Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddToManager ¶
func AddToManager(m manager.Manager, deps *Dependencies) error
AddToManager adds audit manager to the Manager.
Types ¶
type CacheLister ¶
type CacheLister struct {
// contains filtered or unexported fields
}
CacheLister lists objects from the audit controller's cache.
func NewAuditCacheLister ¶
func NewAuditCacheLister(auditCache client.Reader, lister WatchIterator) *CacheLister
NewAuditCacheLister instantiates a new AuditCache which will read objects in watched from auditCache.
func (*CacheLister) ListObjects ¶
func (l *CacheLister) ListObjects(ctx context.Context) ([]unstructured.Unstructured, error)
ListObjects lists all objects from the audit cache.
type Dependencies ¶
type Dependencies struct { Client *constraintclient.Client ProcessExcluder *process.Excluder CacheLister *CacheLister ExpansionSystem *expansion.System PubSubSystem *pubsub.System }
type LimitQueue ¶ added in v3.16.0
type LimitQueue struct {
// contains filtered or unexported fields
}
LimitQueue implements logic to ensure priority queue len <= limit in order to provide performance guarantees on heap methods.
func (*LimitQueue) Len ¶ added in v3.16.0
func (lq *LimitQueue) Len() int
func (*LimitQueue) Peek ¶ added in v3.16.0
func (lq *LimitQueue) Peek() *StatusViolation
func (*LimitQueue) Pop ¶ added in v3.16.0
func (lq *LimitQueue) Pop() *StatusViolation
func (*LimitQueue) Push ¶ added in v3.16.0
func (lq *LimitQueue) Push(x *StatusViolation)
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager allows us to audit resources periodically.
type PubsubMsg ¶
type PubsubMsg struct { ID string `json:"id,omitempty"` Details interface{} `json:"details,omitempty"` EventType string `json:"eventType,omitempty"` Group string `json:"group,omitempty"` Version string `json:"version,omitempty"` Kind string `json:"kind,omitempty"` Name string `json:"name,omitempty"` Namespace string `json:"namespace,omitempty"` Message string `json:"message,omitempty"` EnforcementAction string `json:"enforcementAction,omitempty"` EnforcementActions []string `json:"enforcementActions,omitempty"` ConstraintAnnotations map[string]string `json:"constraintAnnotations,omitempty"` ResourceGroup string `json:"resourceGroup,omitempty"` ResourceAPIVersion string `json:"resourceAPIVersion,omitempty"` ResourceKind string `json:"resourceKind,omitempty"` ResourceNamespace string `json:"resourceNamespace,omitempty"` ResourceName string `json:"resourceName,omitempty"` ResourceLabels map[string]string `json:"resourceLabels,omitempty"` }
ConstraintMsg represents publish message for each constraint.
type Result ¶
func ToResults ¶
func ToResults(obj *unstructured.Unstructured, resp *types.Responses) []Result
type SVQueue ¶ added in v3.16.0
type SVQueue []*StatusViolation
A max PriorityQueue implements heap.Interface and holds StatusViolation.
type StatusViolation ¶
type StatusViolation struct { Group string `json:"group"` Version string `json:"version"` Kind string `json:"kind"` Name string `json:"name"` Namespace string `json:"namespace,omitempty"` Message string `json:"message"` EnforcementAction string `json:"enforcementAction"` EnforcementActions []string `json:"enforcementActions,omitempty"` }
StatusViolation represents each violation under status.
type WatchIterator ¶ added in v3.14.0
type WatchIterator interface {
DoForEach(listFunc func(gvk schema.GroupVersionKind) error) error
}
wraps DoForEach from a watch.Set.