package group
import "k8s.io/kubernetes/pkg/security/podsecuritypolicy/group"
Package group contains code for validating and defaulting the FSGroup and supplemental groups of a pod according to a security policy.
Index ¶
- func ValidateGroupsInRanges(fldPath *field.Path, ranges []policy.IDRange, groups []int64) field.ErrorList
- type GroupStrategy
Functions ¶
func ValidateGroupsInRanges ¶
func ValidateGroupsInRanges(fldPath *field.Path, ranges []policy.IDRange, groups []int64) field.ErrorList
Types ¶
type GroupStrategy ¶
type GroupStrategy interface {
// Generate creates the group based on policy rules. The underlying implementation can
// decide whether it will return a full range of values or a subset of values from the
// configured ranges.
Generate(pod *api.Pod) ([]int64, error)
// Generate a single value to be applied. The underlying implementation decides which
// value to return if configured with multiple ranges. This is used for FSGroup.
GenerateSingle(pod *api.Pod) (*int64, error)
// Validate ensures that the specified values fall within the range of the strategy.
Validate(fldPath *field.Path, pod *api.Pod, groups []int64) field.ErrorList
}
GroupStrategy defines the interface for all group constraint strategies.
func NewMayRunAs ¶
func NewMayRunAs(ranges []policy.IDRange) (GroupStrategy, error)
NewMayRunAs provides a new MayRunAs strategy.
func NewMustRunAs ¶
func NewMustRunAs(ranges []policy.IDRange) (GroupStrategy, error)
NewMustRunAs provides a new MustRunAs strategy based on ranges.
func NewRunAsAny ¶
func NewRunAsAny() (GroupStrategy, error)
NewRunAsAny provides a new RunAsAny strategy.
Source Files ¶
doc.go helpers.go mayrunas.go mustrunas.go runasany.go types.go
- Version
- v1.14.6
- Published
- Aug 16, 2019
- Platform
- js/wasm
- Imports
- 5 packages
- Last checked
- 3 seconds ago –
Tools for package owners.