GO-2024-3230: Kyverno's PolicyException objects can be created in any namespace by default in github.com/kyverno/kyverno

utils

package

v1.12.6-rc.1 Latest Latest Go to latest Published: Sep 16, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kyverno/kyverno

Documentation ¶

Index ¶

func BlockRequest(engineResponses []engineapi.EngineResponse, ...) bool
func ExcludeKyvernoResources(kind string) bool
func GenerateEvents(engineResponses []engineapi.EngineResponse, blocked bool) []event.Info
func GetBlockedMessages(engineResponses []engineapi.EngineResponse) string
func GetErrorMsg(engineReponses []engineapi.EngineResponse) string
func GetWarningMessages(engineResponses []engineapi.EngineResponse) []string
func MatchDeleteOperation(rule kyvernov1.Rule) bool
type PolicyContextBuilder
- func NewPolicyContextBuilder(configuration config.Configuration, jp jmespath.Interface) PolicyContextBuilder

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BlockRequest ¶

func BlockRequest(engineResponses []engineapi.EngineResponse, failurePolicy kyvernov1.FailurePolicyType, log logr.Logger) bool

returns true -> if there is even one policy that blocks resource request returns false -> if all the policies are meant to report only, we dont block resource request

func ExcludeKyvernoResources ¶

func ExcludeKyvernoResources(kind string) bool

func GenerateEvents ¶

func GenerateEvents(engineResponses []engineapi.EngineResponse, blocked bool) []event.Info

GenerateEvents generates event info for the engine responses

func GetBlockedMessages ¶

func GetBlockedMessages(engineResponses []engineapi.EngineResponse) string

GetBlockedMessages gets the error messages for rules with error or fail status

func GetErrorMsg ¶

func GetErrorMsg(engineReponses []engineapi.EngineResponse) string

func GetWarningMessages ¶

func GetWarningMessages(engineResponses []engineapi.EngineResponse) []string

func MatchDeleteOperation ¶ added in v1.11.2

func MatchDeleteOperation(rule kyvernov1.Rule) bool

MatchDeleteOperation checks if the rule specifies the DELETE operation.

Types ¶

type PolicyContextBuilder ¶

type PolicyContextBuilder interface {
	Build(admissionv1.AdmissionRequest, []string, []string, schema.GroupVersionKind) (*engine.PolicyContext, error)
}

func NewPolicyContextBuilder ¶

func NewPolicyContextBuilder(
	configuration config.Configuration,
	jp jmespath.Interface,
) PolicyContextBuilder

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL