Documentation ¶
Overview ¶
Package util contains utility code shared amongst different parts of the pod security policy apparatus.
Index ¶
- Constants
- func FSTypeToStringSet(fsTypes []extensions.FSType) sets.String
- func GetAllFSTypesAsSet() sets.String
- func GetAllFSTypesExcept(exceptions ...string) sets.String
- func GetVolumeFSType(v api.Volume) (extensions.FSType, error)
- func GroupFallsInRange(id types.UnixGroupID, rng extensions.GroupIDRange) bool
- func PSPAllowsAllVolumes(psp *extensions.PodSecurityPolicy) bool
- func PSPAllowsFSType(psp *extensions.PodSecurityPolicy, fsType extensions.FSType) bool
- func UserFallsInRange(id types.UnixUserID, rng extensions.UserIDRange) bool
Constants ¶
View Source
const (
ValidatedPSPAnnotation = "kubernetes.io/psp"
)
Variables ¶
This section is empty.
Functions ¶
func FSTypeToStringSet ¶
func FSTypeToStringSet(fsTypes []extensions.FSType) sets.String
FSTypeToStringSet converts an FSType slice to a string set.
func GetAllFSTypesAsSet ¶
func GetAllFSTypesExcept ¶
func GetVolumeFSType ¶
func GetVolumeFSType(v api.Volume) (extensions.FSType, error)
getVolumeFSType gets the FSType for a volume.
func GroupFallsInRange ¶ added in v1.7.0
func GroupFallsInRange(id types.UnixGroupID, rng extensions.GroupIDRange) bool
GroupFallsInRange is a utility to determine it the id falls in the valid range.
func PSPAllowsAllVolumes ¶
func PSPAllowsAllVolumes(psp *extensions.PodSecurityPolicy) bool
PSPAllowsAllVolumes checks for FSTypeAll in the psp's allowed volumes.
func PSPAllowsFSType ¶
func PSPAllowsFSType(psp *extensions.PodSecurityPolicy, fsType extensions.FSType) bool
PSPAllowsFSType is a utility for checking if a PSP allows a particular FSType. If all volumes are allowed then this will return true for any FSType passed.
func UserFallsInRange ¶ added in v1.7.0
func UserFallsInRange(id types.UnixUserID, rng extensions.UserIDRange) bool
UserFallsInRange is a utility to determine it the id falls in the valid range.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.