ func describePodSecurityPolicy(psp *policyv1beta1.PodSecurityPolicy) (string, er
38653865
w.Write(LEVEL_0, "\nSettings:\n")
38663866

38673867
w.Write(LEVEL_1, "Allow Privileged:\t%t\n", psp.Spec.Privileged)
3868-
w.Write(LEVEL_1, "Allow Privilege Escalation:\t%v\n", psp.Spec.AllowPrivilegeEscalation)
3868+
if psp.Spec.AllowPrivilegeEscalation != nil {
3869+
w.Write(LEVEL_1, "Allow Privilege Escalation:\t%t\n", *psp.Spec.AllowPrivilegeEscalation)
3870+
} else {
3871+
w.Write(LEVEL_1, "Allow Privilege Escalation:\t<unset>\n")
3872+
}
38693873
w.Write(LEVEL_1, "Default Add Capabilities:\t%v\n", capsToString(psp.Spec.DefaultAddCapabilities))
38703874
w.Write(LEVEL_1, "Required Drop Capabilities:\t%s\n", capsToString(psp.Spec.RequiredDropCapabilities))
38713875
w.Write(LEVEL_1, "Allowed Capabilities:\t%s\n", capsToString(psp.Spec.AllowedCapabilities))

pkg/kubectl/describe/versioned/describe_test.go

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2683,6 +2683,7 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
26832683
expected := []string{
26842684
"Name:\\s*mypsp",
26852685
"Allow Privileged:\\s*false",
2686+
"Allow Privilege Escalation:\\s*false",
26862687
"Default Add Capabilities:\\s*<none>",
26872688
"Required Drop Capabilities:\\s*<none>",
26882689
"Allowed Capabilities:\\s*<none>",
@@ -2704,13 +2705,15 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
27042705
"Supplemental Groups Strategy: RunAsAny",
27052706
}
27062707

2708+
falseVal := false
27072709
fake := fake.NewSimpleClientset(&policyv1beta1.PodSecurityPolicy{
27082710
ObjectMeta: metav1.ObjectMeta{
27092711
Name: "mypsp",
27102712
},
27112713
Spec: policyv1beta1.PodSecurityPolicySpec{
2712-
AllowedUnsafeSysctls: []string{"kernel.*", "net.ipv4.ip_local_port_range"},
2713-
ForbiddenSysctls: []string{"net.ipv4.ip_default_ttl"},
2714+
AllowPrivilegeEscalation: &falseVal,
2715+
AllowedUnsafeSysctls: []string{"kernel.*", "net.ipv4.ip_local_port_range"},
2716+
ForbiddenSysctls: []string{"net.ipv4.ip_default_ttl"},
27142717
SELinux: policyv1beta1.SELinuxStrategyOptions{
27152718
Rule: policyv1beta1.SELinuxStrategyRunAsAny,
27162719
},

0 commit comments

Comments
 (0)