Documentation ¶
Index ¶
- Constants
- Variables
- func AddToScheme(scheme *runtime.Scheme)
- func DeepCopy_api_PodSecurityPolicyReview(in PodSecurityPolicyReview, out *PodSecurityPolicyReview, c *conversion.Cloner) error
- func DeepCopy_api_PodSecurityPolicyReviewSpec(in PodSecurityPolicyReviewSpec, out *PodSecurityPolicyReviewSpec, ...) error
- func DeepCopy_api_PodSecurityPolicyReviewStatus(in PodSecurityPolicyReviewStatus, out *PodSecurityPolicyReviewStatus, ...) error
- func DeepCopy_api_PodSecurityPolicySelfSubjectReview(in PodSecurityPolicySelfSubjectReview, out *PodSecurityPolicySelfSubjectReview, ...) error
- func DeepCopy_api_PodSecurityPolicySelfSubjectReviewSpec(in PodSecurityPolicySelfSubjectReviewSpec, ...) error
- func DeepCopy_api_PodSecurityPolicySubjectReview(in PodSecurityPolicySubjectReview, out *PodSecurityPolicySubjectReview, ...) error
- func DeepCopy_api_PodSecurityPolicySubjectReviewSpec(in PodSecurityPolicySubjectReviewSpec, out *PodSecurityPolicySubjectReviewSpec, ...) error
- func DeepCopy_api_PodSecurityPolicySubjectReviewStatus(in PodSecurityPolicySubjectReviewStatus, ...) error
- func DeepCopy_api_ServiceAccountPodSecurityPolicyReviewStatus(in ServiceAccountPodSecurityPolicyReviewStatus, ...) error
- func Kind(kind string) unversioned.GroupKind
- func Resource(resource string) unversioned.GroupResource
- type PodSecurityPolicyReview
- type PodSecurityPolicyReviewSpec
- type PodSecurityPolicyReviewStatus
- type PodSecurityPolicySelfSubjectReview
- type PodSecurityPolicySelfSubjectReviewSpec
- type PodSecurityPolicySubjectReview
- type PodSecurityPolicySubjectReviewSpec
- type PodSecurityPolicySubjectReviewStatus
- type ServiceAccountPodSecurityPolicyReviewStatus
Constants ¶
const GroupName = ""
Variables ¶
var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func AddToScheme ¶
func DeepCopy_api_PodSecurityPolicyReview ¶
func DeepCopy_api_PodSecurityPolicyReview(in PodSecurityPolicyReview, out *PodSecurityPolicyReview, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicyReviewSpec ¶
func DeepCopy_api_PodSecurityPolicyReviewSpec(in PodSecurityPolicyReviewSpec, out *PodSecurityPolicyReviewSpec, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicyReviewStatus ¶
func DeepCopy_api_PodSecurityPolicyReviewStatus(in PodSecurityPolicyReviewStatus, out *PodSecurityPolicyReviewStatus, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicySelfSubjectReview ¶
func DeepCopy_api_PodSecurityPolicySelfSubjectReview(in PodSecurityPolicySelfSubjectReview, out *PodSecurityPolicySelfSubjectReview, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicySelfSubjectReviewSpec ¶
func DeepCopy_api_PodSecurityPolicySelfSubjectReviewSpec(in PodSecurityPolicySelfSubjectReviewSpec, out *PodSecurityPolicySelfSubjectReviewSpec, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicySubjectReview ¶
func DeepCopy_api_PodSecurityPolicySubjectReview(in PodSecurityPolicySubjectReview, out *PodSecurityPolicySubjectReview, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicySubjectReviewSpec ¶
func DeepCopy_api_PodSecurityPolicySubjectReviewSpec(in PodSecurityPolicySubjectReviewSpec, out *PodSecurityPolicySubjectReviewSpec, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicySubjectReviewStatus ¶
func DeepCopy_api_PodSecurityPolicySubjectReviewStatus(in PodSecurityPolicySubjectReviewStatus, out *PodSecurityPolicySubjectReviewStatus, c *conversion.Cloner) error
func DeepCopy_api_ServiceAccountPodSecurityPolicyReviewStatus ¶
func DeepCopy_api_ServiceAccountPodSecurityPolicyReviewStatus(in ServiceAccountPodSecurityPolicyReviewStatus, out *ServiceAccountPodSecurityPolicyReviewStatus, c *conversion.Cloner) error
func Kind ¶
func Kind(kind string) unversioned.GroupKind
Kind takes an unqualified kind and returns back a Group qualified GroupKind
func Resource ¶
func Resource(resource string) unversioned.GroupResource
Resource takes an unqualified resource and returns back a Group qualified GroupResource
Types ¶
type PodSecurityPolicyReview ¶
type PodSecurityPolicyReview struct { unversioned.TypeMeta // Spec is the PodSecurityPolicy to check. Spec PodSecurityPolicyReviewSpec // Status represents the current information/status for the PodSecurityPolicyReview. Status PodSecurityPolicyReviewStatus }
PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodSpec` in question.
func (*PodSecurityPolicyReview) GetObjectKind ¶
func (obj *PodSecurityPolicyReview) GetObjectKind() unversioned.ObjectKind
type PodSecurityPolicyReviewSpec ¶
type PodSecurityPolicyReviewSpec struct { // PodSpec is the PodSpec to check. The PodSpec.ServiceAccountName field is used // if ServiceAccountNames is empty, unless the PodSpec.ServiceAccountName is empty, // in which case "default" is used. // If ServiceAccountNames is specified, PodSpec.ServiceAccountName is ignored. PodSpec kapi.PodSpec // ServiceAccountNames is an optional set of ServiceAccounts to run the check with. // If ServiceAccountNames is empty, the PodSpec ServiceAccountName is used, // unless it's empty, in which case "default" is used instead. // If ServiceAccountNames is specified, PodSpec ServiceAccountName is ignored. ServiceAccountNames []string // TODO: find a way to express 'all service accounts' }
PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview
type PodSecurityPolicyReviewStatus ¶
type PodSecurityPolicyReviewStatus struct { // AllowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodSpec. AllowedServiceAccounts []ServiceAccountPodSecurityPolicyReviewStatus }
PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview.
type PodSecurityPolicySelfSubjectReview ¶
type PodSecurityPolicySelfSubjectReview struct { unversioned.TypeMeta // Spec defines specification the PodSecurityPolicySelfSubjectReview. Spec PodSecurityPolicySelfSubjectReviewSpec // Status represents the current information/status for the PodSecurityPolicySelfSubjectReview. Status PodSecurityPolicySubjectReviewStatus }
PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodSpec.
func (*PodSecurityPolicySelfSubjectReview) GetObjectKind ¶
func (obj *PodSecurityPolicySelfSubjectReview) GetObjectKind() unversioned.ObjectKind
type PodSecurityPolicySelfSubjectReviewSpec ¶
type PodSecurityPolicySelfSubjectReviewSpec struct { // PodSpec is the PodSpec to check. PodSpec kapi.PodSpec }
PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview.
type PodSecurityPolicySubjectReview ¶
type PodSecurityPolicySubjectReview struct { unversioned.TypeMeta // Spec defines specification for the PodSecurityPolicySubjectReview. Spec PodSecurityPolicySubjectReviewSpec // Status represents the current information/status for the PodSecurityPolicySubjectReview. Status PodSecurityPolicySubjectReviewStatus }
PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodSpec.
func (*PodSecurityPolicySubjectReview) GetObjectKind ¶
func (obj *PodSecurityPolicySubjectReview) GetObjectKind() unversioned.ObjectKind
type PodSecurityPolicySubjectReviewSpec ¶
type PodSecurityPolicySubjectReviewSpec struct { // PodSpec is the PodSpec to check. If PodSpec.ServiceAccountName is empty it will not be defaulted. // If its non-empty, it will be checked. PodSpec kapi.PodSpec // User is the user you're testing for. // If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups. // If User and Groups are empty, then the check is performed using *only* the ServiceAccountName in the PodSpec. User string // Groups is the groups you're testing for. Groups []string }
PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview
type PodSecurityPolicySubjectReviewStatus ¶
type PodSecurityPolicySubjectReviewStatus struct { // AllowedBy is a reference to the rule that allows the PodSpec. // A rule can be a SecurityContextConstraint or a PodSecurityPolicy // A `nil`, indicates that it was denied. AllowedBy *kapi.ObjectReference // A machine-readable description of why this operation is in the // "Failure" status. If this value is empty there // is no information available. Reason string // PodSpec is the PodSpec after the defaulting is applied. PodSpec kapi.PodSpec }
PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.
type ServiceAccountPodSecurityPolicyReviewStatus ¶
type ServiceAccountPodSecurityPolicyReviewStatus struct { PodSecurityPolicySubjectReviewStatus // Name contains the allowed and the denied ServiceAccount name Name string }
ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status