Documentation ¶
Index ¶
- Constants
- func DefaultLabelSelector() metav1.LabelSelector
- func IsProtectedByResourceName(name string) bool
- func ParseHTTPRequest(r *http.Request) (admissionctl.Request, admissionctl.Response, error)
- func RegexSliceContains(needle string, haystack []string) bool
- func RequestMatchesGroupKind(req admissionctl.Request, kind, group string) bool
- func WebhookResponse(request admissionctl.Request, allowed bool, reason string) admissionctl.Response
Constants ¶
View Source
const ( // PrivilegedServiceAccountGroups is a regex string of serviceaccounts that our webhooks should commonly allow to // perform restricted actions. // Centralized osde2e tests have a serviceaccount like "system:serviceaccounts:osde2e-abcde" // Decentralized osde2e tests have a serviceaccount like "system:serviceaccounts:osde2e-h-abcde" PrivilegedServiceAccountGroups string = `^system:serviceaccounts:(kube.*|openshift.*|default|redhat.*|osde2e-(h-)?[a-z0-9]{5})` )
Variables ¶
This section is empty.
Functions ¶
func DefaultLabelSelector ¶
func DefaultLabelSelector() metav1.LabelSelector
func ParseHTTPRequest ¶
func ParseHTTPRequest(r *http.Request) (admissionctl.Request, admissionctl.Response, error)
func RegexSliceContains ¶
func RequestMatchesGroupKind ¶
func RequestMatchesGroupKind(req admissionctl.Request, kind, group string) bool
func WebhookResponse ¶
func WebhookResponse(request admissionctl.Request, allowed bool, reason string) admissionctl.Response
WebhookResponse assembles an allowed or denied admission response with the same UID as the provided request. The reason for allowed admission responses is not shown to the end user and is commonly empty string: ""
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.