Documentation
¶
Index ¶
- Variables
- type AdmissionWebhook
- type ValidatingWebhook
- func (w ValidatingWebhook) Authorize(apiKey string) error
- func (w ValidatingWebhook) DecodeAdmissionReviewRequest(requestBody []byte) (admissionv1.AdmissionReview, error)
- func (w ValidatingWebhook) ProcessWebhook(review admissionv1.AdmissionReview, serverURL string) (*admissionv1.AdmissionReview, error)
- type WebhookDenyRuleMatcher
Constants ¶
This section is empty.
Variables ¶
var ( // ErrAPIKeyMissing indicates that API key is missing in webhook request ErrAPIKeyMissing = fmt.Errorf("apiKey is missing in validating admission webhook url") // ErrAPIKeyEnvNotSet indicates K8S_WEBHOOK_API_KEY is not set in terrascan server env ErrAPIKeyEnvNotSet = fmt.Errorf("variable K8S_WEBHOOK_API_KEY not set in terrascan server environment") ErrUnauthorized = fmt.Errorf("invalid API key in validating admission webhook url") // ErrEmptyAdmissionReview empty admission review request ErrEmptyAdmissionReview = fmt.Errorf("empty admission review request") )
Functions ¶
This section is empty.
Types ¶
type AdmissionWebhook ¶
type AdmissionWebhook interface {
// Authorize checks if the incoming webhooks have valid apiKey
Authorize(apiKey string) error
// DecodeAdmissionReviewRequest reads the incoming admission request body
// and decodes it into an AdmissionReviewRequest struct
DecodeAdmissionReviewRequest(payload []byte) (admissionv1.AdmissionReview, error)
// ProcessWebhook processes the incoming AdmissionReview and creates
// a AdmissionResponse
ProcessWebhook(review admissionv1.AdmissionReview, serverURL string) (*admissionv1.AdmissionReview, error)
}
AdmissionWebhook interface needs to be implemented by all k8s admission webhooks i.e validating and mutating webhooks
func NewValidatingWebhook ¶
func NewValidatingWebhook(body []byte, notificationWebhookURL, notificationWebhookToken, repoURL, repoRef string) AdmissionWebhook
NewValidatingWebhook returns a new, empty ValidatingWebhook struct
type ValidatingWebhook ¶
type ValidatingWebhook struct {
// contains filtered or unexported fields
}
ValidatingWebhook handles the incoming validating admission webhook from the kubernetes API server and decides whether the admission request from the kubernetes client should be allowed or not
func (ValidatingWebhook) Authorize ¶
func (w ValidatingWebhook) Authorize(apiKey string) error
Authorize checks if the incoming webhooks have valid apiKey
func (ValidatingWebhook) DecodeAdmissionReviewRequest ¶
func (w ValidatingWebhook) DecodeAdmissionReviewRequest(requestBody []byte) (admissionv1.AdmissionReview, error)
DecodeAdmissionReviewRequest reads the incoming admission request body, decodes it and returns an AdmissionReviewRequest struct
func (ValidatingWebhook) ProcessWebhook ¶
func (w ValidatingWebhook) ProcessWebhook(review admissionv1.AdmissionReview, serverURL string) (*admissionv1.AdmissionReview, error)
ProcessWebhook processes the incoming AdmissionReview and creates a response
type WebhookDenyRuleMatcher ¶
type WebhookDenyRuleMatcher struct {
}
WebhookDenyRuleMatcher helps in matching violated rules with k8s denied admission control rules
func (*WebhookDenyRuleMatcher) Match ¶
func (g *WebhookDenyRuleMatcher) Match(violation results.Violation, denyRules config.K8sAdmissionControl) bool
Match should check if one of the violations found is relevant for the specified K8s deny rules
Source Files