match

package
v0.0.0-...-48ed4f0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 4, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

+kubebuilder:object:generate=true +groupName=match.gatekeeper.sh

Index

Constants

View Source
const Wildcard = "*"

Wildcard represents matching any Group, Version, or Kind. Only for use in Match, not ApplyTo.

Variables

View Source
var ErrMatch = errors.New("failed to run Match criteria")

Functions

func AppliesTo

func AppliesTo(applyTo []ApplyTo, gvk schema.GroupVersionKind) bool

AppliesTo checks if any item the given slice of ApplyTo applies to the given object.

func IsNamespace

func IsNamespace(obj client.Object) bool

func Matches

func Matches(match *Match, target *Matchable) (bool, error)

Matches verifies if the given object belonging to the given namespace matches Match. Only returns true if all parts of the Match succeed.

Types

type ApplyTo

type ApplyTo struct {
	Groups   []string `json:"groups,omitempty"`
	Kinds    []string `json:"kinds,omitempty"`
	Versions []string `json:"versions,omitempty"`
}

ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. +kubebuilder:object:generate=true

func (*ApplyTo) DeepCopy

func (in *ApplyTo) DeepCopy() *ApplyTo

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplyTo.

func (*ApplyTo) DeepCopyInto

func (in *ApplyTo) DeepCopyInto(out *ApplyTo)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (ApplyTo) Flatten

func (a ApplyTo) Flatten() []schema.GroupVersionKind

Flatten returns the set of GroupVersionKinds this ApplyTo matches. The GVKs are not guaranteed to be sorted or unique.

func (ApplyTo) Matches

func (a ApplyTo) Matches(gvk schema.GroupVersionKind) bool

Matches returns true if the Object's Group, Version, and Kind are contained in the ApplyTo's match lists.

type DummyCRD

type DummyCRD struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadataDummy,omitempty"`

	Match `json:"embeddedMatch,omitempty"`
}

DummyCRD is a "dummy" CRD to hold the Match object, which we ultimately need to generate JSONSchemaProps. The TypeMeta and ObjectMeta fields are required for controller-gen to generate the CRD. +kubebuilder:resource:path="matchcrd"

func (*DummyCRD) DeepCopy

func (in *DummyCRD) DeepCopy() *DummyCRD

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DummyCRD.

func (*DummyCRD) DeepCopyInto

func (in *DummyCRD) DeepCopyInto(out *DummyCRD)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Kinds

type Kinds struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups.
	// If '*' is present, the length of the slice must be one.
	// Required.
	APIGroups []string `json:"apiGroups,omitempty" protobuf:"bytes,1,rep,name=apiGroups"`
	Kinds     []string `json:"kinds,omitempty"`
}

Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. +kubebuilder:object:generate=true

func (*Kinds) DeepCopy

func (in *Kinds) DeepCopy() *Kinds

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Kinds.

func (*Kinds) DeepCopyInto

func (in *Kinds) DeepCopyInto(out *Kinds)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Match

type Match struct {
	// Source determines whether generated or original resources are matched.
	// Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of
	// `Generated` will only match generated resources, while `Original` will only
	// match regular resources.
	// +kubebuilder:validation:Enum=All;Generated;Original
	Source string  `json:"source,omitempty"`
	Kinds  []Kinds `json:"kinds,omitempty"`
	// Scope determines if cluster-scoped and/or namespaced-scoped resources
	// are matched.  Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)
	Scope apiextensionsv1.ResourceScope `json:"scope,omitempty"`
	// Namespaces is a list of namespace names. If defined, a constraint only
	// applies to resources in a listed namespace.  Namespaces also supports a
	// prefix or suffix based glob.  For example, `namespaces: [kube-*]` matches both
	// `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both
	// `kube-system` and `gatekeeper-system`.
	Namespaces []util.Wildcard `json:"namespaces,omitempty"`
	// ExcludedNamespaces is a list of namespace names. If defined, a
	// constraint only applies to resources not in a listed namespace.
	// ExcludedNamespaces also supports a prefix or suffix based glob.  For example,
	// `excludedNamespaces: [kube-*]` matches both `kube-system` and
	// `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and
	// `gatekeeper-system`.
	ExcludedNamespaces []util.Wildcard `json:"excludedNamespaces,omitempty"`
	// LabelSelector is the combination of two optional fields: `matchLabels`
	// and `matchExpressions`.  These two fields provide different methods of
	// selecting or excluding k8s objects based on the label keys and values
	// included in object metadata.  All selection expressions from both
	// sections are ANDed to determine if an object meets the cumulative
	// requirements of the selector.
	LabelSelector *metav1.LabelSelector `json:"labelSelector,omitempty"`
	// NamespaceSelector is a label selector against an object's containing
	// namespace or the object itself, if the object is a namespace.
	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
	// Name is the name of an object.  If defined, it will match against objects with the specified
	// name.  Name also supports a prefix or suffix glob.  For example, `name: pod-*` would match
	// both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.
	Name util.Wildcard `json:"name,omitempty"`
}

Match selects which objects are in scope. +kubebuilder:object:generate=true

func (*Match) DeepCopy

func (in *Match) DeepCopy() *Match

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Match.

func (*Match) DeepCopyInto

func (in *Match) DeepCopyInto(out *Match)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Matchable

type Matchable struct {
	Object    client.Object
	Namespace *corev1.Namespace
	Source    types.SourceType
}

Matchable represent an object to be matched along with its metadata. +kubebuilder:object:generate=false

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL