Documentation ¶
Index ¶
- func CheckIfEnforceConstraint(constraintName string, aconfigs []ActionConfig) bool
- func CheckIfIgnoredConstraint(constraintName string, aconfigs []ActionConfig) bool
- func LoadKeySecret(keySecretNamespace, keySecretName string) (string, error)
- func MatchPattern(pattern, value string) bool
- func SetupLogger(config LogConfig, req admission.Request)
- type Action
- type ActionConfig
- type ConstraintConfig
- type ImageProfile
- type ImageVerificationConfig
- type KeyConfig
- type LogConfig
- type ObjectUserBinding
- type ObjectUserBindingList
- type ParameterObject
- type RequestFilterProfile
- type RequestHandlerConfig
- type ResourceRef
- type Rule
- type SideEffectConfig
- type SigStoreConfig
- type SignatureRef
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckIfEnforceConstraint ¶
func CheckIfEnforceConstraint(constraintName string, aconfigs []ActionConfig) bool
not block even if invalid request
func CheckIfIgnoredConstraint ¶
func CheckIfIgnoredConstraint(constraintName string, aconfigs []ActionConfig) bool
exclude from observation
func LoadKeySecret ¶
func MatchPattern ¶
func SetupLogger ¶
Types ¶
type ActionConfig ¶
type ConstraintConfig ¶
type ConstraintConfig struct {
Constraints []ActionConfig `json:"constraints,omitempty"`
}
Constraint Config
func LoadConstraintConfig ¶
func LoadConstraintConfig() (ConstraintConfig, error)
type ImageProfile ¶
type ImageProfile struct { }
type ImageVerificationConfig ¶
type ImageVerificationConfig struct { }
type ObjectUserBinding ¶
type ObjectUserBinding struct { Objects k8smanifest.ObjectReferenceList `json:"objects,omitempty"` Users []string `json:"users,omitempty"` }
func (ObjectUserBinding) Match ¶
func (u ObjectUserBinding) Match(obj unstructured.Unstructured, username string) bool
type ObjectUserBindingList ¶
type ObjectUserBindingList []ObjectUserBinding
func (ObjectUserBindingList) Match ¶
func (l ObjectUserBindingList) Match(obj unstructured.Unstructured, username string) bool
type ParameterObject ¶
type ParameterObject struct { ConstraintName string `json:"constraintName,omitempty"` SignatureRef SignatureRef `json:"signatureRef,omitempty"` KeyConfigs []KeyConfig `json:"keyConfigs,omitempty"` InScopeObjects k8smanifest.ObjectReferenceList `json:"inScopeObjects,omitempty"` SkipUsers ObjectUserBindingList `json:"skipUsers,omitempty"` TargetServiceAccount []string `json:"targetServiceAccount,omitempty"` ImageProfile ImageProfile `json:"imageProfile,omitempty"` k8smanifest.VerifyResourceOption `json:""` }
func (*ParameterObject) DeepCopyInto ¶
func (p *ParameterObject) DeepCopyInto(p2 *ParameterObject)
type RequestFilterProfile ¶
type RequestFilterProfile struct { SkipObjects k8smanifest.ObjectReferenceList `json:"skipObjects,omitempty"` SkipUsers ObjectUserBindingList `json:"skipUsers,omitempty"` IgnoreFields k8smanifest.ObjectFieldBindingList `json:"ignoreFields,omitempty"` }
type RequestHandlerConfig ¶
type RequestHandlerConfig struct { ImageVerificationConfig ImageVerificationConfig `json:"imageVerificationConfig,omitempty"` KeyPathList []string `json:"keyPathList,omitempty"` SigStoreConfig SigStoreConfig `json:"sigStoreConfig,omitempty"` RequestFilterProfile RequestFilterProfile `json:"requestFilterProfile,omitempty"` Log LogConfig `json:"log,omitempty"` SideEffectConfig SideEffectConfig `json:"sideEffect,omitempty"` Options []string }
func LoadRequestHandlerConfig ¶
func LoadRequestHandlerConfig() (*RequestHandlerConfig, error)
type ResourceRef ¶
type SideEffectConfig ¶
type SideEffectConfig struct { // Event CreateDenyEvent bool `json:"createDenyEvent"` }
type SigStoreConfig ¶
type SigStoreConfig struct { }
type SignatureRef ¶
type SignatureRef struct { ImageRef string `json:"imageRef,omitempty"` SignatureResourceRef ResourceRef `json:"signatureResourceRef,omitempty"` ProvenanceResourceRef ResourceRef `json:"provenanceResourceRef,omitempty"` }
Click to show internal directories.
Click to hide internal directories.