Documentation ¶
Index ¶
- Constants
- func NamespaceValidator(ops ...string) func(*ACL, string) bool
- type ACL
- func (a *ACL) AllowAgentRead() bool
- func (a *ACL) AllowAgentWrite() bool
- func (a *ACL) AllowHostVolume(ns string) bool
- func (a *ACL) AllowHostVolumeOperation(hv string, op string) bool
- func (a *ACL) AllowNamespace(ns string) bool
- func (a *ACL) AllowNamespaceOperation(ns string, op string) bool
- func (a *ACL) AllowNodeRead() bool
- func (a *ACL) AllowNodeWrite() bool
- func (a *ACL) AllowNsOp(ns string, op string) bool
- func (a *ACL) AllowOperatorRead() bool
- func (a *ACL) AllowOperatorWrite() bool
- func (a *ACL) AllowPluginList() bool
- func (a *ACL) AllowPluginRead() bool
- func (a *ACL) AllowQuotaRead() bool
- func (a *ACL) AllowQuotaWrite() bool
- func (a *ACL) IsManagement() bool
- type AgentPolicy
- type HostVolumePolicy
- type NamespacePolicy
- type NodePolicy
- type OperatorPolicy
- type PluginPolicy
- type Policy
- type QuotaPolicy
Constants ¶
const ( // The following levels are the only valid values for the `policy = "read"` stanza. // When policies are merged together, the most privilege is granted, except for deny // which always takes precedence and supersedes. PolicyDeny = "deny" PolicyRead = "read" PolicyList = "list" PolicyWrite = "write" PolicyScale = "scale" )
const ( NamespaceCapabilityDeny = "deny" NamespaceCapabilityListJobs = "list-jobs" NamespaceCapabilityReadJob = "read-job" NamespaceCapabilitySubmitJob = "submit-job" NamespaceCapabilityDispatchJob = "dispatch-job" NamespaceCapabilityReadLogs = "read-logs" NamespaceCapabilityReadFS = "read-fs" NamespaceCapabilityAllocExec = "alloc-exec" NamespaceCapabilityAllocNodeExec = "alloc-node-exec" NamespaceCapabilityAllocLifecycle = "alloc-lifecycle" NamespaceCapabilitySentinelOverride = "sentinel-override" NamespaceCapabilityCSIRegisterPlugin = "csi-register-plugin" NamespaceCapabilityCSIWriteVolume = "csi-write-volume" NamespaceCapabilityCSIReadVolume = "csi-read-volume" NamespaceCapabilityCSIListVolume = "csi-list-volume" NamespaceCapabilityCSIMountVolume = "csi-mount-volume" NamespaceCapabilityListScalingPolicies = "list-scaling-policies" NamespaceCapabilityReadScalingPolicy = "read-scaling-policy" NamespaceCapabilityReadJobScaling = "read-job-scaling" NamespaceCapabilityScaleJob = "scale-job" )
const ( HostVolumeCapabilityDeny = "deny" HostVolumeCapabilityMountReadOnly = "mount-readonly" HostVolumeCapabilityMountReadWrite = "mount-readwrite" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ACL ¶
type ACL struct {
// contains filtered or unexported fields
}
ACL object is used to convert a set of policies into a structure that can be efficiently evaluated to determine if an action is allowed.
var ManagementACL *ACL
ManagementACL is a singleton used for management tokens
func (*ACL) AllowAgentRead ¶
AllowAgentRead checks if read operations are allowed for an agent
func (*ACL) AllowAgentWrite ¶
AllowAgentWrite checks if write operations are allowed for an agent
func (*ACL) AllowHostVolume ¶ added in v0.10.0
AllowHostVolume checks if any operations are allowed for a HostVolume
func (*ACL) AllowHostVolumeOperation ¶ added in v0.10.0
AllowHostVolumeOperation checks if a given operation is allowed for a host volume
func (*ACL) AllowNamespace ¶
AllowNamespace checks if any operations are allowed for a namespace
func (*ACL) AllowNamespaceOperation ¶
AllowNamespaceOperation checks if a given operation is allowed for a namespace
func (*ACL) AllowNodeRead ¶
AllowNodeRead checks if read operations are allowed for a node
func (*ACL) AllowNodeWrite ¶
AllowNodeWrite checks if write operations are allowed for a node
func (*ACL) AllowOperatorRead ¶
AllowOperatorRead checks if read operations are allowed for a operator
func (*ACL) AllowOperatorWrite ¶
AllowOperatorWrite checks if write operations are allowed for a operator
func (*ACL) AllowPluginList ¶ added in v0.11.0
AllowPluginList checks if list operations are allowed for all plugins
func (*ACL) AllowPluginRead ¶ added in v0.11.0
AllowPluginRead checks if read operations are allowed for all plugins
func (*ACL) AllowQuotaRead ¶
AllowQuotaRead checks if read operations are allowed for all quotas
func (*ACL) AllowQuotaWrite ¶
AllowQuotaWrite checks if write operations are allowed for quotas
func (*ACL) IsManagement ¶
IsManagement checks if this represents a management token
type AgentPolicy ¶
type AgentPolicy struct {
Policy string
}
type HostVolumePolicy ¶ added in v0.10.0
HostVolumePolicy is the policy for a specific named host volume
type NamespacePolicy ¶
NamespacePolicy is the policy for a specific namespace
type NodePolicy ¶
type NodePolicy struct {
Policy string
}
type OperatorPolicy ¶
type OperatorPolicy struct {
Policy string
}
type PluginPolicy ¶ added in v0.11.0
type PluginPolicy struct {
Policy string
}
type Policy ¶
type Policy struct { Namespaces []*NamespacePolicy `hcl:"namespace,expand"` HostVolumes []*HostVolumePolicy `hcl:"host_volume,expand"` Agent *AgentPolicy `hcl:"agent"` Node *NodePolicy `hcl:"node"` Operator *OperatorPolicy `hcl:"operator"` Quota *QuotaPolicy `hcl:"quota"` Plugin *PluginPolicy `hcl:"plugin"` Raw string `hcl:"-"` }
Policy represents a parsed HCL or JSON policy.
type QuotaPolicy ¶
type QuotaPolicy struct {
Policy string
}