internal

package
v1.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 30, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckDenyPreconditions

func CheckDenyPreconditions(logger logr.Logger, jsonContext enginecontext.Interface, anyAllConditions apiextensions.JSON) (bool, string, error)

func CheckPreconditions

func CheckPreconditions(logger logr.Logger, jsonContext enginecontext.Interface, anyAllConditions apiextensions.JSON) (bool, string, error)

func EvaluateConditions

func EvaluateConditions(
	conditions []kyvernov1.AnyAllConditions,
	ctx enginecontext.Interface,
	s map[string]interface{},
	log logr.Logger,
) (bool, string, error)

func ExpandStaticKeys

func ExpandStaticKeys(attestorSet kyvernov1.AttestorSet) kyvernov1.AttestorSet

func HasImageVerifiedAnnotationChanged

func HasImageVerifiedAnnotationChanged(ctx engineapi.PolicyContext, log logr.Logger) bool

func LoggerWithPolicy

func LoggerWithPolicy(logger logr.Logger, policy kyvernov1.PolicyInterface) logr.Logger

func LoggerWithPolicyContext

func LoggerWithPolicyContext(logger logr.Logger, policyContext engineapi.PolicyContext) logr.Logger

func LoggerWithResource

func LoggerWithResource(logger logr.Logger, prefix string, resource unstructured.Unstructured) logr.Logger

func LoggerWithRule

func LoggerWithRule(logger logr.Logger, rule kyvernov1.Rule) logr.Logger

func MatchPolicyContext

func MatchPolicyContext(logger logr.Logger, policyContext engineapi.PolicyContext, configuration config.Configuration) bool

Types

type ImageVerifier

type ImageVerifier struct {
	// contains filtered or unexported fields
}

func NewImageVerifier

func NewImageVerifier(
	logger logr.Logger,
	rclient registryclient.Client,
	policyContext engineapi.PolicyContext,
	rule kyvernov1.Rule,
	ivm *engineapi.ImageVerificationMetadata,
) *ImageVerifier

func (*ImageVerifier) Verify

func (iv *ImageVerifier) Verify(
	ctx context.Context,
	imageVerify kyvernov1.ImageVerification,
	matchedImageInfos []apiutils.ImageInfo,
	cfg config.Configuration,
) []*engineapi.RuleResponse

verify applies policy rules to each matching image. The policy rule results and annotation patches are added to tme imageVerifier `resp` and `ivm` fields.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL