policy

package
v6.7.3-0...-1f455d7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 7, 2020 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

View Source 
const ActionUseImage = "UseImage"

Variables

This section is empty.

Functions

func RegisterAgent 

func RegisterAgent(factory AgentFactory)

func WireCheckers 

func WireCheckers(group *flags.Group)

Types

type Agent 

type Agent interface {
	// Check returns true if passes policy check. If not goes through policy
	// check, just return true.
	Check(PolicyCheckInput) (PolicyCheckOutput, error)
}

Agent should be implemented by policy agents.

type AgentChecker 

type AgentChecker struct {
	// contains filtered or unexported fields
}

func (*AgentChecker) Check 

func (c *AgentChecker) Check(input PolicyCheckInput) (PolicyCheckOutput, error)

func (*AgentChecker) ShouldCheckAction 

func (c *AgentChecker) ShouldCheckAction(action string) bool

func (*AgentChecker) ShouldCheckHttpMethod 

func (c *AgentChecker) ShouldCheckHttpMethod(method string) bool

func (*AgentChecker) ShouldSkipAction 

func (c *AgentChecker) ShouldSkipAction(action string) bool

type AgentFactory 

type AgentFactory interface {
	Description() string
	IsConfigured() bool
	NewAgent(lager.Logger) (Agent, error)
}

type Checker 

type Checker interface {
	ShouldCheckHttpMethod(string) bool
	ShouldCheckAction(string) bool
	ShouldSkipAction(string) bool

	Check(input PolicyCheckInput) (PolicyCheckOutput, error)
}

func Initialize 

func Initialize(logger lager.Logger, cluster string, version string, filter Filter) (Checker, error)

type Filter 

type Filter struct {
	HttpMethods   []string `long:"policy-check-filter-http-method" description:"API http method to go through policy check"`
	Actions       []string `long:"policy-check-filter-action" description:"Actions in the list will go through policy check"`
	ActionsToSkip []string `long:"policy-check-filter-action-skip" description:"Actions the list will not go through policy check"`
}

type NoopChecker 

type NoopChecker struct{}

func (NoopChecker) Check 

func (noop NoopChecker) Check(PolicyCheckInput) (PolicyCheckOutput, error)

func (NoopChecker) ShouldCheckAction 

func (noop NoopChecker) ShouldCheckAction(string) bool

func (NoopChecker) ShouldCheckHttpMethod 

func (noop NoopChecker) ShouldCheckHttpMethod(string) bool

func (NoopChecker) ShouldSkipAction 

func (noop NoopChecker) ShouldSkipAction(string) bool

type PolicyCheckInput 

type PolicyCheckInput struct {
	Service        string      `json:"service"`
	ClusterName    string      `json:"cluster_name"`
	ClusterVersion string      `json:"cluster_version"`
	HttpMethod     string      `json:"http_method,omitempty"`
	Action         string      `json:"action"`
	User           string      `json:"user,omitempty"`
	Team           string      `json:"team,omitempty"`
	Roles          []string    `json:"roles,omitempty"`
	Pipeline       string      `json:"pipeline,omitempty"`
	Data           interface{} `json:"data,omitempty"`
}

type PolicyCheckNotPass 

type PolicyCheckNotPass struct {
	Reasons []string
}

func (PolicyCheckNotPass) Error 

func (e PolicyCheckNotPass) Error() string

type PolicyCheckOutput 

type PolicyCheckOutput struct {
	Allowed bool
	Reasons []string
}

func FailedPolicyCheck 

func FailedPolicyCheck() PolicyCheckOutput

FailedPolicyCheck creates a generic failed check

func PassedPolicyCheck 

func PassedPolicyCheck() PolicyCheckOutput

PassedPolicyCheck creates a generic passed check

Source Files

View all Source files

Directories

Path Synopsis
Code generated by counterfeiter.
 Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.