v1

package
v0.0.0-...-c98acdb Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 21, 2024 License: Apache-2.0 Imports: 11 Imported by: 883

Documentation

Overview

+groupName=security.openshift.io Package v1 is the v1 version of the API.

Index

Constants

View Source
const (
	UIDRangeAnnotation = "openshift.io/sa.scc.uid-range"
	// SupplementalGroupsAnnotation contains a comma delimited list of allocated supplemental groups
	// for the namespace.  Groups are in the form of a Block which supports {start}/{length} or {start}-{end}
	SupplementalGroupsAnnotation = "openshift.io/sa.scc.supplemental-groups"
	MCSAnnotation                = "openshift.io/sa.scc.mcs"
	ValidatedSCCAnnotation       = "openshift.io/scc"
	// This annotation pins required SCCs for core OpenShift workloads to prevent preemption of custom SCCs.
	// It is being used in the SCC admission plugin.
	RequiredSCCAnnotation = "openshift.io/required-scc"

	// MinimallySufficientPodSecurityStandard indicates the PodSecurityStandard that matched the SCCs available to the users of the namespace.
	MinimallySufficientPodSecurityStandard = "security.openshift.io/MinimallySufficientPodSecurityStandard"
)
View Source
const (
	// NamespaceLevelAllowHost allows a pod to set `hostUsers` field to either `true` or `false`
	NamespaceLevelAllowHost NamespaceLevelType = "AllowHostLevel"
	// NamespaceLevelRequirePod requires the `hostUsers` field be `false` in a pod.
	NamespaceLevelRequirePod NamespaceLevelType = "RequirePodLevel"

	// container must have SELinux labels of X applied.
	SELinuxStrategyMustRunAs SELinuxContextStrategyType = "MustRunAs"
	// container may make requests for any SELinux context labels.
	SELinuxStrategyRunAsAny SELinuxContextStrategyType = "RunAsAny"

	// container must run as a particular uid.
	RunAsUserStrategyMustRunAs RunAsUserStrategyType = "MustRunAs"
	// container must run as a particular uid.
	RunAsUserStrategyMustRunAsRange RunAsUserStrategyType = "MustRunAsRange"
	// container must run as a non-root uid
	RunAsUserStrategyMustRunAsNonRoot RunAsUserStrategyType = "MustRunAsNonRoot"
	// container may make requests for any uid.
	RunAsUserStrategyRunAsAny RunAsUserStrategyType = "RunAsAny"

	// container must have FSGroup of X applied.
	FSGroupStrategyMustRunAs FSGroupStrategyType = "MustRunAs"
	// container may make requests for any FSGroup labels.
	FSGroupStrategyRunAsAny FSGroupStrategyType = "RunAsAny"

	// container must run as a particular gid.
	SupplementalGroupsStrategyMustRunAs SupplementalGroupsStrategyType = "MustRunAs"
	// container may make requests for any gid.
	SupplementalGroupsStrategyRunAsAny SupplementalGroupsStrategyType = "RunAsAny"
)

Variables

View Source
var (
	ErrInvalidLengthGenerated        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowGenerated          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group")
)
View Source
var (
	GroupName    = "security.openshift.io"
	GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}

	// Install is a function which adds this version to a scheme
	Install = schemeBuilder.AddToScheme

	// SchemeGroupVersion generated code relies on this name
	// Deprecated
	SchemeGroupVersion = GroupVersion
	// AddToScheme exists solely to keep the old generators creating valid code
	// DEPRECATED
	AddToScheme = schemeBuilder.AddToScheme
)
View Source
var AllowAllCapabilities corev1.Capability = "*"

AllowAllCapabilities can be used as a value for the SecurityContextConstraints.AllowAllCapabilities field and means that any capabilities are allowed to be requested.

View Source
var (
	DeprecatedInstallWithoutGroup = legacySchemeBuilder.AddToScheme
)

Functions

func Resource

func Resource(resource string) schema.GroupResource

Resource generated code relies on this being here, but it logically belongs to the group DEPRECATED

Types

type AllowedFlexVolume

type AllowedFlexVolume struct {
	// Driver is the name of the Flexvolume driver.
	Driver string `json:"driver" protobuf:"bytes,1,opt,name=driver"`
}

AllowedFlexVolume represents a single Flexvolume that is allowed to be used.

func (*AllowedFlexVolume) DeepCopy

func (in *AllowedFlexVolume) DeepCopy() *AllowedFlexVolume

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedFlexVolume.

func (*AllowedFlexVolume) DeepCopyInto

func (in *AllowedFlexVolume) DeepCopyInto(out *AllowedFlexVolume)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AllowedFlexVolume) Descriptor

func (*AllowedFlexVolume) Descriptor() ([]byte, []int)

func (*AllowedFlexVolume) Marshal

func (m *AllowedFlexVolume) Marshal() (dAtA []byte, err error)

func (*AllowedFlexVolume) MarshalTo

func (m *AllowedFlexVolume) MarshalTo(dAtA []byte) (int, error)

func (*AllowedFlexVolume) MarshalToSizedBuffer

func (m *AllowedFlexVolume) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AllowedFlexVolume) ProtoMessage

func (*AllowedFlexVolume) ProtoMessage()

func (*AllowedFlexVolume) Reset

func (m *AllowedFlexVolume) Reset()

func (*AllowedFlexVolume) Size

func (m *AllowedFlexVolume) Size() (n int)

func (*AllowedFlexVolume) String

func (this *AllowedFlexVolume) String() string

func (AllowedFlexVolume) SwaggerDoc

func (AllowedFlexVolume) SwaggerDoc() map[string]string

func (*AllowedFlexVolume) Unmarshal

func (m *AllowedFlexVolume) Unmarshal(dAtA []byte) error

func (*AllowedFlexVolume) XXX_DiscardUnknown

func (m *AllowedFlexVolume) XXX_DiscardUnknown()

func (*AllowedFlexVolume) XXX_Marshal

func (m *AllowedFlexVolume) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AllowedFlexVolume) XXX_Merge

func (m *AllowedFlexVolume) XXX_Merge(src proto.Message)

func (*AllowedFlexVolume) XXX_Size

func (m *AllowedFlexVolume) XXX_Size() int

func (*AllowedFlexVolume) XXX_Unmarshal

func (m *AllowedFlexVolume) XXX_Unmarshal(b []byte) error

type FSGroupStrategyOptions

type FSGroupStrategyOptions struct {
	// Type is the strategy that will dictate what FSGroup is used in the SecurityContext.
	Type FSGroupStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=FSGroupStrategyType"`
	// Ranges are the allowed ranges of fs groups.  If you would like to force a single
	// fs group then supply a single range with the same start and end.
	// +listType=atomic
	Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}

FSGroupStrategyOptions defines the strategy type and options used to create the strategy.

func (*FSGroupStrategyOptions) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FSGroupStrategyOptions.

func (*FSGroupStrategyOptions) DeepCopyInto

func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*FSGroupStrategyOptions) Descriptor

func (*FSGroupStrategyOptions) Descriptor() ([]byte, []int)

func (*FSGroupStrategyOptions) Marshal

func (m *FSGroupStrategyOptions) Marshal() (dAtA []byte, err error)

func (*FSGroupStrategyOptions) MarshalTo

func (m *FSGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*FSGroupStrategyOptions) MarshalToSizedBuffer

func (m *FSGroupStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*FSGroupStrategyOptions) ProtoMessage

func (*FSGroupStrategyOptions) ProtoMessage()

func (*FSGroupStrategyOptions) Reset

func (m *FSGroupStrategyOptions) Reset()

func (*FSGroupStrategyOptions) Size

func (m *FSGroupStrategyOptions) Size() (n int)

func (*FSGroupStrategyOptions) String

func (this *FSGroupStrategyOptions) String() string

func (FSGroupStrategyOptions) SwaggerDoc

func (FSGroupStrategyOptions) SwaggerDoc() map[string]string

func (*FSGroupStrategyOptions) Unmarshal

func (m *FSGroupStrategyOptions) Unmarshal(dAtA []byte) error

func (*FSGroupStrategyOptions) XXX_DiscardUnknown

func (m *FSGroupStrategyOptions) XXX_DiscardUnknown()

func (*FSGroupStrategyOptions) XXX_Marshal

func (m *FSGroupStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*FSGroupStrategyOptions) XXX_Merge

func (m *FSGroupStrategyOptions) XXX_Merge(src proto.Message)

func (*FSGroupStrategyOptions) XXX_Size

func (m *FSGroupStrategyOptions) XXX_Size() int

func (*FSGroupStrategyOptions) XXX_Unmarshal

func (m *FSGroupStrategyOptions) XXX_Unmarshal(b []byte) error

type FSGroupStrategyType

type FSGroupStrategyType string

FSGroupStrategyType denotes strategy types for generating FSGroup values for a SecurityContext

type FSType

type FSType string

FS Type gives strong typing to different file systems that are used by volumes.

var (
	FSTypeAzureFile             FSType = "azureFile"
	FSTypeAzureDisk             FSType = "azureDisk"
	FSTypeFlocker               FSType = "flocker"
	FSTypeFlexVolume            FSType = "flexVolume"
	FSTypeHostPath              FSType = "hostPath"
	FSTypeEmptyDir              FSType = "emptyDir"
	FSTypeGCEPersistentDisk     FSType = "gcePersistentDisk"
	FSTypeAWSElasticBlockStore  FSType = "awsElasticBlockStore"
	FSTypeGitRepo               FSType = "gitRepo"
	FSTypeSecret                FSType = "secret"
	FSTypeNFS                   FSType = "nfs"
	FSTypeISCSI                 FSType = "iscsi"
	FSTypeGlusterfs             FSType = "glusterfs"
	FSTypePersistentVolumeClaim FSType = "persistentVolumeClaim"
	FSTypeRBD                   FSType = "rbd"
	FSTypeCinder                FSType = "cinder"
	FSTypeCephFS                FSType = "cephFS"
	FSTypeDownwardAPI           FSType = "downwardAPI"
	FSTypeFC                    FSType = "fc"
	FSTypeConfigMap             FSType = "configMap"
	FSTypeVsphereVolume         FSType = "vsphere"
	FSTypeQuobyte               FSType = "quobyte"
	FSTypePhotonPersistentDisk  FSType = "photonPersistentDisk"
	FSProjected                 FSType = "projected"
	FSPortworxVolume            FSType = "portworxVolume"
	FSScaleIO                   FSType = "scaleIO"
	FSStorageOS                 FSType = "storageOS"
	FSTypeCSI                   FSType = "csi"
	FSTypeEphemeral             FSType = "ephemeral"
	FSTypeImage                 FSType = "image"
	FSTypeAll                   FSType = "*"
	FSTypeNone                  FSType = "none"
)

type IDRange

type IDRange struct {
	// Min is the start of the range, inclusive.
	Min int64 `json:"min,omitempty" protobuf:"varint,1,opt,name=min"`
	// Max is the end of the range, inclusive.
	Max int64 `json:"max,omitempty" protobuf:"varint,2,opt,name=max"`
}

IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.

func (*IDRange) DeepCopy

func (in *IDRange) DeepCopy() *IDRange

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDRange.

func (*IDRange) DeepCopyInto

func (in *IDRange) DeepCopyInto(out *IDRange)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*IDRange) Descriptor

func (*IDRange) Descriptor() ([]byte, []int)

func (*IDRange) Marshal

func (m *IDRange) Marshal() (dAtA []byte, err error)

func (*IDRange) MarshalTo

func (m *IDRange) MarshalTo(dAtA []byte) (int, error)

func (*IDRange) MarshalToSizedBuffer

func (m *IDRange) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IDRange) ProtoMessage

func (*IDRange) ProtoMessage()

func (*IDRange) Reset

func (m *IDRange) Reset()

func (*IDRange) Size

func (m *IDRange) Size() (n int)

func (*IDRange) String

func (this *IDRange) String() string

func (IDRange) SwaggerDoc

func (IDRange) SwaggerDoc() map[string]string

func (*IDRange) Unmarshal

func (m *IDRange) Unmarshal(dAtA []byte) error

func (*IDRange) XXX_DiscardUnknown

func (m *IDRange) XXX_DiscardUnknown()

func (*IDRange) XXX_Marshal

func (m *IDRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IDRange) XXX_Merge

func (m *IDRange) XXX_Merge(src proto.Message)

func (*IDRange) XXX_Size

func (m *IDRange) XXX_Size() int

func (*IDRange) XXX_Unmarshal

func (m *IDRange) XXX_Unmarshal(b []byte) error

type NamespaceLevelType

type NamespaceLevelType string

NamespaceLevelType shows the allowable values for the UserNamespaceLevel field.

type PodSecurityPolicyReview

type PodSecurityPolicyReview struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is the standard object's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,3,opt,name=metadata"`

	// spec is the PodSecurityPolicy to check.
	Spec PodSecurityPolicyReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"`

	// status represents the current information/status for the PodSecurityPolicyReview.
	Status PodSecurityPolicyReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"`
}

PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.

Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +openshift:compatibility-gen:level=2

func (*PodSecurityPolicyReview) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyReview.

func (*PodSecurityPolicyReview) DeepCopyInto

func (in *PodSecurityPolicyReview) DeepCopyInto(out *PodSecurityPolicyReview)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicyReview) DeepCopyObject

func (in *PodSecurityPolicyReview) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PodSecurityPolicyReview) Descriptor

func (*PodSecurityPolicyReview) Descriptor() ([]byte, []int)

func (*PodSecurityPolicyReview) Marshal

func (m *PodSecurityPolicyReview) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicyReview) MarshalTo

func (m *PodSecurityPolicyReview) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicyReview) MarshalToSizedBuffer

func (m *PodSecurityPolicyReview) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodSecurityPolicyReview) ProtoMessage

func (*PodSecurityPolicyReview) ProtoMessage()

func (*PodSecurityPolicyReview) Reset

func (m *PodSecurityPolicyReview) Reset()

func (*PodSecurityPolicyReview) Size

func (m *PodSecurityPolicyReview) Size() (n int)

func (*PodSecurityPolicyReview) String

func (this *PodSecurityPolicyReview) String() string

func (PodSecurityPolicyReview) SwaggerDoc

func (PodSecurityPolicyReview) SwaggerDoc() map[string]string

func (*PodSecurityPolicyReview) Unmarshal

func (m *PodSecurityPolicyReview) Unmarshal(dAtA []byte) error

func (*PodSecurityPolicyReview) XXX_DiscardUnknown

func (m *PodSecurityPolicyReview) XXX_DiscardUnknown()

func (*PodSecurityPolicyReview) XXX_Marshal

func (m *PodSecurityPolicyReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodSecurityPolicyReview) XXX_Merge

func (m *PodSecurityPolicyReview) XXX_Merge(src proto.Message)

func (*PodSecurityPolicyReview) XXX_Size

func (m *PodSecurityPolicyReview) XXX_Size() int

func (*PodSecurityPolicyReview) XXX_Unmarshal

func (m *PodSecurityPolicyReview) XXX_Unmarshal(b []byte) error

type PodSecurityPolicyReviewSpec

type PodSecurityPolicyReviewSpec struct {
	// template is the PodTemplateSpec to check. The template.spec.serviceAccountName field is used
	// if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty,
	// in which case "default" is used.
	// If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.
	Template corev1.PodTemplateSpec `json:"template" protobuf:"bytes,1,opt,name=template"`

	// serviceAccountNames is an optional set of ServiceAccounts to run the check with.
	// If serviceAccountNames is empty, the template.spec.serviceAccountName is used,
	// unless it's empty, in which case "default" is used instead.
	// If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.
	ServiceAccountNames []string `json:"serviceAccountNames,omitempty" protobuf:"bytes,2,rep,name=serviceAccountNames"` // TODO: find a way to express 'all service accounts'
}

PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview

func (*PodSecurityPolicyReviewSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyReviewSpec.

func (*PodSecurityPolicyReviewSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicyReviewSpec) Descriptor

func (*PodSecurityPolicyReviewSpec) Descriptor() ([]byte, []int)

func (*PodSecurityPolicyReviewSpec) Marshal

func (m *PodSecurityPolicyReviewSpec) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicyReviewSpec) MarshalTo

func (m *PodSecurityPolicyReviewSpec) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicyReviewSpec) MarshalToSizedBuffer

func (m *PodSecurityPolicyReviewSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodSecurityPolicyReviewSpec) ProtoMessage

func (*PodSecurityPolicyReviewSpec) ProtoMessage()

func (*PodSecurityPolicyReviewSpec) Reset

func (m *PodSecurityPolicyReviewSpec) Reset()

func (*PodSecurityPolicyReviewSpec) Size

func (m *PodSecurityPolicyReviewSpec) Size() (n int)

func (*PodSecurityPolicyReviewSpec) String

func (this *PodSecurityPolicyReviewSpec) String() string

func (PodSecurityPolicyReviewSpec) SwaggerDoc

func (PodSecurityPolicyReviewSpec) SwaggerDoc() map[string]string

func (*PodSecurityPolicyReviewSpec) Unmarshal

func (m *PodSecurityPolicyReviewSpec) Unmarshal(dAtA []byte) error

func (*PodSecurityPolicyReviewSpec) XXX_DiscardUnknown

func (m *PodSecurityPolicyReviewSpec) XXX_DiscardUnknown()

func (*PodSecurityPolicyReviewSpec) XXX_Marshal

func (m *PodSecurityPolicyReviewSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodSecurityPolicyReviewSpec) XXX_Merge

func (m *PodSecurityPolicyReviewSpec) XXX_Merge(src proto.Message)

func (*PodSecurityPolicyReviewSpec) XXX_Size

func (m *PodSecurityPolicyReviewSpec) XXX_Size() int

func (*PodSecurityPolicyReviewSpec) XXX_Unmarshal

func (m *PodSecurityPolicyReviewSpec) XXX_Unmarshal(b []byte) error

type PodSecurityPolicyReviewStatus

type PodSecurityPolicyReviewStatus struct {
	// allowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodTemplateSpec.
	AllowedServiceAccounts []ServiceAccountPodSecurityPolicyReviewStatus `json:"allowedServiceAccounts" protobuf:"bytes,1,rep,name=allowedServiceAccounts"`
}

PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview.

func (*PodSecurityPolicyReviewStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyReviewStatus.

func (*PodSecurityPolicyReviewStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicyReviewStatus) Descriptor

func (*PodSecurityPolicyReviewStatus) Descriptor() ([]byte, []int)

func (*PodSecurityPolicyReviewStatus) Marshal

func (m *PodSecurityPolicyReviewStatus) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicyReviewStatus) MarshalTo

func (m *PodSecurityPolicyReviewStatus) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicyReviewStatus) MarshalToSizedBuffer

func (m *PodSecurityPolicyReviewStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodSecurityPolicyReviewStatus) ProtoMessage

func (*PodSecurityPolicyReviewStatus) ProtoMessage()

func (*PodSecurityPolicyReviewStatus) Reset

func (m *PodSecurityPolicyReviewStatus) Reset()

func (*PodSecurityPolicyReviewStatus) Size

func (m *PodSecurityPolicyReviewStatus) Size() (n int)

func (*PodSecurityPolicyReviewStatus) String

func (this *PodSecurityPolicyReviewStatus) String() string

func (PodSecurityPolicyReviewStatus) SwaggerDoc

func (PodSecurityPolicyReviewStatus) SwaggerDoc() map[string]string

func (*PodSecurityPolicyReviewStatus) Unmarshal

func (m *PodSecurityPolicyReviewStatus) Unmarshal(dAtA []byte) error

func (*PodSecurityPolicyReviewStatus) XXX_DiscardUnknown

func (m *PodSecurityPolicyReviewStatus) XXX_DiscardUnknown()

func (*PodSecurityPolicyReviewStatus) XXX_Marshal

func (m *PodSecurityPolicyReviewStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodSecurityPolicyReviewStatus) XXX_Merge

func (m *PodSecurityPolicyReviewStatus) XXX_Merge(src proto.Message)

func (*PodSecurityPolicyReviewStatus) XXX_Size

func (m *PodSecurityPolicyReviewStatus) XXX_Size() int

func (*PodSecurityPolicyReviewStatus) XXX_Unmarshal

func (m *PodSecurityPolicyReviewStatus) XXX_Unmarshal(b []byte) error

type PodSecurityPolicySelfSubjectReview

type PodSecurityPolicySelfSubjectReview struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is the standard object's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,3,opt,name=metadata"`

	// spec defines specification the PodSecurityPolicySelfSubjectReview.
	Spec PodSecurityPolicySelfSubjectReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"`

	// status represents the current information/status for the PodSecurityPolicySelfSubjectReview.
	Status PodSecurityPolicySubjectReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"`
}

PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec

Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +openshift:compatibility-gen:level=2

func (*PodSecurityPolicySelfSubjectReview) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySelfSubjectReview.

func (*PodSecurityPolicySelfSubjectReview) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicySelfSubjectReview) DeepCopyObject

func (in *PodSecurityPolicySelfSubjectReview) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PodSecurityPolicySelfSubjectReview) Descriptor

func (*PodSecurityPolicySelfSubjectReview) Descriptor() ([]byte, []int)

func (*PodSecurityPolicySelfSubjectReview) Marshal

func (m *PodSecurityPolicySelfSubjectReview) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicySelfSubjectReview) MarshalTo

func (m *PodSecurityPolicySelfSubjectReview) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicySelfSubjectReview) MarshalToSizedBuffer

func (m *PodSecurityPolicySelfSubjectReview) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodSecurityPolicySelfSubjectReview) ProtoMessage

func (*PodSecurityPolicySelfSubjectReview) ProtoMessage()

func (*PodSecurityPolicySelfSubjectReview) Reset

func (*PodSecurityPolicySelfSubjectReview) Size

func (*PodSecurityPolicySelfSubjectReview) String

func (PodSecurityPolicySelfSubjectReview) SwaggerDoc

func (*PodSecurityPolicySelfSubjectReview) Unmarshal

func (m *PodSecurityPolicySelfSubjectReview) Unmarshal(dAtA []byte) error

func (*PodSecurityPolicySelfSubjectReview) XXX_DiscardUnknown

func (m *PodSecurityPolicySelfSubjectReview) XXX_DiscardUnknown()

func (*PodSecurityPolicySelfSubjectReview) XXX_Marshal

func (m *PodSecurityPolicySelfSubjectReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodSecurityPolicySelfSubjectReview) XXX_Merge

func (*PodSecurityPolicySelfSubjectReview) XXX_Size

func (*PodSecurityPolicySelfSubjectReview) XXX_Unmarshal

func (m *PodSecurityPolicySelfSubjectReview) XXX_Unmarshal(b []byte) error

type PodSecurityPolicySelfSubjectReviewSpec

type PodSecurityPolicySelfSubjectReviewSpec struct {
	// template is the PodTemplateSpec to check.
	Template corev1.PodTemplateSpec `json:"template" protobuf:"bytes,1,opt,name=template"`
}

PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview.

func (*PodSecurityPolicySelfSubjectReviewSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySelfSubjectReviewSpec.

func (*PodSecurityPolicySelfSubjectReviewSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicySelfSubjectReviewSpec) Descriptor

func (*PodSecurityPolicySelfSubjectReviewSpec) Descriptor() ([]byte, []int)

func (*PodSecurityPolicySelfSubjectReviewSpec) Marshal

func (m *PodSecurityPolicySelfSubjectReviewSpec) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicySelfSubjectReviewSpec) MarshalTo

func (m *PodSecurityPolicySelfSubjectReviewSpec) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicySelfSubjectReviewSpec) MarshalToSizedBuffer

func (m *PodSecurityPolicySelfSubjectReviewSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodSecurityPolicySelfSubjectReviewSpec) ProtoMessage

func (*PodSecurityPolicySelfSubjectReviewSpec) Reset

func (*PodSecurityPolicySelfSubjectReviewSpec) Size

func (*PodSecurityPolicySelfSubjectReviewSpec) String

func (PodSecurityPolicySelfSubjectReviewSpec) SwaggerDoc

func (*PodSecurityPolicySelfSubjectReviewSpec) Unmarshal

func (m *PodSecurityPolicySelfSubjectReviewSpec) Unmarshal(dAtA []byte) error

func (*PodSecurityPolicySelfSubjectReviewSpec) XXX_DiscardUnknown

func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_DiscardUnknown()

func (*PodSecurityPolicySelfSubjectReviewSpec) XXX_Marshal

func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodSecurityPolicySelfSubjectReviewSpec) XXX_Merge

func (*PodSecurityPolicySelfSubjectReviewSpec) XXX_Size

func (*PodSecurityPolicySelfSubjectReviewSpec) XXX_Unmarshal

func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_Unmarshal(b []byte) error

type PodSecurityPolicySubjectReview

type PodSecurityPolicySubjectReview struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is the standard object's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,3,opt,name=metadata"`

	// spec defines specification for the PodSecurityPolicySubjectReview.
	Spec PodSecurityPolicySubjectReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"`

	// status represents the current information/status for the PodSecurityPolicySubjectReview.
	Status PodSecurityPolicySubjectReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"`
}

PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.

Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +openshift:compatibility-gen:level=2

func (*PodSecurityPolicySubjectReview) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySubjectReview.

func (*PodSecurityPolicySubjectReview) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicySubjectReview) DeepCopyObject

func (in *PodSecurityPolicySubjectReview) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PodSecurityPolicySubjectReview) Descriptor

func (*PodSecurityPolicySubjectReview) Descriptor() ([]byte, []int)

func (*PodSecurityPolicySubjectReview) Marshal

func (m *PodSecurityPolicySubjectReview) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicySubjectReview) MarshalTo

func (m *PodSecurityPolicySubjectReview) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicySubjectReview) MarshalToSizedBuffer

func (m *PodSecurityPolicySubjectReview) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodSecurityPolicySubjectReview) ProtoMessage

func (*PodSecurityPolicySubjectReview) ProtoMessage()

func (*PodSecurityPolicySubjectReview) Reset

func (m *PodSecurityPolicySubjectReview) Reset()

func (*PodSecurityPolicySubjectReview) Size

func (m *PodSecurityPolicySubjectReview) Size() (n int)

func (*PodSecurityPolicySubjectReview) String

func (this *PodSecurityPolicySubjectReview) String() string

func (PodSecurityPolicySubjectReview) SwaggerDoc

func (PodSecurityPolicySubjectReview) SwaggerDoc() map[string]string

func (*PodSecurityPolicySubjectReview) Unmarshal

func (m *PodSecurityPolicySubjectReview) Unmarshal(dAtA []byte) error

func (*PodSecurityPolicySubjectReview) XXX_DiscardUnknown

func (m *PodSecurityPolicySubjectReview) XXX_DiscardUnknown()

func (*PodSecurityPolicySubjectReview) XXX_Marshal

func (m *PodSecurityPolicySubjectReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodSecurityPolicySubjectReview) XXX_Merge

func (m *PodSecurityPolicySubjectReview) XXX_Merge(src proto.Message)

func (*PodSecurityPolicySubjectReview) XXX_Size

func (m *PodSecurityPolicySubjectReview) XXX_Size() int

func (*PodSecurityPolicySubjectReview) XXX_Unmarshal

func (m *PodSecurityPolicySubjectReview) XXX_Unmarshal(b []byte) error

type PodSecurityPolicySubjectReviewSpec

type PodSecurityPolicySubjectReviewSpec struct {
	// template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted.
	// If its non-empty, it will be checked.
	Template corev1.PodTemplateSpec `json:"template" protobuf:"bytes,1,opt,name=template"`

	// user is the user you're testing for.
	// If you specify "user" but not "group", then is it interpreted as "What if user were not a member of any groups.
	// If user and groups are empty, then the check is performed using *only* the serviceAccountName in the template.
	User string `json:"user,omitempty" protobuf:"bytes,2,opt,name=user"`

	// groups is the groups you're testing for.
	Groups []string `json:"groups,omitempty" protobuf:"bytes,3,rep,name=groups"`
}

PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview

func (*PodSecurityPolicySubjectReviewSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySubjectReviewSpec.

func (*PodSecurityPolicySubjectReviewSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicySubjectReviewSpec) Descriptor

func (*PodSecurityPolicySubjectReviewSpec) Descriptor() ([]byte, []int)

func (*PodSecurityPolicySubjectReviewSpec) Marshal

func (m *PodSecurityPolicySubjectReviewSpec) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicySubjectReviewSpec) MarshalTo

func (m *PodSecurityPolicySubjectReviewSpec) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicySubjectReviewSpec) MarshalToSizedBuffer

func (m *PodSecurityPolicySubjectReviewSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodSecurityPolicySubjectReviewSpec) ProtoMessage

func (*PodSecurityPolicySubjectReviewSpec) ProtoMessage()

func (*PodSecurityPolicySubjectReviewSpec) Reset

func (*PodSecurityPolicySubjectReviewSpec) Size

func (*PodSecurityPolicySubjectReviewSpec) String

func (PodSecurityPolicySubjectReviewSpec) SwaggerDoc

func (*PodSecurityPolicySubjectReviewSpec) Unmarshal

func (m *PodSecurityPolicySubjectReviewSpec) Unmarshal(dAtA []byte) error

func (*PodSecurityPolicySubjectReviewSpec) XXX_DiscardUnknown

func (m *PodSecurityPolicySubjectReviewSpec) XXX_DiscardUnknown()

func (*PodSecurityPolicySubjectReviewSpec) XXX_Marshal

func (m *PodSecurityPolicySubjectReviewSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodSecurityPolicySubjectReviewSpec) XXX_Merge

func (*PodSecurityPolicySubjectReviewSpec) XXX_Size

func (*PodSecurityPolicySubjectReviewSpec) XXX_Unmarshal

func (m *PodSecurityPolicySubjectReviewSpec) XXX_Unmarshal(b []byte) error

type PodSecurityPolicySubjectReviewStatus

type PodSecurityPolicySubjectReviewStatus struct {
	// allowedBy is a reference to the rule that allows the PodTemplateSpec.
	// A rule can be a SecurityContextConstraint or a PodSecurityPolicy
	// A `nil`, indicates that it was denied.
	AllowedBy *corev1.ObjectReference `json:"allowedBy,omitempty" protobuf:"bytes,1,opt,name=allowedBy"`

