From 63b7f96537c1d3edda97cc8cb2aa9456d947f6bd Mon Sep 17 00:00:00 2001 From: Lang Martin Date: Mon, 28 Oct 2019 11:59:28 -0400 Subject: [PATCH] acl: new NamespaceCapabilityCSIAccess, CSICreateVolume --- acl/policy.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/acl/policy.go b/acl/policy.go index bb22b45b8..b077d053e 100644 --- a/acl/policy.go +++ b/acl/policy.go @@ -33,6 +33,9 @@ const ( NamespaceCapabilityAllocNodeExec = "alloc-node-exec" NamespaceCapabilityAllocLifecycle = "alloc-lifecycle" NamespaceCapabilitySentinelOverride = "sentinel-override" + NamespaceCapabilityPrivilegedTask = "privileged-task" + NamespaceCapabilityCSIAccess = "csi-access" + NamespaceCapabilityCSICreateVolume = "csi-create-volume" ) var ( @@ -122,7 +125,8 @@ func isNamespaceCapabilityValid(cap string) bool { case NamespaceCapabilityDeny, NamespaceCapabilityListJobs, NamespaceCapabilityReadJob, NamespaceCapabilitySubmitJob, NamespaceCapabilityDispatchJob, NamespaceCapabilityReadLogs, NamespaceCapabilityReadFS, NamespaceCapabilityAllocLifecycle, - NamespaceCapabilityAllocExec, NamespaceCapabilityAllocNodeExec: + NamespaceCapabilityAllocExec, NamespaceCapabilityAllocNodeExec, + NamespaceCapabilityCSIAccess, NamespaceCapabilityCSICreateVolume: return true // Separate the enterprise-only capabilities case NamespaceCapabilitySentinelOverride: