v1alpha1

package

v0.5.2 Latest Latest Go to latest Published: May 2, 2026 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/tjorri/paddock

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func SetupAuditEventWebhookWithManager(mgr ctrl.Manager) error
func SetupBrokerPolicyWebhookWithManager(mgr ctrl.Manager, sink auditing.Sink) error
func SetupClusterHarnessTemplateWebhookWithManager(mgr ctrl.Manager) error
func SetupHarnessRunWebhookWithManager(mgr ctrl.Manager, sink auditing.Sink) error
func SetupHarnessTemplateWebhookWithManager(mgr ctrl.Manager) error
func SetupWorkspaceWebhookWithManager(mgr ctrl.Manager) error
type AuditEventCustomValidator
type BrokerPolicyCustomValidator
type ClusterHarnessTemplateCustomValidator
type HarnessRunCustomValidator
type HarnessTemplateCustomValidator
type WorkspaceCustomValidator

Constants ¶

View Source

const MaxDiscoveryWindow = 7 * 24 * time.Hour

MaxDiscoveryWindow caps egressDiscovery.expiresAt to keep discovery windows short-lived. Operators who want a different cap need an operator-flag-tunable variant (deferred from v0.4).

View Source

const MaxTerminationGracePeriodSeconds = 300

MaxTerminationGracePeriodSeconds caps the per-template grace period at admission. F-42: a template with an unbounded grace period can keep an agent Pod (and its broker SA token + MITM CA bundle) alive for hours after `kubectl delete harnessrun`. 300s is generous for realistic harness shutdown and tight enough to bound credential exposure. Pre-1.0 hard break per CLAUDE.md.

Variables ¶

This section is empty.

Functions ¶

func SetupAuditEventWebhookWithManager ¶

func SetupAuditEventWebhookWithManager(mgr ctrl.Manager) error

SetupAuditEventWebhookWithManager registers the validating webhook for AuditEvent. AuditEvents are write-once: spec is sealed at creation.

func SetupBrokerPolicyWebhookWithManager ¶

func SetupBrokerPolicyWebhookWithManager(mgr ctrl.Manager, sink auditing.Sink) error

SetupBrokerPolicyWebhookWithManager registers the validating webhook for BrokerPolicy with the manager. sink receives one AuditEvent per admission decision; pass auditing.NoopSink{} in test environments.

func SetupClusterHarnessTemplateWebhookWithManager ¶

func SetupClusterHarnessTemplateWebhookWithManager(mgr ctrl.Manager) error

SetupClusterHarnessTemplateWebhookWithManager registers the validating webhook for ClusterHarnessTemplate with the manager.

func SetupHarnessRunWebhookWithManager ¶

func SetupHarnessRunWebhookWithManager(mgr ctrl.Manager, sink auditing.Sink) error

SetupHarnessRunWebhookWithManager registers the validating webhook for HarnessRun with the manager. The validator gets the manager's client so it can resolve the referenced template and intersect its requires with in-namespace BrokerPolicies (ADR-0014). sink receives one AuditEvent per admission decision; pass auditing.NoopSink{} in test environments.

func SetupHarnessTemplateWebhookWithManager ¶

func SetupHarnessTemplateWebhookWithManager(mgr ctrl.Manager) error

SetupHarnessTemplateWebhookWithManager registers the validating webhook for HarnessTemplate with the manager.

func SetupWorkspaceWebhookWithManager ¶

func SetupWorkspaceWebhookWithManager(mgr ctrl.Manager) error

SetupWorkspaceWebhookWithManager registers the validating webhook for Workspace with the manager.

Types ¶

type AuditEventCustomValidator ¶

type AuditEventCustomValidator struct{}

AuditEventCustomValidator enforces the write-once invariant and shape-checks the spec on create. See ADR-0016.

func (*AuditEventCustomValidator) ValidateCreate ¶

func (v *AuditEventCustomValidator) ValidateCreate(_ context.Context, ae *paddockv1alpha1.AuditEvent) (admission.Warnings, error)

func (*AuditEventCustomValidator) ValidateDelete ¶

func (v *AuditEventCustomValidator) ValidateDelete(_ context.Context, _ *paddockv1alpha1.AuditEvent) (admission.Warnings, error)

func (*AuditEventCustomValidator) ValidateUpdate ¶

func (v *AuditEventCustomValidator) ValidateUpdate(_ context.Context, oldAE, newAE *paddockv1alpha1.AuditEvent) (admission.Warnings, error)

type BrokerPolicyCustomValidator ¶

type BrokerPolicyCustomValidator struct {
	Sink auditing.Sink
}

BrokerPolicyCustomValidator enforces BrokerPolicy spec invariants:

appliesToTemplates has at least one entry;
every grant has the fields its provider kind requires;
UserSuppliedSecret declares deliveryMode (proxyInjected or inContainer);
built-in providers do not set deliveryMode;
credential names are unique within the policy;
egress hosts are non-empty and wildcard-valid;
every proxy-injected host is covered by an egress grant;
git repo tuples are complete;
spec.interception, when present, has exactly one of transparent or cooperativeAccepted (with accepted=true and a written reason);
spec.egressDiscovery, when present, has accepted=true, a reason ≥20 chars, and expiresAt in (now, now+7d].

Sink receives one AuditEvent per admission decision; a nil Sink is treated as a no-op (fail-open: audit unavailability never blocks admission).

func (*BrokerPolicyCustomValidator) ValidateCreate ¶

func (v *BrokerPolicyCustomValidator) ValidateCreate(ctx context.Context, bp *paddockv1alpha1.BrokerPolicy) (admission.Warnings, error)

func (*BrokerPolicyCustomValidator) ValidateDelete ¶

func (v *BrokerPolicyCustomValidator) ValidateDelete(_ context.Context, _ *paddockv1alpha1.BrokerPolicy) (admission.Warnings, error)

func (*BrokerPolicyCustomValidator) ValidateUpdate ¶

func (v *BrokerPolicyCustomValidator) ValidateUpdate(ctx context.Context, _, newBP *paddockv1alpha1.BrokerPolicy) (admission.Warnings, error)

type ClusterHarnessTemplateCustomValidator ¶

type ClusterHarnessTemplateCustomValidator struct{}

ClusterHarnessTemplateCustomValidator validates a ClusterHarnessTemplate on admission. A cluster-scoped template must carry its own pod shape and cannot inherit — see docs/contributing/adr/0003-template-override-semantics.md.

func (*ClusterHarnessTemplateCustomValidator) ValidateCreate ¶

func (v *ClusterHarnessTemplateCustomValidator) ValidateCreate(_ context.Context, tpl *paddockv1alpha1.ClusterHarnessTemplate) (admission.Warnings, error)

func (*ClusterHarnessTemplateCustomValidator) ValidateDelete ¶

func (v *ClusterHarnessTemplateCustomValidator) ValidateDelete(_ context.Context, _ *paddockv1alpha1.ClusterHarnessTemplate) (admission.Warnings, error)

func (*ClusterHarnessTemplateCustomValidator) ValidateUpdate ¶

func (v *ClusterHarnessTemplateCustomValidator) ValidateUpdate(_ context.Context, _, newTpl *paddockv1alpha1.ClusterHarnessTemplate) (admission.Warnings, error)

type HarnessRunCustomValidator ¶

type HarnessRunCustomValidator struct {
	Client client.Client
	Sink   auditing.Sink
}

HarnessRunCustomValidator enforces HarnessRun spec invariants:

exactly one of spec.prompt or spec.promptFrom;
spec.templateRef.name non-empty;
spec.extraEnv values do not use valueFrom in any shape (v0.3: runtime-resolved env values must flow through the broker or an explicit spec field; see ADR-0015 and spec 0002 §5.4);
spec immutable after creation;
(v0.3, M2 placeholder) the referenced template must not declare a non-empty requires block until the broker lands in M3. Admission against such templates is rejected with a clear diagnostic; the full BrokerPolicy intersection algorithm replaces this check in M3 (ADR-0014).

Client is optional — test code constructs the validator without one, which skips the cross-object requires check. Production installs always wire the manager's client via SetupHarnessRunWebhookWithManager. Sink receives one AuditEvent per admission decision; a nil Sink is treated as a no-op (fail-open: audit unavailability never blocks admission).

func (*HarnessRunCustomValidator) ValidateCreate ¶

func (v *HarnessRunCustomValidator) ValidateCreate(ctx context.Context, run *paddockv1alpha1.HarnessRun) (admission.Warnings, error)

func (*HarnessRunCustomValidator) ValidateDelete ¶

func (v *HarnessRunCustomValidator) ValidateDelete(_ context.Context, _ *paddockv1alpha1.HarnessRun) (admission.Warnings, error)

func (*HarnessRunCustomValidator) ValidateUpdate ¶

func (v *HarnessRunCustomValidator) ValidateUpdate(ctx context.Context, oldRun, newRun *paddockv1alpha1.HarnessRun) (admission.Warnings, error)

type HarnessTemplateCustomValidator ¶

type HarnessTemplateCustomValidator struct{}

HarnessTemplateCustomValidator validates a HarnessTemplate on admission. See docs/contributing/adr/0003-template-override-semantics.md for rules.

func (*HarnessTemplateCustomValidator) ValidateCreate ¶

func (v *HarnessTemplateCustomValidator) ValidateCreate(_ context.Context, tpl *paddockv1alpha1.HarnessTemplate) (admission.Warnings, error)

func (*HarnessTemplateCustomValidator) ValidateDelete ¶

func (v *HarnessTemplateCustomValidator) ValidateDelete(_ context.Context, _ *paddockv1alpha1.HarnessTemplate) (admission.Warnings, error)

func (*HarnessTemplateCustomValidator) ValidateUpdate ¶

func (v *HarnessTemplateCustomValidator) ValidateUpdate(_ context.Context, _, newTpl *paddockv1alpha1.HarnessTemplate) (admission.Warnings, error)

type WorkspaceCustomValidator ¶

type WorkspaceCustomValidator struct{}

WorkspaceCustomValidator enforces Workspace spec invariants:

spec.storage.size must be > 0;
if spec.seed is set, exactly one seed source is selected;
spec.storage and spec.seed are immutable after creation.

func (*WorkspaceCustomValidator) ValidateCreate ¶

func (v *WorkspaceCustomValidator) ValidateCreate(_ context.Context, ws *paddockv1alpha1.Workspace) (admission.Warnings, error)

func (*WorkspaceCustomValidator) ValidateDelete ¶

func (v *WorkspaceCustomValidator) ValidateDelete(_ context.Context, _ *paddockv1alpha1.Workspace) (admission.Warnings, error)

func (*WorkspaceCustomValidator) ValidateUpdate ¶

func (v *WorkspaceCustomValidator) ValidateUpdate(_ context.Context, oldWS, newWS *paddockv1alpha1.Workspace) (admission.Warnings, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL