engine

package

v1.1.1 Latest Latest Go to latest Published: Jan 14, 2020 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nirmata/kyverno

Documentation ¶

Index ¶

Constants
func GenerateNew(policyContext PolicyContext) (resp response.EngineResponse)
func MatchesResourceDescription(resource unstructured.Unstructured, rule kyverno.Rule) bool
func Mutate(policyContext PolicyContext) (resp response.EngineResponse)
func ParseKindFromObject(bytes []byte) string
func ParseNameFromObject(bytes []byte) string
func ParseNamespaceFromObject(bytes []byte) string
func ParseResourceInfoFromObject(rawResource []byte) string
func Validate(policyContext PolicyContext) (resp response.EngineResponse)
type Condition
type EngineStats
type PolicyContext

Constants ¶

View Source

const (
	PodControllers           = "DaemonSet,Deployment,Job,StatefulSet"
	PodControllersAnnotation = "pod-policies.kyverno.io/autogen-controllers"
	PodTemplateAnnotation    = "pod-policies.kyverno.io/autogen-applied"
)

Variables ¶

This section is empty.

Functions ¶

func GenerateNew ¶ added in v0.6.0

func GenerateNew(policyContext PolicyContext) (resp response.EngineResponse)

GenerateNew 1. validate variables to be susbtitute in the general ruleInfo (match,exclude,condition)

the caller has to check the ruleResponse to determine whether the path exist

2. returns the list of rules that are applicable on this policy and resource, if 1 succeed

func MatchesResourceDescription ¶ added in v0.8.0

func MatchesResourceDescription(resource unstructured.Unstructured, rule kyverno.Rule) bool

MatchesResourceDescription checks if the resource matches resource desription of the rule or not

func Mutate ¶

func Mutate(policyContext PolicyContext) (resp response.EngineResponse)

Mutate performs mutation. Overlay first and then mutation patches

func ParseKindFromObject ¶ added in v0.5.0

func ParseKindFromObject(bytes []byte) string

ParseKindFromObject get kind from resource

func ParseNameFromObject ¶

func ParseNameFromObject(bytes []byte) string

ParseNameFromObject extracts resource name from JSON obj

func ParseNamespaceFromObject ¶

func ParseNamespaceFromObject(bytes []byte) string

ParseNamespaceFromObject extracts the namespace from the JSON obj

func ParseResourceInfoFromObject ¶ added in v0.7.0

func ParseResourceInfoFromObject(rawResource []byte) string

ParseResourceInfoFromObject get kind/namepace/name from resource

func Validate ¶

func Validate(policyContext PolicyContext) (resp response.EngineResponse)

Validate applies validation rules from policy on the resource

Types ¶

type Condition ¶ added in v0.9.1

type Condition int

const (
	NotEvaluate Condition = 0
	Process     Condition = 1
	Skip        Condition = 2
)

type EngineStats ¶ added in v0.8.0

type EngineStats struct {
	// average time required to process the policy rules on a resource
	ExecutionTime time.Duration
	// Count of rules that were applied succesfully
	RulesAppliedCount int
}

EngineStats stores in the statistics for a single application of resource

type PolicyContext ¶ added in v1.0.0

type PolicyContext struct {
	// policy to be processed
	Policy kyverno.ClusterPolicy
	// resource to be processed
	NewResource unstructured.Unstructured
	// old Resource - Update operations
	OldResource   unstructured.Unstructured
	AdmissionInfo kyverno.RequestInfo
	// Dynamic client - used by generate
	Client *client.Client
	// Contexts to store resources
	Context context.EvalInterface
}

PolicyContext contains the contexts for engine to process

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
anchor
context
mutate
operator
policy
rbac
response
utils
validate
variables
operator

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL