policy

package
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 4, 2019 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HasMutateOrValidate

func HasMutateOrValidate(policy kyverno.ClusterPolicy) bool

func HasMutateOrValidatePolicies

func HasMutateOrValidatePolicies(policies []*kyverno.ClusterPolicy) bool

func RecheckDeletionTimestamp

func RecheckDeletionTimestamp(getObject func() (metav1.Object, error)) func() error

RecheckDeletionTimestamp returns a CanAdopt() function to recheck deletion.

The CanAdopt() function calls getObject() to fetch the latest value, and denies adoption attempts if that object has a non-nil DeletionTimestamp.

Types

type BaseControllerRefManager

type BaseControllerRefManager struct {
	Controller metav1.Object
	Selector   labels.Selector

	CanAdoptFunc func() error
	// contains filtered or unexported fields
}

BaseControllerRefManager ...

func (*BaseControllerRefManager) CanAdopt

func (m *BaseControllerRefManager) CanAdopt() error

CanAdopt ...

func (*BaseControllerRefManager) ClaimObject

func (m *BaseControllerRefManager) ClaimObject(obj metav1.Object, match func(metav1.Object) bool, adopt, release func(metav1.Object) error) (bool, error)

ClaimObject ...

type Condition added in v0.9.1

type Condition int
const (
	NotEvaluate Condition = 0
	Process     Condition = 1
	Skip        Condition = 2
)

type PVControlInterface

type PVControlInterface interface {
	PatchPolicyViolation(name string, data []byte) error
}

PVControlInterface provides interface to operate on policy violation resource

type PolicyController

type PolicyController struct {
	// contains filtered or unexported fields
}

PolicyController is responsible for synchronizing Policy objects stored in the system with the corresponding policy violations

func NewPolicyController

NewPolicyController create a new PolicyController

func (*PolicyController) GetPolicyStatusAggregator

func (pc *PolicyController) GetPolicyStatusAggregator() PolicyStatusInterface

GetPolicyStatusAggregator returns interface to send policy status stats

func (*PolicyController) Run

func (pc *PolicyController) Run(workers int, stopCh <-chan struct{})

Run begins watching and syncing.

type PolicyStat

type PolicyStat struct {
	PolicyName string
	Stats      PolicyStatInfo
}

PolicyStat stored stats for policy

type PolicyStatInfo

type PolicyStatInfo struct {
	MutationExecutionTime   time.Duration
	ValidationExecutionTime time.Duration
	GenerationExecutionTime time.Duration
	RulesAppliedCount       int
	ResourceBlocked         int
	Rules                   []RuleStatinfo
}

type PolicyStatusAggregator

type PolicyStatusAggregator struct {
	// contains filtered or unexported fields
}

PolicyStatusAggregator stores information abt aggregation

func NewPolicyStatAggregator

func NewPolicyStatAggregator(client *kyvernoclient.Clientset) *PolicyStatusAggregator

NewPolicyStatAggregator returns a new policy status

func (*PolicyStatusAggregator) GetPolicyStats

func (psa *PolicyStatusAggregator) GetPolicyStats(policyName string) PolicyStatInfo

GetPolicyStats returns the policy stats

func (*PolicyStatusAggregator) RemovePolicyStats

func (psa *PolicyStatusAggregator) RemovePolicyStats(policyName string)

RemovePolicyStats rmves policy stats records

func (*PolicyStatusAggregator) Run

func (psa *PolicyStatusAggregator) Run(workers int, stopCh <-chan struct{})

Run begins aggregator

func (*PolicyStatusAggregator) SendStat

func (psa *PolicyStatusAggregator) SendStat(stat PolicyStat)

SendStat sends the stat information for aggregation

type PolicyStatusInterface

type PolicyStatusInterface interface {
	SendStat(stat PolicyStat)
}

PolicyStatusInterface provides methods to modify policyStatus

type PolicyViolationControllerRefManager

type PolicyViolationControllerRefManager struct {
	BaseControllerRefManager
	// contains filtered or unexported fields
}

PolicyViolationControllerRefManager manages adoption of policy violation by a policy

func NewPolicyViolationControllerRefManager

func NewPolicyViolationControllerRefManager(
	pvControl PVControlInterface,
	controller metav1.Object,
	selector labels.Selector,
	controllerKind schema.GroupVersionKind,
	canAdopt func() error,
) *PolicyViolationControllerRefManager

NewPolicyViolationControllerRefManager returns new PolicyViolationControllerRefManager

type RealPVControl

type RealPVControl struct {
	Client   kyvernoclient.Interface
	Recorder record.EventRecorder
}

RealPVControl is the default implementation of PVControlInterface.

func (RealPVControl) PatchPolicyViolation

func (r RealPVControl) PatchPolicyViolation(name string, data []byte) error

PatchPolicyViolation patches the policy violation with the provided JSON Patch

type ResourceManager

type ResourceManager struct {
	// contains filtered or unexported fields
}

ResourceManager stores the details on already processed resources for caching

func NewResourceManager

func NewResourceManager(rebuildTime int64) *ResourceManager

NewResourceManager returns a new ResourceManager

func (*ResourceManager) Drop

func (rm *ResourceManager) Drop()

Drop drop the cache after every rebuild interval mins TODO: or drop based on the size

func (*ResourceManager) ProcessResource

func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool

ProcessResource returns true if the policy was not applied on the resource

func (*ResourceManager) RegisterResource

func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)

RegisterResource stores if the policy is processed on this resource version

type RuleStatinfo added in v0.9.1

type RuleStatinfo struct {
	RuleName         string
	ExecutionTime    time.Duration
	RuleAppliedCount int
	RulesFailedCount int
	MutationCount    int
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL