Affected by GO-2023-1804 and 3 other vulnerabilities

GO-2023-1804: Kyverno vulnerable due to usage of insecure cipher in github.com/kyverno/kyverno

GO-2023-1819: Kyverno resource with a deletionTimestamp may allow policy circumvention in github.com/kyverno/kyverno

GO-2023-2340: Attacker can cause Kyverno user to unintentionally consume insecure image in github.com/kyverno/kyverno

GO-2024-3230: Kyverno's PolicyException objects can be created in any namespace by default in github.com/kyverno/kyverno

utils

package

v1.9.2-rc.1 Latest Latest Go to latest Published: Mar 13, 2023 License: Apache-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kyverno/kyverno

Documentation ¶

Index ¶

func BlockRequest(engineResponses []*response.EngineResponse, ...) bool
func ExcludeKyvernoResources(kind string) bool
func GenerateEvents(engineResponses []*response.EngineResponse, blocked bool) []event.Info
func GetBlockedMessages(engineResponses []*response.EngineResponse) string
func GetErrorMsg(engineReponses []*response.EngineResponse) string
func GetWarningMessages(engineResponses []*response.EngineResponse) []string
func RegisterPolicyExecutionDurationMetricGenerate(ctx context.Context, logger logr.Logger, ...)
func RegisterPolicyExecutionDurationMetricMutate(ctx context.Context, logger logr.Logger, ...)
func RegisterPolicyExecutionDurationMetricValidate(ctx context.Context, logger logr.Logger, ...)
func RegisterPolicyResultsMetricGeneration(ctx context.Context, logger logr.Logger, ...)
func RegisterPolicyResultsMetricMutation(ctx context.Context, logger logr.Logger, ...)
func RegisterPolicyResultsMetricValidation(ctx context.Context, logger logr.Logger, ...)
type PolicyContextBuilder
- func NewPolicyContextBuilder(configuration config.Configuration, client dclient.Interface, ...) PolicyContextBuilder
type UpdateRequestUpdater
- func NewUpdateRequestUpdater(client versioned.Interface, ...) UpdateRequestUpdater

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BlockRequest ¶

func BlockRequest(engineResponses []*response.EngineResponse, failurePolicy kyvernov1.FailurePolicyType, log logr.Logger) bool

returns true -> if there is even one policy that blocks resource request returns false -> if all the policies are meant to report only, we dont block resource request

func ExcludeKyvernoResources ¶

func ExcludeKyvernoResources(kind string) bool

func GenerateEvents ¶

func GenerateEvents(engineResponses []*response.EngineResponse, blocked bool) []event.Info

GenerateEvents generates event info for the engine responses

func GetBlockedMessages ¶

func GetBlockedMessages(engineResponses []*response.EngineResponse) string

GetBlockedMessages gets the error messages for rules with error or fail status

func GetErrorMsg ¶

func GetErrorMsg(engineReponses []*response.EngineResponse) string

func GetWarningMessages ¶

func GetWarningMessages(engineResponses []*response.EngineResponse) []string

func RegisterPolicyExecutionDurationMetricGenerate ¶

func RegisterPolicyExecutionDurationMetricGenerate(ctx context.Context, logger logr.Logger, metricsConfig metrics.MetricsConfigManager, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse)

func RegisterPolicyExecutionDurationMetricMutate ¶

func RegisterPolicyExecutionDurationMetricMutate(ctx context.Context, logger logr.Logger, metricsConfig metrics.MetricsConfigManager, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse)

func RegisterPolicyExecutionDurationMetricValidate ¶

func RegisterPolicyExecutionDurationMetricValidate(ctx context.Context, logger logr.Logger, metricsConfig metrics.MetricsConfigManager, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse)

func RegisterPolicyResultsMetricGeneration ¶

func RegisterPolicyResultsMetricGeneration(ctx context.Context, logger logr.Logger, metricsConfig metrics.MetricsConfigManager, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse)

func RegisterPolicyResultsMetricMutation ¶

func RegisterPolicyResultsMetricMutation(ctx context.Context, logger logr.Logger, metricsConfig metrics.MetricsConfigManager, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse)

func RegisterPolicyResultsMetricValidation ¶

func RegisterPolicyResultsMetricValidation(ctx context.Context, logger logr.Logger, metricsConfig metrics.MetricsConfigManager, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse)

Types ¶

type PolicyContextBuilder ¶

type PolicyContextBuilder interface {
	Build(*admissionv1.AdmissionRequest) (*engine.PolicyContext, error)
}

func NewPolicyContextBuilder ¶

func NewPolicyContextBuilder(
	configuration config.Configuration,
	client dclient.Interface,
	rbLister rbacv1listers.RoleBindingLister,
	crbLister rbacv1listers.ClusterRoleBindingLister,
	informerCacheResolvers resolvers.ConfigmapResolver,
	polexLister engine.PolicyExceptionLister,
) PolicyContextBuilder

type UpdateRequestUpdater ¶

type UpdateRequestUpdater interface {
	// UpdateAnnotation updates UR annotation, triggering reprocessing of UR and recreation/updation of generated resource
	UpdateAnnotation(logger logr.Logger, name string)
}

func NewUpdateRequestUpdater ¶

func NewUpdateRequestUpdater(client versioned.Interface, lister kyvernov1beta1listers.UpdateRequestNamespaceLister) UpdateRequestUpdater

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL