Documentation ¶
Index ¶
Constants ¶
View Source
const VerifyResourceIgnoreLabel = "integrityshield.io/verifyResourceIgnored"
View Source
const VerifyResourceViolationLabel = "integrityshield.io/verifyResourceViolation"
Variables ¶
This section is empty.
Functions ¶
func LoadKeySecret ¶
Types ¶
type ConstraintResult ¶
type ConstraintResult struct { ConstraintName string `json:"constraintName"` Violation bool `json:"violation"` TotalViolations int `json:"totalViolations"` Results []VerifyResultDetail `json:"results"` }
type ConstraintSpec ¶
type ConstraintSpec struct { Match MatchCondition `json:"match,omitempty"` Parameters k8smnfconfig.ParameterObject `json:"parameters,omitempty"` }
type MatchCondition ¶
type MatchCondition struct { Kinds []Kinds `json:"kinds,omitempty"` Namespaces []string `json:"namespaces,omitempty"` ExcludedNamespaces []string `json:"excludedNamespaces,omitempty"` LabelSelector *metav1.LabelSelector `json:"labelSelector,omitempty"` NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` }
type ObservationDetailResults ¶
type ObservationDetailResults struct {
ConstraintResults []ConstraintResult `json:"constraintResults"`
}
type Observer ¶
type Observer struct { APIResources []groupResource // contains filtered or unexported fields }
func NewObserver ¶
func NewObserver() *Observer
type VerifyResultDetail ¶
type VerifyResultDetail struct { Time string `json:"time"` Namespace string `json:"namespace"` Name string `json:"name"` Kind string `json:"kind"` ApiGroup string `json:"apiGroup"` ApiVersion string `json:"apiVersion"` Error bool `json:"error"` Message string `json:"message"` Violation bool `json:"violation"` VerifyResourceResult *k8smanifest.VerifyResourceResult `json:"verifyResourceResult"` }
Observer Result Detail
func ObserveResources ¶
func ObserveResources(resources []unstructured.Unstructured, signatureRef k8smnfconfig.SignatureRef, ignoreFields k8smanifest.ObjectFieldBindingList, secrets []k8smnfconfig.KeyConfig) []VerifyResultDetail
Click to show internal directories.
Click to hide internal directories.