audit

package

v3.17.0-beta.0 Latest Latest Go to latest Published: May 9, 2024 License: Apache-2.0 Imports: 47 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/open-policy-agent/gatekeeper

Links

Open Source Insights

Documentation ¶

Index ¶

func AddToManager(m manager.Manager, deps *Dependencies) error
type CacheLister
- func NewAuditCacheLister(auditCache client.Reader, lister WatchIterator) *CacheLister
- func (l *CacheLister) ListObjects(ctx context.Context) ([]unstructured.Unstructured, error)
type Dependencies
type LimitQueue
type Manager
- func New(mgr manager.Manager, deps *Dependencies) (*Manager, error)
- func (am *Manager) Start(ctx context.Context) error
type PubsubMsg
type Result
- func ToResults(obj *unstructured.Unstructured, resp *types.Responses) []Result
type SVQueue
type StatusViolation
type WatchIterator

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddToManager ¶

func AddToManager(m manager.Manager, deps *Dependencies) error

AddToManager adds audit manager to the Manager.

Types ¶

type CacheLister ¶

type CacheLister struct {
	// contains filtered or unexported fields
}

CacheLister lists objects from the audit controller's cache.

func NewAuditCacheLister ¶

func NewAuditCacheLister(auditCache client.Reader, lister WatchIterator) *CacheLister

NewAuditCacheLister instantiates a new AuditCache which will read objects in watched from auditCache.

func (*CacheLister) ListObjects ¶

func (l *CacheLister) ListObjects(ctx context.Context) ([]unstructured.Unstructured, error)

ListObjects lists all objects from the audit cache.

type Dependencies ¶

type Dependencies struct {
	Client          *constraintclient.Client
	ProcessExcluder *process.Excluder
	CacheLister     *CacheLister
	ExpansionSystem *expansion.System
	PubSubSystem    *pubsub.System
}

type LimitQueue ¶ added in v3.16.0

type LimitQueue struct {
	// contains filtered or unexported fields
}

LimitQueue implements logic to ensure priority queue len <= limit in order to provide performance guarantees on heap methods.

func (*LimitQueue) Len ¶ added in v3.16.0

func (lq *LimitQueue) Len() int

func (*LimitQueue) Peek ¶ added in v3.16.0

func (lq *LimitQueue) Peek() *StatusViolation

func (*LimitQueue) Pop ¶ added in v3.16.0

func (lq *LimitQueue) Pop() *StatusViolation

func (*LimitQueue) Push ¶ added in v3.16.0

func (lq *LimitQueue) Push(x *StatusViolation)

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

Manager allows us to audit resources periodically.

func New ¶

func New(mgr manager.Manager, deps *Dependencies) (*Manager, error)

New creates a new manager for audit.

func (*Manager) Start ¶

func (am *Manager) Start(ctx context.Context) error

Start implements controller.Controller.

type PubsubMsg ¶

type PubsubMsg struct {
	ID                    string            `json:"id,omitempty"`
	Details               interface{}       `json:"details,omitempty"`
	EventType             string            `json:"eventType,omitempty"`
	Group                 string            `json:"group,omitempty"`
	Version               string            `json:"version,omitempty"`
	Kind                  string            `json:"kind,omitempty"`
	Name                  string            `json:"name,omitempty"`
	Namespace             string            `json:"namespace,omitempty"`
	Message               string            `json:"message,omitempty"`
	EnforcementAction     string            `json:"enforcementAction,omitempty"`
	ConstraintAnnotations map[string]string `json:"constraintAnnotations,omitempty"`
	ResourceGroup         string            `json:"resourceGroup,omitempty"`
	ResourceAPIVersion    string            `json:"resourceAPIVersion,omitempty"`
	ResourceKind          string            `json:"resourceKind,omitempty"`
	ResourceNamespace     string            `json:"resourceNamespace,omitempty"`
	ResourceName          string            `json:"resourceName,omitempty"`
	ResourceLabels        map[string]string `json:"resourceLabels,omitempty"`
}

ConstraintMsg represents publish message for each constraint.

type Result ¶

type Result struct {
	*types.Result
	// contains filtered or unexported fields
}

func ToResults ¶

func ToResults(obj *unstructured.Unstructured, resp *types.Responses) []Result

type SVQueue ¶ added in v3.16.0

type SVQueue []*StatusViolation

A max PriorityQueue implements heap.Interface and holds StatusViolation.

func (SVQueue) Len ¶ added in v3.16.0

func (svq SVQueue) Len() int

func (SVQueue) Less ¶ added in v3.16.0

func (svq SVQueue) Less(i, j int) bool

Implements sort.Interface based on the group, version, kind, namespace, name, message and enforcement action fields. For Pop to give us the highest priority, use greater than here.

func (*SVQueue) Pop ¶ added in v3.16.0

func (svq *SVQueue) Pop() any

func (*SVQueue) Push ¶ added in v3.16.0

func (svq *SVQueue) Push(x any)

func (SVQueue) Swap ¶ added in v3.16.0

func (svq SVQueue) Swap(i, j int)

type StatusViolation ¶

type StatusViolation struct {
	Group             string `json:"group"`
	Version           string `json:"version"`
	Kind              string `json:"kind"`
	Name              string `json:"name"`
	Namespace         string `json:"namespace,omitempty"`
	Message           string `json:"message"`
	EnforcementAction string `json:"enforcementAction"`
}

StatusViolation represents each violation under status.

type WatchIterator ¶ added in v3.14.0

type WatchIterator interface {
	DoForEach(listFunc func(gvk schema.GroupVersionKind) error) error
}

wraps DoForEach from a watch.Set.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL