rules

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

OPR-R22-RBAC - ClusterRole has full permissions over admission controllers

OPR-R4-SC - securityContext set to allowPrivilegeEscalation: true

OPR-R17-RBAC - ClusterRole has bind permissions

OPR-R9-SC - securityContext adds CAP_SYS_ADMIN Linux capability

OPR-R10-RBAC - Runs as Cluster Admin

OPR-R21-RBAC - ClusterRole has full permissions over any custom resource definitions

OPR-R1-NS - default namespace

OPR-R16-RBAC - ClusterRole has escalate permissions

OPR-R15-RBAC - ClusterRole can exec into Pods

OPR-R18-RBAC - ClusterRole has impersonate permissions

OPR-R2-NS - kube-system namespace

OPR-R19-RBAC - ClusterRole can modify pod logs

OPR-R25-RBAC - ClusterRole has read, write or delete permissions over network policies

OPR-R3-SC - No securityContext

OPR-R26-RBAC - ClusterRole has permissions over the Kubernetes API server proxy

OPR-R24-RBAC - ClusterRole has read, write or delete permissions over persistent volumes

OPR-R5-SC - securityContext set to privileged: true

OPR-R6-SC - securityContext set to readOnlyRootFilesystem: false

OPR-R20-RBAC - ClusterRole can remove Kubernetes events

OPR-R7-SC - securityContext set to runAsNonRoot: false

OPR-R8-SC - securityContext set to runAsUser: 0

OPR-R14-RBAC - ClusterRole has access to Kubernetes secrets

OPR-R23-RBAC - ClusterRole has permissions over service account token creation

OPR-R11-RBAC - ClusterRole has full permissions over all resources

OPR-R12-RBAC - ClusterRole has full permissions over all CoreAPI resources

OPR-R13-RBAC - ClusterRole has full permissions over ClusterRoles and ClusterRoleBindings

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AdmissionControllerClusterRole 

func AdmissionControllerClusterRole(input []byte) int

func AllowPrivilegeEscalation 

func AllowPrivilegeEscalation(json []byte) int

func BindClusterRole 

func BindClusterRole(input []byte) int

func CapSysAdmin 

func CapSysAdmin(json []byte) int

func ClusterAdmin 

func ClusterAdmin(json []byte) int

func CustomResourceClusterRole 

func CustomResourceClusterRole(input []byte) int

func DefaultNamespace 

func DefaultNamespace(json []byte) int

func EscalateClusterRole 

func EscalateClusterRole(input []byte) int

func ExecPodsClusterRole 

func ExecPodsClusterRole(input []byte) int

func ImpersonateClusterRole 

func ImpersonateClusterRole(input []byte) int

func KubeSystemNamespace 

func KubeSystemNamespace(json []byte) int

func ModifyPodLogsClusterRole 

func ModifyPodLogsClusterRole(input []byte) int

func NetworkPolicyClusterRole 

func NetworkPolicyClusterRole(input []byte) int

func NoSecurityContext 

func NoSecurityContext(json []byte) int

func NodeProxyClusterRole 

func NodeProxyClusterRole(input []byte) int

func PersistentVolumeClusterRole 

func PersistentVolumeClusterRole(input []byte) int

func Privileged 

func Privileged(json []byte) int

func ReadOnlyRootFilesystem 

func ReadOnlyRootFilesystem(json []byte) int

func RemoveEventsClusterRole 

func RemoveEventsClusterRole(input []byte) int

func RunAsNonRoot 

func RunAsNonRoot(json []byte) int

func RunAsUser 

func RunAsUser(json []byte) int

func SecretsClusterRole 

func SecretsClusterRole(input []byte) int

func ServiceAccountClusterRole 

func ServiceAccountClusterRole(input []byte) int

func StarAllClusterRole 

func StarAllClusterRole(input []byte) int

func StarAllCoreAPIClusterRole 

func StarAllCoreAPIClusterRole(input []byte) int

func StarClusterRoleAndBindings 

func StarClusterRoleAndBindings(input []byte) int

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.