config

package

v0.0.0-...-a5af7bb Latest Latest Go to latest Published: Feb 24, 2026 License: Apache-2.0 Imports: 22 Imported by: 13

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/fairwindsops/polaris

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func UnmarshalYAMLOrJSON(raw []byte, dest any) error
type Configuration
- func MergeConfigAndParseFile(customConfigPath string, mergeConfig bool) (Configuration, error)
- func Parse(rawBytes []byte) (Configuration, error)
- func (conf Configuration) IsActionable(ruleID string, objMeta metav1.Object, containerName string) bool
- func (conf Configuration) Validate() error
type Exemption
type Mutation
type SchemaCheck
- func ParseCheck(id string, rawBytes []byte) (SchemaCheck, error)
type Severity
- func (severity *Severity) IsActionable() bool
type TargetKind

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// BuiltInChecks contains the checks that come pre-installed w/ Polaris
	BuiltInChecks = map[string]SchemaCheck{}
)

View Source

var HandledTargets = []TargetKind{
	TargetController,
	TargetContainer,
	TargetPodSpec,
	TargetPodTemplate,
}

HandledTargets is a list of target names that are explicitly handled

Functions ¶

func UnmarshalYAMLOrJSON ¶

func UnmarshalYAMLOrJSON(raw []byte, dest any) error

UnmarshalYAMLOrJSON is a helper function to unmarshal data in an arbitrary format

Types ¶

type Configuration ¶

type Configuration struct {
	DisplayName                  string                 `json:"displayName"`
	Checks                       map[string]Severity    `json:"checks"`
	CustomChecks                 map[string]SchemaCheck `json:"customChecks"`
	Exemptions                   []Exemption            `json:"exemptions"`
	DisallowExemptions           bool                   `json:"disallowExemptions"`
	DisallowConfigExemptions     bool                   `json:"disallowConfigExemptions"`
	DisallowAnnotationExemptions bool                   `json:"disallowAnnotationExemptions"`
	Mutations                    []string               `json:"mutations"`
	KubeContext                  string                 `json:"kubeContext"`
	Namespace                    string                 `json:"namespace"`
}

Configuration contains all of the config for the validation checks.

func MergeConfigAndParseFile ¶

func MergeConfigAndParseFile(customConfigPath string, mergeConfig bool) (Configuration, error)

MergeConfigAndParseFile parses config from a file.

func Parse ¶

func Parse(rawBytes []byte) (Configuration, error)

Parse parses config from a byte array.

func (Configuration) IsActionable ¶

func (conf Configuration) IsActionable(ruleID string, objMeta metav1.Object, containerName string) bool

IsActionable determines whether a check is actionable given the current configuration

func (Configuration) Validate ¶

func (conf Configuration) Validate() error

Validate checks if a config is valid

type Exemption ¶

type Exemption struct {
	Rules           []string `json:"rules"`
	ControllerNames []string `json:"controllerNames"`
	ContainerNames  []string `json:"containerNames"`
	Namespace       string   `json:"namespace"`
}

Exemption represents an exemption to normal rules

type Mutation ¶

type Mutation struct {
	Path    string
	Op      string
	Value   any
	Comment string
}

Mutation defines how to change a YAML file, in the style of JSON Patch

type SchemaCheck ¶

type SchemaCheck struct {
	ID                      string                       `yaml:"id" json:"id"`
	Category                string                       `yaml:"category" json:"category"`
	SuccessMessage          string                       `yaml:"successMessage" json:"successMessage"`
	FailureMessage          string                       `yaml:"failureMessage" json:"failureMessage"`
	Controllers             includeExcludeList           `yaml:"controllers" json:"controllers"`
	Containers              includeExcludeList           `yaml:"containers" json:"containers"`
	Target                  TargetKind                   `yaml:"target" json:"target"`
	SchemaTarget            TargetKind                   `yaml:"schemaTarget" json:"schemaTarget"`
	Schema                  map[string]any               `yaml:"schema" json:"schema"`
	SchemaString            string                       `yaml:"schemaString" json:"schemaString"`
	Validator               jsonschema.Schema            `yaml:"-" json:"-"`
	AdditionalSchemas       map[string]map[string]any    `yaml:"additionalSchemas" json:"additionalSchemas"`
	AdditionalSchemaStrings map[string]string            `yaml:"additionalSchemaStrings" json:"additionalSchemaStrings"`
	AdditionalValidators    map[string]jsonschema.Schema `yaml:"-" json:"-"`
	Mutations               []Mutation                   `yaml:"mutations" json:"mutations"`
}

SchemaCheck is a Polaris check that runs using JSON Schema

func ParseCheck ¶

func ParseCheck(id string, rawBytes []byte) (SchemaCheck, error)

ParseCheck parses a check from a byte array

func (SchemaCheck) CheckAdditionalObjects ¶

func (check SchemaCheck) CheckAdditionalObjects(ctx context.Context, groupkind string, objects []any) (bool, error)

CheckAdditionalObjects looks for an object that passes the specified additional schema

func (SchemaCheck) CheckContainer ¶

func (check SchemaCheck) CheckContainer(ctx context.Context, container *corev1.Container) (bool, []jsonschema.KeyError, error)

CheckContainer checks a container spec against the schema

func (SchemaCheck) CheckController ¶

func (check SchemaCheck) CheckController(ctx context.Context, bytes []byte) (bool, []jsonschema.KeyError, error)

CheckController checks a controler's spec against the schema

func (SchemaCheck) CheckObject ¶

func (check SchemaCheck) CheckObject(ctx context.Context, obj any) (bool, []jsonschema.KeyError, error)

CheckObject checks arbitrary data against the schema

func (SchemaCheck) CheckPodSpec ¶

func (check SchemaCheck) CheckPodSpec(ctx context.Context, pod *corev1.PodSpec) (bool, []jsonschema.KeyError, error)

CheckPodSpec checks a pod spec against the schema

func (SchemaCheck) CheckPodTemplate ¶

func (check SchemaCheck) CheckPodTemplate(ctx context.Context, podTemplate any) (bool, []jsonschema.KeyError, error)

CheckPodTemplate checks a pod template against the schema

func (*SchemaCheck) Initialize ¶

func (check *SchemaCheck) Initialize(id string) error

Initialize sets up the schema

func (SchemaCheck) IsActionable ¶

func (check SchemaCheck) IsActionable(target TargetKind, kind string, isInit bool) bool

IsActionable decides if this check applies to a particular target

func (SchemaCheck) TemplateForResource ¶

func (check SchemaCheck) TemplateForResource(res any) (*SchemaCheck, error)

TemplateForResource fills out a check's templated fields given a particular resource

type Severity ¶

type Severity string

Severity represents the severity of action to take (Ignore, Warning, Error).

const (
	// SeverityIgnore ignores validation failures
	SeverityIgnore Severity = "ignore"

	// SeverityWarning warns on validation failures
	SeverityWarning Severity = "warning"

	// SeverityDanger errors on validation failures
	SeverityDanger Severity = "danger"
)

func (*Severity) IsActionable ¶

func (severity *Severity) IsActionable() bool

IsActionable returns true if the severity level is warning or error

type TargetKind ¶

type TargetKind string

TargetKind represents the part of the config to be validated

const (
	// TargetController points to the controller's spec
	TargetController TargetKind = "Controller"
	// TargetContainer points to the container spec
	TargetContainer TargetKind = "Container"
	// TargetPodSpec points to the pod spec
	TargetPodSpec TargetKind = "PodSpec"
	// TargetPodTemplate points to the pod template
	TargetPodTemplate TargetKind = "PodTemplate"
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL