predicate

package
v0.21.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 4, 2024 License: Apache-2.0 Imports: 11 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ExcludeNode = func(config trivyoperator.ConfigData) (predicate.Predicate, error) {
	excludeNodes, err := config.GetNodeCollectorExcludeNodes()
	if err != nil {
		return nil, err
	}
	return predicate.NewPredicateFuncs(func(obj client.Object) bool {
		if len(excludeNodes) == 0 {
			return false
		}
		var matchingLabels int
		for key, val := range excludeNodes {
			if lVal, ok := obj.GetLabels()[key]; ok && lVal == val {
				matchingLabels++
			}
		}
		return matchingLabels == len(excludeNodes)
	}), nil
}
View Source
var HasName = func(name string) predicate.Predicate {
	return predicate.NewPredicateFuncs(func(obj client.Object) bool {
		return name == obj.GetName()
	})
}

HasName is predicate.Predicate that returns true if the specified client.Object has the desired name.

View Source
var InNamespace = func(namespace string) predicate.Predicate {
	return predicate.NewPredicateFuncs(func(obj client.Object) bool {
		return namespace == obj.GetNamespace()
	})
}

InNamespace is a predicate.Predicate that returns true if the specified client.Object is in the desired namespace.

View Source
var InstallModePredicate = func(config etc.Config) (predicate.Predicate, error) {
	mode, operatorNamespace, targetNamespaces, err := config.ResolveInstallMode()
	if err != nil {
		return nil, err
	}
	return predicate.NewPredicateFuncs(func(obj client.Object) bool {
		if mode == etc.SingleNamespace {
			return targetNamespaces[0] == obj.GetNamespace() &&
				operatorNamespace != obj.GetNamespace()
		}

		if mode == etc.MultiNamespace {
			return ext.SliceContainsString(targetNamespaces, obj.GetNamespace())
		}

		if mode == etc.AllNamespaces && strings.TrimSpace(config.ExcludeNamespaces) != "" {
			namespaces := strings.Split(config.ExcludeNamespaces, ",")
			for _, namespace := range namespaces {
				matched, err := filepath.Match(strings.TrimSpace(namespace), obj.GetNamespace())
				if err != nil {
					return true
				}
				if matched {
					return false
				}
			}
		}
		return true
	}), nil
}

InstallModePredicate is a predicate.Predicate that determines whether to reconcile the specified client.Object based on the give etc.InstallMode.

In etc.SingleNamespace install mode we're configuring client.Client cache to watch the operator namespace, in which the operator runs scan jobs. However, we do not want to scan the workloads that might run in the operator namespace.

Similarly, in etc.MultiNamespace install mode we're configuring client.Client cache to watch the operator namespace, in which the operator runs scan jobs. However, we do not want to scan the workloads that might run in the operator namespace unless the operator namespace is added to the list of target namespaces.

View Source
var IsBeingTerminated = predicate.NewPredicateFuncs(func(obj client.Object) bool {
	return obj.GetDeletionTimestamp() != nil
})

IsBeingTerminated is a predicate.Predicate that returns true if the specified client.Object is being terminated, i.e. its DeletionTimestamp property is set to non nil value.

View Source
var IsCoreComponents = predicate.NewPredicateFuncs(func(obj client.Object) bool {
	switch v := obj.(type) {
	case *corev1.Pod:
		if _, ok := v.GetLabels()[trivyoperator.LabelCoreComponent]; ok {
			return true
		} else if _, ok := v.GetLabels()[trivyoperator.LabelAddon]; ok {
			return true
		} else if _, ok := v.GetLabels()[trivyoperator.LabelOpenShiftAPIServer]; ok {
			return true
		} else if _, ok := v.GetLabels()[trivyoperator.LabelOpenShiftControllerManager]; ok {
			return true
		} else if _, ok := v.GetLabels()[trivyoperator.LabelOpenShiftScheduler]; ok {
			return true
		} else if _, ok := v.GetLabels()[trivyoperator.LabelOpenShiftEtcd]; ok {
			return true
		} else {
			return false
		}
	case *corev1.Node:
		return true
	}
	return false
})
View Source
var IsKbom = predicate.NewPredicateFuncs(func(obj client.Object) bool {
	if _, ok := obj.GetLabels()[trivyoperator.LabelKbom]; ok {
		return true
	}
	return false
})
View Source
var IsLeaderElectionResource = predicate.NewPredicateFuncs(func(obj client.Object) bool {
	if _, ok := obj.GetAnnotations()[resourcelock.LeaderElectionRecordAnnotationKey]; ok {
		return true
	}
	return false
})

IsLeaderElectionResource returns true for resources used in leader election, means resources annotated with resourcelock.LeaderElectionRecordAnnotationKey.

View Source
var IsLinuxNode = predicate.NewPredicateFuncs(func(obj client.Object) bool {
	if os, exists := obj.GetLabels()[corev1.LabelOSStable]; exists && os == "linux" {
		return true
	}
	return false
})
View Source
var IsNodeInfoCollector = predicate.NewPredicateFuncs(func(obj client.Object) bool {
	if _, ok := obj.GetLabels()[trivyoperator.LabelNodeInfoCollector]; ok {
		return true
	}
	return false
})
View Source
var IsVulnerabilityReportScan = predicate.NewPredicateFuncs(func(obj client.Object) bool {
	if _, ok := obj.GetLabels()[trivyoperator.LabelVulnerabilityReportScanner]; ok {
		return true
	}
	return false
})
View Source
var JobHasAnyCondition = predicate.NewPredicateFuncs(func(obj client.Object) bool {
	if job, ok := obj.(*batchv1.Job); ok {
		return len(job.Status.Conditions) > 0
	}
	return false
})

JobHasAnyCondition is a predicate.Predicate that returns true if the specified client.Object is a v1.Job with any v1.JobConditionType.

View Source
var ManagedByTrivyOperator = predicate.NewPredicateFuncs(func(obj client.Object) bool {
	if managedBy, ok := obj.GetLabels()[trivyoperator.LabelK8SAppManagedBy]; ok {
		return managedBy == trivyoperator.AppTrivyOperator
	}
	return false
})

ManagedByTrivyOperator is a predicate.Predicate that returns true if the specified client.Object is managed by Trivy-Operator.

For example, pods controlled by jobs scheduled by Trivy-Operator Operator are labeled with `app.kubernetes.io/managed-by=trivyoperator`.

Functions

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL