config

package
v0.0.0-...-a81bd29 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 15, 2024 License: Apache-2.0 Imports: 17 Imported by: 11

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (

	// BuiltInChecks contains the checks that come pre-installed w/ Polaris
	BuiltInChecks = map[string]SchemaCheck{}
)
View Source 
var HandledTargets = []TargetKind{
	TargetController,
	TargetContainer,
	TargetPodSpec,
	TargetPodTemplate,
}

HandledTargets is a list of target names that are explicitly handled

Functions

func UnmarshalYAMLOrJSON 

func UnmarshalYAMLOrJSON(raw []byte, dest interface{}) error

UnmarshalYAMLOrJSON is a helper function to unmarshal data in an arbitrary format

Types

type Configuration 

type Configuration struct {
	DisplayName                  string                 `json:"displayName"`
	Checks                       map[string]Severity    `json:"checks"`
	CustomChecks                 map[string]SchemaCheck `json:"customChecks"`
	Exemptions                   []Exemption            `json:"exemptions"`
	DisallowExemptions           bool                   `json:"disallowExemptions"`
	DisallowConfigExemptions     bool                   `json:"disallowConfigExemptions"`
	DisallowAnnotationExemptions bool                   `json:"disallowAnnotationExemptions"`
	Mutations                    []string               `json:"mutations"`
	KubeContext                  string                 `json:"kubeContext"`
	Namespace                    string                 `json:"namespace"`
}

Configuration contains all of the config for the validation checks.

func Parse 

func Parse(rawBytes []byte) (Configuration, error)

Parse parses config from a byte array.

func ParseFile 

func ParseFile(path string) (Configuration, error)

ParseFile parses config from a file.

func (Configuration) IsActionable 

func (conf Configuration) IsActionable(ruleID string, objMeta metav1.Object, containerName string) bool

IsActionable determines whether a check is actionable given the current configuration

func (Configuration) Validate 

func (conf Configuration) Validate() error

Validate checks if a config is valid

type Exemption 

type Exemption struct {
	Rules           []string `json:"rules"`
	ControllerNames []string `json:"controllerNames"`
	ContainerNames  []string `json:"containerNames"`
	Namespace       string   `json:"namespace"`
}

Exemption represents an exemption to normal rules

type Mutation 

type Mutation struct {
	Path    string
	Op      string
	Value   interface{}
	Comment string
}

Mutation defines how to change a YAML file, in the style of JSON Patch

type SchemaCheck 

type SchemaCheck struct {
	ID                      string                            `yaml:"id" json:"id"`
	Category                string                            `yaml:"category" json:"category"`
	SuccessMessage          string                            `yaml:"successMessage" json:"successMessage"`
	FailureMessage          string                            `yaml:"failureMessage" json:"failureMessage"`
	Controllers             includeExcludeList                `yaml:"controllers" json:"controllers"`
	Containers              includeExcludeList                `yaml:"containers" json:"containers"`
	Target                  TargetKind                        `yaml:"target" json:"target"`
	SchemaTarget            TargetKind                        `yaml:"schemaTarget" json:"schemaTarget"`
	Schema                  map[string]interface{}            `yaml:"schema" json:"schema"`
	SchemaString            string                            `yaml:"schemaString" json:"schemaString"`
	Validator               jsonschema.RootSchema             `yaml:"-" json:"-"`
	AdditionalSchemas       map[string]map[string]interface{} `yaml:"additionalSchemas" json:"additionalSchemas"`
	AdditionalSchemaStrings map[string]string                 `yaml:"additionalSchemaStrings" json:"additionalSchemaStrings"`
	AdditionalValidators    map[string]jsonschema.RootSchema  `yaml:"-" json:"-"`
	Mutations               []Mutation                        `yaml:"mutations" json:"mutations"`
}

SchemaCheck is a Polaris check that runs using JSON Schema

func ParseCheck 

func ParseCheck(id string, rawBytes []byte) (SchemaCheck, error)

ParseCheck parses a check from a byte array

func (SchemaCheck) CheckAdditionalObjects 

func (check SchemaCheck) CheckAdditionalObjects(groupkind string, objects []interface{}) (bool, error)

CheckAdditionalObjects looks for an object that passes the specified additional schema

func (SchemaCheck) CheckContainer 

func (check SchemaCheck) CheckContainer(container *corev1.Container) (bool, []jsonschema.ValError, error)

CheckContainer checks a container spec against the schema

func (SchemaCheck) CheckController 

func (check SchemaCheck) CheckController(bytes []byte) (bool, []jsonschema.ValError, error)

CheckController checks a controler's spec against the schema

func (SchemaCheck) CheckObject 

func (check SchemaCheck) CheckObject(obj interface{}) (bool, []jsonschema.ValError, error)

CheckObject checks arbitrary data against the schema

func (SchemaCheck) CheckPodSpec 

func (check SchemaCheck) CheckPodSpec(pod *corev1.PodSpec) (bool, []jsonschema.ValError, error)

CheckPodSpec checks a pod spec against the schema

func (SchemaCheck) CheckPodTemplate 

func (check SchemaCheck) CheckPodTemplate(podTemplate interface{}) (bool, []jsonschema.ValError, error)

CheckPodTemplate checks a pod template against the schema

func (*SchemaCheck) Initialize 

func (check *SchemaCheck) Initialize(id string) error

Initialize sets up the schema

func (SchemaCheck) IsActionable 

func (check SchemaCheck) IsActionable(target TargetKind, kind string, isInit bool) bool

IsActionable decides if this check applies to a particular target

func (SchemaCheck) TemplateForResource 

func (check SchemaCheck) TemplateForResource(res interface{}) (*SchemaCheck, error)

TemplateForResource fills out a check's templated fields given a particular resource

type Severity 

type Severity string

Severity represents the severity of action to take (Ignore, Warning, Error). 

const (
	// SeverityIgnore ignores validation failures
	SeverityIgnore Severity = "ignore"

	// SeverityWarning warns on validation failures
	SeverityWarning Severity = "warning"

	// SeverityDanger errors on validation failures
	SeverityDanger Severity = "danger"
)

func (*Severity) IsActionable 

func (severity *Severity) IsActionable() bool

IsActionable returns true if the severity level is warning or error

type TargetKind 

type TargetKind string

TargetKind represents the part of the config to be validated 

const (
	// TargetController points to the controller's spec
	TargetController TargetKind = "Controller"
	// TargetContainer points to the container spec
	TargetContainer TargetKind = "Container"
	// TargetPodSpec points to the pod spec
	TargetPodSpec TargetKind = "PodSpec"
	// TargetPodTemplate points to the pod template
	TargetPodTemplate TargetKind = "PodTemplate"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.