package util

import "k8s.io/kubernetes/pkg/security/podsecuritypolicy/util"

Package util contains utility code shared amongst different parts of the pod security policy apparatus.

Index

Constants 

const (
	ValidatedPSPAnnotation = "kubernetes.io/psp"
)

Functions

func FSTypeToStringSet 

func FSTypeToStringSet(fsTypes []extensions.FSType) sets.String

FSTypeToStringSet converts an FSType slice to a string set.

func GetAllFSTypesAsSet 

func GetAllFSTypesAsSet() sets.String

func GetAllFSTypesExcept 

func GetAllFSTypesExcept(exceptions ...string) sets.String

func GetVolumeFSType 

func GetVolumeFSType(v api.Volume) (extensions.FSType, error)

getVolumeFSType gets the FSType for a volume.

func GroupFallsInRange 

func GroupFallsInRange(id types.UnixGroupID, rng extensions.GroupIDRange) bool

GroupFallsInRange is a utility to determine it the id falls in the valid range.

func PSPAllowsAllVolumes 

func PSPAllowsAllVolumes(psp *extensions.PodSecurityPolicy) bool

PSPAllowsAllVolumes checks for FSTypeAll in the psp's allowed volumes.

func PSPAllowsFSType 

func PSPAllowsFSType(psp *extensions.PodSecurityPolicy, fsType extensions.FSType) bool

PSPAllowsFSType is a utility for checking if a PSP allows a particular FSType. If all volumes are allowed then this will return true for any FSType passed.

func PSPAllowsHostVolumePath 

func PSPAllowsHostVolumePath(psp *extensions.PodSecurityPolicy, hostPath string) bool

PSPAllowsHostVolumePath is a utility for checking if a PSP allows the host volume path. This only checks the path. You should still check to make sure the host volume fs type is allowed.

func UserFallsInRange 

func UserFallsInRange(id types.UnixUserID, rng extensions.UserIDRange) bool

UserFallsInRange is a utility to determine it the id falls in the valid range.

Source Files

doc.go util.go

Version
v1.7.0-beta.1
Published
Jun 8, 2017
Platform
js/wasm
Imports
6 packages
Last checked
44 seconds ago

Tools for package owners.