policy

package
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2020 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Condition added in v0.9.1 

type Condition int
const (
	NotEvaluate Condition = 0
	Process     Condition = 1
	Skip        Condition = 2
)

type PVControlInterface 

type PVControlInterface interface {
	DeleteClusterPolicyViolation(name string) error
	DeleteNamespacedPolicyViolation(ns, name string) error
}

PVControlInterface provides interface to operate on policy violation resource

type PolicyController 

type PolicyController struct {
	// contains filtered or unexported fields
}

PolicyController is responsible for synchronizing Policy objects stored in the system with the corresponding policy violations

func NewPolicyController 

func NewPolicyController(kyvernoClient *kyvernoclient.Clientset,
	client *client.Client,
	pInformer kyvernoinformer.ClusterPolicyInformer,
	cpvInformer kyvernoinformer.ClusterPolicyViolationInformer,
	nspvInformer kyvernoinformer.PolicyViolationInformer,
	configHandler config.Interface,
	eventGen event.Interface,
	pvGenerator policyviolation.GeneratorInterface,
	pMetaStore policystore.UpdateInterface,
	resourceWebhookWatcher *webhookconfig.ResourceWebhookRegister) (*PolicyController, error)

NewPolicyController create a new PolicyController

func (*PolicyController) GetPolicyStatusAggregator 

func (pc *PolicyController) GetPolicyStatusAggregator() PolicyStatusInterface

GetPolicyStatusAggregator returns interface to send policy status stats

func (*PolicyController) Run 

func (pc *PolicyController) Run(workers int, stopCh <-chan struct{})

Run begins watching and syncing.

type PolicyStat 

type PolicyStat struct {
	PolicyName string
	Stats      PolicyStatInfo
}

PolicyStat stored stats for policy

type PolicyStatInfo 

type PolicyStatInfo struct {
	MutationExecutionTime   time.Duration
	ValidationExecutionTime time.Duration
	GenerationExecutionTime time.Duration
	RulesAppliedCount       int
	ResourceBlocked         int
	Rules                   []RuleStatinfo
}

type PolicyStatusAggregator 

type PolicyStatusAggregator struct {
	// contains filtered or unexported fields
}

PolicyStatusAggregator stores information abt aggregation

func NewPolicyStatAggregator 

func NewPolicyStatAggregator(client *kyvernoclient.Clientset) *PolicyStatusAggregator

NewPolicyStatAggregator returns a new policy status

func (*PolicyStatusAggregator) GetPolicyStats 

func (psa *PolicyStatusAggregator) GetPolicyStats(policyName string) PolicyStatInfo

GetPolicyStats returns the policy stats

func (*PolicyStatusAggregator) RemovePolicyStats 

func (psa *PolicyStatusAggregator) RemovePolicyStats(policyName string)

RemovePolicyStats rmves policy stats records

func (*PolicyStatusAggregator) Run 

func (psa *PolicyStatusAggregator) Run(workers int, stopCh <-chan struct{})

Run begins aggregator

func (*PolicyStatusAggregator) SendStat 

func (psa *PolicyStatusAggregator) SendStat(stat PolicyStat)

SendStat sends the stat information for aggregation

type PolicyStatusInterface 

type PolicyStatusInterface interface {
	SendStat(stat PolicyStat)
}

PolicyStatusInterface provides methods to modify policyStatus

type RealPVControl 

type RealPVControl struct {
	Client   kyvernoclient.Interface
	Recorder record.EventRecorder
}

RealPVControl is the default implementation of PVControlInterface.

func (RealPVControl) DeleteClusterPolicyViolation added in v1.1.0 

func (r RealPVControl) DeleteClusterPolicyViolation(name string) error

DeletePolicyViolation deletes the policy violation

func (RealPVControl) DeleteNamespacedPolicyViolation added in v1.0.0 

func (r RealPVControl) DeleteNamespacedPolicyViolation(ns, name string) error

DeleteNamespacedPolicyViolation deletes the namespaced policy violation

type ResourceManager 

type ResourceManager struct {
	// contains filtered or unexported fields
}

ResourceManager stores the details on already processed resources for caching

func NewResourceManager 

func NewResourceManager(rebuildTime int64) *ResourceManager

NewResourceManager returns a new ResourceManager

func (*ResourceManager) Drop 

func (rm *ResourceManager) Drop()

Drop drop the cache after every rebuild interval mins TODO: or drop based on the size

func (*ResourceManager) ProcessResource 

func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool

ProcessResource returns true if the policy was not applied on the resource

func (*ResourceManager) RegisterResource 

func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)

RegisterResource stores if the policy is processed on this resource version

type RuleStatinfo added in v0.9.1 

type RuleStatinfo struct {
	RuleName         string
	ExecutionTime    time.Duration
	RuleAppliedCount int
	RulesFailedCount int
	MutationCount    int
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.