engine

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 20, 2019 License: Apache-2.0 Imports: 18 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplyPatches

func ApplyPatches(resource []byte, patches []PatchBytes) ([]byte, error)

ApplyPatches patches given resource with given patches and returns patched document

func FormAbsolutePath added in v0.4.0

func FormAbsolutePath(referencePath, absolutePath string) string

func Generate

func Generate(client *client.Client, policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind)

Generate should be called to process generate rules on the resource

func ParseNameFromObject

func ParseNameFromObject(bytes []byte) string

ParseNameFromObject extracts resource name from JSON obj

func ParseNamespaceFromObject

func ParseNamespaceFromObject(bytes []byte) string

ParseNamespaceFromObject extracts the namespace from the JSON obj

func ParseRegexPolicyResourceName

func ParseRegexPolicyResourceName(policyResourceName string) (string, bool)

ParseRegexPolicyResourceName returns true if policyResourceName is a regexp

func ProcessExisting

func ProcessExisting(policy types.Policy, rawResource []byte) ([]violation.Info, []event.Info, error)

ProcessExisting checks for mutation and validation violations of existing resources

func ResourceMeetsDescription

func ResourceMeetsDescription(resourceRaw []byte, description kubepolicy.ResourceDescription, gvk metav1.GroupVersionKind) bool

ResourceMeetsDescription checks requests kind, name and labels to fit the policy rule

func Validate

func Validate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) result.Result

Validate handles validating admission request Checks the target resources for rules defined in the policy

func ValidateValueWithPattern

func ValidateValueWithPattern(value, pattern interface{}) bool

ValidateValueWithPattern validates value with operators and wildcards

Types

type ConditionAnchorValidationHandler added in v0.4.0

type ConditionAnchorValidationHandler struct {
	// contains filtered or unexported fields
}

ConditionAnchorValidationHandler performs validation only for array elements that pass condition in the anchor (key): value

func (*ConditionAnchorValidationHandler) Handle added in v0.4.0

func (cavh *ConditionAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) result.RuleApplicationResult

Handle performs validation in context of ConditionAnchorValidationHandler

type ExistanceAnchorValidationHandler added in v0.4.0

type ExistanceAnchorValidationHandler struct {
	// contains filtered or unexported fields
}

ExistanceAnchorValidationHandler performs validation only for array elements that pass condition in the anchor AND requires an existance of at least one element that passes this condition ^(key): value

func (*ExistanceAnchorValidationHandler) Handle added in v0.4.0

func (eavh *ExistanceAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) result.RuleApplicationResult

Handle performs validation in context of ExistanceAnchorValidationHandler

type NoAnchorValidationHandler added in v0.4.0

type NoAnchorValidationHandler struct {
	// contains filtered or unexported fields
}

NoAnchorValidationHandler just calls validateMap because no anchors were found in the pattern map

func (*NoAnchorValidationHandler) Handle added in v0.4.0

func (navh *NoAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) result.RuleApplicationResult

Handle performs validation in context of NoAnchorValidationHandler

type Operator

type Operator string

Operator is string alias that represents selection operators enum

const (
	// Equal stands for ==
	Equal Operator = ""
	// MoreEqual stands for >=
	MoreEqual Operator = ">="
	// LessEqual stands for <=
	LessEqual Operator = "<="
	// NotEqual stands for !
	NotEqual Operator = "!"
	// More stands for >
	More Operator = ">"
	// Less stands for <
	Less Operator = "<"
)

type PatchBytes

type PatchBytes []byte

PatchBytes stands for []byte

func JoinPatches

func JoinPatches(patches []PatchBytes) PatchBytes

JoinPatches joins array of serialized JSON patches to the single JSONPatch array

func Mutate

func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersionKind) ([]PatchBytes, result.Result)

Mutate performs mutation. Overlay first and then mutation patches

func ProcessOverlay

func ProcessOverlay(rule kubepolicy.Rule, rawResource []byte, gvk metav1.GroupVersionKind) ([]PatchBytes, result.RuleApplicationResult)

ProcessOverlay handles validating admission request Checks the target resources for rules defined in the policy

func ProcessPatches

func ProcessPatches(rule kubepolicy.Rule, resource []byte) ([]PatchBytes, result.RuleApplicationResult)

ProcessPatches Returns array from separate patches that can be applied to the document Returns error ONLY in case when creation of resource should be denied.

type ValidationAnchorHandler added in v0.4.0

type ValidationAnchorHandler interface {
	Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) result.RuleApplicationResult
}

ValidationAnchorHandler is an interface that represents a family of anchor handlers for array of maps resourcePart must be an array of dictionaries patternPart must be a dictionary with anchors

func CreateAnchorHandler added in v0.4.0

func CreateAnchorHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler

CreateAnchorHandler is a factory that create anchor handlers

func NewConditionAnchorValidationHandler added in v0.4.0

func NewConditionAnchorValidationHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler

NewConditionAnchorValidationHandler creates new instance of NoAnchorValidationHandler

func NewExistanceAnchorValidationHandler added in v0.4.0

func NewExistanceAnchorValidationHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler

NewExistanceAnchorValidationHandler creates new instance of NoAnchorValidationHandler

func NewNoAnchorValidationHandler added in v0.4.0

func NewNoAnchorValidationHandler(path string) ValidationAnchorHandler

NewNoAnchorValidationHandler creates new instance of NoAnchorValidationHandler

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL