Documentation ¶
Index ¶
- func BlockRequest(engineResponses []*response.EngineResponse, ...) bool
- func ExcludeKyvernoResources(kind string) bool
- func GenerateEvents(engineResponses []*response.EngineResponse, blocked bool) []event.Info
- func GetBlockedMessages(engineResponses []*response.EngineResponse) string
- func GetErrorMsg(engineReponses []*response.EngineResponse) string
- func GetWarningMessages(engineResponses []*response.EngineResponse) []string
- func RegisterAdmissionRequestsMetricGenerate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, ...)
- func RegisterAdmissionRequestsMetricMutate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, ...)
- func RegisterAdmissionRequestsMetricValidate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, ...)
- func RegisterAdmissionReviewDurationMetricGenerate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, ...)
- func RegisterAdmissionReviewDurationMetricMutate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, ...)
- func RegisterAdmissionReviewDurationMetricValidate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, ...)
- func RegisterPolicyExecutionDurationMetricGenerate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, ...)
- func RegisterPolicyExecutionDurationMetricMutate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, ...)
- func RegisterPolicyExecutionDurationMetricValidate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, ...)
- func RegisterPolicyResultsMetricGeneration(logger logr.Logger, metricsConfig *metrics.MetricsConfig, ...)
- func RegisterPolicyResultsMetricMutation(logger logr.Logger, metricsConfig *metrics.MetricsConfig, ...)
- func RegisterPolicyResultsMetricValidation(logger logr.Logger, metricsConfig *metrics.MetricsConfig, ...)
- type PolicyContextBuilder
- type UpdateRequestUpdater
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BlockRequest ¶
func BlockRequest(engineResponses []*response.EngineResponse, failurePolicy kyvernov1.FailurePolicyType, log logr.Logger) bool
returns true -> if there is even one policy that blocks resource request returns false -> if all the policies are meant to report only, we dont block resource request
func ExcludeKyvernoResources ¶
func GenerateEvents ¶
func GenerateEvents(engineResponses []*response.EngineResponse, blocked bool) []event.Info
GenerateEvents generates event info for the engine responses
func GetBlockedMessages ¶
func GetBlockedMessages(engineResponses []*response.EngineResponse) string
GetBlockedMessages gets the error messages for rules with error or fail status
func GetErrorMsg ¶
func GetErrorMsg(engineReponses []*response.EngineResponse) string
func GetWarningMessages ¶
func GetWarningMessages(engineResponses []*response.EngineResponse) []string
func RegisterAdmissionRequestsMetricGenerate ¶
func RegisterAdmissionRequestsMetricGenerate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, engineResponsesReceiver *chan []*response.EngineResponse)
func RegisterAdmissionRequestsMetricMutate ¶
func RegisterAdmissionRequestsMetricMutate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, engineResponses []*response.EngineResponse)
func RegisterAdmissionRequestsMetricValidate ¶
func RegisterAdmissionRequestsMetricValidate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, engineResponses []*response.EngineResponse)
func RegisterAdmissionReviewDurationMetricGenerate ¶
func RegisterAdmissionReviewDurationMetricGenerate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, latencyReceiver *chan int64, engineResponsesReceiver *chan []*response.EngineResponse)
func RegisterAdmissionReviewDurationMetricMutate ¶
func RegisterAdmissionReviewDurationMetricMutate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, engineResponses []*response.EngineResponse, admissionReviewLatencyDuration int64)
func RegisterAdmissionReviewDurationMetricValidate ¶
func RegisterAdmissionReviewDurationMetricValidate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, engineResponses []*response.EngineResponse, admissionReviewLatencyDuration int64)
func RegisterPolicyExecutionDurationMetricGenerate ¶
func RegisterPolicyExecutionDurationMetricGenerate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse)
func RegisterPolicyExecutionDurationMetricMutate ¶
func RegisterPolicyExecutionDurationMetricMutate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse)
func RegisterPolicyExecutionDurationMetricValidate ¶
func RegisterPolicyExecutionDurationMetricValidate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse)
func RegisterPolicyResultsMetricGeneration ¶
func RegisterPolicyResultsMetricGeneration(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse)
func RegisterPolicyResultsMetricMutation ¶
func RegisterPolicyResultsMetricMutation(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse)
func RegisterPolicyResultsMetricValidation ¶
func RegisterPolicyResultsMetricValidation(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse)
Types ¶
type PolicyContextBuilder ¶
type PolicyContextBuilder interface {
Build(*admissionv1.AdmissionRequest, ...kyvernov1.PolicyInterface) (*engine.PolicyContext, error)
}
func NewPolicyContextBuilder ¶
func NewPolicyContextBuilder( configuration config.Configuration, client dclient.Interface, rbLister rbacv1listers.RoleBindingLister, crbLister rbacv1listers.ClusterRoleBindingLister, ) PolicyContextBuilder
type UpdateRequestUpdater ¶
type UpdateRequestUpdater interface { // UpdateAnnotation updates UR annotation, triggering reprocessing of UR and recreation/updation of generated resource UpdateAnnotation(logger logr.Logger, name string) }
func NewUpdateRequestUpdater ¶
func NewUpdateRequestUpdater(client versioned.Interface, lister kyvernov1beta1listers.UpdateRequestNamespaceLister) UpdateRequestUpdater
Click to show internal directories.
Click to hide internal directories.