Affected by GO-2023-1804 and 3 other vulnerabilities

GO-2023-1804: Kyverno vulnerable due to usage of insecure cipher in github.com/kyverno/kyverno

GO-2023-1819: Kyverno resource with a deletionTimestamp may allow policy circumvention in github.com/kyverno/kyverno

GO-2023-2340: Attacker can cause Kyverno user to unintentionally consume insecure image in github.com/kyverno/kyverno

GO-2024-3230: Kyverno's PolicyException objects can be created in any namespace by default in github.com/kyverno/kyverno

metrics

package

v1.8.5-rc.1 Latest Latest Go to latest Published: Dec 19, 2022 License: Apache-2.0 Imports: 33 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kyverno/kyverno

Documentation ¶

Index ¶

func GetPolicyInfos(policy kyvernov1.PolicyInterface) (string, string, PolicyType, PolicyBackgroundMode, PolicyValidationMode, error)
func ListClient[T any](recorder Recorder, inner controllerutils.ListClient[T]) controllerutils.ListClient[T]
func Logger() logr.Logger
func NewOTLPGRPCConfig(endpoint string, certs string, kubeClient kubernetes.Interface, ...) (*controller.Controller, error)
func NewPrometheusConfig(log logr.Logger) (*http.ServeMux, error)
func ObjectClient[T metav1.Object](recorder Recorder, inner controllerutils.ObjectClient[T]) controllerutils.ObjectClient[T]
func ShutDownController(ctx context.Context, pusher *controller.Controller)
func StatusClient[T metav1.Object](recorder Recorder, inner controllerutils.StatusClient[T]) controllerutils.StatusClient[T]
type ClientQueryOperation
type ClientType
type MetricsConfig
- func InitMetrics(disableMetricsExport bool, otel string, metricsAddr string, ...) (*MetricsConfig, *http.ServeMux, *controller.Controller, error)
- func NewFakeMetricsConfig(client kubernetes.Interface) *MetricsConfig
- func (m *MetricsConfig) RecordAdmissionRequests(resourceKind string, resourceNamespace string, ...)
- func (m *MetricsConfig) RecordAdmissionReviewDuration(resourceKind string, resourceNamespace string, resourceRequestOperation string, ...)
- func (m *MetricsConfig) RecordClientQueries(clientQueryOperation ClientQueryOperation, clientType ClientType, ...)
- func (m *MetricsConfig) RecordPolicyChanges(policyValidationMode PolicyValidationMode, policyType PolicyType, ...)
- func (m *MetricsConfig) RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, ...)
- func (m *MetricsConfig) RecordPolicyResults(policyValidationMode PolicyValidationMode, policyType PolicyType, ...)
- func (m *MetricsConfig) RecordPolicyRuleInfo(policyValidationMode PolicyValidationMode, policyType PolicyType, ...)
type MetricsConfigManager
type PolicyBackgroundMode
- func ParsePolicyBackgroundMode(policy kyvernov1.PolicyInterface) PolicyBackgroundMode
type PolicyType
type PolicyValidationMode
- func ParsePolicyValidationMode(validationFailureAction kyvernov1.ValidationFailureAction) (PolicyValidationMode, error)
type Recorder
- func ClusteredClientQueryRecorder(m MetricsConfigManager, kind string, client ClientType) Recorder
- func NamespacedClientQueryRecorder(m MetricsConfigManager, ns, kind string, client ClientType) Recorder
type ResourceRequestOperation
- func ParseResourceRequestOperation(requestOperationStr string) (ResourceRequestOperation, error)
type RuleExecutionCause
type RuleResult
type RuleType
- func ParseRuleType(rule kyvernov1.Rule) RuleType
- func ParseRuleTypeFromEngineRuleResponse(rule response.RuleResponse) RuleType

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetPolicyInfos ¶ added in v1.7.0

func GetPolicyInfos(policy kyvernov1.PolicyInterface) (string, string, PolicyType, PolicyBackgroundMode, PolicyValidationMode, error)

func ListClient ¶ added in v1.8.1

func ListClient[T any](recorder Recorder, inner controllerutils.ListClient[T]) controllerutils.ListClient[T]

func Logger ¶ added in v1.7.0

func Logger() logr.Logger

func NewOTLPGRPCConfig ¶ added in v1.8.0

func NewOTLPGRPCConfig(
	endpoint string,
	certs string,
	kubeClient kubernetes.Interface,
	log logr.Logger,
) (*controller.Controller, error)

func NewPrometheusConfig ¶ added in v1.8.0

func NewPrometheusConfig(
	log logr.Logger,
) (*http.ServeMux, error)

func ObjectClient ¶ added in v1.8.1

func ObjectClient[T metav1.Object](recorder Recorder, inner controllerutils.ObjectClient[T],
) controllerutils.ObjectClient[T]

func ShutDownController ¶ added in v1.8.0

func ShutDownController(ctx context.Context, pusher *controller.Controller)

func StatusClient ¶ added in v1.8.1

func StatusClient[T metav1.Object](recorder Recorder, inner controllerutils.StatusClient[T]) controllerutils.StatusClient[T]

Types ¶

type ClientQueryOperation ¶ added in v1.8.0

type ClientQueryOperation string

const (
	ClientCreate           ClientQueryOperation = "create"
	ClientGet              ClientQueryOperation = "get"
	ClientList             ClientQueryOperation = "list"
	ClientUpdate           ClientQueryOperation = "update"
	ClientUpdateStatus     ClientQueryOperation = "update_status"
	ClientDelete           ClientQueryOperation = "delete"
	ClientDeleteCollection ClientQueryOperation = "delete_collection"
	ClientWatch            ClientQueryOperation = "watch"
	ClientPatch            ClientQueryOperation = "patch"
)

type ClientType ¶ added in v1.8.0

type ClientType string

const (
	KubeDynamicClient  ClientType = "dynamic"
	KubeClient         ClientType = "kubeclient"
	KyvernoClient      ClientType = "kyverno"
	PolicyReportClient ClientType = "policyreport"
)

type MetricsConfig ¶ added in v1.8.0

type MetricsConfig struct {

	// config
	Config *kconfig.MetricsConfigData
	Log    logr.Logger
	// contains filtered or unexported fields
}

func InitMetrics ¶ added in v1.8.0

func InitMetrics(
	disableMetricsExport bool,
	otel string,
	metricsAddr string,
	otelCollector string,
	metricsConfigData *config.MetricsConfigData,
	transportCreds string,
	kubeClient kubernetes.Interface,
	log logr.Logger,
) (*MetricsConfig, *http.ServeMux, *controller.Controller, error)

func NewFakeMetricsConfig ¶ added in v1.8.0

func NewFakeMetricsConfig(client kubernetes.Interface) *MetricsConfig

func (*MetricsConfig) RecordAdmissionRequests ¶ added in v1.8.0

func (m *MetricsConfig) RecordAdmissionRequests(resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation)

func (*MetricsConfig) RecordAdmissionReviewDuration ¶ added in v1.8.0

func (m *MetricsConfig) RecordAdmissionReviewDuration(resourceKind string, resourceNamespace string, resourceRequestOperation string, admissionRequestLatency float64)

func (*MetricsConfig) RecordClientQueries ¶ added in v1.8.0

func (m *MetricsConfig) RecordClientQueries(clientQueryOperation ClientQueryOperation, clientType ClientType, resourceKind string, resourceNamespace string)

func (*MetricsConfig) RecordPolicyChanges ¶ added in v1.8.0

func (m *MetricsConfig) RecordPolicyChanges(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, policyChangeType string)

func (*MetricsConfig) RecordPolicyExecutionDuration ¶ added in v1.8.0

func (m *MetricsConfig) RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string,
	ruleName string, ruleResult RuleResult, ruleType RuleType, ruleExecutionCause RuleExecutionCause, ruleExecutionLatency float64,
)

func (*MetricsConfig) RecordPolicyResults ¶ added in v1.8.0

func (m *MetricsConfig) RecordPolicyResults(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string,
	resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation, ruleName string, ruleResult RuleResult, ruleType RuleType,
	ruleExecutionCause RuleExecutionCause,
)

func (*MetricsConfig) RecordPolicyRuleInfo ¶ added in v1.8.0

func (m *MetricsConfig) RecordPolicyRuleInfo(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string,
	ruleName string, ruleType RuleType, status string, metricValue float64,
)

type MetricsConfigManager ¶ added in v1.8.0

type MetricsConfigManager interface {
	RecordPolicyResults(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation, ruleName string, ruleResult RuleResult, ruleType RuleType, ruleExecutionCause RuleExecutionCause)
	RecordPolicyChanges(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, policyChangeType string)
	RecordPolicyRuleInfo(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, ruleName string, ruleType RuleType, status string, metricValue float64)
	RecordAdmissionRequests(resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation)
	RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, ruleName string, ruleResult RuleResult, ruleType RuleType, ruleExecutionCause RuleExecutionCause, ruleExecutionLatency float64)
	RecordAdmissionReviewDuration(resourceKind string, resourceNamespace string, resourceRequestOperation string, admissionRequestLatency float64)
	RecordClientQueries(clientQueryOperation ClientQueryOperation, clientType ClientType, resourceKind string, resourceNamespace string)
}

type PolicyBackgroundMode ¶

type PolicyBackgroundMode string

const (
	BackgroundTrue  PolicyBackgroundMode = "true"
	BackgroundFalse PolicyBackgroundMode = "false"
)

func ParsePolicyBackgroundMode ¶

func ParsePolicyBackgroundMode(policy kyvernov1.PolicyInterface) PolicyBackgroundMode

type PolicyType ¶

type PolicyType string

const (
	Cluster    PolicyType = "cluster"
	Namespaced PolicyType = "namespaced"
)

type PolicyValidationMode ¶

type PolicyValidationMode string

const (
	Enforce PolicyValidationMode = "enforce"
	Audit   PolicyValidationMode = "audit"
)

func ParsePolicyValidationMode ¶

func ParsePolicyValidationMode(validationFailureAction kyvernov1.ValidationFailureAction) (PolicyValidationMode, error)

type Recorder ¶ added in v1.8.1

type Recorder interface {
	Record(clientQueryOperation ClientQueryOperation)
}

func ClusteredClientQueryRecorder ¶ added in v1.8.1

func ClusteredClientQueryRecorder(m MetricsConfigManager, kind string, client ClientType) Recorder

func NamespacedClientQueryRecorder ¶ added in v1.8.1

func NamespacedClientQueryRecorder(m MetricsConfigManager, ns, kind string, client ClientType) Recorder

type ResourceRequestOperation ¶

type ResourceRequestOperation string

const (
	ResourceCreated   ResourceRequestOperation = "create"
	ResourceUpdated   ResourceRequestOperation = "update"
	ResourceDeleted   ResourceRequestOperation = "delete"
	ResourceConnected ResourceRequestOperation = "connect"
)

func ParseResourceRequestOperation ¶ added in v1.7.0

func ParseResourceRequestOperation(requestOperationStr string) (ResourceRequestOperation, error)

type RuleExecutionCause ¶

type RuleExecutionCause string

const (
	AdmissionRequest RuleExecutionCause = "admission_request"
	BackgroundScan   RuleExecutionCause = "background_scan"
)

type RuleResult ¶

type RuleResult string

const (
	Pass  RuleResult = "pass"
	Fail  RuleResult = "fail"
	Warn  RuleResult = "warn"
	Error RuleResult = "error"
	Skip  RuleResult = "skip"
)

type RuleType ¶

type RuleType string

const (
	Validate      RuleType = "validate"
	Mutate        RuleType = "mutate"
	Generate      RuleType = "generate"
	ImageVerify   RuleType = "imageVerify"
	EmptyRuleType RuleType = "-"
)

func ParseRuleType ¶

func ParseRuleType(rule kyvernov1.Rule) RuleType

func ParseRuleTypeFromEngineRuleResponse ¶ added in v1.7.0

func ParseRuleTypeFromEngineRuleResponse(rule response.RuleResponse) RuleType

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
admissionrequests
admissionreviewduration
policychanges
policyexecutionduration
policyresults
policyruleinfo

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL