5f734652f2
This adds an initial implementation of ACLs for HostVolumes. Because HostVolumes are a cluster-wide resource, they cannot be tied to a namespace, thus here we allow similar wildcard definitions based on their names, tied to a set of capabilities. Initially, the only available capabilities are deny, or mount. These may be extended in the future to allow read-fs, mount-readonly and similar capabilities. |
||
|---|---|---|
| .. | ||
| acl.go | ||
| acl_test.go | ||
| policy.go | ||
| policy_test.go | ||