acl: new NamespaceCapabilityCSIAccess, CSICreateVolume
This commit is contained in:
parent
4bb4dd98eb
commit
03817e16d4
|
@ -33,6 +33,9 @@ const (
|
|||
NamespaceCapabilityAllocNodeExec = "alloc-node-exec"
|
||||
NamespaceCapabilityAllocLifecycle = "alloc-lifecycle"
|
||||
NamespaceCapabilitySentinelOverride = "sentinel-override"
|
||||
NamespaceCapabilityPrivilegedTask = "privileged-task"
|
||||
NamespaceCapabilityCSIAccess = "csi-access"
|
||||
NamespaceCapabilityCSICreateVolume = "csi-create-volume"
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -122,7 +125,8 @@ func isNamespaceCapabilityValid(cap string) bool {
|
|||
case NamespaceCapabilityDeny, NamespaceCapabilityListJobs, NamespaceCapabilityReadJob,
|
||||
NamespaceCapabilitySubmitJob, NamespaceCapabilityDispatchJob, NamespaceCapabilityReadLogs,
|
||||
NamespaceCapabilityReadFS, NamespaceCapabilityAllocLifecycle,
|
||||
NamespaceCapabilityAllocExec, NamespaceCapabilityAllocNodeExec:
|
||||
NamespaceCapabilityAllocExec, NamespaceCapabilityAllocNodeExec,
|
||||
NamespaceCapabilityCSIAccess, NamespaceCapabilityCSICreateVolume:
|
||||
return true
|
||||
// Separate the enterprise-only capabilities
|
||||
case NamespaceCapabilitySentinelOverride:
|
||||
|
|
Loading…
Reference in a new issue