Documentation ¶
Index ¶
- type EngineResponse
- func (er EngineResponse) GetFailedRules() []string
- func (er EngineResponse) GetPatches() [][]byte
- func (er EngineResponse) GetResourceSpec() ResourceSpec
- func (er EngineResponse) GetSuccessRules() []string
- func (er *EngineResponse) GetValidationFailureAction() kyvernov1.ValidationFailureAction
- func (er EngineResponse) IsEmpty() bool
- func (er EngineResponse) IsError() bool
- func (er EngineResponse) IsFailed() bool
- func (er EngineResponse) IsNil() bool
- func (er EngineResponse) IsSkipped() bool
- func (er EngineResponse) IsSuccessful() bool
- type PodSecurityChecks
- type PolicyResponse
- type PolicySpec
- type PolicyStats
- type ResourceSpec
- type RuleResponse
- type RuleStats
- type RuleStatus
- type RuleType
- type ValidationFailureActionOverride
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EngineResponse ¶
type EngineResponse struct { // Resource patched with the engine action changes PatchedResource unstructured.Unstructured // Original policy Policy kyvernov1.PolicyInterface // Policy Response PolicyResponse PolicyResponse }
EngineResponse engine response to the action
func (EngineResponse) GetFailedRules ¶
func (er EngineResponse) GetFailedRules() []string
GetFailedRules returns failed rules
func (EngineResponse) GetPatches ¶
func (er EngineResponse) GetPatches() [][]byte
GetPatches returns all the patches joined
func (EngineResponse) GetResourceSpec ¶ added in v1.3.0
func (er EngineResponse) GetResourceSpec() ResourceSpec
GetResourceSpec returns resourceSpec of er
func (EngineResponse) GetSuccessRules ¶
func (er EngineResponse) GetSuccessRules() []string
GetSuccessRules returns success rules
func (*EngineResponse) GetValidationFailureAction ¶ added in v1.7.0
func (er *EngineResponse) GetValidationFailureAction() kyvernov1.ValidationFailureAction
func (EngineResponse) IsEmpty ¶ added in v1.7.0
func (er EngineResponse) IsEmpty() bool
IsEmpty checks if any rule results are present
func (EngineResponse) IsError ¶ added in v1.8.0
func (er EngineResponse) IsError() bool
IsError checks if any rule resulted in a processing error
func (EngineResponse) IsFailed ¶ added in v1.4.2
func (er EngineResponse) IsFailed() bool
IsFailed checks if any rule created a policy violation
func (EngineResponse) IsNil ¶ added in v1.8.0
func (er EngineResponse) IsNil() bool
isNil checks if rule is an empty rule
func (EngineResponse) IsSkipped ¶ added in v1.8.0
func (er EngineResponse) IsSkipped() bool
IsSkipped checks if any rule has skipped resource or not.
func (EngineResponse) IsSuccessful ¶ added in v1.2.0
func (er EngineResponse) IsSuccessful() bool
IsSuccessful checks if any rule has failed or produced an error during execution
type PodSecurityChecks ¶ added in v1.9.0
type PodSecurityChecks struct { Level api.Level Version string Checks []pssutils.PSSCheckResult }
type PolicyResponse ¶
type PolicyResponse struct { // policy details Policy PolicySpec `json:"policy"` // resource details Resource ResourceSpec `json:"resource"` // policy statistics PolicyStats `json:",inline"` // rule response Rules []RuleResponse `json:"rules"` // ValidationFailureAction: audit (default) or enforce ValidationFailureAction kyvernov1.ValidationFailureAction ValidationFailureActionOverrides []ValidationFailureActionOverride }
PolicyResponse policy application response
type PolicySpec ¶ added in v1.4.2
PolicySpec policy
type PolicyStats ¶
type PolicyStats struct { // time required to process the policy rules on a resource ProcessingTime time.Duration `json:"processingTime"` // Count of rules that were applied successfully RulesAppliedCount int `json:"rulesAppliedCount"` // Count of rules that with execution errors RulesErrorCount int `json:"rulesErrorCount"` // Timestamp of the instant the Policy was triggered PolicyExecutionTimestamp int64 `json:"policyExecutionTimestamp"` }
PolicyStats stores statistics for the single policy application
type ResourceSpec ¶
type ResourceSpec struct { Kind string `json:"kind"` APIVersion string `json:"apiVersion"` Namespace string `json:"namespace"` Name string `json:"name"` // UID is not used to build the unique identifier // optional UID string `json:"uid"` }
ResourceSpec resource action applied on
type RuleResponse ¶
type RuleResponse struct { // rule name specified in policy Name string `json:"name"` // rule type (Mutation,Generation,Validation) for Kyverno Policy Type RuleType `json:"type"` // message response from the rule application Message string `json:"message"` // JSON patches, for mutation rules Patches [][]byte `json:"patches,omitempty"` // Resource generated by the generate rules of a policy GeneratedResource unstructured.Unstructured `json:"generatedResource,omitempty"` // rule status Status RuleStatus `json:"status"` // statistics RuleStats `json:",inline"` // PatchedTarget is the patched resource for mutate.targets PatchedTarget *unstructured.Unstructured // PatchedTargetSubresourceName is the name of the subresource which is patched, empty if the resource patched is // not a subresource. PatchedTargetSubresourceName string // PatchedTargetParentResourceGVR is the GVR of the parent resource of the PatchedTarget. This is only populated // when PatchedTarget is a subresource. PatchedTargetParentResourceGVR metav1.GroupVersionResource // PodSecurityChecks contains pod security checks (only if this is a pod security rule) PodSecurityChecks *PodSecurityChecks }
RuleResponse details for each rule application
type RuleStats ¶
type RuleStats struct { // time required to apply the rule on the resource ProcessingTime time.Duration `json:"processingTime"` // Timestamp of the instant the rule got triggered RuleExecutionTimestamp int64 `json:"ruleExecutionTimestamp"` }
RuleStats stores the statistics for the single rule application
type RuleStatus ¶ added in v1.5.0
type RuleStatus int
RuleStatus represents the status of rule execution
const ( // RuleStatusPass indicates that the resources meets the policy rule requirements RuleStatusPass RuleStatus = iota // RuleStatusFail indicates that the resource does not meet the policy rule requirements RuleStatusFail // RuleStatusWarn indicates that the resource does not meet the policy rule requirements, but the policy is not scored RuleStatusWarn // RuleStatusError indicates that the policy rule could not be evaluated due to a processing error, for // example when a variable cannot be resolved in the policy rule definition. Note that variables // that cannot be resolved in preconditions are replaced with empty values to allow existence // checks. RuleStatusError // RuleStatusSkip indicates that the policy rule was not selected based on user inputs or applicability, for example // when preconditions are not met, or when conditional or global anchors are not satistied. RuleStatusSkip )
RuleStatusPass is used to report the result of processing a rule.
func (*RuleStatus) MarshalJSON ¶ added in v1.5.0
func (s *RuleStatus) MarshalJSON() ([]byte, error)
MarshalJSON marshals the enum as a quoted json string
func (*RuleStatus) String ¶ added in v1.5.0
func (s *RuleStatus) String() string
func (*RuleStatus) UnmarshalJSON ¶ added in v1.5.0
func (s *RuleStatus) UnmarshalJSON(b []byte) error
UnmarshalJSON unmarshals a quoted json string to the enum value
func (*RuleStatus) UnmarshalYAML ¶ added in v1.5.0
func (s *RuleStatus) UnmarshalYAML(unmarshal func(interface{}) error) error
type RuleType ¶ added in v1.7.0
type RuleType string
const ( // Mutation type for mutation rule Mutation RuleType = "Mutation" // Validation type for validation rule Validation RuleType = "Validation" // Generation type for generation rule Generation RuleType = "Generation" // ImageVerify type for image verification ImageVerify RuleType = "ImageVerify" )
type ValidationFailureActionOverride ¶ added in v1.6.0
type ValidationFailureActionOverride struct { Action kyvernov1.ValidationFailureAction `json:"action"` Namespaces []string `json:"namespaces"` }