package policy

apiserver – k8s.io/apiserver/pkg/audit/policy Index | Files

import "k8s.io/apiserver/pkg/audit/policy"

Index ¶

Constants
func AllLevels() sets.String
func AllStages() sets.String
func ConvertStagesToStrings(stages []audit.Stage) []string
func ConvertStringSetToStages(set sets.String) []audit.Stage
func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)
func InvertStages(stages []audit.Stage) []audit.Stage
func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)
func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)
type Checker

func FakeChecker(level audit.Level, stage []audit.Stage) Checker
func NewChecker(policy *audit.Policy) Checker

Constants ¶

const (
	// DefaultAuditLevel is the default level to audit at, if no policy rules are matched.
	DefaultAuditLevel = audit.LevelNone
)

Functions ¶

func AllLevels ¶

func AllLevels() sets.String

AllLevels returns all possible levels

func AllStages ¶

func AllStages() sets.String

AllStages returns all possible stages

func ConvertStagesToStrings ¶

func ConvertStagesToStrings(stages []audit.Stage) []string

ConvertStagesToStrings converts an array of stages to a string array

func ConvertStringSetToStages ¶

func ConvertStringSetToStages(set sets.String) []audit.Stage

ConvertStringSetToStages converts a string set to an array of stages

func EnforcePolicy ¶

func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)

EnforcePolicy drops any part of the event that doesn't conform to a policy level or omitStages and sets the event level accordingly

func InvertStages ¶

func InvertStages(stages []audit.Stage) []audit.Stage

InvertStages subtracts the given array of stages from all stages

func LoadPolicyFromBytes ¶

func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)

func LoadPolicyFromFile ¶

func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)

Types ¶

type Checker ¶

type Checker interface {
	// Check the audit level for a request with the given authorizer attributes.
	LevelAndStages(authorizer.Attributes) (audit.Level, []audit.Stage)
}

Checker exposes methods for checking the policy rules.

func FakeChecker ¶

func FakeChecker(level audit.Level, stage []audit.Stage) Checker

FakeChecker creates a checker that returns a constant level for all requests (for testing).

func NewChecker ¶

func NewChecker(policy *audit.Policy) Checker

NewChecker creates a new policy checker.

Source Files ¶

checker.go enforce.go reader.go util.go

Version: v0.22.14-rc.0
Published: Aug 17, 2022
Platform: js/wasm
Imports: 13 packages
Last checked: 1 minute ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples