validatingadmissionpolicy

package
v1.13.0-rc.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 22, 2024 License: Apache-2.0 Imports: 37 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuildValidatingAdmissionPolicy added in v1.12.0

func BuildValidatingAdmissionPolicy(
	discoveryClient dclient.IDiscovery,
	vap *admissionregistrationv1beta1.ValidatingAdmissionPolicy,
	cpol kyvernov1.PolicyInterface,
	exceptions []kyvernov2.PolicyException,
) error

BuildValidatingAdmissionPolicy is used to build a Kubernetes ValidatingAdmissionPolicy from a Kyverno policy

func BuildValidatingAdmissionPolicyBinding added in v1.12.0

func BuildValidatingAdmissionPolicyBinding(
	vapbinding *admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding,
	cpol kyvernov1.PolicyInterface,
) error

BuildValidatingAdmissionPolicyBinding is used to build a Kubernetes ValidatingAdmissionPolicyBinding from a Kyverno policy

func CanGenerateVAP added in v1.12.0

func CanGenerateVAP(spec *kyvernov1.Spec, exceptions []kyvernov2.PolicyException) (bool, string)

CanGenerateVAP check if Kyverno policy and a PolicyException can be translated to a Kubernetes ValidatingAdmissionPolicy

func ConvertMatchConditionsV1 added in v1.12.0

func ConvertMatchConditionsV1(v1beta1conditions []admissionregistrationv1beta1.MatchCondition) []admissionregistrationv1.MatchCondition

func ConvertValidatingAdmissionPolicy added in v1.12.0

ConvertValidatingAdmissionPolicy is used to convert v1beta1 of ValidatingAdmissionPolicy to v1

func ConvertValidatingAdmissionPolicyBinding added in v1.12.0

ConvertValidatingAdmissionPolicyBinding is used to convert v1beta1 of ValidatingAdmissionPolicyBinding to v1.

func HasValidatingAdmissionPolicyBindingPermission added in v1.12.0

func HasValidatingAdmissionPolicyBindingPermission(s checker.AuthChecker) bool

HasValidatingAdmissionPolicyBindingPermission check if the admission controller has the required permissions to generate Kubernetes ValidatingAdmissionPolicyBinding

func HasValidatingAdmissionPolicyPermission added in v1.12.0

func HasValidatingAdmissionPolicyPermission(s checker.AuthChecker) bool

HasValidatingAdmissionPolicyPermission check if the admission controller has the required permissions to generate Kubernetes ValidatingAdmissionPolicy

func IsValidatingAdmissionPolicyRegistered added in v1.12.5

func IsValidatingAdmissionPolicyRegistered(kubeClient kubernetes.Interface) (bool, error)

IsValidatingAdmissionPolicyRegistered checks if ValidatingAdmissionPolicies are registered in the API Server

func NewCustomNamespaceLister added in v1.12.0

func NewCustomNamespaceLister(dClient dclient.Interface) corev1listers.NamespaceLister

func Validate

func Validate(
	policyData PolicyData,
	resource unstructured.Unstructured,
	namespaceSelectorMap map[string]map[string]string,
	client dclient.Interface,
) (engineapi.EngineResponse, error)

Types

type CustomNamespaceLister added in v1.12.0

type CustomNamespaceLister struct {
	// contains filtered or unexported fields
}

func (*CustomNamespaceLister) Get added in v1.12.0

func (*CustomNamespaceLister) List added in v1.12.0

func (c *CustomNamespaceLister) List(selector labels.Selector) (ret []*corev1.Namespace, err error)

type PolicyData added in v1.12.0

type PolicyData struct {
	// contains filtered or unexported fields
}

Everything someone might need to validate a single ValidatingPolicyDefinition against all of its registered bindings.

func NewPolicyData added in v1.12.0

func (*PolicyData) AddBinding added in v1.12.0

func (*PolicyData) GetBindings added in v1.12.0

func (*PolicyData) GetDefinition added in v1.12.0

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL