engine

package
v1.3.0-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 18, 2020 License: Apache-2.0 Imports: 26 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	// PodControllerCronJob represent CronJob string
	PodControllerCronJob = "CronJob"
	//PodControllers stores the list of Pod-controllers in csv string
	PodControllers = "DaemonSet,Deployment,Job,StatefulSet,CronJob"
	//PodControllersAnnotation defines the annotation key for Pod-Controllers
	PodControllersAnnotation = "pod-policies.kyverno.io/autogen-controllers"
)

Variables

This section is empty.

Functions

func AddResourceToContext added in v1.2.0 

func AddResourceToContext(logger logr.Logger, contextEntries []kyverno.ContextEntry, resCache resourcecache.ResourceCacheIface, ctx *context.Context) error

AddResourceToContext - Add the Configmap JSON to Context. it will read configmaps (can be extended to get other type of resource like secrets, namespace etc) from the informer cache and add the configmap data to context

func ForceMutate added in v1.2.0 

func ForceMutate(ctx context.EvalInterface, policy kyverno.ClusterPolicy, resource unstructured.Unstructured) (unstructured.Unstructured, error)

ForceMutate does not check any conditions, it simply mutates the given resource

func Generate 

func Generate(policyContext PolicyContext) (resp response.EngineResponse)

Generate checks for validity of generate rule on the resource 1. validate variables to be susbtitute in the general ruleInfo (match,exclude,condition)

  • the caller has to check the ruleResponse to determine whether the path exist

2. returns the list of rules that are applicable on this policy and resource, if 1 succeed

func MatchesResourceDescription added in v0.8.0 

func MatchesResourceDescription(resourceRef unstructured.Unstructured, ruleRef kyverno.Rule, admissionInfoRef kyverno.RequestInfo, dynamicConfig []string) error

MatchesResourceDescription checks if the resource matches resource description of the rule or not

func Mutate 

func Mutate(policyContext PolicyContext) (resp response.EngineResponse)

Mutate performs mutation. Overlay first and then mutation patches

func SkipPolicyApplication added in v1.2.0 

func SkipPolicyApplication(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) bool

SkipPolicyApplication returns true: - if the policy has auto-gen annotation && resource == Pod - if the auto-gen contains cronJob && resource == Job

func Validate 

func Validate(policyContext PolicyContext) (resp response.EngineResponse)

Validate applies validation rules from policy on the resource

Types

type EngineStats added in v0.8.0 

type EngineStats struct {
	// average time required to process the policy rules on a resource
	ExecutionTime time.Duration
	// Count of rules that were applied successfully
	RulesAppliedCount int
}

EngineStats stores in the statistics for a single application of resource

type PolicyContext added in v1.0.0 

type PolicyContext struct {
	// policy to be processed
	Policy kyverno.ClusterPolicy
	// resource to be processed
	NewResource unstructured.Unstructured
	// old Resource - Update operations
	OldResource   unstructured.Unstructured
	AdmissionInfo kyverno.RequestInfo
	// Dynamic client - used by generate
	Client *client.Client
	// Contexts to store resources
	Context context.EvalInterface
	// Config handler
	ExcludeGroupRole []string

	// ResourceCache provides listers to resources
	// Currently Supports Configmap
	ResourceCache resourcecache.ResourceCacheIface
	// JSONContext ...
	JSONContext *context.Context
}

PolicyContext contains the contexts for engine to process

Source Files

View all Source files

Directories

Path Synopsis
common
operator

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.