Affected by GO-2023-1804 and 3 other vulnerabilities

GO-2023-1804: Kyverno vulnerable due to usage of insecure cipher in github.com/kyverno/kyverno

GO-2023-1819: Kyverno resource with a deletionTimestamp may allow policy circumvention in github.com/kyverno/kyverno

GO-2023-2340: Attacker can cause Kyverno user to unintentionally consume insecure image in github.com/kyverno/kyverno

GO-2024-3230: Kyverno's PolicyException objects can be created in any namespace by default in github.com/kyverno/kyverno

utils

package

v1.8.0-rc1 Latest Latest Go to latest Published: Sep 8, 2022 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kyverno/kyverno

Documentation ¶

Index ¶

func BlockRequest(engineResponses []*response.EngineResponse, ...) bool
func ExcludeKyvernoResources(kind string) bool
func GetBlockedMessages(engineResponses []*response.EngineResponse) string
func GetWarningMessages(engineResponses []*response.EngineResponse) []string
type PolicyContextBuilder
- func NewPolicyContextBuilder(configuration config.Configuration, client dclient.Interface, ...) PolicyContextBuilder
type UpdateRequestUpdater
- func NewUpdateRequestUpdater(client versioned.Interface, ...) UpdateRequestUpdater

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BlockRequest ¶

func BlockRequest(engineResponses []*response.EngineResponse, failurePolicy kyvernov1.FailurePolicyType, log logr.Logger) bool

returns true -> if there is even one policy that blocks resource request returns false -> if all the policies are meant to report only, we dont block resource request

func ExcludeKyvernoResources ¶

func ExcludeKyvernoResources(kind string) bool

func GetBlockedMessages ¶

func GetBlockedMessages(engineResponses []*response.EngineResponse) string

GetBlockedMessages gets the error messages for rules with error or fail status

func GetWarningMessages ¶

func GetWarningMessages(engineResponses []*response.EngineResponse) []string

Types ¶

type PolicyContextBuilder ¶

type PolicyContextBuilder interface {
	Build(*admissionv1.AdmissionRequest, ...kyvernov1.PolicyInterface) (*engine.PolicyContext, error)
}

func NewPolicyContextBuilder ¶

func NewPolicyContextBuilder(
	configuration config.Configuration,
	client dclient.Interface,
	rbLister rbacv1listers.RoleBindingLister,
	crbLister rbacv1listers.ClusterRoleBindingLister,
) PolicyContextBuilder

type UpdateRequestUpdater ¶

type UpdateRequestUpdater interface {
	// UpdateAnnotation updates UR annotation, triggering reprocessing of UR and recreation/updation of generated resource
	UpdateAnnotation(logger logr.Logger, name string)
}

func NewUpdateRequestUpdater ¶

func NewUpdateRequestUpdater(client versioned.Interface, lister kyvernov1beta1listers.UpdateRequestNamespaceLister) UpdateRequestUpdater

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL