policy

package

v0.21.0-alpha.3 Latest Latest Go to latest Published: Feb 9, 2021 License: Apache-2.0 Imports: 13 Imported by: 154

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes/apiserver

Documentation ¶

Index ¶

Constants
func AllLevels() sets.String
func AllStages() sets.String
func ConvertStagesToStrings(stages []audit.Stage) []string
func ConvertStringSetToStages(set sets.String) []audit.Stage
func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)
func InvertStages(stages []audit.Stage) []audit.Stage
func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)
func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)
type Checker
- func FakeChecker(level audit.Level, stage []audit.Stage) Checker
- func NewChecker(policy *audit.Policy) Checker

Constants ¶

View Source

const (
	// DefaultAuditLevel is the default level to audit at, if no policy rules are matched.
	DefaultAuditLevel = audit.LevelNone
)

Variables ¶

This section is empty.

Functions ¶

func AllLevels ¶

func AllLevels() sets.String

AllLevels returns all possible levels

func AllStages ¶

func AllStages() sets.String

AllStages returns all possible stages

func ConvertStagesToStrings ¶

func ConvertStagesToStrings(stages []audit.Stage) []string

ConvertStagesToStrings converts an array of stages to a string array

func ConvertStringSetToStages ¶

func ConvertStringSetToStages(set sets.String) []audit.Stage

ConvertStringSetToStages converts a string set to an array of stages

func EnforcePolicy ¶

func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)

EnforcePolicy drops any part of the event that doesn't conform to a policy level or omitStages and sets the event level accordingly

func InvertStages ¶

func InvertStages(stages []audit.Stage) []audit.Stage

InvertStages subtracts the given array of stages from all stages

func LoadPolicyFromBytes ¶

func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)

func LoadPolicyFromFile ¶

func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)

Types ¶

type Checker ¶

type Checker interface {
	// Check the audit level for a request with the given authorizer attributes.
	LevelAndStages(authorizer.Attributes) (audit.Level, []audit.Stage)
}

Checker exposes methods for checking the policy rules.

func FakeChecker ¶

func FakeChecker(level audit.Level, stage []audit.Stage) Checker

FakeChecker creates a checker that returns a constant level for all requests (for testing).

func NewChecker ¶

func NewChecker(policy *audit.Policy) Checker

NewChecker creates a new policy checker.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL