Documentation
¶
Index ¶
- Constants
- func CheckImageAgainstRules(ctx context.Context, c client.Reader, namespace string, image string, ...) error
- func CheckImageAllowed(ctx context.Context, c client.Reader, namespace, image, digest string, ...) error
- func GenerateSimpleAllowRule(namespace string, name string, image string, scope string) (*v1.ImageAllowRule, error)
- type ErrImageNotAllowed
- type SimpleImageScope
Constants ¶
View Source
const ErrImageNotAllowedIdentifier = "not allowed by any ImageAllowRule"
Variables ¶
This section is empty.
Functions ¶
func CheckImageAgainstRules ¶
func CheckImageAgainstRules(ctx context.Context, c client.Reader, namespace string, image string, digest string, imageAllowRules []v1.ImageAllowRuleInstance, keychain authn.Keychain, opts ...remote.Option) error
CheckImageAgainstRules checks if the image is allowed by the given ImageAllowRules If no rules are given, the image is - DENIED if strict mode (deny-by-default) is enabled - ALLOWED if strict mode is disabled (the default) ! Only one single rule has to allow the image for this to pass !
func CheckImageAllowed ¶
func CheckImageAllowed(ctx context.Context, c client.Reader, namespace, image, digest string, opts ...remote.Option) error
CheckImageAllowed checks if the image is allowed by the ImageAllowRules on cluster and project level
func GenerateSimpleAllowRule ¶
Types ¶
type ErrImageNotAllowed ¶
type ErrImageNotAllowed struct {
Image string
}
func (*ErrImageNotAllowed) Error ¶
func (e *ErrImageNotAllowed) Error() string
func (*ErrImageNotAllowed) Is ¶
func (e *ErrImageNotAllowed) Is(target error) bool
type SimpleImageScope ¶
type SimpleImageScope string
const ( SimpleImageScopeRegistry SimpleImageScope = "registry" SimpleImageScopeRepository SimpleImageScope = "repository" SimpleImageScopeExact SimpleImageScope = "exact" SimpleImageScopeAll SimpleImageScope = "all" )
Source Files
Click to show internal directories.
Click to hide internal directories.