api

package

v1.3.0-alpha.2 Latest Latest Go to latest Published: Jun 21, 2016 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/openshift/origin

Documentation ¶

Index ¶

Constants
Variables
func AddToScheme(scheme *runtime.Scheme)
func DeepCopy_api_PodSecurityPolicyReview(in PodSecurityPolicyReview, out *PodSecurityPolicyReview, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicyReviewSpec(in PodSecurityPolicyReviewSpec, out *PodSecurityPolicyReviewSpec, ...) error
func DeepCopy_api_PodSecurityPolicyReviewStatus(in PodSecurityPolicyReviewStatus, out *PodSecurityPolicyReviewStatus, ...) error
func DeepCopy_api_PodSecurityPolicySelfSubjectReview(in PodSecurityPolicySelfSubjectReview, out *PodSecurityPolicySelfSubjectReview, ...) error
func DeepCopy_api_PodSecurityPolicySelfSubjectReviewSpec(in PodSecurityPolicySelfSubjectReviewSpec, ...) error
func DeepCopy_api_PodSecurityPolicySubjectReview(in PodSecurityPolicySubjectReview, out *PodSecurityPolicySubjectReview, ...) error
func DeepCopy_api_PodSecurityPolicySubjectReviewSpec(in PodSecurityPolicySubjectReviewSpec, out *PodSecurityPolicySubjectReviewSpec, ...) error
func DeepCopy_api_PodSecurityPolicySubjectReviewStatus(in PodSecurityPolicySubjectReviewStatus, ...) error
func DeepCopy_api_ServiceAccountPodSecurityPolicyReviewStatus(in ServiceAccountPodSecurityPolicyReviewStatus, ...) error
func Kind(kind string) unversioned.GroupKind
func Resource(resource string) unversioned.GroupResource
type PodSecurityPolicyReview
- func (obj *PodSecurityPolicyReview) GetObjectKind() unversioned.ObjectKind
type PodSecurityPolicyReviewSpec
type PodSecurityPolicyReviewStatus
type PodSecurityPolicySelfSubjectReview
- func (obj *PodSecurityPolicySelfSubjectReview) GetObjectKind() unversioned.ObjectKind
type PodSecurityPolicySelfSubjectReviewSpec
type PodSecurityPolicySubjectReview
- func (obj *PodSecurityPolicySubjectReview) GetObjectKind() unversioned.ObjectKind
type PodSecurityPolicySubjectReviewSpec
type PodSecurityPolicySubjectReviewStatus
type ServiceAccountPodSecurityPolicyReviewStatus

Constants ¶

View Source

const GroupName = ""

Variables ¶

View Source

var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

SchemeGroupVersion is group version used to register these objects

Functions ¶

func AddToScheme ¶

func AddToScheme(scheme *runtime.Scheme)

func DeepCopy_api_PodSecurityPolicyReview ¶

func DeepCopy_api_PodSecurityPolicyReview(in PodSecurityPolicyReview, out *PodSecurityPolicyReview, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicyReviewSpec ¶

func DeepCopy_api_PodSecurityPolicyReviewSpec(in PodSecurityPolicyReviewSpec, out *PodSecurityPolicyReviewSpec, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicyReviewStatus ¶

func DeepCopy_api_PodSecurityPolicyReviewStatus(in PodSecurityPolicyReviewStatus, out *PodSecurityPolicyReviewStatus, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicySelfSubjectReview ¶

func DeepCopy_api_PodSecurityPolicySelfSubjectReview(in PodSecurityPolicySelfSubjectReview, out *PodSecurityPolicySelfSubjectReview, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicySelfSubjectReviewSpec ¶

func DeepCopy_api_PodSecurityPolicySelfSubjectReviewSpec(in PodSecurityPolicySelfSubjectReviewSpec, out *PodSecurityPolicySelfSubjectReviewSpec, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicySubjectReview ¶

func DeepCopy_api_PodSecurityPolicySubjectReview(in PodSecurityPolicySubjectReview, out *PodSecurityPolicySubjectReview, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicySubjectReviewSpec ¶

func DeepCopy_api_PodSecurityPolicySubjectReviewSpec(in PodSecurityPolicySubjectReviewSpec, out *PodSecurityPolicySubjectReviewSpec, c *conversion.Cloner) error

func DeepCopy_api_PodSecurityPolicySubjectReviewStatus ¶

func DeepCopy_api_PodSecurityPolicySubjectReviewStatus(in PodSecurityPolicySubjectReviewStatus, out *PodSecurityPolicySubjectReviewStatus, c *conversion.Cloner) error

func DeepCopy_api_ServiceAccountPodSecurityPolicyReviewStatus ¶

func DeepCopy_api_ServiceAccountPodSecurityPolicyReviewStatus(in ServiceAccountPodSecurityPolicyReviewStatus, out *ServiceAccountPodSecurityPolicyReviewStatus, c *conversion.Cloner) error

func Kind ¶

func Kind(kind string) unversioned.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func Resource ¶

func Resource(resource string) unversioned.GroupResource

Resource takes an unqualified resource and returns back a Group qualified GroupResource

Types ¶

type PodSecurityPolicyReview ¶

type PodSecurityPolicyReview struct {
	unversioned.TypeMeta

	// Spec is the PodSecurityPolicy to check.
	Spec PodSecurityPolicyReviewSpec

	// Status represents the current information/status for the PodSecurityPolicyReview.
	Status PodSecurityPolicyReviewStatus
}

PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodSpec` in question.

func (*PodSecurityPolicyReview) GetObjectKind ¶

func (obj *PodSecurityPolicyReview) GetObjectKind() unversioned.ObjectKind

type PodSecurityPolicyReviewSpec ¶

type PodSecurityPolicyReviewSpec struct {
	// PodSpec is the PodSpec to check. The PodSpec.ServiceAccountName field is used
	// if ServiceAccountNames is empty, unless the PodSpec.ServiceAccountName is empty,
	// in which case "default" is used.
	// If ServiceAccountNames is specified, PodSpec.ServiceAccountName is ignored.
	PodSpec kapi.PodSpec

	// ServiceAccountNames is an optional set of ServiceAccounts to run the check with.
	// If ServiceAccountNames is empty, the PodSpec ServiceAccountName is used,
	// unless it's empty, in which case "default" is used instead.
	// If ServiceAccountNames is specified, PodSpec ServiceAccountName is ignored.
	ServiceAccountNames []string // TODO: find a way to express 'all service accounts'
}

PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview

type PodSecurityPolicyReviewStatus ¶

type PodSecurityPolicyReviewStatus struct {
	// AllowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodSpec.
	AllowedServiceAccounts []ServiceAccountPodSecurityPolicyReviewStatus
}

PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview.

type PodSecurityPolicySelfSubjectReview ¶

type PodSecurityPolicySelfSubjectReview struct {
	unversioned.TypeMeta

	// Spec defines specification the PodSecurityPolicySelfSubjectReview.
	Spec PodSecurityPolicySelfSubjectReviewSpec

	// Status represents the current information/status for the PodSecurityPolicySelfSubjectReview.
	Status PodSecurityPolicySubjectReviewStatus
}

PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodSpec.

func (*PodSecurityPolicySelfSubjectReview) GetObjectKind ¶

func (obj *PodSecurityPolicySelfSubjectReview) GetObjectKind() unversioned.ObjectKind

type PodSecurityPolicySelfSubjectReviewSpec ¶

type PodSecurityPolicySelfSubjectReviewSpec struct {
	// PodSpec is the PodSpec to check.
	PodSpec kapi.PodSpec
}

PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview.

type PodSecurityPolicySubjectReview ¶

type PodSecurityPolicySubjectReview struct {
	unversioned.TypeMeta

	// Spec defines specification for the PodSecurityPolicySubjectReview.
	Spec PodSecurityPolicySubjectReviewSpec

	// Status represents the current information/status for the PodSecurityPolicySubjectReview.
	Status PodSecurityPolicySubjectReviewStatus
}

PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodSpec.

func (*PodSecurityPolicySubjectReview) GetObjectKind ¶

func (obj *PodSecurityPolicySubjectReview) GetObjectKind() unversioned.ObjectKind

type PodSecurityPolicySubjectReviewSpec ¶

type PodSecurityPolicySubjectReviewSpec struct {
	// PodSpec is the PodSpec to check. If PodSpec.ServiceAccountName is empty it will not be defaulted.
	// If its non-empty, it will be checked.
	PodSpec kapi.PodSpec

	// User is the user you're testing for.
	// If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups.
	// If User and Groups are empty, then the check is performed using *only* the ServiceAccountName in the PodSpec.
	User string

	// Groups is the groups you're testing for.
	Groups []string
}

PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview

type PodSecurityPolicySubjectReviewStatus ¶

type PodSecurityPolicySubjectReviewStatus struct {
	// AllowedBy is a reference to the rule that allows the PodSpec.
	// A rule can be a SecurityContextConstraint or a PodSecurityPolicy
	// A `nil`, indicates that it was denied.
	AllowedBy *kapi.ObjectReference

	// A machine-readable description of why this operation is in the
	// "Failure" status. If this value is empty there
	// is no information available.
	Reason string

	// PodSpec is the PodSpec after the defaulting is applied.
	PodSpec kapi.PodSpec
}

PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.

type ServiceAccountPodSecurityPolicyReviewStatus ¶

type ServiceAccountPodSecurityPolicyReviewStatus struct {
	PodSecurityPolicySubjectReviewStatus

	// Name contains the allowed and the denied ServiceAccount name
	Name string
}

ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
install
v1
validation

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL