config

package

v0.11.0 Latest Latest Go to latest Published: Dec 6, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sigstore/policy-controller

Documentation ¶

Index ¶

Constants
func ToContext(ctx context.Context, c *PolicyControllerConfig) context.Context
type PolicyControllerConfig
type Store
- func NewStore(logger configmap.Logger, onAfterStore ...func(name string, value interface{})) *Store
- func (s *Store) Load() *PolicyControllerConfig
- func (s *Store) ToContext(ctx context.Context) context.Context

Constants ¶

View Source

const (
	// PolicyControllerConfigName is the name of the configmap used to configure
	// policy-controller.
	PolicyControllerConfigName = "config-policy-controller" //nolint: gosec

	// Specifies that if an image is not found to match any policy, it should
	// be rejected.
	DenyAll = "deny"

	// Specifies that if an image is not found to match any policy, it should
	// be allowed.
	AllowAll = "allow"

	WarnAll = "warn"

	NoMatchPolicyKey = "no-match-policy"

	FailOnEmptyAuthorities = "fail-on-empty-authorities"
)

Variables ¶

This section is empty.

Functions ¶

func ToContext ¶

func ToContext(ctx context.Context, c *PolicyControllerConfig) context.Context

ToContext attaches the provided PolicyControllerConfig to the provided context, returning the new context with the Config attached.

Types ¶

type PolicyControllerConfig ¶

type PolicyControllerConfig struct {
	// NoMatchPolicy says what do in the case where an image does not match
	// any policy.
	NoMatchPolicy string `json:"no-match-policy"`
	// FailOnEmptyAuthorities configures the validating webhook to allow creating CIP without a list authorities
	FailOnEmptyAuthorities bool `json:"fail-on-empty-authorities"`
}

PolicyControllerConfig controls the behaviour of policy-controller that needs to be more flexible than requiring a controller restart. Some examples are controlling behaviour for what to do if no matching policies are found. Point is that these apply to the whole controller instead of specific CIP policies that apply only to matching images.

func FromContext ¶

func FromContext(ctx context.Context) *PolicyControllerConfig

FromContext extracts a PolicyControllerConfig from the provided context.

func FromContextOrDefaults ¶

func FromContextOrDefaults(ctx context.Context) *PolicyControllerConfig

FromContextOrDefaults is like FromContext, but when no PolicyControllerConfig is attached, it returns a PolicyControllerConfig populated with the defaults for each of the fields.

func NewPolicyControllerConfigFromConfigMap ¶

func NewPolicyControllerConfigFromConfigMap(config *corev1.ConfigMap) (*PolicyControllerConfig, error)

func NewPolicyControllerConfigFromMap ¶

func NewPolicyControllerConfigFromMap(data map[string]string) (*PolicyControllerConfig, error)

type Store ¶

type Store struct {
	*configmap.UntypedStore
}

Store is a typed wrapper around configmap.Untyped store to handle our configmaps. +k8s:deepcopy-gen=false

func NewStore ¶

func NewStore(logger configmap.Logger, onAfterStore ...func(name string, value interface{})) *Store

NewStore creates a new store of Configs and optionally calls functions when ConfigMaps are updated.

func (*Store) Load ¶

func (s *Store) Load() *PolicyControllerConfig

Load creates a PolicyControllerConfig from the current config state of the Store.

func (*Store) ToContext ¶

func (s *Store) ToContext(ctx context.Context) context.Context

ToContext attaches the current PolicyControllerConfig state to the provided context.

Source Files ¶

View all Source files

store.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL