Documentation
¶
Index ¶
- Constants
- Variables
- func EventPackerMapFunc() handler.MapFunc
- func GetID() string
- func GetNamespace() string
- func GetPodName() string
- func GetScopedEnforcementAction(item map[string]interface{}) (*[]apiconstraints.ScopedEnforcementAction, error)
- func ScopedActionForEP(enforcementPoint string, u *unstructured.Unstructured) ([]string, error)
- func UnpackRequest(r reconcile.Request) (schema.GroupVersionKind, reconcile.Request, error)
- func ValidateEnforcementAction(input EnforcementAction, item map[string]interface{}) error
- func ValidateScopedEnforcementAction(item map[string]interface{}) error
- type EnforcementAction
- type Error
- type FlagSet
- type KindVersionName
Constants ¶
View Source
const ( // WebhookEnforcementPoint is the enforcement point for admission. WebhookEnforcementPoint = "validation.gatekeeper.sh" // AuditEnforcementPoint is the enforcement point for audit. AuditEnforcementPoint = "audit.gatekeeper.sh" // GatorEnforcementPoint is the enforcement point for gator cli. GatorEnforcementPoint = "gator.gatekeeper.sh" // VAP enforcement point for ValidatingAdmissionPolicy. VAPEnforcementPoint = "vap.k8s.io" // AllEnforcementPoints indicates all enforcement points. AllEnforcementPoints = "*" )
View Source
const ( // ValidCABundle is a valid CA bundle used for testing. ValidCABundle = "" /* 924-byte string literal not displayed */ )
Variables ¶
View Source
var ErrEnforcementAction = errors.New("unrecognized enforcementAction")
ErrEnforcementAction indicates the passed EnforcementAction is not valid.
View Source
var ErrInvalidPackedName = errors.New("invalid packed name, want request.Name to match 'gvk:[Kind].[Version].[Group]:[Name]'")
ErrInvalidPackedName indicates that the packed name of the request to be unpacked was invalid.
View Source
var ErrInvalidSpecEnforcementAction = errors.New("spec.enforcementAction must be a string")
ErrInvalidSpecEnforcementAction indicates that we were unable to parse the spec.enforcementAction field as it was not a string.
View Source
var ErrInvalidSpecScopedEnforcementAction = errors.New("spec.scopedEnforcementAction must be in the format of []{action: string, enforcementPoints: []{name: string}}")
View Source
var ErrUnrecognizedEnforcementPoint = errors.New("unrecognized enforcement points")
View Source
var KnownEnforcementActions = []EnforcementAction{Deny, Dryrun, Warn, Scoped, Unrecognized}
KnownEnforcementActions are all defined EnforcementActions.
Functions ¶
func EventPackerMapFunc ¶
EventPackerMapFunc maps an event into a reconcile.Request with embedded GVK information. Must be unpacked with UnpackRequest() before use.
func GetNamespace ¶
func GetNamespace() string
func GetScopedEnforcementAction ¶ added in v3.17.0
func GetScopedEnforcementAction(item map[string]interface{}) (*[]apiconstraints.ScopedEnforcementAction, error)
func ScopedActionForEP ¶ added in v3.17.0
func ScopedActionForEP(enforcementPoint string, u *unstructured.Unstructured) ([]string, error)
func UnpackRequest ¶
UnpackRequest unpacks the GVK from a reconcile.Request and returns the separated components. GVK is encoded as "Kind.Version.Group". Requests are expected to be in the format: {Name: "gvk:EncodedGVK:Name", Namespace: Namespace}.
func ValidateEnforcementAction ¶
func ValidateEnforcementAction(input EnforcementAction, item map[string]interface{}) error
func ValidateScopedEnforcementAction ¶ added in v3.17.0
Types ¶
type EnforcementAction ¶
type EnforcementAction string
EnforcementAction is the response we take to violations.
const ( Deny EnforcementAction = "deny" Dryrun EnforcementAction = "dryrun" Warn EnforcementAction = "warn" Scoped EnforcementAction = "scoped" Unrecognized EnforcementAction = "unrecognized" )
The set of possible responses to policy violations.
func GetEnforcementAction ¶
func GetEnforcementAction(item map[string]interface{}) (EnforcementAction, error)
type FlagSet ¶
func NewFlagSet ¶
func NewFlagSet() FlagSet
type KindVersionName ¶
type KindVersionName struct {
Group string
Kind string
Version string
Namespace string
Name string
}
func GetUniqueKey ¶
func GetUniqueKey(obj unstructured.Unstructured) KindVersionName
Source Files
Click to show internal directories.
Click to hide internal directories.