policy

package
v1.5.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 20, 2022 License: Apache-2.0 Imports: 65 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ConvertPolicyToClusterPolicy added in v1.3.0 

func ConvertPolicyToClusterPolicy(nsPolicies *kyverno.Policy) *kyverno.ClusterPolicy

ConvertPolicyToClusterPolicy - convert Policy to ClusterPolicy

func GetAllNamespaces added in v1.3.0 

func GetAllNamespaces(nslister listerv1.NamespaceLister, log logr.Logger) []string

GetAllNamespaces gets all namespaces in the cluster

func GetMatchingNamespaces added in v1.3.0 

func GetMatchingNamespaces(wildcards []string, nslister listerv1.NamespaceLister, log logr.Logger) []string

GetMatchingNamespaces ...

func HasWildcard added in v1.3.0 

func HasWildcard(s string) bool

HasWildcard ...

func MergeResources added in v1.3.0 

func MergeResources(a, b map[string]unstructured.Unstructured)

MergeResources merges b into a map

func ParseNamespacedPolicy added in v1.3.6 

func ParseNamespacedPolicy(key string) (string, string, bool)

func Validate added in v1.2.0 

func Validate(policy *kyverno.ClusterPolicy, client *dclient.Client, mock bool, openAPIController *openapi.Controller) error

Validate does some initial check to verify some conditions - One operation per rule - ResourceDescription mandatory checks

func ValidateVariables added in v1.5.2 

func ValidateVariables(p *kyverno.ClusterPolicy, backgroundMode bool) error

Types

type Condition added in v0.9.1 

type Condition int

Condition defines condition type 

const (
	//NotEvaluate to not evaluate condition
	NotEvaluate Condition = 0
	// Process to evaluate condition
	Process Condition = 1
	// Skip to ignore/skip the condition
	Skip Condition = 2
)

type PolicyController 

type PolicyController struct {
	// contains filtered or unexported fields
}

PolicyController is responsible for synchronizing Policy objects stored in the system with the corresponding policy violations

func NewPolicyController 

func NewPolicyController(
	kubeClient kubernetes.Interface,
	kyvernoClient *kyvernoclient.Clientset,
	client *client.Client,
	pInformer kyvernoinformer.ClusterPolicyInformer,
	npInformer kyvernoinformer.PolicyInformer,
	grInformer kyvernoinformer.GenerateRequestInformer,
	configHandler config.Interface,
	eventGen event.Interface,
	prGenerator policyreport.GeneratorInterface,
	policyReportEraser policyreport.PolicyReportEraser,
	namespaces informers.NamespaceInformer,
	log logr.Logger,
	resCache resourcecache.ResourceCache,
	reconcilePeriod time.Duration,
	promConfig *metrics.PromConfig) (*PolicyController, error)

NewPolicyController create a new PolicyController

func (*PolicyController) Run 

func (pc *PolicyController) Run(workers int, reconcileCh <-chan bool, stopCh <-chan struct{})

Run begins watching and syncing.

type ResourceManager 

type ResourceManager struct {
	// contains filtered or unexported fields
}

ResourceManager stores the details on already processed resources for caching

func NewResourceManager 

func NewResourceManager(rebuildTime int64) *ResourceManager

NewResourceManager returns a new ResourceManager

func (*ResourceManager) Drop 

func (rm *ResourceManager) Drop()

Drop drop the cache after every rebuild interval mins

func (*ResourceManager) GetScope added in v1.3.0 

func (rm *ResourceManager) GetScope(kind string) (bool, error)

GetScope gets the scope of the given kind return error if kind is not registered

func (*ResourceManager) ProcessResource 

func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool

ProcessResource returns true if the policy was not applied on the resource

func (*ResourceManager) RegisterResource 

func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)

RegisterResource stores if the policy is processed on this resource version

func (*ResourceManager) RegisterScope added in v1.3.0 

func (rm *ResourceManager) RegisterScope(kind string, namespaced bool)

RegisterScope stores the scope of the given kind

type Validation added in v1.2.0 

type Validation interface {
	Validate() (string, error)
}

Validation provides methods to validate a rule

Source Files

View all Source files

Directories

Path Synopsis
fake

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.