-
Notifications
You must be signed in to change notification settings - Fork 2.2k
/
pluginrestrictions.go
62 lines (52 loc) · 1.68 KB
/
pluginrestrictions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
// Copyright 2019 The Kubernetes Authors.
// SPDX-License-Identifier: Apache-2.0
package types
// Some plugin classes
// - builtin: plugins defined in the kustomize repo.
// May be freely used and re-configured.
// - local: plugins that aren't builtin but are
// locally defined (presumably by the user), meaning
// the kustomization refers to them via a relative
// file path, not a URL.
// - remote: require a build-time download to obtain.
// Unadvised, unless one controls the
// serving site.
//
//go:generate stringer -type=PluginRestrictions
type PluginRestrictions int
const (
PluginRestrictionsUnknown PluginRestrictions = iota
// Non-builtin plugins completely disabled.
PluginRestrictionsBuiltinsOnly
// No restrictions, do whatever you want.
PluginRestrictionsNone
)
// BuiltinPluginLoadingOptions distinguish ways in which builtin plugins are used.
//go:generate stringer -type=BuiltinPluginLoadingOptions
type BuiltinPluginLoadingOptions int
const (
BploUndefined BuiltinPluginLoadingOptions = iota
// Desired in production use for performance.
BploUseStaticallyLinked
// Desired in testing and development cycles where it's undesirable
// to generate static code.
BploLoadFromFileSys
)
// FnPluginLoadingOptions set way functions-based plugins are restricted
type FnPluginLoadingOptions struct {
// Allow to run executables
EnableExec bool
// Allow to run starlark
EnableStar bool
// Allow container access to network
Network bool
NetworkName string
// list of mounts
Mounts []string
// list of env variables to pass to fn
Env []string
// Run as uid and gid of the command executor
AsCurrentUser bool
// Run in this working directory
WorkingDir string
}