Documentation
¶
Index ¶
- Constants
- Variables
- type ConditionInfo
- type ExpressionCondition
- type K8s
- func (r *K8s) Capabilities() (caps []libprovider.Capability)
- func (r *K8s) Evaluate(ctx context.Context, cap string, conditionBytes []byte) (resp libprovider.ProviderEvaluateResponse, err error)
- func (r *K8s) GetDependencies(ctx context.Context) (deps map[uri.URI][]*libprovider.Dep, err error)
- func (r *K8s) GetDependenciesDAG(ctx context.Context) (dag map[uri.URI][]libprovider.DepDAGItem, err error)
- func (r *K8s) Init(ctx context.Context, log logr.Logger, initCfg libprovider.InitConfig) (svc libprovider.ServiceClient, err error)
- func (r *K8s) Stop()
- type K8sInitConfig
- type ModuleCondition
- type RegoIncident
Constants ¶
const ( CapabilityRegoModule = "rego_module" CapabilityRegoExpression = "rego_expr" )
Capabilities
const ExpressionTemplate = `` /* 335-byte string literal not displayed */
ExpressionTemplate is the template that the parameters from the rego.expr capability will be injected into to create a complete module.
const (
ProviderName = "k8s"
)
Variables ¶
var InventoryModule string
Functions ¶
This section is empty.
Types ¶
type ConditionInfo ¶
type ConditionInfo struct {
Expression ExpressionCondition `json:"rego_expr" yaml:"rego_expr"`
Module ModuleCondition `json:"rego_module" yaml:"rego_module"`
}
type ExpressionCondition ¶
type ExpressionCondition struct {
// Collection is the resource collection from the
// base module that the expression should be evaluated against.
Collection string `json:"collection"`
// Expression is a single rego expression.
Expression string `json:"expression"`
}
ExpressionCondition is the input for the rego_expr capability, which takes a single rego expression and injects it into a module template which will evaluate it in the context of a single resource collection.
type K8s ¶
type K8s struct {
// contains filtered or unexported fields
}
K8s provider
func (*K8s) Capabilities ¶
func (r *K8s) Capabilities() (caps []libprovider.Capability)
Capabilities returns the supported capabilities of the provider.
func (*K8s) Evaluate ¶
func (r *K8s) Evaluate(ctx context.Context, cap string, conditionBytes []byte) (resp libprovider.ProviderEvaluateResponse, err error)
Evaluate a capability and return a result.
func (*K8s) GetDependencies ¶
func (*K8s) GetDependenciesDAG ¶
func (r *K8s) GetDependenciesDAG(ctx context.Context) (dag map[uri.URI][]libprovider.DepDAGItem, err error)
func (*K8s) Init ¶
func (r *K8s) Init(ctx context.Context, log logr.Logger, initCfg libprovider.InitConfig) (svc libprovider.ServiceClient, err error)
Init the provider. Reads in base Rego modules, kubeconfig, and pulls resources from the cluster.
type K8sInitConfig ¶
type K8sInitConfig struct {
libprovider.InitConfig
ProviderSpecificConfig struct {
// path to the cluster's kube config
KubeConfig []byte `json:"kubeConfig"`
// list of GVKs to evaluate rules against
GroupVersionKinds []schema.GroupVersionKind `json:"groupVersionKinds"`
// list of namespaces to collect resources from
Namespaces []string `json:"namespaces"`
}
}
K8sInitConfig is the provider init config with the k8s provider-specific fields unmarshalled.
func NewK8sInitConfig ¶
func NewK8sInitConfig(initCfg libprovider.InitConfig) (k *K8sInitConfig, err error)
NewK8sInitConfig creates a k8s specific provider configuration from the generic provider init.
type ModuleCondition ¶
type ModuleCondition struct {
Module string `json:"module"`
}
ModuleCondition is the input for the rego_module capability, which takes an entire rego module and evaluates it.
type RegoIncident ¶
type RegoIncident struct {
Name string `json:"name"`
Namespace string `json:"namespace"`
ApiVersion string `json:"apiVersion"`
Kind string `json:"kind"`
}
RegoIncident describes the format that the output from each Rego rule must take.
func (RegoIncident) GroupVersion ¶
func (r RegoIncident) GroupVersion() (group string, version string)
GroupVersion splits the resource's ApiVersion into an API group and a version.
Source Files