Documentation
¶
Index ¶
- func LoadKeySecret(keySecretNamespace, keySecretName string) (string, error)
- func SetupLogger(config LogConfig, req admission.Request)
- type Action
- type ImageProfile
- type ImageRef
- type ImageRefList
- type ImageVerificationConfig
- type KeyConfig
- type LogConfig
- type ObjectUserBinding
- type ObjectUserBindingList
- type ParameterObject
- type RequestFilterProfile
- type RequestHandlerConfig
- type ResourceRef
- type SideEffectConfig
- type SigStoreConfig
- type SignatureRef
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoadKeySecret ¶
func SetupLogger ¶
Types ¶
type ImageProfile ¶
type ImageProfile struct {
KeyConfigs []KeyConfig `json:"keyConfigs,omitempty"`
Match ImageRefList `json:"match,omitempty"`
Exclude ImageRefList `json:"exclude,omitempty"`
}
func (ImageProfile) Enabled ¶
func (p ImageProfile) Enabled() bool
if any profile condition is defined, image profile returns enabled = true
func (ImageProfile) MatchWith ¶
func (p ImageProfile) MatchWith(imageRef string) bool
returns if this profile matches the specified image ref or not
type ImageRefList ¶
type ImageRefList []ImageRef
func (ImageRefList) Match ¶
func (l ImageRefList) Match(imageRef string) bool
type ImageVerificationConfig ¶
type ImageVerificationConfig struct {
}
type ObjectUserBinding ¶
type ObjectUserBinding struct {
Objects k8smanifest.ObjectReferenceList `json:"objects,omitempty"`
Users []string `json:"users,omitempty"`
}
func (ObjectUserBinding) Match ¶
func (u ObjectUserBinding) Match(obj unstructured.Unstructured, username string) bool
type ObjectUserBindingList ¶
type ObjectUserBindingList []ObjectUserBinding
func (ObjectUserBindingList) Match ¶
func (l ObjectUserBindingList) Match(obj unstructured.Unstructured, username string) bool
type ParameterObject ¶
type ParameterObject struct {
ConstraintName string `json:"constraintName,omitempty"`
SignatureRef SignatureRef `json:"signatureRef,omitempty"`
KeyConfigs []KeyConfig `json:"keyConfigs,omitempty"`
InScopeObjects k8smanifest.ObjectReferenceList `json:"objectSelector,omitempty"`
SkipUsers ObjectUserBindingList `json:"skipUsers,omitempty"`
InScopeUsers ObjectUserBindingList `json:"inScopeUsers,omitempty"`
ImageProfile ImageProfile `json:"imageProfile,omitempty"`
k8smanifest.VerifyResourceOption `json:""`
Action *Action `json:"action,omitempty"`
}
func (*ParameterObject) DeepCopyInto ¶
func (p *ParameterObject) DeepCopyInto(p2 *ParameterObject)
type RequestFilterProfile ¶
type RequestFilterProfile struct {
SkipObjects k8smanifest.ObjectReferenceList `json:"skipObjects,omitempty"`
SkipUsers ObjectUserBindingList `json:"skipUsers,omitempty"`
IgnoreFields k8smanifest.ObjectFieldBindingList `json:"ignoreFields,omitempty"`
}
type RequestHandlerConfig ¶
type RequestHandlerConfig struct {
ImageVerificationConfig ImageVerificationConfig `json:"imageVerificationConfig,omitempty"`
KeyPathList []string `json:"keyPathList,omitempty"`
SigStoreConfig SigStoreConfig `json:"sigStoreConfig,omitempty"`
RequestFilterProfile RequestFilterProfile `json:"requestFilterProfile,omitempty"`
Log LogConfig `json:"log,omitempty"`
SideEffectConfig SideEffectConfig `json:"sideEffect,omitempty"`
DefaultConstraintAction Action `json:"defaultConstraintAction,omitempty"`
Options []string
}
func LoadRequestHandlerConfig ¶
func LoadRequestHandlerConfig() (*RequestHandlerConfig, error)
type ResourceRef ¶
type SideEffectConfig ¶
type SideEffectConfig struct {
// Event
CreateDenyEvent bool `json:"createDenyEvent"`
}
type SigStoreConfig ¶
type SigStoreConfig struct {
RekorServer string `json:"rekorServer,omitempty"`
}
type SignatureRef ¶
type SignatureRef struct {
ImageRef string `json:"imageRef,omitempty"`
SignatureResourceRef ResourceRef `json:"signatureResourceRef,omitempty"`
ProvenanceResourceRef ResourceRef `json:"provenanceResourceRef,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.