common

package

v0.3.12-rc1 Latest Latest Go to latest Published: Jun 18, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rancher/webhook

Documentation ¶

Index ¶

Constants
func CheckCreatorID(request *admission.Request, oldObj, newObj metav1.Object) *metav1.Status
func CheckForVerbs(rules []rbacv1.PolicyRule) error
func ConvertAuthnExtras(extra map[string]authnv1.ExtraValue) map[string]authzv1.ExtraValue
func IsCreatingPSAConfig(new map[string]string) bool
func IsUpdatingPSAConfig(old map[string]string, new map[string]string) bool
func SetCreatorIDAnnotation(request *admission.Request, response *v1.AdmissionResponse, ...) error
func ValidateRules(rules []rbacv1.PolicyRule, isNamespaced bool, fldPath *field.Path) error

Constants ¶

View Source

const (
	// EnforceLabel is a that governs the PSS that is enforced for a namespace
	EnforceLabel = "pod-security.kubernetes.io/enforce"
	// EnforceVersionLabel is a label  that governs the PSS version that is enforced for a namespace
	EnforceVersionLabel = "pod-security.kubernetes.io/enforce-version"
	// AuditLabel is a label  that governs the PSS that is used for auditing a namespace
	AuditLabel = "pod-security.kubernetes.io/audit"
	// AuditVersionLabel is a label  that governs the PSS version that is used for auditing a namespace
	AuditVersionLabel = "pod-security.kubernetes.io/audit-version"
	// WarnLabel is a label  that governs the PSS that is used for warning about PSA violations in a namespace
	WarnLabel = "pod-security.kubernetes.io/warn"
	// WarnVersionLabel is a label  that governs the PSS version that is used for warning about PSA violations in a namespace
	WarnVersionLabel = "pod-security.kubernetes.io/warn-version"
)

Variables ¶

This section is empty.

Functions ¶

func CheckCreatorID ¶

func CheckCreatorID(request *admission.Request, oldObj, newObj metav1.Object) *metav1.Status

func CheckForVerbs ¶ added in v0.3.6

func CheckForVerbs(rules []rbacv1.PolicyRule) error

CheckForVerbs checks that all the rules in the given list have a verb set

func ConvertAuthnExtras ¶

func ConvertAuthnExtras(extra map[string]authnv1.ExtraValue) map[string]authzv1.ExtraValue

ConvertAuthnExtras converts authnv1 type extras to authzv1 extras. Technically these are both type alias to string, so the conversion is straightforward

func IsCreatingPSAConfig ¶

func IsCreatingPSAConfig(new map[string]string) bool

IsCreatingPSAConfig will indicate whether or not the labels being passed in are attempting to create PSA-related configuration.

func IsUpdatingPSAConfig ¶

func IsUpdatingPSAConfig(old map[string]string, new map[string]string) bool

IsUpdatingPSAConfig will indicate whether or not the labels being passed in are attempting to update PSA-related configuration.

func SetCreatorIDAnnotation ¶

func SetCreatorIDAnnotation(request *admission.Request, response *v1.AdmissionResponse, obj runtime.RawExtension, newObj metav1.Object) error

SetCreatorIDAnnotation sets the creatorID Annotation on the newObj based on the user specified in the request.

func ValidateRules ¶ added in v0.3.10

func ValidateRules(rules []rbacv1.PolicyRule, isNamespaced bool, fldPath *field.Path) error

ValidateRules calls on standard kubernetes RBAC functionality for the validation of policy rules to validate Rancher rules. This is currently used in the validation of roletemplate external rules.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL