Documentation ¶
Index ¶
- Constants
- func CheckStatefulSetWithWolumeClaimTemplates(obj runtime.Object) error
- func DiffSubjects(list1 []rbacv1.Subject, list2 []rbacv1.Subject) (list1Only []rbacv1.Subject, list2Only []rbacv1.Subject)
- func GetPodTemplateForObject(obj runtime.Object) (*corev1.PodTemplateSpec, error)
- func IsClusterRoleBindingLookupError(err error) bool
- func MergeMaps(a, b map[string]string) map[string]string
- func NewClusterRoleBindingLookupError(rolesNotFound []string) error
- func NewCmdAddClusterRoleToGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdAddClusterRoleToUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdAddRoleToGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdAddRoleToUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdAddSCCToGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdAddSCCToUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdPolicy(name, fullName string, f cmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdReconcileClusterRoleBindings(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdReconcileClusterRoles(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdReconcileSCC(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdRemoveClusterRoleFromGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdRemoveClusterRoleFromUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdRemoveGroupFromProject(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdRemoveRoleFromGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdRemoveRoleFromUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdRemoveSCCFromGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdRemoveSCCFromUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdRemoveUserFromProject(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdSccReview(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdSccSubjectReview(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func NewCmdWhoCan(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
- func ResourceFor(mapper meta.RESTMapper, resourceArg string) schema.GroupVersionResource
- type ReconcileClusterRoleBindingsOptions
- func (o *ReconcileClusterRoleBindingsOptions) ChangedClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, []*rbacv1.ClusterRoleBinding, error)
- func (o *ReconcileClusterRoleBindingsOptions) Complete(cmd *cobra.Command, f kcmdutil.Factory, args []string) error
- func (o *ReconcileClusterRoleBindingsOptions) ReplaceChangedRoleBindings(changedRoleBindings []*rbacv1.ClusterRoleBinding) error
- func (o *ReconcileClusterRoleBindingsOptions) RunReconcileClusterRoleBindings(cmd *cobra.Command, f kcmdutil.Factory) error
- func (o *ReconcileClusterRoleBindingsOptions) Validate() error
- type ReconcileClusterRolesOptions
- func (o *ReconcileClusterRolesOptions) ChangedClusterRoles() ([]*rbacv1.ClusterRole, []*rbacv1.ClusterRole, error)
- func (o *ReconcileClusterRolesOptions) Complete(cmd *cobra.Command, f kcmdutil.Factory, args []string) error
- func (o *ReconcileClusterRolesOptions) ReplaceChangedRoles(changedRoles []*rbacv1.ClusterRole) error
- func (o *ReconcileClusterRolesOptions) RunReconcileClusterRoles(cmd *cobra.Command, f kcmdutil.Factory) error
- func (o *ReconcileClusterRolesOptions) Validate() error
- type ReconcileSCCOptions
- func (o *ReconcileSCCOptions) ChangedSCCs() ([]*securityv1.SecurityContextConstraints, ...)
