Documentation
¶
Index ¶
- func CheckIfEnforceConstraint(constraintName string, aconfigs []ActionConfig) bool
- func CheckIfIgnoredConstraint(constraintName string, aconfigs []ActionConfig) bool
- func LoadKeySecret(keySecretNamespace, keySecretName string) (string, error)
- func MatchPattern(pattern, value string) bool
- func SetupLogger(config LogConfig, req admission.Request)
- type Action
- type ActionConfig
- type ConstraintConfig
- type ImageProfile
- type ImageVerificationConfig
- type KeyConfig
- type LogConfig
- type ObjectUserBinding
- type ObjectUserBindingList
- type ParameterObject
- type RequestFilterProfile
- type RequestHandlerConfig
- type ResourceRef
- type Rule
- type SideEffectConfig
- type SigStoreConfig
- type SignatureRef
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckIfEnforceConstraint ¶
func CheckIfEnforceConstraint(constraintName string, aconfigs []ActionConfig) bool
not block even if invalid request
func CheckIfIgnoredConstraint ¶
func CheckIfIgnoredConstraint(constraintName string, aconfigs []ActionConfig) bool
exclude from observation
func LoadKeySecret ¶
func MatchPattern ¶
func SetupLogger ¶
Types ¶
type ActionConfig ¶
type ConstraintConfig ¶
type ConstraintConfig struct {
Constraints []ActionConfig `json:"constraints,omitempty"`
}
Constraint Config
func LoadConstraintConfig ¶
func LoadConstraintConfig() (ConstraintConfig, error)
type ImageProfile ¶
type ImageProfile struct {
}
type ImageVerificationConfig ¶
type ImageVerificationConfig struct {
}
type ObjectUserBinding ¶
type ObjectUserBinding struct {
Objects k8smanifest.ObjectReferenceList `json:"objects,omitempty"`
Users []string `json:"users,omitempty"`
}
func (ObjectUserBinding) Match ¶
func (u ObjectUserBinding) Match(obj unstructured.Unstructured, username string) bool
type ObjectUserBindingList ¶
type ObjectUserBindingList []ObjectUserBinding
func (ObjectUserBindingList) Match ¶
func (l ObjectUserBindingList) Match(obj unstructured.Unstructured, username string) bool
type ParameterObject ¶
type ParameterObject struct {
ConstraintName string `json:"constraintName,omitempty"`
SignatureRef SignatureRef `json:"signatureRef,omitempty"`
KeyConfigs []KeyConfig `json:"keyConfigs,omitempty"`
InScopeObjects k8smanifest.ObjectReferenceList `json:"inScopeObjects,omitempty"`
SkipUsers ObjectUserBindingList `json:"skipUsers,omitempty"`
TargetServiceAccount []string `json:"targetServiceAccount,omitempty"`
ImageProfile ImageProfile `json:"imageProfile,omitempty"`
k8smanifest.VerifyResourceOption `json:""`
}
func (*ParameterObject) DeepCopyInto ¶
func (p *ParameterObject) DeepCopyInto(p2 *ParameterObject)
type RequestFilterProfile ¶
type RequestFilterProfile struct {
SkipObjects k8smanifest.ObjectReferenceList `json:"skipObjects,omitempty"`
SkipUsers ObjectUserBindingList `json:"skipUsers,omitempty"`
IgnoreFields k8smanifest.ObjectFieldBindingList `json:"ignoreFields,omitempty"`
}
type RequestHandlerConfig ¶
type RequestHandlerConfig struct {
ImageVerificationConfig ImageVerificationConfig `json:"imageVerificationConfig,omitempty"`
KeyPathList []string `json:"keyPathList,omitempty"`
SigStoreConfig SigStoreConfig `json:"sigStoreConfig,omitempty"`
RequestFilterProfile RequestFilterProfile `json:"requestFilterProfile,omitempty"`
Log LogConfig `json:"log,omitempty"`
SideEffectConfig SideEffectConfig `json:"sideEffect,omitempty"`
Options []string
}
func LoadRequestHandlerConfig ¶
func LoadRequestHandlerConfig() (*RequestHandlerConfig, error)
type ResourceRef ¶
type SideEffectConfig ¶
type SideEffectConfig struct {
// Event
CreateDenyEvent bool `json:"createDenyEvent"`
}
type SigStoreConfig ¶
type SigStoreConfig struct {
}
type SignatureRef ¶
type SignatureRef struct {
ImageRef string `json:"imageRef,omitempty"`
SignatureResourceRef ResourceRef `json:"signatureResourceRef,omitempty"`
ProvenanceResourceRef ResourceRef `json:"provenanceResourceRef,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.