acl: Add HostVolume ACLs #6014
Merged
acl: Add HostVolume ACLs #6014
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
endocrimes
force-pushed
the
dani/rfc-host-volumes
branch
2 times, most recently
from
d5ce4d7 to
4888b4c
Compare
endocrimes
force-pushed
the
dani/f-host-volume-acls
branch
2 times, most recently
from
afb334d to
bacd83c
Compare
endocrimes
force-pushed
the
dani/rfc-host-volumes
branch
2 times, most recently
from
5935e7a to
4a1d99c
Compare
endocrimes
force-pushed
the
dani/f-host-volume-acls
branch
from
bacd83c to
14c73e3
Compare
endocrimes
force-pushed
the
dani/rfc-host-volumes
branch
from
4a1d99c to
d2ee5fc
Compare
endocrimes
force-pushed
the
dani/rfc-host-volumes
branch
from
bd34a58 to
22b16de
Compare
endocrimes
force-pushed
the
dani/f-host-volume-acls
branch
from
14c73e3 to
ce8951b
Compare
endocrimes
changed the base branch from
dani/rfc-host-volumes
to
f-host-volumes
endocrimes
force-pushed
the
dani/f-host-volume-acls
branch
from
ce8951b to
346a16e
Compare
endocrimes
commented
Aug 9, 2019
tgross
reviewed
Aug 9, 2019
| @@ -238,19 +347,19 @@ func (a *ACL) findClosestMatchingGlob(ns string) (capabilitySet, bool) { | |||
| return matchingGlobs[0].capabilitySet, true | |||
| } | |||
|
|
|||
| func (a *ACL) findAllMatchingWildcards(ns string) []matchingGlob { | |||
| func findAllMatchingWildcards(radix *iradix.Tree, name string) []matchingGlob { | |||
There was a problem hiding this comment.
👍 for removing the unnecessary mutability here.
This adds an initial implementation of ACLs for HostVolumes. Because HostVolumes are a cluster-wide resource, they cannot be tied to a namespace, thus here we allow similar wildcard definitions based on their names, tied to a set of capabilities. Initially, the only available capabilities are deny, or mount. These may be extended in the future to allow read-fs, mount-readonly and similar capabilities.
endocrimes
force-pushed
the
dani/f-host-volume-acls
branch
from
346a16e to
f84365e
Compare
endocrimes
force-pushed
the
dani/f-host-volume-acls
branch
from
f84365e to
fac0813
Compare
|
I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds an initial implementation of ACLs for HostVolumes.
Because HostVolumes are a cluster-wide resource, they cannot be tied to
a namespace, thus here we allow similar wildcard definitions based on
their names, tied to a set of capabilities.
Initially, the only available capabilities are deny, or mount. These
will be extended to allow read-fs, mount-readonly and
similar capabilities.