本文整理汇总了Golang中github.com/openshift/origin/pkg/security/api.PodSecurityPolicyReviewStatus类的典型用法代码示例。如果您正苦于以下问题:Golang PodSecurityPolicyReviewStatus类的具体用法?Golang PodSecurityPolicyReviewStatus怎么用?Golang PodSecurityPolicyReviewStatus使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了PodSecurityPolicyReviewStatus类的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: Create
// Create registers a given new PodSecurityPolicyReview instance to r.registry.
func (r *REST) Create(ctx kapi.Context, obj runtime.Object) (runtime.Object, error) {
pspr, ok := obj.(*securityapi.PodSecurityPolicyReview)
if !ok {
return nil, kapierrors.NewBadRequest(fmt.Sprintf("not a PodSecurityPolicyReview: %#v", obj))
}
if errs := securityvalidation.ValidatePodSecurityPolicyReview(pspr); len(errs) > 0 {
return nil, kapierrors.NewInvalid(kapi.Kind("PodSecurityPolicyReview"), "", errs)
}
ns, ok := kapi.NamespaceFrom(ctx)
if !ok {
return nil, kapierrors.NewBadRequest("namespace parameter required.")
}
serviceAccounts, err := getServiceAccounts(pspr.Spec, r.saCache, ns)
if err != nil {
return nil, kapierrors.NewBadRequest(err.Error())
}
if len(serviceAccounts) == 0 {
glog.Errorf("No service accounts for namespace %s", ns)
return nil, kapierrors.NewBadRequest(fmt.Sprintf("unable to find ServiceAccount for namespace: %s", ns))
}
errs := []error{}
newStatus := securityapi.PodSecurityPolicyReviewStatus{}
for _, sa := range serviceAccounts {
userInfo := serviceaccount.UserInfo(ns, sa.Name, "")
saConstraints, err := r.sccMatcher.FindApplicableSCCs(userInfo)
if err != nil {
errs = append(errs, fmt.Errorf("unable to find SecurityContextConstraints for ServiceAccount %s: %v", sa.Name, err))
continue
}
oscc.DeduplicateSecurityContextConstraints(saConstraints)
sort.Sort(oscc.ByPriority(saConstraints))
var namespace *kapi.Namespace
for _, constraint := range saConstraints {
var (
provider kscc.SecurityContextConstraintsProvider
err error
)
pspsrs := securityapi.PodSecurityPolicySubjectReviewStatus{}
if provider, namespace, err = oscc.CreateProviderFromConstraint(ns, namespace, constraint, r.client); err != nil {
errs = append(errs, fmt.Errorf("unable to create provider for service account %s: %v", sa.Name, err))
continue
}
_, err = podsecuritypolicysubjectreview.FillPodSecurityPolicySubjectReviewStatus(&pspsrs, provider, pspr.Spec.Template.Spec, constraint)
if err != nil {
glog.Errorf("unable to fill PodSecurityPolicyReviewStatus from constraint %v", err)
continue
}
sapsprs := securityapi.ServiceAccountPodSecurityPolicyReviewStatus{pspsrs, sa.Name}
newStatus.AllowedServiceAccounts = append(newStatus.AllowedServiceAccounts, sapsprs)
}
}
if len(errs) > 0 {
return nil, kapierrors.NewBadRequest(fmt.Sprintf("%s", kerrors.NewAggregate(errs)))
}
pspr.Status = newStatus
return pspr, nil
}
开发者ID:xgwang-zte,项目名称:origin,代码行数:60,代码来源:rest.go
示例2: autoConvert_v1_PodSecurityPolicyReviewStatus_To_api_PodSecurityPolicyReviewStatus
func autoConvert_v1_PodSecurityPolicyReviewStatus_To_api_PodSecurityPolicyReviewStatus(in *PodSecurityPolicyReviewStatus, out *security_api.PodSecurityPolicyReviewStatus, s conversion.Scope) error {
if in.AllowedServiceAccounts != nil {
in, out := &in.AllowedServiceAccounts, &out.AllowedServiceAccounts
*out = make([]security_api.ServiceAccountPodSecurityPolicyReviewStatus, len(*in))
for i := range *in {
if err := Convert_v1_ServiceAccountPodSecurityPolicyReviewStatus_To_api_ServiceAccountPodSecurityPolicyReviewStatus(&(*in)[i], &(*out)[i], s); err != nil {
return err
}
}
} else {
out.AllowedServiceAccounts = nil
}
return nil
}
开发者ID:ZenoRewn,项目名称:origin,代码行数:14,代码来源:conversion_generated.go
注:本文中的github.com/openshift/origin/pkg/security/api.PodSecurityPolicyReviewStatus类示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论