Documentation ¶
Index ¶
- type Allowed
- func (a Allowed) EnqueueChan() <-chan string
- func (a Allowed) Evaluate(_ context.Context, policy *policyapi.CertificateRequestPolicy, ...) (approver.EvaluationResponse, error)
- func (a Allowed) Name() string
- func (a Allowed) Prepare(_ context.Context, _ logr.Logger, _ manager.Manager) error
- func (a Allowed) Ready(_ context.Context, _ *policyapi.CertificateRequestPolicy) (approver.ReconcilerReadyResponse, error)
- func (a Allowed) RegisterFlags(_ *pflag.FlagSet)
- func (a Allowed) Validate(_ context.Context, policy *policyapi.CertificateRequestPolicy) (approver.WebhookValidationResponse, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Allowed ¶
type Allowed struct{}
Allowed is a base approver-policy Approver that is responsible for ensuring incoming requests may only request all or some of the X.509 attributes that are allowed by the policy. Requests which do not request all of the attributes which they are allowed to in the policy are permitted. It is expected that allowed must _always_ be registered for all approver-policy builds.
func (Allowed) EnqueueChan ¶ added in v0.2.0
Allowed never needs to manually enqueue policies.
func (Allowed) Evaluate ¶
func (a Allowed) Evaluate(_ context.Context, policy *policyapi.CertificateRequestPolicy, request *cmapi.CertificateRequest) (approver.EvaluationResponse, error)
Evaluate evaluates whether the given CertificateRequest conforms to the allowed attributes defined in the policy. The request _must_ conform to _all_ allowed attributes in the policy to be permitted by the passed policy. If the request is denied by the allowed attributes an explanation is returned. An error signals that the policy couldn't be evaluated to completion.
func (Allowed) Ready ¶
func (a Allowed) Ready(_ context.Context, _ *policyapi.CertificateRequestPolicy) (approver.ReconcilerReadyResponse, error)
Ready always returns ready, Allowed doesn't have any dependencies to block readiness.
func (Allowed) RegisterFlags ¶
RegisterFlags is a no-op, Allowed doesn't need any flags.
func (Allowed) Validate ¶
func (a Allowed) Validate(_ context.Context, policy *policyapi.CertificateRequestPolicy) (approver.WebhookValidationResponse, error)
Validate validates that the processed CertificateRequestPolicy has valid allowed fields defined and there are no parsing errors in the values.