Documentation ¶
Overview ¶
+groupName=security.openshift.io Package v1 is the v1 version of the API.
Index ¶
- Constants
- Variables
- func Resource(resource string) schema.GroupResource
- type AllowedFlexVolume
- func (in *AllowedFlexVolume) DeepCopy() *AllowedFlexVolume
- func (in *AllowedFlexVolume) DeepCopyInto(out *AllowedFlexVolume)
- func (*AllowedFlexVolume) Descriptor() ([]byte, []int)
- func (m *AllowedFlexVolume) Marshal() (dAtA []byte, err error)
- func (m *AllowedFlexVolume) MarshalTo(dAtA []byte) (int, error)
- func (m *AllowedFlexVolume) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*AllowedFlexVolume) ProtoMessage()
- func (m *AllowedFlexVolume) Reset()
- func (m *AllowedFlexVolume) Size() (n int)
- func (this *AllowedFlexVolume) String() string
- func (AllowedFlexVolume) SwaggerDoc() map[string]string
- func (m *AllowedFlexVolume) Unmarshal(dAtA []byte) error
- func (m *AllowedFlexVolume) XXX_DiscardUnknown()
- func (m *AllowedFlexVolume) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *AllowedFlexVolume) XXX_Merge(src proto.Message)
- func (m *AllowedFlexVolume) XXX_Size() int
- func (m *AllowedFlexVolume) XXX_Unmarshal(b []byte) error
- type FSGroupStrategyOptions
- func (in *FSGroupStrategyOptions) DeepCopy() *FSGroupStrategyOptions
- func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions)
- func (*FSGroupStrategyOptions) Descriptor() ([]byte, []int)
- func (m *FSGroupStrategyOptions) Marshal() (dAtA []byte, err error)
- func (m *FSGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error)
- func (m *FSGroupStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*FSGroupStrategyOptions) ProtoMessage()
- func (m *FSGroupStrategyOptions) Reset()
- func (m *FSGroupStrategyOptions) Size() (n int)
- func (this *FSGroupStrategyOptions) String() string
- func (FSGroupStrategyOptions) SwaggerDoc() map[string]string
- func (m *FSGroupStrategyOptions) Unmarshal(dAtA []byte) error
- func (m *FSGroupStrategyOptions) XXX_DiscardUnknown()
- func (m *FSGroupStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *FSGroupStrategyOptions) XXX_Merge(src proto.Message)
- func (m *FSGroupStrategyOptions) XXX_Size() int
- func (m *FSGroupStrategyOptions) XXX_Unmarshal(b []byte) error
- type FSGroupStrategyType
- type FSType
- type IDRange
- func (in *IDRange) DeepCopy() *IDRange
- func (in *IDRange) DeepCopyInto(out *IDRange)
- func (*IDRange) Descriptor() ([]byte, []int)
- func (m *IDRange) Marshal() (dAtA []byte, err error)
- func (m *IDRange) MarshalTo(dAtA []byte) (int, error)
- func (m *IDRange) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*IDRange) ProtoMessage()
- func (m *IDRange) Reset()
- func (m *IDRange) Size() (n int)
- func (this *IDRange) String() string
- func (IDRange) SwaggerDoc() map[string]string
- func (m *IDRange) Unmarshal(dAtA []byte) error
- func (m *IDRange) XXX_DiscardUnknown()
- func (m *IDRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *IDRange) XXX_Merge(src proto.Message)
- func (m *IDRange) XXX_Size() int
- func (m *IDRange) XXX_Unmarshal(b []byte) error
- type NamespaceLevelType
- type PodSecurityPolicyReview
- func (in *PodSecurityPolicyReview) DeepCopy() *PodSecurityPolicyReview
- func (in *PodSecurityPolicyReview) DeepCopyInto(out *PodSecurityPolicyReview)
- func (in *PodSecurityPolicyReview) DeepCopyObject() runtime.Object
- func (*PodSecurityPolicyReview) Descriptor() ([]byte, []int)
- func (m *PodSecurityPolicyReview) Marshal() (dAtA []byte, err error)
- func (m *PodSecurityPolicyReview) MarshalTo(dAtA []byte) (int, error)
- func (m *PodSecurityPolicyReview) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*PodSecurityPolicyReview) ProtoMessage()
- func (m *PodSecurityPolicyReview) Reset()
- func (m *PodSecurityPolicyReview) Size() (n int)
- func (this *PodSecurityPolicyReview) String() string
- func (PodSecurityPolicyReview) SwaggerDoc() map[string]string
- func (m *PodSecurityPolicyReview) Unmarshal(dAtA []byte) error
- func (m *PodSecurityPolicyReview) XXX_DiscardUnknown()
- func (m *PodSecurityPolicyReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PodSecurityPolicyReview) XXX_Merge(src proto.Message)
- func (m *PodSecurityPolicyReview) XXX_Size() int
- func (m *PodSecurityPolicyReview) XXX_Unmarshal(b []byte) error
- type PodSecurityPolicyReviewSpec
- func (in *PodSecurityPolicyReviewSpec) DeepCopy() *PodSecurityPolicyReviewSpec
- func (in *PodSecurityPolicyReviewSpec) DeepCopyInto(out *PodSecurityPolicyReviewSpec)
- func (*PodSecurityPolicyReviewSpec) Descriptor() ([]byte, []int)
- func (m *PodSecurityPolicyReviewSpec) Marshal() (dAtA []byte, err error)
- func (m *PodSecurityPolicyReviewSpec) MarshalTo(dAtA []byte) (int, error)
- func (m *PodSecurityPolicyReviewSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*PodSecurityPolicyReviewSpec) ProtoMessage()
- func (m *PodSecurityPolicyReviewSpec) Reset()
- func (m *PodSecurityPolicyReviewSpec) Size() (n int)
- func (this *PodSecurityPolicyReviewSpec) String() string
- func (PodSecurityPolicyReviewSpec) SwaggerDoc() map[string]string
- func (m *PodSecurityPolicyReviewSpec) Unmarshal(dAtA []byte) error
- func (m *PodSecurityPolicyReviewSpec) XXX_DiscardUnknown()
- func (m *PodSecurityPolicyReviewSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PodSecurityPolicyReviewSpec) XXX_Merge(src proto.Message)
- func (m *PodSecurityPolicyReviewSpec) XXX_Size() int
- func (m *PodSecurityPolicyReviewSpec) XXX_Unmarshal(b []byte) error
- type PodSecurityPolicyReviewStatus
- func (in *PodSecurityPolicyReviewStatus) DeepCopy() *PodSecurityPolicyReviewStatus
- func (in *PodSecurityPolicyReviewStatus) DeepCopyInto(out *PodSecurityPolicyReviewStatus)
- func (*PodSecurityPolicyReviewStatus) Descriptor() ([]byte, []int)
- func (m *PodSecurityPolicyReviewStatus) Marshal() (dAtA []byte, err error)
- func (m *PodSecurityPolicyReviewStatus) MarshalTo(dAtA []byte) (int, error)
- func (m *PodSecurityPolicyReviewStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*PodSecurityPolicyReviewStatus) ProtoMessage()
- func (m *PodSecurityPolicyReviewStatus) Reset()
- func (m *PodSecurityPolicyReviewStatus) Size() (n int)
- func (this *PodSecurityPolicyReviewStatus) String() string
- func (PodSecurityPolicyReviewStatus) SwaggerDoc() map[string]string
- func (m *PodSecurityPolicyReviewStatus) Unmarshal(dAtA []byte) error
- func (m *PodSecurityPolicyReviewStatus) XXX_DiscardUnknown()
- func (m *PodSecurityPolicyReviewStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PodSecurityPolicyReviewStatus) XXX_Merge(src proto.Message)
- func (m *PodSecurityPolicyReviewStatus) XXX_Size() int
- func (m *PodSecurityPolicyReviewStatus) XXX_Unmarshal(b []byte) error
- type PodSecurityPolicySelfSubjectReview
- func (in *PodSecurityPolicySelfSubjectReview) DeepCopy() *PodSecurityPolicySelfSubjectReview
- func (in *PodSecurityPolicySelfSubjectReview) DeepCopyInto(out *PodSecurityPolicySelfSubjectReview)
- func (in *PodSecurityPolicySelfSubjectReview) DeepCopyObject() runtime.Object
- func (*PodSecurityPolicySelfSubjectReview) Descriptor() ([]byte, []int)
- func (m *PodSecurityPolicySelfSubjectReview) Marshal() (dAtA []byte, err error)
- func (m *PodSecurityPolicySelfSubjectReview) MarshalTo(dAtA []byte) (int, error)
- func (m *PodSecurityPolicySelfSubjectReview) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*PodSecurityPolicySelfSubjectReview) ProtoMessage()
- func (m *PodSecurityPolicySelfSubjectReview) Reset()
- func (m *PodSecurityPolicySelfSubjectReview) Size() (n int)
- func (this *PodSecurityPolicySelfSubjectReview) String() string
- func (PodSecurityPolicySelfSubjectReview) SwaggerDoc() map[string]string
- func (m *PodSecurityPolicySelfSubjectReview) Unmarshal(dAtA []byte) error
- func (m *PodSecurityPolicySelfSubjectReview) XXX_DiscardUnknown()
- func (m *PodSecurityPolicySelfSubjectReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PodSecurityPolicySelfSubjectReview) XXX_Merge(src proto.Message)
- func (m *PodSecurityPolicySelfSubjectReview) XXX_Size() int
- func (m *PodSecurityPolicySelfSubjectReview) XXX_Unmarshal(b []byte) error
- type PodSecurityPolicySelfSubjectReviewSpec
- func (in *PodSecurityPolicySelfSubjectReviewSpec) DeepCopy() *PodSecurityPolicySelfSubjectReviewSpec
- func (in *PodSecurityPolicySelfSubjectReviewSpec) DeepCopyInto(out *PodSecurityPolicySelfSubjectReviewSpec)
- func (*PodSecurityPolicySelfSubjectReviewSpec) Descriptor() ([]byte, []int)
- func (m *PodSecurityPolicySelfSubjectReviewSpec) Marshal() (dAtA []byte, err error)
- func (m *PodSecurityPolicySelfSubjectReviewSpec) MarshalTo(dAtA []byte) (int, error)
- func (m *PodSecurityPolicySelfSubjectReviewSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*PodSecurityPolicySelfSubjectReviewSpec) ProtoMessage()
- func (m *PodSecurityPolicySelfSubjectReviewSpec) Reset()
- func (m *PodSecurityPolicySelfSubjectReviewSpec) Size() (n int)
- func (this *PodSecurityPolicySelfSubjectReviewSpec) String() string
- func (PodSecurityPolicySelfSubjectReviewSpec) SwaggerDoc() map[string]string
- func (m *PodSecurityPolicySelfSubjectReviewSpec) Unmarshal(dAtA []byte) error
- func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_DiscardUnknown()
- func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_Merge(src proto.Message)
- func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_Size() int
- func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_Unmarshal(b []byte) error
- type PodSecurityPolicySubjectReview
- func (in *PodSecurityPolicySubjectReview) DeepCopy() *PodSecurityPolicySubjectReview
- func (in *PodSecurityPolicySubjectReview) DeepCopyInto(out *PodSecurityPolicySubjectReview)
- func (in *PodSecurityPolicySubjectReview) DeepCopyObject() runtime.Object
- func (*PodSecurityPolicySubjectReview) Descriptor() ([]byte, []int)
- func (m *PodSecurityPolicySubjectReview) Marshal() (dAtA []byte, err error)
- func (m *PodSecurityPolicySubjectReview) MarshalTo(dAtA []byte) (int, error)
- func (m *PodSecurityPolicySubjectReview) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*PodSecurityPolicySubjectReview) ProtoMessage()
- func (m *PodSecurityPolicySubjectReview) Reset()
- func (m *PodSecurityPolicySubjectReview) Size() (n int)
- func (this *PodSecurityPolicySubjectReview) String() string
- func (PodSecurityPolicySubjectReview) SwaggerDoc() map[string]string
- func (m *PodSecurityPolicySubjectReview) Unmarshal(dAtA []byte) error
- func (m *PodSecurityPolicySubjectReview) XXX_DiscardUnknown()
- func (m *PodSecurityPolicySubjectReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PodSecurityPolicySubjectReview) XXX_Merge(src proto.Message)
- func (m *PodSecurityPolicySubjectReview) XXX_Size() int
- func (m *PodSecurityPolicySubjectReview) XXX_Unmarshal(b []byte) error
- type PodSecurityPolicySubjectReviewSpec
- func (in *PodSecurityPolicySubjectReviewSpec) DeepCopy() *PodSecurityPolicySubjectReviewSpec
- func (in *PodSecurityPolicySubjectReviewSpec) DeepCopyInto(out *PodSecurityPolicySubjectReviewSpec)
- func (*PodSecurityPolicySubjectReviewSpec) Descriptor() ([]byte, []int)
- func (m *PodSecurityPolicySubjectReviewSpec) Marshal() (dAtA []byte, err error)
- func (m *PodSecurityPolicySubjectReviewSpec) MarshalTo(dAtA []byte) (int, error)
- func (m *PodSecurityPolicySubjectReviewSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*PodSecurityPolicySubjectReviewSpec) ProtoMessage()
- func (m *PodSecurityPolicySubjectReviewSpec) Reset()
- func (m *PodSecurityPolicySubjectReviewSpec) Size() (n int)
- func (this *PodSecurityPolicySubjectReviewSpec) String() string
- func (PodSecurityPolicySubjectReviewSpec) SwaggerDoc() map[string]string
- func (m *PodSecurityPolicySubjectReviewSpec) Unmarshal(dAtA []byte) error
- func (m *PodSecurityPolicySubjectReviewSpec) XXX_DiscardUnknown()
- func (m *PodSecurityPolicySubjectReviewSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PodSecurityPolicySubjectReviewSpec) XXX_Merge(src proto.Message)
- func (m *PodSecurityPolicySubjectReviewSpec) XXX_Size() int
- func (m *PodSecurityPolicySubjectReviewSpec) XXX_Unmarshal(b []byte) error
- type PodSecurityPolicySubjectReviewStatus
- func (in *PodSecurityPolicySubjectReviewStatus) DeepCopy() *PodSecurityPolicySubjectReviewStatus
- func (in *PodSecurityPolicySubjectReviewStatus) DeepCopyInto(out *PodSecurityPolicySubjectReviewStatus)
- func (*PodSecurityPolicySubjectReviewStatus) Descriptor() ([]byte, []int)
- func (m *PodSecurityPolicySubjectReviewStatus) Marshal() (dAtA []byte, err error)
- func (m *PodSecurityPolicySubjectReviewStatus) MarshalTo(dAtA []byte) (int, error)
- func (m *PodSecurityPolicySubjectReviewStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*PodSecurityPolicySubjectReviewStatus) ProtoMessage()
- func (m *PodSecurityPolicySubjectReviewStatus) Reset()
- func (m *PodSecurityPolicySubjectReviewStatus) Size() (n int)
- func (this *PodSecurityPolicySubjectReviewStatus) String() string
- func (PodSecurityPolicySubjectReviewStatus) SwaggerDoc() map[string]string
- func (m *PodSecurityPolicySubjectReviewStatus) Unmarshal(dAtA []byte) error
- func (m *PodSecurityPolicySubjectReviewStatus) XXX_DiscardUnknown()
- func (m *PodSecurityPolicySubjectReviewStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PodSecurityPolicySubjectReviewStatus) XXX_Merge(src proto.Message)
- func (m *PodSecurityPolicySubjectReviewStatus) XXX_Size() int
- func (m *PodSecurityPolicySubjectReviewStatus) XXX_Unmarshal(b []byte) error
- type RangeAllocation
- func (in *RangeAllocation) DeepCopy() *RangeAllocation
- func (in *RangeAllocation) DeepCopyInto(out *RangeAllocation)
- func (in *RangeAllocation) DeepCopyObject() runtime.Object
- func (*RangeAllocation) Descriptor() ([]byte, []int)
- func (m *RangeAllocation) Marshal() (dAtA []byte, err error)
- func (m *RangeAllocation) MarshalTo(dAtA []byte) (int, error)
- func (m *RangeAllocation) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*RangeAllocation) ProtoMessage()
- func (m *RangeAllocation) Reset()
- func (m *RangeAllocation) Size() (n int)
- func (this *RangeAllocation) String() string
- func (RangeAllocation) SwaggerDoc() map[string]string
- func (m *RangeAllocation) Unmarshal(dAtA []byte) error
- func (m *RangeAllocation) XXX_DiscardUnknown()
- func (m *RangeAllocation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *RangeAllocation) XXX_Merge(src proto.Message)
- func (m *RangeAllocation) XXX_Size() int
- func (m *RangeAllocation) XXX_Unmarshal(b []byte) error
- type RangeAllocationList
- func (in *RangeAllocationList) DeepCopy() *RangeAllocationList
- func (in *RangeAllocationList) DeepCopyInto(out *RangeAllocationList)
- func (in *RangeAllocationList) DeepCopyObject() runtime.Object
- func (*RangeAllocationList) Descriptor() ([]byte, []int)
- func (m *RangeAllocationList) Marshal() (dAtA []byte, err error)
- func (m *RangeAllocationList) MarshalTo(dAtA []byte) (int, error)
- func (m *RangeAllocationList) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*RangeAllocationList) ProtoMessage()
- func (m *RangeAllocationList) Reset()
- func (m *RangeAllocationList) Size() (n int)
- func (this *RangeAllocationList) String() string
- func (RangeAllocationList) SwaggerDoc() map[string]string
- func (m *RangeAllocationList) Unmarshal(dAtA []byte) error
- func (m *RangeAllocationList) XXX_DiscardUnknown()
- func (m *RangeAllocationList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *RangeAllocationList) XXX_Merge(src proto.Message)
- func (m *RangeAllocationList) XXX_Size() int
- func (m *RangeAllocationList) XXX_Unmarshal(b []byte) error
- type RunAsUserStrategyOptions
- func (in *RunAsUserStrategyOptions) DeepCopy() *RunAsUserStrategyOptions
- func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions)
- func (*RunAsUserStrategyOptions) Descriptor() ([]byte, []int)
- func (m *RunAsUserStrategyOptions) Marshal() (dAtA []byte, err error)
- func (m *RunAsUserStrategyOptions) MarshalTo(dAtA []byte) (int, error)
- func (m *RunAsUserStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*RunAsUserStrategyOptions) ProtoMessage()
- func (m *RunAsUserStrategyOptions) Reset()
- func (m *RunAsUserStrategyOptions) Size() (n int)
- func (this *RunAsUserStrategyOptions) String() string
- func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string
- func (m *RunAsUserStrategyOptions) Unmarshal(dAtA []byte) error
- func (m *RunAsUserStrategyOptions) XXX_DiscardUnknown()
- func (m *RunAsUserStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *RunAsUserStrategyOptions) XXX_Merge(src proto.Message)
- func (m *RunAsUserStrategyOptions) XXX_Size() int
- func (m *RunAsUserStrategyOptions) XXX_Unmarshal(b []byte) error
- type RunAsUserStrategyType
- type SELinuxContextStrategyOptions
- func (in *SELinuxContextStrategyOptions) DeepCopy() *SELinuxContextStrategyOptions
- func (in *SELinuxContextStrategyOptions) DeepCopyInto(out *SELinuxContextStrategyOptions)
- func (*SELinuxContextStrategyOptions) Descriptor() ([]byte, []int)
- func (m *SELinuxContextStrategyOptions) Marshal() (dAtA []byte, err error)
- func (m *SELinuxContextStrategyOptions) MarshalTo(dAtA []byte) (int, error)
- func (m *SELinuxContextStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*SELinuxContextStrategyOptions) ProtoMessage()
- func (m *SELinuxContextStrategyOptions) Reset()
- func (m *SELinuxContextStrategyOptions) Size() (n int)
- func (this *SELinuxContextStrategyOptions) String() string
- func (SELinuxContextStrategyOptions) SwaggerDoc() map[string]string
- func (m *SELinuxContextStrategyOptions) Unmarshal(dAtA []byte) error
- func (m *SELinuxContextStrategyOptions) XXX_DiscardUnknown()
- func (m *SELinuxContextStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *SELinuxContextStrategyOptions) XXX_Merge(src proto.Message)
- func (m *SELinuxContextStrategyOptions) XXX_Size() int
- func (m *SELinuxContextStrategyOptions) XXX_Unmarshal(b []byte) error
- type SELinuxContextStrategyType
- type SecurityContextConstraints
- func (in *SecurityContextConstraints) DeepCopy() *SecurityContextConstraints
- func (in *SecurityContextConstraints) DeepCopyInto(out *SecurityContextConstraints)
- func (in *SecurityContextConstraints) DeepCopyObject() runtime.Object
- func (*SecurityContextConstraints) Descriptor() ([]byte, []int)
- func (m *SecurityContextConstraints) Marshal() (dAtA []byte, err error)
- func (m *SecurityContextConstraints) MarshalTo(dAtA []byte) (int, error)
- func (m *SecurityContextConstraints) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*SecurityContextConstraints) ProtoMessage()
- func (m *SecurityContextConstraints) Reset()
- func (m *SecurityContextConstraints) Size() (n int)
- func (this *SecurityContextConstraints) String() string
- func (SecurityContextConstraints) SwaggerDoc() map[string]string
- func (m *SecurityContextConstraints) Unmarshal(dAtA []byte) error
- func (m *SecurityContextConstraints) XXX_DiscardUnknown()
- func (m *SecurityContextConstraints) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *SecurityContextConstraints) XXX_Merge(src proto.Message)
- func (m *SecurityContextConstraints) XXX_Size() int
- func (m *SecurityContextConstraints) XXX_Unmarshal(b []byte) error
- type SecurityContextConstraintsList
- func (in *SecurityContextConstraintsList) DeepCopy() *SecurityContextConstraintsList
- func (in *SecurityContextConstraintsList) DeepCopyInto(out *SecurityContextConstraintsList)
- func (in *SecurityContextConstraintsList) DeepCopyObject() runtime.Object
- func (*SecurityContextConstraintsList) Descriptor() ([]byte, []int)
- func (m *SecurityContextConstraintsList) Marshal() (dAtA []byte, err error)
- func (m *SecurityContextConstraintsList) MarshalTo(dAtA []byte) (int, error)
- func (m *SecurityContextConstraintsList) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*SecurityContextConstraintsList) ProtoMessage()
- func (m *SecurityContextConstraintsList) Reset()
- func (m *SecurityContextConstraintsList) Size() (n int)
- func (this *SecurityContextConstraintsList) String() string
- func (SecurityContextConstraintsList) SwaggerDoc() map[string]string
- func (m *SecurityContextConstraintsList) Unmarshal(dAtA []byte) error
- func (m *SecurityContextConstraintsList) XXX_DiscardUnknown()
- func (m *SecurityContextConstraintsList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *SecurityContextConstraintsList) XXX_Merge(src proto.Message)
- func (m *SecurityContextConstraintsList) XXX_Size() int
- func (m *SecurityContextConstraintsList) XXX_Unmarshal(b []byte) error
- type ServiceAccountPodSecurityPolicyReviewStatus
- func (in *ServiceAccountPodSecurityPolicyReviewStatus) DeepCopy() *ServiceAccountPodSecurityPolicyReviewStatus
- func (in *ServiceAccountPodSecurityPolicyReviewStatus) DeepCopyInto(out *ServiceAccountPodSecurityPolicyReviewStatus)
- func (*ServiceAccountPodSecurityPolicyReviewStatus) Descriptor() ([]byte, []int)
- func (m *ServiceAccountPodSecurityPolicyReviewStatus) Marshal() (dAtA []byte, err error)
- func (m *ServiceAccountPodSecurityPolicyReviewStatus) MarshalTo(dAtA []byte) (int, error)
- func (m *ServiceAccountPodSecurityPolicyReviewStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*ServiceAccountPodSecurityPolicyReviewStatus) ProtoMessage()
- func (m *ServiceAccountPodSecurityPolicyReviewStatus) Reset()
- func (m *ServiceAccountPodSecurityPolicyReviewStatus) Size() (n int)
- func (this *ServiceAccountPodSecurityPolicyReviewStatus) String() string
- func (ServiceAccountPodSecurityPolicyReviewStatus) SwaggerDoc() map[string]string
- func (m *ServiceAccountPodSecurityPolicyReviewStatus) Unmarshal(dAtA []byte) error
- func (m *ServiceAccountPodSecurityPolicyReviewStatus) XXX_DiscardUnknown()
- func (m *ServiceAccountPodSecurityPolicyReviewStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *ServiceAccountPodSecurityPolicyReviewStatus) XXX_Merge(src proto.Message)
- func (m *ServiceAccountPodSecurityPolicyReviewStatus) XXX_Size() int
- func (m *ServiceAccountPodSecurityPolicyReviewStatus) XXX_Unmarshal(b []byte) error
- type SupplementalGroupsStrategyOptions
- func (in *SupplementalGroupsStrategyOptions) DeepCopy() *SupplementalGroupsStrategyOptions
- func (in *SupplementalGroupsStrategyOptions) DeepCopyInto(out *SupplementalGroupsStrategyOptions)
- func (*SupplementalGroupsStrategyOptions) Descriptor() ([]byte, []int)
- func (m *SupplementalGroupsStrategyOptions) Marshal() (dAtA []byte, err error)
- func (m *SupplementalGroupsStrategyOptions) MarshalTo(dAtA []byte) (int, error)
- func (m *SupplementalGroupsStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*SupplementalGroupsStrategyOptions) ProtoMessage()
- func (m *SupplementalGroupsStrategyOptions) Reset()
- func (m *SupplementalGroupsStrategyOptions) Size() (n int)
- func (this *SupplementalGroupsStrategyOptions) String() string
- func (SupplementalGroupsStrategyOptions) SwaggerDoc() map[string]string
- func (m *SupplementalGroupsStrategyOptions) Unmarshal(dAtA []byte) error
- func (m *SupplementalGroupsStrategyOptions) XXX_DiscardUnknown()
- func (m *SupplementalGroupsStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *SupplementalGroupsStrategyOptions) XXX_Merge(src proto.Message)
- func (m *SupplementalGroupsStrategyOptions) XXX_Size() int
- func (m *SupplementalGroupsStrategyOptions) XXX_Unmarshal(b []byte) error
- type SupplementalGroupsStrategyType
Constants ¶
const ( UIDRangeAnnotation = "openshift.io/sa.scc.uid-range" // SupplementalGroupsAnnotation contains a comma delimited list of allocated supplemental groups // for the namespace. Groups are in the form of a Block which supports {start}/{length} or {start}-{end} SupplementalGroupsAnnotation = "openshift.io/sa.scc.supplemental-groups" MCSAnnotation = "openshift.io/sa.scc.mcs" ValidatedSCCAnnotation = "openshift.io/scc" // This annotation pins required SCCs for core OpenShift workloads to prevent preemption of custom SCCs. // It is being used in the SCC admission plugin. RequiredSCCAnnotation = "openshift.io/required-scc" // MinimallySufficientPodSecurityStandard indicates the PodSecurityStandard that matched the SCCs available to the users of the namespace. MinimallySufficientPodSecurityStandard = "security.openshift.io/MinimallySufficientPodSecurityStandard" )
const ( // NamespaceLevelAllowHost allows a pod to set `hostUsers` field to either `true` or `false` NamespaceLevelAllowHost NamespaceLevelType = "AllowHostLevel" // NamespaceLevelRequirePod requires the `hostUsers` field be `false` in a pod. NamespaceLevelRequirePod NamespaceLevelType = "RequirePodLevel" // container must have SELinux labels of X applied. SELinuxStrategyMustRunAs SELinuxContextStrategyType = "MustRunAs" // container may make requests for any SELinux context labels. SELinuxStrategyRunAsAny SELinuxContextStrategyType = "RunAsAny" // container must run as a particular uid. RunAsUserStrategyMustRunAs RunAsUserStrategyType = "MustRunAs" // container must run as a particular uid. RunAsUserStrategyMustRunAsRange RunAsUserStrategyType = "MustRunAsRange" // container must run as a non-root uid RunAsUserStrategyMustRunAsNonRoot RunAsUserStrategyType = "MustRunAsNonRoot" // container may make requests for any uid. RunAsUserStrategyRunAsAny RunAsUserStrategyType = "RunAsAny" // container must have FSGroup of X applied. FSGroupStrategyMustRunAs FSGroupStrategyType = "MustRunAs" // container may make requests for any FSGroup labels. FSGroupStrategyRunAsAny FSGroupStrategyType = "RunAsAny" // container must run as a particular gid. SupplementalGroupsStrategyMustRunAs SupplementalGroupsStrategyType = "MustRunAs" // container may make requests for any gid. SupplementalGroupsStrategyRunAsAny SupplementalGroupsStrategyType = "RunAsAny" )
Variables ¶
var ( ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") )
var ( GroupName = "security.openshift.io" GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} // Install is a function which adds this version to a scheme Install = schemeBuilder.AddToScheme // SchemeGroupVersion generated code relies on this name // Deprecated SchemeGroupVersion = GroupVersion // AddToScheme exists solely to keep the old generators creating valid code // DEPRECATED AddToScheme = schemeBuilder.AddToScheme )
var AllowAllCapabilities corev1.Capability = "*"
AllowAllCapabilities can be used as a value for the SecurityContextConstraints.AllowAllCapabilities field and means that any capabilities are allowed to be requested.
var (
DeprecatedInstallWithoutGroup = legacySchemeBuilder.AddToScheme
)
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource generated code relies on this being here, but it logically belongs to the group DEPRECATED
Types ¶
type AllowedFlexVolume ¶
type AllowedFlexVolume struct { // Driver is the name of the Flexvolume driver. Driver string `json:"driver" protobuf:"bytes,1,opt,name=driver"` }
AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
func (*AllowedFlexVolume) DeepCopy ¶
func (in *AllowedFlexVolume) DeepCopy() *AllowedFlexVolume
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedFlexVolume.
func (*AllowedFlexVolume) DeepCopyInto ¶
func (in *AllowedFlexVolume) DeepCopyInto(out *AllowedFlexVolume)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AllowedFlexVolume) Descriptor ¶
func (*AllowedFlexVolume) Descriptor() ([]byte, []int)
func (*AllowedFlexVolume) Marshal ¶
func (m *AllowedFlexVolume) Marshal() (dAtA []byte, err error)
func (*AllowedFlexVolume) MarshalTo ¶
func (m *AllowedFlexVolume) MarshalTo(dAtA []byte) (int, error)
func (*AllowedFlexVolume) MarshalToSizedBuffer ¶
func (m *AllowedFlexVolume) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*AllowedFlexVolume) ProtoMessage ¶
func (*AllowedFlexVolume) ProtoMessage()
func (*AllowedFlexVolume) Reset ¶
func (m *AllowedFlexVolume) Reset()
func (*AllowedFlexVolume) Size ¶
func (m *AllowedFlexVolume) Size() (n int)
func (*AllowedFlexVolume) String ¶
func (this *AllowedFlexVolume) String() string
func (AllowedFlexVolume) SwaggerDoc ¶
func (AllowedFlexVolume) SwaggerDoc() map[string]string
func (*AllowedFlexVolume) Unmarshal ¶
func (m *AllowedFlexVolume) Unmarshal(dAtA []byte) error
func (*AllowedFlexVolume) XXX_DiscardUnknown ¶
func (m *AllowedFlexVolume) XXX_DiscardUnknown()
func (*AllowedFlexVolume) XXX_Marshal ¶
func (m *AllowedFlexVolume) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*AllowedFlexVolume) XXX_Merge ¶
func (m *AllowedFlexVolume) XXX_Merge(src proto.Message)
func (*AllowedFlexVolume) XXX_Size ¶
func (m *AllowedFlexVolume) XXX_Size() int
func (*AllowedFlexVolume) XXX_Unmarshal ¶
func (m *AllowedFlexVolume) XXX_Unmarshal(b []byte) error
type FSGroupStrategyOptions ¶
type FSGroupStrategyOptions struct { // Type is the strategy that will dictate what FSGroup is used in the SecurityContext. Type FSGroupStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=FSGroupStrategyType"` // Ranges are the allowed ranges of fs groups. If you would like to force a single // fs group then supply a single range with the same start and end. // +listType=atomic Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"` }
FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
func (*FSGroupStrategyOptions) DeepCopy ¶
func (in *FSGroupStrategyOptions) DeepCopy() *FSGroupStrategyOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FSGroupStrategyOptions.
func (*FSGroupStrategyOptions) DeepCopyInto ¶
func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FSGroupStrategyOptions) Descriptor ¶
func (*FSGroupStrategyOptions) Descriptor() ([]byte, []int)
func (*FSGroupStrategyOptions) Marshal ¶
func (m *FSGroupStrategyOptions) Marshal() (dAtA []byte, err error)
func (*FSGroupStrategyOptions) MarshalTo ¶
func (m *FSGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error)
func (*FSGroupStrategyOptions) MarshalToSizedBuffer ¶
func (m *FSGroupStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*FSGroupStrategyOptions) ProtoMessage ¶
func (*FSGroupStrategyOptions) ProtoMessage()
func (*FSGroupStrategyOptions) Reset ¶
func (m *FSGroupStrategyOptions) Reset()
func (*FSGroupStrategyOptions) Size ¶
func (m *FSGroupStrategyOptions) Size() (n int)
func (*FSGroupStrategyOptions) String ¶
func (this *FSGroupStrategyOptions) String() string
func (FSGroupStrategyOptions) SwaggerDoc ¶
func (FSGroupStrategyOptions) SwaggerDoc() map[string]string
func (*FSGroupStrategyOptions) Unmarshal ¶
func (m *FSGroupStrategyOptions) Unmarshal(dAtA []byte) error
func (*FSGroupStrategyOptions) XXX_DiscardUnknown ¶
func (m *FSGroupStrategyOptions) XXX_DiscardUnknown()
func (*FSGroupStrategyOptions) XXX_Marshal ¶
func (m *FSGroupStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*FSGroupStrategyOptions) XXX_Merge ¶
func (m *FSGroupStrategyOptions) XXX_Merge(src proto.Message)
func (*FSGroupStrategyOptions) XXX_Size ¶
func (m *FSGroupStrategyOptions) XXX_Size() int
func (*FSGroupStrategyOptions) XXX_Unmarshal ¶
func (m *FSGroupStrategyOptions) XXX_Unmarshal(b []byte) error
type FSGroupStrategyType ¶
type FSGroupStrategyType string
FSGroupStrategyType denotes strategy types for generating FSGroup values for a SecurityContext
type FSType ¶
type FSType string
FS Type gives strong typing to different file systems that are used by volumes.
var ( FSTypeAzureFile FSType = "azureFile" FSTypeAzureDisk FSType = "azureDisk" FSTypeFlocker FSType = "flocker" FSTypeFlexVolume FSType = "flexVolume" FSTypeHostPath FSType = "hostPath" FSTypeEmptyDir FSType = "emptyDir" FSTypeGCEPersistentDisk FSType = "gcePersistentDisk" FSTypeAWSElasticBlockStore FSType = "awsElasticBlockStore" FSTypeGitRepo FSType = "gitRepo" FSTypeSecret FSType = "secret" FSTypeNFS FSType = "nfs" FSTypeISCSI FSType = "iscsi" FSTypeGlusterfs FSType = "glusterfs" FSTypePersistentVolumeClaim FSType = "persistentVolumeClaim" FSTypeRBD FSType = "rbd" FSTypeCinder FSType = "cinder" FSTypeCephFS FSType = "cephFS" FSTypeDownwardAPI FSType = "downwardAPI" FSTypeFC FSType = "fc" FSTypeConfigMap FSType = "configMap" FSTypeVsphereVolume FSType = "vsphere" FSTypeQuobyte FSType = "quobyte" FSTypePhotonPersistentDisk FSType = "photonPersistentDisk" FSProjected FSType = "projected" FSPortworxVolume FSType = "portworxVolume" FSScaleIO FSType = "scaleIO" FSStorageOS FSType = "storageOS" FSTypeCSI FSType = "csi" FSTypeEphemeral FSType = "ephemeral" FSTypeImage FSType = "image" FSTypeAll FSType = "*" FSTypeNone FSType = "none" )
type IDRange ¶
type IDRange struct { // Min is the start of the range, inclusive. Min int64 `json:"min,omitempty" protobuf:"varint,1,opt,name=min"` // Max is the end of the range, inclusive. Max int64 `json:"max,omitempty" protobuf:"varint,2,opt,name=max"` }
IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.
func (*IDRange) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDRange.
func (*IDRange) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IDRange) Descriptor ¶
func (*IDRange) MarshalToSizedBuffer ¶
func (*IDRange) ProtoMessage ¶
func (*IDRange) ProtoMessage()
func (IDRange) SwaggerDoc ¶
func (*IDRange) XXX_DiscardUnknown ¶
func (m *IDRange) XXX_DiscardUnknown()
func (*IDRange) XXX_Marshal ¶
func (*IDRange) XXX_Unmarshal ¶
type NamespaceLevelType ¶
type NamespaceLevelType string
NamespaceLevelType shows the allowable values for the UserNamespaceLevel field.
type PodSecurityPolicyReview ¶
type PodSecurityPolicyReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,3,opt,name=metadata"` // spec is the PodSecurityPolicy to check. Spec PodSecurityPolicyReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"` // status represents the current information/status for the PodSecurityPolicyReview. Status PodSecurityPolicyReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"` }
PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.
Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +openshift:compatibility-gen:level=2
func (*PodSecurityPolicyReview) DeepCopy ¶
func (in *PodSecurityPolicyReview) DeepCopy() *PodSecurityPolicyReview
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyReview.
func (*PodSecurityPolicyReview) DeepCopyInto ¶
func (in *PodSecurityPolicyReview) DeepCopyInto(out *PodSecurityPolicyReview)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodSecurityPolicyReview) DeepCopyObject ¶
func (in *PodSecurityPolicyReview) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*PodSecurityPolicyReview) Descriptor ¶
func (*PodSecurityPolicyReview) Descriptor() ([]byte, []int)
func (*PodSecurityPolicyReview) Marshal ¶
func (m *PodSecurityPolicyReview) Marshal() (dAtA []byte, err error)
func (*PodSecurityPolicyReview) MarshalTo ¶
func (m *PodSecurityPolicyReview) MarshalTo(dAtA []byte) (int, error)
func (*PodSecurityPolicyReview) MarshalToSizedBuffer ¶
func (m *PodSecurityPolicyReview) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*PodSecurityPolicyReview) ProtoMessage ¶
func (*PodSecurityPolicyReview) ProtoMessage()
func (*PodSecurityPolicyReview) Reset ¶
func (m *PodSecurityPolicyReview) Reset()
func (*PodSecurityPolicyReview) Size ¶
func (m *PodSecurityPolicyReview) Size() (n int)
func (*PodSecurityPolicyReview) String ¶
func (this *PodSecurityPolicyReview) String() string
func (PodSecurityPolicyReview) SwaggerDoc ¶
func (PodSecurityPolicyReview) SwaggerDoc() map[string]string
func (*PodSecurityPolicyReview) Unmarshal ¶
func (m *PodSecurityPolicyReview) Unmarshal(dAtA []byte) error
func (*PodSecurityPolicyReview) XXX_DiscardUnknown ¶
func (m *PodSecurityPolicyReview) XXX_DiscardUnknown()
func (*PodSecurityPolicyReview) XXX_Marshal ¶
func (m *PodSecurityPolicyReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PodSecurityPolicyReview) XXX_Merge ¶
func (m *PodSecurityPolicyReview) XXX_Merge(src proto.Message)
func (*PodSecurityPolicyReview) XXX_Size ¶
func (m *PodSecurityPolicyReview) XXX_Size() int
func (*PodSecurityPolicyReview) XXX_Unmarshal ¶
func (m *PodSecurityPolicyReview) XXX_Unmarshal(b []byte) error
type PodSecurityPolicyReviewSpec ¶
type PodSecurityPolicyReviewSpec struct { // template is the PodTemplateSpec to check. The template.spec.serviceAccountName field is used // if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty, // in which case "default" is used. // If serviceAccountNames is specified, template.spec.serviceAccountName is ignored. Template corev1.PodTemplateSpec `json:"template" protobuf:"bytes,1,opt,name=template"` // serviceAccountNames is an optional set of ServiceAccounts to run the check with. // If serviceAccountNames is empty, the template.spec.serviceAccountName is used, // unless it's empty, in which case "default" is used instead. // If serviceAccountNames is specified, template.spec.serviceAccountName is ignored. ServiceAccountNames []string `json:"serviceAccountNames,omitempty" protobuf:"bytes,2,rep,name=serviceAccountNames"` // TODO: find a way to express 'all service accounts' }
PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview
func (*PodSecurityPolicyReviewSpec) DeepCopy ¶
func (in *PodSecurityPolicyReviewSpec) DeepCopy() *PodSecurityPolicyReviewSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyReviewSpec.
func (*PodSecurityPolicyReviewSpec) DeepCopyInto ¶
func (in *PodSecurityPolicyReviewSpec) DeepCopyInto(out *PodSecurityPolicyReviewSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodSecurityPolicyReviewSpec) Descriptor ¶
func (*PodSecurityPolicyReviewSpec) Descriptor() ([]byte, []int)
func (*PodSecurityPolicyReviewSpec) Marshal ¶
func (m *PodSecurityPolicyReviewSpec) Marshal() (dAtA []byte, err error)
func (*PodSecurityPolicyReviewSpec) MarshalTo ¶
func (m *PodSecurityPolicyReviewSpec) MarshalTo(dAtA []byte) (int, error)
func (*PodSecurityPolicyReviewSpec) MarshalToSizedBuffer ¶
func (m *PodSecurityPolicyReviewSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*PodSecurityPolicyReviewSpec) ProtoMessage ¶
func (*PodSecurityPolicyReviewSpec) ProtoMessage()
func (*PodSecurityPolicyReviewSpec) Reset ¶
func (m *PodSecurityPolicyReviewSpec) Reset()
func (*PodSecurityPolicyReviewSpec) Size ¶
func (m *PodSecurityPolicyReviewSpec) Size() (n int)
func (*PodSecurityPolicyReviewSpec) String ¶
func (this *PodSecurityPolicyReviewSpec) String() string
func (PodSecurityPolicyReviewSpec) SwaggerDoc ¶
func (PodSecurityPolicyReviewSpec) SwaggerDoc() map[string]string
func (*PodSecurityPolicyReviewSpec) Unmarshal ¶
func (m *PodSecurityPolicyReviewSpec) Unmarshal(dAtA []byte) error
func (*PodSecurityPolicyReviewSpec) XXX_DiscardUnknown ¶
func (m *PodSecurityPolicyReviewSpec) XXX_DiscardUnknown()
func (*PodSecurityPolicyReviewSpec) XXX_Marshal ¶
func (m *PodSecurityPolicyReviewSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PodSecurityPolicyReviewSpec) XXX_Merge ¶
func (m *PodSecurityPolicyReviewSpec) XXX_Merge(src proto.Message)
func (*PodSecurityPolicyReviewSpec) XXX_Size ¶
func (m *PodSecurityPolicyReviewSpec) XXX_Size() int
func (*PodSecurityPolicyReviewSpec) XXX_Unmarshal ¶
func (m *PodSecurityPolicyReviewSpec) XXX_Unmarshal(b []byte) error
type PodSecurityPolicyReviewStatus ¶
type PodSecurityPolicyReviewStatus struct { // allowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodTemplateSpec. AllowedServiceAccounts []ServiceAccountPodSecurityPolicyReviewStatus `json:"allowedServiceAccounts" protobuf:"bytes,1,rep,name=allowedServiceAccounts"` }
PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview.
func (*PodSecurityPolicyReviewStatus) DeepCopy ¶
func (in *PodSecurityPolicyReviewStatus) DeepCopy() *PodSecurityPolicyReviewStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyReviewStatus.
func (*PodSecurityPolicyReviewStatus) DeepCopyInto ¶
func (in *PodSecurityPolicyReviewStatus) DeepCopyInto(out *PodSecurityPolicyReviewStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodSecurityPolicyReviewStatus) Descriptor ¶
func (*PodSecurityPolicyReviewStatus) Descriptor() ([]byte, []int)
func (*PodSecurityPolicyReviewStatus) Marshal ¶
func (m *PodSecurityPolicyReviewStatus) Marshal() (dAtA []byte, err error)
func (*PodSecurityPolicyReviewStatus) MarshalTo ¶
func (m *PodSecurityPolicyReviewStatus) MarshalTo(dAtA []byte) (int, error)
func (*PodSecurityPolicyReviewStatus) MarshalToSizedBuffer ¶
func (m *PodSecurityPolicyReviewStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*PodSecurityPolicyReviewStatus) ProtoMessage ¶
func (*PodSecurityPolicyReviewStatus) ProtoMessage()
func (*PodSecurityPolicyReviewStatus) Reset ¶
func (m *PodSecurityPolicyReviewStatus) Reset()
func (*PodSecurityPolicyReviewStatus) Size ¶
func (m *PodSecurityPolicyReviewStatus) Size() (n int)
func (*PodSecurityPolicyReviewStatus) String ¶
func (this *PodSecurityPolicyReviewStatus) String() string
func (PodSecurityPolicyReviewStatus) SwaggerDoc ¶
func (PodSecurityPolicyReviewStatus) SwaggerDoc() map[string]string
func (*PodSecurityPolicyReviewStatus) Unmarshal ¶
func (m *PodSecurityPolicyReviewStatus) Unmarshal(dAtA []byte) error
func (*PodSecurityPolicyReviewStatus) XXX_DiscardUnknown ¶
func (m *PodSecurityPolicyReviewStatus) XXX_DiscardUnknown()
func (*PodSecurityPolicyReviewStatus) XXX_Marshal ¶
func (m *PodSecurityPolicyReviewStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PodSecurityPolicyReviewStatus) XXX_Merge ¶
func (m *PodSecurityPolicyReviewStatus) XXX_Merge(src proto.Message)
func (*PodSecurityPolicyReviewStatus) XXX_Size ¶
func (m *PodSecurityPolicyReviewStatus) XXX_Size() int
func (*PodSecurityPolicyReviewStatus) XXX_Unmarshal ¶
func (m *PodSecurityPolicyReviewStatus) XXX_Unmarshal(b []byte) error
type PodSecurityPolicySelfSubjectReview ¶
type PodSecurityPolicySelfSubjectReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,3,opt,name=metadata"` // spec defines specification the PodSecurityPolicySelfSubjectReview. Spec PodSecurityPolicySelfSubjectReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"` // status represents the current information/status for the PodSecurityPolicySelfSubjectReview. Status PodSecurityPolicySubjectReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"` }
PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec
Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +openshift:compatibility-gen:level=2
func (*PodSecurityPolicySelfSubjectReview) DeepCopy ¶
func (in *PodSecurityPolicySelfSubjectReview) DeepCopy() *PodSecurityPolicySelfSubjectReview
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySelfSubjectReview.
func (*PodSecurityPolicySelfSubjectReview) DeepCopyInto ¶
func (in *PodSecurityPolicySelfSubjectReview) DeepCopyInto(out *PodSecurityPolicySelfSubjectReview)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodSecurityPolicySelfSubjectReview) DeepCopyObject ¶
func (in *PodSecurityPolicySelfSubjectReview) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*PodSecurityPolicySelfSubjectReview) Descriptor ¶
func (*PodSecurityPolicySelfSubjectReview) Descriptor() ([]byte, []int)
func (*PodSecurityPolicySelfSubjectReview) Marshal ¶
func (m *PodSecurityPolicySelfSubjectReview) Marshal() (dAtA []byte, err error)
func (*PodSecurityPolicySelfSubjectReview) MarshalTo ¶
func (m *PodSecurityPolicySelfSubjectReview) MarshalTo(dAtA []byte) (int, error)
func (*PodSecurityPolicySelfSubjectReview) MarshalToSizedBuffer ¶
func (m *PodSecurityPolicySelfSubjectReview) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*PodSecurityPolicySelfSubjectReview) ProtoMessage ¶
func (*PodSecurityPolicySelfSubjectReview) ProtoMessage()
func (*PodSecurityPolicySelfSubjectReview) Reset ¶
func (m *PodSecurityPolicySelfSubjectReview) Reset()
func (*PodSecurityPolicySelfSubjectReview) Size ¶
func (m *PodSecurityPolicySelfSubjectReview) Size() (n int)
func (*PodSecurityPolicySelfSubjectReview) String ¶
func (this *PodSecurityPolicySelfSubjectReview) String() string
func (PodSecurityPolicySelfSubjectReview) SwaggerDoc ¶
func (PodSecurityPolicySelfSubjectReview) SwaggerDoc() map[string]string
func (*PodSecurityPolicySelfSubjectReview) Unmarshal ¶
func (m *PodSecurityPolicySelfSubjectReview) Unmarshal(dAtA []byte) error
func (*PodSecurityPolicySelfSubjectReview) XXX_DiscardUnknown ¶
func (m *PodSecurityPolicySelfSubjectReview) XXX_DiscardUnknown()
func (*PodSecurityPolicySelfSubjectReview) XXX_Marshal ¶
func (m *PodSecurityPolicySelfSubjectReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PodSecurityPolicySelfSubjectReview) XXX_Merge ¶
func (m *PodSecurityPolicySelfSubjectReview) XXX_Merge(src proto.Message)
func (*PodSecurityPolicySelfSubjectReview) XXX_Size ¶
func (m *PodSecurityPolicySelfSubjectReview) XXX_Size() int
func (*PodSecurityPolicySelfSubjectReview) XXX_Unmarshal ¶
func (m *PodSecurityPolicySelfSubjectReview) XXX_Unmarshal(b []byte) error
type PodSecurityPolicySelfSubjectReviewSpec ¶
type PodSecurityPolicySelfSubjectReviewSpec struct { // template is the PodTemplateSpec to check. Template corev1.PodTemplateSpec `json:"template" protobuf:"bytes,1,opt,name=template"` }
PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview.
func (*PodSecurityPolicySelfSubjectReviewSpec) DeepCopy ¶
func (in *PodSecurityPolicySelfSubjectReviewSpec) DeepCopy() *PodSecurityPolicySelfSubjectReviewSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySelfSubjectReviewSpec.
func (*PodSecurityPolicySelfSubjectReviewSpec) DeepCopyInto ¶
func (in *PodSecurityPolicySelfSubjectReviewSpec) DeepCopyInto(out *PodSecurityPolicySelfSubjectReviewSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodSecurityPolicySelfSubjectReviewSpec) Descriptor ¶
func (*PodSecurityPolicySelfSubjectReviewSpec) Descriptor() ([]byte, []int)
func (*PodSecurityPolicySelfSubjectReviewSpec) Marshal ¶
func (m *PodSecurityPolicySelfSubjectReviewSpec) Marshal() (dAtA []byte, err error)
func (*PodSecurityPolicySelfSubjectReviewSpec) MarshalTo ¶
func (m *PodSecurityPolicySelfSubjectReviewSpec) MarshalTo(dAtA []byte) (int, error)
func (*PodSecurityPolicySelfSubjectReviewSpec) MarshalToSizedBuffer ¶
func (m *PodSecurityPolicySelfSubjectReviewSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*PodSecurityPolicySelfSubjectReviewSpec) ProtoMessage ¶
func (*PodSecurityPolicySelfSubjectReviewSpec) ProtoMessage()
func (*PodSecurityPolicySelfSubjectReviewSpec) Reset ¶
func (m *PodSecurityPolicySelfSubjectReviewSpec) Reset()
func (*PodSecurityPolicySelfSubjectReviewSpec) Size ¶
func (m *PodSecurityPolicySelfSubjectReviewSpec) Size() (n int)
func (*PodSecurityPolicySelfSubjectReviewSpec) String ¶
func (this *PodSecurityPolicySelfSubjectReviewSpec) String() string
func (PodSecurityPolicySelfSubjectReviewSpec) SwaggerDoc ¶
func (PodSecurityPolicySelfSubjectReviewSpec) SwaggerDoc() map[string]string
func (*PodSecurityPolicySelfSubjectReviewSpec) Unmarshal ¶
func (m *PodSecurityPolicySelfSubjectReviewSpec) Unmarshal(dAtA []byte) error
func (*PodSecurityPolicySelfSubjectReviewSpec) XXX_DiscardUnknown ¶
func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_DiscardUnknown()
func (*PodSecurityPolicySelfSubjectReviewSpec) XXX_Marshal ¶
func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PodSecurityPolicySelfSubjectReviewSpec) XXX_Merge ¶
func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_Merge(src proto.Message)
func (*PodSecurityPolicySelfSubjectReviewSpec) XXX_Size ¶
func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_Size() int
func (*PodSecurityPolicySelfSubjectReviewSpec) XXX_Unmarshal ¶
func (m *PodSecurityPolicySelfSubjectReviewSpec) XXX_Unmarshal(b []byte) error
type PodSecurityPolicySubjectReview ¶
type PodSecurityPolicySubjectReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,3,opt,name=metadata"` // spec defines specification for the PodSecurityPolicySubjectReview. Spec PodSecurityPolicySubjectReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"` // status represents the current information/status for the PodSecurityPolicySubjectReview. Status PodSecurityPolicySubjectReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"` }
PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.
Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +openshift:compatibility-gen:level=2
func (*PodSecurityPolicySubjectReview) DeepCopy ¶
func (in *PodSecurityPolicySubjectReview) DeepCopy() *PodSecurityPolicySubjectReview
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySubjectReview.
func (*PodSecurityPolicySubjectReview) DeepCopyInto ¶
func (in *PodSecurityPolicySubjectReview) DeepCopyInto(out *PodSecurityPolicySubjectReview)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodSecurityPolicySubjectReview) DeepCopyObject ¶
func (in *PodSecurityPolicySubjectReview) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*PodSecurityPolicySubjectReview) Descriptor ¶
func (*PodSecurityPolicySubjectReview) Descriptor() ([]byte, []int)
func (*PodSecurityPolicySubjectReview) Marshal ¶
func (m *PodSecurityPolicySubjectReview) Marshal() (dAtA []byte, err error)
func (*PodSecurityPolicySubjectReview) MarshalTo ¶
func (m *PodSecurityPolicySubjectReview) MarshalTo(dAtA []byte) (int, error)
func (*PodSecurityPolicySubjectReview) MarshalToSizedBuffer ¶
func (m *PodSecurityPolicySubjectReview) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*PodSecurityPolicySubjectReview) ProtoMessage ¶
func (*PodSecurityPolicySubjectReview) ProtoMessage()
func (*PodSecurityPolicySubjectReview) Reset ¶
func (m *PodSecurityPolicySubjectReview) Reset()
func (*PodSecurityPolicySubjectReview) Size ¶
func (m *PodSecurityPolicySubjectReview) Size() (n int)
func (*PodSecurityPolicySubjectReview) String ¶
func (this *PodSecurityPolicySubjectReview) String() string
func (PodSecurityPolicySubjectReview) SwaggerDoc ¶
func (PodSecurityPolicySubjectReview) SwaggerDoc() map[string]string
func (*PodSecurityPolicySubjectReview) Unmarshal ¶
func (m *PodSecurityPolicySubjectReview) Unmarshal(dAtA []byte) error
func (*PodSecurityPolicySubjectReview) XXX_DiscardUnknown ¶
func (m *PodSecurityPolicySubjectReview) XXX_DiscardUnknown()
func (*PodSecurityPolicySubjectReview) XXX_Marshal ¶
func (m *PodSecurityPolicySubjectReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PodSecurityPolicySubjectReview) XXX_Merge ¶
func (m *PodSecurityPolicySubjectReview) XXX_Merge(src proto.Message)
func (*PodSecurityPolicySubjectReview) XXX_Size ¶
func (m *PodSecurityPolicySubjectReview) XXX_Size() int
func (*PodSecurityPolicySubjectReview) XXX_Unmarshal ¶
func (m *PodSecurityPolicySubjectReview) XXX_Unmarshal(b []byte) error
type PodSecurityPolicySubjectReviewSpec ¶
type PodSecurityPolicySubjectReviewSpec struct { // template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted. // If its non-empty, it will be checked. Template corev1.PodTemplateSpec `json:"template" protobuf:"bytes,1,opt,name=template"` // user is the user you're testing for. // If you specify "user" but not "group", then is it interpreted as "What if user were not a member of any groups. // If user and groups are empty, then the check is performed using *only* the serviceAccountName in the template. User string `json:"user,omitempty" protobuf:"bytes,2,opt,name=user"` // groups is the groups you're testing for. Groups []string `json:"groups,omitempty" protobuf:"bytes,3,rep,name=groups"` }
PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview
func (*PodSecurityPolicySubjectReviewSpec) DeepCopy ¶
func (in *PodSecurityPolicySubjectReviewSpec) DeepCopy() *PodSecurityPolicySubjectReviewSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySubjectReviewSpec.
func (*PodSecurityPolicySubjectReviewSpec) DeepCopyInto ¶
func (in *PodSecurityPolicySubjectReviewSpec) DeepCopyInto(out *PodSecurityPolicySubjectReviewSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodSecurityPolicySubjectReviewSpec) Descriptor ¶
func (*PodSecurityPolicySubjectReviewSpec) Descriptor() ([]byte, []int)
func (*PodSecurityPolicySubjectReviewSpec) Marshal ¶
func (m *PodSecurityPolicySubjectReviewSpec) Marshal() (dAtA []byte, err error)
func (*PodSecurityPolicySubjectReviewSpec) MarshalTo ¶
func (m *PodSecurityPolicySubjectReviewSpec) MarshalTo(dAtA []byte) (int, error)
func (*PodSecurityPolicySubjectReviewSpec) MarshalToSizedBuffer ¶
func (m *PodSecurityPolicySubjectReviewSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*PodSecurityPolicySubjectReviewSpec) ProtoMessage ¶
func (*PodSecurityPolicySubjectReviewSpec) ProtoMessage()
func (*PodSecurityPolicySubjectReviewSpec) Reset ¶
func (m *PodSecurityPolicySubjectReviewSpec) Reset()
func (*PodSecurityPolicySubjectReviewSpec) Size ¶
func (m *PodSecurityPolicySubjectReviewSpec) Size() (n int)
func (*PodSecurityPolicySubjectReviewSpec) String ¶
func (this *PodSecurityPolicySubjectReviewSpec) String() string
func (PodSecurityPolicySubjectReviewSpec) SwaggerDoc ¶
func (PodSecurityPolicySubjectReviewSpec) SwaggerDoc() map[string]string
func (*PodSecurityPolicySubjectReviewSpec) Unmarshal ¶
func (m *PodSecurityPolicySubjectReviewSpec) Unmarshal(dAtA []byte) error
func (*PodSecurityPolicySubjectReviewSpec) XXX_DiscardUnknown ¶
func (m *PodSecurityPolicySubjectReviewSpec) XXX_DiscardUnknown()
func (*PodSecurityPolicySubjectReviewSpec) XXX_Marshal ¶
func (m *PodSecurityPolicySubjectReviewSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PodSecurityPolicySubjectReviewSpec) XXX_Merge ¶
func (m *PodSecurityPolicySubjectReviewSpec) XXX_Merge(src proto.Message)
func (*PodSecurityPolicySubjectReviewSpec) XXX_Size ¶
func (m *PodSecurityPolicySubjectReviewSpec) XXX_Size() int
func (*PodSecurityPolicySubjectReviewSpec) XXX_Unmarshal ¶
func (m *PodSecurityPolicySubjectReviewSpec) XXX_Unmarshal(b []byte) error
type PodSecurityPolicySubjectReviewStatus ¶
type PodSecurityPolicySubjectReviewStatus struct { // allowedBy is a reference to the rule that allows the PodTemplateSpec. // A rule can be a SecurityContextConstraint or a PodSecurityPolicy // A `nil`, indicates that it was denied. AllowedBy *corev1.ObjectReference `json:"allowedBy,omitempty" protobuf:"bytes,1,opt,name=allowedBy"` // A machine-readable description of why this operation is in the // "Failure" status. If this value is empty there // is no information available. Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"` // template is the PodTemplateSpec after the defaulting is applied. Template corev1.PodTemplateSpec `json:"template,omitempty" protobuf:"bytes,3,opt,name=template"` }
PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.
func (*PodSecurityPolicySubjectReviewStatus) DeepCopy ¶
func (in *PodSecurityPolicySubjectReviewStatus) DeepCopy() *PodSecurityPolicySubjectReviewStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySubjectReviewStatus.
func (*PodSecurityPolicySubjectReviewStatus) DeepCopyInto ¶
func (in *PodSecurityPolicySubjectReviewStatus) DeepCopyInto(out *PodSecurityPolicySubjectReviewStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodSecurityPolicySubjectReviewStatus) Descriptor ¶
func (*PodSecurityPolicySubjectReviewStatus) Descriptor() ([]byte, []int)
func (*PodSecurityPolicySubjectReviewStatus) Marshal ¶
func (m *PodSecurityPolicySubjectReviewStatus) Marshal() (dAtA []byte, err error)
func (*PodSecurityPolicySubjectReviewStatus) MarshalTo ¶
func (m *PodSecurityPolicySubjectReviewStatus) MarshalTo(dAtA []byte) (int, error)
func (*PodSecurityPolicySubjectReviewStatus) MarshalToSizedBuffer ¶
func (m *PodSecurityPolicySubjectReviewStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*PodSecurityPolicySubjectReviewStatus) ProtoMessage ¶
func (*PodSecurityPolicySubjectReviewStatus) ProtoMessage()
func (*PodSecurityPolicySubjectReviewStatus) Reset ¶
func (m *PodSecurityPolicySubjectReviewStatus) Reset()
func (*PodSecurityPolicySubjectReviewStatus) Size ¶
func (m *PodSecurityPolicySubjectReviewStatus) Size() (n int)
func (*PodSecurityPolicySubjectReviewStatus) String ¶
func (this *PodSecurityPolicySubjectReviewStatus) String() string
func (PodSecurityPolicySubjectReviewStatus) SwaggerDoc ¶
func (PodSecurityPolicySubjectReviewStatus) SwaggerDoc() map[string]string
func (*PodSecurityPolicySubjectReviewStatus) Unmarshal ¶
func (m *PodSecurityPolicySubjectReviewStatus) Unmarshal(dAtA []byte) error
func (*PodSecurityPolicySubjectReviewStatus) XXX_DiscardUnknown ¶
func (m *PodSecurityPolicySubjectReviewStatus) XXX_DiscardUnknown()
func (*PodSecurityPolicySubjectReviewStatus) XXX_Marshal ¶
func (m *PodSecurityPolicySubjectReviewStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PodSecurityPolicySubjectReviewStatus) XXX_Merge ¶
func (m *PodSecurityPolicySubjectReviewStatus) XXX_Merge(src proto.Message)
func (*PodSecurityPolicySubjectReviewStatus) XXX_Size ¶
func (m *PodSecurityPolicySubjectReviewStatus) XXX_Size() int
func (*PodSecurityPolicySubjectReviewStatus) XXX_Unmarshal ¶
func (m *PodSecurityPolicySubjectReviewStatus) XXX_Unmarshal(b []byte) error
type RangeAllocation ¶
type RangeAllocation struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // range is a string representing a unique label for a range of uids, "1000000000-2000000000/10000". Range string `json:"range" protobuf:"bytes,2,opt,name=range"` // data is a byte array representing the serialized state of a range allocation. It is a bitmap // with each bit set to one to represent a range is taken. Data []byte `json:"data" protobuf:"bytes,3,opt,name=data"` }
RangeAllocation is used so we can easily expose a RangeAllocation typed for security group
Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +openshift:compatibility-gen:level=4
func (*RangeAllocation) DeepCopy ¶
func (in *RangeAllocation) DeepCopy() *RangeAllocation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RangeAllocation.
func (*RangeAllocation) DeepCopyInto ¶
func (in *RangeAllocation) DeepCopyInto(out *RangeAllocation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RangeAllocation) DeepCopyObject ¶
func (in *RangeAllocation) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*RangeAllocation) Descriptor ¶
func (*RangeAllocation) Descriptor() ([]byte, []int)
func (*RangeAllocation) Marshal ¶
func (m *RangeAllocation) Marshal() (dAtA []byte, err error)
func (*RangeAllocation) MarshalToSizedBuffer ¶
func (m *RangeAllocation) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*RangeAllocation) ProtoMessage ¶
func (*RangeAllocation) ProtoMessage()
func (*RangeAllocation) Reset ¶
func (m *RangeAllocation) Reset()
func (*RangeAllocation) Size ¶
func (m *RangeAllocation) Size() (n int)
func (*RangeAllocation) String ¶
func (this *RangeAllocation) String() string
func (RangeAllocation) SwaggerDoc ¶
func (RangeAllocation) SwaggerDoc() map[string]string
func (*RangeAllocation) Unmarshal ¶
func (m *RangeAllocation) Unmarshal(dAtA []byte) error
func (*RangeAllocation) XXX_DiscardUnknown ¶
func (m *RangeAllocation) XXX_DiscardUnknown()
func (*RangeAllocation) XXX_Marshal ¶
func (m *RangeAllocation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*RangeAllocation) XXX_Merge ¶
func (m *RangeAllocation) XXX_Merge(src proto.Message)
func (*RangeAllocation) XXX_Size ¶
func (m *RangeAllocation) XXX_Size() int
func (*RangeAllocation) XXX_Unmarshal ¶
func (m *RangeAllocation) XXX_Unmarshal(b []byte) error
type RangeAllocationList ¶
type RangeAllocationList struct { metav1.TypeMeta `json:",inline"` // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // List of RangeAllocations. Items []RangeAllocation `json:"items" protobuf:"bytes,2,rep,name=items"` }
RangeAllocationList is a list of RangeAllocations objects
Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +openshift:compatibility-gen:level=1
func (*RangeAllocationList) DeepCopy ¶
func (in *RangeAllocationList) DeepCopy() *RangeAllocationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RangeAllocationList.
func (*RangeAllocationList) DeepCopyInto ¶
func (in *RangeAllocationList) DeepCopyInto(out *RangeAllocationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RangeAllocationList) DeepCopyObject ¶
func (in *RangeAllocationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*RangeAllocationList) Descriptor ¶
func (*RangeAllocationList) Descriptor() ([]byte, []int)
func (*RangeAllocationList) Marshal ¶
func (m *RangeAllocationList) Marshal() (dAtA []byte, err error)
func (*RangeAllocationList) MarshalTo ¶
func (m *RangeAllocationList) MarshalTo(dAtA []byte) (int, error)
func (*RangeAllocationList) MarshalToSizedBuffer ¶
func (m *RangeAllocationList) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*RangeAllocationList) ProtoMessage ¶
func (*RangeAllocationList) ProtoMessage()
func (*RangeAllocationList) Reset ¶
func (m *RangeAllocationList) Reset()
func (*RangeAllocationList) Size ¶
func (m *RangeAllocationList) Size() (n int)
func (*RangeAllocationList) String ¶
func (this *RangeAllocationList) String() string
func (RangeAllocationList) SwaggerDoc ¶
func (RangeAllocationList) SwaggerDoc() map[string]string
func (*RangeAllocationList) Unmarshal ¶
func (m *RangeAllocationList) Unmarshal(dAtA []byte) error
func (*RangeAllocationList) XXX_DiscardUnknown ¶
func (m *RangeAllocationList) XXX_DiscardUnknown()
func (*RangeAllocationList) XXX_Marshal ¶
func (m *RangeAllocationList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*RangeAllocationList) XXX_Merge ¶
func (m *RangeAllocationList) XXX_Merge(src proto.Message)
func (*RangeAllocationList) XXX_Size ¶
func (m *RangeAllocationList) XXX_Size() int
func (*RangeAllocationList) XXX_Unmarshal ¶
func (m *RangeAllocationList) XXX_Unmarshal(b []byte) error
type RunAsUserStrategyOptions ¶
type RunAsUserStrategyOptions struct { // Type is the strategy that will dictate what RunAsUser is used in the SecurityContext. Type RunAsUserStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=RunAsUserStrategyType"` // UID is the user id that containers must run as. Required for the MustRunAs strategy if not using // namespace/service account allocated uids. UID *int64 `json:"uid,omitempty" protobuf:"varint,2,opt,name=uid"` // UIDRangeMin defines the min value for a strategy that allocates by range. UIDRangeMin *int64 `json:"uidRangeMin,omitempty" protobuf:"varint,3,opt,name=uidRangeMin"` // UIDRangeMax defines the max value for a strategy that allocates by range. UIDRangeMax *int64 `json:"uidRangeMax,omitempty" protobuf:"varint,4,opt,name=uidRangeMax"` }
RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
func (*RunAsUserStrategyOptions) DeepCopy ¶
func (in *RunAsUserStrategyOptions) DeepCopy() *RunAsUserStrategyOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsUserStrategyOptions.
func (*RunAsUserStrategyOptions) DeepCopyInto ¶
func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RunAsUserStrategyOptions) Descriptor ¶
func (*RunAsUserStrategyOptions) Descriptor() ([]byte, []int)
func (*RunAsUserStrategyOptions) Marshal ¶
func (m *RunAsUserStrategyOptions) Marshal() (dAtA []byte, err error)
func (*RunAsUserStrategyOptions) MarshalTo ¶
func (m *RunAsUserStrategyOptions) MarshalTo(dAtA []byte) (int, error)
func (*RunAsUserStrategyOptions) MarshalToSizedBuffer ¶
func (m *RunAsUserStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*RunAsUserStrategyOptions) ProtoMessage ¶
func (*RunAsUserStrategyOptions) ProtoMessage()
func (*RunAsUserStrategyOptions) Reset ¶
func (m *RunAsUserStrategyOptions) Reset()
func (*RunAsUserStrategyOptions) Size ¶
func (m *RunAsUserStrategyOptions) Size() (n int)
func (*RunAsUserStrategyOptions) String ¶
func (this *RunAsUserStrategyOptions) String() string
func (RunAsUserStrategyOptions) SwaggerDoc ¶
func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string
func (*RunAsUserStrategyOptions) Unmarshal ¶
func (m *RunAsUserStrategyOptions) Unmarshal(dAtA []byte) error
func (*RunAsUserStrategyOptions) XXX_DiscardUnknown ¶
func (m *RunAsUserStrategyOptions) XXX_DiscardUnknown()
func (*RunAsUserStrategyOptions) XXX_Marshal ¶
func (m *RunAsUserStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*RunAsUserStrategyOptions) XXX_Merge ¶
func (m *RunAsUserStrategyOptions) XXX_Merge(src proto.Message)
func (*RunAsUserStrategyOptions) XXX_Size ¶
func (m *RunAsUserStrategyOptions) XXX_Size() int
func (*RunAsUserStrategyOptions) XXX_Unmarshal ¶
func (m *RunAsUserStrategyOptions) XXX_Unmarshal(b []byte) error
type RunAsUserStrategyType ¶
type RunAsUserStrategyType string
RunAsUserStrategyType denotes strategy types for generating RunAsUser values for a SecurityContext
type SELinuxContextStrategyOptions ¶
type SELinuxContextStrategyOptions struct { // Type is the strategy that will dictate what SELinux context is used in the SecurityContext. Type SELinuxContextStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=SELinuxContextStrategyType"` // seLinuxOptions required to run as; required for MustRunAs SELinuxOptions *corev1.SELinuxOptions `json:"seLinuxOptions,omitempty" protobuf:"bytes,2,opt,name=seLinuxOptions"` }
SELinuxContextStrategyOptions defines the strategy type and any options used to create the strategy.
func (*SELinuxContextStrategyOptions) DeepCopy ¶
func (in *SELinuxContextStrategyOptions) DeepCopy() *SELinuxContextStrategyOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxContextStrategyOptions.
func (*SELinuxContextStrategyOptions) DeepCopyInto ¶
func (in *SELinuxContextStrategyOptions) DeepCopyInto(out *SELinuxContextStrategyOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SELinuxContextStrategyOptions) Descriptor ¶
func (*SELinuxContextStrategyOptions) Descriptor() ([]byte, []int)
func (*SELinuxContextStrategyOptions) Marshal ¶
func (m *SELinuxContextStrategyOptions) Marshal() (dAtA []byte, err error)
func (*SELinuxContextStrategyOptions) MarshalTo ¶
func (m *SELinuxContextStrategyOptions) MarshalTo(dAtA []byte) (int, error)
func (*SELinuxContextStrategyOptions) MarshalToSizedBuffer ¶
func (m *SELinuxContextStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*SELinuxContextStrategyOptions) ProtoMessage ¶
func (*SELinuxContextStrategyOptions) ProtoMessage()
func (*SELinuxContextStrategyOptions) Reset ¶
func (m *SELinuxContextStrategyOptions) Reset()
func (*SELinuxContextStrategyOptions) Size ¶
func (m *SELinuxContextStrategyOptions) Size() (n int)
func (*SELinuxContextStrategyOptions) String ¶
func (this *SELinuxContextStrategyOptions) String() string
func (SELinuxContextStrategyOptions) SwaggerDoc ¶
func (SELinuxContextStrategyOptions) SwaggerDoc() map[string]string
func (*SELinuxContextStrategyOptions) Unmarshal ¶
func (m *SELinuxContextStrategyOptions) Unmarshal(dAtA []byte) error
func (*SELinuxContextStrategyOptions) XXX_DiscardUnknown ¶
func (m *SELinuxContextStrategyOptions) XXX_DiscardUnknown()
func (*SELinuxContextStrategyOptions) XXX_Marshal ¶
func (m *SELinuxContextStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*SELinuxContextStrategyOptions) XXX_Merge ¶
func (m *SELinuxContextStrategyOptions) XXX_Merge(src proto.Message)
func (*SELinuxContextStrategyOptions) XXX_Size ¶
func (m *SELinuxContextStrategyOptions) XXX_Size() int
func (*SELinuxContextStrategyOptions) XXX_Unmarshal ¶
func (m *SELinuxContextStrategyOptions) XXX_Unmarshal(b []byte) error
type SELinuxContextStrategyType ¶
type SELinuxContextStrategyType string
SELinuxContextStrategyType denotes strategy types for generating SELinux options for a SecurityContext
type SecurityContextConstraints ¶
type SecurityContextConstraints struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Priority influences the sort order of SCCs when evaluating which SCCs to try first for // a given pod request based on access in the Users and Groups fields. The higher the int, the // higher priority. An unset value is considered a 0 priority. If scores // for multiple SCCs are equal they will be sorted from most restrictive to // least restrictive. If both priorities and restrictions are equal the // SCCs will be sorted by name. // +nullable Priority *int32 `json:"priority" protobuf:"varint,2,opt,name=priority"` // AllowPrivilegedContainer determines if a container can request to be run as privileged. AllowPrivilegedContainer bool `json:"allowPrivilegedContainer" protobuf:"varint,3,opt,name=allowPrivilegedContainer"` // DefaultAddCapabilities is the default set of capabilities that will be added to the container // unless the pod spec specifically drops the capability. You may not list a capabiility in both // DefaultAddCapabilities and RequiredDropCapabilities. // +nullable // +listType=atomic DefaultAddCapabilities []corev1.Capability `json:"defaultAddCapabilities" protobuf:"bytes,4,rep,name=defaultAddCapabilities,casttype=Capability"` // RequiredDropCapabilities are the capabilities that will be dropped from the container. These // are required to be dropped and cannot be added. // +nullable // +listType=atomic RequiredDropCapabilities []corev1.Capability `json:"requiredDropCapabilities" protobuf:"bytes,5,rep,name=requiredDropCapabilities,casttype=Capability"` // AllowedCapabilities is a list of capabilities that can be requested to add to the container. // Capabilities in this field maybe added at the pod author's discretion. // You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. // To allow all capabilities you may use '*'. // +nullable // +listType=atomic AllowedCapabilities []corev1.Capability `json:"allowedCapabilities" protobuf:"bytes,6,rep,name=allowedCapabilities,casttype=Capability"` // AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin // +k8s:conversion-gen=false AllowHostDirVolumePlugin bool `json:"allowHostDirVolumePlugin" protobuf:"varint,7,opt,name=allowHostDirVolumePlugin"` // Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names // of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use "*". // To allow no volumes, set to ["none"]. // +nullable // +listType=atomic Volumes []FSType `json:"volumes" protobuf:"bytes,8,rep,name=volumes,casttype=FSType"` // AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all // Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes // is allowed in the "Volumes" field. // +optional // +nullable // +listType=atomic AllowedFlexVolumes []AllowedFlexVolume `json:"allowedFlexVolumes,omitempty" protobuf:"bytes,21,rep,name=allowedFlexVolumes"` // AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec. AllowHostNetwork bool `json:"allowHostNetwork" protobuf:"varint,9,opt,name=allowHostNetwork"` // AllowHostPorts determines if the policy allows host ports in the containers. AllowHostPorts bool `json:"allowHostPorts" protobuf:"varint,10,opt,name=allowHostPorts"` // AllowHostPID determines if the policy allows host pid in the containers. AllowHostPID bool `json:"allowHostPID" protobuf:"varint,11,opt,name=allowHostPID"` // AllowHostIPC determines if the policy allows host ipc in the containers. AllowHostIPC bool `json:"allowHostIPC" protobuf:"varint,12,opt,name=allowHostIPC"` // userNamespaceLevel determines if the policy allows host users in containers. // Valid values are "AllowHostLevel", "RequirePodLevel", and omitted. // When "AllowHostLevel" is set, a pod author may set `hostUsers` to either `true` or `false`. // When "RequirePodLevel" is set, a pod author must set `hostUsers` to `false`. // When omitted, the default value is "AllowHostLevel". // +openshift:enable:FeatureGate=UserNamespacesPodSecurityStandards // +kubebuilder:validation:Enum="AllowHostLevel";"RequirePodLevel" // +kubebuilder:default:="AllowHostLevel" // +default="AllowHostLevel" // +optional UserNamespaceLevel NamespaceLevelType `json:"userNamespaceLevel,omitempty" protobuf:"bytes,26,opt,name=userNamespaceLevel"` // DefaultAllowPrivilegeEscalation controls the default setting for whether a // process can gain more privileges than its parent process. // +optional // +nullable DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,22,rep,name=defaultAllowPrivilegeEscalation"` // AllowPrivilegeEscalation determines if a pod can request to allow // privilege escalation. If unspecified, defaults to true. // +optional // +nullable AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,23,rep,name=allowPrivilegeEscalation"` // SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext. // +nullable SELinuxContext SELinuxContextStrategyOptions `json:"seLinuxContext,omitempty" protobuf:"bytes,13,opt,name=seLinuxContext"` // RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext. // +nullable RunAsUser RunAsUserStrategyOptions `json:"runAsUser,omitempty" protobuf:"bytes,14,opt,name=runAsUser"` // SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. // +nullable SupplementalGroups SupplementalGroupsStrategyOptions `json:"supplementalGroups,omitempty" protobuf:"bytes,15,opt,name=supplementalGroups"` // FSGroup is the strategy that will dictate what fs group is used by the SecurityContext. // +nullable FSGroup FSGroupStrategyOptions `json:"fsGroup,omitempty" protobuf:"bytes,16,opt,name=fsGroup"` // ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file // system. If the container specifically requests to run with a non-read only root file system // the SCC should deny the pod. // If set to false the container may run with a read only root file system if it wishes but it // will not be forced to. ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem" protobuf:"varint,17,opt,name=readOnlyRootFilesystem"` // The users who have permissions to use this security context constraints // +optional // +nullable // +listType=atomic Users []string `json:"users" protobuf:"bytes,18,rep,name=users"` // The groups that have permission to use this security context constraints // +optional // +nullable // +listType=atomic Groups []string `json:"groups" protobuf:"bytes,19,rep,name=groups"` // SeccompProfiles lists the allowed profiles that may be set for the pod or // container's seccomp annotations. An unset (nil) or empty value means that no profiles may // be specifid by the pod or container. The wildcard '*' may be used to allow all profiles. When // used to generate a value for a pod the first non-wildcard profile will be used as // the default. // +nullable // +listType=atomic SeccompProfiles []string `json:"seccompProfiles,omitempty" protobuf:"bytes,20,opt,name=seccompProfiles"` // AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. // Each entry is either a plain sysctl name or ends in "*" in which case it is considered // as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. // Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. // // Examples: // e.g. "foo/*" allows "foo/bar", "foo/baz", etc. // e.g. "foo.*" allows "foo.bar", "foo.baz", etc. // +optional // +nullable // +listType=atomic AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty" protobuf:"bytes,24,rep,name=allowedUnsafeSysctls"` // ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. // Each entry is either a plain sysctl name or ends in "*" in which case it is considered // as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. // // Examples: // e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. // e.g. "foo.*" forbids "foo.bar", "foo.baz", etc. // +optional // +nullable // +listType=atomic ForbiddenSysctls []string `json:"forbiddenSysctls,omitempty" protobuf:"bytes,25,rep,name=forbiddenSysctls"` }
SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.
Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +kubebuilder:object:root=true +kubebuilder:resource:path=securitycontextconstraints,scope=Cluster +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 +kubebuilder:printcolumn:name="Priv",type=string,JSONPath=.allowPrivilegedContainer,description="Determines if a container can request to be run as privileged" +kubebuilder:printcolumn:name="Caps",type=string,JSONPath=.allowedCapabilities,description="A list of capabilities that can be requested to add to the container" +kubebuilder:printcolumn:name="SELinux",type=string,JSONPath=.seLinuxContext.type,description="Strategy that will dictate what labels will be set in the SecurityContext" +kubebuilder:printcolumn:name="RunAsUser",type=string,JSONPath=.runAsUser.type,description="Strategy that will dictate what RunAsUser is used in the SecurityContext" +kubebuilder:printcolumn:name="FSGroup",type=string,JSONPath=.fsGroup.type,description="Strategy that will dictate what fs group is used by the SecurityContext" +kubebuilder:printcolumn:name="SupGroup",type=string,JSONPath=.supplementalGroups.type,description="Strategy that will dictate what supplemental groups are used by the SecurityContext" +kubebuilder:printcolumn:name="Priority",type=string,JSONPath=.priority,description="Sort order of SCCs" +kubebuilder:printcolumn:name="ReadOnlyRootFS",type=string,JSONPath=.readOnlyRootFilesystem,description="Force containers to run with a read only root file system" +kubebuilder:printcolumn:name="Volumes",type=string,JSONPath=.volumes,description="White list of allowed volume plugins" +kubebuilder:singular=securitycontextconstraint +openshift:compatibility-gen:level=1 +kubebuilder:metadata:annotations=release.openshift.io/bootstrap-required=true
func (*SecurityContextConstraints) DeepCopy ¶
func (in *SecurityContextConstraints) DeepCopy() *SecurityContextConstraints
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityContextConstraints.
func (*SecurityContextConstraints) DeepCopyInto ¶
func (in *SecurityContextConstraints) DeepCopyInto(out *SecurityContextConstraints)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecurityContextConstraints) DeepCopyObject ¶
func (in *SecurityContextConstraints) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*SecurityContextConstraints) Descriptor ¶
func (*SecurityContextConstraints) Descriptor() ([]byte, []int)
func (*SecurityContextConstraints) Marshal ¶
func (m *SecurityContextConstraints) Marshal() (dAtA []byte, err error)
func (*SecurityContextConstraints) MarshalTo ¶
func (m *SecurityContextConstraints) MarshalTo(dAtA []byte) (int, error)
func (*SecurityContextConstraints) MarshalToSizedBuffer ¶
func (m *SecurityContextConstraints) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*SecurityContextConstraints) ProtoMessage ¶
func (*SecurityContextConstraints) ProtoMessage()
func (*SecurityContextConstraints) Reset ¶
func (m *SecurityContextConstraints) Reset()
func (*SecurityContextConstraints) Size ¶
func (m *SecurityContextConstraints) Size() (n int)
func (*SecurityContextConstraints) String ¶
func (this *SecurityContextConstraints) String() string
func (SecurityContextConstraints) SwaggerDoc ¶
func (SecurityContextConstraints) SwaggerDoc() map[string]string
func (*SecurityContextConstraints) Unmarshal ¶
func (m *SecurityContextConstraints) Unmarshal(dAtA []byte) error
func (*SecurityContextConstraints) XXX_DiscardUnknown ¶
func (m *SecurityContextConstraints) XXX_DiscardUnknown()
func (*SecurityContextConstraints) XXX_Marshal ¶
func (m *SecurityContextConstraints) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*SecurityContextConstraints) XXX_Merge ¶
func (m *SecurityContextConstraints) XXX_Merge(src proto.Message)
func (*SecurityContextConstraints) XXX_Size ¶
func (m *SecurityContextConstraints) XXX_Size() int
func (*SecurityContextConstraints) XXX_Unmarshal ¶
func (m *SecurityContextConstraints) XXX_Unmarshal(b []byte) error
type SecurityContextConstraintsList ¶
type SecurityContextConstraintsList struct { metav1.TypeMeta `json:",inline"` // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // List of security context constraints. Items []SecurityContextConstraints `json:"items" protobuf:"bytes,2,rep,name=items"` }
SecurityContextConstraintsList is a list of SecurityContextConstraints objects
Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +openshift:compatibility-gen:level=1
func (*SecurityContextConstraintsList) DeepCopy ¶
func (in *SecurityContextConstraintsList) DeepCopy() *SecurityContextConstraintsList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityContextConstraintsList.
func (*SecurityContextConstraintsList) DeepCopyInto ¶
func (in *SecurityContextConstraintsList) DeepCopyInto(out *SecurityContextConstraintsList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecurityContextConstraintsList) DeepCopyObject ¶
func (in *SecurityContextConstraintsList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*SecurityContextConstraintsList) Descriptor ¶
func (*SecurityContextConstraintsList) Descriptor() ([]byte, []int)
func (*SecurityContextConstraintsList) Marshal ¶
func (m *SecurityContextConstraintsList) Marshal() (dAtA []byte, err error)
func (*SecurityContextConstraintsList) MarshalTo ¶
func (m *SecurityContextConstraintsList) MarshalTo(dAtA []byte) (int, error)
func (*SecurityContextConstraintsList) MarshalToSizedBuffer ¶
func (m *SecurityContextConstraintsList) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*SecurityContextConstraintsList) ProtoMessage ¶
func (*SecurityContextConstraintsList) ProtoMessage()
func (*SecurityContextConstraintsList) Reset ¶
func (m *SecurityContextConstraintsList) Reset()
func (*SecurityContextConstraintsList) Size ¶
func (m *SecurityContextConstraintsList) Size() (n int)
func (*SecurityContextConstraintsList) String ¶
func (this *SecurityContextConstraintsList) String() string
func (SecurityContextConstraintsList) SwaggerDoc ¶
func (SecurityContextConstraintsList) SwaggerDoc() map[string]string
func (*SecurityContextConstraintsList) Unmarshal ¶
func (m *SecurityContextConstraintsList) Unmarshal(dAtA []byte) error
func (*SecurityContextConstraintsList) XXX_DiscardUnknown ¶
func (m *SecurityContextConstraintsList) XXX_DiscardUnknown()
func (*SecurityContextConstraintsList) XXX_Marshal ¶
func (m *SecurityContextConstraintsList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*SecurityContextConstraintsList) XXX_Merge ¶
func (m *SecurityContextConstraintsList) XXX_Merge(src proto.Message)
func (*SecurityContextConstraintsList) XXX_Size ¶
func (m *SecurityContextConstraintsList) XXX_Size() int
func (*SecurityContextConstraintsList) XXX_Unmarshal ¶
func (m *SecurityContextConstraintsList) XXX_Unmarshal(b []byte) error
type ServiceAccountPodSecurityPolicyReviewStatus ¶
type ServiceAccountPodSecurityPolicyReviewStatus struct { PodSecurityPolicySubjectReviewStatus `json:",inline" protobuf:"bytes,1,opt,name=podSecurityPolicySubjectReviewStatus"` // name contains the allowed and the denied ServiceAccount name Name string `json:"name" protobuf:"bytes,2,opt,name=name"` }
ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status
func (*ServiceAccountPodSecurityPolicyReviewStatus) DeepCopy ¶
func (in *ServiceAccountPodSecurityPolicyReviewStatus) DeepCopy() *ServiceAccountPodSecurityPolicyReviewStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountPodSecurityPolicyReviewStatus.
func (*ServiceAccountPodSecurityPolicyReviewStatus) DeepCopyInto ¶
func (in *ServiceAccountPodSecurityPolicyReviewStatus) DeepCopyInto(out *ServiceAccountPodSecurityPolicyReviewStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ServiceAccountPodSecurityPolicyReviewStatus) Descriptor ¶
func (*ServiceAccountPodSecurityPolicyReviewStatus) Descriptor() ([]byte, []int)
func (*ServiceAccountPodSecurityPolicyReviewStatus) Marshal ¶
func (m *ServiceAccountPodSecurityPolicyReviewStatus) Marshal() (dAtA []byte, err error)
func (*ServiceAccountPodSecurityPolicyReviewStatus) MarshalTo ¶
func (m *ServiceAccountPodSecurityPolicyReviewStatus) MarshalTo(dAtA []byte) (int, error)
func (*ServiceAccountPodSecurityPolicyReviewStatus) MarshalToSizedBuffer ¶
func (m *ServiceAccountPodSecurityPolicyReviewStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*ServiceAccountPodSecurityPolicyReviewStatus) ProtoMessage ¶
func (*ServiceAccountPodSecurityPolicyReviewStatus) ProtoMessage()
func (*ServiceAccountPodSecurityPolicyReviewStatus) Reset ¶
func (m *ServiceAccountPodSecurityPolicyReviewStatus) Reset()
func (*ServiceAccountPodSecurityPolicyReviewStatus) Size ¶
func (m *ServiceAccountPodSecurityPolicyReviewStatus) Size() (n int)
func (*ServiceAccountPodSecurityPolicyReviewStatus) String ¶
func (this *ServiceAccountPodSecurityPolicyReviewStatus) String() string
func (ServiceAccountPodSecurityPolicyReviewStatus) SwaggerDoc ¶
func (ServiceAccountPodSecurityPolicyReviewStatus) SwaggerDoc() map[string]string
func (*ServiceAccountPodSecurityPolicyReviewStatus) Unmarshal ¶
func (m *ServiceAccountPodSecurityPolicyReviewStatus) Unmarshal(dAtA []byte) error
func (*ServiceAccountPodSecurityPolicyReviewStatus) XXX_DiscardUnknown ¶
func (m *ServiceAccountPodSecurityPolicyReviewStatus) XXX_DiscardUnknown()
func (*ServiceAccountPodSecurityPolicyReviewStatus) XXX_Marshal ¶
func (m *ServiceAccountPodSecurityPolicyReviewStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*ServiceAccountPodSecurityPolicyReviewStatus) XXX_Merge ¶
func (m *ServiceAccountPodSecurityPolicyReviewStatus) XXX_Merge(src proto.Message)
func (*ServiceAccountPodSecurityPolicyReviewStatus) XXX_Size ¶
func (m *ServiceAccountPodSecurityPolicyReviewStatus) XXX_Size() int
func (*ServiceAccountPodSecurityPolicyReviewStatus) XXX_Unmarshal ¶
func (m *ServiceAccountPodSecurityPolicyReviewStatus) XXX_Unmarshal(b []byte) error
type SupplementalGroupsStrategyOptions ¶
type SupplementalGroupsStrategyOptions struct { // Type is the strategy that will dictate what supplemental groups is used in the SecurityContext. Type SupplementalGroupsStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=SupplementalGroupsStrategyType"` // Ranges are the allowed ranges of supplemental groups. If you would like to force a single // supplemental group then supply a single range with the same start and end. // +listType=atomic Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"` }
SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
func (*SupplementalGroupsStrategyOptions) DeepCopy ¶
func (in *SupplementalGroupsStrategyOptions) DeepCopy() *SupplementalGroupsStrategyOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SupplementalGroupsStrategyOptions.
func (*SupplementalGroupsStrategyOptions) DeepCopyInto ¶
func (in *SupplementalGroupsStrategyOptions) DeepCopyInto(out *SupplementalGroupsStrategyOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SupplementalGroupsStrategyOptions) Descriptor ¶
func (*SupplementalGroupsStrategyOptions) Descriptor() ([]byte, []int)
func (*SupplementalGroupsStrategyOptions) Marshal ¶
func (m *SupplementalGroupsStrategyOptions) Marshal() (dAtA []byte, err error)
func (*SupplementalGroupsStrategyOptions) MarshalTo ¶
func (m *SupplementalGroupsStrategyOptions) MarshalTo(dAtA []byte) (int, error)
func (*SupplementalGroupsStrategyOptions) MarshalToSizedBuffer ¶
func (m *SupplementalGroupsStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*SupplementalGroupsStrategyOptions) ProtoMessage ¶
func (*SupplementalGroupsStrategyOptions) ProtoMessage()
func (*SupplementalGroupsStrategyOptions) Reset ¶
func (m *SupplementalGroupsStrategyOptions) Reset()
func (*SupplementalGroupsStrategyOptions) Size ¶
func (m *SupplementalGroupsStrategyOptions) Size() (n int)
func (*SupplementalGroupsStrategyOptions) String ¶
func (this *SupplementalGroupsStrategyOptions) String() string
func (SupplementalGroupsStrategyOptions) SwaggerDoc ¶
func (SupplementalGroupsStrategyOptions) SwaggerDoc() map[string]string
func (*SupplementalGroupsStrategyOptions) Unmarshal ¶
func (m *SupplementalGroupsStrategyOptions) Unmarshal(dAtA []byte) error
func (*SupplementalGroupsStrategyOptions) XXX_DiscardUnknown ¶
func (m *SupplementalGroupsStrategyOptions) XXX_DiscardUnknown()
func (*SupplementalGroupsStrategyOptions) XXX_Marshal ¶
func (m *SupplementalGroupsStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*SupplementalGroupsStrategyOptions) XXX_Merge ¶
func (m *SupplementalGroupsStrategyOptions) XXX_Merge(src proto.Message)
func (*SupplementalGroupsStrategyOptions) XXX_Size ¶
func (m *SupplementalGroupsStrategyOptions) XXX_Size() int
func (*SupplementalGroupsStrategyOptions) XXX_Unmarshal ¶
func (m *SupplementalGroupsStrategyOptions) XXX_Unmarshal(b []byte) error
type SupplementalGroupsStrategyType ¶
type SupplementalGroupsStrategyType string
SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental groups for a SecurityContext.