Affected by GO-2023-1804 and 2 other vulnerabilities

GO-2023-1804: Kyverno vulnerable due to usage of insecure cipher in github.com/kyverno/kyverno

GO-2023-1819: Kyverno resource with a deletionTimestamp may allow policy circumvention in github.com/kyverno/kyverno

GO-2023-2340: Attacker can cause Kyverno user to unintentionally consume insecure image in github.com/kyverno/kyverno

policy

package

v1.9.1 Latest Latest Go to latest Published: Mar 9, 2023 License: Apache-2.0 Imports: 67 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kyverno/kyverno

Links

Open Source Insights

Documentation ¶

Index ¶

func UpdateSourceResource(client dclient.Interface, kind, namespace string, policyName string, ...) error
func Validate(policy kyvernov1.PolicyInterface, client dclient.Interface, mock bool, ...) ([]string, error)
func ValidateOnPolicyUpdate(p kyvernov1.PolicyInterface, onPolicyUpdate bool) error
func ValidateVariables(p kyvernov1.PolicyInterface, backgroundMode bool) error
type Condition
type PolicyController
- func NewPolicyController(kyvernoClient versioned.Interface, client dclient.Interface, ...) (*PolicyController, error)
- func (pc *PolicyController) Run(ctx context.Context, workers int)
type Validation

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func UpdateSourceResource ¶ added in v1.8.2

func UpdateSourceResource(client dclient.Interface, kind, namespace string, policyName string, obj *unstructured.Unstructured) error

func Validate ¶ added in v1.2.0

func Validate(policy kyvernov1.PolicyInterface, client dclient.Interface, mock bool, openApiManager openapi.Manager) ([]string, error)

Validate checks the policy and rules declarations for required configurations

func ValidateOnPolicyUpdate ¶ added in v1.7.0

func ValidateOnPolicyUpdate(p kyvernov1.PolicyInterface, onPolicyUpdate bool) error

func ValidateVariables ¶ added in v1.5.2

func ValidateVariables(p kyvernov1.PolicyInterface, backgroundMode bool) error

Types ¶

type Condition ¶ added in v0.9.1

type Condition int

Condition defines condition type

const (
	// NotEvaluate to not evaluate condition
	NotEvaluate Condition = 0
	// Process to evaluate condition
	Process Condition = 1
	// Skip to ignore/skip the condition
	Skip Condition = 2
)

type PolicyController ¶

type PolicyController struct {
	// contains filtered or unexported fields
}

PolicyController is responsible for synchronizing Policy objects stored in the system with the corresponding policy violations

func NewPolicyController ¶

func NewPolicyController(
	kyvernoClient versioned.Interface,
	client dclient.Interface,
	rclient registryclient.Client,
	pInformer kyvernov1informers.ClusterPolicyInformer,
	npInformer kyvernov1informers.PolicyInformer,
	urInformer kyvernov1beta1informers.UpdateRequestInformer,
	configHandler config.Configuration,
	eventGen event.Interface,
	namespaces corev1informers.NamespaceInformer,
	informerCacheResolvers resolvers.ConfigmapResolver,
	log logr.Logger,
	reconcilePeriod time.Duration,
	metricsConfig metrics.MetricsConfigManager,
) (*PolicyController, error)

NewPolicyController create a new PolicyController

func (*PolicyController) Run ¶

func (pc *PolicyController) Run(ctx context.Context, workers int)

Run begins watching and syncing.

type Validation ¶ added in v1.2.0

type Validation interface {
	Validate() (string, error)
}

Validation provides methods to validate a rule

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
common
generate
fake
mutate
validate

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL