diff --git a/Cargo.lock b/Cargo.lock index f149d84..50e993c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -492,7 +492,7 @@ checksum = "9c8132065adcfd6e02db789d9285a0deb2f3fcb04002865ab67d5fb103533898" [[package]] name = "selinux-psp" -version = "0.1.8" +version = "0.1.9" dependencies = [ "anyhow", "k8s-openapi", diff --git a/Cargo.toml b/Cargo.toml index d944bc3..68b9c3d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "selinux-psp" -version = "0.1.8" +version = "0.1.9" authors = ["Rafael Fernández López "] edition = "2018" diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml index 440cdb4..bda355e 100644 --- a/artifacthub-pkg.yml +++ b/artifacthub-pkg.yml @@ -1,15 +1,15 @@ --- -version: 0.1.8 +version: 0.1.9 name: selinux-psp displayName: Selinux PSP -createdAt: '2023-02-28T13:14:43+00:00' +createdAt: '2023-03-16T15:26:22+00:00' description: Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux license: Apache-2.0 homeURL: https://github.com/kubewarden/selinux-psp-policy containersImages: - name: policy - image: ghcr.io/kubewarden/policies/selinux-psp:v0.1.8 + image: ghcr.io/kubewarden/policies/selinux-psp:v0.1.9 keywords: - psp - container @@ -17,7 +17,7 @@ keywords: - selinux links: - name: policy - url: https://github.com/kubewarden/selinux-psp-policy/releases/download/v0.1.8/policy.wasm + url: https://github.com/kubewarden/selinux-psp-policy/releases/download/v0.1.9/policy.wasm - name: source url: https://github.com/kubewarden/selinux-psp-policy provider: @@ -63,43 +63,27 @@ annotations: required: false type: enum variable: rule - - default: [] - description: >- - Contains the desired value for the `seLinuxOptions` parameter. If the pod - does not contain a `.securityContext`, or a - `.securityContext.seLinuxOptions`, then this policy acts as mutating and - defaults the `seLinuxOptions` attribute to the one provided in the - configuration. In all cases, pod containers, init container and ephemeral - containers `.seLinuxOptions` are checked for compatibility if they override - the Pod Security Context `seLinuxOptions` value. + - default: '' group: Settings - label: Must run as + label: User show_if: rule=MustRunAs - hide_input: true - type: sequence[ - variable: MustRunAs - sequence_questions: - - default: '' - group: Settings - label: User - show_if: rule=MustRunAs - type: string - variable: user - - default: '' - group: Settings - label: Role - show_if: rule=MustRunAs - type: string - variable: role - - default: '' - group: Settings - label: Type - show_if: rule=MustRunAs - type: string - variable: type - - default: 0 - group: Settings - label: Level - show_if: rule=MustRunAs - type: int - variable: level + type: string + variable: user + - default: '' + group: Settings + label: Role + show_if: rule=MustRunAs + type: string + variable: role + - default: '' + group: Settings + label: Type + show_if: rule=MustRunAs + type: string + variable: type + - default: '' + group: Settings + label: Level + show_if: rule=MustRunAs + type: string + variable: level diff --git a/questions-ui.yml b/questions-ui.yml index 73122e5..6edbd97 100644 --- a/questions-ui.yml +++ b/questions-ui.yml @@ -26,43 +26,27 @@ questions: required: false type: enum variable: rule -- default: [] - description: >- - Contains the desired value for the `seLinuxOptions` parameter. If the pod - does not contain a `.securityContext`, or a - `.securityContext.seLinuxOptions`, then this policy acts as mutating and - defaults the `seLinuxOptions` attribute to the one provided in the - configuration. In all cases, pod containers, init container and ephemeral - containers `.seLinuxOptions` are checked for compatibility if they override - the Pod Security Context `seLinuxOptions` value. +- default: '' group: Settings - label: Must run as + label: User show_if: rule=MustRunAs - hide_input: true - type: sequence[ - variable: MustRunAs - sequence_questions: - - default: '' - group: Settings - label: User - show_if: rule=MustRunAs - type: string - variable: user - - default: '' - group: Settings - label: Role - show_if: rule=MustRunAs - type: string - variable: role - - default: '' - group: Settings - label: Type - show_if: rule=MustRunAs - type: string - variable: type - - default: 0 - group: Settings - label: Level - show_if: rule=MustRunAs - type: int - variable: level + type: string + variable: user +- default: '' + group: Settings + label: Role + show_if: rule=MustRunAs + type: string + variable: role +- default: '' + group: Settings + label: Type + show_if: rule=MustRunAs + type: string + variable: type +- default: '' + group: Settings + label: Level + show_if: rule=MustRunAs + type: string + variable: level diff --git a/src/settings.rs b/src/settings.rs index ce4e59b..4dd073e 100644 --- a/src/settings.rs +++ b/src/settings.rs @@ -85,11 +85,7 @@ impl SELinuxLevel { splitted_level.next().unwrap(), splitted_level.next().unwrap(), ); - let splitted_categories: Vec = categories - .split(',') - .into_iter() - .map(String::from) - .collect(); + let splitted_categories: Vec = categories.split(',').map(String::from).collect(); let categories_hashset = HashSet::from_iter(splitted_categories.clone().into_iter()); Ok(SELinuxLevel { level: level.clone(), @@ -100,19 +96,14 @@ impl SELinuxLevel { } } -#[derive(Clone, Serialize, Deserialize, Debug)] +#[derive(Clone, Serialize, Deserialize, Debug, Default)] #[serde(tag = "rule", deny_unknown_fields)] pub(crate) enum ExternalSettings { MustRunAs(SELinuxOptionsExternal), + #[default] RunAsAny, } -impl Default for ExternalSettings { - fn default() -> ExternalSettings { - ExternalSettings::RunAsAny - } -} - #[derive(Clone, Debug)] pub(crate) enum Settings { MustRunAs(SELinuxOptions),