Documentation ¶
Overview ¶
Package api contains constants and helpers for PodSecurity admission label keys and values
Index ¶
Constants ¶
const ( EnforceLevelLabel = labelPrefix + "enforce" EnforceVersionLabel = labelPrefix + "enforce-version" AuditLevelLabel = labelPrefix + "audit" AuditVersionLabel = labelPrefix + "audit-version" WarnLevelLabel = labelPrefix + "warn" WarnVersionLabel = labelPrefix + "warn-version" )
const AuditAnnotationPrefix = labelPrefix
const VersionLatest = "latest"
Variables ¶
This section is empty.
Functions ¶
func CompareLevels ¶
CompareLevels returns an integer comparing two levels by strictness. The result will be 0 if a==b, -1 if a is less strict than b, and +1 if a is more strict than b.
Types ¶
type Level ¶
type Level string
func ParseLevel ¶
ParseLevel returns the level that should be evaluated. level must be "privileged", "baseline", or "restricted". if level does not match one of those strings, "restricted" and an error is returned.
type LevelVersion ¶
func (LevelVersion) String ¶
func (lv LevelVersion) String() string
type Policy ¶
type Policy struct { Enforce LevelVersion Audit LevelVersion Warn LevelVersion }
func PolicyToEvaluate ¶
PolicyToEvaluate resolves the PodSecurity namespace labels to the policy for that namespace, falling back to the provided defaults when a label is unspecified. A valid policy is always returned, even when an error is returned. If labels cannot be parsed correctly, the values of "restricted" and "latest" are used for level and version respectively.
type Version ¶
type Version struct {
// contains filtered or unexported fields
}
func LatestVersion ¶
func LatestVersion() Version
func MajorMinorVersion ¶
func ParseVersion ¶
ParseVersion returns the policy version that should be evaluated. version must be "latest" or "v1.x". If version does not match one of those patterns, the latest version and an error is returned.