Documentation
¶
Index ¶
Constants ¶
View Source
const ( CommandTypeKubectl = "kubectl" CommandTypeHelm = "helm" CommandTypeCilium = "cilium" )
Command type constants
Variables ¶
View Source
var ( // KubectlReadOperations defines kubectl operations that don't modify state KubectlReadOperations = []string{ "get", "describe", "explain", "logs", "top", "auth", "config", "cluster-info", "api-resources", "api-versions", "version", "diff", "completion", "help", "kustomize", "options", "plugin", "proxy", "wait", "cp", } // HelmReadOperations defines helm operations that don't modify state HelmReadOperations = []string{ "get", "history", "list", "show", "status", "search", "repo", "env", "version", "verify", "completion", "help", } // CiliumReadOperations defines cilium operations that don't modify state CiliumReadOperations = []string{ "status", "version", "config", "help", "context", "connectivity", "endpoint", "identity", "ip", "map", "metrics", "monitor", "policy", "hubble", "bpf", "list", "observe", "service", } )
Functions ¶
This section is empty.
Types ¶
type SecurityConfig ¶
type SecurityConfig struct {
// ReadOnly mode prevents write operations
ReadOnly bool
// contains filtered or unexported fields
}
SecurityConfig holds security-related configuration
func NewSecurityConfig ¶
func NewSecurityConfig() *SecurityConfig
NewSecurityConfig creates a new SecurityConfig instance
func (*SecurityConfig) IsNamespaceAllowed ¶
func (s *SecurityConfig) IsNamespaceAllowed(namespace string) bool
IsNamespaceAllowed checks if a namespace is allowed to be accessed
func (*SecurityConfig) SetAllowedNamespaces ¶
func (s *SecurityConfig) SetAllowedNamespaces(namespaces string)
SetAllowedNamespaces sets the list of allowed namespaces
type ValidationError ¶
type ValidationError struct {
Message string
}
ValidationError represents a security validation error
func (*ValidationError) Error ¶
func (e *ValidationError) Error() string
type Validator ¶
type Validator struct {
// contains filtered or unexported fields
}
Validator handles validation of commands against security configuration
func NewValidator ¶
func NewValidator(secConfig *SecurityConfig) *Validator
NewValidator creates a new Validator instance with the given security configuration
func (*Validator) ValidateCommand ¶
ValidateCommand validates a command against all security settings
Source Files
Click to show internal directories.
Click to hide internal directories.