engine

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 9, 2019 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplyPatches 

func ApplyPatches(resource []byte, patches [][]byte) ([]byte, error)

ApplyPatches patches given resource with given patches and returns patched document

func FormAbsolutePath added in v0.4.0 

func FormAbsolutePath(referencePath, absolutePath string) string

FormAbsolutePath returns absolute path

func Generate 

func Generate(client *client.Client, policy *v1alpha1.Policy, ns unstructured.Unstructured) []*info.RuleInfo

Generate apply generation rules on a resource

func JoinPatches 

func JoinPatches(patches [][]byte) []byte

JoinPatches joins array of serialized JSON patches to the single JSONPatch array

func ListResourcesThatApplyToPolicy added in v0.7.0 

func ListResourcesThatApplyToPolicy(client *client.Client, policy *types.Policy, filterK8Resources []utils.K8Resource) map[string]resourceInfo

ListResourcesThatApplyToPolicy returns list of resources that are filtered by policy rules

func Mutate 

func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) ([][]byte, []*info.RuleInfo)

Mutate performs mutation. Overlay first and then mutation patches

func ParseKindFromObject added in v0.5.0 

func ParseKindFromObject(bytes []byte) string

ParseKindFromObject get kind from resource

func ParseNameFromObject 

func ParseNameFromObject(bytes []byte) string

ParseNameFromObject extracts resource name from JSON obj

func ParseNamespaceFromObject 

func ParseNamespaceFromObject(bytes []byte) string

ParseNamespaceFromObject extracts the namespace from the JSON obj

func ParseRegexPolicyResourceName 

func ParseRegexPolicyResourceName(policyResourceName string) (string, bool)

ParseRegexPolicyResourceName returns true if policyResourceName is a regexp

func ParseResourceInfoFromObject added in v0.7.0 

func ParseResourceInfoFromObject(rawResource []byte) string

ParseResourceInfoFromObject get kind/namepace/name from resource

func ProcessExisting 

func ProcessExisting(client *client.Client, policy *types.Policy, filterK8Resources []utils.K8Resource) []*info.PolicyInfo

ProcessExisting checks for mutation and validation violations of existing resources

func ProcessOverlay 

func ProcessOverlay(rule kubepolicy.Rule, rawResource []byte, gvk metav1.GroupVersionKind) ([][]byte, error)

ProcessOverlay handles validating admission request Checks the target resources for rules defined in the policy

func ProcessPatches 

func ProcessPatches(rule kubepolicy.Rule, resource []byte) (allPatches [][]byte, errs []error)

ProcessPatches Returns array from separate patches that can be applied to the document Returns error ONLY in case when creation of resource should be denied.

func ResourceMeetsDescription 

func ResourceMeetsDescription(resourceRaw []byte, matches v1alpha1.ResourceDescription, exclude v1alpha1.ResourceDescription, gvk metav1.GroupVersionKind) bool

ResourceMeetsDescription checks requests kind, name and labels to fit the policy rule

func Validate 

func Validate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) ([]*info.RuleInfo, error)

Validate handles validating admission request Checks the target resources for rules defined in the policy

func ValidateValueWithPattern 

func ValidateValueWithPattern(value, pattern interface{}) bool

ValidateValueWithPattern validates value with operators and wildcards

Types

type ConditionAnchorValidationHandler added in v0.4.0 

type ConditionAnchorValidationHandler struct {
	// contains filtered or unexported fields
}

ConditionAnchorValidationHandler performs validation only for array elements that pass condition in the anchor (key): value

func (*ConditionAnchorValidationHandler) Handle added in v0.4.0 

func (cavh *ConditionAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) error

Handle performs validation in context of ConditionAnchorValidationHandler

type ExistanceAnchorValidationHandler added in v0.4.0 

type ExistanceAnchorValidationHandler struct {
	// contains filtered or unexported fields
}

ExistanceAnchorValidationHandler performs validation only for array elements that pass condition in the anchor AND requires an existance of at least one element that passes this condition ^(key): value

func (*ExistanceAnchorValidationHandler) Handle added in v0.4.0 

func (eavh *ExistanceAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) error

Handle performs validation in context of ExistanceAnchorValidationHandler

type NoAnchorValidationHandler added in v0.4.0 

type NoAnchorValidationHandler struct {
	// contains filtered or unexported fields
}

NoAnchorValidationHandler just calls validateMap because no anchors were found in the pattern map

func (*NoAnchorValidationHandler) Handle added in v0.4.0 

func (navh *NoAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) error

Handle performs validation in context of NoAnchorValidationHandler

type Operator 

type Operator string

Operator is string alias that represents selection operators enum 

const (
	// Equal stands for ==
	Equal Operator = ""
	// MoreEqual stands for >=
	MoreEqual Operator = ">="
	// LessEqual stands for <=
	LessEqual Operator = "<="
	// NotEqual stands for !
	NotEqual Operator = "!"
	// More stands for >
	More Operator = ">"
	// Less stands for <
	Less Operator = "<"
)

type ValidationAnchorHandler added in v0.4.0 

type ValidationAnchorHandler interface {
	Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) error
}

ValidationAnchorHandler is an interface that represents a family of anchor handlers for array of maps resourcePart must be an array of dictionaries patternPart must be a dictionary with anchors

func CreateAnchorHandler added in v0.4.0 

func CreateAnchorHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler

CreateAnchorHandler is a factory that create anchor handlers

func NewConditionAnchorValidationHandler added in v0.4.0 

func NewConditionAnchorValidationHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler

NewConditionAnchorValidationHandler creates new instance of NoAnchorValidationHandler

func NewExistanceAnchorValidationHandler added in v0.4.0 

func NewExistanceAnchorValidationHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler

NewExistanceAnchorValidationHandler creates new instance of NoAnchorValidationHandler

func NewNoAnchorValidationHandler added in v0.4.0 

func NewNoAnchorValidationHandler(path string) ValidationAnchorHandler

NewNoAnchorValidationHandler creates new instance of NoAnchorValidationHandler

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.