Merge pull request #15425 from php-coder/scc_improve_priority_desc

openshift-merge-robot · web-flow · commit a19b41e83aec · 2017-08-10T16:10:10.000-07:00
Automatic merge from submit-queue SecurityContextConstraints: update description of the Priority field Sync description with reality and [documentation](https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#scc-prioritization). PTAL @pweil- CC @simo5
diff --git a/api/protobuf-spec/github_com_openshift_origin_pkg_security_apis_security_v1.proto b/api/protobuf-spec/github_com_openshift_origin_pkg_security_apis_security_v1.proto
diff --git a/api/swagger-spec/api-v1.json b/api/swagger-spec/api-v1.json
@@ -22791,7 +22791,7 @@
      "priority": {
       "type": "integer",
       "format": "int32",
-      "description": "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields.  The higher the int, the higher priority.  If scores for multiple SCCs are equal they will be sorted by name."
+      "description": "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields.  The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name."
      },
      "allowPrivilegedContainer": {
       "type": "boolean",
diff --git a/api/swagger-spec/openshift-openapi-spec.json b/api/swagger-spec/openshift-openapi-spec.json
@@ -99141,7 +99141,7 @@
       "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta"
      },
      "priority": {
-      "description": "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields.  The higher the int, the higher priority.  If scores for multiple SCCs are equal they will be sorted by name.",
+      "description": "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields.  The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.",
       "type": "integer",
       "format": "int32"
      },
diff --git a/pkg/openapi/zz_generated.openapi.go b/pkg/openapi/zz_generated.openapi.go
@@ -9160,7 +9160,7 @@ func GetOpenAPIDefinitions(ref openapi.ReferenceCallback) map[string]openapi.Ope
 						},
 						"priority": {
 							SchemaProps: spec.SchemaProps{
-								Description: "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields.  The higher the int, the higher priority.  If scores for multiple SCCs are equal they will be sorted by name.",
+								Description: "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields.  The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.",
 								Type:        []string{"integer"},
 								Format:      "int32",
 							},
diff --git a/pkg/security/apis/security/types.go b/pkg/security/apis/security/types.go
@@ -21,7 +21,10 @@ type SecurityContextConstraints struct {
 
 	// Priority influences the sort order of SCCs when evaluating which SCCs to try first for
 	// a given pod request based on access in the Users and Groups fields.  The higher the int, the
-	// higher priority.  If scores for multiple SCCs are equal they will be sorted by name.
+	// higher priority. An unset value is considered a 0 priority. If scores
+	// for multiple SCCs are equal they will be sorted from most restrictive to
+	// least restrictive. If both priorities and restrictions are equal the
+	// SCCs will be sorted by name.
 	Priority *int32
 
 	// AllowPrivilegedContainer determines if a container can request to be run as privileged.
diff --git a/pkg/security/apis/security/v1/generated.proto b/pkg/security/apis/security/v1/generated.proto
diff --git a/pkg/security/apis/security/v1/swagger_doc.go b/pkg/security/apis/security/v1/swagger_doc.go
@@ -130,7 +130,7 @@ func (SELinuxContextStrategyOptions) SwaggerDoc() map[string]string {
 var map_SecurityContextConstraints = map[string]string{
 	"":                         "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container.",
 	"metadata":                 "Standard object's metadata. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata",
-	"priority":                 "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields.  The higher the int, the higher priority.  If scores for multiple SCCs are equal they will be sorted by name.",
+	"priority":                 "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields.  The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.",
 	"allowPrivilegedContainer": "AllowPrivilegedContainer determines if a container can request to be run as privileged.",
 	"defaultAddCapabilities":   "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.",
 	"requiredDropCapabilities": "RequiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.",
diff --git a/pkg/security/apis/security/v1/types.go b/pkg/security/apis/security/v1/types.go
@@ -23,7 +23,10 @@ type SecurityContextConstraints struct {
 
 	// Priority influences the sort order of SCCs when evaluating which SCCs to try first for
 	// a given pod request based on access in the Users and Groups fields.  The higher the int, the
-	// higher priority.  If scores for multiple SCCs are equal they will be sorted by name.
+	// higher priority. An unset value is considered a 0 priority. If scores
+	// for multiple SCCs are equal they will be sorted from most restrictive to
+	// least restrictive. If both priorities and restrictions are equal the
+	// SCCs will be sorted by name.
 	Priority *int32 `json:"priority" protobuf:"varint,2,opt,name=priority"`
 
 	// AllowPrivilegedContainer determines if a container can request to be run as privileged.
