Version: v1.5.0-alpha.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Dec 29, 2016 License: Apache-2.0 Imports: 13 Imported by: 0




This section is empty.


This section is empty.


func AssignSecurityContext

func AssignSecurityContext(provider kscc.SecurityContextConstraintsProvider, pod *kapi.Pod, fldPath *field.Path) field.ErrorList

AssignSecurityContext creates a security context for each container in the pod and validates that the sc falls within the scc constraints. All containers must validate against the same scc or is not considered valid.

func ConstraintAppliesTo

func ConstraintAppliesTo(constraint *kapi.SecurityContextConstraints, userInfo user.Info) bool

ConstraintAppliesTo inspects the constraint's users and groups against the userInfo to determine if it is usable by the userInfo.

func CreateProviderFromConstraint added in v1.4.0

func CreateProviderFromConstraint(ns string, namespace *kapi.Namespace, constraint *kapi.SecurityContextConstraints, client clientset.Interface) (kscc.SecurityContextConstraintsProvider, *kapi.Namespace, error)

CreateProviderFromConstraint creates a SecurityContextConstraintProvider from a SecurityContextConstraint

func CreateProvidersFromConstraints

func CreateProvidersFromConstraints(ns string, sccs []*kapi.SecurityContextConstraints, client clientset.Interface) ([]kscc.SecurityContextConstraintsProvider, []error)

CreateProvidersFromConstraints creates providers from the constraints supplied, including looking up pre-allocated values if necessary using the pod's namespace.

func DeduplicateSecurityContextConstraints

func DeduplicateSecurityContextConstraints(sccs []*kapi.SecurityContextConstraints) []*kapi.SecurityContextConstraints

DeduplicateSecurityContextConstraints ensures we have a unique slice of constraints.


type ByPriority

type ByPriority []*kapi.SecurityContextConstraints

ByRestrictions is a helper to sort SCCs based on priority. If priorities are equal a string compare of the name is used.

func (ByPriority) Len

func (s ByPriority) Len() int

func (ByPriority) Less

func (s ByPriority) Less(i, j int) bool

func (ByPriority) Swap

func (s ByPriority) Swap(i, j int)

type ByRestrictions

type ByRestrictions []*kapi.SecurityContextConstraints

ByRestrictions is a helper to sort SCCs in order of most restrictive to least restrictive.

func (ByRestrictions) Len

func (s ByRestrictions) Len() int

func (ByRestrictions) Less

func (s ByRestrictions) Less(i, j int) bool

func (ByRestrictions) Swap

func (s ByRestrictions) Swap(i, j int)

type DefaultSCCMatcher

type DefaultSCCMatcher struct {
	// contains filtered or unexported fields

DefaultSCCMatcher implements default implementation for SCCMatcher interface

func (DefaultSCCMatcher) FindApplicableSCCs

func (d DefaultSCCMatcher) FindApplicableSCCs(userInfo user.Info) ([]*kapi.SecurityContextConstraints, error)

FindApplicableSCCs implements SCCMatcher interface for DefaultSCCMatcher

type SCCMatcher

type SCCMatcher interface {
	FindApplicableSCCs(user user.Info) ([]*kapi.SecurityContextConstraints, error)

SCCMatcher defines interface for SecurityContextConstraint matcher

func NewDefaultSCCMatcher

NewDefaultSCCMatcher builds and initializes a DefaultSCCMatcher

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL