kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

acl: new NamespaceCapabilityCSIAccess, CSICreateVolume

Browse Source
This commit is contained in:
Lang Martin
2019-10-28 11:59:28 -04:00
committed by Tim Gross
parent 24d2367da5
commit 63b7f96537
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
acl/policy.go
View File

@@ -33,6 +33,9 @@ const (
NamespaceCapabilityAllocNodeExec = "alloc-node-exec"
NamespaceCapabilityAllocLifecycle = "alloc-lifecycle"
NamespaceCapabilitySentinelOverride = "sentinel-override"
NamespaceCapabilityPrivilegedTask = "privileged-task"
NamespaceCapabilityCSIAccess = "csi-access"
NamespaceCapabilityCSICreateVolume = "csi-create-volume"
)
var (
@@ -122,7 +125,8 @@ func isNamespaceCapabilityValid(cap string) bool {
case NamespaceCapabilityDeny, NamespaceCapabilityListJobs, NamespaceCapabilityReadJob,
NamespaceCapabilitySubmitJob, NamespaceCapabilityDispatchJob, NamespaceCapabilityReadLogs,
NamespaceCapabilityReadFS, NamespaceCapabilityAllocLifecycle,
NamespaceCapabilityAllocExec, NamespaceCapabilityAllocNodeExec:
NamespaceCapabilityAllocExec, NamespaceCapabilityAllocNodeExec,
NamespaceCapabilityCSIAccess, NamespaceCapabilityCSICreateVolume:
return true
// Separate the enterprise-only capabilities
case NamespaceCapabilitySentinelOverride: