util

package

v1.21.2 Latest Latest Go to latest Published: Jun 16, 2021 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Links

Open Source Insights

Documentation ¶

Overview ¶

Package util contains utility code shared amongst different parts of the pod security policy apparatus.

Index ¶

Constants
func AllowsHostVolumePath(psp *policy.PodSecurityPolicy, hostPath string) (pathIsAllowed, mustBeReadOnly bool)
func EqualStringSlices(a, b []string) bool
func FSTypeToStringSet(fsTypes []policy.FSType) sets.String
func GetAllFSTypesAsSet() sets.String
func GetAllFSTypesExcept(exceptions ...string) sets.String
func GetVolumeFSType(v api.Volume) (policy.FSType, error)
func GroupFallsInRange(id int64, rng policy.IDRange) bool
func IsOnlyServiceAccountTokenSources(v *api.ProjectedVolumeSource) bool
func PSPAllowsAllVolumes(psp *policy.PodSecurityPolicy) bool
func PSPAllowsFSType(psp *policy.PodSecurityPolicy, fsType policy.FSType) bool
func UserFallsInRange(id int64, rng policy.IDRange) bool

Constants ¶

View Source

const (
	ValidatedPSPAnnotation = "kubernetes.io/psp"
)

Variables ¶

This section is empty.

Functions ¶

func AllowsHostVolumePath ¶ added in v1.8.0

func AllowsHostVolumePath(psp *policy.PodSecurityPolicy, hostPath string) (pathIsAllowed, mustBeReadOnly bool)

AllowsHostVolumePath is a utility for checking if a PSP allows the host volume path. This only checks the path. You should still check to make sure the host volume fs type is allowed.

func EqualStringSlices ¶ added in v1.10.0

func EqualStringSlices(a, b []string) bool

EqualStringSlices compares string slices for equality. Slices are equal when their sizes and elements on similar positions are equal.

func FSTypeToStringSet ¶

func FSTypeToStringSet(fsTypes []policy.FSType) sets.String

FSTypeToStringSet converts an FSType slice to a string set.

func GetAllFSTypesAsSet ¶

func GetAllFSTypesAsSet() sets.String

GetAllFSTypesAsSet returns all actual volume types, regardless of feature gates. The special policy.All pseudo type is not included.

func GetAllFSTypesExcept ¶

func GetAllFSTypesExcept(exceptions ...string) sets.String

GetAllFSTypesExcept returns the result of GetAllFSTypesAsSet minus the given exceptions.

func GetVolumeFSType ¶

func GetVolumeFSType(v api.Volume) (policy.FSType, error)

getVolumeFSType gets the FSType for a volume.

func GroupFallsInRange ¶ added in v1.7.0

func GroupFallsInRange(id int64, rng policy.IDRange) bool

GroupFallsInRange is a utility to determine it the id falls in the valid range.

func IsOnlyServiceAccountTokenSources ¶ added in v1.19.0

func IsOnlyServiceAccountTokenSources(v *api.ProjectedVolumeSource) bool

func PSPAllowsAllVolumes ¶

func PSPAllowsAllVolumes(psp *policy.PodSecurityPolicy) bool

PSPAllowsAllVolumes checks for FSTypeAll in the psp's allowed volumes.

func PSPAllowsFSType ¶

func PSPAllowsFSType(psp *policy.PodSecurityPolicy, fsType policy.FSType) bool

PSPAllowsFSType is a utility for checking if a PSP allows a particular FSType. If all volumes are allowed then this will return true for any FSType passed.

func UserFallsInRange ¶ added in v1.7.0

func UserFallsInRange(id int64, rng policy.IDRange) bool

UserFallsInRange is a utility to determine it the id falls in the valid range.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL