 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Index ¶
- Constants
- func DiffObjectReferenceLists(list1 []kapi.ObjectReference, list2 []kapi.ObjectReference) (list1Only []kapi.ObjectReference, list2Only []kapi.ObjectReference)
- func NewCmdAddClusterRoleToGroup(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdAddClusterRoleToUser(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdAddRoleToGroup(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdAddRoleToUser(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdAddSCCToGroup(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdAddSCCToUser(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdPolicy(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdReconcileClusterRoleBindings(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdReconcileClusterRoles(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdReconcileSCC(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdRemoveClusterRoleFromGroup(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdRemoveClusterRoleFromUser(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdRemoveGroupFromProject(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdRemoveRoleFromGroup(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdRemoveRoleFromUser(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdRemoveSCCFromGroup(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdRemoveSCCFromUser(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdRemoveUserFromProject(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- func NewCmdWhoCan(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
- type ClusterRoleBindingAccessor
- func (a ClusterRoleBindingAccessor) CreateRoleBinding(binding *authorizationapi.RoleBinding) error
- func (a ClusterRoleBindingAccessor) GetExistingRoleBindingNames() (*sets.String, error)
- func (a ClusterRoleBindingAccessor) GetExistingRoleBindingsForRole(roleNamespace, role string) ([]*authorizationapi.RoleBinding, error)
- func (a ClusterRoleBindingAccessor) UpdateRoleBinding(binding *authorizationapi.RoleBinding) error
 
- type LocalRoleBindingAccessor
- func (a LocalRoleBindingAccessor) CreateRoleBinding(binding *authorizationapi.RoleBinding) error
- func (a LocalRoleBindingAccessor) GetExistingRoleBindingNames() (*sets.String, error)
- func (a LocalRoleBindingAccessor) GetExistingRoleBindingsForRole(roleNamespace, role string) ([]*authorizationapi.RoleBinding, error)
- func (a LocalRoleBindingAccessor) UpdateRoleBinding(binding *authorizationapi.RoleBinding) error
 
- type ReconcileClusterRoleBindingsOptions
- func (o *ReconcileClusterRoleBindingsOptions) ChangedClusterRoleBindings() ([]*authorizationapi.ClusterRoleBinding, error)
- func (o *ReconcileClusterRoleBindingsOptions) Complete(cmd *cobra.Command, f *clientcmd.Factory, args []string, ...) error
- func (o *ReconcileClusterRoleBindingsOptions) ReplaceChangedRoleBindings(changedRoleBindings []*authorizationapi.ClusterRoleBinding) error
- func (o *ReconcileClusterRoleBindingsOptions) RunReconcileClusterRoleBindings(cmd *cobra.Command, f *clientcmd.Factory) error
- func (o *ReconcileClusterRoleBindingsOptions) Validate() error
 
- type ReconcileClusterRolesOptions
- func (o *ReconcileClusterRolesOptions) ChangedClusterRoles() ([]*authorizationapi.ClusterRole, error)
- func (o *ReconcileClusterRolesOptions) Complete(cmd *cobra.Command, f *clientcmd.Factory, args []string) error
- func (o *ReconcileClusterRolesOptions) ReplaceChangedRoles(changedRoles []*authorizationapi.ClusterRole) error
- func (o *ReconcileClusterRolesOptions) RunReconcileClusterRoles(cmd *cobra.Command, f *clientcmd.Factory) error
- func (o *ReconcileClusterRolesOptions) Validate() error
 
- type ReconcileSCCOptions
- func (o *ReconcileSCCOptions) ChangedSCCs() ([]*kapi.SecurityContextConstraints, error)
- func (o *ReconcileSCCOptions) Complete(cmd *cobra.Command, f *clientcmd.Factory, args []string) error
- func (o *ReconcileSCCOptions) ReplaceChangedSCCs(changedSCCs []*kapi.SecurityContextConstraints) error
- func (o *ReconcileSCCOptions) RunReconcileSCCs(cmd *cobra.Command, f *clientcmd.Factory) error
- func (o *ReconcileSCCOptions) Validate() error
 
- type RemoveFromProjectOptions
- type RoleBindingAccessor
- type RoleModificationOptions
- func (o *RoleModificationOptions) AddRole() error
- func (o *RoleModificationOptions) Complete(f *clientcmd.Factory, args []string, target *[]string, targetName string, ...) error
- func (o *RoleModificationOptions) CompleteUserWithSA(f *clientcmd.Factory, args []string, saNames []string) error
- func (o *RoleModificationOptions) RemoveRole() error
 
- type SCCModificationOptions
Constants ¶
const ( AddRoleToGroupRecommendedName = "add-role-to-group" AddRoleToUserRecommendedName = "add-role-to-user" RemoveRoleFromGroupRecommendedName = "remove-role-from-group" RemoveRoleFromUserRecommendedName = "remove-role-from-user" AddClusterRoleToGroupRecommendedName = "add-cluster-role-to-group" AddClusterRoleToUserRecommendedName = "add-cluster-role-to-user" RemoveClusterRoleFromGroupRecommendedName = "remove-cluster-role-from-group" RemoveClusterRoleFromUserRecommendedName = "remove-cluster-role-from-user" )
const ( AddSCCToGroupRecommendedName = "add-scc-to-group" AddSCCToUserRecommendedName = "add-scc-to-user" RemoveSCCFromGroupRecommendedName = "remove-scc-from-group" RemoveSCCFromUserRecommendedName = "remove-scc-from-user" )
const ( RemoveGroupRecommendedName = "remove-group" RemoveUserRecommendedName = "remove-user" )
const PolicyRecommendedName = "policy"
    const ReconcileClusterRoleBindingsRecommendedName = "reconcile-cluster-role-bindings"
    ReconcileClusterRoleBindingsRecommendedName is the recommended command name
const ReconcileClusterRolesRecommendedName = "reconcile-cluster-roles"
    ReconcileClusterRolesRecommendedName is the recommended command name
const ReconcileSCCRecommendedName = "reconcile-sccs"
    ReconcileSCCRecommendedName is the recommended command name
const WhoCanRecommendedName = "who-can"
    Variables ¶
This section is empty.
Functions ¶
func DiffObjectReferenceLists ¶ added in v1.0.8
func DiffObjectReferenceLists(list1 []kapi.ObjectReference, list2 []kapi.ObjectReference) (list1Only []kapi.ObjectReference, list2Only []kapi.ObjectReference)
DiffObjectReferenceLists returns lists containing the items unique to each provided list:
list1Only = list1 - list2 list2Only = list2 - list1
if both returned lists are empty, the provided lists are equal
func NewCmdAddClusterRoleToGroup ¶
func NewCmdAddClusterRoleToGroup(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
NewCmdAddClusterRoleToGroup implements the OpenShift cli add-cluster-role-to-group command
func NewCmdAddClusterRoleToUser ¶
func NewCmdAddClusterRoleToUser(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
NewCmdAddClusterRoleToUser implements the OpenShift cli add-cluster-role-to-user command
func NewCmdAddRoleToGroup ¶
func NewCmdAddRoleToGroup(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
NewCmdAddRoleToGroup implements the OpenShift cli add-role-to-group command
func NewCmdAddRoleToUser ¶
NewCmdAddRoleToUser implements the OpenShift cli add-role-to-user command
func NewCmdAddSCCToGroup ¶ added in v1.0.8
func NewCmdAddSCCToUser ¶ added in v1.0.8
func NewCmdPolicy ¶
NewCmdPolicy implements the OpenShift cli policy command
func NewCmdReconcileClusterRoleBindings ¶ added in v1.0.8
func NewCmdReconcileClusterRoleBindings(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
NewCmdReconcileClusterRoleBindings implements the OpenShift cli reconcile-cluster-role-bindings command
func NewCmdReconcileClusterRoles ¶ added in v1.0.4
func NewCmdReconcileClusterRoles(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
NewCmdReconcileClusterRoles implements the OpenShift cli reconcile-cluster-roles command
func NewCmdReconcileSCC ¶ added in v1.0.8
NewCmdReconcileSCC implements the OpenShift cli reconcile-sccs command.
func NewCmdRemoveClusterRoleFromGroup ¶
func NewCmdRemoveClusterRoleFromGroup(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
NewCmdRemoveClusterRoleFromGroup implements the OpenShift cli remove-cluster-role-from-group command
func NewCmdRemoveClusterRoleFromUser ¶
func NewCmdRemoveClusterRoleFromUser(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
NewCmdRemoveClusterRoleFromUser implements the OpenShift cli remove-cluster-role-from-user command
func NewCmdRemoveGroupFromProject ¶
func NewCmdRemoveGroupFromProject(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
NewCmdRemoveGroupFromProject implements the OpenShift cli remove-group command
func NewCmdRemoveRoleFromGroup ¶
func NewCmdRemoveRoleFromGroup(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
NewCmdRemoveRoleFromGroup implements the OpenShift cli remove-role-from-group command
func NewCmdRemoveRoleFromUser ¶
func NewCmdRemoveRoleFromUser(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command
NewCmdRemoveRoleFromUser implements the OpenShift cli remove-role-from-user command
func NewCmdRemoveSCCFromGroup ¶ added in v1.0.8
func NewCmdRemoveSCCFromUser ¶ added in v1.0.8
Types ¶
type ClusterRoleBindingAccessor ¶
ClusterRoleBindingAccessor operates against cluster scoped role bindings
func NewClusterRoleBindingAccessor ¶
func NewClusterRoleBindingAccessor(client client.Interface) ClusterRoleBindingAccessor
func (ClusterRoleBindingAccessor) CreateRoleBinding ¶
func (a ClusterRoleBindingAccessor) CreateRoleBinding(binding *authorizationapi.RoleBinding) error
func (ClusterRoleBindingAccessor) GetExistingRoleBindingNames ¶
func (a ClusterRoleBindingAccessor) GetExistingRoleBindingNames() (*sets.String, error)
func (ClusterRoleBindingAccessor) GetExistingRoleBindingsForRole ¶
func (a ClusterRoleBindingAccessor) GetExistingRoleBindingsForRole(roleNamespace, role string) ([]*authorizationapi.RoleBinding, error)
func (ClusterRoleBindingAccessor) UpdateRoleBinding ¶
func (a ClusterRoleBindingAccessor) UpdateRoleBinding(binding *authorizationapi.RoleBinding) error
type LocalRoleBindingAccessor ¶
LocalRoleBindingAccessor operates against role bindings in namespace
func NewLocalRoleBindingAccessor ¶
func NewLocalRoleBindingAccessor(bindingNamespace string, client client.Interface) LocalRoleBindingAccessor
func (LocalRoleBindingAccessor) CreateRoleBinding ¶
func (a LocalRoleBindingAccessor) CreateRoleBinding(binding *authorizationapi.RoleBinding) error
func (LocalRoleBindingAccessor) GetExistingRoleBindingNames ¶
func (a LocalRoleBindingAccessor) GetExistingRoleBindingNames() (*sets.String, error)
func (LocalRoleBindingAccessor) GetExistingRoleBindingsForRole ¶
func (a LocalRoleBindingAccessor) GetExistingRoleBindingsForRole(roleNamespace, role string) ([]*authorizationapi.RoleBinding, error)
func (LocalRoleBindingAccessor) UpdateRoleBinding ¶
func (a LocalRoleBindingAccessor) UpdateRoleBinding(binding *authorizationapi.RoleBinding) error
type ReconcileClusterRoleBindingsOptions ¶ added in v1.0.8
type ReconcileClusterRoleBindingsOptions struct {
	// RolesToReconcile says which roles should have their default bindings reconciled.
	// An empty or nil slice means reconcile all of them.
	RolesToReconcile []string
	Confirmed bool
	Union     bool
	ExcludeSubjects []kapi.ObjectReference
	Out    io.Writer
	Output string
	RoleBindingClient client.ClusterRoleBindingInterface
}
    func (*ReconcileClusterRoleBindingsOptions) ChangedClusterRoleBindings ¶ added in v1.0.8
func (o *ReconcileClusterRoleBindingsOptions) ChangedClusterRoleBindings() ([]*authorizationapi.ClusterRoleBinding, error)
ChangedClusterRoleBindings returns the role bindings that must be created and/or updated to match the recommended bootstrap policy
func (*ReconcileClusterRoleBindingsOptions) Complete ¶ added in v1.0.8
func (*ReconcileClusterRoleBindingsOptions) ReplaceChangedRoleBindings ¶ added in v1.0.8
func (o *ReconcileClusterRoleBindingsOptions) ReplaceChangedRoleBindings(changedRoleBindings []*authorizationapi.ClusterRoleBinding) error
ReplaceChangedRoleBindings will reconcile all the changed system role bindings back to the recommended bootstrap policy
func (*ReconcileClusterRoleBindingsOptions) RunReconcileClusterRoleBindings ¶ added in v1.0.8
func (o *ReconcileClusterRoleBindingsOptions) RunReconcileClusterRoleBindings(cmd *cobra.Command, f *clientcmd.Factory) error
ReconcileClusterRoleBindingsOptions contains all the necessary functionality for the OpenShift cli reconcile-cluster-role-bindings command
func (*ReconcileClusterRoleBindingsOptions) Validate ¶ added in v1.0.8
func (o *ReconcileClusterRoleBindingsOptions) Validate() error
type ReconcileClusterRolesOptions ¶ added in v1.0.8
type ReconcileClusterRolesOptions struct {
	// RolesToReconcile says which roles should be reconciled.  An empty or nil slice means
	// reconcile all of them.
	RolesToReconcile []string
	Confirmed bool
	Union     bool
	Out    io.Writer
	Output string
	RoleClient client.ClusterRoleInterface
}
    func (*ReconcileClusterRolesOptions) ChangedClusterRoles ¶ added in v1.0.8
func (o *ReconcileClusterRolesOptions) ChangedClusterRoles() ([]*authorizationapi.ClusterRole, error)
ChangedClusterRoles returns the roles that must be created and/or updated to match the recommended bootstrap policy
func (*ReconcileClusterRolesOptions) Complete ¶ added in v1.0.8
func (*ReconcileClusterRolesOptions) ReplaceChangedRoles ¶ added in v1.0.8
func (o *ReconcileClusterRolesOptions) ReplaceChangedRoles(changedRoles []*authorizationapi.ClusterRole) error
ReplaceChangedRoles will reconcile all the changed roles back to the recommended bootstrap policy
func (*ReconcileClusterRolesOptions) RunReconcileClusterRoles ¶ added in v1.0.8
func (o *ReconcileClusterRolesOptions) RunReconcileClusterRoles(cmd *cobra.Command, f *clientcmd.Factory) error
RunReconcileClusterRoles contains all the necessary functionality for the OpenShift cli reconcile-cluster-roles command
func (*ReconcileClusterRolesOptions) Validate ¶ added in v1.0.8
func (o *ReconcileClusterRolesOptions) Validate() error
type ReconcileSCCOptions ¶ added in v1.0.8
type ReconcileSCCOptions struct {
	// confirmed indicates that the data should be persisted
	Confirmed bool
	// union controls if we make additive changes to the users/groups fields or overwrite them
	// as well as preserving existing priorities (unset priorities will always be reconciled)
	Union bool
	// is the name of the openshift infrastructure namespace.  It is provided here so that
	// the command doesn't need to try and parse the policy config.
	InfraNamespace string
	Out    io.Writer
	Output string
	SCCClient kclient.SecurityContextConstraintInterface
	NSClient  kclient.NamespaceInterface
}
    func NewDefaultReconcileSCCOptions ¶ added in v1.0.8
func NewDefaultReconcileSCCOptions() *ReconcileSCCOptions
NewDefaultReconcileSCCOptions provides a ReconcileSCCOptions with default settings.
func (*ReconcileSCCOptions) ChangedSCCs ¶ added in v1.0.8
func (o *ReconcileSCCOptions) ChangedSCCs() ([]*kapi.SecurityContextConstraints, error)
ChangedSCCs returns the SCCs that must be created and/or updated to match the recommended bootstrap SCCs.
func (*ReconcileSCCOptions) Complete ¶ added in v1.0.8
func (*ReconcileSCCOptions) ReplaceChangedSCCs ¶ added in v1.0.8
func (o *ReconcileSCCOptions) ReplaceChangedSCCs(changedSCCs []*kapi.SecurityContextConstraints) error
ReplaceChangedSCCs persists the changed SCCs.
func (*ReconcileSCCOptions) RunReconcileSCCs ¶ added in v1.0.8
RunReconcileSCCs contains the functionality for the reconcile-sccs command for making or previewing changes.
func (*ReconcileSCCOptions) Validate ¶ added in v1.0.8
func (o *ReconcileSCCOptions) Validate() error
type RemoveFromProjectOptions ¶
type RemoveFromProjectOptions struct {
	BindingNamespace string
	Client           client.Interface
	Groups []string
	Users  []string
	Out io.Writer
}
    func (*RemoveFromProjectOptions) Complete ¶
func (*RemoveFromProjectOptions) Run ¶
func (o *RemoveFromProjectOptions) Run() error
type RoleBindingAccessor ¶
type RoleBindingAccessor interface {
	GetExistingRoleBindingsForRole(roleNamespace, role string) ([]*authorizationapi.RoleBinding, error)
	GetExistingRoleBindingNames() (*sets.String, error)
	UpdateRoleBinding(binding *authorizationapi.RoleBinding) error
	CreateRoleBinding(binding *authorizationapi.RoleBinding) error
}
    RoleBindingAccessor is used by role modification commands to access and modify roles
type RoleModificationOptions ¶
type RoleModificationOptions struct {
	RoleNamespace       string
	RoleName            string
	RoleBindingAccessor RoleBindingAccessor
	Users    []string
	Groups   []string
	Subjects []kapi.ObjectReference
}
    func (*RoleModificationOptions) AddRole ¶
func (o *RoleModificationOptions) AddRole() error
func (*RoleModificationOptions) Complete ¶
func (*RoleModificationOptions) CompleteUserWithSA ¶ added in v1.0.6
func (*RoleModificationOptions) RemoveRole ¶
func (o *RoleModificationOptions) RemoveRole() error
type SCCModificationOptions ¶ added in v1.0.8
type SCCModificationOptions struct {
	SCCName      string
	SCCInterface kclient.SecurityContextConstraintsInterface
	DefaultSubjectNamespace string
	Subjects                []kapi.ObjectReference
}
    func (*SCCModificationOptions) AddSCC ¶ added in v1.0.8
func (o *SCCModificationOptions) AddSCC() error
func (*SCCModificationOptions) CompleteGroups ¶ added in v1.0.8
func (o *SCCModificationOptions) CompleteGroups(f *clientcmd.Factory, args []string) error
func (*SCCModificationOptions) CompleteUsers ¶ added in v1.0.8
func (*SCCModificationOptions) RemoveSCC ¶ added in v1.0.8
func (o *SCCModificationOptions) RemoveSCC() error
       Source Files
      ¶
      Source Files
      ¶
    
- modify_roles.go
- modify_scc.go
- policy.go
- reconcile_clusterrolebindings.go
- reconcile_clusterroles.go
- reconcile_sccs.go
- remove_from_project.go
- who_can.go