Documentation ¶
Index ¶
- Constants
- func AllLevels() sets.String
- func AllStages() sets.String
- func ConvertDynamicPolicyToInternal(p *v1alpha1.Policy) *audit.Policy
- func ConvertStagesToStrings(stages []audit.Stage) []string
- func ConvertStringSetToStages(set sets.String) []audit.Stage
- func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)
- func InvertStages(stages []audit.Stage) []audit.Stage
- func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)
- func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)
- type Checker
Constants ¶
Variables ¶
This section is empty.
Functions ¶
func ConvertDynamicPolicyToInternal ¶
ConvertDynamicPolicyToInternal constructs an internal policy type from a v1alpha1 dynamic type
func ConvertStagesToStrings ¶
ConvertStagesToStrings converts an array of stages to a string array
func ConvertStringSetToStages ¶
ConvertStringSetToStages converts a string set to an array of stages
func EnforcePolicy ¶
func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)
EnforcePolicy drops any part of the event that doesn't conform to a policy level or omitStages and sets the event level accordingly
func InvertStages ¶
InvertStages subtracts the given array of stages from all stages
func LoadPolicyFromBytes ¶
func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)
func LoadPolicyFromFile ¶
func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)
Types ¶
type Checker ¶
type Checker interface { // Check the audit level for a request with the given authorizer attributes. LevelAndStages(authorizer.Attributes) (audit.Level, []audit.Stage) }
Checker exposes methods for checking the policy rules.
func FakeChecker ¶
FakeChecker creates a checker that returns a constant level for all requests (for testing).
func NewChecker ¶
NewChecker creates a new policy checker.
Click to show internal directories.
Click to hide internal directories.