internal

package
v1.11.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 5, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckDenyPreconditions

func CheckDenyPreconditions(logger logr.Logger, jsonContext enginecontext.Interface, anyAllConditions apiextensions.JSON) (bool, string, error)

func CheckPreconditions

func CheckPreconditions(logger logr.Logger, jsonContext enginecontext.Interface, anyAllConditions apiextensions.JSON) (bool, string, error)

func EvaluateConditions

func EvaluateConditions(
	conditions []kyvernov1.AnyAllConditions,
	ctx enginecontext.Interface,
	s map[string]interface{},
	log logr.Logger,
) (bool, string, error)

func ExpandStaticKeys

func ExpandStaticKeys(attestorSet kyvernov1.AttestorSet) kyvernov1.AttestorSet

func HasImageVerifiedAnnotationChanged

func HasImageVerifiedAnnotationChanged(ctx engineapi.PolicyContext, log logr.Logger) bool

func LoggerWithPolicy

func LoggerWithPolicy(logger logr.Logger, policy kyvernov1.PolicyInterface) logr.Logger

func LoggerWithPolicyContext

func LoggerWithPolicyContext(logger logr.Logger, policyContext engineapi.PolicyContext) logr.Logger

func LoggerWithResource

func LoggerWithResource(logger logr.Logger, prefix string, resource unstructured.Unstructured) logr.Logger

func LoggerWithRule

func LoggerWithRule(logger logr.Logger, rule kyvernov1.Rule) logr.Logger

func MatchPolicyContext

func MatchPolicyContext(logger logr.Logger, policyContext engineapi.PolicyContext, configuration config.Configuration) bool

Types

type Authorizer added in v1.10.5

type Authorizer struct {
	// contains filtered or unexported fields
}

Authorizer implements authorizer.Authorizer interface. It is intended to be used in validate.cel subrules.

func NewAuthorizer added in v1.10.5

func NewAuthorizer(client engineapi.Client, resourceKind schema.GroupVersionKind) Authorizer

func (*Authorizer) Authorize added in v1.10.5

func (a *Authorizer) Authorize(ctx context.Context, attributes authorizer.Attributes) (authorized authorizer.Decision, reason string, err error)

type ImageVerifier

type ImageVerifier struct {
	// contains filtered or unexported fields
}

func NewImageVerifier

func NewImageVerifier(
	logger logr.Logger,
	rclient engineapi.RegistryClient,
	ivCache imageverifycache.Client,
	policyContext engineapi.PolicyContext,
	rule kyvernov1.Rule,
	ivm *engineapi.ImageVerificationMetadata,
	imageSignatureRepository string,
) *ImageVerifier

func (*ImageVerifier) Verify

func (iv *ImageVerifier) Verify(
	ctx context.Context,
	imageVerify kyvernov1.ImageVerification,
	matchedImageInfos []apiutils.ImageInfo,
	cfg config.Configuration,
) ([]jsonpatch.JsonPatchOperation, []*engineapi.RuleResponse)

verify applies policy rules to each matching image. The policy rule results and annotation patches are added to tme imageVerifier `resp` and `ivm` fields.

type User added in v1.10.5

type User struct {
	// contains filtered or unexported fields
}

User implements user.Info interface. It is intended to be used in validate.cel subrules.

func NewUser added in v1.10.5

func NewUser(name, uid string, groups []string) User

func (*User) GetExtra added in v1.10.5

func (u *User) GetExtra() map[string][]string

func (*User) GetGroups added in v1.10.5

func (u *User) GetGroups() []string

func (*User) GetName added in v1.10.5

func (u *User) GetName() string

func (*User) GetUID added in v1.10.5

func (u *User) GetUID() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL