validatingadmissionpolicy

package
v0.26.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 17, 2023 License: Apache-2.0 Imports: 41 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ObjectVarName    = "object"
	OldObjectVarName = "oldObject"
	ParamsVarName    = "params"
	RequestVarName   = "request"
)
View Source
const (
	// PluginName indicates the name of admission plug-in
	PluginName = "ValidatingAdmissionPolicy"
)

Variables

This section is empty.

Functions

func NewPlugin

func NewPlugin() (admission.Interface, error)

func Register

func Register(plugins *admission.Plugins)

Register registers a plugin

Types

type CELPolicyEvaluator

type CELPolicyEvaluator interface {
	admission.InitializationValidator

	Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
	HasSynced() bool
	Run(stopCh <-chan struct{})
}

func NewAdmissionController

func NewAdmissionController(

	informerFactory informers.SharedInformerFactory,
	client kubernetes.Interface,
	restMapper meta.RESTMapper,
	dynamicClient dynamic.Interface,
) CELPolicyEvaluator

type CELValidator

type CELValidator struct {
	// contains filtered or unexported fields
}

CELValidator implements the Validator interface

func (*CELValidator) Validate

func (v *CELValidator) Validate(a admission.Attributes, o admission.ObjectInterfaces, versionedParams runtime.Object, matchKind schema.GroupVersionKind) ([]policyDecision, error)

Validate validates all cel expressions in Validator and returns a PolicyDecision for each CEL expression or returns an error. An error will be returned if failed to convert the object/oldObject/params/request to unstructured. Each PolicyDecision will have a decision and a message. policyDecision.message will be empty if the decision is allowed and no error met.

type CELValidatorCompiler

type CELValidatorCompiler struct {
	Matcher *matching.Matcher
}

CELValidatorCompiler implement the interface ValidatorCompiler.

func (*CELValidatorCompiler) BindingMatches

BindingMatches returns whether this ValidatingAdmissionPolicyBinding matches the provided admission resource request

func (*CELValidatorCompiler) Compile

Compile compiles the cel expression defined in ValidatingAdmissionPolicy

func (*CELValidatorCompiler) DefinitionMatches

DefinitionMatches returns whether this ValidatingAdmissionPolicy matches the provided admission resource request

func (*CELValidatorCompiler) ValidateInitialization

func (c *CELValidatorCompiler) ValidateInitialization() error

ValidateInitialization checks if Matcher is initialized.

type CompilationResult

type CompilationResult struct {
	Program cel.Program
	Error   *apiservercel.Error
}

CompilationResult represents a compiled ValidatingAdmissionPolicy validation expression.

func CompileValidatingPolicyExpression

func CompileValidatingPolicyExpression(validationExpression string, hasParams bool) CompilationResult

CompileValidatingPolicyExpression returns a compiled vaalidating policy CEL expression.

type Validator

type Validator interface {
	Validate(a admission.Attributes, o admission.ObjectInterfaces, versionedParams runtime.Object, matchKind schema.GroupVersionKind) ([]policyDecision, error)
}

Validator defines the func used to validate the cel expressions matchKind provides the GroupVersionKind that the object should be validated by CEL expressions as.

type ValidatorCompiler

type ValidatorCompiler interface {
	admission.InitializationValidator

	// Matches says whether this policy definition matches the provided admission
	// resource request
	DefinitionMatches(a admission.Attributes, o admission.ObjectInterfaces, definition *v1alpha1.ValidatingAdmissionPolicy) (bool, schema.GroupVersionKind, error)

	// Matches says whether this policy definition matches the provided admission
	// resource request
	BindingMatches(a admission.Attributes, o admission.ObjectInterfaces, definition *v1alpha1.ValidatingAdmissionPolicyBinding) (bool, error)

	// Compile is used for the cel expression compilation
	Compile(
		policy *v1alpha1.ValidatingAdmissionPolicy,
	) Validator
}

ValidatorCompiler is Dependency Injected into the PolicyDefinition's `Compile` function to assist with converting types and values to/from CEL-typed values.

Directories

Path Synopsis
internal
generic
Package generic contains a typed wrapper over cache SharedIndexInformer and Lister (maybe eventually should have a home there?)
Package generic contains a typed wrapper over cache SharedIndexInformer and Lister (maybe eventually should have a home there?)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL