Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Ready ¶
func Ready(_ context.Context, _ *cmapi.CertificateRequest, policies []policyapi.CertificateRequestPolicy) ([]policyapi.CertificateRequestPolicy, error)
Ready is a Predicate that returns the subset of given policies that have a Ready condition set to True.
func SelectorIssuerRef ¶
func SelectorIssuerRef(_ context.Context, cr *cmapi.CertificateRequest, policies []policyapi.CertificateRequestPolicy) ([]policyapi.CertificateRequestPolicy, error)
SelectorIssuerRef is a Predicate that returns the subset of given policies that have an `spec.selector.issuerRef` matching the `spec.issuerRef` in the request. PredicateSelectorIssuerRef will match on strings using wilcards "*". Empty selector is equivalent to "*" and will match on anything.
Types ¶
type Predicate ¶
type Predicate func(context.Context, *cmapi.CertificateRequest, []policyapi.CertificateRequestPolicy) ([]policyapi.CertificateRequestPolicy, error)
Predicate is a func called by the Approver Manager to filter the set of CertificateRequestPolicies that should be evaluated on the CertificateRequest. Returned list of CertificateRequestPolicies pass the predicate or filter.
func RBACBound ¶
RBACBoundPolicies is a Predicate that returns the subset of CertificateRequestPolicies that have been RBAC bound to the user in the CertificateRequest. Achieved using SubjectAccessReviews.
func SelectorNamespace ¶ added in v0.5.0
SelectorNamespace is a Predicate that returns the subset of given policies that have an `spec.selector.namespace` matching the `metadata.namespace` of the request. SelectorNamespace will match with `namespace.matchNames` on namespaces using wilcards "*". Empty selector is equivalent to "*" and will match on any Namespace.
Source Files