Documentation ¶
Index ¶
- Constants
- Variables
- func VerifyImagesInManifest(request *admission.AdmissionRequest, imageProfile config.ImageProfile) (bool, string)
- func VerifyResource(request *admission.AdmissionRequest, mvconfig *config.ManifestVerifyConfig, ...) (allow bool, message string, err error)
- type ResultFromRequestHandler
Constants ¶
View Source
const ( EventTypeAnnotationKey = "integrityshield.io/eventType" EventResultAnnotationKey = "integrityshield.io/eventResult" EventTypeValueVerifyResult = "verify-result" EventTypeAnnotationValueDeny = "deny" )
View Source
const AnnotationKeyDomainShield = "integrityshield.io"
View Source
const SignatureAnnotationKeyShield = "integrityshield.io/signature"
View Source
const SignatureAnnotationTypeShield = "IntegrityShield"
View Source
const SignatureResourceLabel = "integrityshield.io/signatureResource"
Variables ¶
View Source
var ( SkipUser = "Allowed by skipUsers rule." NoMutation = "Allowed because no mutation found." SkipObject = "Allowed by skipObjects rule." NonScopeObject = "Allowed because this resource is not in-scope." SignatureResource = "Allowed because this resource is signatureResource." )
Allow message
Functions ¶
func VerifyImagesInManifest ¶
func VerifyImagesInManifest(request *admission.AdmissionRequest, imageProfile config.ImageProfile) (bool, string)
Image verification
func VerifyResource ¶
func VerifyResource(request *admission.AdmissionRequest, mvconfig *config.ManifestVerifyConfig, rule *config.ManifestVerifyRule) (allow bool, message string, err error)
VerifyResource checks if manifest is valid based on signature, ManifestVerifyRule and RequestFilterProfile which is included in ManifestVerifyConfig. VerifyResource uses the default profile if ManifestVerifyConfig input is nil.
Types ¶
type ResultFromRequestHandler ¶
func RequestHandler ¶
func RequestHandler(req *admission.AdmissionRequest, paramObj *config.ParameterObject) *ResultFromRequestHandler
Click to show internal directories.
Click to hide internal directories.