var clusterScopedParamsGVK …
var paramsGVK …
var denyPolicy …
var fakeParams …
var denyBinding …
var denyBindingWithNoParamRef …
var denyBindingWithAudit …
var denyBindingWithWarn …
var denyBindingWithAll …
func newParam(name, namespace string, labels map[string]string) *unstructured.Unstructured { … }
func newClusterScopedParam(name string, labels map[string]string) *unstructured.Unstructured { … }
var _ …
type validateFunc …
type fakeCompiler …
func (f *fakeCompiler) getNumCompiles(p *validating.Policy) int { … }
func (f *fakeCompiler) RegisterDefinition(definition *validating.Policy, vf validateFunc) { … }
func (f *fakeCompiler) CompilePolicy(policy *validating.Policy) validating.Validator { … }
func (f validateFunc) Validate(
ctx context.Context,
matchResource schema.GroupVersionResource,
versionedAttr *admission.VersionedAttributes,
versionedParams runtime.Object,
namespace *v1.Namespace,
runtimeCELCostBudget int64,
authz authorizer.Authorizer,
) validating.ValidateResult { … }
var _ …
func (f *fakeMatcher) ValidateInitialization() error { … }
func (f *fakeMatcher) GetNamespace(name string) (*v1.Namespace, error) { … }
type fakeMatcher …
func (f *fakeMatcher) RegisterDefinition(definition *admissionregistrationv1.ValidatingAdmissionPolicy, matchFunc func(generic.PolicyAccessor, admission.Attributes) bool) { … }
func (f *fakeMatcher) RegisterBinding(binding *admissionregistrationv1.ValidatingAdmissionPolicyBinding, matchFunc func(generic.BindingAccessor, admission.Attributes) bool) { … }
func (f *fakeMatcher) DefinitionMatches(a admission.Attributes, o admission.ObjectInterfaces, definition generic.PolicyAccessor) (bool, schema.GroupVersionResource, schema.GroupVersionKind, error) { … }
func (f *fakeMatcher) BindingMatches(a admission.Attributes, o admission.ObjectInterfaces, binding generic.BindingAccessor) (bool, error) { … }
func setupFakeTest(t *testing.T, comp *fakeCompiler, match *fakeMatcher) *generic.PolicyTestContext[*validating.Policy, *validating.PolicyBinding, validating.Validator] { … }
func setupTestCommon(
t *testing.T,
compiler *fakeCompiler,
matcher generic.PolicyMatcher,
shouldStartInformers bool,
) *generic.PolicyTestContext[*validating.Policy, *validating.PolicyBinding, validating.Validator] { … }
func attributeRecord(
old, new runtime.Object,
operation admission.Operation,
) *FakeAttributes { … }
func ptrTo[T any](obj T) *T { … }
func TestPluginNotReady(t *testing.T) { … }
func TestBasicPolicyDefinitionFailure(t *testing.T) { … }
func TestDefinitionDoesntMatch(t *testing.T) { … }
func TestReconfigureBinding(t *testing.T) { … }
func TestRemoveDefinition(t *testing.T) { … }
func TestRemoveBinding(t *testing.T) { … }
func TestInvalidParamSourceGVK(t *testing.T) { … }
func TestInvalidParamSourceInstanceName(t *testing.T) { … }
func TestEmptyParamRef(t *testing.T) { … }
func TestEmptyParamSource(t *testing.T) { … }
func TestMultiplePoliciesSharedParamType(t *testing.T) { … }
func TestNativeTypeParam(t *testing.T) { … }
func TestAuditValidationAction(t *testing.T) { … }
func TestWarnValidationAction(t *testing.T) { … }
func TestAllValidationActions(t *testing.T) { … }
func TestNamespaceParamRefName(t *testing.T) { … }
func TestParamRef(t *testing.T) { … }
func testParamRefCase(t *testing.T, paramIsClusterScoped, nameIsSet, namespaceIsSet, selectorIsSet, denyNotFound bool) { … }
func TestNamespaceParamRefClusterScopedParamError(t *testing.T) { … }
func TestAuditAnnotations(t *testing.T) { … }
type FakeAttributes …
func (f *FakeAttributes) AddAnnotation(k, v string) error { … }
func (f *FakeAttributes) AddAnnotationWithLevel(k, v string, _ auditinternal.Level) error { … }
func (f *FakeAttributes) GetAnnotations(_ auditinternal.Level) map[string]string { … }
type warningRecorder …
func newWarningRecorder() *warningRecorder { … }
func (r *warningRecorder) AddWarning(_, text string) { … }
func (r *warningRecorder) hasWarning(text string) bool { … }
func (r *warningRecorder) len() int { … }