resources

package

v0.1.0 Latest Latest Go to latest Published: Nov 7, 2022 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nukleros/pod-security-webhook

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func EffectiveRunAsNonRoot(podSec *corev1.PodSecurityContext, containerSec *corev1.SecurityContext) bool
func EffectiveRunAsUser(podSec *corev1.PodSecurityContext, containerSec *corev1.SecurityContext) *int64
func GetAnnotation(resource client.Object, annotationKey string) string
func GetContainerNames(containers []corev1.Container) (names string)
func GetPodSpec(resource client.Object) (*corev1.PodSpec, error)
func GetSecurityContext(container corev1.Container) corev1.SecurityContext
func HasRequiredCapability(capabilities []corev1.Capability, oneOf ...string) bool
func SkipViaAnnotations(resource client.Object, overrideKey string) bool
func SkipViaOwnerReferences(resource client.Object) bool
func ToString(object client.Object) string

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrValidatingKind = errors.New("error validating kind")
)

Functions ¶

func EffectiveRunAsNonRoot ¶

func EffectiveRunAsNonRoot(podSec *corev1.PodSecurityContext, containerSec *corev1.SecurityContext) bool

EffectiveRunAsNonRoot determines if the container is effectively enforcing non-root containers.

func EffectiveRunAsUser ¶

func EffectiveRunAsUser(podSec *corev1.PodSecurityContext, containerSec *corev1.SecurityContext) *int64

EffectiveRunAsUser determines the effective run as user id.

func GetAnnotation ¶

func GetAnnotation(resource client.Object, annotationKey string) string

GetAnnotation gets an annotation from a resource in a manner that will not panic with a nil pointer dereference error.

func GetContainerNames ¶

func GetContainerNames(containers []corev1.Container) (names string)

GetContainerNames returns the container names for an array of containers.

func GetPodSpec ¶

func GetPodSpec(resource client.Object) (*corev1.PodSpec, error)

GetPodSpec returns the pod specification for a given set of objects. TODO: we can improve the massive case statement logic.

func GetSecurityContext ¶

func GetSecurityContext(container corev1.Container) corev1.SecurityContext

GetSecurityContext returns the security context for a container. TODO: pass container as pointer. this has implications when passing in a loop

as you need to avoid implicit memory aliasing in a loop to accomplish this.

func HasRequiredCapability ¶

func HasRequiredCapability(capabilities []corev1.Capability, oneOf ...string) bool

HasRequiredCapability returns true if a required capability is found.

func SkipViaAnnotations ¶

func SkipViaAnnotations(resource client.Object, overrideKey string) bool

SkipViaAnnotations determines if a resource needs to be skipped due to the annotations that it possesses.

func SkipViaOwnerReferences ¶

func SkipViaOwnerReferences(resource client.Object) bool

SkipViaOwnerReferences determines if a resource needs to be skipped due to the owner references that it possesses.

func ToString ¶

func ToString(object client.Object) string

ToString converts an object to a string which is useful while producing consistent logs. This is safe to return via an admission review object, as sometimes certain characters can cause the response to the kube-apiserver to fail.

Types ¶

This section is empty.

Source Files ¶

View all Source files

resources.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL