engine

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 22, 2019 License: Apache-2.0 Imports: 21 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplyPatches 

func ApplyPatches(resource []byte, patches [][]byte) ([]byte, error)

ApplyPatches patches given resource with given patches and returns patched document

func ConvertToUnstructured added in v0.8.0 

func ConvertToUnstructured(data []byte) (*unstructured.Unstructured, error)

func FormAbsolutePath added in v0.4.0 

func FormAbsolutePath(referencePath, absolutePath string) string

FormAbsolutePath returns absolute path

func JoinPatches 

func JoinPatches(patches [][]byte) []byte

JoinPatches joins array of serialized JSON patches to the single JSONPatch array

func MatchesResourceDescription added in v0.8.0 

func MatchesResourceDescription(resource unstructured.Unstructured, rule kyverno.Rule) bool

MatchesResourceDescription checks if the resource matches resource desription of the rule or not

func ParseKindFromObject added in v0.5.0 

func ParseKindFromObject(bytes []byte) string

ParseKindFromObject get kind from resource

func ParseNameFromObject 

func ParseNameFromObject(bytes []byte) string

ParseNameFromObject extracts resource name from JSON obj

func ParseNamespaceFromObject 

func ParseNamespaceFromObject(bytes []byte) string

ParseNamespaceFromObject extracts the namespace from the JSON obj

func ParseResourceInfoFromObject added in v0.7.0 

func ParseResourceInfoFromObject(rawResource []byte) string

ParseResourceInfoFromObject get kind/namepace/name from resource

func ValidateValueWithPattern 

func ValidateValueWithPattern(value, pattern interface{}) bool

ValidateValueWithPattern validates value with operators and wildcards

Types

type ConditionAnchorValidationHandler added in v0.4.0 

type ConditionAnchorValidationHandler struct {
	// contains filtered or unexported fields
}

ConditionAnchorValidationHandler performs validation only for array elements that pass condition in the anchor (key): value

func (*ConditionAnchorValidationHandler) Handle added in v0.4.0 

func (cavh *ConditionAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) error

Handle performs validation in context of ConditionAnchorValidationHandler

type EngineResponse added in v0.8.0 

type EngineResponse struct {
	Patches         [][]byte
	PatchedResource unstructured.Unstructured
	RuleInfos       []info.RuleInfo
	EngineStats
}

EngineResponse provides the response to the application of a policy rule set on a resource

func Generate 

func Generate(client *client.Client, policy kyverno.Policy, ns unstructured.Unstructured) (response EngineResponse)

Generate apply generation rules on a resource

func Mutate 

func Mutate(policy kyverno.Policy, resource unstructured.Unstructured) (response EngineResponse)

func Validate 

func Validate(policy kyverno.Policy, resource unstructured.Unstructured) (response EngineResponse)

Validate handles validating admission request Checks the target resources for rules defined in the policy

type EngineStats added in v0.8.0 

type EngineStats struct {
	// average time required to process the policy rules on a resource
	ExecutionTime time.Duration
	// Count of rules that were applied succesfully
	RulesAppliedCount int
}

EngineStats stores in the statistics for a single application of resource

type ExistanceAnchorValidationHandler added in v0.4.0 

type ExistanceAnchorValidationHandler struct {
	// contains filtered or unexported fields
}

ExistanceAnchorValidationHandler performs validation only for array elements that pass condition in the anchor AND requires an existance of at least one element that passes this condition ^(key): value

func (*ExistanceAnchorValidationHandler) Handle added in v0.4.0 

func (eavh *ExistanceAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) error

Handle performs validation in context of ExistanceAnchorValidationHandler

type NoAnchorValidationHandler added in v0.4.0 

type NoAnchorValidationHandler struct {
	// contains filtered or unexported fields
}

NoAnchorValidationHandler just calls validateMap because no anchors were found in the pattern map

func (*NoAnchorValidationHandler) Handle added in v0.4.0 

func (navh *NoAnchorValidationHandler) Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) error

Handle performs validation in context of NoAnchorValidationHandler

type Operator 

type Operator string

Operator is string alias that represents selection operators enum 

const (
	// Equal stands for ==
	Equal Operator = ""
	// MoreEqual stands for >=
	MoreEqual Operator = ">="
	// LessEqual stands for <=
	LessEqual Operator = "<="
	// NotEqual stands for !
	NotEqual Operator = "!"
	// More stands for >
	More Operator = ">"
	// Less stands for <
	Less Operator = "<"
)

type ValidationAnchorHandler added in v0.4.0 

type ValidationAnchorHandler interface {
	Handle(resourcePart []interface{}, patternPart map[string]interface{}, originPattern interface{}) error
}

ValidationAnchorHandler is an interface that represents a family of anchor handlers for array of maps resourcePart must be an array of dictionaries patternPart must be a dictionary with anchors

func CreateAnchorHandler added in v0.4.0 

func CreateAnchorHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler

CreateAnchorHandler is a factory that create anchor handlers

func NewConditionAnchorValidationHandler added in v0.4.0 

func NewConditionAnchorValidationHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler

NewConditionAnchorValidationHandler creates new instance of NoAnchorValidationHandler

func NewExistanceAnchorValidationHandler added in v0.4.0 

func NewExistanceAnchorValidationHandler(anchor string, pattern interface{}, path string) ValidationAnchorHandler

NewExistanceAnchorValidationHandler creates new instance of NoAnchorValidationHandler

func NewNoAnchorValidationHandler added in v0.4.0 

func NewNoAnchorValidationHandler(path string) ValidationAnchorHandler

NewNoAnchorValidationHandler creates new instance of NoAnchorValidationHandler

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.