Affected by 
Documentation
¶
Index ¶
- Constants
- Variables
- func CleanupPolicyReport(client kyvernoclient.Interface) error
- func GeneratePolicyReportName(ns, policyName string) string
- func TrimmedName(s string) string
- type Builder
- type CleanupReportChangeRequests
- type EngineResponseResult
- type EraseResultEntries
- type Generator
- type GeneratorInterface
- type Info
- type PolicyReportEraser
- type ReconcileInfo
- type ReportGenerator
Constants ¶
View Source
const ( // the following labels are used to list rcr / crcr ResourceLabelNamespace string = "kyverno.io/resource.namespace" // SourceValue is the static value for PolicyReportResult.Source SourceValue = "Kyverno" )
View Source
const ( LabelSelectorKey = "managed-by" LabelSelectorValue = "kyverno" )
View Source
const ScoredLabel string = "policies.kyverno.io/scored"
Variables ¶
View Source
var LabelSelector = &metav1.LabelSelector{ MatchLabels: map[string]string{ LabelSelectorKey: LabelSelectorValue, }, }
Functions ¶
func CleanupPolicyReport ¶ added in v1.7.2
func CleanupPolicyReport(client kyvernoclient.Interface) error
func GeneratePolicyReportName ¶ added in v1.6.0
func TrimmedName ¶ added in v1.7.2
Types ¶
type Builder ¶
type Builder interface {
// contains filtered or unexported methods
}
Builder builds report change request struct this is base type of namespaced and cluster policy report
func NewBuilder ¶
func NewBuilder(cpolLister kyvernolister.ClusterPolicyLister, polLister kyvernolister.PolicyLister) Builder
NewBuilder ...
type CleanupReportChangeRequests ¶ added in v1.4.2
type CleanupReportChangeRequests = func(pclient kyvernoclient.Interface, rcrLister kyvernov1alpha2listers.ReportChangeRequestLister, crcrLister kyvernov1alpha2listers.ClusterReportChangeRequestLister, labels map[string]string) error
type EngineResponseResult ¶
type EngineResponseResult struct {
Resource response.ResourceSpec
Rules []kyverno.ViolatedRule
}
type EraseResultEntries ¶ added in v1.7.2
type EraseResultEntries = func(pclient kyvernoclient.Interface, reportLister policyreportv1alpha2listers.PolicyReportLister, clusterReportLister policyreportv1alpha2listers.ClusterPolicyReportLister, ns *string) error
type Generator ¶
type Generator struct {
// CleanupChangeRequest signals the policy report controller to cleanup change requests
CleanupChangeRequest chan ReconcileInfo
// contains filtered or unexported fields
}
Generator creates report request
func NewReportChangeRequestGenerator ¶
func NewReportChangeRequestGenerator(client policyreportclient.Interface, dclient dclient.Interface, reportReqInformer kyvernov1alpha2informers.ReportChangeRequestInformer, clusterReportReqInformer kyvernov1alpha2informers.ClusterReportChangeRequestInformer, cpolInformer kyvernov1informers.ClusterPolicyInformer, polInformer kyvernov1informers.PolicyInformer, changeRequestLimit int, log logr.Logger, ) *Generator
NewReportChangeRequestGenerator returns a new instance of report request generator
func (Generator) MapperInactive ¶ added in v1.7.2
MapperInactive sets the change request mapper for the given namespace to -1 which indicates the report is inactive
func (Generator) MapperInvalidate ¶ added in v1.7.2
func (gen Generator) MapperInvalidate()
MapperInvalidate reset map entries
func (Generator) MapperReset ¶ added in v1.7.2
MapperReset resets the change request mapper for the given namespace
type GeneratorInterface ¶
type GeneratorInterface interface {
Add(infos ...Info)
MapperReset(string)
MapperInactive(string)
MapperInvalidate()
}
GeneratorInterface provides API to create PVs
type Info ¶
type Info struct {
PolicyName string
Namespace string
Results []EngineResponseResult
}
Info stores the policy application results for all matched resources Namespace is set to empty "" if resource is cluster wide resource
func GeneratePRsFromEngineResponse ¶
func GeneratePRsFromEngineResponse(ers []*response.EngineResponse, log logr.Logger) (pvInfos []Info)
GeneratePRsFromEngineResponse generate Violations from engine responses
func (Info) GetRuleLength ¶
type PolicyReportEraser ¶ added in v1.3.5
type PolicyReportEraser interface {
CleanupReportChangeRequests(cleanup CleanupReportChangeRequests, labels map[string]string) error
EraseResultEntries(erase EraseResultEntries, ns *string) error
}
type ReconcileInfo ¶ added in v1.7.2
type ReportGenerator ¶
type ReportGenerator struct {
// ReconcileCh sends a signal to policy controller to force the reconciliation of policy report
// if send true, the reports' results will be erased, this is used to recover from the invalid records
ReconcileCh chan bool
// contains filtered or unexported fields
}
ReportGenerator creates policy report
func NewReportGenerator ¶
func NewReportGenerator( pclient kyvernoclient.Interface, dclient dclient.Interface, clusterReportInformer policyreportv1alpha2informers.ClusterPolicyReportInformer, reportInformer policyreportv1alpha2informers.PolicyReportInformer, reportReqInformer kyvernov1alpha2informers.ReportChangeRequestInformer, clusterReportReqInformer kyvernov1alpha2informers.ClusterReportChangeRequestInformer, namespace corev1informers.NamespaceInformer, cleanupChangeRequest chan<- ReconcileInfo, log logr.Logger, ) (*ReportGenerator, error)
NewReportGenerator returns a new instance of policy report generator
func (*ReportGenerator) CleanupReportChangeRequests ¶ added in v1.4.2
func (g *ReportGenerator) CleanupReportChangeRequests(cleanup CleanupReportChangeRequests, labels map[string]string) error
func (*ReportGenerator) EraseResultEntries ¶ added in v1.7.2
func (g *ReportGenerator) EraseResultEntries(erase EraseResultEntries, ns *string) error
func (*ReportGenerator) Run ¶
func (g *ReportGenerator) Run(workers int, stopCh <-chan struct{})
Run starts the workers
Source Files
Click to show internal directories.
Click to hide internal directories.