whitelist

package

v4.1.0+incompatible Latest Latest Go to latest Published: May 1, 2019 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/anpingli/origin

Documentation ¶

Index ¶

type RegistryHostnameRetriever
type RegistryWhitelister
- func NewRegistryWhitelister(whitelist openshiftcontrolplanev1.AllowedRegistries, ...) (RegistryWhitelister, error)
- func WhitelistAllRegistries() RegistryWhitelister
type WhitelistTransport

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type RegistryHostnameRetriever ¶

type RegistryHostnameRetriever interface {
	InternalRegistryHostname() (string, bool)
	ExternalRegistryHostname() (string, bool)
}

RegistryHostnameRetriever represents an interface for retrieving the hostname of internal and external registry.

type RegistryWhitelister ¶

type RegistryWhitelister interface {
	// AdmitHostname returns error if the given host is not allowed by the whitelist.
	AdmitHostname(host string, transport WhitelistTransport) error
	// AdmitPullSpec returns error if the given pull spec is allowed neither by the whitelist nor by the
	// collected whitelisted pull specs.
	AdmitPullSpec(pullSpec string, transport WhitelistTransport) error
	// AdmitDockerImageReference returns error if the given reference is allowed neither by the whitelist nor
	// by the collected whitelisted pull specs.
	AdmitDockerImageReference(ref *imageapi.DockerImageReference, transport WhitelistTransport) error
	// WhitelistRegistry extends internal whitelist for additional registry domain name. Accepted values are:
	//  <host>, <host>:<port>
	// where each component can contain wildcards like '*' or '??' to match wide range of registries. If the
	// port is omitted, the default will be appended based on the given transport. If the transport is "any",
	// the given glob will match hosts with both :80 and :443 ports.
	WhitelistRegistry(hostPortGlob string, transport WhitelistTransport) error
	// WhitelistPullSpecs allows to whitelist particular pull specs. References must match exactly one of the
	// given pull specs for it to be whitelisted.
	WhitelistPullSpecs(pullSpecs ...string)
	// Copy returns a deep copy of the whitelister. This is useful for temporarily whitelisting additional
	// registries/pullSpecs before a specific validation.
	Copy() RegistryWhitelister
}

RegistryWhitelister decides whether given image pull specs are allowed by system's image policy.

func NewRegistryWhitelister ¶

func NewRegistryWhitelister(
	whitelist openshiftcontrolplanev1.AllowedRegistries,
	registryHostRetriever RegistryHostnameRetriever,
) (RegistryWhitelister, error)

NewRegistryWhitelister creates a whitelister that admits registry domains and pull specs based on the given list of allowed registries and the current domain name of the integrated Docker registry.

func WhitelistAllRegistries ¶

func WhitelistAllRegistries() RegistryWhitelister

WhitelistAllRegistries returns a whitelister that will allow any given registry host name. TODO: make a new implementation of RegistryWhitelister instead that will not bother with pull specs

type WhitelistTransport ¶

type WhitelistTransport string

WhitelistTransport says whether the associated registry host shall be treated as secure or insecure.

const (
	WhitelistTransportAny      WhitelistTransport = "any"
	WhitelistTransportSecure   WhitelistTransport = "secure"
	WhitelistTransportInsecure WhitelistTransport = "insecure"
)

Source Files ¶

View all Source files

whitelister.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL