v1

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2019 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: kyverno.GroupName, Version: "v1"}

SchemeGroupVersion is group version used to register these objects

Functions

func BuildResourceKey 

func BuildResourceKey(kind, namespace, name string) string

BuildKey builds the key

func Kind 

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type CloneFrom 

type CloneFrom struct {
	Namespace string `json:"namespace"`
	Name      string `json:"name"`
}

CloneFrom - location of a Secret or a ConfigMap which will be used as source when applying 'generate'

func (*CloneFrom) DeepCopy 

func (in *CloneFrom) DeepCopy() *CloneFrom

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloneFrom.

func (*CloneFrom) DeepCopyInto 

func (in *CloneFrom) DeepCopyInto(out *CloneFrom)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterPolicy 

type ClusterPolicy Policy

ClusterPolicy ...

func (*ClusterPolicy) DeepCopy 

func (in *ClusterPolicy) DeepCopy() *ClusterPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicy.

func (*ClusterPolicy) DeepCopyInto 

func (in *ClusterPolicy) DeepCopyInto(out *ClusterPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterPolicy) DeepCopyObject 

func (in *ClusterPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (ClusterPolicy) HasMutateOrValidate 

func (p ClusterPolicy) HasMutateOrValidate() bool

type ClusterPolicyList 

type ClusterPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`
	Items           []ClusterPolicy `json:"items"`
}

ClusterPolicyList ...

func (*ClusterPolicyList) DeepCopy 

func (in *ClusterPolicyList) DeepCopy() *ClusterPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyList.

func (*ClusterPolicyList) DeepCopyInto 

func (in *ClusterPolicyList) DeepCopyInto(out *ClusterPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterPolicyList) DeepCopyObject 

func (in *ClusterPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterPolicyViolation 

type ClusterPolicyViolation PolicyViolation

ClusterPolicyViolation ...

func (*ClusterPolicyViolation) DeepCopy 

func (in *ClusterPolicyViolation) DeepCopy() *ClusterPolicyViolation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyViolation.

func (*ClusterPolicyViolation) DeepCopyInto 

func (in *ClusterPolicyViolation) DeepCopyInto(out *ClusterPolicyViolation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterPolicyViolation) DeepCopyObject 

func (in *ClusterPolicyViolation) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterPolicyViolationList 

type ClusterPolicyViolationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`
	Items           []ClusterPolicyViolation `json:"items"`
}

ClusterPolicyViolationList ...

func (*ClusterPolicyViolationList) DeepCopy 

func (in *ClusterPolicyViolationList) DeepCopy() *ClusterPolicyViolationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyViolationList.

func (*ClusterPolicyViolationList) DeepCopyInto 

func (in *ClusterPolicyViolationList) DeepCopyInto(out *ClusterPolicyViolationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterPolicyViolationList) DeepCopyObject 

func (in *ClusterPolicyViolationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExcludeResources 

type ExcludeResources struct {
	Roles               []string         `json:"roles"`
	ClusterRoles        []string         `json:"clusterRoles"`
	Subjects            []rbacv1.Subject `json:"subjects"`
	ResourceDescription `json:"resources"`
}

ExcludeResources container resource description of the resources that are to be excluded from the applying the policy rule

func (*ExcludeResources) DeepCopy 

func (in *ExcludeResources) DeepCopy() *ExcludeResources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludeResources.

func (*ExcludeResources) DeepCopyInto 

func (in *ExcludeResources) DeepCopyInto(out *ExcludeResources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Generation 

type Generation struct {
	Kind  string      `json:"kind"`
	Name  string      `json:"name"`
	Data  interface{} `json:"data"`
	Clone CloneFrom   `json:"clone"`
}

Generation describes which resources will be created when other resource is created

func (*Generation) DeepCopy 

func (in *Generation) DeepCopy() *Generation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Generation.

func (*Generation) DeepCopyInto 

func (gen *Generation) DeepCopyInto(out *Generation)

DeepCopyInto is declared because k8s:deepcopy-gen is not able to generate this method for interface{} member

type ManagedResourceSpec 

type ManagedResourceSpec struct {
	Kind            string `json:"kind,omitempty"`
	Namespace       string `json:"namespace,omitempty"`
	CreationBlocked bool   `json:"creationBlocked,omitempty"`
}

func (*ManagedResourceSpec) DeepCopy 

func (in *ManagedResourceSpec) DeepCopy() *ManagedResourceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedResourceSpec.

func (*ManagedResourceSpec) DeepCopyInto 

func (in *ManagedResourceSpec) DeepCopyInto(out *ManagedResourceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MatchResources 

type MatchResources struct {
	Roles               []string         `json:"roles"`
	ClusterRoles        []string         `json:"clusterRoles"`
	Subjects            []rbacv1.Subject `json:"subjects"`
	ResourceDescription `json:"resources"`
}

MatchResources contains resource description of the resources that the rule is to apply on

func (*MatchResources) DeepCopy 

func (in *MatchResources) DeepCopy() *MatchResources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchResources.

func (*MatchResources) DeepCopyInto 

func (in *MatchResources) DeepCopyInto(out *MatchResources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Mutation 

type Mutation struct {
	Overlay interface{} `json:"overlay"`
	Patches []Patch     `json:"patches"`
}

Mutation describes the way how Mutating Webhook will react on resource creation

func (*Mutation) DeepCopy 

func (in *Mutation) DeepCopy() *Mutation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Mutation.

func (*Mutation) DeepCopyInto 

func (in *Mutation) DeepCopyInto(out *Mutation)

DeepCopyInto is declared because k8s:deepcopy-gen is not able to generate this method for interface{} member

type NamespacedPolicyViolation 

type NamespacedPolicyViolation PolicyViolation

NamespacedPolicyViolation ...

func (*NamespacedPolicyViolation) DeepCopy 

func (in *NamespacedPolicyViolation) DeepCopy() *NamespacedPolicyViolation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespacedPolicyViolation.

func (*NamespacedPolicyViolation) DeepCopyInto 

func (in *NamespacedPolicyViolation) DeepCopyInto(out *NamespacedPolicyViolation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*NamespacedPolicyViolation) DeepCopyObject 

func (in *NamespacedPolicyViolation) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type NamespacedPolicyViolationList 

type NamespacedPolicyViolationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`
	Items           []NamespacedPolicyViolation `json:"items"`
}

NamespacedPolicyViolationList ...

func (*NamespacedPolicyViolationList) DeepCopy 

func (in *NamespacedPolicyViolationList) DeepCopy() *NamespacedPolicyViolationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespacedPolicyViolationList.

func (*NamespacedPolicyViolationList) DeepCopyInto 

func (in *NamespacedPolicyViolationList) DeepCopyInto(out *NamespacedPolicyViolationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*NamespacedPolicyViolationList) DeepCopyObject 

func (in *NamespacedPolicyViolationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type Patch 

type Patch struct {
	Path      string      `json:"path"`
	Operation string      `json:"op"`
	Value     interface{} `json:"value"`
}

Patch declares patch operation for created object according to RFC 6902

func (*Patch) DeepCopyInto 

func (pp *Patch) DeepCopyInto(out *Patch)

DeepCopyInto is declared because k8s:deepcopy-gen is not able to generate this method for interface{} member

type Policy 

type Policy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              Spec         `json:"spec"`
	Status            PolicyStatus `json:"status"`
}

Policy contains rules to be applied to created resources

func (*Policy) DeepCopy 

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto 

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyStatus 

type PolicyStatus struct {
	ViolationCount int `json:"violationCount"`
	// Count of rules that were applied
	RulesAppliedCount int `json:"rulesAppliedCount"`
	// Count of resources for whom update/create api requests were blocked as the resoruce did not satisfy the policy rules
	ResourcesBlockedCount int `json:"resourcesBlockedCount"`
	// average time required to process the policy Mutation rules on a resource
	AvgExecutionTimeMutation string `json:"averageMutationRulesExecutionTime"`
	// average time required to process the policy Validation rules on a resource
	AvgExecutionTimeValidation string `json:"averageValidationRulesExecutionTime"`
	// average time required to process the policy Validation rules on a resource
	AvgExecutionTimeGeneration string `json:"averageGenerationRulesExecutionTime"`
	// statistics per rule
	Rules []RuleStats `json:"ruleStatus`
}

PolicyStatus provides status for violations

func (*PolicyStatus) DeepCopy 

func (in *PolicyStatus) DeepCopy() *PolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus.

func (*PolicyStatus) DeepCopyInto 

func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyViolation 

type PolicyViolation struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              PolicyViolationSpec   `json:"spec"`
	Status            PolicyViolationStatus `json:"status"`
}

PolicyViolation stores the information regarinding the resources for which a policy failed to apply

func (*PolicyViolation) DeepCopy 

func (in *PolicyViolation) DeepCopy() *PolicyViolation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolation.

func (*PolicyViolation) DeepCopyInto 

func (in *PolicyViolation) DeepCopyInto(out *PolicyViolation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyViolationSpec 

type PolicyViolationSpec struct {
	Policy        string `json:"policy"`
	ResourceSpec  `json:"resource"`
	ViolatedRules []ViolatedRule `json:"rules"`
}

PolicyViolationSpec describes policy behavior by its rules

func (*PolicyViolationSpec) DeepCopy 

func (in *PolicyViolationSpec) DeepCopy() *PolicyViolationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationSpec.

func (*PolicyViolationSpec) DeepCopyInto 

func (in *PolicyViolationSpec) DeepCopyInto(out *PolicyViolationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyViolationStatus 

type PolicyViolationStatus struct {
	LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"`
}

PolicyViolationStatus provides information regarding policyviolation status status: 

LastUpdateTime : the time the polivy violation was updated

func (*PolicyViolationStatus) DeepCopy 

func (in *PolicyViolationStatus) DeepCopy() *PolicyViolationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationStatus.

func (*PolicyViolationStatus) DeepCopyInto 

func (in *PolicyViolationStatus) DeepCopyInto(out *PolicyViolationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceDescription 

type ResourceDescription struct {
	Kinds      []string              `json:"kinds"`
	Name       string                `json:"name"`
	Namespaces []string              `json:"namespaces,omitempty"`
	Selector   *metav1.LabelSelector `json:"selector"`
}

ResourceDescription describes the resource to which the PolicyRule will be applied.

func (*ResourceDescription) DeepCopy 

func (in *ResourceDescription) DeepCopy() *ResourceDescription

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceDescription.

func (*ResourceDescription) DeepCopyInto 

func (in *ResourceDescription) DeepCopyInto(out *ResourceDescription)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceSpec 

type ResourceSpec struct {
	Kind      string `json:"kind"`
	Namespace string `json:"namespace,omitempty"`
	Name      string `json:"name"`
}

ResourceSpec information to identify the resource

func (*ResourceSpec) DeepCopy 

func (in *ResourceSpec) DeepCopy() *ResourceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceSpec.

func (*ResourceSpec) DeepCopyInto 

func (in *ResourceSpec) DeepCopyInto(out *ResourceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (ResourceSpec) ToKey 

func (rs ResourceSpec) ToKey() string

ToKey generates the key string used for adding label to polivy violation

type Rule 

type Rule struct {
	Name             string           `json:"name"`
	MatchResources   MatchResources   `json:"match"`
	ExcludeResources ExcludeResources `json:"exclude,omitempty"`
	Mutation         Mutation         `json:"mutate"`
	Validation       Validation       `json:"validate"`
	Generation       Generation       `json:"generate"`
}

Rule is set of mutation, validation and generation actions for the single resource description

func (*Rule) DeepCopy 

func (in *Rule) DeepCopy() *Rule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.

func (*Rule) DeepCopyInto 

func (in *Rule) DeepCopyInto(out *Rule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (Rule) HasGenerate 

func (r Rule) HasGenerate() bool

func (Rule) HasMutate 

func (r Rule) HasMutate() bool

func (Rule) HasValidate 

func (r Rule) HasValidate() bool

type RuleStats 

type RuleStats struct {
	// Rule name
	Name string `json:"ruleName"`
	// average time require to process the rule
	ExecutionTime string `json:"averageExecutionTime"`
	// Count of rules that were applied
	AppliedCount int `json:"appliedCount"`
	// Count of rules that failed
	ViolationCount int `json:"violationCount"`
	// Count of mutations
	MutationCount int `json:"mutationsCount"`
}

RuleStats provides status per rule

func (*RuleStats) DeepCopy 

func (in *RuleStats) DeepCopy() *RuleStats

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleStats.

func (*RuleStats) DeepCopyInto 

func (in *RuleStats) DeepCopyInto(out *RuleStats)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Spec 

type Spec struct {
	Rules                   []Rule `json:"rules"`
	ValidationFailureAction string `json:"validationFailureAction"`
}

Spec describes policy behavior by its rules

func (*Spec) DeepCopy 

func (in *Spec) DeepCopy() *Spec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Spec.

func (*Spec) DeepCopyInto 

func (in *Spec) DeepCopyInto(out *Spec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Validation 

type Validation struct {
	Message    string        `json:"message"`
	Pattern    interface{}   `json:"pattern"`
	AnyPattern []interface{} `json:"anyPattern"`
}

Validation describes the way how Validating Webhook will check the resource on creation

func (*Validation) DeepCopy 

func (in *Validation) DeepCopy() *Validation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validation.

func (*Validation) DeepCopyInto 

func (in *Validation) DeepCopyInto(out *Validation)

DeepCopyInto is declared because k8s:deepcopy-gen is not able to generate this method for interface{} member

type ViolatedRule 

type ViolatedRule struct {
	Name            string              `json:"name"`
	Type            string              `json:"type"`
	Message         string              `json:"message"`
	ManagedResource ManagedResourceSpec `json:"managedResource,omitempty"`
}

ViolatedRule stores the information regarding the rule

func (*ViolatedRule) DeepCopy 

func (in *ViolatedRule) DeepCopy() *ViolatedRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ViolatedRule.

func (*ViolatedRule) DeepCopyInto 

func (in *ViolatedRule) DeepCopyInto(out *ViolatedRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.