func init() { admission.RegisterPlugin("DenyEscalatingExec", func(client client.Interface, config io.Reader) (admission.Interface, error) { return NewDenyEscalatingExec(client), nil }) // This is for legacy support of the DenyExecOnPrivileged admission controller. Most // of the time DenyEscalatingExec should be preferred. admission.RegisterPlugin("DenyExecOnPrivileged", func(client client.Interface, config io.Reader) (admission.Interface, error) { return NewDenyExecOnPrivileged(client), nil }) }
func init() { admission.RegisterPlugin("OwnerReferencesPermissionEnforcement", func(client clientset.Interface, config io.Reader) (admission.Interface, error) { return &gcPermissionsEnforcement{ Handler: admission.NewHandler(admission.Create, admission.Update), }, nil }) }
func init() { admission.RegisterPlugin(PluginName, func(client clientset.Interface, config io.Reader) (admission.Interface, error) { serviceAccountAdmission := NewServiceAccount(client) serviceAccountAdmission.Run() return serviceAccountAdmission, nil }) }
func init() { admission.RegisterPlugin(PluginName, func(client clientset.Interface, config io.Reader) (admission.Interface, error) { plugin := NewPlugin(client, psp.NewSimpleStrategyFactory(), getMatchingPolicies, false) plugin.Run() return plugin, nil }) }
func init() { admission.RegisterPlugin("PodNodeSelector", func(client clientset.Interface, config io.Reader) (admission.Interface, error) { pluginConfig := readConfig(config) plugin := NewPodNodeSelector(client, pluginConfig.PodNodeSelectorPluginConfig) return plugin, nil }) }
func init() { admission.RegisterPlugin("openshift.io/RestrictSubjectBindings", func(kclient kclientset.Interface, config io.Reader) (admission.Interface, error) { return NewRestrictUsersAdmission(kclient) }) }
func init() { admission.RegisterPlugin("ResourceQuota", func(client clientset.Interface, config io.Reader) (admission.Interface, error) { registry := install.NewRegistry(client) return NewResourceQuota(client, registry, 5) }) }
func init() { admission.RegisterPlugin("SCCExecRestrictions", func(client clientset.Interface, config io.Reader) (admission.Interface, error) { execAdmitter := NewSCCExecRestrictions(client) execAdmitter.constraintAdmission.Run() return execAdmitter, nil }) }
func registerAdmissionPlugins(t *testing.T, names ...string) { for _, name := range names { pluginName := name admission.RegisterPlugin(pluginName, func(client kclientset.Interface, config io.Reader) (admission.Interface, error) { plugin := &testAdmissionPlugin{ name: pluginName, } if config != nil && !reflect.ValueOf(config).IsNil() { configData, err := ioutil.ReadAll(config) if err != nil { return nil, err } configData, err = kyaml.ToJSON(configData) if err != nil { return nil, err } configObj := &TestPluginConfig{} err = runtime.DecodeInto(kapi.Codecs.UniversalDecoder(), configData, configObj) if err != nil { return nil, err } plugin.labelValue = configObj.Data } return plugin, nil }) } }
func init() { admission.RegisterPlugin(PluginName, func(client clientset.Interface, config io.Reader) (admission.Interface, error) { plugin := newPlugin(client) plugin.Run() return plugin, nil }) }
func init() { kadmission.RegisterPlugin("SecurityContextConstraint", func(client client.Interface, config io.Reader) (kadmission.Interface, error) { constraintAdmitter := NewConstraint(client) constraintAdmitter.Run() return constraintAdmitter, nil }) }
func init() { admission.RegisterPlugin("ResourceQuota", func(client clientset.Interface, config io.Reader) (admission.Interface, error) { registry := install.NewRegistry(client) // TODO: expose a stop channel in admission factory return NewResourceQuota(client, registry, 5, make(chan struct{})) }) }
// WARNING: this feature is experimental and will definitely change. func init() { admission.RegisterPlugin("InitialResources", func(client clientset.Interface, config io.Reader) (admission.Interface, error) { s, err := newDataSource(*source) if err != nil { return nil, err } return newInitialResources(s, *percentile, *nsOnly), nil }) }
func init() { kadmission.RegisterPlugin(PluginName, func(client clientset.Interface, config io.Reader) (kadmission.Interface, error) { plugin, err := NewImageLimitRangerPlugin(client, config) if err != nil { return nil, err } return plugin, nil }) }
func init() { admission.RegisterPlugin("BuildByStrategy", func(c kclient.Interface, config io.Reader) (admission.Interface, error) { osClient, ok := c.(client.Interface) if !ok { return nil, errors.New("client is not an Origin client") } return NewBuildByStrategy(osClient), nil }) }
func init() { admission.RegisterPlugin("ImagePolicyWebhook", func(client clientset.Interface, config io.Reader) (admission.Interface, error) { newImagePolicyWebhook, err := NewImagePolicyWebhook(client, config) if err != nil { return nil, err } return newImagePolicyWebhook, nil }) }
func init() { admission.RegisterPlugin("RunOnceDuration", func(client kclient.Interface, config io.Reader) (admission.Interface, error) { pluginConfig, err := readConfig(config) if err != nil { return nil, err } return NewRunOnceDuration(pluginConfig), nil }) }
func init() { admission.RegisterPlugin("ProjectRequestLimit", func(client kclient.Interface, config io.Reader) (admission.Interface, error) { pluginConfig, err := readConfig(config) if err != nil { return nil, err } return NewProjectRequestLimit(pluginConfig) }) }
func init() { admission.RegisterPlugin("PodNodeConstraints", func(c clientset.Interface, config io.Reader) (admission.Interface, error) { pluginConfig, err := readConfig(config) if err != nil { return nil, err } return NewPodNodeConstraints(pluginConfig), nil }) }
func init() { admission.RegisterPlugin("ResourceQuota", func(client clientset.Interface, config io.Reader) (admission.Interface, error) { // NOTE: we do not provide informers to the registry because admission level decisions // does not require us to open watches for all items tracked by quota. registry := install.NewRegistry(nil, nil) return NewResourceQuota(client, registry, 5, make(chan struct{})) }) }
func init() { admission.RegisterPlugin("BuildOverrides", func(c clientset.Interface, config io.Reader) (admission.Interface, error) { overridesConfig, err := getConfig(config) if err != nil { return nil, err } glog.V(4).Infof("Initializing BuildOverrides plugin with config: %#v", overridesConfig) return NewBuildOverrides(overridesConfig), nil }) }
func init() { admission.RegisterPlugin("BuildDefaults", func(c kclient.Interface, config io.Reader) (admission.Interface, error) { defaultsConfig, err := getConfig(config) if err != nil { return nil, err } glog.V(4).Infof("Initializing BuildDefaults plugin with config: %#v", defaultsConfig) return NewBuildDefaults(defaultsConfig), nil }) }
func init() { admission.RegisterPlugin("ProjectRequestLimit", func(client clientset.Interface, config io.Reader) (admission.Interface, error) { pluginConfig, err := readConfig(config) if err != nil { return nil, err } if pluginConfig == nil { glog.Infof("Admission plugin %q is not configured so it will be disabled.", "ProjectRequestLimit") return nil, nil } return NewProjectRequestLimit(pluginConfig) }) }
func init() { admission.RegisterPlugin(api.PluginName, func(client clientset.Interface, config io.Reader) (admission.Interface, error) { pluginConfig, err := ReadConfig(config) if err != nil { return nil, err } if pluginConfig == nil { glog.Infof("Admission plugin %q is not configured so it will be disabled.", api.PluginName) return nil, nil } return newClusterResourceOverride(client, pluginConfig) }) }
func init() { admission.RegisterPlugin("PodNodeConstraints", func(c clientset.Interface, config io.Reader) (admission.Interface, error) { pluginConfig, err := readConfig(config) if err != nil { return nil, err } if pluginConfig == nil { glog.Infof("Admission plugin %q is not configured so it will be disabled.", "PodNodeConstraints") return nil, nil } return NewPodNodeConstraints(pluginConfig), nil }) }
func init() { admission.RegisterPlugin("RunOnceDuration", func(client clientset.Interface, config io.Reader) (admission.Interface, error) { pluginConfig, err := readConfig(config) if err != nil { return nil, err } if pluginConfig == nil { glog.Infof("Admission plugin %q is not configured so it will be disabled.", "RunOnceDuration") return nil, nil } return NewRunOnceDuration(pluginConfig), nil }) }
func init() { admission.RegisterPlugin(api.PluginName, func(client clientset.Interface, input io.Reader) (admission.Interface, error) { obj, err := configlatest.ReadYAML(input) if err != nil { return nil, err } if obj == nil { return nil, nil } config, ok := obj.(*api.ImagePolicyConfig) if !ok { return nil, fmt.Errorf("unexpected config object: %#v", obj) } if errs := validation.Validate(config); len(errs) > 0 { return nil, errs.ToAggregate() } glog.V(5).Infof("%s admission controller loaded with config: %#v", api.PluginName, config) return newImagePolicyPlugin(client, config) }) }
func init() { admission.RegisterPlugin("NamespaceExists", func(client clientset.Interface, config io.Reader) (admission.Interface, error) { return NewExists(client), nil }) }
func init() { admission.RegisterPlugin(PluginName, func(client clientset.Interface, config io.Reader) (admission.Interface, error) { return NewLifecycle(client, sets.NewString(api.NamespaceDefault, api.NamespaceSystem)), nil }) }
func init() { admission.RegisterPlugin(api.PluginName, func(client clientset.Interface, config io.Reader) (admission.Interface, error) { return newClusterResourceOverride(client, config) }) }