types

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 15, 2020 License: Apache-2.0 Imports: 5 Imported by: 1

Documentation

Index

Constants

View Source
const (
	Role           = "Role"
	RoleBinding    = "RoleBinding"
	ServiceAccount = "ServiceAccount"
)
View Source
const (
	Version1_11 = "v1.11"
)

Variables

View Source
var (
	DefaultCaps = []string{
		"SETPCAP",
		"MKNOD",
		"AUDIT_WRITE",
		"CHOWN",
		"NET_RAW",
		"DAC_OVERRIDE",
		"FOWNER",
		"FSETID",
		"KILL",
		"SETGID",
		"SETUID",
		"NET_BIND_SERVICE",
		"SYS_CHROOT",
		"SETFCAP",
	}
)

Functions

This section is empty.

Types

type ContainerSecuritySpec

type ContainerSecuritySpec struct {
	Metadata                 Metadata `json:"parentMetadata"`
	ContainerID              string   `json:"containerID"`
	ContainerName            string   `json:"containerName"`
	PodName                  string   `json:"podName"`
	Namespace                string   `json:"namespace"`
	ImageName                string   `json:"imageName"`
	ImageSHA                 string   `json:"imageSHA"`
	HostName                 string   `json:"hostName"`
	Capabilities             []string `json:"effectiveCapabilities,omitempty"`
	DroppedCap               []string `json:"droppedCapabilities,omitempty"`
	AddedCap                 []string `json:"addedCapabilities,omitempty"`
	Privileged               bool     `json:"privileged,omitempty"`
	ReadOnlyRootFS           bool     `json:"readOnlyRootFileSystem,omitempty"`
	RunAsNonRoot             *bool    `json:"runAsNonRoot,omitempty"`
	AllowPrivilegeEscalation *bool    `json:"allowPrivilegeEscalation,omitempty"`
	RunAsUser                *int64   `json:"runAsUser,omitempty"`
	RunAsGroup               *int64   `json:"runAsGroup,omitempty"`
	HostPorts                []int32  `json:"hostPorts,omitempty"`
	ServiceAccount           string   `json:"serviceAccount,omitempty"`
}

type Metadata

type Metadata struct {
	Name string `json:"name"`
	Kind string `json:"kind"`
}

type PSPGrant added in v1.2.0

type PSPGrant struct {
	Comment           string
	PodSecurityPolicy *v1beta1.PodSecurityPolicy
	Role              *v1rbac.Role
	RoleBinding       *v1rbac.RoleBinding
}

type PodSecuritySpec

type PodSecuritySpec struct {
	Metadata       Metadata        `json:"metadata"`
	Namespace      string          `json:"namespace"`
	HostPID        bool            `json:"hostPID,omitempty"`
	HostNetwork    bool            `json:"hostNetwork,omitempty"`
	HostIPC        bool            `json:"hostIPC,omitempty"`
	VolumeTypes    []string        `json:"volumeTypes,omitempty"`
	MountHostPaths map[string]bool `json:"mountedHostPath,omitempty"`
	ServiceAccount string          `json:"serviceAccount,omitempty"`
}

type SASecuritySpec added in v1.2.0

type SASecuritySpec struct {
	PSPName string // psp name

	ServiceAccount string // serviceAccount

	Namespace string // namespace

	ContainerSecuritySpecList []ContainerSecuritySpec

	PodSecuritySpecList []PodSecuritySpec
}

func NewSASecuritySpec added in v1.2.0

func NewSASecuritySpec(ns, sa string) *SASecuritySpec

func (*SASecuritySpec) AddContainerSecuritySpec added in v1.2.0

func (s *SASecuritySpec) AddContainerSecuritySpec(css ContainerSecuritySpec)

AddContainerSecuritySpec adds container security spec object to the associated service account

func (*SASecuritySpec) AddPodSecuritySpec added in v1.2.0

func (s *SASecuritySpec) AddPodSecuritySpec(pss PodSecuritySpec)

AddPodSecuritySpec adds pod security spec object to the associated service account

func (*SASecuritySpec) GenerateComment added in v1.2.0

func (s *SASecuritySpec) GenerateComment() string

GenerateComment generate comments for the psp grants (no psp will be created for default service account)

func (*SASecuritySpec) GeneratePSPName added in v1.2.0

func (s *SASecuritySpec) GeneratePSPName() string

GeneratePSPName generates psp name

func (*SASecuritySpec) GenerateRole added in v1.2.0

func (s *SASecuritySpec) GenerateRole() *v1rbac.Role

GenerateRole creates a role object contains the privilege to use the psp

func (*SASecuritySpec) GenerateRoleBinding added in v1.2.0

func (s *SASecuritySpec) GenerateRoleBinding() *v1rbac.RoleBinding

GenerateRoleBinding creates a rolebinding for the service account to use the psp

func (*SASecuritySpec) GetWorkloadImages added in v1.2.0

func (s *SASecuritySpec) GetWorkloadImages() []string

GetWorkloadImages returns a list of workload images in the format of "kind, Name, Image Name"

func (*SASecuritySpec) IsDefaultServiceAccount added in v1.2.0

func (s *SASecuritySpec) IsDefaultServiceAccount() bool

IsDefaultServiceAccount returns whether the service account is default

type SASecuritySpecList added in v1.2.0

type SASecuritySpecList []*SASecuritySpec

func (SASecuritySpecList) Len added in v1.2.0

func (sl SASecuritySpecList) Len() int

func (SASecuritySpecList) Less added in v1.2.0

func (sl SASecuritySpecList) Less(i, j int) bool

func (SASecuritySpecList) Swap added in v1.2.0

func (sl SASecuritySpecList) Swap(i, j int)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL