Documentation
¶
Index ¶
- Constants
- Variables
- func ApplyObjectDefaults(scheme runtime.Scheme, object *unstructured.Unstructured) error
- func EquivalentReplicatedPolicies(plc1 *policiesv1.Policy, plc2 *policiesv1.Policy) bool
- func EventReason(ns, name string) string
- func GVRFromGVK(discoveryClient discovery.DiscoveryInterface, gvk schema.GroupVersionKind) (schema.GroupVersionResource, bool, error)
- func IsAllowedPolicy(targetGVK schema.GroupKind) bool
- type ComplianceAPIEvent
- type ComplianceAPIEventCluster
- type ComplianceAPIEventPolicyID
- type ComplianceAPIEventRequest
- type ComplianceEventSender
- type ErrList
Constants ¶
const ( GConstraint = "constraints.gatekeeper.sh" PolicyFmtStr = "policy: %s/%s" PolicyClusterScopedFmtStr = "policy: %s" ClusterwideFinalizer = common.APIGroup + "/cleanup-cluster-scoped-policies" ParentPolicyLabel = common.APIGroup + "/policy" PolicyTypeLabel = common.APIGroup + "/policy-type" PolicyDBIDAnnotation string = "policy.open-cluster-management.io/policy-compliance-db-id" ParentDBIDAnnotation string = "policy.open-cluster-management.io/parent-policy-compliance-db-id" )
Variables ¶
var ( GvkConstraintTemplate = schema.GroupKind{ Group: "templates.gatekeeper.sh", Kind: "ConstraintTemplate", } ErrNoVersionedResource = errors.New("the resource version was not found") )
Functions ¶
func ApplyObjectDefaults ¶
func ApplyObjectDefaults(scheme runtime.Scheme, object *unstructured.Unstructured) error
ApplyObjectDefaults marshals an object to JSON using its scheme in order to fill in default fields that would be added on applying the object to the cluster.
func EquivalentReplicatedPolicies ¶
func EquivalentReplicatedPolicies(plc1 *policiesv1.Policy, plc2 *policiesv1.Policy) bool
EquivalentReplicatedPolicies compares replicated policies. Returns true if they match. (Comparing labels is skipped here in part because in hosted mode the cluster-namespace label likely will not match.)
func EventReason ¶
func GVRFromGVK ¶
func GVRFromGVK( discoveryClient discovery.DiscoveryInterface, gvk schema.GroupVersionKind, ) ( schema.GroupVersionResource, bool, error, )
GVRFromGVK uses the discovery client to get the versioned resource and determines if the resource is namespaced. If the resource is not found or could not be retrieved, an error is always returned.
func IsAllowedPolicy ¶
IsAllowedPolicy returns a boolean whether a given GroupKind is present on the explicit allow list.
Types ¶
type ComplianceAPIEvent ¶ added in v0.13.0
type ComplianceAPIEvent struct {
Compliance policiesv1.ComplianceState `json:"compliance"`
Message string `json:"message"`
Timestamp string `json:"timestamp"`
ReportedBy string `json:"reported_by"` //nolint:tagliatelle
}
type ComplianceAPIEventCluster ¶ added in v0.13.0
type ComplianceAPIEventPolicyID ¶ added in v0.13.0
type ComplianceAPIEventPolicyID struct {
ID int32 `json:"id"`
}
type ComplianceAPIEventRequest ¶ added in v0.13.0
type ComplianceAPIEventRequest struct {
UID types.UID `json:"-"`
Cluster ComplianceAPIEventCluster `json:"cluster"`
Policy ComplianceAPIEventPolicyID `json:"policy"`
ParentPolicy *ComplianceAPIEventPolicyID `json:"parent_policy,omitempty"` //nolint:tagliatelle
Event ComplianceAPIEvent `json:"event"`
}
func GenerateDisabledEvent ¶ added in v0.13.0
func GenerateDisabledEvent( parentPolicy *policiesv1.Policy, template *unstructured.Unstructured, msg string, ) (ComplianceAPIEventRequest, error)
type ComplianceEventSender ¶
type ComplianceEventSender struct {
ClusterNamespace string
InstanceName string
ClientSet *kubernetes.Clientset
ControllerName string
}
ComplianceEventSender handles sending policy template status events in the correct format.
func (*ComplianceEventSender) SendEvent ¶
func (c *ComplianceEventSender) SendEvent( ctx context.Context, instance client.Object, owner metav1.OwnerReference, reason string, msg string, compliance policyv1.ComplianceState, ) error
SendEvent will send a policy template status message update synchronously as opposed to EventRecorder sending events in the background asynchronously.
Source Files