- func (o *ReconcileSCCOptions) Complete(cmd *cobra.Command, f kcmdutil.Factory, args []string) error
- func (o *ReconcileSCCOptions) ReplaceChangedSCCs(newSCCs, changedSCCs []*securityv1.SecurityContextConstraints) error
- func (o *ReconcileSCCOptions) RunReconcileSCCs(cmd *cobra.Command, f kcmdutil.Factory) error
- func (o *ReconcileSCCOptions) Validate() error
- type RemoveFromProjectOptions
- type RoleModificationOptions
- func (o *RoleModificationOptions) AddRole() error
- func (o *RoleModificationOptions) Complete(f kcmdutil.Factory, cmd *cobra.Command, args []string, target *[]string, ...) error
- func (o *RoleModificationOptions) CompleteUserWithSA(f kcmdutil.Factory, cmd *cobra.Command, args []string) error
- func (o *RoleModificationOptions) RemoveRole() error
- type SCCModificationOptions
- func (o *SCCModificationOptions) AddSCC() error
- func (o *SCCModificationOptions) CompleteGroups(f kcmdutil.Factory, cmd *cobra.Command, args []string) error
- func (o *SCCModificationOptions) CompleteUsers(f kcmdutil.Factory, cmd *cobra.Command, args []string) error
- func (o *SCCModificationOptions) RemoveSCC() error
- type SCCReviewOptions
- type SCCSubjectReviewOptions
- type WhoCanOptions
Constants ¶
const ( AddRoleToGroupRecommendedName = "add-role-to-group" AddRoleToUserRecommendedName = "add-role-to-user" RemoveRoleFromGroupRecommendedName = "remove-role-from-group" RemoveRoleFromUserRecommendedName = "remove-role-from-user" AddClusterRoleToGroupRecommendedName = "add-cluster-role-to-group" AddClusterRoleToUserRecommendedName = "add-cluster-role-to-user" RemoveClusterRoleFromGroupRecommendedName = "remove-cluster-role-from-group" RemoveClusterRoleFromUserRecommendedName = "remove-cluster-role-from-user" )
const ( AddSCCToGroupRecommendedName = "add-scc-to-group" AddSCCToUserRecommendedName = "add-scc-to-user" RemoveSCCFromGroupRecommendedName = "remove-scc-from-group" RemoveSCCFromUserRecommendedName = "remove-scc-from-user" )
const ( RemoveGroupRecommendedName = "remove-group" RemoveUserRecommendedName = "remove-user" )
const PolicyRecommendedName = "policy"
const ReconcileClusterRoleBindingsRecommendedName = "reconcile-cluster-role-bindings"
ReconcileClusterRoleBindingsRecommendedName is the recommended command name
const ReconcileClusterRolesRecommendedName = "reconcile-cluster-roles"
ReconcileClusterRolesRecommendedName is the recommended command name
const ReconcileSCCRecommendedName = "reconcile-sccs"
ReconcileSCCRecommendedName is the recommended command name
const (
ReviewRecommendedName = "scc-review"
)
const SubjectReviewRecommendedName = "scc-subject-review"
const WhoCanRecommendedName = "who-can"
Variables ¶
This section is empty.
Functions ¶
func CheckStatefulSetWithWolumeClaimTemplates ¶
CheckStatefulSetWithWolumeClaimTemplates checks whether a supplied object is a statefulSet with volumeClaimTemplates Currently scc-review and scc-subject-review commands cannot handle correctly this case since validation is not based only on podTemplateSpec.
func DiffSubjects ¶
func DiffSubjects(list1 []rbacv1.Subject, list2 []rbacv1.Subject) (list1Only []rbacv1.Subject, list2Only []rbacv1.Subject)
DiffSubjects returns lists containing the items unique to each provided list:
list1Only = list1 - list2 list2Only = list2 - list1
if both returned lists are empty, the provided lists are equal
func GetPodTemplateForObject ¶
func GetPodTemplateForObject(obj runtime.Object) (*corev1.PodTemplateSpec, error)
func MergeMaps ¶
MergeMaps will merge to map[string]string instances, with keys from the second argument overwriting keys from the first argument, in case of duplicates.
func NewCmdAddClusterRoleToGroup ¶
func NewCmdAddClusterRoleToGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdAddClusterRoleToGroup implements the OpenShift cli add-cluster-role-to-group command
func NewCmdAddClusterRoleToUser ¶
func NewCmdAddClusterRoleToUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdAddClusterRoleToUser implements the OpenShift cli add-cluster-role-to-user command
func NewCmdAddRoleToGroup ¶
func NewCmdAddRoleToGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdAddRoleToGroup implements the OpenShift cli add-role-to-group command
func NewCmdAddRoleToUser ¶
func NewCmdAddRoleToUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdAddRoleToUser implements the OpenShift cli add-role-to-user command
func NewCmdAddSCCToGroup ¶
func NewCmdAddSCCToUser ¶
func NewCmdPolicy ¶
func NewCmdPolicy(name, fullName string, f cmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdPolicy implements the OpenShift cli policy command
func NewCmdReconcileClusterRoleBindings ¶
func NewCmdReconcileClusterRoleBindings(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdReconcileClusterRoleBindings implements the OpenShift cli reconcile-cluster-role-bindings command
func NewCmdReconcileClusterRoles ¶
func NewCmdReconcileClusterRoles(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdReconcileClusterRoles implements the OpenShift cli reconcile-cluster-roles command
func NewCmdReconcileSCC ¶
func NewCmdReconcileSCC(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdReconcileSCC implements the OpenShift cli reconcile-sccs command.
func NewCmdRemoveClusterRoleFromGroup ¶
func NewCmdRemoveClusterRoleFromGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdRemoveClusterRoleFromGroup implements the OpenShift cli remove-cluster-role-from-group command
func NewCmdRemoveClusterRoleFromUser ¶
func NewCmdRemoveClusterRoleFromUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdRemoveClusterRoleFromUser implements the OpenShift cli remove-cluster-role-from-user command
func NewCmdRemoveGroupFromProject ¶
func NewCmdRemoveGroupFromProject(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdRemoveGroupFromProject implements the OpenShift cli remove-group command
func NewCmdRemoveRoleFromGroup ¶
func NewCmdRemoveRoleFromGroup(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdRemoveRoleFromGroup implements the OpenShift cli remove-role-from-group command
func NewCmdRemoveRoleFromUser ¶
func NewCmdRemoveRoleFromUser(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdRemoveRoleFromUser implements the OpenShift cli remove-role-from-user command
func NewCmdRemoveSCCFromUser ¶
func NewCmdRemoveUserFromProject ¶
func NewCmdRemoveUserFromProject(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdRemoveUserFromProject implements the OpenShift cli remove-user command
func NewCmdSccReview ¶
func NewCmdSccSubjectReview ¶
func NewCmdWhoCan ¶
func NewCmdWhoCan(name, fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command
NewCmdWhoCan implements the OpenShift cli who-can command
func ResourceFor ¶
func ResourceFor(mapper meta.RESTMapper, resourceArg string) schema.GroupVersionResource
Types ¶
type ReconcileClusterRoleBindingsOptions ¶
type ReconcileClusterRoleBindingsOptions struct { PrintFlags *genericclioptions.PrintFlags Printer printers.ResourcePrinter // RolesToReconcile says which roles should have their default bindings reconciled. // An empty or nil slice means reconcile all of them. RolesToReconcile []string Confirmed bool Union bool ExcludeUsers []string ExcludeGroups []string ExcludeSubjects []rbacv1.Subject Output string RoleBindingClient rbacv1client.ClusterRoleBindingInterface genericclioptions.IOStreams }
ReconcileClusterRoleBindingsOptions contains all the necessary functionality for the OpenShift cli reconcile-cluster-role-bindings command
func NewReconcileClusterRoleBindingsOptions ¶
func NewReconcileClusterRoleBindingsOptions(streams genericclioptions.IOStreams) *ReconcileClusterRoleBindingsOptions
func (*ReconcileClusterRoleBindingsOptions) ChangedClusterRoleBindings ¶
func (o *ReconcileClusterRoleBindingsOptions) ChangedClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, []*rbacv1.ClusterRoleBinding, error)
ChangedClusterRoleBindings returns the role bindings that must be created and/or updated to match the recommended bootstrap policy. If roles to reconcile are provided, but not all are found, all partial results are returned.
func (*ReconcileClusterRoleBindingsOptions) ReplaceChangedRoleBindings ¶
func (o *ReconcileClusterRoleBindingsOptions) ReplaceChangedRoleBindings(changedRoleBindings []*rbacv1.ClusterRoleBinding) error
ReplaceChangedRoleBindings will reconcile all the changed system role bindings back to the recommended bootstrap policy
func (*ReconcileClusterRoleBindingsOptions) RunReconcileClusterRoleBindings ¶
func (*ReconcileClusterRoleBindingsOptions) Validate ¶
func (o *ReconcileClusterRoleBindingsOptions) Validate() error
type ReconcileClusterRolesOptions ¶
type ReconcileClusterRolesOptions struct { PrintFlags *genericclioptions.PrintFlags Printer printers.ResourcePrinter // RolesToReconcile says which roles should be reconciled. An empty or nil slice means // reconcile all of them. RolesToReconcile []string Confirmed bool Union bool Output string RoleClient rbacv1client.ClusterRoleInterface genericclioptions.IOStreams }
func NewReconcileClusterRolesOptions ¶
func NewReconcileClusterRolesOptions(streams genericclioptions.IOStreams) *ReconcileClusterRolesOptions
func (*ReconcileClusterRolesOptions) ChangedClusterRoles ¶
func (o *ReconcileClusterRolesOptions) ChangedClusterRoles() ([]*rbacv1.ClusterRole, []*rbacv1.ClusterRole, error)
ChangedClusterRoles returns the roles that must be created and/or updated to match the recommended bootstrap policy
func (*ReconcileClusterRolesOptions) ReplaceChangedRoles ¶
func (o *ReconcileClusterRolesOptions) ReplaceChangedRoles(changedRoles []*rbacv1.ClusterRole) error
ReplaceChangedRoles will reconcile all the changed roles back to the recommended bootstrap policy
func (*ReconcileClusterRolesOptions) RunReconcileClusterRoles ¶
func (o *ReconcileClusterRolesOptions) RunReconcileClusterRoles(cmd *cobra.Command, f kcmdutil.Factory) error
RunReconcileClusterRoles contains all the necessary functionality for the OpenShift cli reconcile-cluster-roles command
func (*ReconcileClusterRolesOptions) Validate ¶
func (o *ReconcileClusterRolesOptions) Validate() error
type ReconcileSCCOptions ¶
type ReconcileSCCOptions struct { PrintFlags *genericclioptions.PrintFlags Printer printers.ResourcePrinter // confirmed indicates that the data should be persisted Confirmed bool // union controls if we make additive changes to the users/groups/labels/annotations fields // or overwrite them as well as preserving existing priorities (unset priorities will // always be reconciled) Union bool // is the name of the openshift infrastructure namespace. It is provided here so that // the command doesn't need to try and parse the policy config. InfraNamespace string Output string SCCClient securityv1typedclient.SecurityContextConstraintsInterface NSClient corev1typedclient.NamespaceInterface genericclioptions.IOStreams }
func NewDefaultReconcileSCCOptions ¶
func NewDefaultReconcileSCCOptions(streams genericclioptions.IOStreams) *ReconcileSCCOptions
NewDefaultReconcileSCCOptions provides a ReconcileSCCOptions with default settings.
func (*ReconcileSCCOptions) ChangedSCCs ¶
func (o *ReconcileSCCOptions) ChangedSCCs() ( []*securityv1.SecurityContextConstraints, []*securityv1.SecurityContextConstraints, error)
ChangedSCCs returns the SCCs that must be created and updated to match the recommended bootstrap SCCs.
func (*ReconcileSCCOptions) ReplaceChangedSCCs ¶
func (o *ReconcileSCCOptions) ReplaceChangedSCCs(newSCCs, changedSCCs []*securityv1.SecurityContextConstraints) error
ReplaceChangedSCCs persists the changed SCCs.
func (*ReconcileSCCOptions) RunReconcileSCCs ¶
RunReconcileSCCs contains the functionality for the reconcile-sccs command for making or previewing changes.
func (*ReconcileSCCOptions) Validate ¶
func (o *ReconcileSCCOptions) Validate() error
type RemoveFromProjectOptions ¶
type RemoveFromProjectOptions struct { PrintFlags *genericclioptions.PrintFlags Printer printers.ResourcePrinter BindingNamespace string Client rbacv1client.RoleBindingsGetter Groups []string Users []string DryRun bool Output string genericclioptions.IOStreams }
func NewRemoveFromProjectOptions ¶
func NewRemoveFromProjectOptions(streams genericclioptions.IOStreams) *RemoveFromProjectOptions
func (*RemoveFromProjectOptions) Run ¶
func (o *RemoveFromProjectOptions) Run() error
type RoleModificationOptions ¶
type RoleModificationOptions struct { RoleName string RoleNamespace string RoleKind string RoleBindingName string RoleBindingNamespace string RbacClient rbacv1client.RbacV1Interface SANames []string UserClient userv1client.UserV1Interface ServiceAccountClient corev1client.ServiceAccountsGetter Targets []string Users []string Groups []string Subjects []rbacv1.Subject DryRun bool Output string PrintObj func(obj runtime.Object) error PrintErrf func(format string, args ...interface{}) genericclioptions.IOStreams }
func NewRoleModificationOptions ¶
func NewRoleModificationOptions(streams genericclioptions.IOStreams) *RoleModificationOptions
func (*RoleModificationOptions) AddRole ¶
func (o *RoleModificationOptions) AddRole() error
func (*RoleModificationOptions) CompleteUserWithSA ¶
func (*RoleModificationOptions) RemoveRole ¶
func (o *RoleModificationOptions) RemoveRole() error
type SCCModificationOptions ¶
type SCCModificationOptions struct { PrintFlags *genericclioptions.PrintFlags ToPrinter func(string) (printers.ResourcePrinter, error) SCCName string SCCInterface securityv1typedclient.SecurityContextConstraintsInterface SANames []string DefaultSubjectNamespace string Subjects []corev1.ObjectReference IsGroup bool DryRun bool Output string genericclioptions.IOStreams }
func NewSCCModificationOptions ¶
func NewSCCModificationOptions(streams genericclioptions.IOStreams) *SCCModificationOptions
func (*SCCModificationOptions) AddSCC ¶
func (o *SCCModificationOptions) AddSCC() error
func (*SCCModificationOptions) CompleteGroups ¶
func (*SCCModificationOptions) CompleteUsers ¶
func (*SCCModificationOptions) RemoveSCC ¶
func (o *SCCModificationOptions) RemoveSCC() error
type SCCReviewOptions ¶
type SCCReviewOptions struct { PrintFlags *genericclioptions.PrintFlags Printer *policyPrinter RESTClientFactory func(mapping *meta.RESTMapping) (resource.RESTClient, error) FilenameOptions resource.FilenameOptions genericclioptions.IOStreams // contains filtered or unexported fields }
func NewSCCReviewOptions ¶
func NewSCCReviewOptions(streams genericclioptions.IOStreams) *SCCReviewOptions
func (*SCCReviewOptions) Run ¶
func (o *SCCReviewOptions) Run(args []string) error
type SCCSubjectReviewOptions ¶
type SCCSubjectReviewOptions struct { PrintFlags *genericclioptions.PrintFlags Printer *policyPrinter RESTClientFactory func(mapping *meta.RESTMapping) (resource.RESTClient, error) FilenameOptions resource.FilenameOptions User string Groups []string genericclioptions.IOStreams // contains filtered or unexported fields }
func NewSCCSubjectReviewOptions ¶
func NewSCCSubjectReviewOptions(streams genericclioptions.IOStreams) *SCCSubjectReviewOptions
func (*SCCSubjectReviewOptions) Run ¶
func (o *SCCSubjectReviewOptions) Run(args []string) error
type WhoCanOptions ¶
type WhoCanOptions struct { PrintFlags *genericclioptions.PrintFlags ToPrinter func(string) (printers.ResourcePrinter, error) genericclioptions.IOStreams // contains filtered or unexported fields }
func NewWhoCanOptions ¶
func NewWhoCanOptions(streams genericclioptions.IOStreams) *WhoCanOptions