Documentation ¶
Overview ¶
Package recipe contains schema and helper functions for different input recipes. nolint: dupl
Package recipe contains schema and helper functions for different input recipes. nolint: dupl
Index ¶
Constants ¶
View Source
const ( BaselineKey = "baseline" CustomKey = "custom" StrictKey = "strict" AuditKey = "audit" DisableNativePspKey = "disable_native_psp" )
Variables ¶
View Source
var Baseline = &schema.Schema{ Type: schema.TypeList, Description: "The input schema for security policy baseline recipe version v1", Optional: true, ForceNew: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ AuditKey: { Type: schema.TypeBool, Description: "Audit (dry-run)", Optional: true, Default: false, }, DisableNativePspKey: { Type: schema.TypeBool, Description: "Disable native pod security policy", Optional: true, Default: false, }, }, }, }
View Source
var Custom = &schema.Schema{ Type: schema.TypeList, Description: "The input schema for security policy custom recipe version v1", Optional: true, ForceNew: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ AuditKey: { Type: schema.TypeBool, Description: "Audit (dry-run)", Optional: true, Default: false, }, DisableNativePspKey: { Type: schema.TypeBool, Description: "Disable native pod security policy", Optional: true, Default: false, }, allowPrivilegedContainersKey: { Type: schema.TypeBool, Description: "Allow privileged containers", Optional: true, Default: false, }, allowPrivilegeEscalationKey: { Type: schema.TypeBool, Description: "Allow privilege escalation", Optional: true, Default: false, }, allowHostNamespaceSharingKey: { Type: schema.TypeBool, Description: "Allow host namespace sharing", Optional: true, Default: false, }, allowHostNetworkKey: { Type: schema.TypeBool, Description: "Allow host network", Optional: true, Default: false, }, readOnlyRootFileSystemKey: { Type: schema.TypeBool, Description: "Read only root file system", Optional: true, Default: false, }, allowedHostPortRangeKey: allowedHostPortRange, allowedVolumesKey: allowedVolumes, runAsUserKey: runAsUser, runAsGroupKey: runAsGroup, supplementalGroupsKey: supplementalGroups, fsGroupKey: fsGroup, linuxCapabilitiesKey: linuxCapabilities, allowedHostPathsKey: allowedHostPaths, allowedSELinuxOptionsKey: allowedSELinuxOptions, sysctlsKey: sysctls, seccompKey: seccomp, }, }, }
View Source
var Strict = &schema.Schema{ Type: schema.TypeList, Description: "The input schema for security policy strict recipe version v1", Optional: true, ForceNew: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ AuditKey: { Type: schema.TypeBool, Description: "Audit (dry-run)", Optional: true, Default: false, }, DisableNativePspKey: { Type: schema.TypeBool, Description: "Disable native pod security policy", Optional: true, Default: false, }, }, }, }
Functions ¶
func ConstructBaseline ¶
func ConstructBaseline(data []interface{}) (baseline *policyrecipesecuritymodel.VmwareTanzuManageV1alpha1CommonPolicySpecSecurityV1Baseline)
func ConstructCustom ¶
func ConstructCustom(data []interface{}) (custom *policyrecipesecuritymodel.VmwareTanzuManageV1alpha1CommonPolicySpecSecurityV1Custom)
ConstructCustom constructs a security policy input with custom recipe. nolint: gocognit, gocyclo
func ConstructStrict ¶
func ConstructStrict(data []interface{}) (strict *policyrecipesecuritymodel.VmwareTanzuManageV1alpha1CommonPolicySpecSecurityV1Strict)
func FlattenBaseline ¶
func FlattenBaseline(baseline *policyrecipesecuritymodel.VmwareTanzuManageV1alpha1CommonPolicySpecSecurityV1Baseline) (data []interface{})
func FlattenCustom ¶
func FlattenCustom(custom *policyrecipesecuritymodel.VmwareTanzuManageV1alpha1CommonPolicySpecSecurityV1Custom) (data []interface{})
func FlattenStrict ¶
func FlattenStrict(strict *policyrecipesecuritymodel.VmwareTanzuManageV1alpha1CommonPolicySpecSecurityV1Strict) (data []interface{})
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.