Documentation
¶
Index ¶
- func GenerateAdmissionRequest(resource unstructured.Unstructured) *admv1.AdmissionRequest
- func GenerateAdmissionReview(resource unstructured.Unstructured) *admv1.AdmissionReview
- type AuditableResources
- type Fetcher
- func (f *Fetcher) GetClusterWideResourcesForPolicies(ctx context.Context, policies []policiesv1.Policy) ([]AuditableResources, error)
- func (f *Fetcher) GetPolicyServerURLRunningPolicy(ctx context.Context, policy policiesv1.Policy) (*url.URL, error)
- func (f *Fetcher) GetResourcesForPolicies(ctx context.Context, policies []policiesv1.Policy, namespace string) ([]AuditableResources, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateAdmissionRequest ¶
func GenerateAdmissionRequest(resource unstructured.Unstructured) *admv1.AdmissionRequest
func GenerateAdmissionReview ¶
func GenerateAdmissionReview(resource unstructured.Unstructured) *admv1.AdmissionReview
Types ¶
type AuditableResources ¶
type AuditableResources struct {
Policies []policiesv1.Policy
// It can be any kubernetes resource
Resources []unstructured.Unstructured
}
AuditableResources represents all resources that must be audited for a group of policies. Example: AuditableResources{Policies:[policy1, policy2] Resources:[podA, podB], Policies:[policy1] Resources:[deploymentA]} means that podA and pobB must be evaluated by policy1 and policy2. deploymentA must be evaluated by policy1
type Fetcher ¶
type Fetcher struct {
// contains filtered or unexported fields
}
Fetcher fetches all auditable resources. Uses a dynamic client to get all resources from the rules defined in a policy
func NewFetcher ¶
NewFetcher returns a new fetcher with a dynamic client
func (*Fetcher) GetClusterWideResourcesForPolicies ¶
func (f *Fetcher) GetClusterWideResourcesForPolicies(ctx context.Context, policies []policiesv1.Policy) ([]AuditableResources, error)
GetClusterWideResourcesForPolicies fetches all cluster wide resources that must be audited and returns them in an AuditableResources array. Iterates through all the rules in the ClusterAdmissionPolicy policies to find all relevant resources. It creates a GVR (Group Version Resource) array for each rule defined in a policy. Then fetches and aggregates the GVRs for all the policies. Returns an array of AuditableResources. Each entry of the array will contain and array of resources of the same kind, and an array of policies that should evaluate these resources. Example: AuditableResources{Policies:[policy1, policy2] Resources:[podA, podB], Policies:[policy1] Resources:[deploymentA], Policies:[policy3] Resources:[ingressA]}
func (*Fetcher) GetPolicyServerURLRunningPolicy ¶
func (*Fetcher) GetResourcesForPolicies ¶
func (f *Fetcher) GetResourcesForPolicies(ctx context.Context, policies []policiesv1.Policy, namespace string) ([]AuditableResources, error)
GetResourcesForPolicies fetches all namespaced resources that must be audited in a specific namespace and returns them in an AuditableResources array. Iterates through all the rules in the policies to find all relevant resources. It creates a GVR (Group Version Resource) array for each rule defined in a policy. Then fetches and aggregates the GVRs for all the policies. Returns an array of AuditableResources. Each entry of the array will contain and array of resources of the same kind, and an array of policies that should evaluate these resources. Example: AuditableResources{Policies:[policy1, policy2] Resources:[podA, podB], Policies:[policy1] Resources:[deploymentA], Policies:[policy3] Resources:[ingressA]}
Source Files