Documentation ¶
Index ¶
- Variables
- func UnmarshalYAMLOrJSON(raw []byte, dest interface{}) error
- type Configuration
- type Exemption
- type Mutation
- type SchemaCheck
- func (check SchemaCheck) CheckAdditionalObjects(groupkind string, objects []interface{}) (bool, error)
- func (check SchemaCheck) CheckContainer(container *corev1.Container) (bool, []jsonschema.ValError, error)
- func (check SchemaCheck) CheckController(bytes []byte) (bool, []jsonschema.ValError, error)
- func (check SchemaCheck) CheckObject(obj interface{}) (bool, []jsonschema.ValError, error)
- func (check SchemaCheck) CheckPodSpec(pod *corev1.PodSpec) (bool, []jsonschema.ValError, error)
- func (check SchemaCheck) CheckPodTemplate(podTemplate interface{}) (bool, []jsonschema.ValError, error)
- func (check *SchemaCheck) Initialize(id string) error
- func (check SchemaCheck) IsActionable(target TargetKind, kind string, isInit bool) bool
- func (check SchemaCheck) TemplateForResource(res interface{}) (*SchemaCheck, error)
- type Severity
- type TargetKind
Constants ¶
This section is empty.
Variables ¶
var ( // BuiltInChecks contains the checks that come pre-installed w/ Polaris BuiltInChecks = map[string]SchemaCheck{} )
var HandledTargets = []TargetKind{ TargetController, TargetContainer, TargetPodSpec, TargetPodTemplate, }
HandledTargets is a list of target names that are explicitly handled
Functions ¶
func UnmarshalYAMLOrJSON ¶
UnmarshalYAMLOrJSON is a helper function to unmarshal data in an arbitrary format
Types ¶
type Configuration ¶
type Configuration struct { DisplayName string `json:"displayName"` Checks map[string]Severity `json:"checks"` CustomChecks map[string]SchemaCheck `json:"customChecks"` Exemptions []Exemption `json:"exemptions"` DisallowExemptions bool `json:"disallowExemptions"` DisallowConfigExemptions bool `json:"disallowConfigExemptions"` DisallowAnnotationExemptions bool `json:"disallowAnnotationExemptions"` Mutations []string `json:"mutations"` KubeContext string `json:"kubeContext"` Namespace string `json:"namespace"` }
Configuration contains all of the config for the validation checks.
func Parse ¶
func Parse(rawBytes []byte) (Configuration, error)
Parse parses config from a byte array.
func ParseFile ¶
func ParseFile(path string) (Configuration, error)
ParseFile parses config from a file.
func (Configuration) IsActionable ¶
func (conf Configuration) IsActionable(ruleID string, objMeta metav1.Object, containerName string) bool
IsActionable determines whether a check is actionable given the current configuration
func (Configuration) Validate ¶
func (conf Configuration) Validate() error
Validate checks if a config is valid
type Exemption ¶
type Exemption struct { Rules []string `json:"rules"` ControllerNames []string `json:"controllerNames"` ContainerNames []string `json:"containerNames"` Namespace string `json:"namespace"` }
Exemption represents an exemption to normal rules
type SchemaCheck ¶
type SchemaCheck struct { ID string `yaml:"id" json:"id"` Category string `yaml:"category" json:"category"` SuccessMessage string `yaml:"successMessage" json:"successMessage"` FailureMessage string `yaml:"failureMessage" json:"failureMessage"` Controllers includeExcludeList `yaml:"controllers" json:"controllers"` Containers includeExcludeList `yaml:"containers" json:"containers"` Target TargetKind `yaml:"target" json:"target"` SchemaTarget TargetKind `yaml:"schemaTarget" json:"schemaTarget"` Schema map[string]interface{} `yaml:"schema" json:"schema"` SchemaString string `yaml:"schemaString" json:"schemaString"` Validator jsonschema.RootSchema `yaml:"-" json:"-"` AdditionalSchemas map[string]map[string]interface{} `yaml:"additionalSchemas" json:"additionalSchemas"` AdditionalSchemaStrings map[string]string `yaml:"additionalSchemaStrings" json:"additionalSchemaStrings"` AdditionalValidators map[string]jsonschema.RootSchema `yaml:"-" json:"-"` Mutations []Mutation `yaml:"mutations" json:"mutations"` }
SchemaCheck is a Polaris check that runs using JSON Schema
func ParseCheck ¶
func ParseCheck(id string, rawBytes []byte) (SchemaCheck, error)
ParseCheck parses a check from a byte array
func (SchemaCheck) CheckAdditionalObjects ¶
func (check SchemaCheck) CheckAdditionalObjects(groupkind string, objects []interface{}) (bool, error)
CheckAdditionalObjects looks for an object that passes the specified additional schema
func (SchemaCheck) CheckContainer ¶
func (check SchemaCheck) CheckContainer(container *corev1.Container) (bool, []jsonschema.ValError, error)
CheckContainer checks a container spec against the schema
func (SchemaCheck) CheckController ¶
func (check SchemaCheck) CheckController(bytes []byte) (bool, []jsonschema.ValError, error)
CheckController checks a controler's spec against the schema
func (SchemaCheck) CheckObject ¶
func (check SchemaCheck) CheckObject(obj interface{}) (bool, []jsonschema.ValError, error)
CheckObject checks arbitrary data against the schema
func (SchemaCheck) CheckPodSpec ¶
func (check SchemaCheck) CheckPodSpec(pod *corev1.PodSpec) (bool, []jsonschema.ValError, error)
CheckPodSpec checks a pod spec against the schema
func (SchemaCheck) CheckPodTemplate ¶
func (check SchemaCheck) CheckPodTemplate(podTemplate interface{}) (bool, []jsonschema.ValError, error)
CheckPodTemplate checks a pod template against the schema
func (*SchemaCheck) Initialize ¶
func (check *SchemaCheck) Initialize(id string) error
Initialize sets up the schema
func (SchemaCheck) IsActionable ¶
func (check SchemaCheck) IsActionable(target TargetKind, kind string, isInit bool) bool
IsActionable decides if this check applies to a particular target
func (SchemaCheck) TemplateForResource ¶
func (check SchemaCheck) TemplateForResource(res interface{}) (*SchemaCheck, error)
TemplateForResource fills out a check's templated fields given a particular resource
type Severity ¶
type Severity string
Severity represents the severity of action to take (Ignore, Warning, Error).
func (*Severity) IsActionable ¶
IsActionable returns true if the severity level is warning or error
type TargetKind ¶
type TargetKind string
TargetKind represents the part of the config to be validated
const ( // TargetController points to the controller's spec TargetController TargetKind = "Controller" // TargetContainer points to the container spec TargetContainer TargetKind = "Container" // TargetPodSpec points to the pod spec TargetPodSpec TargetKind = "PodSpec" // TargetPodTemplate points to the pod template TargetPodTemplate TargetKind = "PodTemplate" )