Documentation ¶
Index ¶
- func CheckDenyPreconditions(logger logr.Logger, jsonContext enginecontext.Interface, ...) (bool, string, error)
- func CheckPreconditions(logger logr.Logger, jsonContext enginecontext.Interface, ...) (bool, string, error)
- func EvaluateConditions(conditions []kyvernov1.AnyAllConditions, ctx enginecontext.Interface, ...) (bool, string, error)
- func ExpandStaticKeys(attestorSet kyvernov1.AttestorSet) kyvernov1.AttestorSet
- func HasImageVerifiedAnnotationChanged(ctx engineapi.PolicyContext, log logr.Logger) bool
- func LoggerWithPolicy(logger logr.Logger, policy kyvernov1.PolicyInterface) logr.Logger
- func LoggerWithPolicyContext(logger logr.Logger, policyContext engineapi.PolicyContext) logr.Logger
- func LoggerWithResource(logger logr.Logger, prefix string, resource unstructured.Unstructured) logr.Logger
- func LoggerWithRule(logger logr.Logger, rule kyvernov1.Rule) logr.Logger
- func MatchPolicyContext(logger logr.Logger, policyContext engineapi.PolicyContext, ...) bool
- type Authorizer
- type ImageVerifier
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckDenyPreconditions ¶
func CheckDenyPreconditions(logger logr.Logger, jsonContext enginecontext.Interface, anyAllConditions apiextensions.JSON) (bool, string, error)
func CheckPreconditions ¶
func CheckPreconditions(logger logr.Logger, jsonContext enginecontext.Interface, anyAllConditions apiextensions.JSON) (bool, string, error)
func EvaluateConditions ¶
func EvaluateConditions( conditions []kyvernov1.AnyAllConditions, ctx enginecontext.Interface, s map[string]interface{}, log logr.Logger, ) (bool, string, error)
func ExpandStaticKeys ¶
func ExpandStaticKeys(attestorSet kyvernov1.AttestorSet) kyvernov1.AttestorSet
func HasImageVerifiedAnnotationChanged ¶
func HasImageVerifiedAnnotationChanged(ctx engineapi.PolicyContext, log logr.Logger) bool
func LoggerWithPolicy ¶
func LoggerWithPolicyContext ¶
func LoggerWithResource ¶
func LoggerWithResource(logger logr.Logger, prefix string, resource unstructured.Unstructured) logr.Logger
func MatchPolicyContext ¶
func MatchPolicyContext(logger logr.Logger, policyContext engineapi.PolicyContext, configuration config.Configuration) bool
Types ¶
type Authorizer ¶ added in v1.10.5
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer implements authorizer.Authorizer interface. It is intended to be used in validate.cel subrules.
func NewAuthorizer ¶ added in v1.10.5
func NewAuthorizer(client engineapi.Client, resourceKind schema.GroupVersionKind) Authorizer
func (*Authorizer) Authorize ¶ added in v1.10.5
func (a *Authorizer) Authorize(ctx context.Context, attributes authorizer.Attributes) (authorized authorizer.Decision, reason string, err error)
type ImageVerifier ¶
type ImageVerifier struct {
// contains filtered or unexported fields
}
func NewImageVerifier ¶
func NewImageVerifier( logger logr.Logger, rclient engineapi.RegistryClient, ivCache imageverifycache.Client, policyContext engineapi.PolicyContext, rule kyvernov1.Rule, ivm *engineapi.ImageVerificationMetadata, imageSignatureRepository string, ) *ImageVerifier
func (*ImageVerifier) Verify ¶
func (iv *ImageVerifier) Verify( ctx context.Context, imageVerify kyvernov1.ImageVerification, matchedImageInfos []apiutils.ImageInfo, cfg config.Configuration, ) ([]jsonpatch.JsonPatchOperation, []*engineapi.RuleResponse)
verify applies policy rules to each matching image. The policy rule results and annotation patches are added to tme imageVerifier `resp` and `ivm` fields.
Click to show internal directories.
Click to hide internal directories.