Documentation
¶
Index ¶
- Constants
- func NewPlugin() (admission.Interface, error)
- func Register(plugins *admission.Plugins)
- type CELPolicyEvaluator
- type CELValidator
- type CELValidatorCompiler
- func (c *CELValidatorCompiler) BindingMatches(a admission.Attributes, o admission.ObjectInterfaces, ...) (bool, error)
- func (c *CELValidatorCompiler) Compile(p *v1alpha1.ValidatingAdmissionPolicy) Validator
- func (c *CELValidatorCompiler) DefinitionMatches(a admission.Attributes, o admission.ObjectInterfaces, ...) (bool, schema.GroupVersionKind, error)
- func (c *CELValidatorCompiler) ValidateInitialization() error
- type CompilationResult
- type Validator
- type ValidatorCompiler
Constants ¶
const ( ObjectVarName = "object" OldObjectVarName = "oldObject" ParamsVarName = "params" RequestVarName = "request" )
const (
// PluginName indicates the name of admission plug-in
PluginName = "ValidatingAdmissionPolicy"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CELPolicyEvaluator ¶
type CELPolicyEvaluator interface {
admission.InitializationValidator
Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
HasSynced() bool
Run(stopCh <-chan struct{})
}
func NewAdmissionController ¶
func NewAdmissionController( informerFactory informers.SharedInformerFactory, client kubernetes.Interface, restMapper meta.RESTMapper, dynamicClient dynamic.Interface, ) CELPolicyEvaluator
type CELValidator ¶
type CELValidator struct {
// contains filtered or unexported fields
}
CELValidator implements the Validator interface
func (*CELValidator) Validate ¶
func (v *CELValidator) Validate(a admission.Attributes, o admission.ObjectInterfaces, versionedParams runtime.Object, matchKind schema.GroupVersionKind) ([]policyDecision, error)
Validate validates all cel expressions in Validator and returns a PolicyDecision for each CEL expression or returns an error. An error will be returned if failed to convert the object/oldObject/params/request to unstructured. Each PolicyDecision will have a decision and a message. policyDecision.message will be empty if the decision is allowed and no error met.
type CELValidatorCompiler ¶
CELValidatorCompiler implement the interface ValidatorCompiler.
func (*CELValidatorCompiler) BindingMatches ¶
func (c *CELValidatorCompiler) BindingMatches(a admission.Attributes, o admission.ObjectInterfaces, binding *v1alpha1.ValidatingAdmissionPolicyBinding) (bool, error)
BindingMatches returns whether this ValidatingAdmissionPolicyBinding matches the provided admission resource request
func (*CELValidatorCompiler) Compile ¶
func (c *CELValidatorCompiler) Compile(p *v1alpha1.ValidatingAdmissionPolicy) Validator
Compile compiles the cel expression defined in ValidatingAdmissionPolicy
func (*CELValidatorCompiler) DefinitionMatches ¶
func (c *CELValidatorCompiler) DefinitionMatches(a admission.Attributes, o admission.ObjectInterfaces, definition *v1alpha1.ValidatingAdmissionPolicy) (bool, schema.GroupVersionKind, error)
DefinitionMatches returns whether this ValidatingAdmissionPolicy matches the provided admission resource request
func (*CELValidatorCompiler) ValidateInitialization ¶
func (c *CELValidatorCompiler) ValidateInitialization() error
ValidateInitialization checks if Matcher is initialized.
type CompilationResult ¶
type CompilationResult struct {
Program cel.Program
Error *apiservercel.Error
}
CompilationResult represents a compiled ValidatingAdmissionPolicy validation expression.
func CompileValidatingPolicyExpression ¶
func CompileValidatingPolicyExpression(validationExpression string, hasParams bool) CompilationResult
CompileValidatingPolicyExpression returns a compiled vaalidating policy CEL expression.
type Validator ¶
type Validator interface {
Validate(a admission.Attributes, o admission.ObjectInterfaces, versionedParams runtime.Object, matchKind schema.GroupVersionKind) ([]policyDecision, error)
}
Validator defines the func used to validate the cel expressions matchKind provides the GroupVersionKind that the object should be validated by CEL expressions as.
type ValidatorCompiler ¶
type ValidatorCompiler interface {
admission.InitializationValidator
// Matches says whether this policy definition matches the provided admission
// resource request
DefinitionMatches(a admission.Attributes, o admission.ObjectInterfaces, definition *v1alpha1.ValidatingAdmissionPolicy) (bool, schema.GroupVersionKind, error)
// Matches says whether this policy definition matches the provided admission
// resource request
BindingMatches(a admission.Attributes, o admission.ObjectInterfaces, definition *v1alpha1.ValidatingAdmissionPolicyBinding) (bool, error)
// Compile is used for the cel expression compilation
Compile(
policy *v1alpha1.ValidatingAdmissionPolicy,
) Validator
}
ValidatorCompiler is Dependency Injected into the PolicyDefinition's `Compile` function to assist with converting types and values to/from CEL-typed values.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
generic
Package generic contains a typed wrapper over cache SharedIndexInformer and Lister (maybe eventually should have a home there?)
|
Package generic contains a typed wrapper over cache SharedIndexInformer and Lister (maybe eventually should have a home there?) |