Documentation

Index

Constants

View Source
const (
	// DefaultAuditLevel is the default level to audit at, if no policy rules are matched.
	DefaultAuditLevel = audit.LevelNone
)

Variables

This section is empty.

Functions

func AllLevels

func AllLevels() sets.String

    AllLevels returns all possible levels

    func AllStages

    func AllStages() sets.String

      AllStages returns all possible stages

      func ConvertDynamicPolicyToInternal

      func ConvertDynamicPolicyToInternal(p *v1alpha1.Policy) *audit.Policy

        ConvertDynamicPolicyToInternal constructs an internal policy type from a v1alpha1 dynamic type

        func ConvertStagesToStrings

        func ConvertStagesToStrings(stages []audit.Stage) []string

          ConvertStagesToStrings converts an array of stages to a string array

          func ConvertStringSetToStages

          func ConvertStringSetToStages(set sets.String) []audit.Stage

            ConvertStringSetToStages converts a string set to an array of stages

            func EnforcePolicy

            func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)

              EnforcePolicy drops any part of the event that doesn't conform to a policy level or omitStages and sets the event level accordingly

              func InvertStages

              func InvertStages(stages []audit.Stage) []audit.Stage

                InvertStages subtracts the given array of stages from all stages

                func LoadPolicyFromBytes

                func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)

                func LoadPolicyFromFile

                func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)

                Types

                type Checker

                type Checker interface {
                	// Check the audit level for a request with the given authorizer attributes.
                	LevelAndStages(authorizer.Attributes) (audit.Level, []audit.Stage)
                }

                  Checker exposes methods for checking the policy rules.

                  func FakeChecker

                  func FakeChecker(level audit.Level, stage []audit.Stage) Checker

                    FakeChecker creates a checker that returns a constant level for all requests (for testing).

                    func NewChecker

                    func NewChecker(policy *audit.Policy) Checker

                      NewChecker creates a new policy checker.

                      func NewDynamicChecker

                      func NewDynamicChecker() Checker

                        NewDynamicChecker returns a new dynamic policy checker