Documentation
¶
Index ¶
- Variables
- func MakeAuditQuery() string
- func MakeSingleClusterResourceQuery(resource, name string) string
- func MakeSingleNamespaceAuthorizationResourceQuery(resource, namespace, name string) string
- func MakeSingleNamespaceResourceQuery(resource, namespace, name string) string
- type AuditResponseV1
- type Deny
- type PatchOperation
- type Resolution
- type Resource
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // KubernetesPolicy - Matches provides an abstraction to find resources that match the (kind, // namespace, name) triplet. KubernetesPolicy = []byte(` package k8s import data.kubernetes matches[[kind, namespace, name, resource]] { resource := kubernetes[kind][namespace][name] } matches[[kind, namespace, name, resource]] { resource := kubernetes[kind][namespace][name].object } `) // PolicyMatchPolicy - policymatches provides an abstraction to find policies that match the (name). PolicyMatchPolicy = []byte(` package k8s import data.kubernetes.policies # Matches provides an abstraction to find policies that match the (name). policymatches[[name, policy]] { policy := policies[name] } `) )
Functions ¶
func MakeAuditQuery ¶
func MakeAuditQuery() string
MakeAuditQuery query for all deny (policy violations)
func MakeSingleClusterResourceQuery ¶
MakeSingleClusterResourceQuery makes a single resource query
func MakeSingleNamespaceAuthorizationResourceQuery ¶
MakeSingleNamespaceResourceQuery makes a single resource query For now I would keep the separation of the OPA packages here, because the values which are given later via the value just don't have the same format. But at least the rules have a similar structure now.
func MakeSingleNamespaceResourceQuery ¶
MakeSingleNamespaceResourceQuery makes a single resource query
Types ¶
type AuditResponseV1 ¶
type AuditResponseV1 struct {
Message string `json:"message,omitempty"`
Violations []Deny `json:"violations,omitempty"`
}
AuditResponseV1 models audit response from the server
type Deny ¶
type Deny struct {
ID string `json:"id,omitempty"`
Resource Resource `json:"resource,omitempty"`
Resolution Resolution `json:"resolution,omitempty"`
}
Deny models a resource violation on the enabled policy rules
type PatchOperation ¶
type PatchOperation struct {
Op string `json:"op"`
Path string `json:"path"`
Value interface{} `json:"value,omitempty"`
}
PatchOperation models a patch operation
type Resolution ¶
type Resolution struct {
Message string `json:"message,omitempty"`
Patches []PatchOperation `json:"patches,omitempty"`
}
Resolution models a resolution for a resource violation on the enabled policy rules
Source Files
Click to show internal directories.
Click to hide internal directories.