Documentation
¶
Overview ¶
+kubebuilder:skip
Index ¶
- Constants
- Variables
- func CalculatePerClusterStatus(ctx context.Context, c client.Client, rootPolicy *policiesv1.Policy, ...) ([]*policiesv1.CompliancePerClusterStatus, error)
- func CalculateRootCompliance(clusters []*policiesv1.CompliancePerClusterStatus) policiesv1.ComplianceState
- func FindNonCompliantClustersForPolicy(plc *policiesv1.Policy) []string
- func FullNameForPolicy(plc *policiesv1.Policy) string
- func GetAffectedObjs[T comparable](oldObjs []T, newObjs []T) []T
- func GetDecisions(ctx context.Context, c client.Client, pb *policiesv1.PlacementBinding) ([]string, error)
- func GetPoliciesInPlacementBinding(ctx context.Context, c client.Client, pb *policiesv1.PlacementBinding) []reconcile.Request
- func GetPolicyPlacementDecisions(ctx context.Context, c client.Client, instance *policiesv1.Policy, ...) (clusterDecisions []string, placements []*policiesv1.Placement, err error)
- func GetRepPoliciesInPlacementBinding(ctx context.Context, c client.Client, pb *policiesv1.PlacementBinding) []reconcile.Request
- func GetRootPolicyRequests(ctx context.Context, c client.Client, namespace, placementRefName string, ...) ([]reconcile.Request, error)
- func HasValidPlacementRef(pb *policiesv1.PlacementBinding) bool
- func IsForPolicyOrPolicySet(pb *policiesv1.PlacementBinding) bool
- func IsInClusterNamespace(ctx context.Context, c client.Client, ns string) (bool, error)
- func IsPbForPolicySet(pb *policiesv1.PlacementBinding) bool
- func IsPolicyInPolicySet(ctx context.Context, c client.Client, ...) bool
- func IsReplicatedPolicy(ctx context.Context, c client.Client, policy client.Object) (bool, error)
- func LabelsForRootPolicy(plc *policiesv1.Policy) map[string]string
- func MapToRootPolicy(c client.Client) handler.MapFunc
- func ParseRootPolicyLabel(rootPlc string) (name, namespace string, err error)
- func TypeConverter(a, b interface{}) error
- type DecisionSet
- type EnqueueRequestsFromMapFunc
- func (e *EnqueueRequestsFromMapFunc) Create(ctx context.Context, evt event.CreateEvent, ...)
- func (e *EnqueueRequestsFromMapFunc) Delete(ctx context.Context, evt event.DeleteEvent, ...)
- func (e *EnqueueRequestsFromMapFunc) Generic(ctx context.Context, evt event.GenericEvent, ...)
- func (e *EnqueueRequestsFromMapFunc) Update(ctx context.Context, evt event.UpdateEvent, ...)
- type EnqueueRequestsFromPolicySet
- func (e *EnqueueRequestsFromPolicySet) Create(_ context.Context, evt event.CreateEvent, ...)
- func (e *EnqueueRequestsFromPolicySet) Delete(_ context.Context, evt event.DeleteEvent, ...)
- func (e *EnqueueRequestsFromPolicySet) Generic(_ context.Context, evt event.GenericEvent, ...)
- func (e *EnqueueRequestsFromPolicySet) Update(_ context.Context, evt event.UpdateEvent, ...)
- type GuttedObject
- type PlacementRefKinds
Constants ¶
Variables ¶
var (
ErrInvalidLabelValue = errors.New("unexpected format of label value")
)
var NeverEnqueue = predicate.NewPredicateFuncs(func(o client.Object) bool { return false })
Functions ¶
func CalculatePerClusterStatus ¶ added in v0.13.0
func CalculatePerClusterStatus( ctx context.Context, c client.Client, rootPolicy *policiesv1.Policy, decisions DecisionSet, ) ([]*policiesv1.CompliancePerClusterStatus, error)
CalculatePerClusterStatus lists up all policies replicated from the input policy, and stores their compliance states in the result list. The result is sorted by cluster name. An error will be returned if lookup of a replicated policy fails, but all lookups will still be attempted.
func CalculateRootCompliance ¶ added in v0.13.0
func CalculateRootCompliance(clusters []*policiesv1.CompliancePerClusterStatus) policiesv1.ComplianceState
CalculateRootCompliance uses the input per-cluster statuses to determine what a root policy's ComplianceState should be. General precedence is: NonCompliant > Pending > Unknown > Compliant.
func FindNonCompliantClustersForPolicy ¶
func FindNonCompliantClustersForPolicy(plc *policiesv1.Policy) []string
FindNonCompliantClustersForPolicy returns cluster in noncompliant status with given policy
func FullNameForPolicy ¶
func FullNameForPolicy(plc *policiesv1.Policy) string
fullNameForPolicy returns the fully qualified name for given policy full qualified name: ${namespace}.${name}
func GetAffectedObjs ¶ added in v0.13.0
func GetAffectedObjs[T comparable](oldObjs []T, newObjs []T) []T
Select objects that are deleted or created
func GetDecisions ¶ added in v0.12.0
func GetDecisions( ctx context.Context, c client.Client, pb *policiesv1.PlacementBinding, ) ([]string, error)
GetDecisions returns the placement decisions from the Placement or PlacementRule referred to by the PlacementBinding
func GetPoliciesInPlacementBinding ¶ added in v0.12.0
func GetPoliciesInPlacementBinding( ctx context.Context, c client.Client, pb *policiesv1.PlacementBinding, ) []reconcile.Request
GetPoliciesInPlacementBinding returns a list of the Policies that are either direct subjects of the given PlacementBinding, or are in PolicySets that are subjects of the PlacementBinding. The list items are guaranteed to be unique (for example if a policy is in multiple sets).
func GetPolicyPlacementDecisions ¶ added in v0.13.0
func GetPolicyPlacementDecisions(ctx context.Context, c client.Client, instance *policiesv1.Policy, pb *policiesv1.PlacementBinding, ) (clusterDecisions []string, placements []*policiesv1.Placement, err error)
GetPolicyPlacementDecisions retrieves the placement decisions for a input PlacementBinding when the policy is bound within it. It can return an error if the PlacementBinding is invalid, or if a required lookup fails.
func GetRepPoliciesInPlacementBinding ¶ added in v0.13.0
func GetRepPoliciesInPlacementBinding( ctx context.Context, c client.Client, pb *policiesv1.PlacementBinding, ) []reconcile.Request
GetRepPoliciesInPlacementBinding returns a list of the replicated policies that are either direct subjects of the given PlacementBinding, or are in PolicySets that are subjects of the PlacementBinding. The list items are guaranteed to be unique (for example if a policy is in multiple sets).
func GetRootPolicyRequests ¶ added in v0.13.0
func GetRootPolicyRequests(ctx context.Context, c client.Client, namespace, placementRefName string, refKind PlacementRefKinds, ) ([]reconcile.Request, error)
GetRootPolicyRequests find and filter placementbindings which have namespace and placementRef.name. Gather all root policies under placementbindings
func HasValidPlacementRef ¶ added in v0.12.0
func HasValidPlacementRef(pb *policiesv1.PlacementBinding) bool
func IsForPolicyOrPolicySet ¶ added in v0.12.0
func IsForPolicyOrPolicySet(pb *policiesv1.PlacementBinding) bool
IsForPolicyOrPolicySet returns true if any of the subjects of the PlacementBinding are Policies or PolicySets.
func IsInClusterNamespace ¶
IsInClusterNamespace check if policy is in cluster namespace
func IsPbForPolicySet ¶ added in v0.12.0
func IsPbForPolicySet(pb *policiesv1.PlacementBinding) bool
IsPbForPolicySet compares group and kind with policyset group and kind for given pb
func IsPolicyInPolicySet ¶ added in v0.13.0
func IsReplicatedPolicy ¶ added in v0.10.0
func LabelsForRootPolicy ¶
func LabelsForRootPolicy(plc *policiesv1.Policy) map[string]string
LabelsForRootPolicy returns the labels for given policy
func MapToRootPolicy ¶ added in v0.12.0
PolicyMapper looks at object and returns a slice of reconcile.Request to reconcile owners of object from label: policy.open-cluster-management.io/root-policy
func ParseRootPolicyLabel ¶ added in v0.10.0
func TypeConverter ¶ added in v0.10.0
func TypeConverter(a, b interface{}) error
TypeConverter is a helper function to converter type struct a to b
Types ¶
type DecisionSet ¶ added in v0.13.0
func GetClusterDecisions ¶ added in v0.13.0
func GetClusterDecisions( ctx context.Context, c client.Client, rootPolicy *policiesv1.Policy, ) ( []*policiesv1.Placement, DecisionSet, error, )
GetClusterDecisions identifies all managed clusters which should have a replicated policy using the root policy This returns unique decisions and placements that are NOT under Restricted subset. Also this function returns placements that are under restricted subset. But these placements include decisions which are under non-restricted subset. In other words, this function returns placements which include at least one decision under non-restricted subset.
func RootStatusUpdate ¶ added in v0.13.0
func RootStatusUpdate(ctx context.Context, c client.Client, rootPolicy *policiesv1.Policy) (DecisionSet, error)
RootStatusUpdate updates the root policy status with bound decisions, placements, and cluster status.
type EnqueueRequestsFromMapFunc ¶
type EnqueueRequestsFromMapFunc struct {
// Mapper transforms the argument into a slice of keys to be reconciled
ToRequests handler.MapFunc
}
EnqueueRequestsFromMapFunc same as original EnqueueRequestsFromMapFunc execept this doesn't queue old object for update
func (*EnqueueRequestsFromMapFunc) Create ¶
func (e *EnqueueRequestsFromMapFunc) Create(ctx context.Context, evt event.CreateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request], )
Create implements EventHandler
func (*EnqueueRequestsFromMapFunc) Delete ¶
func (e *EnqueueRequestsFromMapFunc) Delete(ctx context.Context, evt event.DeleteEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request], )
Delete implements EventHandler
func (*EnqueueRequestsFromMapFunc) Generic ¶
func (e *EnqueueRequestsFromMapFunc) Generic(ctx context.Context, evt event.GenericEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request], )
Generic implements EventHandler
func (*EnqueueRequestsFromMapFunc) Update ¶
func (e *EnqueueRequestsFromMapFunc) Update(ctx context.Context, evt event.UpdateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request], )
Update implements EventHandler
type EnqueueRequestsFromPolicySet ¶ added in v0.13.0
type EnqueueRequestsFromPolicySet struct{}
EnqueueRequestsFromPolicySet adds reconcile requests for every policy in the policy set, except on updates, it'll only add the diff between the old and new sets.
func (*EnqueueRequestsFromPolicySet) Create ¶ added in v0.13.0
func (e *EnqueueRequestsFromPolicySet) Create(_ context.Context, evt event.CreateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request], )
Create implements EventHandler
func (*EnqueueRequestsFromPolicySet) Delete ¶ added in v0.13.0
func (e *EnqueueRequestsFromPolicySet) Delete(_ context.Context, evt event.DeleteEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request], )
Delete implements EventHandler
func (*EnqueueRequestsFromPolicySet) Generic ¶ added in v0.13.0
func (e *EnqueueRequestsFromPolicySet) Generic(_ context.Context, evt event.GenericEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request], )
Generic implements EventHandler
func (*EnqueueRequestsFromPolicySet) Update ¶ added in v0.13.0
func (e *EnqueueRequestsFromPolicySet) Update(_ context.Context, evt event.UpdateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request], )
Update implements EventHandler Enqueues the diff between the new and old policy sets in the UpdateEvent
type GuttedObject ¶ added in v0.13.0
type GuttedObject struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
}
func (*GuttedObject) DeepCopy ¶ added in v0.13.0
func (in *GuttedObject) DeepCopy() *GuttedObject
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GuttedObject.
func (*GuttedObject) DeepCopyInto ¶ added in v0.13.0
func (in *GuttedObject) DeepCopyInto(out *GuttedObject)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GuttedObject) DeepCopyObject ¶ added in v0.13.0
func (in *GuttedObject) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PlacementRefKinds ¶ added in v0.13.0
type PlacementRefKinds string
const ( Placement PlacementRefKinds = "Placement" PlacementRule PlacementRefKinds = "PlacementRule" )
Source Files