Documentation
¶
Index ¶
- func NewMessage(values map[string]interface{}) (string, error)
- type Metadata
- type Policies
- func (p *Policies) Applicable(resource client.Object) (bool, string, error)
- func (p *Policies) Eval(ctx context.Context, resource client.Object) (Results, error)
- func (p *Policies) Hash(kind string) (string, error)
- func (p *Policies) Libraries() map[string]string
- func (p *Policies) ModulesByKind(kind string) (map[string]string, error)
- func (p *Policies) PoliciesByKind(kind string) (map[string]string, error)
- type Result
- type Results
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewMessage ¶
NewMessage constructs new message string based on raw values.
Types ¶
type Metadata ¶
type Metadata struct {
ID string
Title string
Severity v1alpha1.Severity
Type string
Description string
}
Metadata describes policy metadata.
func NewMetadata ¶
NewMetadata constructs new Metadata based on raw values.
type Policies ¶
type Policies struct {
// contains filtered or unexported fields
}
func NewPolicies ¶
func (*Policies) Applicable ¶
func (*Policies) Eval ¶
Eval evaluates Rego policies with Kubernetes resource client.Object as input.
TODO(danielpacak) Compile and cache prepared queries to make Eval more efficient.
We can reuse prepared queries so long policies do not change.
func (*Policies) ModulesByKind ¶
type Result ¶
type Result struct {
// Metadata describes Rego policy metadata.
Metadata Metadata
// Success represents the status of evaluating Rego policy.
Success bool
// Messages deny or warning messages.
Messages []string
}
Result describes result of evaluating a Rego policy that defines `deny` or `warn` rules.
Source Files
Click to show internal directories.
Click to hide internal directories.