Documentation
¶
Overview ¶
Package policy implements the VarmorPolicy and VarmorClusterPolicy controllers
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ValidateAddPolicy ¶ added in v0.9.1
ValidateAddPolicy validates policy objects for creation operations. This is a generic validation function that supports both VarmorPolicy and VarmorClusterPolicy types. It performs comprehensive validation checks including target specification, policy mode requirements, and naming constraints to ensure the policy can be safely created and processed by the controller.
Parameters:
- policy: The policy object to validate (can be *varmor.VarmorPolicy or *varmor.VarmorClusterPolicy)
- behaviorModelingEnabled: Flag indicating if the behavior modeling feature of vArmor is enabled
Returns:
- bool: true if validation passes, false otherwise
- string: Detailed error message if validation fails, empty string if validation passes
func ValidateUpdatePolicy ¶ added in v0.9.1
func ValidateUpdatePolicy(policy interface{}, oldEnforcer string, oldTarget varmor.Target) (bool, string)
ValidateUpdatePolicy validates policy objects for update operations. This is a generic validation function that supports both VarmorPolicy and VarmorClusterPolicy types. It performs comprehensive validation checks to ensure policy updates maintain consistency and do not violate system constraints, particularly for in-progress operations like behavior modeling.
Parameters:
- policy: The updated policy object to validate (can be *varmor.VarmorPolicy or *varmor.VarmorClusterPolicy)
- oldEnforcer: The previous enforcer configuration from the existing policy
- oldTarget: The previous target configuration from the existing policy
Returns:
- bool: true if validation passes, false otherwise
- string: Detailed error message if validation fails, empty string if validation passes
Types ¶
type ClusterPolicyController ¶ added in v0.5.4
type ClusterPolicyController struct {
// contains filtered or unexported fields
}
func NewClusterPolicyController ¶ added in v0.5.4
func NewClusterPolicyController( kubeClient *kubernetes.Clientset, varmorInterface varmorinterface.CrdV1beta1Interface, vcpInformer varmorinformer.VarmorClusterPolicyInformer, statusManager *statusmanager.StatusManager, egressCache map[string]varmortypes.EgressInfo, egressCacheMutex *sync.RWMutex, restartExistWorkloads bool, enableBehaviorModeling bool, enablePodServiceEgressControl bool, bpfExclusiveMode bool, log logr.Logger) (*ClusterPolicyController, error)
NewClusterPolicyController create a new ClusterPolicyController
func (*ClusterPolicyController) CleanUp ¶ added in v0.5.4
func (c *ClusterPolicyController) CleanUp()
func (*ClusterPolicyController) Run ¶ added in v0.5.4
func (c *ClusterPolicyController) Run(workers int, stopCh <-chan struct{})
Run begins watching and syncing.
type PolicyController ¶
type PolicyController struct {
// contains filtered or unexported fields
}
func NewPolicyController ¶
func NewPolicyController( kubeClient *kubernetes.Clientset, varmorInterface varmorinterface.CrdV1beta1Interface, vpInformer varmorinformer.VarmorPolicyInformer, statusManager *statusmanager.StatusManager, egressCache map[string]varmortypes.EgressInfo, egressCacheMutex *sync.RWMutex, restartExistWorkloads bool, enableBehaviorModeling bool, enablePodServiceEgressControl bool, bpfExclusiveMode bool, log logr.Logger) (*PolicyController, error)
NewPolicyController create a new PolicyController
func (*PolicyController) CleanUp ¶
func (c *PolicyController) CleanUp()
func (*PolicyController) Run ¶
func (c *PolicyController) Run(workers int, stopCh <-chan struct{})
Run begins watching and syncing.
Source Files