Documentation
¶
Index ¶
- Constants
- func ForceMutate(ctx context.EvalInterface, policy kyverno.ClusterPolicy, ...) (unstructured.Unstructured, error)
- func Generate(policyContext PolicyContext) (resp response.EngineResponse)
- func MatchesResourceDescription(resourceRef unstructured.Unstructured, ruleRef kyverno.Rule, ...) error
- func Mutate(policyContext PolicyContext) (resp response.EngineResponse)
- func SkipPolicyApplication(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) bool
- func Validate(policyContext PolicyContext) (resp response.EngineResponse)
- type EngineStats
- type PolicyContext
Constants ¶
const ( // PodControllerCronJob represent CronJob string PodControllerCronJob = "CronJob" //PodControllers stores the list of Pod-controllers in csv string PodControllers = "DaemonSet,Deployment,Job,StatefulSet,CronJob" //PodControllersAnnotation defines the annotation key for Pod-Controllers PodControllersAnnotation = "pod-policies.kyverno.io/autogen-controllers" )
Variables ¶
This section is empty.
Functions ¶
func ForceMutate ¶ added in v1.1.4
func ForceMutate(ctx context.EvalInterface, policy kyverno.ClusterPolicy, resource unstructured.Unstructured) (unstructured.Unstructured, error)
ForceMutate does not check any conditions, it simply mutates the given resource
func Generate ¶
func Generate(policyContext PolicyContext) (resp response.EngineResponse)
Generate checks for validity of generate rule on the resource 1. validate variables to be susbtitute in the general ruleInfo (match,exclude,condition)
- the caller has to check the ruleResponse to determine whether the path exist
2. returns the list of rules that are applicable on this policy and resource, if 1 succeed
func MatchesResourceDescription ¶ added in v0.8.0
func MatchesResourceDescription(resourceRef unstructured.Unstructured, ruleRef kyverno.Rule, admissionInfoRef kyverno.RequestInfo, dynamicConfig []string) error
MatchesResourceDescription checks if the resource matches resource description of the rule or not
func Mutate ¶
func Mutate(policyContext PolicyContext) (resp response.EngineResponse)
Mutate performs mutation. Overlay first and then mutation patches
func SkipPolicyApplication ¶ added in v1.1.11
func SkipPolicyApplication(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) bool
SkipPolicyApplication returns true: - if the policy has auto-gen annotation && resource == Pod - if the auto-gen contains cronJob && resource == Job
func Validate ¶
func Validate(policyContext PolicyContext) (resp response.EngineResponse)
Validate applies validation rules from policy on the resource
Types ¶
type EngineStats ¶ added in v0.8.0
type EngineStats struct {
// average time required to process the policy rules on a resource
ExecutionTime time.Duration
// Count of rules that were applied successfully
RulesAppliedCount int
}
EngineStats stores in the statistics for a single application of resource
type PolicyContext ¶ added in v1.0.0
type PolicyContext struct {
// policy to be processed
Policy kyverno.ClusterPolicy
// resource to be processed
NewResource unstructured.Unstructured
// old Resource - Update operations
OldResource unstructured.Unstructured
AdmissionInfo kyverno.RequestInfo
// Dynamic client - used by generate
Client *client.Client
// Contexts to store resources
Context context.EvalInterface
// Config handler
ExcludeGroupRole []string
}
PolicyContext contains the contexts for engine to process
Source Files
Directories