imagerules

package

v0.10.1 Latest Latest Go to latest Published: Feb 5, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/acorn-io/runtime

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CheckImageAgainstRules(ctx context.Context, c client.Reader, ...) error
func CheckImageAllowed(ctx context.Context, c client.Reader, ...) error
func CheckRoleAuthorizations(ctx context.Context, c client.Reader, namespace, imageName, digest string, ...) ([]internaladminv1.RoleAuthorizations, error)
func GetAuthorizedPermissions(ctx context.Context, c client.Reader, namespace, imageName, digest string) ([]v1.Permissions, error)
type ErrImageNotAllowed
- func (e *ErrImageNotAllowed) Error() string
- func (e *ErrImageNotAllowed) Is(target error) bool

Constants ¶

View Source

const ErrImageNotAllowedIdentifier = "not allowed by any ImageAllowRule"

Variables ¶

This section is empty.

Functions ¶

func CheckImageAgainstRules ¶

func CheckImageAgainstRules(ctx context.Context, c client.Reader, namespace, imageName, resolvedName, digest string, imageAllowRules []v1.ImageAllowRuleInstance, opts ...remote.Option) error

CheckImageAgainstRules checks if the image is allowed by the given ImageAllowRules If no rules are given, the image is denied. ! Only one single rule has to allow the image for this to pass !

About image references: @param imageName: the image how it was called (e.g. how it was specified by the user in `acorn run`) @param resolvedName: the image name after resolution (e.g. resolved to an internal image ID) @param digest: the digest of the image We will use all of those to check if an image is covered by an IAR. We will prefer resolvedName to find signature artifacts (potentially in the internal registry)

func CheckImageAllowed ¶

func CheckImageAllowed(ctx context.Context, c client.Reader, namespace, imageName, resolvedName, digest string, opts ...remote.Option) error

CheckImageAllowed checks if the image is allowed by the ImageAllowRules on cluster and project level

func CheckRoleAuthorizations ¶

func CheckRoleAuthorizations(ctx context.Context, c client.Reader, namespace, imageName, digest string, iras []internaladminv1.ImageRoleAuthorizationInstance, opts ...remote.Option) ([]internaladminv1.RoleAuthorizations, error)

func GetAuthorizedPermissions ¶

func GetAuthorizedPermissions(ctx context.Context, c client.Reader, namespace, imageName, digest string) ([]v1.Permissions, error)

Types ¶

type ErrImageNotAllowed ¶

type ErrImageNotAllowed struct {
	Image string
}

func (*ErrImageNotAllowed) Error ¶

func (e *ErrImageNotAllowed) Error() string

func (*ErrImageNotAllowed) Is ¶

func (e *ErrImageNotAllowed) Is(target error) bool

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL