policy

package
v1.3.6-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2021 License: Apache-2.0 Imports: 55 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ContainsVariablesOtherThanObject added in v1.2.0 

func ContainsVariablesOtherThanObject(policy kyverno.ClusterPolicy) error

ContainsVariablesOtherThanObject returns error if variable that does not start from request.object

func ConvertPolicyToClusterPolicy added in v1.3.0 

func ConvertPolicyToClusterPolicy(nsPolicies *kyverno.Policy) *kyverno.ClusterPolicy

ConvertPolicyToClusterPolicy - convert Policy to ClusterPolicy

func ExcludePod added in v1.3.0 

func ExcludePod(resourceMap map[string]unstructured.Unstructured, log logr.Logger) map[string]unstructured.Unstructured

ExcludePod filters out the pods with ownerReference

func GetAllNamespaces added in v1.3.0 

func GetAllNamespaces(nslister listerv1.NamespaceLister, log logr.Logger) []string

GetAllNamespaces gets all namespaces in the cluster

func GetMatchingNamespaces added in v1.3.0 

func GetMatchingNamespaces(wildcards []string, nslister listerv1.NamespaceLister, log logr.Logger) []string

GetMatchingNamespaces ...

func HasWildcard added in v1.3.0 

func HasWildcard(s string) bool

HasWildcard ...

func MergeResources added in v1.3.0 

func MergeResources(a, b map[string]unstructured.Unstructured)

MergeResources merges b into a map

func ParseNamespacedPolicy added in v1.3.6 

func ParseNamespacedPolicy(key string) (string, string, bool)

func Validate added in v1.2.0 

func Validate(policy *kyverno.ClusterPolicy, client *dclient.Client, mock bool, openAPIController *openapi.Controller) error

Validate does some initial check to verify some conditions - One operation per rule - ResourceDescription mandatory checks

Types

type Condition added in v0.9.1 

type Condition int

Condition defines condition type 

const (
	//NotEvaluate to not evaluate condition
	NotEvaluate Condition = 0
	// Process to evaluate condition
	Process Condition = 1
	// Skip to ignore/skip the condition
	Skip Condition = 2
)

type PolicyController 

type PolicyController struct {
	// contains filtered or unexported fields
}

PolicyController is responsible for synchronizing Policy objects stored in the system with the corresponding policy violations

func NewPolicyController 

func NewPolicyController(kyvernoClient *kyvernoclient.Clientset,
	client *client.Client,
	pInformer kyvernoinformer.ClusterPolicyInformer,
	npInformer kyvernoinformer.PolicyInformer,
	grInformer kyvernoinformer.GenerateRequestInformer,
	configHandler config.Interface,
	eventGen event.Interface,
	prGenerator policyreport.GeneratorInterface,
	policyReportEraser policyreport.PolicyReportEraser,
	namespaces informers.NamespaceInformer,
	log logr.Logger,
	resCache resourcecache.ResourceCache,
	reconcilePeriod time.Duration) (*PolicyController, error)

NewPolicyController create a new PolicyController

func (*PolicyController) Run 

func (pc *PolicyController) Run(workers int, reconcileCh <-chan bool, stopCh <-chan struct{})

Run begins watching and syncing.

type ResourceManager 

type ResourceManager struct {
	// contains filtered or unexported fields
}

ResourceManager stores the details on already processed resources for caching

func NewResourceManager 

func NewResourceManager(rebuildTime int64) *ResourceManager

NewResourceManager returns a new ResourceManager

func (*ResourceManager) Drop 

func (rm *ResourceManager) Drop()

Drop drop the cache after every rebuild interval mins TODO: or drop based on the size

func (*ResourceManager) GetScope added in v1.3.0 

func (rm *ResourceManager) GetScope(kind string) (bool, error)

GetScope gets the scope of the given kind return error if kind is not registered

func (*ResourceManager) ProcessResource 

func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool

ProcessResource returns true if the policy was not applied on the resource

func (*ResourceManager) RegisterResource 

func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)

RegisterResource stores if the policy is processed on this resource version

func (*ResourceManager) RegisterScope added in v1.3.0 

func (rm *ResourceManager) RegisterScope(kind string, namespaced bool)

RegisterScope stores the scope of the given kind

type Validation added in v1.2.0 

type Validation interface {
	Validate() (string, error)
}

Validation provides methods to validate a rule

Source Files

View all Source files

Directories

Path Synopsis
fake

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.