policy

package

v1.0.0 Latest Latest Go to latest Published: Dec 5, 2019 License: Apache-2.0 Imports: 37 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/shravanshetty1/kyverno

Documentation ¶

Index ¶

func RecheckDeletionTimestamp(getObject func() (metav1.Object, error)) func() error
type BaseControllerRefManager
- func (m *BaseControllerRefManager) CanAdopt() error
- func (m *BaseControllerRefManager) ClaimObject(obj metav1.Object, match func(metav1.Object) bool, ...) (bool, error)
type Condition
type PVControlInterface
type PolicyController
- func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.Client, ...) (*PolicyController, error)
- func (pc *PolicyController) GetPolicyStatusAggregator() PolicyStatusInterface
- func (pc *PolicyController) Run(workers int, stopCh <-chan struct{})
type PolicyStat
type PolicyStatInfo
type PolicyStatusAggregator
- func NewPolicyStatAggregator(client *kyvernoclient.Clientset) *PolicyStatusAggregator
- func (psa *PolicyStatusAggregator) GetPolicyStats(policyName string) PolicyStatInfo
- func (psa *PolicyStatusAggregator) RemovePolicyStats(policyName string)
- func (psa *PolicyStatusAggregator) Run(workers int, stopCh <-chan struct{})
- func (psa *PolicyStatusAggregator) SendStat(stat PolicyStat)
type PolicyStatusInterface
type PolicyViolationControllerRefManager
- func NewPolicyViolationControllerRefManager(pvControl PVControlInterface, controller metav1.Object, ...) *PolicyViolationControllerRefManager
type RealPVControl
- func (r RealPVControl) DeleteNamespacedPolicyViolation(ns, name string) error
- func (r RealPVControl) DeletePolicyViolation(name string) error
- func (r RealPVControl) PatchNamespacedPolicyViolation(ns, name string, data []byte) error
- func (r RealPVControl) PatchPolicyViolation(name string, data []byte) error
type ResourceManager
- func NewResourceManager(rebuildTime int64) *ResourceManager
- func (rm *ResourceManager) Drop()
- func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool
- func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)
type RuleStatinfo

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RecheckDeletionTimestamp ¶

func RecheckDeletionTimestamp(getObject func() (metav1.Object, error)) func() error

RecheckDeletionTimestamp returns a CanAdopt() function to recheck deletion.

The CanAdopt() function calls getObject() to fetch the latest value, and denies adoption attempts if that object has a non-nil DeletionTimestamp.

Types ¶

type BaseControllerRefManager ¶

type BaseControllerRefManager struct {
	Controller metav1.Object
	Selector   labels.Selector

	CanAdoptFunc func() error
	// contains filtered or unexported fields
}

BaseControllerRefManager ...

func (*BaseControllerRefManager) CanAdopt ¶

func (m *BaseControllerRefManager) CanAdopt() error

CanAdopt ...

func (*BaseControllerRefManager) ClaimObject ¶

func (m *BaseControllerRefManager) ClaimObject(obj metav1.Object, match func(metav1.Object) bool, adopt, release func(metav1.Object) error) (bool, error)

ClaimObject ...

type Condition ¶ added in v0.9.1

type Condition int

const (
	NotEvaluate Condition = 0
	Process     Condition = 1
	Skip        Condition = 2
)

type PVControlInterface ¶

type PVControlInterface interface {
	PatchPolicyViolation(name string, data []byte) error
	DeletePolicyViolation(name string) error

	PatchNamespacedPolicyViolation(ns, name string, data []byte) error
	DeleteNamespacedPolicyViolation(ns, name string) error
}

PVControlInterface provides interface to operate on policy violation resource

type PolicyController ¶

type PolicyController struct {
	// contains filtered or unexported fields
}

PolicyController is responsible for synchronizing Policy objects stored in the system with the corresponding policy violations

func NewPolicyController ¶

func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.Client, pInformer kyvernoinformer.ClusterPolicyInformer,
	pvInformer kyvernoinformer.ClusterPolicyViolationInformer, nspvInformer kyvernoinformer.NamespacedPolicyViolationInformer,
	eventGen event.Interface, webhookInformer webhookinformer.MutatingWebhookConfigurationInformer,
	webhookRegistrationClient *webhookconfig.WebhookRegistrationClient, configHandler config.Interface,
	pvGenerator policyviolation.GeneratorInterface,
	pMetaStore policystore.UpdateInterface) (*PolicyController, error)

NewPolicyController create a new PolicyController

func (*PolicyController) GetPolicyStatusAggregator ¶

func (pc *PolicyController) GetPolicyStatusAggregator() PolicyStatusInterface

GetPolicyStatusAggregator returns interface to send policy status stats

func (*PolicyController) Run ¶

func (pc *PolicyController) Run(workers int, stopCh <-chan struct{})

Run begins watching and syncing.

type PolicyStat ¶

type PolicyStat struct {
	PolicyName string
	Stats      PolicyStatInfo
}

PolicyStat stored stats for policy

type PolicyStatInfo ¶

type PolicyStatInfo struct {
	MutationExecutionTime   time.Duration
	ValidationExecutionTime time.Duration
	GenerationExecutionTime time.Duration
	RulesAppliedCount       int
	ResourceBlocked         int
	Rules                   []RuleStatinfo
}

type PolicyStatusAggregator ¶

type PolicyStatusAggregator struct {
	// contains filtered or unexported fields
}

PolicyStatusAggregator stores information abt aggregation

func NewPolicyStatAggregator ¶

func NewPolicyStatAggregator(client *kyvernoclient.Clientset) *PolicyStatusAggregator

NewPolicyStatAggregator returns a new policy status

func (*PolicyStatusAggregator) GetPolicyStats ¶

func (psa *PolicyStatusAggregator) GetPolicyStats(policyName string) PolicyStatInfo

GetPolicyStats returns the policy stats

func (*PolicyStatusAggregator) RemovePolicyStats ¶

func (psa *PolicyStatusAggregator) RemovePolicyStats(policyName string)

RemovePolicyStats rmves policy stats records

func (*PolicyStatusAggregator) Run ¶

func (psa *PolicyStatusAggregator) Run(workers int, stopCh <-chan struct{})

Run begins aggregator

func (*PolicyStatusAggregator) SendStat ¶

func (psa *PolicyStatusAggregator) SendStat(stat PolicyStat)

SendStat sends the stat information for aggregation

type PolicyStatusInterface ¶

type PolicyStatusInterface interface {
	SendStat(stat PolicyStat)
}

PolicyStatusInterface provides methods to modify policyStatus

type PolicyViolationControllerRefManager ¶

type PolicyViolationControllerRefManager struct {
	BaseControllerRefManager
	// contains filtered or unexported fields
}

PolicyViolationControllerRefManager manages adoption of policy violation by a policy

func NewPolicyViolationControllerRefManager ¶

func NewPolicyViolationControllerRefManager(
	pvControl PVControlInterface,
	controller metav1.Object,
	selector labels.Selector,
	controllerKind schema.GroupVersionKind,
	canAdopt func() error,
) *PolicyViolationControllerRefManager

NewPolicyViolationControllerRefManager returns new PolicyViolationControllerRefManager

type RealPVControl ¶

type RealPVControl struct {
	Client   kyvernoclient.Interface
	Recorder record.EventRecorder
}

RealPVControl is the default implementation of PVControlInterface.

func (RealPVControl) DeleteNamespacedPolicyViolation ¶ added in v1.0.0

func (r RealPVControl) DeleteNamespacedPolicyViolation(ns, name string) error

DeleteNamespacedPolicyViolation deletes the namespaced policy violation

func (RealPVControl) DeletePolicyViolation ¶ added in v0.10.0

func (r RealPVControl) DeletePolicyViolation(name string) error

DeletePolicyViolation deletes the policy violation

func (RealPVControl) PatchNamespacedPolicyViolation ¶ added in v1.0.0

func (r RealPVControl) PatchNamespacedPolicyViolation(ns, name string, data []byte) error

PatchNamespacedPolicyViolation patches the namespaced policy violation with the provided JSON Patch

func (RealPVControl) PatchPolicyViolation ¶

func (r RealPVControl) PatchPolicyViolation(name string, data []byte) error

PatchPolicyViolation patches the policy violation with the provided JSON Patch

type ResourceManager ¶

type ResourceManager struct {
	// contains filtered or unexported fields
}

ResourceManager stores the details on already processed resources for caching

func NewResourceManager ¶

func NewResourceManager(rebuildTime int64) *ResourceManager

NewResourceManager returns a new ResourceManager

func (*ResourceManager) Drop ¶

func (rm *ResourceManager) Drop()

Drop drop the cache after every rebuild interval mins TODO: or drop based on the size

func (*ResourceManager) ProcessResource ¶

func (rm *ResourceManager) ProcessResource(policy, pv, kind, ns, name, rv string) bool

ProcessResource returns true if the policy was not applied on the resource

func (*ResourceManager) RegisterResource ¶

func (rm *ResourceManager) RegisterResource(policy, pv, kind, ns, name, rv string)

RegisterResource stores if the policy is processed on this resource version

type RuleStatinfo ¶ added in v0.9.1

type RuleStatinfo struct {
	RuleName         string
	ExecutionTime    time.Duration
	RuleAppliedCount int
	RulesFailedCount int
	MutationCount    int
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL