Documentation ¶
Index ¶
- func ApplyPatches(resource []byte, patches []PatchBytes) ([]byte, error)
- func FormAbsolutePath(referencePath, absolutePath string) string
- func Generate(client *client.Client, policy kubepolicy.Policy, rawResource []byte, ...)
- func ParseNameFromObject(bytes []byte) string
- func ParseNamespaceFromObject(bytes []byte) string
- func ParseRegexPolicyResourceName(policyResourceName string) (string, bool)
- func ProcessExisting(policy types.Policy, rawResource []byte) ([]violation.Info, []event.Info, error)
- func ResourceMeetsDescription(resourceRaw []byte, description kubepolicy.ResourceDescription, ...) bool
- func Validate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) result.Result
- func ValidateValueWithPattern(value, pattern interface{}) bool
- type ConditionAnchorValidationHandler
- type ExistanceAnchorValidationHandler
- type NoAnchorValidationHandler
- type Operator
- type PatchBytes
- func JoinPatches(patches []PatchBytes) PatchBytes
- func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) ([]PatchBytes, result.Result)
- func ProcessOverlay(rule kubepolicy.Rule, rawResource []byte, gvk metav1.GroupVersionKind) ([]PatchBytes, result.RuleApplicationResult)
- func ProcessPatches(rule kubepolicy.Rule, resource []byte) ([]PatchBytes, result.RuleApplicationResult)
- type ValidationAnchorHandler
- func CreateAnchorHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler
- func NewConditionAnchorValidationHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler
- func NewExistanceAnchorValidationHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler
- func NewNoAnchorValidationHandler(path string) ValidationAnchorHandler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ApplyPatches ¶
func ApplyPatches(resource []byte, patches []PatchBytes) ([]byte, error)
ApplyPatches patches given resource with given patches and returns patched document
func FormAbsolutePath ¶ added in v0.4.0
func Generate ¶
func Generate(client *client.Client, policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind)
Generate should be called to process generate rules on the resource
func ParseNameFromObject ¶
ParseNameFromObject extracts resource name from JSON obj
func ParseNamespaceFromObject ¶
ParseNamespaceFromObject extracts the namespace from the JSON obj
func ParseRegexPolicyResourceName ¶
ParseRegexPolicyResourceName returns true if policyResourceName is a regexp
func ProcessExisting ¶
func ProcessExisting(policy types.Policy, rawResource []byte) ([]violation.Info, []event.Info, error)
ProcessExisting checks for mutation and validation violations of existing resources
func ResourceMeetsDescription ¶
func ResourceMeetsDescription(resourceRaw []byte, description kubepolicy.ResourceDescription, gvk metav1.GroupVersionKind) bool
ResourceMeetsDescription checks requests kind, name and labels to fit the policy rule
func Validate ¶
func Validate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) result.Result
Validate handles validating admission request Checks the target resources for rules defined in the policy
func ValidateValueWithPattern ¶
func ValidateValueWithPattern(value, pattern interface{}) bool
ValidateValueWithPattern validates value with operators and wildcards
Types ¶
type ConditionAnchorValidationHandler ¶ added in v0.4.0
type ConditionAnchorValidationHandler struct {
// contains filtered or unexported fields
}
ConditionAnchorValidationHandler performs validation only for array elements that pass condition in the anchor (key): value
func (*ConditionAnchorValidationHandler) Handle ¶ added in v0.4.0
func (cavh *ConditionAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) result.RuleApplicationResult
Handle performs validation in context of ConditionAnchorValidationHandler
type ExistanceAnchorValidationHandler ¶ added in v0.4.0
type ExistanceAnchorValidationHandler struct {
// contains filtered or unexported fields
}
ExistanceAnchorValidationHandler performs validation only for array elements that pass condition in the anchor AND requires an existance of at least one element that passes this condition ^(key): value
func (*ExistanceAnchorValidationHandler) Handle ¶ added in v0.4.0
func (eavh *ExistanceAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) result.RuleApplicationResult
Handle performs validation in context of ExistanceAnchorValidationHandler
type NoAnchorValidationHandler ¶ added in v0.4.0
type NoAnchorValidationHandler struct {
// contains filtered or unexported fields
}
NoAnchorValidationHandler just calls validateMap because no anchors were found in the pattern map
func (*NoAnchorValidationHandler) Handle ¶ added in v0.4.0
func (navh *NoAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) result.RuleApplicationResult
Handle performs validation in context of NoAnchorValidationHandler
type Operator ¶
type Operator string
Operator is string alias that represents selection operators enum
type PatchBytes ¶
type PatchBytes []byte
PatchBytes stands for []byte
func JoinPatches ¶
func JoinPatches(patches []PatchBytes) PatchBytes
JoinPatches joins array of serialized JSON patches to the single JSONPatch array
func Mutate ¶
func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) ([]PatchBytes, result.Result)
Mutate performs mutation. Overlay first and then mutation patches
func ProcessOverlay ¶
func ProcessOverlay(rule kubepolicy.Rule, rawResource []byte, gvk metav1.GroupVersionKind) ([]PatchBytes, result.RuleApplicationResult)
ProcessOverlay handles validating admission request Checks the target resources for rules defined in the policy
func ProcessPatches ¶
func ProcessPatches(rule kubepolicy.Rule, resource []byte) ([]PatchBytes, result.RuleApplicationResult)
ProcessPatches Returns array from separate patches that can be applied to the document Returns error ONLY in case when creation of resource should be denied.
type ValidationAnchorHandler ¶ added in v0.4.0
type ValidationAnchorHandler interface {
Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) result.RuleApplicationResult
}
ValidationAnchorHandler is an interface that represents a family of anchor handlers for array of maps resourcePart must be an array of dictionaries patternPart must be a dictionary with anchors
func CreateAnchorHandler ¶ added in v0.4.0
func CreateAnchorHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler
CreateAnchorHandler is a factory that create anchor handlers
func NewConditionAnchorValidationHandler ¶ added in v0.4.0
func NewConditionAnchorValidationHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler
NewConditionAnchorValidationHandler creates new instance of NoAnchorValidationHandler
func NewExistanceAnchorValidationHandler ¶ added in v0.4.0
func NewExistanceAnchorValidationHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler
NewExistanceAnchorValidationHandler creates new instance of NoAnchorValidationHandler
func NewNoAnchorValidationHandler ¶ added in v0.4.0
func NewNoAnchorValidationHandler(path string) ValidationAnchorHandler
NewNoAnchorValidationHandler creates new instance of NoAnchorValidationHandler