report

package

v1.9.0-rc2 Latest Latest Go to latest Published: Oct 27, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package report implements PolicyReports and ClusterPolicyReports. It does that by importing https://github.com/kubernetes-sigs/wg-policy-prototypes and its go module. At the time of writing, autogenerated client code and interfaces for PolicyReports only exist up until "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/api/wgpolicyk8s.io/v1alpha2", "v1beta1" is work in progress. See https://github.com/kubernetes-sigs/wg-policy-prototypes/blob/master/policy-report/README.md for more info.

Index ¶

Constants
type ClusterPolicyReport
- func NewClusterPolicyReport(name string) ClusterPolicyReport
type PolicyReport
- func NewPolicyReport(namespace *v1.Namespace) PolicyReport
type PolicyReportStore
- func MockNewPolicyReportStore(client client.Client) *PolicyReportStore
- func NewPolicyReportStore() (*PolicyReportStore, error)

Constants ¶

View Source

const (
	PrefixNameClusterPolicyReport = "polr-"
	PrefixNamePolicyReport        = "polr-ns-"
	PolicyReportSource            = "kubewarden"
	PropertyPolicyResourceVersion = "policy-resource-version"
	PropertyPolicyUID             = "policy-uid"
)

View Source

const (
	// Status specifies state of a policy result
	StatusPass  = "pass"
	StatusFail  = "fail"
	StatusWarn  = "warn"
	StatusError = "error"
	StatusSkip  = "skip"

	// Severity specifies severity of a policy result
	SeverityCritical = "critical"
	SeverityHigh     = "high"
	SeverityMedium   = "medium"
	SeverityLow      = "low"
	SeverityInfo     = "info"

	// Category specifies the category of a policy result
	TypeMutating     = "mutating"
	TypeValidating   = "validating"
	TypeContextAware = "context-aware"
	ValueTypeTrue    = "true"

	LabelAppManagedBy = "app.kubernetes.io/managed-by"
	LabelApp          = "kubewarden"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ClusterPolicyReport ¶

type ClusterPolicyReport struct {
	v1alpha2.ClusterPolicyReport
}

func NewClusterPolicyReport ¶

func NewClusterPolicyReport(name string) ClusterPolicyReport

func (*ClusterPolicyReport) AddResult ¶

func (r *ClusterPolicyReport) AddResult(result *v1alpha2.PolicyReportResult)

func (*ClusterPolicyReport) CreateResult ¶

func (r *ClusterPolicyReport) CreateResult(
	policy policiesv1.Policy, resource unstructured.Unstructured,
	auditResponse *admv1.AdmissionReview, responseErr error,
) *v1alpha2.PolicyReportResult

func (*ClusterPolicyReport) GetReusablePolicyReportResult ¶

func (r *ClusterPolicyReport) GetReusablePolicyReportResult(policy policiesv1.Policy, resource unstructured.Unstructured) *v1alpha2.PolicyReportResult

GetReusablePolicyReportResult tries to find a PolicyReportResult that can be reused.

The result can be reused if both these conditions are satisfied:

The subject of the PolicyReportResult (the object that was inspected) has not been changed since the report was created
The policy that evaluated the subject (now given by the user as parameter) has not been changed since the report was created

func (*ClusterPolicyReport) GetSummaryJSON ¶

func (r *ClusterPolicyReport) GetSummaryJSON() (string, error)

GetSummaryJSON gets the report.Summary formatted in JSON. Useful for logging

type PolicyReport ¶

type PolicyReport struct {
	v1alpha2.PolicyReport
}

func NewPolicyReport ¶

func NewPolicyReport(namespace *v1.Namespace) PolicyReport

func (*PolicyReport) AddResult ¶

func (r *PolicyReport) AddResult(result *v1alpha2.PolicyReportResult)

func (*PolicyReport) CreateResult ¶

func (r *PolicyReport) CreateResult(
	policy policiesv1.Policy, resource unstructured.Unstructured,
	auditResponse *admv1.AdmissionReview, responseErr error,
) *v1alpha2.PolicyReportResult

func (*PolicyReport) GetReusablePolicyReportResult ¶

func (r *PolicyReport) GetReusablePolicyReportResult(policy policiesv1.Policy, resource unstructured.Unstructured) *v1alpha2.PolicyReportResult

GetReusablePolicyReportResult tries to find a PolicyReportResult that can be reused.

The result can be reused if both these conditions are satisfied:

The subject of the PolicyReportResult (the object that was inspected) has not been changed since the report was created
The policy that evaluated the subject (now given by the user as parameter) has not been changed since the report was created

func (*PolicyReport) GetSummaryJSON ¶

func (r *PolicyReport) GetSummaryJSON() (string, error)

GetSummaryJSON gets the report.Summary formatted in JSON. Useful for logging

type PolicyReportStore ¶

type PolicyReportStore struct {
	// contains filtered or unexported fields
}

PolicyReportStore caches the latest version of PolicyReports

func MockNewPolicyReportStore ¶

func MockNewPolicyReportStore(client client.Client) *PolicyReportStore

MockNewPolicyReportStore constructs a PolicyReportStore, initializing the clusterwide ClusterPolicyReport and namespacedPolicyReports, but setting the client. Useful for testing.

func NewPolicyReportStore ¶

func NewPolicyReportStore() (*PolicyReportStore, error)

NewPolicyReportStore construct a PolicyReportStore, initializing the clusterwide ClusterPolicyReport and namesapcedPolicyReports.

func (*PolicyReportStore) GetClusterPolicyReport ¶

func (s *PolicyReportStore) GetClusterPolicyReport(name string) (ClusterPolicyReport, error)

Get the ClusterPolicyReport

func (*PolicyReportStore) GetPolicyReport ¶

func (s *PolicyReportStore) GetPolicyReport(namespace string) (PolicyReport, error)

GetPolicyReport returns the Policy Report defined inside of the given namespace. An empty PolicyReport is returned when nothing is found

func (*PolicyReportStore) RemoveAllNamespacedPolicyReports ¶

func (s *PolicyReportStore) RemoveAllNamespacedPolicyReports() error

Delete all namespaced PolicyReports

func (*PolicyReportStore) RemovePolicyReport ¶

func (s *PolicyReportStore) RemovePolicyReport(namespace string) error

Delete PolicyReport by namespace

func (*PolicyReportStore) SaveClusterPolicyReport ¶

func (s *PolicyReportStore) SaveClusterPolicyReport(report *ClusterPolicyReport) error

SavePolicyClusterPolicyReport instantiates the ClusterPolicyReport if it doesn't exist, or updates it one is found

func (*PolicyReportStore) SavePolicyReport ¶

func (s *PolicyReportStore) SavePolicyReport(report *PolicyReport) error

SavePolicyReport instantiates the passed namespaced PolicyReport if it doesn't exist, or updates it if one is found

func (*PolicyReportStore) ToJSON ¶

func (s *PolicyReportStore) ToJSON() (string, error)

Marshal the contents of the store into a JSON string

func (*PolicyReportStore) UpdateClusterPolicyReport ¶

func (s *PolicyReportStore) UpdateClusterPolicyReport(report *ClusterPolicyReport) error

Update ClusterPolicyReport or PolicyReport. ns argument is used in case of namespaced PolicyReport

func (*PolicyReportStore) UpdatePolicyReport ¶

func (s *PolicyReportStore) UpdatePolicyReport(report *PolicyReport) error

Update namespaced PolicyReport

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL