-
Notifications
You must be signed in to change notification settings - Fork 17
/
security.go
75 lines (61 loc) · 1.79 KB
/
security.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package security
type Security struct {
AllowedIsolations *AllowedIsolations `yaml:"allowed-isolations"`
}
type AllowedIsolations struct {
None *IsolationPolicyNone `yaml:"none"`
Container *IsolationPolicyContainer `yaml:"container"`
Parallels *IsolationPolicyParallels `yaml:"parallels"`
Tart *IsolationPolicyTart `yaml:"tart"`
Vetu *IsolationPolicyVetu `yaml:"vetu"`
}
func NoSecurity() *Security {
return &Security{}
}
func NoSecurityAllowAllVolumes() *Security {
return &Security{
AllowedIsolations: &AllowedIsolations{
None: &IsolationPolicyNone{},
Container: &IsolationPolicyContainer{},
Parallels: &IsolationPolicyParallels{},
Tart: &IsolationPolicyTart{
AllowedVolumes: []AllowedVolumeTart{
{
Source: "/*",
},
},
},
Vetu: &IsolationPolicyVetu{},
},
}
}
func (security *Security) NonePolicy() *IsolationPolicyNone {
if isolation := security.AllowedIsolations; isolation != nil {
return isolation.None
}
return &IsolationPolicyNone{}
}
func (security *Security) ContainerPolicy() *IsolationPolicyContainer {
if isolation := security.AllowedIsolations; isolation != nil {
return isolation.Container
}
return &IsolationPolicyContainer{}
}
func (security *Security) ParallelsPolicy() *IsolationPolicyParallels {
if isolation := security.AllowedIsolations; isolation != nil {
return isolation.Parallels
}
return &IsolationPolicyParallels{}
}
func (security *Security) TartPolicy() *IsolationPolicyTart {
if isolation := security.AllowedIsolations; isolation != nil {
return isolation.Tart
}
return &IsolationPolicyTart{}
}
func (security *Security) VetuPolicy() *IsolationPolicyVetu {
if isolation := security.AllowedIsolations; isolation != nil {
return isolation.Vetu
}
return &IsolationPolicyVetu{}
}