Documentation ¶
Index ¶
- func BuildValidatingAdmissionPolicy(discoveryClient dclient.IDiscovery, ...) error
- func BuildValidatingAdmissionPolicyBinding(vapbinding *admissionregistrationv1alpha1.ValidatingAdmissionPolicyBinding, ...) error
- func CanGenerateVAP(spec *kyvernov1.Spec) (bool, string)
- func ConvertMatchConditionsV1(v1alpha1conditions []v1alpha1.MatchCondition) []admissionregistrationv1.MatchCondition
- func ConvertValidatingAdmissionPolicy(v1alpha1policy v1alpha1.ValidatingAdmissionPolicy) v1beta1.ValidatingAdmissionPolicy
- func ConvertValidatingAdmissionPolicyBinding(v1alpha1binding v1alpha1.ValidatingAdmissionPolicyBinding) v1beta1.ValidatingAdmissionPolicyBinding
- func GetKinds(policy v1alpha1.ValidatingAdmissionPolicy) []string
- func HasValidatingAdmissionPolicyBindingPermission(s checker.AuthChecker) bool
- func HasValidatingAdmissionPolicyPermission(s checker.AuthChecker) bool
- func IsValidatingAdmissionPolicyRegistered(kubeClient kubernetes.Interface) (bool, error)
- func NewCustomNamespaceLister(dClient dclient.Interface) corev1listers.NamespaceLister
- func Validate(policyData PolicyData, resource unstructured.Unstructured, ...) (engineapi.EngineResponse, error)
- type CustomNamespaceLister
- type PolicyData
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildValidatingAdmissionPolicy ¶ added in v1.12.0
func BuildValidatingAdmissionPolicy(discoveryClient dclient.IDiscovery, vap *admissionregistrationv1alpha1.ValidatingAdmissionPolicy, cpol kyvernov1.PolicyInterface) error
BuildValidatingAdmissionPolicy is used to build a Kubernetes ValidatingAdmissionPolicy from a Kyverno policy
func BuildValidatingAdmissionPolicyBinding ¶ added in v1.12.0
func BuildValidatingAdmissionPolicyBinding(vapbinding *admissionregistrationv1alpha1.ValidatingAdmissionPolicyBinding, cpol kyvernov1.PolicyInterface) error
BuildValidatingAdmissionPolicyBinding is used to build a Kubernetes ValidatingAdmissionPolicyBinding from a Kyverno policy
func CanGenerateVAP ¶ added in v1.12.0
CanGenerateVAP check if Kyverno policy can be translated to a Kubernetes ValidatingAdmissionPolicy
func ConvertMatchConditionsV1 ¶ added in v1.12.0
func ConvertMatchConditionsV1(v1alpha1conditions []v1alpha1.MatchCondition) []admissionregistrationv1.MatchCondition
func ConvertValidatingAdmissionPolicy ¶ added in v1.12.0
func ConvertValidatingAdmissionPolicy(v1alpha1policy v1alpha1.ValidatingAdmissionPolicy) v1beta1.ValidatingAdmissionPolicy
ConvertValidatingAdmissionPolicy is used to convert v1alpha1 of ValidatingAdmissionPolicy to v1beta1
func ConvertValidatingAdmissionPolicyBinding ¶ added in v1.12.0
func ConvertValidatingAdmissionPolicyBinding(v1alpha1binding v1alpha1.ValidatingAdmissionPolicyBinding) v1beta1.ValidatingAdmissionPolicyBinding
ConvertValidatingAdmissionPolicyBinding is used to convert v1alpha1 of ValidatingAdmissionPolicyBinding to v1beta1
func GetKinds ¶
func GetKinds(policy v1alpha1.ValidatingAdmissionPolicy) []string
func HasValidatingAdmissionPolicyBindingPermission ¶ added in v1.12.0
func HasValidatingAdmissionPolicyBindingPermission(s checker.AuthChecker) bool
HasValidatingAdmissionPolicyBindingPermission check if the admission controller has the required permissions to generate Kubernetes ValidatingAdmissionPolicyBinding
func HasValidatingAdmissionPolicyPermission ¶ added in v1.12.0
func HasValidatingAdmissionPolicyPermission(s checker.AuthChecker) bool
HasValidatingAdmissionPolicyPermission check if the admission controller has the required permissions to generate Kubernetes ValidatingAdmissionPolicy
func IsValidatingAdmissionPolicyRegistered ¶ added in v1.12.5
func IsValidatingAdmissionPolicyRegistered(kubeClient kubernetes.Interface) (bool, error)
IsValidatingAdmissionPolicyRegistered checks if ValidatingAdmissionPolicies are registered in the API Server
func NewCustomNamespaceLister ¶ added in v1.12.0
func NewCustomNamespaceLister(dClient dclient.Interface) corev1listers.NamespaceLister
func Validate ¶
func Validate( policyData PolicyData, resource unstructured.Unstructured, namespaceSelectorMap map[string]map[string]string, client dclient.Interface, ) (engineapi.EngineResponse, error)
Types ¶
type CustomNamespaceLister ¶ added in v1.12.0
type CustomNamespaceLister struct {
// contains filtered or unexported fields
}
type PolicyData ¶ added in v1.12.0
type PolicyData struct {
// contains filtered or unexported fields
}
Everything someone might need to validate a single ValidatingPolicyDefinition against all of its registered bindings.
func NewPolicyData ¶ added in v1.12.0
func NewPolicyData(policy v1alpha1.ValidatingAdmissionPolicy) PolicyData
func (*PolicyData) AddBinding ¶ added in v1.12.0
func (p *PolicyData) AddBinding(binding v1alpha1.ValidatingAdmissionPolicyBinding)
func (*PolicyData) GetBindings ¶ added in v1.12.0
func (p *PolicyData) GetBindings() []v1alpha1.ValidatingAdmissionPolicyBinding
func (*PolicyData) GetDefinition ¶ added in v1.12.0
func (p *PolicyData) GetDefinition() v1alpha1.ValidatingAdmissionPolicy