Documentation ¶
Index ¶
- Constants
- Variables
- func EventPackerMapFunc() handler.MapFunc
- func EventPackerMapFuncHardcodeGVK(gvk schema.GroupVersionKind) handler.MapFunc
- func GetID() string
- func GetNamespace() string
- func GetPodName() string
- func SetObjectOnDelete(req *admission.Request) error
- func UnpackRequest(r reconcile.Request) (schema.GroupVersionKind, reconcile.Request, error)
- func ValidateEnforcementAction(input EnforcementAction) error
- type EnforcementAction
- type Error
- type FlagSet
- type KindVersionName
Constants ¶
const ( // ValidCABundle is a valid CA bundle used for testing. ValidCABundle = "" /* 924-byte string literal not displayed */ )
Variables ¶
var ErrEnforcementAction = errors.New("unrecognized enforcementAction")
ErrEnforcementAction indicates the passed EnforcementAction is not valid.
var ErrInvalidPackedName = errors.New("invalid packed name, want request.Name to match 'gvk:[Kind].[Version].[Group]:[Name]'")
ErrInvalidPackedName indicates that the packed name of the request to be unpacked was invalid.
var ErrInvalidSpecEnforcementAction = errors.New("spec.enforcementAction must be a string")
ErrInvalidSpecEnforcementAction indicates that we were unable to parse the spec.enforcementAction field as it was not a string.
var ErrOldObjectIsNil = errors.New("oldObject cannot be nil for DELETE operations")
nolint: revive // Moved error out of pkg/webhook/admission; needs capitalization for backwards compat.
var KnownEnforcementActions = []EnforcementAction{Deny, Dryrun, Warn, Unrecognized}
KnownEnforcementActions are all defined EnforcementActions.
Functions ¶
func EventPackerMapFunc ¶
EventPackerMapFunc maps an event into a reconcile.Request with embedded GVK information. Must be unpacked with UnpackRequest() before use.
func EventPackerMapFuncHardcodeGVK ¶
func EventPackerMapFuncHardcodeGVK(gvk schema.GroupVersionKind) handler.MapFunc
EventPackerMapFuncHardcodeGVK accounts for the fact that typed K8s objects have no GVK associated with them by allowing the caller to set the expected GVK.
func GetNamespace ¶
func GetNamespace() string
func SetObjectOnDelete ¶
SetObjectOnDelete enforces that we use at least K8s API v1.15.0+ on DELETE operations and copies over the oldObject into the Object field for the given AdmissionRequest.
func UnpackRequest ¶
UnpackRequest unpacks the GVK from a reconcile.Request and returns the separated components. GVK is encoded as "Kind.Version.Group". Requests are expected to be in the format: {Name: "gvk:EncodedGVK:Name", Namespace: Namespace}.
func ValidateEnforcementAction ¶
func ValidateEnforcementAction(input EnforcementAction) error
Types ¶
type EnforcementAction ¶
type EnforcementAction string
EnforcementAction is the response we take to violations.
const ( Deny EnforcementAction = "deny" Dryrun EnforcementAction = "dryrun" Warn EnforcementAction = "warn" Unrecognized EnforcementAction = "unrecognized" )
The set of possible responses to policy violations.
func GetEnforcementAction ¶
func GetEnforcementAction(item map[string]interface{}) (EnforcementAction, error)
type FlagSet ¶
func NewFlagSet ¶
func NewFlagSet() FlagSet
type KindVersionName ¶
type KindVersionName struct { Group string Kind string Version string Namespace string Name string }
func GetUniqueKey ¶
func GetUniqueKey(obj unstructured.Unstructured) KindVersionName