engine

package
v1.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 9, 2021 License: Apache-2.0 Imports: 30 Imported by: 2

Documentation

Index

Constants

View Source
const (
	// PodControllerCronJob represent CronJob string
	PodControllerCronJob = "CronJob"
	//PodControllers stores the list of Pod-controllers in csv string
	PodControllers = "DaemonSet,Deployment,Job,StatefulSet,CronJob"
	//PodControllersAnnotation defines the annotation key for Pod-Controllers
	PodControllersAnnotation = "pod-policies.kyverno.io/autogen-controllers"
)

Variables

This section is empty.

Functions

func ForceMutate added in v1.2.0

ForceMutate does not check any conditions, it simply mutates the given resource

func Generate

func Generate(policyContext *PolicyContext) (resp *response.EngineResponse)

Generate checks for validity of generate rule on the resource 1. validate variables to be substitute in the general ruleInfo (match,exclude,condition)

  • the caller has to check the ruleResponse to determine whether the path exist

2. returns the list of rules that are applicable on this policy and resource, if 1 succeed

func LoadContext added in v1.3.2

func LoadContext(logger logr.Logger, contextEntries []kyverno.ContextEntry, resCache resourcecache.ResourceCache, ctx *PolicyContext) error

LoadContext - Fetches and adds external data to the Context.

func ManagedPodResource added in v1.3.0

func ManagedPodResource(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) bool

ManagedPodResource returns true: - if the policy has auto-gen annotation && resource == Pod - if the auto-gen contains cronJob && resource == Job

func MatchesResourceDescription added in v0.8.0

func MatchesResourceDescription(resourceRef unstructured.Unstructured, ruleRef kyverno.Rule, admissionInfoRef kyverno.RequestInfo, dynamicConfig []string, namespaceLabels map[string]string) error

MatchesResourceDescription checks if the resource matches resource description of the rule or not

func Mutate

func Mutate(policyContext *PolicyContext) (resp *response.EngineResponse)

Mutate performs mutation. Overlay first and then mutation patches

func Validate

func Validate(policyContext *PolicyContext) (resp *response.EngineResponse)

Validate applies validation rules from policy on the resource

Types

type APIPath added in v1.3.2

type APIPath struct {
	Root         string
	Group        string
	Version      string
	ResourceType string
	Name         string
	Namespace    string
}

func NewAPIPath added in v1.3.2

func NewAPIPath(path string) (*APIPath, error)

NewAPIPath validates and parses an API path. See: https://kubernetes.io/docs/reference/using-api/api-concepts/

func (*APIPath) String added in v1.3.2

func (a *APIPath) String() string

type EngineStats added in v0.8.0

type EngineStats struct {
	// average time required to process the policy rules on a resource
	ExecutionTime time.Duration
	// Count of rules that were applied successfully
	RulesAppliedCount int
}

EngineStats stores in the statistics for a single application of resource

type PolicyContext added in v1.0.0

type PolicyContext struct {

	// Policy is the policy to be processed
	Policy kyverno.ClusterPolicy

	// NewResource is the resource to be processed
	NewResource unstructured.Unstructured

	// OldResource is the prior resource for an update, or nil
	OldResource unstructured.Unstructured

	// AdmissionInfo contains the admission request information
	AdmissionInfo kyverno.RequestInfo

	// Dynamic client - used by generate
	Client *client.Client

	// Config handler
	ExcludeGroupRole []string

	ExcludeResourceFunc func(kind, namespace, name string) bool

	// ResourceCache provides listers to resources. Currently Supports Configmap
	ResourceCache resourcecache.ResourceCache

	// JSONContext is the variable context
	JSONContext *context.Context

	// NamespaceLabels stores the label of namespace to be processed by namespace selector
	NamespaceLabels map[string]string
}

PolicyContext contains the contexts for engine to process

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL