util

package

v0.0.0-...-facc40c Latest Latest Go to latest Published: Mar 13, 2024 License: Apache-2.0 Imports: 4 Imported by: 15

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/openshift/apiserver-library-go

Links

Open Source Insights

Documentation ¶

Index ¶

func EqualStringSlices(a, b []string) bool
func FSTypeToStringSetInternal(fsTypes []securityv1.FSType) sets.String
func GetAllFSTypesAsSet() sets.String
func GetAllFSTypesExcept(exceptions ...string) sets.String
func GetVolumeFSType(v api.Volume) (securityv1.FSType, error)
func IsOnlyServiceAccountTokenSources(v *api.ProjectedVolumeSource) bool
func SCCAllowsAllVolumes(scc *securityv1.SecurityContextConstraints) bool
func SCCAllowsFSType(scc *securityv1.SecurityContextConstraints, fsType securityv1.FSType) bool
func SCCAllowsFSTypeInternal(scc *securityv1.SecurityContextConstraints, fsType securityv1.FSType) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func EqualStringSlices ¶

func EqualStringSlices(a, b []string) bool

EqualStringSlices compares string slices for equality. Slices are equal when their sizes and elements on similar positions are equal.

func FSTypeToStringSetInternal ¶

func FSTypeToStringSetInternal(fsTypes []securityv1.FSType) sets.String

fsTypeToStringSet converts an FSType slice to a string set.

func GetAllFSTypesAsSet ¶

func GetAllFSTypesAsSet() sets.String

func GetAllFSTypesExcept ¶

func GetAllFSTypesExcept(exceptions ...string) sets.String

func GetVolumeFSType ¶

func GetVolumeFSType(v api.Volume) (securityv1.FSType, error)

getVolumeFSType gets the FSType for a volume.

func IsOnlyServiceAccountTokenSources ¶

func IsOnlyServiceAccountTokenSources(v *api.ProjectedVolumeSource) bool

IsOnlyServiceAccountTokenSources returns true if the sources of the projected volume source match to what would be injected by the ServiceAccount volume projection controller

This function is derived from pkg/security/podsecuritypolicy/util/util.go with the addition of OpenShift-specific "openshift-service-ca.crt" ConfigMap source.

This is what a sample injected volume looks like:

projected: defaultMode: 420 sources:
serviceAccountToken: expirationSeconds: 3607 path: token
configMap: name: kube-root-ca.crt items:
key: ca.crt path: ca.crt
downwardAPI: items:
path: namespace fieldRef: apiVersion: v1 fieldPath: metadata.namespace
configMap: name: openshift-service-ca.crt items:
key: service-ca.crt path: service-ca.crt

func SCCAllowsAllVolumes ¶

func SCCAllowsAllVolumes(scc *securityv1.SecurityContextConstraints) bool

SCCAllowsAllVolumes checks for FSTypeAll in the scc's allowed volumes.

func SCCAllowsFSType ¶

func SCCAllowsFSType(scc *securityv1.SecurityContextConstraints, fsType securityv1.FSType) bool

SCCAllowsFSType is a utility for checking if an SCC allows a particular FSType. If all volumes are allowed then this will return true for any FSType passed.

func SCCAllowsFSTypeInternal ¶

func SCCAllowsFSTypeInternal(scc *securityv1.SecurityContextConstraints, fsType securityv1.FSType) bool

SCCAllowsFSTypeInternal is a utility for checking if an SCC allows a particular FSType. If all volumes are allowed then this will return true for any FSType passed.

Types ¶

This section is empty.

Source Files ¶

View all Source files

util.go

Directories ¶

Path	Synopsis
sort

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL