api

package
v3.6.96-1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 6, 2017 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

+groupName=security.openshift.io Package api is the internal version of the API.

Index

Constants

View Source
const (
	GroupName       = "security.openshift.io"
	LegacyGroupName = ""
)

Variables

View Source
var (
	SchemeGroupVersion       = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
	LegacySchemeGroupVersion = schema.GroupVersion{Group: LegacyGroupName, Version: runtime.APIVersionInternal}

	LegacySchemeBuilder    = runtime.NewSchemeBuilder(addLegacyKnownTypes)
	AddToSchemeInCoreGroup = LegacySchemeBuilder.AddToScheme

	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme
)

SchemeGroupVersion is group version used to register these objects

Functions

func DeepCopy_api_PodSecurityPolicyReview

func DeepCopy_api_PodSecurityPolicyReview(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicyReviewSpec

func DeepCopy_api_PodSecurityPolicyReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicyReviewStatus

func DeepCopy_api_PodSecurityPolicyReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicySelfSubjectReview

func DeepCopy_api_PodSecurityPolicySelfSubjectReview(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicySelfSubjectReviewSpec

func DeepCopy_api_PodSecurityPolicySelfSubjectReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicySubjectReview

func DeepCopy_api_PodSecurityPolicySubjectReview(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicySubjectReviewSpec

func DeepCopy_api_PodSecurityPolicySubjectReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicySubjectReviewStatus

func DeepCopy_api_PodSecurityPolicySubjectReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_api_ServiceAccountPodSecurityPolicyReviewStatus

func DeepCopy_api_ServiceAccountPodSecurityPolicyReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error

func IsKindOrLegacy

func IsKindOrLegacy(kind string, gk schema.GroupKind) bool

IsKindOrLegacy checks if the provided GroupKind matches with the given kind by looking up the API group and also the legacy API.

func IsResourceOrLegacy

func IsResourceOrLegacy(resource string, gr schema.GroupResource) bool

IsResourceOrLegacy checks if the provided GroupResources matches with the given resource by looking up the API group and also the legacy API.

func Kind

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func LegacyKind

func LegacyKind(kind string) schema.GroupKind

func LegacyResource

func LegacyResource(resource string) schema.GroupResource

func RegisterDeepCopies added in v1.4.0

func RegisterDeepCopies(scheme *runtime.Scheme) error

RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns back a Group qualified GroupResource

Types

type PodSecurityPolicyReview

type PodSecurityPolicyReview struct {
	metav1.TypeMeta

	// Spec is the PodSecurityPolicy to check.
	Spec PodSecurityPolicyReviewSpec

	// Status represents the current information/status for the PodSecurityPolicyReview.
	Status PodSecurityPolicyReviewStatus
}

PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.

type PodSecurityPolicyReviewSpec

type PodSecurityPolicyReviewSpec struct {
	// Template is the PodTemplateSpec to check. The PodTemplateSpec.Spec.ServiceAccountName field is used
	// if ServiceAccountNames is empty, unless the PodTemplateSpec.Spec.ServiceAccountName is empty,
	// in which case "default" is used.
	// If ServiceAccountNames is specified, PodTemplateSpec.Spec.ServiceAccountName is ignored.
	Template kapi.PodTemplateSpec

	// ServiceAccountNames is an optional set of ServiceAccounts to run the check with.
	// If ServiceAccountNames is empty, the PodTemplateSpec.Spec.ServiceAccountName is used,
	// unless it's empty, in which case "default" is used instead.
	// If ServiceAccountNames is specified, PodTemplateSpec.Spec.ServiceAccountName is ignored.
	ServiceAccountNames []string // TODO: find a way to express 'all service accounts'
}

PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview

type PodSecurityPolicyReviewStatus

type PodSecurityPolicyReviewStatus struct {
	// AllowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodTemplateSpec.
	AllowedServiceAccounts []ServiceAccountPodSecurityPolicyReviewStatus
}

PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview.

type PodSecurityPolicySelfSubjectReview

type PodSecurityPolicySelfSubjectReview struct {
	metav1.TypeMeta

	// Spec defines specification the PodSecurityPolicySelfSubjectReview.
	Spec PodSecurityPolicySelfSubjectReviewSpec

	// Status represents the current information/status for the PodSecurityPolicySelfSubjectReview.
	Status PodSecurityPolicySubjectReviewStatus
}

PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec.

type PodSecurityPolicySelfSubjectReviewSpec

type PodSecurityPolicySelfSubjectReviewSpec struct {
	// Template is the PodTemplateSpec to check.
	Template kapi.PodTemplateSpec
}

PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview.

type PodSecurityPolicySubjectReview

type PodSecurityPolicySubjectReview struct {
	metav1.TypeMeta

	// Spec defines specification for the PodSecurityPolicySubjectReview.
	Spec PodSecurityPolicySubjectReviewSpec

	// Status represents the current information/status for the PodSecurityPolicySubjectReview.
	Status PodSecurityPolicySubjectReviewStatus
}

PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.

type PodSecurityPolicySubjectReviewSpec

type PodSecurityPolicySubjectReviewSpec struct {
	// Template is the PodTemplateSpec to check. If PodTemplateSpec.Spec.ServiceAccountName is empty it will not be defaulted.
	// If its non-empty, it will be checked.
	Template kapi.PodTemplateSpec

	// User is the user you're testing for.
	// If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups.
	// If User and Groups are empty, then the check is performed using *only* the ServiceAccountName in the PodTemplateSpec.
	User string

	// Groups is the groups you're testing for.
	Groups []string
}

PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview

type PodSecurityPolicySubjectReviewStatus

type PodSecurityPolicySubjectReviewStatus struct {
	// AllowedBy is a reference to the rule that allows the PodTemplateSpec.
	// A rule can be a SecurityContextConstraint or a PodSecurityPolicy
	// A `nil`, indicates that it was denied.
	AllowedBy *kapi.ObjectReference

	// A machine-readable description of why this operation is in the
	// "Failure" status. If this value is empty there
	// is no information available.
	Reason string

	// Template is the PodTemplateSpec after the defaulting is applied.
	Template kapi.PodTemplateSpec
}

PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.

type ServiceAccountPodSecurityPolicyReviewStatus

type ServiceAccountPodSecurityPolicyReviewStatus struct {
	PodSecurityPolicySubjectReviewStatus

	// Name contains the allowed and the denied ServiceAccount name
	Name string
}

ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status

Directories

Path Synopsis
+groupName=security.openshift.io Package v1 is the v1 version of the API.
+groupName=security.openshift.io Package v1 is the v1 version of the API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL