mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-13 10:33:35 +00:00
rebase: update kubernetes to v1.25.0
update kubernetes to latest v1.25.0 release. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
Madhu Rajanna
committed by
mergify[bot]
mergify[bot]
parent
f47839d73d
commit
e3bf375035
53
vendor/k8s.io/pod-security-admission/api/helpers.go
generated
vendored
53
vendor/k8s.io/pod-security-admission/api/helpers.go
generated
vendored
@ -144,12 +144,65 @@ func (lv LevelVersion) String() string {
|
||||
return fmt.Sprintf("%s:%s", lv.Level, lv.Version)
|
||||
}
|
||||
|
||||
// Equivalent determines whether two LevelVersions are functionally equivalent. LevelVersions are
|
||||
// considered equivalent if both are privileged, or both levels & versions are equal.
|
||||
func (lv *LevelVersion) Equivalent(other *LevelVersion) bool {
|
||||
return (lv.Level == LevelPrivileged && other.Level == LevelPrivileged) ||
|
||||
(lv.Level == other.Level && lv.Version == other.Version)
|
||||
}
|
||||
|
||||
type Policy struct {
|
||||
Enforce LevelVersion
|
||||
Audit LevelVersion
|
||||
Warn LevelVersion
|
||||
}
|
||||
|
||||
func (p *Policy) String() string {
|
||||
return fmt.Sprintf("enforce=%#v, audit=%#v, warn=%#v", p.Enforce, p.Audit, p.Warn)
|
||||
}
|
||||
|
||||
// CompactString prints a minimalist representation of the policy that excludes any privileged
|
||||
// levels.
|
||||
func (p *Policy) CompactString() string {
|
||||
sb := strings.Builder{}
|
||||
if p.Enforce.Level != LevelPrivileged {
|
||||
sb.WriteString("enforce=")
|
||||
sb.WriteString(p.Enforce.String())
|
||||
}
|
||||
if p.Audit.Level != LevelPrivileged {
|
||||
if sb.Len() > 0 {
|
||||
sb.WriteString(", ")
|
||||
}
|
||||
sb.WriteString("audit=")
|
||||
sb.WriteString(p.Audit.String())
|
||||
}
|
||||
if p.Warn.Level != LevelPrivileged {
|
||||
if sb.Len() > 0 {
|
||||
sb.WriteString(", ")
|
||||
}
|
||||
sb.WriteString("warn=")
|
||||
sb.WriteString(p.Warn.String())
|
||||
}
|
||||
if sb.Len() == 0 {
|
||||
// All modes were privileged, just output "privileged".
|
||||
return string(LevelPrivileged)
|
||||
}
|
||||
return sb.String()
|
||||
}
|
||||
|
||||
// Equivalent determines whether two policies are functionally equivalent. Policies are considered
|
||||
// equivalent if all 3 modes are considered equivalent.
|
||||
func (p *Policy) Equivalent(other *Policy) bool {
|
||||
return p.Enforce.Equivalent(&other.Enforce) && p.Audit.Equivalent(&other.Audit) && p.Warn.Equivalent(&other.Warn)
|
||||
}
|
||||
|
||||
// FullyPrivileged returns true if all 3 policy modes are privileged.
|
||||
func (p *Policy) FullyPrivileged() bool {
|
||||
return p.Enforce.Level == LevelPrivileged &&
|
||||
p.Audit.Level == LevelPrivileged &&
|
||||
p.Warn.Level == LevelPrivileged
|
||||
}
|
||||
|
||||
// PolicyToEvaluate resolves the PodSecurity namespace labels to the policy for that namespace,
|
||||
// falling back to the provided defaults when a label is unspecified. A valid policy is always
|
||||
// returned, even when an error is returned. If labels cannot be parsed correctly, the values of
|
||||
|
||||
Reference in New Issue
Block a user