k8s.io/apiserver@v0.31.1/pkg/admission/plugin/policy/generic/interfaces.go

k8s.io/apiserver@v0.31.1/pkg/admission/plugin/policy/generic/interfaces.go (about)

     1  /*
     2  Copyright 2024 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package generic
    18  
    19  import (
    20  	"context"
    21  
    22  	"k8s.io/apiserver/pkg/admission"
    23  )
    24  
    25  // Hook represents a dynamic admission hook. The hook may be a webhook or a
    26  // policy. For webhook, the Hook may describe how to contact the endpoint, expected
    27  // cert, etc. For policies, the hook may describe a compiled policy-binding pair.
    28  type Hook interface {
    29  	// All hooks are expected to contain zero or more match conditions, object
    30  	// selectors, namespace selectors to help the dispatcher decide when to apply
    31  	// the hook.
    32  	//
    33  	// Methods of matching logic is applied are specific to the hook and left up
    34  	// to the implementation.
    35  }
    36  
    37  // Source can list dynamic admission plugins.
    38  type Source[H Hook] interface {
    39  	// Hooks returns the list of currently known admission hooks.
    40  	Hooks() []H
    41  
    42  	// Run the source. This method should be called only once at startup.
    43  	Run(ctx context.Context) error
    44  
    45  	// HasSynced returns true if the source has completed its initial sync.
    46  	HasSynced() bool
    47  }
    48  
    49  // Dispatcher dispatches evaluates an admission request against the currently
    50  // active hooks returned by the source.
    51  type Dispatcher[H Hook] interface {
    52  	// Dispatch a request to the policies. Dispatcher may choose not to
    53  	// call a hook, either because the rules of the hook does not match, or
    54  	// the namespaceSelector or the objectSelector of the hook does not
    55  	// match. A non-nil error means the request is rejected.
    56  	Dispatch(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces, hooks []H) error
    57  }
    58  
    59  // An evaluator represents a compiled CEL expression that can be evaluated a
    60  // given a set of inputs used by the generic PolicyHook for Mutating and
    61  // ValidatingAdmissionPolicy.
    62  // Mutating and Validating may have different forms of evaluators
    63  type Evaluator interface {
    64  }