Documentation
¶
Index ¶
- type Context
- type Cosign
- type EnableDeferredLoading
- type Exceptions
- type Flags
- type ForceFailurePolicyIgnore
- type GenerateValidatingAdmissionPolicy
- type ImageData
- type Kubernetes
- type Parameters
- type PolicyResponse
- type PolicyValidation
- type ProtectManagedResources
- type Registry
- type Response
- type Results
- type RuleResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Context ¶
type Context struct {
Username string `json:"username"`
Groups []string `json:"groups"`
Roles []string `json:"roles"`
ClusterRoles []string `json:"clusterRoles"`
Operation kyvernov1.AdmissionOperation `json:"operation"`
NamespaceLabels map[string]string `json:"namespaceLabels"`
DryRun bool `json:"dryRun"`
}
type Cosign ¶
type Cosign struct {
ImageSignatureRepository string `json:"imageSignatureRepository"`
}
type EnableDeferredLoading ¶
type EnableDeferredLoading struct {
Enabled bool `json:"enabled"`
}
type Exceptions ¶
type Flags ¶
type Flags struct {
Exceptions Exceptions `json:"exceptions"`
Cosign Cosign `json:"cosign"`
Registry Registry `json:"registry"`
ProtectManagedResources ProtectManagedResources `json:"protectManagedResources"`
ForceFailurePolicyIgnore ForceFailurePolicyIgnore `json:"forceFailurePolicyIgnore"`
EnableDeferredLoading EnableDeferredLoading `json:"enableDeferredLoading"`
GenerateValidatingAdmissionPolicy GenerateValidatingAdmissionPolicy `json:"generateValidatingAdmissionPolicy"`
}
type ForceFailurePolicyIgnore ¶
type ForceFailurePolicyIgnore struct {
Enabled bool `json:"enabled"`
}
type GenerateValidatingAdmissionPolicy ¶
type GenerateValidatingAdmissionPolicy struct {
Enabled bool `json:"enabled"`
}
type Kubernetes ¶
type Kubernetes struct {
Version string `json:"version"`
}
type Parameters ¶
type PolicyResponse ¶
type PolicyResponse struct {
// Rules contains policy rules responses
Rules []RuleResponse `json:"rules"`
}
type PolicyValidation ¶
type ProtectManagedResources ¶
type ProtectManagedResources struct {
Enabled bool `json:"enabled"`
}
type Response ¶
type Response struct {
// OriginalResource is the original resource as YAML string
OriginalResource string `json:"originalResource"`
// Resource is the original resource
Resource unstructured.Unstructured `json:"resource"`
// Policy is the original policy
Policy kyvernov1.PolicyInterface `json:"policy"`
// ValidatingAdmissionPolicy is the original policy
ValidatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy `json:"validatingAdmissionPolicy"`
// namespaceLabels given by policy context
NamespaceLabels map[string]string `json:"namespaceLabels"`
// PatchedResource is the resource patched with the engine action changes
PatchedResource string `json:"patchedResource"`
// PolicyResponse contains the engine policy response
PolicyResponse PolicyResponse `json:"policyResponse"`
}
func ConvertResponse ¶
func ConvertResponse(in engineapi.EngineResponse) Response
type RuleResponse ¶
type RuleResponse struct {
// name is the rule name specified in policy
Name string `json:"name"`
// ruleType is the rule type (Mutation,Generation,Validation) for Kyverno Policy
RuleType engineapi.RuleType `json:"ruleType"`
// message is the message response from the rule application
Message string `json:"message"`
// status rule status
Status engineapi.RuleStatus `json:"status"`
// generatedResource is the generated by the generate rules of a policy
GeneratedResource string `json:"generatedResource"`
// patchedTarget is the patched resource for mutate.targets
PatchedTarget *unstructured.Unstructured `json:"patchedTarget"`
// patchedTargetParentResourceGVR is the GVR of the parent resource of the PatchedTarget. This is only populated when PatchedTarget is a subresource.
PatchedTargetParentResourceGVR metav1.GroupVersionResource `json:"patchedTargetParentResourceGVR"`
// patchedTargetSubresourceName is the name of the subresource which is patched, empty if the resource patched is not a subresource.
PatchedTargetSubresourceName string `json:"patchedTargetSubresourceName"`
// podSecurityChecks contains pod security checks (only if this is a pod security rule)
PodSecurityChecks *engineapi.PodSecurityChecks `json:"podSecurityChecks"`
// exception is the exception applied (if any)
Exceptions []v2.PolicyException `json:"exceptions"`
}
Source Files
¶
- context.go
- convert.go
- cosign.go
- enableDeferredLoading.go
- exceptions.go
- flags.go
- forcefailurepolicyignore.go
- generateValidatingAdmissionPolicy.go
- imagedata.go
- kubernetes.go
- parameters.go
- policyresponse.go
- policyvalidation.go
- protectmanagedresources.go
- registry.go
- response.go
- results.go
- ruleresponse.go
Click to show internal directories.
Click to hide internal directories.