recipe

package
v1.4.6-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 29, 2024 License: MPL-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package recipe contains schema and helper functions for different input recipes. nolint: dupl

Package recipe contains schema and helper functions for different input recipes. nolint: dupl

Index

Constants

View Source
const (
	BaselineKey         = "baseline"
	CustomKey           = "custom"
	StrictKey           = "strict"
	AuditKey            = "audit"
	DisableNativePspKey = "disable_native_psp"
)

Variables

View Source
var Baseline = &schema.Schema{
	Type:        schema.TypeList,
	Description: "The input schema for security policy baseline recipe version v1",
	Optional:    true,
	ForceNew:    true,
	MaxItems:    1,
	Elem: &schema.Resource{
		Schema: map[string]*schema.Schema{
			AuditKey: {
				Type:        schema.TypeBool,
				Description: "Audit (dry-run)",
				Optional:    true,
				Default:     false,
			},
			DisableNativePspKey: {
				Type:        schema.TypeBool,
				Description: "Disable native pod security policy",
				Optional:    true,
				Default:     false,
			},
		},
	},
}
View Source
var Custom = &schema.Schema{
	Type:        schema.TypeList,
	Description: "The input schema for security policy custom recipe version v1",
	Optional:    true,
	ForceNew:    true,
	MaxItems:    1,
	Elem: &schema.Resource{
		Schema: map[string]*schema.Schema{
			AuditKey: {
				Type:        schema.TypeBool,
				Description: "Audit (dry-run)",
				Optional:    true,
				Default:     false,
			},
			DisableNativePspKey: {
				Type:        schema.TypeBool,
				Description: "Disable native pod security policy",
				Optional:    true,
				Default:     false,
			},
			allowPrivilegedContainersKey: {
				Type:        schema.TypeBool,
				Description: "Allow privileged containers",
				Optional:    true,
				Default:     false,
			},
			allowPrivilegeEscalationKey: {
				Type:        schema.TypeBool,
				Description: "Allow privilege escalation",
				Optional:    true,
				Default:     false,
			},
			allowHostNamespaceSharingKey: {
				Type:        schema.TypeBool,
				Description: "Allow host namespace sharing",
				Optional:    true,
				Default:     false,
			},
			allowHostNetworkKey: {
				Type:        schema.TypeBool,
				Description: "Allow host network",
				Optional:    true,
				Default:     false,
			},
			readOnlyRootFileSystemKey: {
				Type:        schema.TypeBool,
				Description: "Read only root file system",
				Optional:    true,
				Default:     false,
			},
			allowedHostPortRangeKey:  allowedHostPortRange,
			allowedVolumesKey:        allowedVolumes,
			runAsUserKey:             runAsUser,
			runAsGroupKey:            runAsGroup,
			supplementalGroupsKey:    supplementalGroups,
			fsGroupKey:               fsGroup,
			linuxCapabilitiesKey:     linuxCapabilities,
			allowedHostPathsKey:      allowedHostPaths,
			allowedSELinuxOptionsKey: allowedSELinuxOptions,
			sysctlsKey:               sysctls,
			seccompKey:               seccomp,
		},
	},
}
View Source
var Strict = &schema.Schema{
	Type:        schema.TypeList,
	Description: "The input schema for security policy strict recipe version v1",
	Optional:    true,
	ForceNew:    true,
	MaxItems:    1,
	Elem: &schema.Resource{
		Schema: map[string]*schema.Schema{
			AuditKey: {
				Type:        schema.TypeBool,
				Description: "Audit (dry-run)",
				Optional:    true,
				Default:     false,
			},
			DisableNativePspKey: {
				Type:        schema.TypeBool,
				Description: "Disable native pod security policy",
				Optional:    true,
				Default:     false,
			},
		},
	},
}

Functions

func ConstructCustom

ConstructCustom constructs a security policy input with custom recipe. nolint: gocognit, gocyclo

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL