acl: new NamespaceCapabilityCSIAccess, CSICreateVolume

This commit is contained in:
Lang Martin 2019-10-28 11:59:28 -04:00 committed by Tim Gross
parent 4bb4dd98eb
commit 03817e16d4

View file

@ -33,6 +33,9 @@ const (
NamespaceCapabilityAllocNodeExec = "alloc-node-exec"
NamespaceCapabilityAllocLifecycle = "alloc-lifecycle"
NamespaceCapabilitySentinelOverride = "sentinel-override"
NamespaceCapabilityPrivilegedTask = "privileged-task"
NamespaceCapabilityCSIAccess = "csi-access"
NamespaceCapabilityCSICreateVolume = "csi-create-volume"
)
var (
@ -122,7 +125,8 @@ func isNamespaceCapabilityValid(cap string) bool {
case NamespaceCapabilityDeny, NamespaceCapabilityListJobs, NamespaceCapabilityReadJob,
NamespaceCapabilitySubmitJob, NamespaceCapabilityDispatchJob, NamespaceCapabilityReadLogs,
NamespaceCapabilityReadFS, NamespaceCapabilityAllocLifecycle,
NamespaceCapabilityAllocExec, NamespaceCapabilityAllocNodeExec:
NamespaceCapabilityAllocExec, NamespaceCapabilityAllocNodeExec,
NamespaceCapabilityCSIAccess, NamespaceCapabilityCSICreateVolume:
return true
// Separate the enterprise-only capabilities
case NamespaceCapabilitySentinelOverride: