validatingadmissionpolicy

package
v0.27.0-alpha.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2023 License: Apache-2.0 Imports: 38 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PluginName indicates the name of admission plug-in
	PluginName = "ValidatingAdmissionPolicy"
)

Variables

This section is empty.

Functions

func NewPlugin 

func NewPlugin() (admission.Interface, error)

func Register 

func Register(plugins *admission.Plugins)

Register registers a plugin

Types

type CELPolicyEvaluator 

type CELPolicyEvaluator interface {
	admission.InitializationValidator

	Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
	HasSynced() bool
	Run(stopCh <-chan struct{})
}

func NewAdmissionController 

func NewAdmissionController(

	informerFactory informers.SharedInformerFactory,
	client kubernetes.Interface,
	restMapper meta.RESTMapper,
	dynamicClient dynamic.Interface,
) CELPolicyEvaluator

type Matcher added in v0.27.0 

type Matcher interface {
	admission.InitializationValidator

	// DefinitionMatches says whether this policy definition matches the provided admission
	// resource request
	DefinitionMatches(a admission.Attributes, o admission.ObjectInterfaces, definition *v1alpha1.ValidatingAdmissionPolicy) (bool, schema.GroupVersionKind, error)

	// BindingMatches says whether this policy definition matches the provided admission
	// resource request
	BindingMatches(a admission.Attributes, o admission.ObjectInterfaces, definition *v1alpha1.ValidatingAdmissionPolicyBinding) (bool, error)
}

Matcher is used for matching ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding to attributes

func NewMatcher added in v0.27.0 

func NewMatcher(m *matching.Matcher) Matcher

type PolicyDecision added in v0.27.0 

type PolicyDecision struct {
	Action     PolicyDecisionAction
	Evaluation PolicyDecisionEvaluation
	Message    string
	Reason     metav1.StatusReason
	Elapsed    time.Duration
}

PolicyDecision contains the action determined from a cel evaluation along with metadata such as message, reason and duration

type PolicyDecisionAction added in v0.27.0 

type PolicyDecisionAction string
const (
	ActionAdmit PolicyDecisionAction = "admit"
	ActionDeny  PolicyDecisionAction = "deny"
)

type PolicyDecisionEvaluation added in v0.27.0 

type PolicyDecisionEvaluation string
const (
	EvalAdmit PolicyDecisionEvaluation = "admit"
	EvalError PolicyDecisionEvaluation = "error"
	EvalDeny  PolicyDecisionEvaluation = "deny"
)

type ValidationCondition added in v0.27.0 

type ValidationCondition struct {
	Expression string
	Message    string
	Reason     *metav1.StatusReason
}

ValidationCondition contains the inputs needed to compile, evaluate and validate a cel expression

func (*ValidationCondition) GetExpression added in v0.27.0 

func (v *ValidationCondition) GetExpression() string

type Validator 

type Validator interface {
	// Validate is used to take cel evaluations and convert into decisions
	Validate(versionedAttr *generic.VersionedAttributes, versionedParams runtime.Object) []PolicyDecision
}

Validator is contains logic for converting ValidationEvaluation to PolicyDecisions

func NewValidator added in v0.27.0 

func NewValidator(filter cel.Filter, failPolicy *v1.FailurePolicyType) Validator

Source Files

View all Source files

Directories

Path Synopsis
internal
generic
Package generic contains a typed wrapper over cache SharedIndexInformer and Lister (maybe eventually should have a home there?)
 Package generic contains a typed wrapper over cache SharedIndexInformer and Lister (maybe eventually should have a home there?)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.