util

package
v3.19.0-beta.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2024 License: Apache-2.0 Imports: 14 Imported by: 1

Documentation

Index

Constants

View Source
const (
	// WebhookEnforcementPoint is the enforcement point for admission.
	WebhookEnforcementPoint = "validation.gatekeeper.sh"

	// AuditEnforcementPoint is the enforcement point for audit.
	AuditEnforcementPoint = "audit.gatekeeper.sh"

	// GatorEnforcementPoint is the enforcement point for gator cli.
	GatorEnforcementPoint = "gator.gatekeeper.sh"

	// VAP enforcement point for ValidatingAdmissionPolicy.
	VAPEnforcementPoint = "vap.k8s.io"

	// AllEnforcementPoints indicates all enforcement points.
	AllEnforcementPoints = "*"
)
View Source
const (
	// ValidCABundle is a valid CA bundle used for testing.
	ValidCABundle = "" /* 924-byte string literal not displayed */
)

Variables

View Source
var ErrEnforcementAction = errors.New("unrecognized enforcementAction")

ErrEnforcementAction indicates the passed EnforcementAction is not valid.

View Source
var ErrInvalidPackedName = errors.New("invalid packed name, want request.Name to match 'gvk:[Kind].[Version].[Group]:[Name]'")

ErrInvalidPackedName indicates that the packed name of the request to be unpacked was invalid.

View Source
var ErrInvalidSpecEnforcementAction = errors.New("spec.enforcementAction must be a string")

ErrInvalidSpecEnforcementAction indicates that we were unable to parse the spec.enforcementAction field as it was not a string.

View Source
var ErrInvalidSpecScopedEnforcementAction = errors.New("spec.scopedEnforcementAction must be in the format of []{action: string, enforcementPoints: []{name: string}}")
View Source
var ErrUnrecognizedEnforcementPoint = errors.New("unrecognized enforcement points")
View Source
var KnownEnforcementActions = []EnforcementAction{Deny, Dryrun, Warn, Scoped, Unrecognized}

KnownEnforcementActions are all defined EnforcementActions.

Functions

func EventPackerMapFunc

func EventPackerMapFunc() handler.MapFunc

EventPackerMapFunc maps an event into a reconcile.Request with embedded GVK information. Must be unpacked with UnpackRequest() before use.

func GetID

func GetID() string

GetID returns a unique name for the Gatekeeper pod.

func GetNamespace

func GetNamespace() string

func GetPodName

func GetPodName() string

GetPodName returns the name of the Gatekeeper pod.

func GetScopedEnforcementAction added in v3.17.0

func GetScopedEnforcementAction(item map[string]interface{}) (*[]apiconstraints.ScopedEnforcementAction, error)

func ScopedActionForEP added in v3.17.0

func ScopedActionForEP(enforcementPoint string, u *unstructured.Unstructured) ([]string, error)

func UnpackRequest

UnpackRequest unpacks the GVK from a reconcile.Request and returns the separated components. GVK is encoded as "Kind.Version.Group". Requests are expected to be in the format: {Name: "gvk:EncodedGVK:Name", Namespace: Namespace}.

func ValidateEnforcementAction

func ValidateEnforcementAction(input EnforcementAction, item map[string]interface{}) error

func ValidateScopedEnforcementAction added in v3.17.0

func ValidateScopedEnforcementAction(item map[string]interface{}) error

Types

type EnforcementAction

type EnforcementAction string

EnforcementAction is the response we take to violations.

const (
	Deny         EnforcementAction = "deny"
	Dryrun       EnforcementAction = "dryrun"
	Warn         EnforcementAction = "warn"
	Scoped       EnforcementAction = "scoped"
	Unrecognized EnforcementAction = "unrecognized"
)

The set of possible responses to policy violations.

func GetEnforcementAction

func GetEnforcementAction(item map[string]interface{}) (EnforcementAction, error)

type Error

type Error string

func (Error) Error

func (e Error) Error() string

type FlagSet

type FlagSet map[string]bool

func NewFlagSet

func NewFlagSet() FlagSet

func (FlagSet) Set

func (l FlagSet) Set(s string) error

func (FlagSet) String

func (l FlagSet) String() string

func (FlagSet) ToSlice

func (l FlagSet) ToSlice() []string

type KindVersionName

type KindVersionName struct {
	Group     string
	Kind      string
	Version   string
	Namespace string
	Name      string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL