policy

package
v1.1.6-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 2, 2020 License: Apache-2.0 Imports: 45 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// JSON patch uses ~1 for / characters
	// see: https://tools.ietf.org/html/rfc6901#section-3
	PodTemplateAnnotationApplied = "pod-policies.kyverno.io~1autogen-applied"
)

Variables

This section is empty.

Functions

func ContainsVariablesOtherThanObject added in v1.1.6

func ContainsVariablesOtherThanObject(policy kyverno.ClusterPolicy) error

ContainsVariablesOtherThanObject returns error if variable that does not start from request.object

func Validate added in v1.1.3

func Validate(policyRaw []byte, client *dclient.Client, mock bool, openAPIController *openapi.Controller) error

Validate does some initial check to verify some conditions - One operation per rule - ResourceDescription mandatory checks

Types

type Condition added in v0.9.1

type Condition int

Condition defines condition type

const (
	//NotEvaluate to not evaluate condition
	NotEvaluate Condition = 0
	// Process to evaluate condition
	Process Condition = 1
	// Skip to ignore/skip the condition
	Skip Condition = 2
)

type PVControlInterface

type PVControlInterface interface {
	DeleteClusterPolicyViolation(name string) error
	DeleteNamespacedPolicyViolation(ns, name string) error
}

PVControlInterface provides interface to operate on policy violation resource

type PolicyController

type PolicyController struct {
	// contains filtered or unexported fields
}

PolicyController is responsible for synchronizing Policy objects stored in the system with the corresponding policy violations

func NewPolicyController

NewPolicyController create a new PolicyController

func (*PolicyController) Run

func (pc *PolicyController) Run(workers int, stopCh <-chan struct{})

Run begins watching and syncing.

type RealPVControl

type RealPVControl struct {
	Client   kyvernoclient.Interface
	Recorder record.EventRecorder
}

RealPVControl is the default implementation of PVControlInterface.

func (RealPVControl) DeleteClusterPolicyViolation added in v1.1.0

func (r RealPVControl) DeleteClusterPolicyViolation(name string) error

DeleteClusterPolicyViolation deletes the policy violation

func (RealPVControl) DeleteNamespacedPolicyViolation added in v1.0.0

func (r RealPVControl) DeleteNamespacedPolicyViolation(ns, name string) error

DeleteNamespacedPolicyViolation deletes the namespaced policy violation

type ResourceManager

type ResourceManager struct {
	// contains filtered or unexported fields
}

ResourceManager stores the details on already processed resources for caching

func NewResourceManager

func NewResourceManager(rebuildTime int64) *ResourceManager

NewResourceManager returns a new ResourceManager

func (*ResourceManager) Drop

func (rm *ResourceManager) Drop()

Drop drop the cache after every rebuild interval mins TODO: or drop based on the size

func (*ResourceManager) ProcessResource

func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool

ProcessResource returns true if the policy was not applied on the resource

func (*ResourceManager) RegisterResource

func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)

RegisterResource stores if the policy is processed on this resource version

type Validation added in v1.1.5

type Validation interface {
	Validate() (string, error)
}

Validation provides methods to validate a rule

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL