policy

package
v0.17.16 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2020 License: Apache-2.0 Imports: 14 Imported by: 153

Documentation

Index

Constants

View Source
const (
	// DefaultAuditLevel is the default level to audit at, if no policy rules are matched.
	DefaultAuditLevel = audit.LevelNone
)

Variables

This section is empty.

Functions

func AllLevels

func AllLevels() sets.String

AllLevels returns all possible levels

func AllStages

func AllStages() sets.String

AllStages returns all possible stages

func ConvertDynamicPolicyToInternal

func ConvertDynamicPolicyToInternal(p *v1alpha1.Policy) *audit.Policy

ConvertDynamicPolicyToInternal constructs an internal policy type from a v1alpha1 dynamic type

func ConvertStagesToStrings

func ConvertStagesToStrings(stages []audit.Stage) []string

ConvertStagesToStrings converts an array of stages to a string array

func ConvertStringSetToStages

func ConvertStringSetToStages(set sets.String) []audit.Stage

ConvertStringSetToStages converts a string set to an array of stages

func EnforcePolicy

func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)

EnforcePolicy drops any part of the event that doesn't conform to a policy level or omitStages and sets the event level accordingly

func InvertStages

func InvertStages(stages []audit.Stage) []audit.Stage

InvertStages subtracts the given array of stages from all stages

func LoadPolicyFromBytes

func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)

func LoadPolicyFromFile

func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)

Types

type Checker

type Checker interface {
	// Check the audit level for a request with the given authorizer attributes.
	LevelAndStages(authorizer.Attributes) (audit.Level, []audit.Stage)
}

Checker exposes methods for checking the policy rules.

func FakeChecker

func FakeChecker(level audit.Level, stage []audit.Stage) Checker

FakeChecker creates a checker that returns a constant level for all requests (for testing).

func NewChecker

func NewChecker(policy *audit.Policy) Checker

NewChecker creates a new policy checker.

func NewDynamicChecker

func NewDynamicChecker() Checker

NewDynamicChecker returns a new dynamic policy checker

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL