Documentation
¶
Overview ¶
Package api is the internal version of the API.
Index ¶
- Constants
- Variables
- func DeepCopy_api_PodSecurityPolicyReview(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_api_PodSecurityPolicyReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_api_PodSecurityPolicyReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_api_PodSecurityPolicySelfSubjectReview(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_api_PodSecurityPolicySelfSubjectReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_api_PodSecurityPolicySubjectReview(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_api_PodSecurityPolicySubjectReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_api_PodSecurityPolicySubjectReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_api_ServiceAccountPodSecurityPolicyReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error
- func IsKindOrLegacy(kind string, gk unversioned.GroupKind) bool
- func IsResourceOrLegacy(resource string, gr unversioned.GroupResource) bool
- func Kind(kind string) unversioned.GroupKind
- func LegacyKind(kind string) unversioned.GroupKind
- func LegacyResource(resource string) unversioned.GroupResource
- func RegisterDeepCopies(scheme *runtime.Scheme) error
- func Resource(resource string) unversioned.GroupResource
- type PodSecurityPolicyReview
- type PodSecurityPolicyReviewSpec
- type PodSecurityPolicyReviewStatus
- type PodSecurityPolicySelfSubjectReview
- type PodSecurityPolicySelfSubjectReviewSpec
- type PodSecurityPolicySubjectReview
- type PodSecurityPolicySubjectReviewSpec
- type PodSecurityPolicySubjectReviewStatus
- type ServiceAccountPodSecurityPolicyReviewStatus
Constants ¶
View Source
const ( GroupName = "security.openshift.io" LegacyGroupName = "" )
Variables ¶
View Source
var ( SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} LegacySchemeGroupVersion = unversioned.GroupVersion{Group: LegacyGroupName, Version: runtime.APIVersionInternal} LegacySchemeBuilder = runtime.NewSchemeBuilder(addLegacyKnownTypes) AddToSchemeInCoreGroup = LegacySchemeBuilder.AddToScheme SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
SchemeGroupVersion is group version used to register these objects
Functions ¶
func DeepCopy_api_PodSecurityPolicyReview ¶
func DeepCopy_api_PodSecurityPolicyReview(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicyReviewSpec ¶
func DeepCopy_api_PodSecurityPolicyReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicyReviewStatus ¶
func DeepCopy_api_PodSecurityPolicyReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicySelfSubjectReview ¶
func DeepCopy_api_PodSecurityPolicySelfSubjectReview(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicySelfSubjectReviewSpec ¶
func DeepCopy_api_PodSecurityPolicySelfSubjectReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicySubjectReview ¶
func DeepCopy_api_PodSecurityPolicySubjectReview(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicySubjectReviewSpec ¶
func DeepCopy_api_PodSecurityPolicySubjectReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_api_PodSecurityPolicySubjectReviewStatus ¶
func DeepCopy_api_PodSecurityPolicySubjectReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_api_ServiceAccountPodSecurityPolicyReviewStatus ¶
func DeepCopy_api_ServiceAccountPodSecurityPolicyReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error
func IsKindOrLegacy ¶
func IsKindOrLegacy(kind string, gk unversioned.GroupKind) bool
IsKindOrLegacy checks if the provided GroupKind matches with the given kind by looking up the API group and also the legacy API.
func IsResourceOrLegacy ¶
func IsResourceOrLegacy(resource string, gr unversioned.GroupResource) bool
IsResourceOrLegacy checks if the provided GroupResources matches with the given resource by looking up the API group and also the legacy API.
func Kind ¶
func Kind(kind string) unversioned.GroupKind
Kind takes an unqualified kind and returns back a Group qualified GroupKind
func LegacyKind ¶
func LegacyKind(kind string) unversioned.GroupKind
func LegacyResource ¶
func LegacyResource(resource string) unversioned.GroupResource
func RegisterDeepCopies ¶ added in v1.4.0
RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.
func Resource ¶
func Resource(resource string) unversioned.GroupResource
Resource takes an unqualified resource and returns back a Group qualified GroupResource
Types ¶
type PodSecurityPolicyReview ¶
type PodSecurityPolicyReview struct {
unversioned.TypeMeta
// Spec is the PodSecurityPolicy to check.
Spec PodSecurityPolicyReviewSpec
// Status represents the current information/status for the PodSecurityPolicyReview.
Status PodSecurityPolicyReviewStatus
}
PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.
type PodSecurityPolicyReviewSpec ¶
type PodSecurityPolicyReviewSpec struct {
// Template is the PodTemplateSpec to check. The PodTemplateSpec.Spec.ServiceAccountName field is used
// if ServiceAccountNames is empty, unless the PodTemplateSpec.Spec.ServiceAccountName is empty,
// in which case "default" is used.
// If ServiceAccountNames is specified, PodTemplateSpec.Spec.ServiceAccountName is ignored.
Template kapi.PodTemplateSpec
// ServiceAccountNames is an optional set of ServiceAccounts to run the check with.
// If ServiceAccountNames is empty, the PodTemplateSpec.Spec.ServiceAccountName is used,
// unless it's empty, in which case "default" is used instead.
// If ServiceAccountNames is specified, PodTemplateSpec.Spec.ServiceAccountName is ignored.
ServiceAccountNames []string // TODO: find a way to express 'all service accounts'
}
PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview
type PodSecurityPolicyReviewStatus ¶
type PodSecurityPolicyReviewStatus struct {
// AllowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodTemplateSpec.
AllowedServiceAccounts []ServiceAccountPodSecurityPolicyReviewStatus
}
PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview.
type PodSecurityPolicySelfSubjectReview ¶
type PodSecurityPolicySelfSubjectReview struct {
unversioned.TypeMeta
// Spec defines specification the PodSecurityPolicySelfSubjectReview.
Spec PodSecurityPolicySelfSubjectReviewSpec
// Status represents the current information/status for the PodSecurityPolicySelfSubjectReview.
Status PodSecurityPolicySubjectReviewStatus
}
PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec.
type PodSecurityPolicySelfSubjectReviewSpec ¶
type PodSecurityPolicySelfSubjectReviewSpec struct {
// Template is the PodTemplateSpec to check.
Template kapi.PodTemplateSpec
}
PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview.
type PodSecurityPolicySubjectReview ¶
type PodSecurityPolicySubjectReview struct {
unversioned.TypeMeta
// Spec defines specification for the PodSecurityPolicySubjectReview.
Spec PodSecurityPolicySubjectReviewSpec
// Status represents the current information/status for the PodSecurityPolicySubjectReview.
Status PodSecurityPolicySubjectReviewStatus
}
PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.
type PodSecurityPolicySubjectReviewSpec ¶
type PodSecurityPolicySubjectReviewSpec struct {
// Template is the PodTemplateSpec to check. If PodTemplateSpec.Spec.ServiceAccountName is empty it will not be defaulted.
// If its non-empty, it will be checked.
Template kapi.PodTemplateSpec
// User is the user you're testing for.
// If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups.
// If User and Groups are empty, then the check is performed using *only* the ServiceAccountName in the PodTemplateSpec.
User string
// Groups is the groups you're testing for.
Groups []string
}
PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview
type PodSecurityPolicySubjectReviewStatus ¶
type PodSecurityPolicySubjectReviewStatus struct {
// AllowedBy is a reference to the rule that allows the PodTemplateSpec.
// A rule can be a SecurityContextConstraint or a PodSecurityPolicy
// A `nil`, indicates that it was denied.
AllowedBy *kapi.ObjectReference
// A machine-readable description of why this operation is in the
// "Failure" status. If this value is empty there
// is no information available.
Reason string
// Template is the PodTemplateSpec after the defaulting is applied.
Template kapi.PodTemplateSpec
}
PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.
type ServiceAccountPodSecurityPolicyReviewStatus ¶
type ServiceAccountPodSecurityPolicyReviewStatus struct {
PodSecurityPolicySubjectReviewStatus
// Name contains the allowed and the denied ServiceAccount name
Name string
}
ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status
Source Files
¶
- doc.go
- register.go
- types.go
- zz_generated.deepcopy.go
Directories
¶
| Path | Synopsis |
|---|---|
|
Package v1 is the v1 version of the API.
|
Package v1 is the v1 version of the API. |
Click to show internal directories.
Click to hide internal directories.