Documentation ¶
Overview ¶
Package report implements PolicyReports and ClusterPolicyReports. It does that by importing https://github.com/kubernetes-sigs/wg-policy-prototypes and its go module. At the time of writing, autogenerated client code and interfaces for PolicyReports only exist up until "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/api/wgpolicyk8s.io/v1alpha2", "v1beta1" is work in progress. See https://github.com/kubernetes-sigs/wg-policy-prototypes/blob/master/policy-report/README.md for more info.
Index ¶
- Constants
- type ClusterPolicyReport
- func (r *ClusterPolicyReport) AddResult(result *v1alpha2.PolicyReportResult)
- func (r *ClusterPolicyReport) CreateResult(policy policiesv1.Policy, resource unstructured.Unstructured, ...) *v1alpha2.PolicyReportResult
- func (r *ClusterPolicyReport) GetReusablePolicyReportResult(policy policiesv1.Policy, resource unstructured.Unstructured) *v1alpha2.PolicyReportResult
- func (r *ClusterPolicyReport) GetSummaryJSON() (string, error)
- type PolicyReport
- func (r *PolicyReport) AddResult(result *v1alpha2.PolicyReportResult)
- func (r *PolicyReport) CreateResult(policy policiesv1.Policy, resource unstructured.Unstructured, ...) *v1alpha2.PolicyReportResult
- func (r *PolicyReport) GetReusablePolicyReportResult(policy policiesv1.Policy, resource unstructured.Unstructured) *v1alpha2.PolicyReportResult
- func (r *PolicyReport) GetSummaryJSON() (string, error)
- type PolicyReportStore
- func (s *PolicyReportStore) GetClusterPolicyReport(name string) (ClusterPolicyReport, error)
- func (s *PolicyReportStore) GetPolicyReport(namespace string) (PolicyReport, error)
- func (s *PolicyReportStore) RemoveAllNamespacedPolicyReports() error
- func (s *PolicyReportStore) RemovePolicyReport(namespace string) error
- func (s *PolicyReportStore) SaveClusterPolicyReport(report *ClusterPolicyReport) error
- func (s *PolicyReportStore) SavePolicyReport(report *PolicyReport) error
- func (s *PolicyReportStore) ToJSON() (string, error)
- func (s *PolicyReportStore) UpdateClusterPolicyReport(report *ClusterPolicyReport) error
- func (s *PolicyReportStore) UpdatePolicyReport(report *PolicyReport) error
Constants ¶
const ( PrefixNameClusterPolicyReport = "polr-" PrefixNamePolicyReport = "polr-ns-" PolicyReportSource = "kubewarden" PropertyPolicyResourceVersion = "policy-resource-version" PropertyPolicyUID = "policy-uid" )
const ( // Status specifies state of a policy result StatusPass = "pass" StatusFail = "fail" StatusWarn = "warn" StatusError = "error" StatusSkip = "skip" // Severity specifies severity of a policy result SeverityCritical = "critical" SeverityHigh = "high" SeverityMedium = "medium" SeverityLow = "low" SeverityInfo = "info" // Category specifies the category of a policy result TypeMutating = "mutating" TypeValidating = "validating" TypeContextAware = "context-aware" ValueTypeTrue = "true" LabelAppManagedBy = "app.kubernetes.io/managed-by" LabelApp = "kubewarden" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ClusterPolicyReport ¶
type ClusterPolicyReport struct {
v1alpha2.ClusterPolicyReport
}
func NewClusterPolicyReport ¶
func NewClusterPolicyReport(name string) ClusterPolicyReport
func (*ClusterPolicyReport) AddResult ¶
func (r *ClusterPolicyReport) AddResult(result *v1alpha2.PolicyReportResult)
func (*ClusterPolicyReport) CreateResult ¶
func (r *ClusterPolicyReport) CreateResult( policy policiesv1.Policy, resource unstructured.Unstructured, auditResponse *admv1.AdmissionReview, responseErr error, ) *v1alpha2.PolicyReportResult
func (*ClusterPolicyReport) GetReusablePolicyReportResult ¶
func (r *ClusterPolicyReport) GetReusablePolicyReportResult(policy policiesv1.Policy, resource unstructured.Unstructured) *v1alpha2.PolicyReportResult
GetReusablePolicyReportResult tries to find a PolicyReportResult that can be reused.
The result can be reused if both these conditions are satisfied:
- The subject of the PolicyReportResult (the object that was inspected) has not been changed since the report was created
- The policy that evaluated the subject (now given by the user as parameter) has not been changed since the report was created
func (*ClusterPolicyReport) GetSummaryJSON ¶
func (r *ClusterPolicyReport) GetSummaryJSON() (string, error)
GetSummaryJSON gets the report.Summary formatted in JSON. Useful for logging
type PolicyReport ¶
type PolicyReport struct {
v1alpha2.PolicyReport
}
func NewPolicyReport ¶
func NewPolicyReport(namespace *v1.Namespace) PolicyReport
func (*PolicyReport) AddResult ¶
func (r *PolicyReport) AddResult(result *v1alpha2.PolicyReportResult)
func (*PolicyReport) CreateResult ¶
func (r *PolicyReport) CreateResult( policy policiesv1.Policy, resource unstructured.Unstructured, auditResponse *admv1.AdmissionReview, responseErr error, ) *v1alpha2.PolicyReportResult
func (*PolicyReport) GetReusablePolicyReportResult ¶
func (r *PolicyReport) GetReusablePolicyReportResult(policy policiesv1.Policy, resource unstructured.Unstructured) *v1alpha2.PolicyReportResult
GetReusablePolicyReportResult tries to find a PolicyReportResult that can be reused.
The result can be reused if both these conditions are satisfied:
- The subject of the PolicyReportResult (the object that was inspected) has not been changed since the report was created
- The policy that evaluated the subject (now given by the user as parameter) has not been changed since the report was created
func (*PolicyReport) GetSummaryJSON ¶
func (r *PolicyReport) GetSummaryJSON() (string, error)
GetSummaryJSON gets the report.Summary formatted in JSON. Useful for logging
type PolicyReportStore ¶
type PolicyReportStore struct {
// contains filtered or unexported fields
}
PolicyReportStore caches the latest version of PolicyReports
func MockNewPolicyReportStore ¶
func MockNewPolicyReportStore(client client.Client) *PolicyReportStore
MockNewPolicyReportStore constructs a PolicyReportStore, initializing the clusterwide ClusterPolicyReport and namespacedPolicyReports, but setting the client. Useful for testing.
func NewPolicyReportStore ¶
func NewPolicyReportStore() (*PolicyReportStore, error)
NewPolicyReportStore construct a PolicyReportStore, initializing the clusterwide ClusterPolicyReport and namesapcedPolicyReports.
func (*PolicyReportStore) GetClusterPolicyReport ¶
func (s *PolicyReportStore) GetClusterPolicyReport(name string) (ClusterPolicyReport, error)
Get the ClusterPolicyReport
func (*PolicyReportStore) GetPolicyReport ¶
func (s *PolicyReportStore) GetPolicyReport(namespace string) (PolicyReport, error)
GetPolicyReport returns the Policy Report defined inside of the given namespace. An empty PolicyReport is returned when nothing is found
func (*PolicyReportStore) RemoveAllNamespacedPolicyReports ¶
func (s *PolicyReportStore) RemoveAllNamespacedPolicyReports() error
Delete all namespaced PolicyReports
func (*PolicyReportStore) RemovePolicyReport ¶
func (s *PolicyReportStore) RemovePolicyReport(namespace string) error
Delete PolicyReport by namespace
func (*PolicyReportStore) SaveClusterPolicyReport ¶
func (s *PolicyReportStore) SaveClusterPolicyReport(report *ClusterPolicyReport) error
SavePolicyClusterPolicyReport instantiates the ClusterPolicyReport if it doesn't exist, or updates it one is found
func (*PolicyReportStore) SavePolicyReport ¶
func (s *PolicyReportStore) SavePolicyReport(report *PolicyReport) error
SavePolicyReport instantiates the passed namespaced PolicyReport if it doesn't exist, or updates it if one is found
func (*PolicyReportStore) ToJSON ¶
func (s *PolicyReportStore) ToJSON() (string, error)
Marshal the contents of the store into a JSON string
func (*PolicyReportStore) UpdateClusterPolicyReport ¶
func (s *PolicyReportStore) UpdateClusterPolicyReport(report *ClusterPolicyReport) error
Update ClusterPolicyReport or PolicyReport. ns argument is used in case of namespaced PolicyReport
func (*PolicyReportStore) UpdatePolicyReport ¶
func (s *PolicyReportStore) UpdatePolicyReport(report *PolicyReport) error
Update namespaced PolicyReport