group

package
v1.21.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2021 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package group contains code for validating and defaulting the FSGroup and supplemental groups of a pod according to a security policy.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ValidateGroupsInRanges added in v1.13.0

func ValidateGroupsInRanges(fldPath *field.Path, ranges []policy.IDRange, groups []int64) field.ErrorList

Types

type GroupStrategy

type GroupStrategy interface {
	// Generate creates the group based on policy rules.  The underlying implementation can
	// decide whether it will return a full range of values or a subset of values from the
	// configured ranges.
	Generate(pod *api.Pod) ([]int64, error)
	// Generate a single value to be applied.  The underlying implementation decides which
	// value to return if configured with multiple ranges.  This is used for FSGroup.
	GenerateSingle(pod *api.Pod) (*int64, error)
	// Validate ensures that the specified values fall within the range of the strategy.
	Validate(fldPath *field.Path, pod *api.Pod, groups []int64) field.ErrorList
}

GroupStrategy defines the interface for all group constraint strategies.

func NewMayRunAs added in v1.13.0

func NewMayRunAs(ranges []policy.IDRange) (GroupStrategy, error)

NewMayRunAs provides a new MayRunAs strategy.

func NewMustRunAs

func NewMustRunAs(ranges []policy.IDRange) (GroupStrategy, error)

NewMustRunAs provides a new MustRunAs strategy based on ranges.

func NewRunAsAny

func NewRunAsAny() (GroupStrategy, error)

NewRunAsAny provides a new RunAsAny strategy.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL