policy

package
v1.3.0-rc7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 7, 2020 License: Apache-2.0 Imports: 50 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ContainsVariablesOtherThanObject added in v1.2.0

func ContainsVariablesOtherThanObject(policy kyverno.ClusterPolicy) error

ContainsVariablesOtherThanObject returns error if variable that does not start from request.object

func ConvertPolicyToClusterPolicy added in v1.3.0

func ConvertPolicyToClusterPolicy(nsPolicies *kyverno.Policy) *kyverno.ClusterPolicy

ConvertPolicyToClusterPolicy - convert Policy to ClusterPolicy

func ExcludePod added in v1.3.0

func ExcludePod(resourceMap map[string]unstructured.Unstructured, log logr.Logger) map[string]unstructured.Unstructured

ExcludePod filters out the pods with ownerReference

func ExcludeResources

func ExcludeResources(included map[string]unstructured.Unstructured, exclude kyverno.ResourceDescription, configHandler config.Interface, log logr.Logger)

ExcludeResources ...

func GetAllNamespaces added in v1.3.0

func GetAllNamespaces(nslister listerv1.NamespaceLister, log logr.Logger) []string

GetAllNamespaces gets all namespaces in the cluster

func GetMatchingNamespaces added in v1.3.0

func GetMatchingNamespaces(wildcards []string, nslister listerv1.NamespaceLister, log logr.Logger) []string

GetMatchingNamespaces ...

func GetNamespacesForRule added in v1.3.0

func GetNamespacesForRule(rule *kyverno.Rule, nslister listerv1.NamespaceLister, log logr.Logger) []string

GetNamespacesForRule gets the matched namespacse list for the given rule

func GetResourcesPerNamespace

func GetResourcesPerNamespace(kind string, client *client.Client, namespace string, rule kyverno.Rule, configHandler config.Interface, log logr.Logger) map[string]unstructured.Unstructured

GetResourcesPerNamespace ...

func HasWildcard added in v1.3.0

func HasWildcard(s string) bool

HasWildcard ...

func MergeResources added in v1.3.0

func MergeResources(a, b map[string]unstructured.Unstructured)

MergeResources merges b into a map

func Validate added in v1.2.0

func Validate(policyRaw []byte, client *dclient.Client, mock bool, openAPIController *openapi.Controller) error

Validate does some initial check to verify some conditions - One operation per rule - ResourceDescription mandatory checks

Types

type Condition added in v0.9.1

type Condition int

Condition defines condition type

const (
	//NotEvaluate to not evaluate condition
	NotEvaluate Condition = 0
	// Process to evaluate condition
	Process Condition = 1
	// Skip to ignore/skip the condition
	Skip Condition = 2
)

type PolicyController

type PolicyController struct {
	// contains filtered or unexported fields
}

PolicyController is responsible for synchronizing Policy objects stored in the system with the corresponding policy violations

func NewPolicyController

NewPolicyController create a new PolicyController

func (*PolicyController) Run

func (pc *PolicyController) Run(workers int, stopCh <-chan struct{})

Run begins watching and syncing.

type ResourceManager

type ResourceManager struct {
	// contains filtered or unexported fields
}

ResourceManager stores the details on already processed resources for caching

func NewResourceManager

func NewResourceManager(rebuildTime int64) *ResourceManager

NewResourceManager returns a new ResourceManager

func (*ResourceManager) Drop

func (rm *ResourceManager) Drop()

Drop drop the cache after every rebuild interval mins TODO: or drop based on the size

func (*ResourceManager) ProcessResource

func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool

ProcessResource returns true if the policy was not applied on the resource

func (*ResourceManager) RegisterResource

func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)

RegisterResource stores if the policy is processed on this resource version

type Validation added in v1.2.0

type Validation interface {
	Validate() (string, error)
}

Validation provides methods to validate a rule

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL