The highest tagged major version is v3.

types

package

v2.0.1+incompatible Latest Latest Go to latest Published: Mar 25, 2019 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/open-policy-agent/gatekeeper

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func MakeAuditQuery() string
func MakeSingleClusterResourceQuery(resource, name string) string
func MakeSingleNamespaceAuthorizationResourceQuery(resource, namespace, name string) string
func MakeSingleNamespaceResourceQuery(resource, namespace, name string) string
type AuditResponseV1
type Deny
type PatchOperation
type Resolution
type Resource

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// KubernetesPolicy - Matches provides an abstraction to find resources that match the (kind,
	// namespace, name) triplet.
	KubernetesPolicy = []byte(`
		package k8s
		import data.kubernetes
		
		matches[[kind, namespace, name, resource]] {
			resource := kubernetes[kind][namespace][name]
		}
	
		matches[[kind, namespace, name, resource]] {
			resource := kubernetes[kind][namespace][name].object
		}
	`)
	// PolicyMatchPolicy - policymatches provides an abstraction to find policies that match the (name).
	PolicyMatchPolicy = []byte(`
		package k8s
		import data.kubernetes.policies
		
		# Matches provides an abstraction to find policies that match the (name). 
		policymatches[[name, policy]] {
			policy := policies[name]
		}
	`)
)

Functions ¶

func MakeAuditQuery ¶

func MakeAuditQuery() string

MakeAuditQuery query for all deny (policy violations)

func MakeSingleClusterResourceQuery ¶

func MakeSingleClusterResourceQuery(resource, name string) string

MakeSingleClusterResourceQuery makes a single resource query

func MakeSingleNamespaceAuthorizationResourceQuery ¶

func MakeSingleNamespaceAuthorizationResourceQuery(resource, namespace, name string) string

MakeSingleNamespaceResourceQuery makes a single resource query For now I would keep the separation of the OPA packages here, because the values which are given later via the value just don't have the same format. But at least the rules have a similar structure now.

func MakeSingleNamespaceResourceQuery ¶

func MakeSingleNamespaceResourceQuery(resource, namespace, name string) string

MakeSingleNamespaceResourceQuery makes a single resource query

Types ¶

type AuditResponseV1 ¶

type AuditResponseV1 struct {
	Message    string `json:"message,omitempty"`
	Violations []Deny `json:"violations,omitempty"`
}

AuditResponseV1 models audit response from the server

type Deny ¶

type Deny struct {
	ID         string     `json:"id,omitempty"`
	Resource   Resource   `json:"resource,omitempty"`
	Resolution Resolution `json:"resolution,omitempty"`
}

Deny models a resource violation on the enabled policy rules

type PatchOperation ¶

type PatchOperation struct {
	Op    string      `json:"op"`
	Path  string      `json:"path"`
	Value interface{} `json:"value,omitempty"`
}

PatchOperation models a patch operation

type Resolution ¶

type Resolution struct {
	Message string           `json:"message,omitempty"`
	Patches []PatchOperation `json:"patches,omitempty"`
}

Resolution models a resolution for a resource violation on the enabled policy rules

type Resource ¶

type Resource struct {
	Kind      string `json:"kind,omitempty"`
	Namespace string `json:"namespace,omitempty"`
	Name      string `json:"name,omitempty"`
}

Resource models metadata for kubernetes resource

Source Files ¶

View all Source files

types.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL