policy

package
v3.11.0-0.20.0+incompa... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 22, 2018 License: Apache-2.0 Imports: 53 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AddRoleToGroupRecommendedName      = "add-role-to-group"
	AddRoleToUserRecommendedName       = "add-role-to-user"
	RemoveRoleFromGroupRecommendedName = "remove-role-from-group"
	RemoveRoleFromUserRecommendedName  = "remove-role-from-user"

	AddClusterRoleToGroupRecommendedName      = "add-cluster-role-to-group"
	AddClusterRoleToUserRecommendedName       = "add-cluster-role-to-user"
	RemoveClusterRoleFromGroupRecommendedName = "remove-cluster-role-from-group"
	RemoveClusterRoleFromUserRecommendedName  = "remove-cluster-role-from-user"
)
View Source
const (
	AddSCCToGroupRecommendedName      = "add-scc-to-group"
	AddSCCToUserRecommendedName       = "add-scc-to-user"
	RemoveSCCFromGroupRecommendedName = "remove-scc-from-group"
	RemoveSCCFromUserRecommendedName  = "remove-scc-from-user"
)
View Source
const (
	RemoveGroupRecommendedName = "remove-group"
	RemoveUserRecommendedName  = "remove-user"
)
View Source
const PolicyRecommendedName = "policy"
View Source
const ReconcileClusterRoleBindingsRecommendedName = "reconcile-cluster-role-bindings"

ReconcileClusterRoleBindingsRecommendedName is the recommended command name

View Source
const ReconcileClusterRolesRecommendedName = "reconcile-cluster-roles"

ReconcileClusterRolesRecommendedName is the recommended command name

View Source
const ReconcileSCCRecommendedName = "reconcile-sccs"

ReconcileSCCRecommendedName is the recommended command name

View Source
const ReviewRecommendedName = "scc-review"
View Source
const SubjectReviewRecommendedName = "scc-subject-review"
View Source
const WhoCanRecommendedName = "who-can"

Variables

This section is empty.

Functions

func CheckStatefulSetWithWolumeClaimTemplates

func CheckStatefulSetWithWolumeClaimTemplates(obj runtime.Object) error

CheckStatefulSetWithWolumeClaimTemplates checks whether a supplied object is a statefulSet with volumeClaimTemplates Currently scc-review and scc-subject-review commands cannot handle correctly this case since validation is not based only on podTemplateSpec.

func DiffSubjects

func DiffSubjects(list1 []rbacv1.Subject, list2 []rbacv1.Subject) (list1Only []rbacv1.Subject, list2Only []rbacv1.Subject)

DiffSubjects returns lists containing the items unique to each provided list:

list1Only = list1 - list2
list2Only = list2 - list1

if both returned lists are empty, the provided lists are equal

func GetPodTemplateForObject

func GetPodTemplateForObject(obj runtime.Object) (*kapi.PodTemplateSpec, error)

func IsClusterRoleBindingLookupError

func IsClusterRoleBindingLookupError(err error) bool

func MergeMaps

func MergeMaps(a, b map[string]string) map[string]string

MergeMaps will merge to map[string]string instances, with keys from the second argument overwriting keys from the first argument, in case of duplicates.

func NewClusterRoleBindingLookupError

func NewClusterRoleBindingLookupError(rolesNotFound []string) error

func NewCmdAddClusterRoleToGroup

func NewCmdAddClusterRoleToGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdAddClusterRoleToGroup implements the OpenShift cli add-cluster-role-to-group command

func NewCmdAddClusterRoleToUser

func NewCmdAddClusterRoleToUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdAddClusterRoleToUser implements the OpenShift cli add-cluster-role-to-user command

func NewCmdAddRoleToGroup

func NewCmdAddRoleToGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdAddRoleToGroup implements the OpenShift cli add-role-to-group command

func NewCmdAddRoleToUser

func NewCmdAddRoleToUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdAddRoleToUser implements the OpenShift cli add-role-to-user command

func NewCmdAddSCCToGroup

func NewCmdAddSCCToGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

func NewCmdAddSCCToUser

func NewCmdAddSCCToUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

func NewCmdPolicy

func NewCmdPolicy(name, fullName string, f cmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdPolicy implements the OpenShift cli policy command

func NewCmdReconcileClusterRoleBindings

func NewCmdReconcileClusterRoleBindings(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdReconcileClusterRoleBindings implements the OpenShift cli reconcile-cluster-role-bindings command

func NewCmdReconcileClusterRoles

func NewCmdReconcileClusterRoles(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdReconcileClusterRoles implements the OpenShift cli reconcile-cluster-roles command

func NewCmdReconcileSCC

func NewCmdReconcileSCC(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdReconcileSCC implements the OpenShift cli reconcile-sccs command.

func NewCmdRemoveClusterRoleFromGroup

func NewCmdRemoveClusterRoleFromGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdRemoveClusterRoleFromGroup implements the OpenShift cli remove-cluster-role-from-group command

func NewCmdRemoveClusterRoleFromUser

func NewCmdRemoveClusterRoleFromUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdRemoveClusterRoleFromUser implements the OpenShift cli remove-cluster-role-from-user command

func NewCmdRemoveGroupFromProject

func NewCmdRemoveGroupFromProject(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdRemoveGroupFromProject implements the OpenShift cli remove-group command

func NewCmdRemoveRoleFromGroup

func NewCmdRemoveRoleFromGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdRemoveRoleFromGroup implements the OpenShift cli remove-role-from-group command

func NewCmdRemoveRoleFromUser

func NewCmdRemoveRoleFromUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdRemoveRoleFromUser implements the OpenShift cli remove-role-from-user command

func NewCmdRemoveSCCFromGroup

func NewCmdRemoveSCCFromGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

func NewCmdRemoveSCCFromUser

func NewCmdRemoveSCCFromUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

func NewCmdRemoveUserFromProject

func NewCmdRemoveUserFromProject(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdRemoveUserFromProject implements the OpenShift cli remove-user command

func NewCmdSccReview

func NewCmdSccReview(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

func NewCmdSccSubjectReview

func NewCmdSccSubjectReview(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

func NewCmdWhoCan

func NewCmdWhoCan(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command

NewCmdWhoCan implements the OpenShift cli who-can command

func ResourceFor

func ResourceFor(mapper meta.RESTMapper, resourceArg string) schema.GroupVersionResource

Types

type ReconcileClusterRoleBindingsOptions

type ReconcileClusterRoleBindingsOptions struct {
	// RolesToReconcile says which roles should have their default bindings reconciled.
	// An empty or nil slice means reconcile all of them.
	RolesToReconcile []string

	Confirmed bool
	Union     bool

	ExcludeUsers  []string
	ExcludeGroups []string

	ExcludeSubjects []rbacv1.Subject

	Output string

	RoleBindingClient rbacv1client.ClusterRoleBindingInterface

	genericclioptions.IOStreams
}

ReconcileClusterRoleBindingsOptions contains all the necessary functionality for the OpenShift cli reconcile-cluster-role-bindings command

func (*ReconcileClusterRoleBindingsOptions) ChangedClusterRoleBindings

ChangedClusterRoleBindings returns the role bindings that must be created and/or updated to match the recommended bootstrap policy. If roles to reconcile are provided, but not all are found, all partial results are returned.

func (*ReconcileClusterRoleBindingsOptions) Complete

func (*ReconcileClusterRoleBindingsOptions) ReplaceChangedRoleBindings

func (o *ReconcileClusterRoleBindingsOptions) ReplaceChangedRoleBindings(changedRoleBindings []*rbacv1.ClusterRoleBinding) error

ReplaceChangedRoleBindings will reconcile all the changed system role bindings back to the recommended bootstrap policy

func (*ReconcileClusterRoleBindingsOptions) RunReconcileClusterRoleBindings

func (o *ReconcileClusterRoleBindingsOptions) RunReconcileClusterRoleBindings(cmd *cobra.Command, f kcmdutil.Factory) error

func (*ReconcileClusterRoleBindingsOptions) Validate

type ReconcileClusterRolesOptions

type ReconcileClusterRolesOptions struct {
	// RolesToReconcile says which roles should be reconciled.  An empty or nil slice means
	// reconcile all of them.
	RolesToReconcile []string

	Confirmed bool
	Union     bool

	Output string

	RoleClient rbacv1client.ClusterRoleInterface

	genericclioptions.IOStreams
}

func NewReconcileClusterRolesOptions

func NewReconcileClusterRolesOptions(streams genericclioptions.IOStreams) *ReconcileClusterRolesOptions

func (*ReconcileClusterRolesOptions) ChangedClusterRoles

func (o *ReconcileClusterRolesOptions) ChangedClusterRoles() ([]*rbacv1.ClusterRole, []*rbacv1.ClusterRole, error)

ChangedClusterRoles returns the roles that must be created and/or updated to match the recommended bootstrap policy

func (*ReconcileClusterRolesOptions) Complete

func (o *ReconcileClusterRolesOptions) Complete(cmd *cobra.Command, f kcmdutil.Factory, args []string) error

func (*ReconcileClusterRolesOptions) ReplaceChangedRoles

func (o *ReconcileClusterRolesOptions) ReplaceChangedRoles(changedRoles []*rbacv1.ClusterRole) error

ReplaceChangedRoles will reconcile all the changed roles back to the recommended bootstrap policy

func (*ReconcileClusterRolesOptions) RunReconcileClusterRoles

func (o *ReconcileClusterRolesOptions) RunReconcileClusterRoles(cmd *cobra.Command, f kcmdutil.Factory) error

RunReconcileClusterRoles contains all the necessary functionality for the OpenShift cli reconcile-cluster-roles command

func (*ReconcileClusterRolesOptions) Validate

func (o *ReconcileClusterRolesOptions) Validate() error

type ReconcileSCCOptions

type ReconcileSCCOptions struct {
	// confirmed indicates that the data should be persisted
	Confirmed bool
	// union controls if we make additive changes to the users/groups/labels/annotations fields
	// or overwrite them as well as preserving existing priorities (unset priorities will
	// always be reconciled)
	Union bool
	// is the name of the openshift infrastructure namespace.  It is provided here so that
	// the command doesn't need to try and parse the policy config.
	InfraNamespace string

	Output string

	SCCClient securitytypedclient.SecurityContextConstraintsInterface
	NSClient  kcoreclient.NamespaceInterface

	genericclioptions.IOStreams
}

func NewDefaultReconcileSCCOptions

func NewDefaultReconcileSCCOptions(streams genericclioptions.IOStreams) *ReconcileSCCOptions

NewDefaultReconcileSCCOptions provides a ReconcileSCCOptions with default settings.

func (*ReconcileSCCOptions) ChangedSCCs

ChangedSCCs returns the SCCs that must be created and updated to match the recommended bootstrap SCCs.

func (*ReconcileSCCOptions) Complete

func (o *ReconcileSCCOptions) Complete(cmd *cobra.Command, f kcmdutil.Factory, args []string) error

func (*ReconcileSCCOptions) ReplaceChangedSCCs

func (o *ReconcileSCCOptions) ReplaceChangedSCCs(newSCCs, changedSCCs []*securityapi.SecurityContextConstraints) error

ReplaceChangedSCCs persists the changed SCCs.

func (*ReconcileSCCOptions) RunReconcileSCCs

func (o *ReconcileSCCOptions) RunReconcileSCCs(cmd *cobra.Command, f kcmdutil.Factory) error

RunReconcileSCCs contains the functionality for the reconcile-sccs command for making or previewing changes.

func (*ReconcileSCCOptions) Validate

func (o *ReconcileSCCOptions) Validate() error

type RemoveFromProjectOptions

type RemoveFromProjectOptions struct {
	BindingNamespace string
	Client           rbacv1client.RoleBindingsGetter

	Groups []string
	Users  []string

	DryRun bool

	PrintObject func(runtime.Object) error
	Output      string

	genericclioptions.IOStreams
}

func NewRemoveFromProjectOptions

func NewRemoveFromProjectOptions(streams genericclioptions.IOStreams) *RemoveFromProjectOptions

func (*RemoveFromProjectOptions) Complete

func (o *RemoveFromProjectOptions) Complete(f kcmdutil.Factory, cmd *cobra.Command, args []string, target *[]string, targetName string) error

func (*RemoveFromProjectOptions) Run

func (*RemoveFromProjectOptions) Validate

func (o *RemoveFromProjectOptions) Validate(f kcmdutil.Factory, cmd *cobra.Command, args []string) error

type RoleModificationOptions

type RoleModificationOptions struct {
	RoleName             string
	RoleNamespace        string
	RoleKind             string
	RoleBindingName      string
	RoleBindingNamespace string
	RbacClient           rbacv1client.RbacV1Interface
	SANames              []string

	UserClient           userv1client.UserV1Interface
	ServiceAccountClient corev1client.ServiceAccountsGetter

	Targets  []string
	Users    []string
	Groups   []string
	Subjects []rbacv1.Subject

	DryRun bool
	Output string

	PrintObj  func(obj runtime.Object) error
	PrintErrf func(format string, args ...interface{})

	genericclioptions.IOStreams
}

func NewRoleModificationOptions

func NewRoleModificationOptions(streams genericclioptions.IOStreams) *RoleModificationOptions

func (*RoleModificationOptions) AddRole

func (o *RoleModificationOptions) AddRole() error

func (*RoleModificationOptions) Complete

func (o *RoleModificationOptions) Complete(f kcmdutil.Factory, cmd *cobra.Command, args []string, target *[]string, targetName string) error

func (*RoleModificationOptions) CompleteUserWithSA

func (o *RoleModificationOptions) CompleteUserWithSA(f kcmdutil.Factory, cmd *cobra.Command, args []string) error

func (*RoleModificationOptions) RemoveRole

func (o *RoleModificationOptions) RemoveRole() error

type SCCModificationOptions

type SCCModificationOptions struct {
	SCCName      string
	SCCInterface securitytypedclient.SecurityContextConstraintsInterface
	SANames      []string

	DefaultSubjectNamespace string
	Subjects                []corev1.ObjectReference

	IsGroup bool
	DryRun  bool
	Output  string

	PrintObj func(runtime.Object) error

	genericclioptions.IOStreams
}

func NewSCCModificationOptions

func NewSCCModificationOptions(streams genericclioptions.IOStreams) *SCCModificationOptions

func (*SCCModificationOptions) AddSCC

func (o *SCCModificationOptions) AddSCC() error

func (*SCCModificationOptions) CompleteGroups

func (o *SCCModificationOptions) CompleteGroups(f kcmdutil.Factory, cmd *cobra.Command, args []string) error

func (*SCCModificationOptions) CompleteUsers

func (o *SCCModificationOptions) CompleteUsers(f kcmdutil.Factory, cmd *cobra.Command, args []string) error

func (*SCCModificationOptions) RemoveSCC

func (o *SCCModificationOptions) RemoveSCC() error

type SCCReviewOptions

type SCCReviewOptions struct {
	RESTClientFactory func(mapping *meta.RESTMapping) (resource.RESTClient, error)

	FilenameOptions resource.FilenameOptions

	genericclioptions.IOStreams
	// contains filtered or unexported fields
}

func NewSCCReviewOptions

func NewSCCReviewOptions(streams genericclioptions.IOStreams) *SCCReviewOptions

func (*SCCReviewOptions) Complete

func (o *SCCReviewOptions) Complete(f kcmdutil.Factory, args []string, cmd *cobra.Command) error

func (*SCCReviewOptions) Run

func (o *SCCReviewOptions) Run(args []string) error

type SCCSubjectReviewOptions

type SCCSubjectReviewOptions struct {
	RESTClientFactory func(mapping *meta.RESTMapping) (resource.RESTClient, error)

	FilenameOptions resource.FilenameOptions
	User            string
	Groups          []string

	genericclioptions.IOStreams
	// contains filtered or unexported fields
}

func NewSCCSubjectReviewOptions

func NewSCCSubjectReviewOptions(streams genericclioptions.IOStreams) *SCCSubjectReviewOptions

func (*SCCSubjectReviewOptions) Complete

func (o *SCCSubjectReviewOptions) Complete(f kcmdutil.Factory, args []string, cmd *cobra.Command) error

func (*SCCSubjectReviewOptions) Run

func (o *SCCSubjectReviewOptions) Run(args []string) error

type WhoCanOptions

type WhoCanOptions struct {
	genericclioptions.IOStreams
	// contains filtered or unexported fields
}

func NewWhoCanOptions

func NewWhoCanOptions(streams genericclioptions.IOStreams) *WhoCanOptions

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL