Documentation
¶
Index ¶
- Constants
- Variables
- type MatchCondition
- type Source
- func (in *Source) GetFailurePolicy() (*admissionv1.FailurePolicyType, error)
- func (in *Source) GetMatchConditions() ([]cel.ExpressionAccessor, error)
- func (in *Source) GetMessageExpressions() ([]cel.ExpressionAccessor, error)
- func (in *Source) GetV1Beta1FailurePolicy() (*admissionv1beta1.FailurePolicyType, error)
- func (in *Source) GetV1Beta1MatchConditions() ([]admissionv1beta1.MatchCondition, error)
- func (in *Source) GetV1Beta1Validatons() ([]admissionv1beta1.Validation, error)
- func (in *Source) GetV1Beta1Variables() ([]admissionv1beta1.Variable, error)
- func (in *Source) GetValidations() ([]cel.ExpressionAccessor, error)
- func (in *Source) GetVariables() ([]cel.NamedExpressionAccessor, error)
- func (in *Source) MustToUnstructured() map[string]interface{}
- func (in *Source) Validate() error
- type Validation
- type Variable
Constants ¶
View Source
const ( // Name is the name of the driver. Name = "K8sNativeValidation" // ReservedPrefix signifies a prefix that no user-defined value (variable, matcher, etc.) is allowed to have. // This gives us the ability to add new variables in the future without worrying about breaking pre-existing templates. ReservedPrefix = "gatekeeper_internal_" // ParamsName is the VAP variable constraint parameters will be bound to. ParamsName = "params" // ObjectName is the VAP variable that describes either an object or (on DELETE requests) oldObject. ObjectName = "anyObject" )
Variables ¶
View Source
var ( ErrBadMatchCondition = errors.New("invalid match condition") ErrBadVariable = errors.New("invalid variable definition") ErrBadFailurePolicy = errors.New("invalid failure policy") ErrBadOperation = errors.New("invalid resource operation") ErrCELEngineMissing = errors.New("K8sNativeValidation engine is missing") ErrOneTargetAllowed = errors.New("wrong number of targets defined, only 1 target allowed") ErrBadType = errors.New("could not recognize the type") )
Functions ¶
This section is empty.
Types ¶
type MatchCondition ¶
type Source ¶
type Source struct {
// Validations maps to ValidatingAdmissionPolicy's `spec.validations`.
Validations []Validation `json:"validations,omitempty"`
// FailurePolicy maps to ValidatingAdmissionPolicy's `spec.failurePolicy`.
FailurePolicy *string `json:"failurePolicy,omitempty"`
// MatchConditions maps to ValidatingAdmissionPolicy's `spec.matchConditions`.
MatchConditions []MatchCondition `json:"matchCondition,omitempty"`
// Variables maps to ValidatingAdmissionPolicy's `spec.variables`.
Variables []Variable `json:"variables,omitempty"`
// GenerateVAP enables/disables VAP generation and enforcement for policy.
GenerateVAP *bool `json:"generateVAP,omitempty"`
}
func GetSourceFromTemplate ¶
func GetSourceFromTemplate(ct *templates.ConstraintTemplate) (*Source, error)
func (*Source) GetFailurePolicy ¶
func (in *Source) GetFailurePolicy() (*admissionv1.FailurePolicyType, error)
func (*Source) GetMatchConditions ¶
func (in *Source) GetMatchConditions() ([]cel.ExpressionAccessor, error)
func (*Source) GetMessageExpressions ¶
func (in *Source) GetMessageExpressions() ([]cel.ExpressionAccessor, error)
func (*Source) GetV1Beta1FailurePolicy ¶
func (in *Source) GetV1Beta1FailurePolicy() (*admissionv1beta1.FailurePolicyType, error)
func (*Source) GetV1Beta1MatchConditions ¶
func (in *Source) GetV1Beta1MatchConditions() ([]admissionv1beta1.MatchCondition, error)
func (*Source) GetV1Beta1Validatons ¶
func (in *Source) GetV1Beta1Validatons() ([]admissionv1beta1.Validation, error)
func (*Source) GetV1Beta1Variables ¶
func (in *Source) GetV1Beta1Variables() ([]admissionv1beta1.Variable, error)
func (*Source) GetValidations ¶
func (in *Source) GetValidations() ([]cel.ExpressionAccessor, error)
func (*Source) GetVariables ¶
func (in *Source) GetVariables() ([]cel.NamedExpressionAccessor, error)
func (*Source) MustToUnstructured ¶
MustToUnstructured() is a convenience method for converting to unstructured. Intended for testing. It will panic on error.
type Validation ¶
Source Files
Click to show internal directories.
Click to hide internal directories.