rbac

package

v0.0.0-...-e40ea5d Latest Latest Go to latest Published: Apr 27, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/test-network-function/cnf-certification-test

Links

Open Source Insights

Documentation ¶

Index ¶

func AutomountServiceAccountSetOnSA(client corev1typed.CoreV1Interface, serviceAccountName, podNamespace string) (*bool, error)
func EvaluateAutomountTokens(client corev1typed.CoreV1Interface, put *corev1.Pod) (bool, string)
type CrdResource
- func GetCrdResources(crds []*apiextv1.CustomResourceDefinition) (resourceList []CrdResource)
type RoleResource
type RoleRule

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AutomountServiceAccountSetOnSA ¶

func AutomountServiceAccountSetOnSA(client corev1typed.CoreV1Interface, serviceAccountName, podNamespace string) (*bool, error)

AutomountServiceAccountSetOnSA checks if the AutomountServiceAccountToken field is set on a ServiceAccount. Returns:

A boolean pointer indicating whether the AutomountServiceAccountToken field is set.
An error if any occurred during the operation.

func EvaluateAutomountTokens ¶

func EvaluateAutomountTokens(client corev1typed.CoreV1Interface, put *corev1.Pod) (bool, string)

EvaluateAutomountTokens evaluates whether the automountServiceAccountToken is correctly configured for the given Pod. Checks if the token is explicitly set in the Pod's spec or if it is inherited from the associated ServiceAccount. Returns:

bool: Indicates whether the Pod passed all checks. if yes- return true, otherwise return false.
string: Error message if the Pod is misconfigured, otherwise an empty string.

Types ¶

type CrdResource ¶

type CrdResource struct {
	Group, SingularName, PluralName string
	ShortNames                      []string
}

func GetCrdResources ¶

func GetCrdResources(crds []*apiextv1.CustomResourceDefinition) (resourceList []CrdResource)

GetCrdResources converts a list of apiextv1.CustomResourceDefinition structs into a list of list of CrdResource structs. Returns:

[]CrdResource : a slice of CrdResource objects.

type RoleResource ¶

type RoleResource struct {
	Group, Name string
}

type RoleRule ¶

type RoleRule struct {
	Resource RoleResource
	Verb     string
}

func FilterRulesNonMatchingResources ¶

func FilterRulesNonMatchingResources(ruleList []RoleRule, resourceList []CrdResource) (matching, nonMatching []RoleRule)

FilterRulesNonMatchingResources filters RoleRules based on whether they match any CrdResource in the resourceList. Returns :

Matching: a slice of RoleRule that contains all rules where a CrdResource matches a RoleRule based on their properties.
NonMatching: a slice of RoleRule that contains all rules not matching the CRD resource.

func GetAllRules ¶

func GetAllRules(aRole *rbacv1.Role) (ruleList []RoleRule)

GetAllRules retrieves a list all of rules defined by the role passed in input. Returns:

[]RoleRule : a slice of RoleRule objects.

func SliceDifference ¶

func SliceDifference(s1, s2 []RoleRule) (diff []RoleRule)

SliceDifference checks if there is a difference between s1 and s2 RoleRule slices. Returns :

[]RoleRule : the elements that are exist in s1 but not in s2.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL