Documentation
¶
Index ¶
- Variables
- func ServiceAccountLib() cel.EnvOption
- type Cache
- type CertificateRequest
- func (*CertificateRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CertificateRequest) GetName() string
- func (x *CertificateRequest) GetNamespace() string
- func (x *CertificateRequest) GetUsername() string
- func (*CertificateRequest) ProtoMessage()
- func (x *CertificateRequest) ProtoReflect() protoreflect.Message
- func (x *CertificateRequest) Reset()
- func (x *CertificateRequest) String() string
- type ServiceAccount
- type Validator
Constants ¶
This section is empty.
Variables ¶
var File_pkg_internal_approver_validation_certificaterequest_proto protoreflect.FileDescriptor
var (
SAType = cel.ObjectType("cm.io.policy.pkg.internal.approver.validation.ServiceAccount")
)
Functions ¶
func ServiceAccountLib ¶ added in v0.16.0
Types ¶
type Cache ¶
type Cache interface {
// Get returns a compiled validator for the supplied CEL expression.
// Any compilation errors will be returned to the caller.
//
// The supplied CEL expression must output a bool.
Get(expr string) (Validator, error)
}
Cache maintains a cache of compiled validators. The current implementation is a simple lazy cache meaning:
1. Whenever a validator is requested, it first checks the cache. 2. If a compiled validator exists for the supplied CEL expression, it is returned. 3. If the validator doesn't exist in the cache, a new validator is created, compiled, added to the cache, and returned.
type CertificateRequest ¶
type CertificateRequest struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
Username string `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"`
// contains filtered or unexported fields
}
func (*CertificateRequest) Descriptor
deprecated
func (*CertificateRequest) Descriptor() ([]byte, []int)
Deprecated: Use CertificateRequest.ProtoReflect.Descriptor instead.
func (*CertificateRequest) GetName ¶
func (x *CertificateRequest) GetName() string
func (*CertificateRequest) GetNamespace ¶
func (x *CertificateRequest) GetNamespace() string
func (*CertificateRequest) GetUsername ¶ added in v0.16.0
func (x *CertificateRequest) GetUsername() string
func (*CertificateRequest) ProtoMessage ¶
func (*CertificateRequest) ProtoMessage()
func (*CertificateRequest) ProtoReflect ¶
func (x *CertificateRequest) ProtoReflect() protoreflect.Message
func (*CertificateRequest) Reset ¶
func (x *CertificateRequest) Reset()
func (*CertificateRequest) String ¶
func (x *CertificateRequest) String() string
type ServiceAccount ¶ added in v0.16.0
func (ServiceAccount) ConvertToNative ¶ added in v0.16.0
func (sa ServiceAccount) ConvertToNative(typeDesc reflect.Type) (interface{}, error)
ConvertToNative implements ref.Val.ConvertToNative.
func (ServiceAccount) ConvertToType ¶ added in v0.16.0
func (sa ServiceAccount) ConvertToType(typeVal ref.Type) ref.Val
ConvertToType implements ref.Val.ConvertToType.
func (ServiceAccount) Equal ¶ added in v0.16.0
func (sa ServiceAccount) Equal(other ref.Val) ref.Val
Equal implements ref.Val.Equal.
func (ServiceAccount) Type ¶ added in v0.16.0
func (sa ServiceAccount) Type() ref.Type
Type implements ref.Val.Type.Y
func (ServiceAccount) Value ¶ added in v0.16.0
func (sa ServiceAccount) Value() interface{}
Value implements ref.Val.Value.
type Validator ¶
type Validator interface {
// Validate validates the supplied value against the Validator CEL
// expression in the context of the request.
// Returns 'true' if the value is valid (passes validation).
// Returned errors should be considered as internal/technical errors,
// and should NOT be returned unprocessed to end-users of the API.
// CEL program errors are usually not very human-readable and require
// knowledge of how CEL works and is used.
Validate(value string, request cmapi.CertificateRequest) (bool, error)
}
Validator knows how to validate CSR attribute values in CertificateRequests against CEL expressions declared in CertificateRequestPolicy. Validator is stateless, thread-safe, and cacheable.
Source Files