Documentation
¶
Index ¶
- func DenyTweak(options *metav1.ListOptions, field string, valueSet map[string]struct{})
- func IdenticalNamespaces(a, b map[string]struct{}) bool
- func IsAllNamespaces(namespaces map[string]struct{}) bool
- func NewFilteredUnprivilegedNamespaceListWatchFromClient(l log.Logger, c cache.Getter, ...) cache.ListerWatcher
- func NewUnprivilegedNamespaceListWatchFromClient(l log.Logger, c cache.Getter, ...) cache.ListerWatcher
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DenyTweak ¶ added in v0.42.0
func DenyTweak(options *metav1.ListOptions, field string, valueSet map[string]struct{})
DenyTweak modifies the given list options by adding a field selector not matching the given values.
func IdenticalNamespaces ¶ added in v0.42.0
IdenticalNamespaces returns true if a and b are identical.
func IsAllNamespaces ¶
IsAllNamespaces checks if the given map of namespaces contains only v1.NamespaceAll.
func NewFilteredUnprivilegedNamespaceListWatchFromClient ¶
func NewFilteredUnprivilegedNamespaceListWatchFromClient(l log.Logger, c cache.Getter, allowedNamespaces, deniedNamespaces map[string]struct{}, optionsModifier func(options *metav1.ListOptions)) cache.ListerWatcher
NewFilteredUnprivilegedNamespaceListWatchFromClient mimics cache.NewUnprivilegedNamespaceListWatchFromClient. It allows for the creation of a cache.ListWatch for allowed or denied namespaces from a client that does not have `List` privileges.
If the given allowed namespaces contain only v1.NamespaceAll, then this function assumes that the client has List and Watch privileges and returns a regular cache.ListWatch, since there is no other way to get all namespaces.
The given allowed and denied namespaces are mutually exclusive. If allowed namespaces contain multiple items, the given denied namespaces have no effect. If the allowed namespaces includes exactly one entry with the value v1.NamespaceAll (empty string), the given denied namespaces are applied.
func NewUnprivilegedNamespaceListWatchFromClient ¶
func NewUnprivilegedNamespaceListWatchFromClient(l log.Logger, c cache.Getter, allowedNamespaces, deniedNamespaces map[string]struct{}, fieldSelector fields.Selector) cache.ListerWatcher
NewUnprivilegedNamespaceListWatchFromClient mimics cache.NewListWatchFromClient. It allows for the creation of a cache.ListWatch for namespaces from a client that does not have `List` privileges. If the slice of namespaces contains only v1.NamespaceAll, then this func assumes that the client has List and Watch privileges and returns a regular cache.ListWatch, since there is no other way to get all namespaces.
The allowed namespaces and denied namespaces are mutually exclusive. See NewFilteredUnprivilegedNamespaceListWatchFromClient for a description on how they are applied.
Types ¶
This section is empty.
Source Files