	// A machine-readable description of why this operation is in the
	// "Failure" status. If this value is empty there
	// is no information available.
	Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"`

	// template is the PodTemplateSpec after the defaulting is applied.
	Template corev1.PodTemplateSpec `json:"template,omitempty" protobuf:"bytes,3,opt,name=template"`
}

PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.

func (*PodSecurityPolicySubjectReviewStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySubjectReviewStatus.

func (*PodSecurityPolicySubjectReviewStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicySubjectReviewStatus) Descriptor

func (*PodSecurityPolicySubjectReviewStatus) Descriptor() ([]byte, []int)

func (*PodSecurityPolicySubjectReviewStatus) Marshal

func (m *PodSecurityPolicySubjectReviewStatus) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicySubjectReviewStatus) MarshalTo

func (m *PodSecurityPolicySubjectReviewStatus) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicySubjectReviewStatus) MarshalToSizedBuffer

func (m *PodSecurityPolicySubjectReviewStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodSecurityPolicySubjectReviewStatus) ProtoMessage

func (*PodSecurityPolicySubjectReviewStatus) ProtoMessage()

func (*PodSecurityPolicySubjectReviewStatus) Reset

func (*PodSecurityPolicySubjectReviewStatus) Size

func (*PodSecurityPolicySubjectReviewStatus) String

func (PodSecurityPolicySubjectReviewStatus) SwaggerDoc

func (*PodSecurityPolicySubjectReviewStatus) Unmarshal

func (m *PodSecurityPolicySubjectReviewStatus) Unmarshal(dAtA []byte) error

func (*PodSecurityPolicySubjectReviewStatus) XXX_DiscardUnknown

func (m *PodSecurityPolicySubjectReviewStatus) XXX_DiscardUnknown()

func (*PodSecurityPolicySubjectReviewStatus) XXX_Marshal

func (m *PodSecurityPolicySubjectReviewStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodSecurityPolicySubjectReviewStatus) XXX_Merge

func (*PodSecurityPolicySubjectReviewStatus) XXX_Size

func (*PodSecurityPolicySubjectReviewStatus) XXX_Unmarshal

func (m *PodSecurityPolicySubjectReviewStatus) XXX_Unmarshal(b []byte) error

type RangeAllocation

type RangeAllocation struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is the standard object's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

	// range is a string representing a unique label for a range of uids, "1000000000-2000000000/10000".
	Range string `json:"range" protobuf:"bytes,2,opt,name=range"`

	// data is a byte array representing the serialized state of a range allocation.  It is a bitmap
	// with each bit set to one to represent a range is taken.
	Data []byte `json:"data" protobuf:"bytes,3,opt,name=data"`
}

RangeAllocation is used so we can easily expose a RangeAllocation typed for security group

Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +openshift:compatibility-gen:level=4

func (*RangeAllocation) DeepCopy

func (in *RangeAllocation) DeepCopy() *RangeAllocation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RangeAllocation.

func (*RangeAllocation) DeepCopyInto

func (in *RangeAllocation) DeepCopyInto(out *RangeAllocation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RangeAllocation) DeepCopyObject

func (in *RangeAllocation) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RangeAllocation) Descriptor

func (*RangeAllocation) Descriptor() ([]byte, []int)

func (*RangeAllocation) Marshal

func (m *RangeAllocation) Marshal() (dAtA []byte, err error)

func (*RangeAllocation) MarshalTo

func (m *RangeAllocation) MarshalTo(dAtA []byte) (int, error)

func (*RangeAllocation) MarshalToSizedBuffer

func (m *RangeAllocation) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RangeAllocation) ProtoMessage

func (*RangeAllocation) ProtoMessage()

func (*RangeAllocation) Reset

func (m *RangeAllocation) Reset()

func (*RangeAllocation) Size

func (m *RangeAllocation) Size() (n int)

func (*RangeAllocation) String

func (this *RangeAllocation) String() string

func (RangeAllocation) SwaggerDoc

func (RangeAllocation) SwaggerDoc() map[string]string

func (*RangeAllocation) Unmarshal

func (m *RangeAllocation) Unmarshal(dAtA []byte) error

func (*RangeAllocation) XXX_DiscardUnknown

func (m *RangeAllocation) XXX_DiscardUnknown()

func (*RangeAllocation) XXX_Marshal

func (m *RangeAllocation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RangeAllocation) XXX_Merge

func (m *RangeAllocation) XXX_Merge(src proto.Message)

func (*RangeAllocation) XXX_Size

func (m *RangeAllocation) XXX_Size() int

func (*RangeAllocation) XXX_Unmarshal

func (m *RangeAllocation) XXX_Unmarshal(b []byte) error

type RangeAllocationList

type RangeAllocationList struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is the standard list's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

	// List of RangeAllocations.
	Items []RangeAllocation `json:"items" protobuf:"bytes,2,rep,name=items"`
}

RangeAllocationList is a list of RangeAllocations objects

Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +openshift:compatibility-gen:level=1

func (*RangeAllocationList) DeepCopy

func (in *RangeAllocationList) DeepCopy() *RangeAllocationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RangeAllocationList.

func (*RangeAllocationList) DeepCopyInto

func (in *RangeAllocationList) DeepCopyInto(out *RangeAllocationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RangeAllocationList) DeepCopyObject

func (in *RangeAllocationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RangeAllocationList) Descriptor

func (*RangeAllocationList) Descriptor() ([]byte, []int)

func (*RangeAllocationList) Marshal

func (m *RangeAllocationList) Marshal() (dAtA []byte, err error)

func (*RangeAllocationList) MarshalTo

func (m *RangeAllocationList) MarshalTo(dAtA []byte) (int, error)

func (*RangeAllocationList) MarshalToSizedBuffer

func (m *RangeAllocationList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RangeAllocationList) ProtoMessage

func (*RangeAllocationList) ProtoMessage()

func (*RangeAllocationList) Reset

func (m *RangeAllocationList) Reset()

func (*RangeAllocationList) Size

func (m *RangeAllocationList) Size() (n int)

func (*RangeAllocationList) String

func (this *RangeAllocationList) String() string

func (RangeAllocationList) SwaggerDoc

func (RangeAllocationList) SwaggerDoc() map[string]string

func (*RangeAllocationList) Unmarshal

func (m *RangeAllocationList) Unmarshal(dAtA []byte) error

func (*RangeAllocationList) XXX_DiscardUnknown

func (m *RangeAllocationList) XXX_DiscardUnknown()

func (*RangeAllocationList) XXX_Marshal

func (m *RangeAllocationList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RangeAllocationList) XXX_Merge

func (m *RangeAllocationList) XXX_Merge(src proto.Message)

func (*RangeAllocationList) XXX_Size

func (m *RangeAllocationList) XXX_Size() int

func (*RangeAllocationList) XXX_Unmarshal

func (m *RangeAllocationList) XXX_Unmarshal(b []byte) error

type RunAsUserStrategyOptions

type RunAsUserStrategyOptions struct {
	// Type is the strategy that will dictate what RunAsUser is used in the SecurityContext.
	Type RunAsUserStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=RunAsUserStrategyType"`
	// UID is the user id that containers must run as.  Required for the MustRunAs strategy if not using
	// namespace/service account allocated uids.
	UID *int64 `json:"uid,omitempty" protobuf:"varint,2,opt,name=uid"`
	// UIDRangeMin defines the min value for a strategy that allocates by range.
	UIDRangeMin *int64 `json:"uidRangeMin,omitempty" protobuf:"varint,3,opt,name=uidRangeMin"`
	// UIDRangeMax defines the max value for a strategy that allocates by range.
	UIDRangeMax *int64 `json:"uidRangeMax,omitempty" protobuf:"varint,4,opt,name=uidRangeMax"`
}

RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.

func (*RunAsUserStrategyOptions) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsUserStrategyOptions.

func (*RunAsUserStrategyOptions) DeepCopyInto

func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RunAsUserStrategyOptions) Descriptor

func (*RunAsUserStrategyOptions) Descriptor() ([]byte, []int)

func (*RunAsUserStrategyOptions) Marshal

func (m *RunAsUserStrategyOptions) Marshal() (dAtA []byte, err error)

func (*RunAsUserStrategyOptions) MarshalTo

func (m *RunAsUserStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*RunAsUserStrategyOptions) MarshalToSizedBuffer

func (m *RunAsUserStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RunAsUserStrategyOptions) ProtoMessage

func (*RunAsUserStrategyOptions) ProtoMessage()

func (*RunAsUserStrategyOptions) Reset

func (m *RunAsUserStrategyOptions) Reset()

func (*RunAsUserStrategyOptions) Size

func (m *RunAsUserStrategyOptions) Size() (n int)

func (*RunAsUserStrategyOptions) String

func (this *RunAsUserStrategyOptions) String() string

func (RunAsUserStrategyOptions) SwaggerDoc

func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string

func (*RunAsUserStrategyOptions) Unmarshal

func (m *RunAsUserStrategyOptions) Unmarshal(dAtA []byte) error

func (*RunAsUserStrategyOptions) XXX_DiscardUnknown

func (m *RunAsUserStrategyOptions) XXX_DiscardUnknown()

func (*RunAsUserStrategyOptions) XXX_Marshal

func (m *RunAsUserStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RunAsUserStrategyOptions) XXX_Merge

func (m *RunAsUserStrategyOptions) XXX_Merge(src proto.Message)

func (*RunAsUserStrategyOptions) XXX_Size

func (m *RunAsUserStrategyOptions) XXX_Size() int

func (*RunAsUserStrategyOptions) XXX_Unmarshal

func (m *RunAsUserStrategyOptions) XXX_Unmarshal(b []byte) error

type RunAsUserStrategyType

type RunAsUserStrategyType string

RunAsUserStrategyType denotes strategy types for generating RunAsUser values for a SecurityContext

type SELinuxContextStrategyOptions

type SELinuxContextStrategyOptions struct {
	// Type is the strategy that will dictate what SELinux context is used in the SecurityContext.
	Type SELinuxContextStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=SELinuxContextStrategyType"`
	// seLinuxOptions required to run as; required for MustRunAs
	SELinuxOptions *corev1.SELinuxOptions `json:"seLinuxOptions,omitempty" protobuf:"bytes,2,opt,name=seLinuxOptions"`
}

SELinuxContextStrategyOptions defines the strategy type and any options used to create the strategy.

func (*SELinuxContextStrategyOptions) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxContextStrategyOptions.

func (*SELinuxContextStrategyOptions) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SELinuxContextStrategyOptions) Descriptor

func (*SELinuxContextStrategyOptions) Descriptor() ([]byte, []int)

func (*SELinuxContextStrategyOptions) Marshal

func (m *SELinuxContextStrategyOptions) Marshal() (dAtA []byte, err error)

func (*SELinuxContextStrategyOptions) MarshalTo

func (m *SELinuxContextStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*SELinuxContextStrategyOptions) MarshalToSizedBuffer

func (m *SELinuxContextStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SELinuxContextStrategyOptions) ProtoMessage

func (*SELinuxContextStrategyOptions) ProtoMessage()

func (*SELinuxContextStrategyOptions) Reset

func (m *SELinuxContextStrategyOptions) Reset()

func (*SELinuxContextStrategyOptions) Size

func (m *SELinuxContextStrategyOptions) Size() (n int)

func (*SELinuxContextStrategyOptions) String

func (this *SELinuxContextStrategyOptions) String() string

func (SELinuxContextStrategyOptions) SwaggerDoc

func (SELinuxContextStrategyOptions) SwaggerDoc() map[string]string

func (*SELinuxContextStrategyOptions) Unmarshal

func (m *SELinuxContextStrategyOptions) Unmarshal(dAtA []byte) error

func (*SELinuxContextStrategyOptions) XXX_DiscardUnknown

func (m *SELinuxContextStrategyOptions) XXX_DiscardUnknown()

func (*SELinuxContextStrategyOptions) XXX_Marshal

func (m *SELinuxContextStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SELinuxContextStrategyOptions) XXX_Merge

func (m *SELinuxContextStrategyOptions) XXX_Merge(src proto.Message)

func (*SELinuxContextStrategyOptions) XXX_Size

func (m *SELinuxContextStrategyOptions) XXX_Size() int

func (*SELinuxContextStrategyOptions) XXX_Unmarshal

func (m *SELinuxContextStrategyOptions) XXX_Unmarshal(b []byte) error

type SELinuxContextStrategyType

type SELinuxContextStrategyType string

SELinuxContextStrategyType denotes strategy types for generating SELinux options for a SecurityContext

type SecurityContextConstraints

type SecurityContextConstraints struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is the standard object's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

	// Priority influences the sort order of SCCs when evaluating which SCCs to try first for
	// a given pod request based on access in the Users and Groups fields.  The higher the int, the
	// higher priority. An unset value is considered a 0 priority. If scores
	// for multiple SCCs are equal they will be sorted from most restrictive to
	// least restrictive. If both priorities and restrictions are equal the
	// SCCs will be sorted by name.
	// +nullable
	Priority *int32 `json:"priority" protobuf:"varint,2,opt,name=priority"`

	// AllowPrivilegedContainer determines if a container can request to be run as privileged.
	AllowPrivilegedContainer bool `json:"allowPrivilegedContainer" protobuf:"varint,3,opt,name=allowPrivilegedContainer"`
	// DefaultAddCapabilities is the default set of capabilities that will be added to the container
	// unless the pod spec specifically drops the capability.  You may not list a capabiility in both
	// DefaultAddCapabilities and RequiredDropCapabilities.
	// +nullable
	// +listType=atomic
	DefaultAddCapabilities []corev1.Capability `json:"defaultAddCapabilities" protobuf:"bytes,4,rep,name=defaultAddCapabilities,casttype=Capability"`
	// RequiredDropCapabilities are the capabilities that will be dropped from the container.  These
	// are required to be dropped and cannot be added.
	// +nullable
	// +listType=atomic
	RequiredDropCapabilities []corev1.Capability `json:"requiredDropCapabilities" protobuf:"bytes,5,rep,name=requiredDropCapabilities,casttype=Capability"`
	// AllowedCapabilities is a list of capabilities that can be requested to add to the container.
	// Capabilities in this field maybe added at the pod author's discretion.
	// You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
	// To allow all capabilities you may use '*'.
	// +nullable
	// +listType=atomic
	AllowedCapabilities []corev1.Capability `json:"allowedCapabilities" protobuf:"bytes,6,rep,name=allowedCapabilities,casttype=Capability"`
	// AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin
	// +k8s:conversion-gen=false
	AllowHostDirVolumePlugin bool `json:"allowHostDirVolumePlugin" protobuf:"varint,7,opt,name=allowHostDirVolumePlugin"`
	// Volumes is a white list of allowed volume plugins.  FSType corresponds directly with the field names
	// of a VolumeSource (azureFile, configMap, emptyDir).  To allow all volumes you may use "*".
	// To allow no volumes, set to ["none"].
	// +nullable
	// +listType=atomic
	Volumes []FSType `json:"volumes" protobuf:"bytes,8,rep,name=volumes,casttype=FSType"`
	// AllowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all
	// Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes
	// is allowed in the "Volumes" field.
	// +optional
	// +nullable
	// +listType=atomic
	AllowedFlexVolumes []AllowedFlexVolume `json:"allowedFlexVolumes,omitempty" protobuf:"bytes,21,rep,name=allowedFlexVolumes"`
	// AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
	AllowHostNetwork bool `json:"allowHostNetwork" protobuf:"varint,9,opt,name=allowHostNetwork"`
	// AllowHostPorts determines if the policy allows host ports in the containers.
	AllowHostPorts bool `json:"allowHostPorts" protobuf:"varint,10,opt,name=allowHostPorts"`
	// AllowHostPID determines if the policy allows host pid in the containers.
	AllowHostPID bool `json:"allowHostPID" protobuf:"varint,11,opt,name=allowHostPID"`
	// AllowHostIPC determines if the policy allows host ipc in the containers.
	AllowHostIPC bool `json:"allowHostIPC" protobuf:"varint,12,opt,name=allowHostIPC"`
	// userNamespaceLevel determines if the policy allows host users in containers.
	// Valid values are "AllowHostLevel", "RequirePodLevel", and omitted.
	// When "AllowHostLevel" is set, a pod author may set `hostUsers` to either `true` or `false`.
	// When "RequirePodLevel" is set, a pod author must set `hostUsers` to `false`.
	// When omitted, the default value is "AllowHostLevel".
	// +openshift:enable:FeatureGate=UserNamespacesPodSecurityStandards
	// +kubebuilder:validation:Enum="AllowHostLevel";"RequirePodLevel"
	// +kubebuilder:default:="AllowHostLevel"
	// +default="AllowHostLevel"
	// +optional
	UserNamespaceLevel NamespaceLevelType `json:"userNamespaceLevel,omitempty" protobuf:"bytes,26,opt,name=userNamespaceLevel"`
	// DefaultAllowPrivilegeEscalation controls the default setting for whether a
	// process can gain more privileges than its parent process.
	// +optional
	// +nullable
	DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,22,rep,name=defaultAllowPrivilegeEscalation"`
	// AllowPrivilegeEscalation determines if a pod can request to allow
	// privilege escalation. If unspecified, defaults to true.
	// +optional
	// +nullable
	AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,23,rep,name=allowPrivilegeEscalation"`
	// SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.
	// +nullable
	SELinuxContext SELinuxContextStrategyOptions `json:"seLinuxContext,omitempty" protobuf:"bytes,13,opt,name=seLinuxContext"`
	// RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.
	// +nullable
	RunAsUser RunAsUserStrategyOptions `json:"runAsUser,omitempty" protobuf:"bytes,14,opt,name=runAsUser"`
	// SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
	// +nullable
	SupplementalGroups SupplementalGroupsStrategyOptions `json:"supplementalGroups,omitempty" protobuf:"bytes,15,opt,name=supplementalGroups"`
	// FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
	// +nullable
	FSGroup FSGroupStrategyOptions `json:"fsGroup,omitempty" protobuf:"bytes,16,opt,name=fsGroup"`
	// ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file
	// system.  If the container specifically requests to run with a non-read only root file system
	// the SCC should deny the pod.
	// If set to false the container may run with a read only root file system if it wishes but it
	// will not be forced to.
	ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem" protobuf:"varint,17,opt,name=readOnlyRootFilesystem"`

	// The users who have permissions to use this security context constraints
	// +optional
	// +nullable
	// +listType=atomic
	Users []string `json:"users" protobuf:"bytes,18,rep,name=users"`
	// The groups that have permission to use this security context constraints
	// +optional
	// +nullable
	// +listType=atomic
	Groups []string `json:"groups" protobuf:"bytes,19,rep,name=groups"`

	// SeccompProfiles lists the allowed profiles that may be set for the pod or
	// container's seccomp annotations.  An unset (nil) or empty value means that no profiles may
	// be specifid by the pod or container.	The wildcard '*' may be used to allow all profiles.  When
	// used to generate a value for a pod the first non-wildcard profile will be used as
	// the default.
	// +nullable
	// +listType=atomic
	SeccompProfiles []string `json:"seccompProfiles,omitempty" protobuf:"bytes,20,opt,name=seccompProfiles"`

	// AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
	// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
	// as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
	// Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
	//
	// Examples:
	// e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
	// e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
	// +optional
	// +nullable
	// +listType=atomic
	AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty" protobuf:"bytes,24,rep,name=allowedUnsafeSysctls"`
	// ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
	// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
	// as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
	//
	// Examples:
	// e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
	// e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
	// +optional
	// +nullable
	// +listType=atomic
	ForbiddenSysctls []string `json:"forbiddenSysctls,omitempty" protobuf:"bytes,25,rep,name=forbiddenSysctls"`
}

SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.

Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +kubebuilder:object:root=true +kubebuilder:resource:path=securitycontextconstraints,scope=Cluster +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 +kubebuilder:printcolumn:name="Priv",type=string,JSONPath=.allowPrivilegedContainer,description="Determines if a container can request to be run as privileged" +kubebuilder:printcolumn:name="Caps",type=string,JSONPath=.allowedCapabilities,description="A list of capabilities that can be requested to add to the container" +kubebuilder:printcolumn:name="SELinux",type=string,JSONPath=.seLinuxContext.type,description="Strategy that will dictate what labels will be set in the SecurityContext" +kubebuilder:printcolumn:name="RunAsUser",type=string,JSONPath=.runAsUser.type,description="Strategy that will dictate what RunAsUser is used in the SecurityContext" +kubebuilder:printcolumn:name="FSGroup",type=string,JSONPath=.fsGroup.type,description="Strategy that will dictate what fs group is used by the SecurityContext" +kubebuilder:printcolumn:name="SupGroup",type=string,JSONPath=.supplementalGroups.type,description="Strategy that will dictate what supplemental groups are used by the SecurityContext" +kubebuilder:printcolumn:name="Priority",type=string,JSONPath=.priority,description="Sort order of SCCs" +kubebuilder:printcolumn:name="ReadOnlyRootFS",type=string,JSONPath=.readOnlyRootFilesystem,description="Force containers to run with a read only root file system" +kubebuilder:printcolumn:name="Volumes",type=string,JSONPath=.volumes,description="White list of allowed volume plugins" +kubebuilder:singular=securitycontextconstraint +openshift:compatibility-gen:level=1 +kubebuilder:metadata:annotations=release.openshift.io/bootstrap-required=true

func (*SecurityContextConstraints) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityContextConstraints.

func (*SecurityContextConstraints) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecurityContextConstraints) DeepCopyObject

func (in *SecurityContextConstraints) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecurityContextConstraints) Descriptor

func (*SecurityContextConstraints) Descriptor() ([]byte, []int)

func (*SecurityContextConstraints) Marshal

func (m *SecurityContextConstraints) Marshal() (dAtA []byte, err error)

func (*SecurityContextConstraints) MarshalTo

func (m *SecurityContextConstraints) MarshalTo(dAtA []byte) (int, error)

func (*SecurityContextConstraints) MarshalToSizedBuffer

func (m *SecurityContextConstraints) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SecurityContextConstraints) ProtoMessage

func (*SecurityContextConstraints) ProtoMessage()

func (*SecurityContextConstraints) Reset

func (m *SecurityContextConstraints) Reset()

func (*SecurityContextConstraints) Size

func (m *SecurityContextConstraints) Size() (n int)

func (*SecurityContextConstraints) String

func (this *SecurityContextConstraints) String() string

func (SecurityContextConstraints) SwaggerDoc

func (SecurityContextConstraints) SwaggerDoc() map[string]string

func (*SecurityContextConstraints) Unmarshal

func (m *SecurityContextConstraints) Unmarshal(dAtA []byte) error

func (*SecurityContextConstraints) XXX_DiscardUnknown

func (m *SecurityContextConstraints) XXX_DiscardUnknown()

func (*SecurityContextConstraints) XXX_Marshal

func (m *SecurityContextConstraints) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SecurityContextConstraints) XXX_Merge

func (m *SecurityContextConstraints) XXX_Merge(src proto.Message)

func (*SecurityContextConstraints) XXX_Size

func (m *SecurityContextConstraints) XXX_Size() int

func (*SecurityContextConstraints) XXX_Unmarshal

func (m *SecurityContextConstraints) XXX_Unmarshal(b []byte) error

type SecurityContextConstraintsList

type SecurityContextConstraintsList struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is the standard list's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

	// List of security context constraints.
	Items []SecurityContextConstraints `json:"items" protobuf:"bytes,2,rep,name=items"`
}

SecurityContextConstraintsList is a list of SecurityContextConstraints objects

Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +openshift:compatibility-gen:level=1

func (*SecurityContextConstraintsList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityContextConstraintsList.

func (*SecurityContextConstraintsList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecurityContextConstraintsList) DeepCopyObject

func (in *SecurityContextConstraintsList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecurityContextConstraintsList) Descriptor

func (*SecurityContextConstraintsList) Descriptor() ([]byte, []int)

func (*SecurityContextConstraintsList) Marshal

func (m *SecurityContextConstraintsList) Marshal() (dAtA []byte, err error)

func (*SecurityContextConstraintsList) MarshalTo

func (m *SecurityContextConstraintsList) MarshalTo(dAtA []byte) (int, error)

func (*SecurityContextConstraintsList) MarshalToSizedBuffer

func (m *SecurityContextConstraintsList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SecurityContextConstraintsList) ProtoMessage

func (*SecurityContextConstraintsList) ProtoMessage()

func (*SecurityContextConstraintsList) Reset

func (m *SecurityContextConstraintsList) Reset()

func (*SecurityContextConstraintsList) Size

func (m *SecurityContextConstraintsList) Size() (n int)

func (*SecurityContextConstraintsList) String

func (this *SecurityContextConstraintsList) String() string

func (SecurityContextConstraintsList) SwaggerDoc

func (SecurityContextConstraintsList) SwaggerDoc() map[string]string

func (*SecurityContextConstraintsList) Unmarshal

func (m *SecurityContextConstraintsList) Unmarshal(dAtA []byte) error

func (*SecurityContextConstraintsList) XXX_DiscardUnknown

func (m *SecurityContextConstraintsList) XXX_DiscardUnknown()

func (*SecurityContextConstraintsList) XXX_Marshal

func (m *SecurityContextConstraintsList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SecurityContextConstraintsList) XXX_Merge

func (m *SecurityContextConstraintsList) XXX_Merge(src proto.Message)

func (*SecurityContextConstraintsList) XXX_Size

func (m *SecurityContextConstraintsList) XXX_Size() int

func (*SecurityContextConstraintsList) XXX_Unmarshal

func (m *SecurityContextConstraintsList) XXX_Unmarshal(b []byte) error

type ServiceAccountPodSecurityPolicyReviewStatus

type ServiceAccountPodSecurityPolicyReviewStatus struct {
	PodSecurityPolicySubjectReviewStatus `json:",inline" protobuf:"bytes,1,opt,name=podSecurityPolicySubjectReviewStatus"`

	// name contains the allowed and the denied ServiceAccount name
	Name string `json:"name" protobuf:"bytes,2,opt,name=name"`
}

ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status

func (*ServiceAccountPodSecurityPolicyReviewStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountPodSecurityPolicyReviewStatus.

func (*ServiceAccountPodSecurityPolicyReviewStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceAccountPodSecurityPolicyReviewStatus) Descriptor

func (*ServiceAccountPodSecurityPolicyReviewStatus) Marshal

func (m *ServiceAccountPodSecurityPolicyReviewStatus) Marshal() (dAtA []byte, err error)

func (*ServiceAccountPodSecurityPolicyReviewStatus) MarshalTo

func (*ServiceAccountPodSecurityPolicyReviewStatus) MarshalToSizedBuffer

func (m *ServiceAccountPodSecurityPolicyReviewStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ServiceAccountPodSecurityPolicyReviewStatus) ProtoMessage

func (*ServiceAccountPodSecurityPolicyReviewStatus) Reset

func (*ServiceAccountPodSecurityPolicyReviewStatus) Size

func (*ServiceAccountPodSecurityPolicyReviewStatus) String

func (ServiceAccountPodSecurityPolicyReviewStatus) SwaggerDoc

func (*ServiceAccountPodSecurityPolicyReviewStatus) Unmarshal

func (*ServiceAccountPodSecurityPolicyReviewStatus) XXX_DiscardUnknown

func (m *ServiceAccountPodSecurityPolicyReviewStatus) XXX_DiscardUnknown()

func (*ServiceAccountPodSecurityPolicyReviewStatus) XXX_Marshal

func (m *ServiceAccountPodSecurityPolicyReviewStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ServiceAccountPodSecurityPolicyReviewStatus) XXX_Merge

func (*ServiceAccountPodSecurityPolicyReviewStatus) XXX_Size

func (*ServiceAccountPodSecurityPolicyReviewStatus) XXX_Unmarshal

type SupplementalGroupsStrategyOptions

type SupplementalGroupsStrategyOptions struct {
	// Type is the strategy that will dictate what supplemental groups is used in the SecurityContext.
	Type SupplementalGroupsStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=SupplementalGroupsStrategyType"`
	// Ranges are the allowed ranges of supplemental groups.  If you would like to force a single
	// supplemental group then supply a single range with the same start and end.
	// +listType=atomic
	Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}

SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.

func (*SupplementalGroupsStrategyOptions) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SupplementalGroupsStrategyOptions.

func (*SupplementalGroupsStrategyOptions) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SupplementalGroupsStrategyOptions) Descriptor

func (*SupplementalGroupsStrategyOptions) Descriptor() ([]byte, []int)

func (*SupplementalGroupsStrategyOptions) Marshal

func (m *SupplementalGroupsStrategyOptions) Marshal() (dAtA []byte, err error)

func (*SupplementalGroupsStrategyOptions) MarshalTo

func (m *SupplementalGroupsStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*SupplementalGroupsStrategyOptions) MarshalToSizedBuffer

func (m *SupplementalGroupsStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SupplementalGroupsStrategyOptions) ProtoMessage

func (*SupplementalGroupsStrategyOptions) ProtoMessage()

func (*SupplementalGroupsStrategyOptions) Reset

func (*SupplementalGroupsStrategyOptions) Size

func (m *SupplementalGroupsStrategyOptions) Size() (n int)

func (*SupplementalGroupsStrategyOptions) String

func (SupplementalGroupsStrategyOptions) SwaggerDoc

func (*SupplementalGroupsStrategyOptions) Unmarshal

func (m *SupplementalGroupsStrategyOptions) Unmarshal(dAtA []byte) error

func (*SupplementalGroupsStrategyOptions) XXX_DiscardUnknown

func (m *SupplementalGroupsStrategyOptions) XXX_DiscardUnknown()

func (*SupplementalGroupsStrategyOptions) XXX_Marshal

func (m *SupplementalGroupsStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SupplementalGroupsStrategyOptions) XXX_Merge

func (*SupplementalGroupsStrategyOptions) XXX_Size

func (m *SupplementalGroupsStrategyOptions) XXX_Size() int

func (*SupplementalGroupsStrategyOptions) XXX_Unmarshal

func (m *SupplementalGroupsStrategyOptions) XXX_Unmarshal(b []byte) error

type SupplementalGroupsStrategyType

type SupplementalGroupsStrategyType string

SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental groups for a SecurityContext.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL