Documentation ¶
Index ¶
- func AssignSecurityContext(provider kscc.SecurityContextConstraintsProvider, pod *kapi.Pod, ...) field.ErrorList
- func ConstraintAppliesTo(constraint *kapi.SecurityContextConstraints, userInfo user.Info) bool
- func CreateProviderFromConstraint(ns string, namespace *kapi.Namespace, ...) (kscc.SecurityContextConstraintsProvider, *kapi.Namespace, error)
- func CreateProvidersFromConstraints(ns string, sccs []*kapi.SecurityContextConstraints, client clientset.Interface) ([]kscc.SecurityContextConstraintsProvider, []error)
- func DeduplicateSecurityContextConstraints(sccs []*kapi.SecurityContextConstraints) []*kapi.SecurityContextConstraints
- type ByPriority
- type ByRestrictions
- type DefaultSCCMatcher
- type SCCMatcher
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AssignSecurityContext ¶
func AssignSecurityContext(provider kscc.SecurityContextConstraintsProvider, pod *kapi.Pod, fldPath *field.Path) field.ErrorList
AssignSecurityContext creates a security context for each container in the pod and validates that the sc falls within the scc constraints. All containers must validate against the same scc or is not considered valid.
func ConstraintAppliesTo ¶
func ConstraintAppliesTo(constraint *kapi.SecurityContextConstraints, userInfo user.Info) bool
ConstraintAppliesTo inspects the constraint's users and groups against the userInfo to determine if it is usable by the userInfo.
func CreateProviderFromConstraint ¶
func CreateProviderFromConstraint(ns string, namespace *kapi.Namespace, constraint *kapi.SecurityContextConstraints, client clientset.Interface) (kscc.SecurityContextConstraintsProvider, *kapi.Namespace, error)
CreateProviderFromConstraint creates a SecurityContextConstraintProvider from a SecurityContextConstraint
func CreateProvidersFromConstraints ¶
func CreateProvidersFromConstraints(ns string, sccs []*kapi.SecurityContextConstraints, client clientset.Interface) ([]kscc.SecurityContextConstraintsProvider, []error)
CreateProvidersFromConstraints creates providers from the constraints supplied, including looking up pre-allocated values if necessary using the pod's namespace.
func DeduplicateSecurityContextConstraints ¶
func DeduplicateSecurityContextConstraints(sccs []*kapi.SecurityContextConstraints) []*kapi.SecurityContextConstraints
DeduplicateSecurityContextConstraints ensures we have a unique slice of constraints.
Types ¶
type ByPriority ¶
type ByPriority []*kapi.SecurityContextConstraints
ByRestrictions is a helper to sort SCCs based on priority. If priorities are equal a string compare of the name is used.
func (ByPriority) Len ¶
func (s ByPriority) Len() int
func (ByPriority) Less ¶
func (s ByPriority) Less(i, j int) bool
func (ByPriority) Swap ¶
func (s ByPriority) Swap(i, j int)
type ByRestrictions ¶
type ByRestrictions []*kapi.SecurityContextConstraints
ByRestrictions is a helper to sort SCCs in order of most restrictive to least restrictive.
func (ByRestrictions) Len ¶
func (s ByRestrictions) Len() int
func (ByRestrictions) Less ¶
func (s ByRestrictions) Less(i, j int) bool
func (ByRestrictions) Swap ¶
func (s ByRestrictions) Swap(i, j int)
type DefaultSCCMatcher ¶
type DefaultSCCMatcher struct {
// contains filtered or unexported fields
}
DefaultSCCMatcher implements default implementation for SCCMatcher interface
func (DefaultSCCMatcher) FindApplicableSCCs ¶
func (d DefaultSCCMatcher) FindApplicableSCCs(userInfo user.Info) ([]*kapi.SecurityContextConstraints, error)
FindApplicableSCCs implements SCCMatcher interface for DefaultSCCMatcher
type SCCMatcher ¶
type SCCMatcher interface {
FindApplicableSCCs(user user.Info) ([]*kapi.SecurityContextConstraints, error)
}
SCCMatcher defines interface for SecurityContextConstraint matcher
func NewDefaultSCCMatcher ¶
func NewDefaultSCCMatcher(c *oscache.IndexerToSecurityContextConstraintsLister) SCCMatcher
NewDefaultSCCMatcher builds and initializes a DefaultSCCMatcher