/
pod_security_policy.go
82 lines (64 loc) · 2.41 KB
/
pod_security_policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package types
type PodSecurityPolicyWrapper struct {
PodSecurityPolicy PodSecurityPolicy `json:"pod_security_policy"`
}
type PodSecurityPolicy struct {
Version string `json:"version,omitempty"`
Cluster string `json:"cluster,omitempty"`
Name string `json:"name,omitempty"`
Namespace string `json:"namespace,omitempty"`
Labels map[string]string `json:"labels,omitempty"`
Annotations map[string]string `json:"annotations,omitempty"`
Privileged bool `json:"privileged,omitempty"`
AllowCapabilities []string `json:"cap_allow,omitempty"`
DenyCapabilities []string `json:"cap_deny,omitempty"`
DefaultCapabilities []string `json:"cap_default,omitempty"`
VolumePlugins []string `json:"vol_plugins,omitempty"`
HostMode []HostMode `json:"host_mode,omitempty"`
HostPortRanges []HostPortRange `json:"host_port_ranges,omitempty"`
SELinux SELinuxPolicy `json:"selinux_policy,omitempty"`
UIDPolicy UIDPolicy `json:"uid_policy,omitempty"`
GIDPolicy GIDPolicy `json:"gid_policy,omitempty"`
FSGIDPolicy GIDPolicy `json:"fsgid_policy,omitempty"`
ReadOnlyRootFS bool `json:"rootfs_ro,omitempty"`
AllowEscalation *bool `json:"allow_escalation,omitempty"`
AllowEscalationDefault *bool `json:"allow_escalation_default,omitempty"`
AllowedHostPaths []string `json:"host_paths_allowed,omitempty"`
AllowedFlexVolumes []string `json:"flex_volumes_allowed,omitempty"`
}
type SELinuxPolicy struct {
Policy SELinuxPolicyType `json:"policy,omitempty"`
SELinux `json:",inline"`
}
type SELinuxPolicyType string
const (
SELinuxPolicyAny SELinuxPolicyType = "*"
SELinuxPolicyMust SELinuxPolicyType = "must_be"
)
type UIDPolicy struct {
Policy UIDPolicyType `json:"policy,omitempty"`
Ranges []IDRange `json:"ranges,omitempty"`
}
type UIDPolicyType string
const (
UIDPolicyAny UIDPolicyType = "*"
UIDPolicyMust UIDPolicyType = "must_be"
UIDPolicyNonRoot UIDPolicyType = "non_root"
)
type GIDPolicy struct {
Policy GIDPolicyType `json:"policy,omitempty"`
Ranges []IDRange `json:"ranges,omitempty"`
}
type GIDPolicyType string
const (
GIDPolicyAny GIDPolicyType = "*"
GIDPolicyMust GIDPolicyType = "must_be"
)
type IDRange struct {
Min int64 `json:"min,omitempty"`
Max int64 `json:"max,omitempty"`
}
type HostPortRange struct {
Min int32 `json:"min,omitempty"`
Max int32 `json:"max,omitempty"`
}