package policy

apiserver – k8s.io/apiserver/pkg/audit/policy Index | Files

import "k8s.io/apiserver/pkg/audit/policy"

const (
	// DefaultAuditLevel is the default level to audit at, if no policy rules are matched.
	DefaultAuditLevel = audit.LevelNone
)

func AllLevels() sets.String

AllLevels returns all possible levels

func AllStages() sets.String

AllStages returns all possible stages

func ConvertStagesToStrings(stages []audit.Stage) []string

ConvertStagesToStrings converts an array of stages to a string array

func ConvertStringSetToStages(set sets.String) []audit.Stage

ConvertStringSetToStages converts a string set to an array of stages

func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)

EnforcePolicy drops any part of the event that doesn't conform to a policy level or omitStages and sets the event level accordingly

func InvertStages(stages []audit.Stage) []audit.Stage

InvertStages subtracts the given array of stages from all stages

func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)

func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)

func NewFakePolicyRuleEvaluator(level audit.Level, stage []audit.Stage) auditinternal.PolicyRuleEvaluator

NewFakePolicyRuleEvaluator creates a fake policy rule evaluator that returns a constant level for all requests (for testing).

func NewPolicyRuleEvaluator(policy *audit.Policy) auditinternal.PolicyRuleEvaluator

NewPolicyRuleEvaluator creates a new policy rule evaluator.

checker.go enforce.go reader.go util.go

Tools for package owners.