validate

Documentation

Index

• func Hierarchical(objs []ast.FileObject, opts Options) ([]ast.FileObject, status.MultiError)
• func Unstructured(ctx context.Context, c client.Client, objs []ast.FileObject, opts Options) ([]ast.FileObject, status.MultiError)
• type Options
• type VisitorFunc

Functions

func Hierarchical

func Hierarchical(objs []ast.FileObject, opts Options) ([]ast.FileObject, status.MultiError)

Hierarchical validates and hydrates the given FileObjects from a structured, hierarchical repo.

func Unstructured

func Unstructured(ctx context.Context, c client.Client, objs []ast.FileObject, opts Options) ([]ast.FileObject, status.MultiError)

Unstructured validates and hydrates the given FileObjects from an unstructured repo.

Types

type Options

type Options struct {
	// ClusterName is the spec.clusterName of the cluster's ConfigManagement. This
	// is used when hydrating cluster selectors.
	ClusterName string
	// Scope is the scope of the reconciler.
	// `:root` represents the root-reconciler.
	// The scope of the namespace reconciler is its namespace name.
	Scope declared.Scope
	// SyncName is the name of the RootSync or RepoSync that owns the reconciler.
	SyncName string
	// PolicyDir is the relative path of the root policy directory within the
	// repo.
	PolicyDir cmpath.Relative
	// PreviousCRDs is a list of the CRDs that were declared in the previous set
	// of FileObjects that were validated. This is used to validate that we only
	// remove a CRD if all of its CRs are gone as well.
	PreviousCRDs []*apiextensionsv1.CustomResourceDefinition
	// BuildScoper is a function that builds a Scoper to identify which objects
	// are cluster-scoped or namespace-scoped.
	BuildScoper discovery.BuildScoperFunc
	// Converter is used to encode the declared fields of each object into an
	// annotation on that object so that the validating admission webhook can
	// prevent those fields from being changed.
	Converter *declared.ValueConverter
	// Scheme used to convert between types.
	Scheme *runtime.Scheme
	// AllowUnknownKinds is a flag to determine if we should throw an error or
	// proceed when the Scoper is unable to determine the scope of an object
	// kind. We only set this to true if a tool is running in offline mode (eg we
	// are running nomos vet without contacting the API server).
	AllowUnknownKinds bool
	// Visitors is a list of optional visitor functions which can be used to
	// inject additional validation or hydration steps on the final objects.
	Visitors []VisitorFunc
	// AllowAPICall indicates whether the hydration process can send k8s API
	// calls. Currently, only dynamic NamespaceSelector requires talking to
	// k8s-api-server.
	AllowAPICall bool
	// DynamicNSSelectorEnabled indicates whether the dynamic mode of
	// NamespaceSelector is enabled.
	DynamicNSSelectorEnabled bool
	// NSControllerState caches the NamespaceSelectors and selected Namespaces
	// in the namespace controller.
	NSControllerState *namespacecontroller.State
	// WebhookEnabled indicates whether the admission webhook configuration is enabled
	WebhookEnabled bool
	// FieldManager to use when performing cluster operations
	FieldManager string
	// MaxObjectCount is the maximum number of objects allowed in a single
	// inventory. Validation is skipped when less than 1.
	MaxObjectCount int
}

Options contains the various pieces of information needed by different steps in the validation and hydration process.

type VisitorFunc

type VisitorFunc func(objs []ast.FileObject) ([]ast.FileObject, status.MultiError)

VisitorFunc is a function that validates and/or hydrates the given set of FileObjects. It enables callers to inject extra validation and hydration steps as needed.