Documentation

Overview

    Package util contains utility code shared amongst different parts of the pod security policy apparatus.

    Index

    Constants

    View Source
    const (
    	ValidatedPSPAnnotation = "kubernetes.io/psp"
    )

    Variables

    This section is empty.

    Functions

    func AllowsHostVolumePath

    func AllowsHostVolumePath(psp *policy.PodSecurityPolicy, hostPath string) (pathIsAllowed, mustBeReadOnly bool)

      AllowsHostVolumePath is a utility for checking if a PSP allows the host volume path. This only checks the path. You should still check to make sure the host volume fs type is allowed.

      func EqualStringSlices

      func EqualStringSlices(a, b []string) bool

        EqualStringSlices compares string slices for equality. Slices are equal when their sizes and elements on similar positions are equal.

        func FSTypeToStringSet

        func FSTypeToStringSet(fsTypes []policy.FSType) sets.String

          FSTypeToStringSet converts an FSType slice to a string set.

          func GetAllFSTypesAsSet

          func GetAllFSTypesAsSet() sets.String

          func GetAllFSTypesExcept

          func GetAllFSTypesExcept(exceptions ...string) sets.String

          func GetVolumeFSType

          func GetVolumeFSType(v api.Volume) (policy.FSType, error)

            getVolumeFSType gets the FSType for a volume.

            func GroupFallsInRange

            func GroupFallsInRange(id int64, rng policy.IDRange) bool

              GroupFallsInRange is a utility to determine it the id falls in the valid range.

              func PSPAllowsAllVolumes

              func PSPAllowsAllVolumes(psp *policy.PodSecurityPolicy) bool

                PSPAllowsAllVolumes checks for FSTypeAll in the psp's allowed volumes.

                func PSPAllowsFSType

                func PSPAllowsFSType(psp *policy.PodSecurityPolicy, fsType policy.FSType) bool

                  PSPAllowsFSType is a utility for checking if a PSP allows a particular FSType. If all volumes are allowed then this will return true for any FSType passed.

                  func UserFallsInRange

                  func UserFallsInRange(id int64, rng policy.IDRange) bool

                    UserFallsInRange is a utility to determine it the id falls in the valid range.

                    Types

                    This section is empty.

                    Source Files