Documentation
¶
Index ¶
- func ApplyPodSecurityExclusion(levelVersion *api.LevelVersion, excludes []kyvernov1.PodSecurityStandard, ...) ([]pssutils.PSSCheckResult, error)
- func EvaluatePod(levelVersion *api.LevelVersion, excludes []kyvernov1.PodSecurityStandard, ...) (bool, []pssutils.PSSCheckResult)
- func FormatChecksPrint(checks []pssutils.PSSCheckResult) string
- func GetPodWithMatchingContainers(exclude kyvernov1.PodSecurityStandard, pod *corev1.Pod) (podSpec, matching *corev1.Pod)
- func GetRestrictedFields(check policy.Check) []pssutils.RestrictedField
- func ParseVersion(level api.Level, version string) (*api.LevelVersion, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ApplyPodSecurityExclusion ¶ added in v1.12.0
func ApplyPodSecurityExclusion( levelVersion *api.LevelVersion, excludes []kyvernov1.PodSecurityStandard, defaultCheckResults []pssutils.PSSCheckResult, pod *corev1.Pod, ) ([]pssutils.PSSCheckResult, error)
ApplyPodSecurityExclusion excludes pod security controls
func EvaluatePod ¶
func EvaluatePod(levelVersion *api.LevelVersion, excludes []kyvernov1.PodSecurityStandard, pod *corev1.Pod) (bool, []pssutils.PSSCheckResult)
EvaluatePod applies PSS checks to the pod and exempts controls specified in the rule
func FormatChecksPrint ¶
func FormatChecksPrint(checks []pssutils.PSSCheckResult) string
func GetPodWithMatchingContainers ¶
func GetPodWithMatchingContainers(exclude kyvernov1.PodSecurityStandard, pod *corev1.Pod) (podSpec, matching *corev1.Pod)
GetPodWithMatchingContainers extracts matching container/pod info by the given exclude rule and returns pod manifests containing spec and container info respectively
func GetRestrictedFields ¶
func GetRestrictedFields(check policy.Check) []pssutils.RestrictedField
Get restrictedFields from Check.ID
func ParseVersion ¶ added in v1.12.0
Types ¶
This section is empty.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.