Documentation
¶
Index ¶
- Constants
- func AllLevels() sets.String
- func AllStages() sets.String
- func ConvertDynamicPolicyToInternal(p *v1alpha1.Policy) *audit.Policy
- func ConvertStagesToStrings(stages []audit.Stage) []string
- func ConvertStringSetToStages(set sets.String) []audit.Stage
- func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)
- func InvertStages(stages []audit.Stage) []audit.Stage
- func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)
- func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)
- type Checker
Constants ¶
View Source
const ( // DefaultAuditLevel is the default level to audit at, if no policy rules are matched. DefaultAuditLevel = audit.LevelNone )
Variables ¶
This section is empty.
Functions ¶
func ConvertDynamicPolicyToInternal ¶ added in v1.13.0
ConvertDynamicPolicyToInternal constructs an internal policy type from a v1alpha1 dynamic type
func ConvertStagesToStrings ¶ added in v1.13.0
ConvertStagesToStrings converts an array of stages to a string array
func ConvertStringSetToStages ¶ added in v1.13.0
ConvertStringSetToStages converts a string set to an array of stages
func EnforcePolicy ¶ added in v1.13.0
func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)
EnforcePolicy drops any part of the event that doesn't conform to a policy level or omitStages and sets the event level accordingly
func InvertStages ¶ added in v1.13.0
InvertStages subtracts the given array of stages from all stages
func LoadPolicyFromBytes ¶ added in v1.13.0
func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)
func LoadPolicyFromFile ¶
func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)
Types ¶
type Checker ¶
type Checker interface {
// Check the audit level for a request with the given authorizer attributes.
LevelAndStages(authorizer.Attributes) (audit.Level, []audit.Stage)
}
Checker exposes methods for checking the policy rules.
func FakeChecker ¶
FakeChecker creates a checker that returns a constant level for all requests (for testing).
func NewChecker ¶
NewChecker creates a new policy checker.
func NewDynamicChecker ¶ added in v1.13.0
func NewDynamicChecker() Checker
NewDynamicChecker returns a new dynamic policy checker
Source Files
Click to show internal directories.
Click to hide internal directories.