mirror of
https://github.com/kyverno/kyverno.git
synced 2025-01-20 18:52:16 +00:00
bd71af3291
* chore: refactor Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add foreach for generate.daya to api Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: refactor generator Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update rule validation Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update rule validation -2 Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: support foreach.data Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: policy validation Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: context variables Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add a chainsaw test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: sync on policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: enable new chainsaw tests in CI Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update code-gen Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: validate targets scope for ns-policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: remove unreasonable test Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
56 lines
1.8 KiB
Go
56 lines
1.8 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
|
|
)
|
|
|
|
// EngineContextLoader provides a function to load context entries from the various clients initialized with the engine ones
|
|
type EngineContextLoader = func(ctx context.Context, contextEntries []kyvernov1.ContextEntry, jsonContext enginecontext.Interface) error
|
|
|
|
// EngineContextLoaderFactory provides an EngineContextLoader given a policy and rule name
|
|
type EngineContextLoaderFactory = func(policy kyvernov1.PolicyInterface, rule kyvernov1.Rule) EngineContextLoader
|
|
|
|
// Engine is the main interface to run policies against resources
|
|
type Engine interface {
|
|
// Validate applies validation rules from policy on the resource
|
|
Validate(
|
|
ctx context.Context,
|
|
policyContext PolicyContext,
|
|
) EngineResponse
|
|
|
|
// Mutate performs mutation. Overlay first and then mutation patches
|
|
Mutate(
|
|
ctx context.Context,
|
|
policyContext PolicyContext,
|
|
) EngineResponse
|
|
|
|
// Generate checks for validity of generate rule on the resource
|
|
Generate(
|
|
ctx context.Context,
|
|
policyContext PolicyContext,
|
|
) EngineResponse
|
|
|
|
// VerifyAndPatchImages ...
|
|
VerifyAndPatchImages(
|
|
ctx context.Context,
|
|
policyContext PolicyContext,
|
|
) (EngineResponse, ImageVerificationMetadata)
|
|
|
|
// ApplyBackgroundChecks checks for validity of generate and mutateExisting rules on the resource
|
|
// 1. validate variables to be substitute in the general ruleInfo (match,exclude,condition)
|
|
// - the caller has to check the ruleResponse to determine whether the path exist
|
|
//
|
|
// 2. returns the list of rules that are applicable on this policy and resource, if 1 succeed
|
|
ApplyBackgroundChecks(
|
|
ctx context.Context,
|
|
policyContext PolicyContext,
|
|
) EngineResponse
|
|
|
|
ContextLoader(
|
|
policy kyvernov1.PolicyInterface,
|
|
rule kyvernov1.Rule,
|
|
) EngineContextLoader
|
|
}
|