package util

kubernetes – k8s.io/kubernetes/pkg/security/podsecuritypolicy/util Index | Files

package util

import "k8s.io/kubernetes/pkg/security/podsecuritypolicy/util"

Package util contains utility code shared amongst different parts of the pod security policy apparatus.

Index ¶

Constants
func AllowsHostVolumePath(psp *policy.PodSecurityPolicy, hostPath string) (pathIsAllowed, mustBeReadOnly bool)
func EqualStringSlices(a, b []string) bool
func FSTypeToStringSet(fsTypes []policy.FSType) sets.String
func GetAllFSTypesAsSet() sets.String
func GetAllFSTypesExcept(exceptions ...string) sets.String
func GetVolumeFSType(v api.Volume) (policy.FSType, error)
func GroupFallsInRange(id int64, rng policy.IDRange) bool
func PSPAllowsAllVolumes(psp *policy.PodSecurityPolicy) bool
func PSPAllowsFSType(psp *policy.PodSecurityPolicy, fsType policy.FSType) bool
func UserFallsInRange(id int64, rng policy.IDRange) bool

Constants ¶

const (
	ValidatedPSPAnnotation = "kubernetes.io/psp"
)

Functions ¶

func AllowsHostVolumePath ¶

func AllowsHostVolumePath(psp *policy.PodSecurityPolicy, hostPath string) (pathIsAllowed, mustBeReadOnly bool)

AllowsHostVolumePath is a utility for checking if a PSP allows the host volume path. This only checks the path. You should still check to make sure the host volume fs type is allowed.

func EqualStringSlices ¶

func EqualStringSlices(a, b []string) bool

EqualStringSlices compares string slices for equality. Slices are equal when their sizes and elements on similar positions are equal.

func FSTypeToStringSet ¶

func FSTypeToStringSet(fsTypes []policy.FSType) sets.String

FSTypeToStringSet converts an FSType slice to a string set.

func GetAllFSTypesAsSet ¶

func GetAllFSTypesAsSet() sets.String

func GetAllFSTypesExcept ¶

func GetAllFSTypesExcept(exceptions ...string) sets.String

func GetVolumeFSType ¶

func GetVolumeFSType(v api.Volume) (policy.FSType, error)

getVolumeFSType gets the FSType for a volume.

func GroupFallsInRange ¶

func GroupFallsInRange(id int64, rng policy.IDRange) bool

GroupFallsInRange is a utility to determine it the id falls in the valid range.

func PSPAllowsAllVolumes ¶

func PSPAllowsAllVolumes(psp *policy.PodSecurityPolicy) bool

PSPAllowsAllVolumes checks for FSTypeAll in the psp's allowed volumes.

func PSPAllowsFSType ¶

func PSPAllowsFSType(psp *policy.PodSecurityPolicy, fsType policy.FSType) bool

PSPAllowsFSType is a utility for checking if a PSP allows a particular FSType. If all volumes are allowed then this will return true for any FSType passed.

func UserFallsInRange ¶

func UserFallsInRange(id int64, rng policy.IDRange) bool

UserFallsInRange is a utility to determine it the id falls in the valid range.

Source Files ¶

doc.go util.go

Version: v1.14.1
Published: Apr 5, 2019
Platform: js/wasm
Imports: 5 packages
Last checked: 32 seconds ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples

package util

Index ¶

Constants ¶

Functions ¶

func AllowsHostVolumePath ¶

func EqualStringSlices ¶

func FSTypeToStringSet ¶

func GetAllFSTypesAsSet ¶

func GetAllFSTypesExcept ¶

func GetVolumeFSType ¶

func GroupFallsInRange ¶

func PSPAllowsAllVolumes ¶

func PSPAllowsFSType ¶

func UserFallsInRange ¶

Source Files ¶

Jump to identifier

Keyboard shortcuts