Dieses Dokument wurde mithilfe automatisierter maschineller Übersetzungstechnologie übersetzt. Wir bemühen uns um korrekte Übersetzungen, übernehmen jedoch keine Gewähr für die Vollständigkeit, Richtigkeit oder Zuverlässigkeit der übersetzten Inhalte. Im Falle von Abweichungen ist die englische Originalversion maßgebend und stellt den verbindlichen Text dar.

Host capabilities call reference

Each host capability is identified by a path string. The following paths can be gated in spec.namespacedPoliciesCapabilities:

Category Path Description

Category	Path	Description
OCI	`oci/v1/verify`	Verify an OCI artifact signature (v1)
OCI	`oci/v2/verify`	Verify an OCI artifact signature (v2)
OCI	`oci/v1/manifest_digest`	Fetch an OCI manifest digest
OCI	`oci/v1/oci_manifest`	Fetch an OCI manifest
OCI	`oci/v1/oci_manifest_config`	Fetch an OCI manifest configuration
Kubernetes	`kubernetes/can_i`	Perform a SubjectAccessReview check
Net	`net/v1/dns_lookup_host`	Resolve a host name via DNS
Crypto	`crypto/v1/is_certificate_trusted`	Verify certificate trust chain

OCI

oci/v1/verify

Verify an OCI artifact signature (v1)

OCI

oci/v2/verify

Verify an OCI artifact signature (v2)

OCI

oci/v1/manifest_digest

Fetch an OCI manifest digest

OCI

oci/v1/oci_manifest

Fetch an OCI manifest

OCI

oci/v1/oci_manifest_config

Fetch an OCI manifest configuration

Kubernetes

kubernetes/can_i

Perform a SubjectAccessReview check

Net

net/v1/dns_lookup_host

Resolve a host name via DNS

Crypto

crypto/v1/is_certificate_trusted

Verify certificate trust chain

The kubernetes/list_resources_by_namespace, kubernetes/list_resources_all, and kubernetes/get_resource calls aren’t applicable to namespaced policies because those policies have no spec.contextAwareResources field. They’re only relevant for ClusterAdmissionPolicy resources, which always receive full host capability access.

The tracing/log call emits a log entry and is always available.