securitycontextconstraints

package
v3.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 27, 2017 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AssignSecurityContext added in v3.7.0 

func AssignSecurityContext(provider SecurityContextConstraintsProvider, pod *kapi.Pod, fldPath *field.Path) field.ErrorList

AssignSecurityContext creates a security context for each container in the pod and validates that the sc falls within the scc constraints. All containers must validate against the same scc or is not considered valid.

func ConstraintAppliesTo added in v3.7.0 

func ConstraintAppliesTo(constraint *securityapi.SecurityContextConstraints, userInfo user.Info) bool

ConstraintAppliesTo inspects the constraint's users and groups against the userInfo to determine if it is usable by the userInfo.

func DeduplicateSecurityContextConstraints added in v3.7.0 

func DeduplicateSecurityContextConstraints(sccs []*securityapi.SecurityContextConstraints) []*securityapi.SecurityContextConstraints

DeduplicateSecurityContextConstraints ensures we have a unique slice of constraints.

Types

type ByPriority added in v3.7.0 

type ByPriority []*securityapi.SecurityContextConstraints

ByRestrictions is a helper to sort SCCs based on priority. If priorities are equal a string compare of the name is used.

func (ByPriority) Len added in v3.7.0 

func (s ByPriority) Len() int

func (ByPriority) Less added in v3.7.0 

func (s ByPriority) Less(i, j int) bool

func (ByPriority) Swap added in v3.7.0 

func (s ByPriority) Swap(i, j int)

type ByRestrictions added in v3.7.0 

type ByRestrictions []*securityapi.SecurityContextConstraints

ByRestrictions is a helper to sort SCCs in order of most restrictive to least restrictive.

func (ByRestrictions) Len added in v3.7.0 

func (s ByRestrictions) Len() int

func (ByRestrictions) Less added in v3.7.0 

func (s ByRestrictions) Less(i, j int) bool

func (ByRestrictions) Swap added in v3.7.0 

func (s ByRestrictions) Swap(i, j int)

type DefaultSCCMatcher added in v3.7.0 

type DefaultSCCMatcher struct {
	// contains filtered or unexported fields
}

DefaultSCCMatcher implements default implementation for SCCMatcher interface

func (DefaultSCCMatcher) FindApplicableSCCs added in v3.7.0 

func (d DefaultSCCMatcher) FindApplicableSCCs(userInfo user.Info) ([]*securityapi.SecurityContextConstraints, error)

FindApplicableSCCs implements SCCMatcher interface for DefaultSCCMatcher

type SCCMatcher added in v3.7.0 

type SCCMatcher interface {
	FindApplicableSCCs(user user.Info) ([]*securityapi.SecurityContextConstraints, error)
}

SCCMatcher defines interface for SecurityContextConstraint matcher

func NewDefaultSCCMatcher added in v3.7.0 

func NewDefaultSCCMatcher(c securitylisters.SecurityContextConstraintsLister) SCCMatcher

NewDefaultSCCMatcher builds and initializes a DefaultSCCMatcher

type SecurityContextConstraintsProvider 

type SecurityContextConstraintsProvider interface {
	// Create a PodSecurityContext based on the given constraints.
	CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurityContext, map[string]string, error)
	// Create a container SecurityContext based on the given constraints
	CreateContainerSecurityContext(pod *api.Pod, container *api.Container) (*api.SecurityContext, error)
	// Ensure a pod's SecurityContext is in compliance with the given constraints.
	ValidatePodSecurityContext(pod *api.Pod, fldPath *field.Path) field.ErrorList
	// Ensure a container's SecurityContext is in compliance with the given constraints
	ValidateContainerSecurityContext(pod *api.Pod, container *api.Container, fldPath *field.Path) field.ErrorList
	// Get the name of the SCC that this provider was initialized with.
	GetSCCName() string
}

SecurityContextConstraintsProvider provides the implementation to generate a new security context based on constraints or validate an existing security context against constraints.

func CreateProviderFromConstraint added in v3.7.0 

func CreateProviderFromConstraint(ns string, namespace *kapi.Namespace, constraint *securityapi.SecurityContextConstraints, client clientset.Interface) (SecurityContextConstraintsProvider, *kapi.Namespace, error)

CreateProviderFromConstraint creates a SecurityContextConstraintProvider from a SecurityContextConstraint

func CreateProvidersFromConstraints added in v3.7.0 

func CreateProvidersFromConstraints(ns string, sccs []*securityapi.SecurityContextConstraints, client clientset.Interface) ([]SecurityContextConstraintsProvider, []error)

CreateProvidersFromConstraints creates providers from the constraints supplied, including looking up pre-allocated values if necessary using the pod's namespace.

func NewSimpleProvider 

func NewSimpleProvider(scc *securityapi.SecurityContextConstraints) (SecurityContextConstraintsProvider, error)

NewSimpleProvider creates a new SecurityContextConstraintsProvider instance.

Source Files

View all Source files

Directories

Path Synopsis
Package selinux contains security context constraints SELinux strategy implementations.
 Package selinux contains security context constraints SELinux strategy implementations.
Package user contains security context constraints user strategy implementations.
 Package user contains security context constraints user strategy implementations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.