kubernetes: k8s.io/kubernetes/pkg/security/podsecuritypolicy/group Index | Files

package group

import "k8s.io/kubernetes/pkg/security/podsecuritypolicy/group"

Package group contains code for validating and defaulting the FSGroup and supplemental groups of a pod according to a security policy.


Package Files

doc.go helpers.go mayrunas.go mustrunas.go runasany.go types.go

func ValidateGroupsInRanges Uses

func ValidateGroupsInRanges(fldPath *field.Path, ranges []policy.IDRange, groups []int64) field.ErrorList

type GroupStrategy Uses

type GroupStrategy interface {
    // Generate creates the group based on policy rules.  The underlying implementation can
    // decide whether it will return a full range of values or a subset of values from the
    // configured ranges.
    Generate(pod *api.Pod) ([]int64, error)
    // Generate a single value to be applied.  The underlying implementation decides which
    // value to return if configured with multiple ranges.  This is used for FSGroup.
    GenerateSingle(pod *api.Pod) (*int64, error)
    // Validate ensures that the specified values fall within the range of the strategy.
    Validate(fldPath *field.Path, pod *api.Pod, groups []int64) field.ErrorList

GroupStrategy defines the interface for all group constraint strategies.

func NewMayRunAs Uses

func NewMayRunAs(ranges []policy.IDRange) (GroupStrategy, error)

NewMayRunAs provides a new MayRunAs strategy.

func NewMustRunAs Uses

func NewMustRunAs(ranges []policy.IDRange) (GroupStrategy, error)

NewMustRunAs provides a new MustRunAs strategy based on ranges.

func NewRunAsAny Uses

func NewRunAsAny() (GroupStrategy, error)

NewRunAsAny provides a new RunAsAny strategy.

Package group imports 5 packages (graph) and is imported by 56 packages. Updated 2019-03-16. Refresh now. Tools for package owners.