From 1e652a1d18d07c27d581f3f87b08fd67298d10c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A7alo=20Marques?= <9379664+gonmmarques@users.noreply.github.com> Date: Wed, 15 Apr 2026 02:43:46 +0100 Subject: [PATCH 1/2] fix: small typos in comments in types.go --- security/v1/types.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/v1/types.go b/security/v1/types.go index fb491480d76..8d16eef48fa 100644 --- a/security/v1/types.go +++ b/security/v1/types.go @@ -57,7 +57,7 @@ type SecurityContextConstraints struct { // allowPrivilegedContainer determines if a container can request to be run as privileged. AllowPrivilegedContainer bool `json:"allowPrivilegedContainer" protobuf:"varint,3,opt,name=allowPrivilegedContainer"` // defaultAddCapabilities is the default set of capabilities that will be added to the container - // unless the pod spec specifically drops the capability. You may not list a capabiility in both + // unless the pod spec specifically drops the capability. You may not list a capability in both // DefaultAddCapabilities and RequiredDropCapabilities. // +nullable // +listType=atomic @@ -151,7 +151,7 @@ type SecurityContextConstraints struct { // seccompProfiles lists the allowed profiles that may be set for the pod or // container's seccomp annotations. An unset (nil) or empty value means that no profiles may - // be specifid by the pod or container. The wildcard '*' may be used to allow all profiles. When + // be specified by the pod or container. The wildcard '*' may be used to allow all profiles. When // used to generate a value for a pod the first non-wildcard profile will be used as // the default. // +nullable From 3d57b9d93da3052257decca5a58ab09dbb3fc311 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A7alo=20Marques?= <9379664+gonmmarques@users.noreply.github.com> Date: Thu, 16 Apr 2026 13:36:14 +0000 Subject: [PATCH 2/2] chore: add re-generated files --- openapi/generated_openapi/zz_generated.openapi.go | 4 ++-- ..._03_config-operator_01_securitycontextconstraints.crd.yaml | 4 ++-- ..._03_config-operator_01_securitycontextconstraints.crd.yaml | 4 ++-- .../AAA_ungated.yaml | 4 ++-- .../UserNamespacesPodSecurityStandards.yaml | 4 ++-- security/v1/zz_generated.swagger_doc_generated.go | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index f101a752a6e..e4f80dd8f26 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -69082,7 +69082,7 @@ func schema_openshift_api_security_v1_SecurityContextConstraints(ref common.Refe }, }, SchemaProps: spec.SchemaProps{ - Description: "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.", + Description: "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -69319,7 +69319,7 @@ func schema_openshift_api_security_v1_SecurityContextConstraints(ref common.Refe }, }, SchemaProps: spec.SchemaProps{ - Description: "seccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default.", + Description: "seccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specified by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ diff --git a/payload-manifests/crds/0000_03_config-operator_01_securitycontextconstraints.crd.yaml b/payload-manifests/crds/0000_03_config-operator_01_securitycontextconstraints.crd.yaml index dc14c04a53e..567c5e98b65 100644 --- a/payload-manifests/crds/0000_03_config-operator_01_securitycontextconstraints.crd.yaml +++ b/payload-manifests/crds/0000_03_config-operator_01_securitycontextconstraints.crd.yaml @@ -153,7 +153,7 @@ spec: defaultAddCapabilities: description: |- defaultAddCapabilities is the default set of capabilities that will be added to the container - unless the pod spec specifically drops the capability. You may not list a capabiility in both + unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities. items: description: Capability represent POSIX capabilities type @@ -315,7 +315,7 @@ spec: seccompProfiles: description: "seccompProfiles lists the allowed profiles that may be set for the pod or\ncontainer's seccomp annotations. An unset (nil) or - empty value means that no profiles may\nbe specifid by the pod or container.\tThe + empty value means that no profiles may\nbe specified by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When\nused to generate a value for a pod the first non-wildcard profile will be used as\nthe default." diff --git a/security/v1/zz_generated.crd-manifests/0000_03_config-operator_01_securitycontextconstraints.crd.yaml b/security/v1/zz_generated.crd-manifests/0000_03_config-operator_01_securitycontextconstraints.crd.yaml index dc14c04a53e..567c5e98b65 100644 --- a/security/v1/zz_generated.crd-manifests/0000_03_config-operator_01_securitycontextconstraints.crd.yaml +++ b/security/v1/zz_generated.crd-manifests/0000_03_config-operator_01_securitycontextconstraints.crd.yaml @@ -153,7 +153,7 @@ spec: defaultAddCapabilities: description: |- defaultAddCapabilities is the default set of capabilities that will be added to the container - unless the pod spec specifically drops the capability. You may not list a capabiility in both + unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities. items: description: Capability represent POSIX capabilities type @@ -315,7 +315,7 @@ spec: seccompProfiles: description: "seccompProfiles lists the allowed profiles that may be set for the pod or\ncontainer's seccomp annotations. An unset (nil) or - empty value means that no profiles may\nbe specifid by the pod or container.\tThe + empty value means that no profiles may\nbe specified by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When\nused to generate a value for a pod the first non-wildcard profile will be used as\nthe default." diff --git a/security/v1/zz_generated.featuregated-crd-manifests/securitycontextconstraints.security.openshift.io/AAA_ungated.yaml b/security/v1/zz_generated.featuregated-crd-manifests/securitycontextconstraints.security.openshift.io/AAA_ungated.yaml index 7316263d596..23c11d43c37 100644 --- a/security/v1/zz_generated.featuregated-crd-manifests/securitycontextconstraints.security.openshift.io/AAA_ungated.yaml +++ b/security/v1/zz_generated.featuregated-crd-manifests/securitycontextconstraints.security.openshift.io/AAA_ungated.yaml @@ -154,7 +154,7 @@ spec: defaultAddCapabilities: description: |- defaultAddCapabilities is the default set of capabilities that will be added to the container - unless the pod spec specifically drops the capability. You may not list a capabiility in both + unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities. items: description: Capability represent POSIX capabilities type @@ -316,7 +316,7 @@ spec: seccompProfiles: description: "seccompProfiles lists the allowed profiles that may be set for the pod or\ncontainer's seccomp annotations. An unset (nil) or - empty value means that no profiles may\nbe specifid by the pod or container.\tThe + empty value means that no profiles may\nbe specified by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When\nused to generate a value for a pod the first non-wildcard profile will be used as\nthe default." diff --git a/security/v1/zz_generated.featuregated-crd-manifests/securitycontextconstraints.security.openshift.io/UserNamespacesPodSecurityStandards.yaml b/security/v1/zz_generated.featuregated-crd-manifests/securitycontextconstraints.security.openshift.io/UserNamespacesPodSecurityStandards.yaml index dea8d21b21e..e862757dc91 100644 --- a/security/v1/zz_generated.featuregated-crd-manifests/securitycontextconstraints.security.openshift.io/UserNamespacesPodSecurityStandards.yaml +++ b/security/v1/zz_generated.featuregated-crd-manifests/securitycontextconstraints.security.openshift.io/UserNamespacesPodSecurityStandards.yaml @@ -154,7 +154,7 @@ spec: defaultAddCapabilities: description: |- defaultAddCapabilities is the default set of capabilities that will be added to the container - unless the pod spec specifically drops the capability. You may not list a capabiility in both + unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities. items: description: Capability represent POSIX capabilities type @@ -316,7 +316,7 @@ spec: seccompProfiles: description: "seccompProfiles lists the allowed profiles that may be set for the pod or\ncontainer's seccomp annotations. An unset (nil) or - empty value means that no profiles may\nbe specifid by the pod or container.\tThe + empty value means that no profiles may\nbe specified by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When\nused to generate a value for a pod the first non-wildcard profile will be used as\nthe default." diff --git a/security/v1/zz_generated.swagger_doc_generated.go b/security/v1/zz_generated.swagger_doc_generated.go index 29cddf7e647..67882a66e99 100644 --- a/security/v1/zz_generated.swagger_doc_generated.go +++ b/security/v1/zz_generated.swagger_doc_generated.go @@ -171,7 +171,7 @@ var map_SecurityContextConstraints = map[string]string{ "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "priority": "priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.", "allowPrivilegedContainer": "allowPrivilegedContainer determines if a container can request to be run as privileged.", - "defaultAddCapabilities": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.", + "defaultAddCapabilities": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities.", "requiredDropCapabilities": "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.", "allowedCapabilities": "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'.", "allowHostDirVolumePlugin": "allowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin", @@ -191,7 +191,7 @@ var map_SecurityContextConstraints = map[string]string{ "readOnlyRootFilesystem": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.", "users": "The users who have permissions to use this security context constraints", "groups": "The groups that have permission to use this security context constraints", - "seccompProfiles": "seccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default.", + "seccompProfiles": "seccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specified by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default.", "allowedUnsafeSysctls": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.", "forbiddenSysctls": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.", }