Documentation ¶
Index ¶
- func CheckAnnotations(expected map[string]string, actual map[string]string) bool
- func CheckKind(kinds []string, gvk schema.GroupVersionKind, subresource string, ...) bool
- func CheckMatchesResources(resource unstructured.Unstructured, statement kyvernov2beta1.MatchResources, ...) error
- func CheckName(expected, actual string) bool
- func CheckNamespace(statement string, resource unstructured.Unstructured) error
- func CheckSelector(expected *metav1.LabelSelector, actual map[string]string) (bool, error)
- func CheckSubjects(ruleSubjects []rbacv1.Subject, userInfo authenticationv1.UserInfo) bool
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckAnnotations ¶ added in v1.10.0
func CheckKind ¶
func CheckKind(kinds []string, gvk schema.GroupVersionKind, subresource string, allowEphemeralContainers bool) bool
CheckKind checks if the resource kind matches the kinds in the policy. If the policy matches on subresources, then those resources are present in the subresourceGVKToAPIResource map. Set allowEphemeralContainers to true to allow ephemeral containers to be matched even when the policy does not explicitly match on ephemeral containers and only matches on pods.
func CheckMatchesResources ¶
func CheckMatchesResources( resource unstructured.Unstructured, statement kyvernov2beta1.MatchResources, namespaceLabels map[string]string, admissionInfo kyvernov1beta1.RequestInfo, excludeGroupRole []string, gvk schema.GroupVersionKind, subresource string, ) error
func CheckNamespace ¶
func CheckNamespace(statement string, resource unstructured.Unstructured) error
func CheckSelector ¶ added in v1.10.0
func CheckSubjects ¶ added in v1.10.0
func CheckSubjects( ruleSubjects []rbacv1.Subject, userInfo authenticationv1.UserInfo, ) bool
CheckSubjects return true if one of ruleSubjects exist in userInfo
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.