Documentation
¶
Overview ¶
Package policyrestrictions provides shared aggregation helpers for Fleet Policy enforcement. It is used by the GitRepo, HelmOp, and Bundle reconcilers.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsAllowed ¶
IsAllowed validates currentValue against an optional allowedValues list, applying defaultValue when currentValue is empty. Returns (resolved value, nil) on success, or (currentValue, error) when the value is disallowed.
func IsAllowedByRegex ¶
IsAllowedByRegex validates currentValue against a list of regex patterns, applying defaultValue when currentValue is empty. Patterns may also match verbatim (for compatibility with plain-string allow-lists). Returns (resolved value, nil) on success, or (currentValue, error) when no pattern matches.
Types ¶
type Merged ¶
type Merged struct {
RequireServiceAccount bool
AllowedServiceAccounts []string
// GitRepo-specific
GitDefaultServiceAccount string
GitDefaultClientSecretName string
GitAllowedClientSecretNames []string
GitAllowedRepoPatterns []string
// HelmOp-specific
HelmDefaultServiceAccount string
HelmDefaultHelmSecretName string
HelmAllowedHelmSecretNames []string
HelmAllowedRepoPatterns []string
HelmAllowedChartPatterns []string
}
Merged is the aggregated result of one or more Policy objects in a namespace.
Source Files