Documentation
¶
Index ¶
- Variables
- func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, ...) (*response.EngineResponse, bool, bool, error)
- func GetCRD(path string) (unstructuredCrds []*unstructured.Unstructured, err error)
- func GetCRDs(paths []string) (unstructuredCrds []*unstructured.Unstructured, err error)
- func GetPolicies(paths []string) (policies []*v1.ClusterPolicy, errors []error)
- func GetPoliciesFromPaths(fs billy.Filesystem, dirPath []string, isGit bool, policyResourcePath string) (policies []*v1.ClusterPolicy, err error)
- func GetResource(resourceBytes []byte) ([]*unstructured.Unstructured, error)
- func GetResourceAccordingToResourcePath(fs billy.Filesystem, resourcePaths []string, cluster bool, ...) (resources []*unstructured.Unstructured, err error)
- func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient *client.Client, ...) ([]*unstructured.Unstructured, error)
- func GetResourcesWithTest(fs billy.Filesystem, policies []*v1.ClusterPolicy, resourcePaths []string, ...) ([]*unstructured.Unstructured, error)
- func GetVariable(variablesString, valuesFile string, fs billy.Filesystem, isGit bool, ...) (map[string]string, map[string]map[string]Resource, ...)
- func IsInputFromPipe() bool
- func JSONPatchPathHasVariables(patch string) error
- func MutatePolices(policies []*v1.ClusterPolicy) ([]*v1.ClusterPolicy, error)
- func MutatePolicy(policy *v1.ClusterPolicy, logger logr.Logger) (*v1.ClusterPolicy, error)
- func PolicyHasNonAllowedVariables(policy v1.ClusterPolicy) error
- func PolicyHasVariables(policy v1.ClusterPolicy) [][]string
- func PrintMutatedOutput(mutateLogPath string, mutateLogPathIsDir bool, yaml string, fileName string) error
- func RemoveDuplicateAndObjectVariables(matches [][]string) string
- type NamespaceSelector
- type Policy
- type Resource
- type Rule
- type Values
Constants ¶
This section is empty.
Variables ¶
var AllowedVariables = regexp.MustCompile(`\{\{\s*[request\.|serviceAccountName|serviceAccountNamespace|@][^{}]*\}\}`)
AllowedVariables represents regex for {{request.}}, {{serviceAccountName}}, {{serviceAccountNamespace}} and {{@}}
var IsHttpRegex = regexp.MustCompile("^(http|https)://")
IsHttpRegex represents regex for starts with http:// or https://
var RegexVariables = regexp.MustCompile(`\{\{[^{}]*\}\}`)
RegexVariables represents regex for '{{}}'
Functions ¶
func ApplyPolicyOnResource ¶ added in v1.3.2
func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool) (*response.EngineResponse, bool, bool, error)
ApplyPolicyOnResource - function to apply policy on resource
func GetCRD ¶
func GetCRD(path string) (unstructuredCrds []*unstructured.Unstructured, err error)
GetCRD - Extracts crds from a YAML
func GetCRDs ¶
func GetCRDs(paths []string) (unstructuredCrds []*unstructured.Unstructured, err error)
GetCRDs - Extracting the crds from multiple YAML
func GetPolicies ¶
func GetPolicies(paths []string) (policies []*v1.ClusterPolicy, errors []error)
func GetPoliciesFromPaths ¶ added in v1.3.2
func GetPoliciesFromPaths(fs billy.Filesystem, dirPath []string, isGit bool, policyResourcePath string) (policies []*v1.ClusterPolicy, err error)
GetPoliciesFromPaths - get policies according to the resource path
func GetResource ¶ added in v1.3.0
func GetResource(resourceBytes []byte) ([]*unstructured.Unstructured, error)
GetResource converts raw bytes to unstructured object
func GetResourceAccordingToResourcePath ¶ added in v1.3.2
func GetResourceAccordingToResourcePath(fs billy.Filesystem, resourcePaths []string, cluster bool, policies []*v1.ClusterPolicy, dClient *client.Client, namespace string, policyReport bool, isGit bool, policyResourcePath string) (resources []*unstructured.Unstructured, err error)
GetResourceAccordingToResourcePath - get resources according to the resource path
func GetResources ¶ added in v1.3.0
func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient *client.Client, cluster bool, namespace string, policyReport bool) ([]*unstructured.Unstructured, error)
GetResources gets matched resources by the given policies the resources are fetched from - local paths to resources, if given - the k8s cluster, if given
func GetResourcesWithTest ¶ added in v1.3.2
func GetResourcesWithTest(fs billy.Filesystem, policies []*v1.ClusterPolicy, resourcePaths []string, isGit bool, policyResourcePath string) ([]*unstructured.Unstructured, error)
GetResourcesWithTest with gets matched resources by the given policies
func GetVariable ¶ added in v1.3.2
func IsInputFromPipe ¶
func IsInputFromPipe() bool
IsInputFromPipe - check if input is passed using pipe
func JSONPatchPathHasVariables ¶ added in v1.4.2
func MutatePolices ¶ added in v1.3.2
func MutatePolices(policies []*v1.ClusterPolicy) ([]*v1.ClusterPolicy, error)
MutatePolices - function to apply mutation on policies
func MutatePolicy ¶
func MutatePolicy(policy *v1.ClusterPolicy, logger logr.Logger) (*v1.ClusterPolicy, error)
MutatePolicy - applies mutation to a policy
func PolicyHasNonAllowedVariables ¶
func PolicyHasNonAllowedVariables(policy v1.ClusterPolicy) error
PolicyHasNonAllowedVariables - checks for unexpected variables in the policy
func PolicyHasVariables ¶
func PolicyHasVariables(policy v1.ClusterPolicy) [][]string
PolicyHasVariables - check for variables in the policy
func PrintMutatedOutput ¶ added in v1.3.2
func PrintMutatedOutput(mutateLogPath string, mutateLogPathIsDir bool, yaml string, fileName string) error
PrintMutatedOutput - function to print output in provided file or directory
func RemoveDuplicateAndObjectVariables ¶ added in v1.4.2
RemoveDuplicateAndObjectVariables - remove duplicate variables
Types ¶
type NamespaceSelector ¶ added in v1.3.5
type Policy ¶ added in v1.3.2
type Policy struct { Name string `json:"name"` Resources []Resource `json:"resources"` Rules []Rule `json:"rules"` }
GetPolicies - Extracting the policies from multiple YAML
type Values ¶ added in v1.3.2
type Values struct { Policies []Policy `json:"policies"` NamespaceSelectors []NamespaceSelector `json:"namespaceSelector"` }