engine

package
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2019 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplyPatchNew added in v0.9.0 

func ApplyPatchNew(resource, patch []byte) ([]byte, error)

ApplyPatchNew ...

func ApplyPatches 

func ApplyPatches(resource []byte, patches [][]byte) ([]byte, error)

ApplyPatches patches given resource with given patches and returns patched document

func ConvertToUnstructured added in v0.8.0 

func ConvertToUnstructured(data []byte) (*unstructured.Unstructured, error)

func FormAbsolutePath added in v0.4.0 

func FormAbsolutePath(referencePath, absolutePath string) string

FormAbsolutePath returns absolute path

func JoinPatches 

func JoinPatches(patches [][]byte) []byte

JoinPatches joins array of serialized JSON patches to the single JSONPatch array

func MatchesResourceDescription added in v0.8.0 

func MatchesResourceDescription(resource unstructured.Unstructured, rule kyverno.Rule) bool

MatchesResourceDescription checks if the resource matches resource desription of the rule or not

func ParseKindFromObject added in v0.5.0 

func ParseKindFromObject(bytes []byte) string

ParseKindFromObject get kind from resource

func ParseNameFromObject 

func ParseNameFromObject(bytes []byte) string

ParseNameFromObject extracts resource name from JSON obj

func ParseNamespaceFromObject 

func ParseNamespaceFromObject(bytes []byte) string

ParseNamespaceFromObject extracts the namespace from the JSON obj

func ParseResourceInfoFromObject added in v0.7.0 

func ParseResourceInfoFromObject(rawResource []byte) string

ParseResourceInfoFromObject get kind/namepace/name from resource

func ValidateValueWithPattern 

func ValidateValueWithPattern(value, pattern interface{}) bool

ValidateValueWithPattern validates value with operators and wildcards

Types

type Condition added in v0.9.1 

type Condition int
const (
	NotEvaluate Condition = 0
	Process     Condition = 1
	Skip        Condition = 2
)

type ConditionAnchorValidationHandler added in v0.4.0 

type ConditionAnchorValidationHandler struct {
	// contains filtered or unexported fields
}

ConditionAnchorValidationHandler performs validation only for array elements that pass condition in the anchor (key): value

func (*ConditionAnchorValidationHandler) Handle added in v0.4.0 

func (cavh *ConditionAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) error

Handle performs validation in context of ConditionAnchorValidationHandler

type EngineResponseNew added in v0.9.0 

type EngineResponseNew struct {
	// Resource patched with the engine action changes
	PatchedResource unstructured.Unstructured
	// Policy Response
	PolicyResponse PolicyResponse
}

EngineResponseNew engine response to the action

func Generate 

func Generate(client *client.Client, policy kyverno.ClusterPolicy, ns unstructured.Unstructured) (response EngineResponseNew)

Generate apply generation rules on a resource

func Mutate 

func Mutate(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) (response EngineResponseNew)

Mutate performs mutation. Overlay first and then mutation patches

func Validate 

func Validate(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) (response EngineResponseNew)

Validate applies validation rules from policy on the resource

func (EngineResponseNew) GetFailedRules added in v0.9.0 

func (er EngineResponseNew) GetFailedRules() []string

GetFailedRules returns failed rules

func (EngineResponseNew) GetPatches added in v0.9.0 

func (er EngineResponseNew) GetPatches() [][]byte

GetPatches returns all the patches joined

func (EngineResponseNew) GetSuccessRules added in v0.9.0 

func (er EngineResponseNew) GetSuccessRules() []string

GetSuccessRules returns success rules

func (EngineResponseNew) IsSuccesful added in v0.9.0 

func (er EngineResponseNew) IsSuccesful() bool

IsSuccesful checks if any rule has failed or not

type EngineStats added in v0.8.0 

type EngineStats struct {
	// average time required to process the policy rules on a resource
	ExecutionTime time.Duration
	// Count of rules that were applied succesfully
	RulesAppliedCount int
}

EngineStats stores in the statistics for a single application of resource

type ExistanceAnchorValidationHandler added in v0.4.0 

type ExistanceAnchorValidationHandler struct {
	// contains filtered or unexported fields
}

ExistanceAnchorValidationHandler performs validation only for array elements that pass condition in the anchor AND requires an existance of at least one element that passes this condition ^(key): value

func (*ExistanceAnchorValidationHandler) Handle added in v0.4.0 

func (eavh *ExistanceAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) error

Handle performs validation in context of ExistanceAnchorValidationHandler

type NoAnchorValidationHandler added in v0.4.0 

type NoAnchorValidationHandler struct {
	// contains filtered or unexported fields
}

NoAnchorValidationHandler just calls validateMap because no anchors were found in the pattern map

func (*NoAnchorValidationHandler) Handle added in v0.4.0 

func (navh *NoAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) error

Handle performs validation in context of NoAnchorValidationHandler

type Operator 

type Operator string

Operator is string alias that represents selection operators enum 

const (
	// Equal stands for ==
	Equal Operator = ""
	// MoreEqual stands for >=
	MoreEqual Operator = ">="
	// LessEqual stands for <=
	LessEqual Operator = "<="
	// NotEqual stands for !
	NotEqual Operator = "!"
	// More stands for >
	More Operator = ">"
	// Less stands for <
	Less Operator = "<"
)

type PolicyResponse added in v0.9.0 

type PolicyResponse struct {
	// policy name
	Policy string `json:"policy"`
	// resource details
	Resource ResourceSpec `json:"resource"`
	// policy statistics
	PolicyStats `json:",inline"`
	// rule response
	Rules []RuleResponse `json:"rules"`
	// ValidationFailureAction: audit,enforce(default)
	ValidationFailureAction string
}

PolicyResponse policy application response

type PolicyStats added in v0.9.0 

type PolicyStats struct {
	// time required to process the policy rules on a resource
	ProcessingTime time.Duration `json:"processingTime"`
	// Count of rules that were applied succesfully
	RulesAppliedCount int `json:"rulesAppliedCount"`
}

PolicyStats stores statistics for the single policy application

type ResourceSpec added in v0.9.0 

type ResourceSpec struct {
	//TODO: support ApiVersion
	Kind       string `json:"kind"`
	APIVersion string `json:"apiVersion"`
	Namespace  string `json:"namespace"`
	Name       string `json:"name"`
}

ResourceSpec resource action applied on

type RuleResponse added in v0.9.0 

type RuleResponse struct {
	// rule name specified in policy
	Name string `json:"name"`
	// rule type (Mutation,Generation,Validation) for Kyverno Policy
	Type string `json:"type"`
	// message response from the rule application
	Message string `json:"message"`
	// JSON patches, for mutation rules
	Patches [][]byte `json:"patches,omitempty"`
	// success/fail
	Success bool `json:"success"`
	// statistics
	RuleStats `json:",inline"`
}

RuleResponse details for each rule applicatino

func (RuleResponse) ToString added in v0.9.0 

func (rr RuleResponse) ToString() string

ToString ...

type RuleStats added in v0.9.0 

type RuleStats struct {
	// time required to appliy the rule on the resource
	ProcessingTime time.Duration `json:"processingTime"`
}

RuleStats stores the statisctis for the single rule application

type RuleType added in v0.9.0 

type RuleType int
const (
	Mutation RuleType = iota
	Validation
	Generation
	All
)

func (RuleType) String added in v0.9.0 

func (ri RuleType) String() string

type ValidationAnchorHandler added in v0.4.0 

type ValidationAnchorHandler interface {
	Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) error
}

ValidationAnchorHandler is an interface that represents a family of anchor handlers for array of maps resourcePart must be an array of dictionaries patternPart must be a dictionary with anchors

func CreateAnchorHandler added in v0.4.0 

func CreateAnchorHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler

CreateAnchorHandler is a factory that create anchor handlers

func NewConditionAnchorValidationHandler added in v0.4.0 

func NewConditionAnchorValidationHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler

NewConditionAnchorValidationHandler creates new instance of NoAnchorValidationHandler

func NewExistanceAnchorValidationHandler added in v0.4.0 

func NewExistanceAnchorValidationHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler

NewExistanceAnchorValidationHandler creates new instance of NoAnchorValidationHandler

func NewNoAnchorValidationHandler added in v0.4.0 

func NewNoAnchorValidationHandler(path string) ValidationAnchorHandler

NewNoAnchorValidationHandler creates new instance of NoAnchorValidationHandler

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.