resources

package

v0.1.0 Latest Latest Go to latest Published: Nov 7, 2022 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nukleros/pod-security-webhook

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func EffectiveRunAsNonRoot(podSec *corev1.PodSecurityContext, containerSec *corev1.SecurityContext) bool
func EffectiveRunAsUser(podSec *corev1.PodSecurityContext, containerSec *corev1.SecurityContext) *int64
func GetAnnotation(resource client.Object, annotationKey string) string
func GetContainerNames(containers []corev1.Container) (names string)
func GetPodSpec(resource client.Object) (*corev1.PodSpec, error)
func GetSecurityContext(container corev1.Container) corev1.SecurityContext
func HasRequiredCapability(capabilities []corev1.Capability, oneOf ...string) bool
func SkipViaAnnotations(resource client.Object, overrideKey string) bool
func SkipViaOwnerReferences(resource client.Object) bool
func ToString(object client.Object) string

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrValidatingKind = errors.New("error validating kind")
)

Functions ¶

func EffectiveRunAsNonRoot ¶

func EffectiveRunAsNonRoot(podSec *corev1.PodSecurityContext, containerSec *corev1.SecurityContext) bool

EffectiveRunAsNonRoot determines if the container is effectively enforcing non-root containers.

func EffectiveRunAsUser ¶

func EffectiveRunAsUser(podSec *corev1.PodSecurityContext, containerSec *corev1.SecurityContext) *int64

EffectiveRunAsUser determines the effective run as user id.

func GetAnnotation ¶

func GetAnnotation(resource client.Object, annotationKey string) string

GetAnnotation gets an annotation from a resource in a manner that will not panic with a nil pointer dereference error.

func GetContainerNames ¶

func GetContainerNames(containers []corev1.Container) (names string)

GetContainerNames returns the container names for an array of containers.

func GetPodSpec ¶

func GetPodSpec(resource client.Object) (*corev1.PodSpec, error)

GetPodSpec returns the pod specification for a given set of objects. TODO: we can improve the massive case statement logic.

func GetSecurityContext ¶

func GetSecurityContext(container corev1.Container) corev1.SecurityContext

GetSecurityContext returns the security context for a container. TODO: pass container as pointer. this has implications when passing in a loop

as you need to avoid implicit memory aliasing in a loop to accomplish this.

func HasRequiredCapability ¶

func HasRequiredCapability(capabilities []corev1.Capability, oneOf ...string) bool

HasRequiredCapability returns true if a required capability is found.

func SkipViaAnnotations ¶

func SkipViaAnnotations(resource client.Object, overrideKey string) bool

SkipViaAnnotations determines if a resource needs to be skipped due to the annotations that it possesses.

func SkipViaOwnerReferences ¶

func SkipViaOwnerReferences(resource client.Object) bool

SkipViaOwnerReferences determines if a resource needs to be skipped due to the owner references that it possesses.

func ToString ¶

func ToString(object client.Object) string

ToString converts an object to a string which is useful while producing consistent logs. This is safe to return via an admission review object, as sometimes certain characters can cause the response to the kube-apiserver to fail.

Types ¶

This section is empty.

Source Files ¶

View all Source files

resources.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL