Documentation ¶
Overview ¶
This is carried from github.com/operator-framework/operator-sdk/pkg/status
Package v1alpha1 contains API Schema definitions for the complianceoperator v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=compliance.openshift.io
Package v1alpha1 contains API Schema definitions for the complianceoperator v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=compliance.openshift.io
Index ¶
- Constants
- Variables
- func AddRemediationAnnotation(obj metav1.Object)
- func RemediationWasCreatedByOperator(obj metav1.Object) bool
- type ComplianceCheckResult
- type ComplianceCheckResultList
- type ComplianceCheckResultSeverity
- type ComplianceCheckStatus
- type ComplianceRemediation
- func (r *ComplianceRemediation) AddOwnershipLabels(obj metav1.Object)
- func (in *ComplianceRemediation) DeepCopy() *ComplianceRemediation
- func (in *ComplianceRemediation) DeepCopyInto(out *ComplianceRemediation)
- func (in *ComplianceRemediation) DeepCopyObject() runtime.Object
- func (r *ComplianceRemediation) GetEnforcementType() string
- func (r *ComplianceRemediation) GetMcName() string
- func (r *ComplianceRemediation) GetScan() string
- func (r *ComplianceRemediation) GetSuite() string
- func (r *ComplianceRemediation) HasAnnotation(ann string) bool
- func (r *ComplianceRemediation) HasLabel(label string) bool
- func (r *ComplianceRemediation) HasUnmetDependencies() bool
- func (r *ComplianceRemediation) HasUnmetKubeDependencies() bool
- func (r *ComplianceRemediation) IsApplied() bool
- func (r *ComplianceRemediation) ParseRemediationDependencyRefs() ([]RemediationObjectDependencyReference, error)
- func (r *ComplianceRemediation) RemediationPayloadDiffers(other *ComplianceRemediation) bool
- type ComplianceRemediationList
- type ComplianceRemediationPayload
- type ComplianceRemediationSpec
- type ComplianceRemediationSpecMeta
- type ComplianceRemediationStatus
- type ComplianceScan
- func (in *ComplianceScan) DeepCopy() *ComplianceScan
- func (in *ComplianceScan) DeepCopyInto(out *ComplianceScan)
- func (in *ComplianceScan) DeepCopyObject() runtime.Object
- func (cs *ComplianceScan) GetScanType() ComplianceScanType
- func (cs *ComplianceScan) GetScanTypeIfValid() (ComplianceScanType, error)
- func (cs *ComplianceScan) IsStrictNodeScan() bool
- func (cs *ComplianceScan) NeedsRescan() bool
- func (cs *ComplianceScan) RemediationEnforcementIsOff() bool
- func (cs *ComplianceScan) RemediationEnforcementTypeMatches(etype string) bool
- type ComplianceScanList
- type ComplianceScanSettings
- type ComplianceScanSpec
- type ComplianceScanSpecWrapper
- type ComplianceScanStatus
- func (in *ComplianceScanStatus) DeepCopy() *ComplianceScanStatus
- func (in *ComplianceScanStatus) DeepCopyInto(out *ComplianceScanStatus)
- func (s *ComplianceScanStatus) SetConditionInvalid()
- func (s *ComplianceScanStatus) SetConditionPending()
- func (s *ComplianceScanStatus) SetConditionReady()
- func (s *ComplianceScanStatus) SetConditionsProcessing()
- type ComplianceScanStatusPhase
- type ComplianceScanStatusResult
- type ComplianceScanStatusWrapper
- type ComplianceScanType
- type ComplianceSuite
- func (s *ComplianceSuite) ApplyRemediationsAnnotationSet() bool
- func (in *ComplianceSuite) DeepCopy() *ComplianceSuite
- func (in *ComplianceSuite) DeepCopyInto(out *ComplianceSuite)
- func (in *ComplianceSuite) DeepCopyObject() runtime.Object
- func (s *ComplianceSuite) IsResultAvailable() bool
- func (s *ComplianceSuite) LowestCommonResult() ComplianceScanStatusResult
- func (s *ComplianceSuite) LowestCommonState() ComplianceScanStatusPhase
- func (s *ComplianceSuite) RemoveOutdatedAnnotationSet() bool
- func (s *ComplianceSuite) ShouldApplyRemediations() bool
- func (s *ComplianceSuite) ShouldRemoveOutdated() bool
- type ComplianceSuiteList
- type ComplianceSuiteSettings
- type ComplianceSuiteSpec
- type ComplianceSuiteStatus
- func (in *ComplianceSuiteStatus) DeepCopy() *ComplianceSuiteStatus
- func (in *ComplianceSuiteStatus) DeepCopyInto(out *ComplianceSuiteStatus)
- func (s *ComplianceSuiteStatus) SetConditionInvalid()
- func (s *ComplianceSuiteStatus) SetConditionPending()
- func (s *ComplianceSuiteStatus) SetConditionReady()
- func (s *ComplianceSuiteStatus) SetConditionsProcessing()
- type Condition
- type ConditionReason
- type ConditionType
- type Conditions
- func (in Conditions) DeepCopy() Conditions
- func (in Conditions) DeepCopyInto(out *Conditions)
- func (conditions Conditions) GetCondition(t ConditionType) *Condition
- func (conditions Conditions) IsFalseFor(t ConditionType) bool
- func (conditions Conditions) IsTrueFor(t ConditionType) bool
- func (conditions Conditions) IsUnknownFor(t ConditionType) bool
- func (conditions Conditions) MarshalJSON() ([]byte, error)
- func (conditions *Conditions) RemoveCondition(t ConditionType) bool
- func (conditions *Conditions) SetCondition(newCond Condition) bool
- func (conditions *Conditions) SetConditionInvalid(what string)
- func (conditions *Conditions) SetConditionPending(what string)
- func (conditions *Conditions) SetConditionReady(what string)
- func (conditions *Conditions) SetConditionsProcessing(what string)
- type DataStreamStatusType
- type FixDefinition
- type NamedObjectReference
- type OutputRef
- type Profile
- type ProfileBundle
- type ProfileBundleList
- type ProfileBundleSpec
- type ProfileBundleStatus
- type ProfileList
- type ProfilePayload
- type ProfileRule
- type ProfileValue
- type RawResultStorageSettings
- type RemediationApplicationState
- type RemediationObjectDependencyReference
- type RemediationType
- type Rule
- type RuleList
- type RulePayload
- type RuleReferenceSpec
- type ScanSetting
- type ScanSettingBinding
- type ScanSettingBindingList
- type ScanSettingBindingSpec
- type ScanSettingBindingStatus
- func (in *ScanSettingBindingStatus) DeepCopy() *ScanSettingBindingStatus
- func (in *ScanSettingBindingStatus) DeepCopyInto(out *ScanSettingBindingStatus)
- func (s *ScanSettingBindingStatus) SetConditionInvalid(msg string)
- func (s *ScanSettingBindingStatus) SetConditionPending()
- func (s *ScanSettingBindingStatus) SetConditionReady()
- type ScanSettingList
- type StorageReference
- type TailoredProfile
- type TailoredProfileList
- type TailoredProfileSpec
- type TailoredProfileState
- type TailoredProfileStatus
- type TailoringConfigMapRef
- type ValueSelection
- type Variable
- type VariableList
- type VariablePayload
- type VariableType
- type VariableValueSpec
Constants ¶
const ( RemediationEnforcementEmpty string = "" RemediationEnforcementOff string = "off" RemediationEnforcementAll string = "all" )
const ( // OutdatedRemediationLabel specifies that the remediation has been superseded by a newer version. OutdatedRemediationLabel = "complianceoperator.openshift.io/outdated-remediation" // RemediationHasUnmetDependenciesLabel specifies that a remediation has unmet dependencies // and thus cannot be applied. RemediationHasUnmetDependenciesLabel = "compliance.openshift.io/has-unmet-dependencies" // RemediationUnsetValueLabel specifies that a remediation requires a value // to be set. RemediationUnsetValueLabel = "compliance.openshift.io/has-unset-variable" // RemediationValueRequiredProcessedLabel specifies that a remediation's needed value // has been processed. RemediationValueRequiredProcessedLabel = "compliance.openshift.io/value-required-processed" // RemediationCreatedByOperatorAnnotation specifies that a remediation was // created by the Compliance Operator; this is used for the Compliance Operator to // know whether it can delete the object or not when un-applying a remediation. RemediationCreatedByOperatorAnnotation = "compliance.openshift.io/remediation" // RemediationNodeRoleAnnotation specifies that a remediation applies to a node role. RemediationNodeRoleAnnotation = "compliance.openshift.io/node-role" // RemediationDependencyAnnotation specifies that a remediation depends on // an XCCDF rule passing in order to be applied. RemediationDependencyAnnotation = "compliance.openshift.io/depends-on" // RemediationObjectDependencyAnnotation specifies that a remediation depends on // another Kubernetes object existing in order to be applied. RemediationObjectDependencyAnnotation = "compliance.openshift.io/depends-on-obj" // RemediationDependenciesMetAnnotation specifies that a remediation's dependencies // have been met. RemediationDependenciesMetAnnotation = "compliance.openshift.io/dependencies-met" // RemediationOptionalAnnotation specifies that a remediation is optional, // and thus failures applying it are to be ignored. RemediationOptionalAnnotation = "compliance.openshift.io/optional" // RemediationEnforcementTypeAnnotation specifies that a remediation is // of a certain policy enforcement type. This generally marks the engine // that the policy will be evaluated with. e.g. gatekeeper RemediationEnforcementTypeAnnotation = "compliance.openshift.io/enforcement-type" // RemediationValueRequiredAnnotation specifies that a remediation requires // a value to be set before being applied. RemediationValueRequiredAnnotation = "compliance.openshift.io/value-required" // RemediationUnsetValueAnnotation specifies the unset value that's missing // for the remediation RemediationUnsetValueAnnotation = "compliance.openshift.io/unset-value" // RemediationValueUsedAnnotation specifies the values used for a remediation RemediationValueUsedAnnotation = "compliance.openshift.io/xccdf-value-used" // OCPVersionDependencyAnnotation specifies that the OCP cluster needs to fall // into a range in order to be applied OCPVersionDependencyAnnotation = "compliance.openshift.io/ocp-version" // K8SVersionDependencyAnnotation specifies that the k8s cluster needs to fall // into a range in order to be applied K8SVersionDependencyAnnotation = "compliance.openshift.io/k8s-version" )
const ( // ResultNot available represents the compliance scan not having finished yet ResultNotAvailable ComplianceScanStatusResult = "NOT-AVAILABLE" // ResultCompliant represents the compliance scan having succeeded ResultCompliant ComplianceScanStatusResult = "COMPLIANT" // ResultNotApplicable represents the compliance scan having no useful results after finished ResultNotApplicable ComplianceScanStatusResult = "NOT-APPLICABLE" // ResultError represents a compliance scan pod having failed to run the scan or encountered an error ResultError ComplianceScanStatusResult = "ERROR" // ResultNonCompliant represents the compliance scan having found a gap ResultNonCompliant ComplianceScanStatusResult = "NON-COMPLIANT" // ResultInconsistent represents checks differing across the machines ResultInconsistent ComplianceScanStatusResult = "INCONSISTENT" ScanTypeNode ComplianceScanType = "Node" ScanTypePlatform ComplianceScanType = "Platform" )
const ( CheckTypePlatform = "Platform" CheckTypeNode = "Node" CheckTypeNone = "" )
const ( VarTypeNumber = "number" VarTypeBool = "bool" VarTypeString = "string" )
const (
AllRoles = "@all"
)
const ApplyRemediationsAnnotation = "compliance.openshift.io/apply-remediations"
ApplyRemediationsAnnotation is an annotation that, when set on a ComplianceSuite will apply all the remediations that were generated. It will be removed once they've been applied.
const CmScanResultAnnotation = "compliance.openshift.io/scan-result"
CmScanResultAnnotation holds the processed scanner result
const CmScanResultErrMsg = "compliance.openshift.io/scan-error-msg"
CmScanResultErrMsg holds the processed scanner error message
const ComplianceCheckInconsistentLabel = "compliance.openshift.io/inconsistent-check"
ComplianceCheckInconsistentLabel signifies that the check's results were not consistent across the target nodes
const ComplianceCheckResultErrorAnnotation = "compliance.openshift.io/error-msg"
const ComplianceCheckResultHasRemediation = "compliance.openshift.io/automated-remediation"
ComplianceCheckResultLabel defines a label that will be included in the ComplianceCheckResult objects. It indicates whether the result has an automated remediation or not.
const ComplianceCheckResultInconsistentSourceAnnotation = "compliance.openshift.io/inconsistent-source"
ComplianceCheckResultInconsistentSourceAnnotation is only used with an Inconsistent check result It either lists statuses of nodes that differ from ComplianceCheckResultMostCommonAnnotation or, if the most common state does not exist, just lists all sources of all nodes.
const ComplianceCheckResultMostCommonAnnotation = "compliance.openshift.io/most-common-status"
ComplianceCheckResultMostCommonAnnotation stores the most common ComplianceCheckStatus value in an inconsistent check. In order for the result to be most common, at least 60% of the nodes must report the same result. The nodes that differ from the most common status are listed using ComplianceCheckResultInconsistentSourceAnnotation
const ComplianceCheckResultRuleAnnotation = "compliance.openshift.io/rule"
ComplianceCheckResultRuleAnnotation exposes the DNS-friendly name of a rule as a label. This provides a way to link a result to a Rule object.
const ComplianceCheckResultSeverityLabel = "compliance.openshift.io/check-severity"
const ComplianceCheckResultStatusLabel = "compliance.openshift.io/check-status"
ComplianceCheckResultLabel defines a label that will be included in the ComplianceCheckResult objects. It indicates the result in an easy-to-find way.
const ComplianceCheckResultValueLabel = "compliance.openshift.io/check-has-value"
const (
// The key of a ComplianceCheckResult that dependency annotations point to
ComplianceRemediationDependencyField = "id"
)
const ComplianceScanLabel = "compliance.openshift.io/scan-name"
ComplianceScanLabel serves as an indicator for which ComplianceScan owns the referenced object
const ComplianceScanRescanAnnotation = "compliance.openshift.io/rescan"
ComplianceScanRescanAnnotation indicates that a ComplianceScan should be re-run
const DefaultRawStorageSize = "1Gi"
DefaultRawStorageSize specifies the default storage size where the raw results will be stored at
const DefaultStorageRotation = 3
const ProductAnnotation = "compliance.openshift.io/product"
ProductAnnotation specifies the name of the platform this Profile or TailoredProfile is targetting. Example: ocp4, rhcos4, ...
const ProductTypeAnnotation = "compliance.openshift.io/product-type"
ProductTypeAnnotation specifies what kind of platform (node,platform) this Profile or a TailoredProfile targets
const ProfileBundleFinalizer = "profilebundle.finalizers.compliance.openshift.io"
ProfileBundleFinalizer is a finalizer for ProfileBundles. It gets automatically added by the ProfileBundle controller in order to delete resources.
const ProfileBundleOwnerLabel = "compliance.openshift.io/profile-bundle"
ProfileBundleOwnerLabel marks a profile or rule as owned by a profile bundle and helps users filter such objects
const ProfileImageDigestAnnotation = "compliance.openshift.io/image-digest"
ProfileImageDigestAnnotation is the parsed out digest of the content image
const RemoveOutdatedAnnotation = "compliance.openshift.io/remove-outdated"
RemoveOutdatedAnnotation is an annotation that, when set on a ComplianceSuite will automatically remove outdated remediations so the operator will apply only the up-to-date ones. It'll be removed once the outdated remediations have been removed.
const ResultLabel = "complianceoperator.openshift.io/scan-result"
ResultLabel defines that the object is a result of a scan
const RuleIDAnnotationKey = "compliance.openshift.io/rule"
RuleIDAnnotationKey exposes the DNS-friendly name of a rule as an annotation. This provides a way to link a result to a Rule object. TODO(jaosorior): Decide where this actually belongs... should it be here or in the compliance-operator?
const RuleVariableAnnotationKey = "compliance.openshift.io/rule-variable"
RuleVariableAnnotationKey store list of xccdf variables used to render the rule
const ScanFinalizer = "scan.finalizers.compliance.openshift.io"
ScanFinalizer is a finalizer for ComplianceScans. It gets automatically added by the ComplianceScan controller in order to delete resources.
const ScriptLabel = "complianceoperator.openshift.io/scan-script"
ScriptLabel defines that the object is a script for a scan object
const SuiteFinalizer = "suite.finalizers.compliance.openshift.io"
SuiteFinalizer is a finalizer for ComplianceSuites. It gets automatically added by the ComplianceSuite controller in order to delete resources.
const SuiteLabel = "compliance.openshift.io/suite"
SuiteLabel indicates that an object (normally the ComplianceScan or a ComplianceRemediation) belongs to a certain ComplianceSuite. This is an easy way to filter them.
const SuiteScriptLabel = "compliance.openshift.io/suite-script"
SuiteScriptLabel indicates that the object is a script belonging to the compliance suite controller
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: "compliance.openshift.io", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} )
var ErrUnkownScanType = errors.New("Unknown scan type")
var (
KubeDepsNotFound = errors.New("kubernetes dependency annotation not found")
)
Functions ¶
func AddRemediationAnnotation ¶
AddRemediationAnnotation annotates an object to say it was created by this operator
func RemediationWasCreatedByOperator ¶
AddRemediationAnnotation tells us if an object was created by this operator
Types ¶
type ComplianceCheckResult ¶
type ComplianceCheckResult struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // A unique identifier of a check ID string `json:"id"` // The result of a check Status ComplianceCheckStatus `json:"status"` // The severity of a check status Severity ComplianceCheckResultSeverity `json:"severity"` // A human-readable check description, what and why it does Description string `json:"description,omitempty"` // How to evaluate if the rule status manually. If no automatic test is present, the rule status will be MANUAL // and the administrator should follow these instructions. Instructions string `json:"instructions,omitempty"` // Any warnings that the user should be aware about. // +nullable Warnings []string `json:"warnings,omitempty"` // It stores a list of values used by the check ValuesUsed []string `json:"valuesUsed,omitempty"` }
ComplianceCheckResult represent a result of a single compliance "test" +kubebuilder:resource:path=compliancecheckresults,scope=Namespaced,shortName=ccr;checkresults;checkresult +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status` +kubebuilder:printcolumn:name="Severity",type="string",JSONPath=`.severity`
func (*ComplianceCheckResult) DeepCopy ¶
func (in *ComplianceCheckResult) DeepCopy() *ComplianceCheckResult
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceCheckResult.
func (*ComplianceCheckResult) DeepCopyInto ¶
func (in *ComplianceCheckResult) DeepCopyInto(out *ComplianceCheckResult)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceCheckResult) DeepCopyObject ¶
func (in *ComplianceCheckResult) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ComplianceCheckResultList ¶
type ComplianceCheckResultList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ComplianceCheckResult `json:"items"` }
ComplianceCheckResultList contains a list of ComplianceCheckResult
func (*ComplianceCheckResultList) DeepCopy ¶
func (in *ComplianceCheckResultList) DeepCopy() *ComplianceCheckResultList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceCheckResultList.
func (*ComplianceCheckResultList) DeepCopyInto ¶
func (in *ComplianceCheckResultList) DeepCopyInto(out *ComplianceCheckResultList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceCheckResultList) DeepCopyObject ¶
func (in *ComplianceCheckResultList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ComplianceCheckResultSeverity ¶
type ComplianceCheckResultSeverity string
const ( CheckResultSeverityUnknown ComplianceCheckResultSeverity = "unknown" CheckResultSeverityInfo ComplianceCheckResultSeverity = "info" CheckResultSeverityLow ComplianceCheckResultSeverity = "low" CheckResultSeverityMedium ComplianceCheckResultSeverity = "medium" CheckResultSeverityHigh ComplianceCheckResultSeverity = "high" )
type ComplianceCheckStatus ¶
type ComplianceCheckStatus string
const ( // The check ran to completion and passed CheckResultPass ComplianceCheckStatus = "PASS" // The check ran to completion and failed CheckResultFail ComplianceCheckStatus = "FAIL" // The check ran to completion and found something not severe enough to be considered error CheckResultInfo ComplianceCheckStatus = "INFO" // The check ran to completion and found something not severe enough to be considered error CheckResultManual ComplianceCheckStatus = "MANUAL" // The check ran, but could not complete properly CheckResultError ComplianceCheckStatus = "ERROR" // The check didn't run because it is not applicable or not selected CheckResultNotApplicable ComplianceCheckStatus = "NOT-APPLICABLE" // The check reports different results from different sources, typically cluster nodes CheckResultInconsistent ComplianceCheckStatus = "INCONSISTENT" // The check didn't yield a usable result CheckResultNoResult ComplianceCheckStatus = "" )
type ComplianceRemediation ¶
type ComplianceRemediation struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Contains the definition of what the remediation should be Spec ComplianceRemediationSpec `json:"spec,omitempty"` // Contains information on the remediation (whether it's applied or not) Status ComplianceRemediationStatus `json:"status,omitempty"` }
ComplianceRemediation represents a remediation that can be applied to the cluster to fix the found issues. +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=complianceremediations,scope=Namespaced,shortName=cr;remediations;remediation;rems +kubebuilder:printcolumn:name="State",type="string",JSONPath=`.status.applicationState`
func (*ComplianceRemediation) AddOwnershipLabels ¶
func (r *ComplianceRemediation) AddOwnershipLabels(obj metav1.Object)
AddOwnershipLabels labels an object to say it was created by this operator and is owned by a specific scan and suite
func (*ComplianceRemediation) DeepCopy ¶
func (in *ComplianceRemediation) DeepCopy() *ComplianceRemediation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediation.
func (*ComplianceRemediation) DeepCopyInto ¶
func (in *ComplianceRemediation) DeepCopyInto(out *ComplianceRemediation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceRemediation) DeepCopyObject ¶
func (in *ComplianceRemediation) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ComplianceRemediation) GetEnforcementType ¶
func (r *ComplianceRemediation) GetEnforcementType() string
func (*ComplianceRemediation) GetMcName ¶
func (r *ComplianceRemediation) GetMcName() string
func (*ComplianceRemediation) GetScan ¶
func (r *ComplianceRemediation) GetScan() string
func (*ComplianceRemediation) GetSuite ¶
func (r *ComplianceRemediation) GetSuite() string
func (*ComplianceRemediation) HasAnnotation ¶
func (r *ComplianceRemediation) HasAnnotation(ann string) bool
func (*ComplianceRemediation) HasLabel ¶
func (r *ComplianceRemediation) HasLabel(label string) bool
func (*ComplianceRemediation) HasUnmetDependencies ¶
func (r *ComplianceRemediation) HasUnmetDependencies() bool
func (*ComplianceRemediation) HasUnmetKubeDependencies ¶
func (r *ComplianceRemediation) HasUnmetKubeDependencies() bool
func (*ComplianceRemediation) IsApplied ¶
func (r *ComplianceRemediation) IsApplied() bool
IsApplied tells whether the ComplianceRemediation has been applied. Note that a Remediation is considered applied if the state of it is indeed applied, or if it has been requested to be applied but it has become outdated
func (*ComplianceRemediation) ParseRemediationDependencyRefs ¶
func (r *ComplianceRemediation) ParseRemediationDependencyRefs() ([]RemediationObjectDependencyReference, error)
func (*ComplianceRemediation) RemediationPayloadDiffers ¶
func (r *ComplianceRemediation) RemediationPayloadDiffers(other *ComplianceRemediation) bool
type ComplianceRemediationList ¶
type ComplianceRemediationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ComplianceRemediation `json:"items"` }
ComplianceRemediationList contains a list of ComplianceRemediation
func (*ComplianceRemediationList) DeepCopy ¶
func (in *ComplianceRemediationList) DeepCopy() *ComplianceRemediationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationList.
func (*ComplianceRemediationList) DeepCopyInto ¶
func (in *ComplianceRemediationList) DeepCopyInto(out *ComplianceRemediationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceRemediationList) DeepCopyObject ¶
func (in *ComplianceRemediationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ComplianceRemediationPayload ¶
type ComplianceRemediationPayload struct { // The remediation payload. This would normally be a full Kubernetes // object. // +kubebuilder:pruning:PreserveUnknownFields // +kubebuilder:validation:EmbeddedResource // +kubebuilder:validation:nullable Object *unstructured.Unstructured `json:"object,omitempty"` }
func (*ComplianceRemediationPayload) DeepCopy ¶
func (in *ComplianceRemediationPayload) DeepCopy() *ComplianceRemediationPayload
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationPayload.
func (*ComplianceRemediationPayload) DeepCopyInto ¶
func (in *ComplianceRemediationPayload) DeepCopyInto(out *ComplianceRemediationPayload)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceRemediationSpec ¶
type ComplianceRemediationSpec struct { ComplianceRemediationSpecMeta `json:",inline"` // Defines the remediation that is proposed by the scan. If there is no "outdated" // remediation in this object, the "current" remediation is what will be applied. Current ComplianceRemediationPayload `json:"current,omitempty"` // In case there was a previous remediation proposed by a previous scan, and that remediation // now differs, the old remediation will be kept in this "outdated" key. This requires admin // intervention to remove this outdated object and ensure the current is what's applied. Outdated ComplianceRemediationPayload `json:"outdated,omitempty"` }
ComplianceRemediationSpec defines the desired state of ComplianceRemediation +k8s:openapi-gen=true
func (*ComplianceRemediationSpec) DeepCopy ¶
func (in *ComplianceRemediationSpec) DeepCopy() *ComplianceRemediationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationSpec.
func (*ComplianceRemediationSpec) DeepCopyInto ¶
func (in *ComplianceRemediationSpec) DeepCopyInto(out *ComplianceRemediationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceRemediationSpecMeta ¶
type ComplianceRemediationSpecMeta struct { // Whether the remediation should be picked up and applied by the operator Apply bool `json:"apply"` // The type of remediation that this object applies. The available // types are: Configuration and Enforcement. Where the Configuration // type fixes a configuration to match a compliance expectation. // The Enforcement type, on the other hand, ensures that the cluster // stays in compliance via means of authorization. // +kubebuilder:default="Configuration" Type RemediationType `json:"type,omitempty"` }
func (*ComplianceRemediationSpecMeta) DeepCopy ¶
func (in *ComplianceRemediationSpecMeta) DeepCopy() *ComplianceRemediationSpecMeta
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationSpecMeta.
func (*ComplianceRemediationSpecMeta) DeepCopyInto ¶
func (in *ComplianceRemediationSpecMeta) DeepCopyInto(out *ComplianceRemediationSpecMeta)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceRemediationStatus ¶
type ComplianceRemediationStatus struct { // Whether the remediation is already applied or not // +kubebuilder:default="NotApplied" ApplicationState RemediationApplicationState `json:"applicationState,omitempty"` ErrorMessage string `json:"errorMessage,omitempty"` }
ComplianceRemediationStatus defines the observed state of ComplianceRemediation +k8s:openapi-gen=true
func (*ComplianceRemediationStatus) DeepCopy ¶
func (in *ComplianceRemediationStatus) DeepCopy() *ComplianceRemediationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationStatus.
func (*ComplianceRemediationStatus) DeepCopyInto ¶
func (in *ComplianceRemediationStatus) DeepCopyInto(out *ComplianceRemediationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceScan ¶
type ComplianceScan struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // The spec is the configuration for the compliance scan. Spec ComplianceScanSpec `json:"spec,omitempty"` // The status will give valuable information on what's going on with the // scan; and, more importantly, if the scan is successful (compliant) or // not (non-compliant) Status ComplianceScanStatus `json:"status,omitempty"` }
ComplianceScan represents a scan with a certain configuration that will be applied to objects of a certain entity in the host. These could be nodes that apply to a certain nodeSelector, or the cluster itself. +kubebuilder:subresource:status +kubebuilder:resource:path=compliancescans,scope=Namespaced,shortName=scans;scan +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=`.status.phase` +kubebuilder:printcolumn:name="Result",type="string",JSONPath=`.status.result`
func ComplianceScanFromWrapper ¶
func ComplianceScanFromWrapper(sw *ComplianceScanSpecWrapper) *ComplianceScan
ComplianceScanFromWrapper returns a ComplianceScan from the wrapper that's given to a ComplianceSuite. This will return all the values that are derivable from the wrapper in order to build a scan. Anything missing must be added separately.
func (*ComplianceScan) DeepCopy ¶
func (in *ComplianceScan) DeepCopy() *ComplianceScan
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScan.
func (*ComplianceScan) DeepCopyInto ¶
func (in *ComplianceScan) DeepCopyInto(out *ComplianceScan)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceScan) DeepCopyObject ¶
func (in *ComplianceScan) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ComplianceScan) GetScanType ¶
func (cs *ComplianceScan) GetScanType() ComplianceScanType
GetScanType get's the scan type for a scan
func (*ComplianceScan) GetScanTypeIfValid ¶
func (cs *ComplianceScan) GetScanTypeIfValid() (ComplianceScanType, error)
GetScanTypeIfValid returns scan type if the scan has a valid one, else it returns an error
func (*ComplianceScan) IsStrictNodeScan ¶
func (cs *ComplianceScan) IsStrictNodeScan() bool
GetScanType get's the scan type for a scan
func (*ComplianceScan) NeedsRescan ¶
func (cs *ComplianceScan) NeedsRescan() bool
NeedsRescan indicates whether a ComplianceScan needs to rescan or not
func (*ComplianceScan) RemediationEnforcementIsOff ¶
func (cs *ComplianceScan) RemediationEnforcementIsOff() bool
Returns whether remediation enforcement is off or not
func (*ComplianceScan) RemediationEnforcementTypeMatches ¶
func (cs *ComplianceScan) RemediationEnforcementTypeMatches(etype string) bool
Returns whether remediation enforcement is off or not
type ComplianceScanList ¶
type ComplianceScanList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ComplianceScan `json:"items"` }
ComplianceScanList contains a list of ComplianceScan
func (*ComplianceScanList) DeepCopy ¶
func (in *ComplianceScanList) DeepCopy() *ComplianceScanList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanList.
func (*ComplianceScanList) DeepCopyInto ¶
func (in *ComplianceScanList) DeepCopyInto(out *ComplianceScanList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceScanList) DeepCopyObject ¶
func (in *ComplianceScanList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ComplianceScanSettings ¶
type ComplianceScanSettings struct { // Enable debug logging of workloads and OpenSCAP Debug bool `json:"debug,omitempty"` // Specifies settings that pertain to raw result storage. RawResultStorage RawResultStorageSettings `json:"rawResultStorage,omitempty"` // Defines that no external resources in the Data Stream should be used. External // resources could be, for instance, CVE feeds. This is useful for disconnected // installations without access to a proxy. NoExternalResources bool `json:"noExternalResources,omitempty"` // It is recommended to set the proxy via the config.openshift.io/Proxy object // Defines a proxy for the scan to get external resources from. This is useful for // disconnected installations with access to a proxy. HTTPSProxy string `json:"httpsProxy,omitempty"` // Specifies tolerations needed for the scan to run on the nodes. This is useful // in case the target set of nodes have custom taints that don't allow certain // workloads to run. Defaults to allowing scheduling on all nodes. // +kubebuilder:default={{operator: "Exists"}} ScanTolerations []corev1.Toleration `json:"scanTolerations,omitempty"` // Defines whether the scan should proceed if we're not able to // scan all the nodes or not. `true` means that the operator // should be strict and error out. `false` means that we don't // need to be strict and we can proceed. // +kubebuilder:default=true StrictNodeScan *bool `json:"strictNodeScan,omitempty"` // Specifies what to do with remediations of Enforcement type. If left empty, // this defaults to "off" which doesn't create nor apply any enforcement remediations. // If set to "all" this creates any enforcement remediations it encounters. // Subsequently, this can also be set to a specific type. e.g. setting it to // "gatekeeper" will apply any enforcement remediations relevant to the // Gatekeeper OPA system. // These objects will annotated in the content itself with: // complianceascode.io/enforcement-type: <type> RemediationEnforcement string `json:"remediationEnforcement,omitempty"` // Determines whether to hide or show results that are not applicable. // +kubebuilder:default=false ShowNotApplicable bool `json:"showNotApplicable,omitempty"` // Defines the PriorityClass to use for launching scan related pods, // the Name of a desired PriorityClass should be set here, this is an // optional field, if PriorityClass is invalid or not found, it will be ignored. PriorityClass string `json:"priorityClass,omitempty"` // ScanLimits allows to set the resource limits that the scan pods are allowed to use. // By default, compliance operator will use sensible defaults (500Mi memory, 100m CPU // for the scanner container and 200Mi memory with 100m CPU for the api-resource-collector // container). ScanLimits map[corev1.ResourceName]resource.Quantity `json:"scanLimits,omitempty"` }
ComplianceScanSettings groups together settings of a ComplianceScan
func (*ComplianceScanSettings) DeepCopy ¶
func (in *ComplianceScanSettings) DeepCopy() *ComplianceScanSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSettings.
func (*ComplianceScanSettings) DeepCopyInto ¶
func (in *ComplianceScanSettings) DeepCopyInto(out *ComplianceScanSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceScanSpec ¶
type ComplianceScanSpec struct { // The type of Compliance scan. // +kubebuilder:default=Node ScanType ComplianceScanType `json:"scanType,omitempty"` // Is the image with the content (Data Stream), that will be used to run // OpenSCAP. ContentImage string `json:"contentImage,omitempty"` // Is the profile in the data stream to be used. This is the collection of // rules that will be checked for. Profile string `json:"profile,omitempty"` // A Rule can be specified if the scan should check only for a specific // rule. Note that when leaving this empty, the scan will check for all the // rules for a specific profile. Rule string `json:"rule,omitempty"` // Is the path to the file that contains the content (the data stream). // Note that the path needs to be relative to the `/` (root) directory, as // it is in the ContentImage Content string `json:"content,omitempty"` // By setting this, it's possible to only run the scan on certain nodes in // the cluster. Note that when applying remediations generated from the // scan, this should match the selector of the MachineConfigPool you want // to apply the remediations to. NodeSelector map[string]string `json:"nodeSelector,omitempty"` // Is a reference to a ConfigMap that contains the // tailoring file. It assumes a key called `tailoring.xml` which will // have the tailoring contents. TailoringConfigMap *TailoringConfigMapRef `json:"tailoringConfigMap,omitempty"` ComplianceScanSettings `json:",inline"` }
ComplianceScanSpec defines the desired state of ComplianceScan
func (*ComplianceScanSpec) DeepCopy ¶
func (in *ComplianceScanSpec) DeepCopy() *ComplianceScanSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSpec.
func (*ComplianceScanSpec) DeepCopyInto ¶
func (in *ComplianceScanSpec) DeepCopyInto(out *ComplianceScanSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceScanSpecWrapper ¶
type ComplianceScanSpecWrapper struct { ComplianceScanSpec `json:",inline"` // Contains a human readable name for the scan. This is to identify the // objects that it creates. Name string `json:"name,omitempty"` }
ComplianceScanSpecWrapper provides a ComplianceScanSpec and a Name +k8s:openapi-gen=true
func (*ComplianceScanSpecWrapper) DeepCopy ¶
func (in *ComplianceScanSpecWrapper) DeepCopy() *ComplianceScanSpecWrapper
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSpecWrapper.
func (*ComplianceScanSpecWrapper) DeepCopyInto ¶
func (in *ComplianceScanSpecWrapper) DeepCopyInto(out *ComplianceScanSpecWrapper)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceScanSpecWrapper) ScanSpecDiffers ¶
func (sw *ComplianceScanSpecWrapper) ScanSpecDiffers(other *ComplianceScan) bool
type ComplianceScanStatus ¶
type ComplianceScanStatus struct { // Is the phase where the scan is at. Normally, one must wait for the scan // to reach the phase DONE. Phase ComplianceScanStatusPhase `json:"phase,omitempty"` // Once the scan reaches the phase DONE, this will contain the result of // the scan. Where COMPLIANT means that the scan succeeded; NON-COMPLIANT // means that there were rule violations; and ERROR means that the scan // couldn't complete due to an issue. Result ComplianceScanStatusResult `json:"result,omitempty"` // If there are issues on the scan, this will be filled up with an error // message. ErrorMessage string `json:"errormsg,omitempty"` // Specifies the current index of the scan. Given multiple scans, this marks the // amount that have been executed. CurrentIndex int64 `json:"currentIndex,omitempty"` // Specifies the object that's storing the raw results for the scan. ResultsStorage StorageReference `json:"resultsStorage,omitempty"` // If there are warnings on the scan, this will be filled up with warning // messages. Warnings string `json:"warnings,omitempty"` // +optional Conditions Conditions `json:"conditions,omitempty"` }
ComplianceScanStatus defines the observed state of ComplianceScan
func (*ComplianceScanStatus) DeepCopy ¶
func (in *ComplianceScanStatus) DeepCopy() *ComplianceScanStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanStatus.
func (*ComplianceScanStatus) DeepCopyInto ¶
func (in *ComplianceScanStatus) DeepCopyInto(out *ComplianceScanStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceScanStatus) SetConditionInvalid ¶
func (s *ComplianceScanStatus) SetConditionInvalid()
func (*ComplianceScanStatus) SetConditionPending ¶
func (s *ComplianceScanStatus) SetConditionPending()
func (*ComplianceScanStatus) SetConditionReady ¶
func (s *ComplianceScanStatus) SetConditionReady()
func (*ComplianceScanStatus) SetConditionsProcessing ¶
func (s *ComplianceScanStatus) SetConditionsProcessing()
type ComplianceScanStatusPhase ¶
type ComplianceScanStatusPhase string
Represents the status of the compliance scan run.
const ( // PhasePending represents the scan pending to be scheduled PhasePending ComplianceScanStatusPhase = "PENDING" // PhaseLaunching represents being scheduled and launching pods to run the scans PhaseLaunching ComplianceScanStatusPhase = "LAUNCHING" // PhaseRunning represents the scan being ran by the pods and waiting for the results PhaseRunning ComplianceScanStatusPhase = "RUNNING" // PhaseAggregating represents the scan aggregating the results PhaseAggregating ComplianceScanStatusPhase = "AGGREGATING" // PhaseDone represents the scan pods being done and the results being available PhaseDone ComplianceScanStatusPhase = "DONE" )
type ComplianceScanStatusResult ¶
type ComplianceScanStatusResult string
Represents the result of the compliance scan
type ComplianceScanStatusWrapper ¶
type ComplianceScanStatusWrapper struct { ComplianceScanStatus `json:",inline"` // Contains a human readable name for the scan. This is to identify the // objects that it creates. Name string `json:"name,omitempty"` }
ComplianceScanStatusWrapper provides a ComplianceScanStatus and a Name +k8s:openapi-gen=true
func ScanStatusWrapperFromScan ¶
func ScanStatusWrapperFromScan(s *ComplianceScan) ComplianceScanStatusWrapper
ScanStatusWrapperFromScan returns a ComplianceScanStatusWrapper object (used by the ComplianceSuite object) in order to display the status of a scan
func (*ComplianceScanStatusWrapper) DeepCopy ¶
func (in *ComplianceScanStatusWrapper) DeepCopy() *ComplianceScanStatusWrapper
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanStatusWrapper.
func (*ComplianceScanStatusWrapper) DeepCopyInto ¶
func (in *ComplianceScanStatusWrapper) DeepCopyInto(out *ComplianceScanStatusWrapper)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceSuite ¶
type ComplianceSuite struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Contains the definition of the suite Spec ComplianceSuiteSpec `json:"spec,omitempty"` // Contains the current state of the suite Status ComplianceSuiteStatus `json:"status,omitempty"` }
ComplianceSuite represents a set of scans that will be applied to the cluster. These should help deployers achieve a certain compliance target. +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=compliancesuites,scope=Namespaced,shortName=suites;suite +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=`.status.phase` +kubebuilder:printcolumn:name="Result",type="string",JSONPath=`.status.result`
func (*ComplianceSuite) ApplyRemediationsAnnotationSet ¶
func (s *ComplianceSuite) ApplyRemediationsAnnotationSet() bool
func (*ComplianceSuite) DeepCopy ¶
func (in *ComplianceSuite) DeepCopy() *ComplianceSuite
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuite.
func (*ComplianceSuite) DeepCopyInto ¶
func (in *ComplianceSuite) DeepCopyInto(out *ComplianceSuite)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceSuite) DeepCopyObject ¶
func (in *ComplianceSuite) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ComplianceSuite) IsResultAvailable ¶
func (s *ComplianceSuite) IsResultAvailable() bool
func (*ComplianceSuite) LowestCommonResult ¶
func (s *ComplianceSuite) LowestCommonResult() ComplianceScanStatusResult
func (*ComplianceSuite) LowestCommonState ¶
func (s *ComplianceSuite) LowestCommonState() ComplianceScanStatusPhase
func (*ComplianceSuite) RemoveOutdatedAnnotationSet ¶
func (s *ComplianceSuite) RemoveOutdatedAnnotationSet() bool
func (*ComplianceSuite) ShouldApplyRemediations ¶
func (s *ComplianceSuite) ShouldApplyRemediations() bool
ShouldApplyRemediations returns whether the ComplianceSuite requires that the CoplianceRemediations that were generated from it be applied.
func (*ComplianceSuite) ShouldRemoveOutdated ¶
func (s *ComplianceSuite) ShouldRemoveOutdated() bool
type ComplianceSuiteList ¶
type ComplianceSuiteList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ComplianceSuite `json:"items"` }
ComplianceSuiteList contains a list of ComplianceSuite
func (*ComplianceSuiteList) DeepCopy ¶
func (in *ComplianceSuiteList) DeepCopy() *ComplianceSuiteList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteList.
func (*ComplianceSuiteList) DeepCopyInto ¶
func (in *ComplianceSuiteList) DeepCopyInto(out *ComplianceSuiteList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceSuiteList) DeepCopyObject ¶
func (in *ComplianceSuiteList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ComplianceSuiteSettings ¶
type ComplianceSuiteSettings struct { // Defines whether or not the remediations should be applied automatically AutoApplyRemediations bool `json:"autoApplyRemediations,omitempty"` // Defines whether or not the remediations should be updated automatically. // This is done by deleting the "outdated" object from the remediation. AutoUpdateRemediations bool `json:"autoUpdateRemediations,omitempty"` // Defines a schedule for the scans to run. This is in cronjob format. // Note the scan will still be triggered immediately, and the scheduled // scans will start running only after the initial results are ready. Schedule string `json:"schedule,omitempty"` }
ComplianceSuiteSettings groups together settings of a ComplianceSuite +k8s:openapi-gen=true
func (*ComplianceSuiteSettings) DeepCopy ¶
func (in *ComplianceSuiteSettings) DeepCopy() *ComplianceSuiteSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteSettings.
func (*ComplianceSuiteSettings) DeepCopyInto ¶
func (in *ComplianceSuiteSettings) DeepCopyInto(out *ComplianceSuiteSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceSuiteSpec ¶
type ComplianceSuiteSpec struct { ComplianceSuiteSettings `json:",inline"` // Contains a list of the scans to execute on the cluster // +listType=atomic Scans []ComplianceScanSpecWrapper `json:"scans"` }
ComplianceSuiteSpec defines the desired state of ComplianceSuite +k8s:openapi-gen=true
func (*ComplianceSuiteSpec) DeepCopy ¶
func (in *ComplianceSuiteSpec) DeepCopy() *ComplianceSuiteSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteSpec.
func (*ComplianceSuiteSpec) DeepCopyInto ¶
func (in *ComplianceSuiteSpec) DeepCopyInto(out *ComplianceSuiteSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceSuiteStatus ¶
type ComplianceSuiteStatus struct { // +listType=atomic ScanStatuses []ComplianceScanStatusWrapper `json:"scanStatuses,omitempty"` Phase ComplianceScanStatusPhase `json:"phase,omitempty"` Result ComplianceScanStatusResult `json:"result,omitempty"` ErrorMessage string `json:"errorMessage,omitempty"` // +optional Conditions Conditions `json:"conditions,omitempty"` }
ComplianceSuiteStatus defines the observed state of ComplianceSuite +k8s:openapi-gen=true
func (*ComplianceSuiteStatus) DeepCopy ¶
func (in *ComplianceSuiteStatus) DeepCopy() *ComplianceSuiteStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteStatus.
func (*ComplianceSuiteStatus) DeepCopyInto ¶
func (in *ComplianceSuiteStatus) DeepCopyInto(out *ComplianceSuiteStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceSuiteStatus) SetConditionInvalid ¶
func (s *ComplianceSuiteStatus) SetConditionInvalid()
func (*ComplianceSuiteStatus) SetConditionPending ¶
func (s *ComplianceSuiteStatus) SetConditionPending()
func (*ComplianceSuiteStatus) SetConditionReady ¶
func (s *ComplianceSuiteStatus) SetConditionReady()
func (*ComplianceSuiteStatus) SetConditionsProcessing ¶
func (s *ComplianceSuiteStatus) SetConditionsProcessing()
type Condition ¶
type Condition struct { Type ConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` Reason ConditionReason `json:"reason,omitempty"` Message string `json:"message,omitempty"` LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` }
Condition represents an observation of an object's state. Conditions are an extension mechanism intended to be used when the details of an observation are not a priori known or would not apply to all instances of a given Kind.
Conditions should be added to explicitly convey properties that users and components care about rather than requiring those properties to be inferred from other observations. Once defined, the meaning of a Condition can not be changed arbitrarily - it becomes part of the API, and has the same backwards- and forwards-compatibility concerns of any other part of the API.
func (*Condition) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
func (*Condition) DeepCopyInto ¶
DeepCopyInto copies in into out.
type ConditionReason ¶
type ConditionReason string
ConditionReason is intended to be a one-word, CamelCase representation of the category of cause of the current status. It is intended to be used in concise output, such as one-line kubectl get output, and in summarizing occurrences of causes.
type ConditionType ¶
type ConditionType string
ConditionType is the type of the condition and is typically a CamelCased word or short phrase.
Condition types should indicate state in the "abnormal-true" polarity. For example, if the condition indicates when a policy is invalid, the "is valid" case is probably the norm, so the condition should be called "Invalid".
type Conditions ¶
type Conditions []Condition
Conditions is a set of Condition instances.
func NewConditions ¶
func NewConditions(conds ...Condition) Conditions
NewConditions initializes a set of conditions with the given list of conditions.
func (Conditions) DeepCopy ¶
func (in Conditions) DeepCopy() Conditions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Conditions.
func (Conditions) DeepCopyInto ¶
func (in Conditions) DeepCopyInto(out *Conditions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (Conditions) GetCondition ¶
func (conditions Conditions) GetCondition(t ConditionType) *Condition
GetCondition searches the set of conditions for the condition with the given ConditionType and returns it. If the matching condition is not found, GetCondition returns nil.
func (Conditions) IsFalseFor ¶
func (conditions Conditions) IsFalseFor(t ConditionType) bool
IsFalseFor searches the set of conditions for a condition with the given ConditionType. If found, it returns `condition.IsFalse()`. If not found, it returns false.
func (Conditions) IsTrueFor ¶
func (conditions Conditions) IsTrueFor(t ConditionType) bool
IsTrueFor searches the set of conditions for a condition with the given ConditionType. If found, it returns `condition.IsTrue()`. If not found, it returns false.
func (Conditions) IsUnknownFor ¶
func (conditions Conditions) IsUnknownFor(t ConditionType) bool
IsUnknownFor searches the set of conditions for a condition with the given ConditionType. If found, it returns `condition.IsUnknown()`. If not found, it returns true.
func (Conditions) MarshalJSON ¶
func (conditions Conditions) MarshalJSON() ([]byte, error)
MarshalJSON marshals the set of conditions as a JSON array, sorted by condition type.
func (*Conditions) RemoveCondition ¶
func (conditions *Conditions) RemoveCondition(t ConditionType) bool
RemoveCondition removes the condition with the given ConditionType from the conditions set. If no condition with that type is found, RemoveCondition returns without performing any action. If the passed condition type is not found in the set of conditions, RemoveCondition returns false.
func (*Conditions) SetCondition ¶
func (conditions *Conditions) SetCondition(newCond Condition) bool
SetCondition adds (or updates) the set of conditions with the given condition. It returns a boolean value indicating whether the set condition is new or was a change to the existing condition with the same type.
func (*Conditions) SetConditionInvalid ¶
func (conditions *Conditions) SetConditionInvalid(what string)
func (*Conditions) SetConditionPending ¶
func (conditions *Conditions) SetConditionPending(what string)
func (*Conditions) SetConditionReady ¶
func (conditions *Conditions) SetConditionReady(what string)
func (*Conditions) SetConditionsProcessing ¶
func (conditions *Conditions) SetConditionsProcessing(what string)
type DataStreamStatusType ¶
type DataStreamStatusType string
DataStreamStatusType is the type for the data stream status
const ( // DataStreamPending represents the state where the data stream // hasn't been processed yet DataStreamPending DataStreamStatusType = "PENDING" // DataStreamValid represents the status for a valid data stream DataStreamValid DataStreamStatusType = "VALID" // DataStreamInvalid represents the status for an invalid data stream DataStreamInvalid DataStreamStatusType = "INVALID" )
type FixDefinition ¶
type FixDefinition struct { // The platform that the fix applies to Platform string `json:"platform,omitempty"` // An estimate of the potential disruption or operational // degradation that this fix will impose in the target system Disruption string `json:"disruption,omitempty"` // an object that should bring the rule into compliance // +kubebuilder:pruning:PreserveUnknownFields // +kubebuilder:validation:EmbeddedResource // +kubebuilder:validation:nullable FixObject *unstructured.Unstructured `json:"fixObject,omitempty"` }
FixDefinition Specifies a fix or remediation that applies to a rule
func (*FixDefinition) DeepCopy ¶
func (in *FixDefinition) DeepCopy() *FixDefinition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FixDefinition.
func (*FixDefinition) DeepCopyInto ¶
func (in *FixDefinition) DeepCopyInto(out *FixDefinition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NamedObjectReference ¶
type NamedObjectReference struct { Name string `json:"name,omitempty"` Kind string `json:"kind,omitempty"` APIGroup string `json:"apiGroup,omitempty"` }
func (*NamedObjectReference) DeepCopy ¶
func (in *NamedObjectReference) DeepCopy() *NamedObjectReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedObjectReference.
func (*NamedObjectReference) DeepCopyInto ¶
func (in *NamedObjectReference) DeepCopyInto(out *NamedObjectReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OutputRef ¶
OutputRef is a reference to the object created from the tailored profile
func (*OutputRef) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutputRef.
func (*OutputRef) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Profile ¶
type Profile struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` ProfilePayload `json:",inline"` }
Profile is the Schema for the profiles API +kubebuilder:resource:path=profiles,scope=Namespaced,shortName=profs;prof
func (*Profile) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Profile.
func (*Profile) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Profile) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProfileBundle ¶
type ProfileBundle struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ProfileBundleSpec `json:"spec,omitempty"` Status ProfileBundleStatus `json:"status,omitempty"` }
ProfileBundle is the Schema for the profilebundles API +kubebuilder:subresource:status +kubebuilder:resource:path=profilebundles,scope=Namespaced,shortName=pb +kubebuilder:printcolumn:name="ContentImage",type="string",JSONPath=`.spec.contentImage` +kubebuilder:printcolumn:name="ContentFile",type="string",JSONPath=`.spec.contentFile` +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status.dataStreamStatus`
func (*ProfileBundle) DeepCopy ¶
func (in *ProfileBundle) DeepCopy() *ProfileBundle
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundle.
func (*ProfileBundle) DeepCopyInto ¶
func (in *ProfileBundle) DeepCopyInto(out *ProfileBundle)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProfileBundle) DeepCopyObject ¶
func (in *ProfileBundle) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProfileBundleList ¶
type ProfileBundleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ProfileBundle `json:"items"` }
ProfileBundleList contains a list of ProfileBundle
func (*ProfileBundleList) DeepCopy ¶
func (in *ProfileBundleList) DeepCopy() *ProfileBundleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleList.
func (*ProfileBundleList) DeepCopyInto ¶
func (in *ProfileBundleList) DeepCopyInto(out *ProfileBundleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProfileBundleList) DeepCopyObject ¶
func (in *ProfileBundleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProfileBundleSpec ¶
type ProfileBundleSpec struct { // Is the path for the image that contains the content for this bundle. ContentImage string `json:"contentImage"` // Is the path for the file in the image that contains the content for this bundle. ContentFile string `json:"contentFile"` }
Defines the desired state of ProfileBundle
func (*ProfileBundleSpec) DeepCopy ¶
func (in *ProfileBundleSpec) DeepCopy() *ProfileBundleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleSpec.
func (*ProfileBundleSpec) DeepCopyInto ¶
func (in *ProfileBundleSpec) DeepCopyInto(out *ProfileBundleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProfileBundleStatus ¶
type ProfileBundleStatus struct { // Presents the current status for the datastream for this bundle // +kubebuilder:default=PENDING DataStreamStatus DataStreamStatusType `json:"dataStreamStatus,omitempty"` // If there's an error in the datastream, it'll be presented here ErrorMessage string `json:"errorMessage,omitempty"` // Defines the conditions for the ProfileBundle. Valid conditions are: // - Ready: Indicates if the ProfileBundle is Ready parsing or not. // +optional Conditions Conditions `json:"conditions,omitempty"` }
Defines the observed state of ProfileBundle
func (*ProfileBundleStatus) DeepCopy ¶
func (in *ProfileBundleStatus) DeepCopy() *ProfileBundleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleStatus.
func (*ProfileBundleStatus) DeepCopyInto ¶
func (in *ProfileBundleStatus) DeepCopyInto(out *ProfileBundleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProfileBundleStatus) SetConditionInvalid ¶
func (s *ProfileBundleStatus) SetConditionInvalid()
func (*ProfileBundleStatus) SetConditionPending ¶
func (s *ProfileBundleStatus) SetConditionPending()
func (*ProfileBundleStatus) SetConditionReady ¶
func (s *ProfileBundleStatus) SetConditionReady()
type ProfileList ¶
type ProfileList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Profile `json:"items"` }
ProfileList contains a list of Profile
func (*ProfileList) DeepCopy ¶
func (in *ProfileList) DeepCopy() *ProfileList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileList.
func (*ProfileList) DeepCopyInto ¶
func (in *ProfileList) DeepCopyInto(out *ProfileList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProfileList) DeepCopyObject ¶
func (in *ProfileList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProfilePayload ¶
type ProfilePayload struct { Title string `json:"title"` Description string `json:"description"` ID string `json:"id"` // +nullable // +optional // +listType=atomic Rules []ProfileRule `json:"rules,omitempty"` // +nullable // +optional // +listType=atomic Values []ProfileValue `json:"values,omitempty"` }
func (*ProfilePayload) DeepCopy ¶
func (in *ProfilePayload) DeepCopy() *ProfilePayload
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfilePayload.
func (*ProfilePayload) DeepCopyInto ¶
func (in *ProfilePayload) DeepCopyInto(out *ProfilePayload)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProfileRule ¶
type ProfileRule string
ProfileRule defines the name of a specific rule in the profile
func NewProfileRule ¶
func NewProfileRule(rule string) ProfileRule
NewProfileRule returns a new ProfileRule from the given rule string
type ProfileValue ¶
type ProfileValue string
ProfileValue defines a value for a setting in the profile
type RawResultStorageSettings ¶
type RawResultStorageSettings struct { // Specifies the amount of storage to ask for storing the raw results. Note that // if re-scans happen, the new results will also need to be stored. Defaults to 1Gi. // +kubebuilder:validation:Default=1Gi // +kubebuilder:default="1Gi" Size string `json:"size,omitempty"` // Specifies the amount of scans for which the raw results will be stored. // Older results will get rotated, and it's the responsibility of administrators // to store these results elsewhere before rotation happens. Note that a rotation // policy of '0' disables rotation entirely. Defaults to 3. // +kubebuilder:default=3 Rotation uint16 `json:"rotation,omitempty"` // Specifies the StorageClassName to use when creating the PersistentVolumeClaim // to hold the raw results. By default this is null, which will attempt to use the // default storage class configured in the cluster. If there is no default class specified // then this needs to be set. // +nullable StorageClassName *string `json:"storageClassName,omitempty"` // Specifies the access modes that the PersistentVolume will be created with. // The persistent volume will hold the raw results of the scan. // +kubebuilder:default={"ReadWriteOnce"} PVAccessModes []corev1.PersistentVolumeAccessMode `json:"pvAccessModes,omitempty"` // By setting this, it's possible to configure where the result server instances // are run. These instances will mount a Persistent Volume to store the raw // results, so special care should be taken to schedule these in trusted nodes. NodeSelector map[string]string `json:"nodeSelector,omitempty"` // Specifies tolerations needed for the result server to run on the nodes. This is useful // in case the target set of nodes have custom taints that don't allow certain // workloads to run. Defaults to allowing scheduling on master nodes. Tolerations []corev1.Toleration `json:"tolerations,omitempty"` }
When changing the defaults, remember to change also the DefaultRawStorageSize and DefaultStorageRotation constants
func (*RawResultStorageSettings) DeepCopy ¶
func (in *RawResultStorageSettings) DeepCopy() *RawResultStorageSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RawResultStorageSettings.
func (*RawResultStorageSettings) DeepCopyInto ¶
func (in *RawResultStorageSettings) DeepCopyInto(out *RawResultStorageSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RemediationApplicationState ¶
type RemediationApplicationState string
const ( RemediationPending RemediationApplicationState = "Pending" RemediationNotApplied RemediationApplicationState = "NotApplied" RemediationApplied RemediationApplicationState = "Applied" RemediationOutdated RemediationApplicationState = "Outdated" RemediationError RemediationApplicationState = "Error" RemediationMissingDependencies RemediationApplicationState = "MissingDependencies" RemediationNeedsReview RemediationApplicationState = "NeedsReview" )
type RemediationObjectDependencyReference ¶
type RemediationObjectDependencyReference struct { metav1.TypeMeta `json:",inline"` Name string `json:"name"` Namespace string `json:"namespace,omitempty"` }
func (*RemediationObjectDependencyReference) DeepCopy ¶
func (in *RemediationObjectDependencyReference) DeepCopy() *RemediationObjectDependencyReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemediationObjectDependencyReference.
func (*RemediationObjectDependencyReference) DeepCopyInto ¶
func (in *RemediationObjectDependencyReference) DeepCopyInto(out *RemediationObjectDependencyReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RemediationType ¶
type RemediationType string
+kubebuilder:validation:Enum=Configuration;Enforcement
const ( ConfigurationRemediation RemediationType = "Configuration" EnforcementRemediation RemediationType = "Enforcement" )
type Rule ¶
type Rule struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` RulePayload `json:",inline"` }
Rule is the Schema for the rules API +kubebuilder:resource:path=rules,scope=Namespaced
func (*Rule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
func (*Rule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Rule) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RuleList ¶
type RuleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Rule `json:"items"` }
RuleList contains a list of Rule
func (*RuleList) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleList.
func (*RuleList) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RuleList) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RulePayload ¶
type RulePayload struct { // The XCCDF ID ID string `json:"id"` // The title of the Rule Title string `json:"title"` // The description of the Rule Description string `json:"description,omitempty"` // The rationale of the Rule Rationale string `json:"rationale,omitempty"` // A discretionary warning about the of the Rule Warning string `json:"warning,omitempty"` // The severity level Severity string `json:"severity,omitempty"` // Instructions for auditing this specific rule Instructions string `json:"instructions,omitempty"` // What type of check will this rule execute: // Platform, Node or none (represented by an empty string) CheckType string `json:"checkType,omitempty"` // The Available fixes // +nullable // +optional // +listType=atomic AvailableFixes []FixDefinition `json:"availableFixes,omitempty"` }
func (*RulePayload) DeepCopy ¶
func (in *RulePayload) DeepCopy() *RulePayload
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulePayload.
func (*RulePayload) DeepCopyInto ¶
func (in *RulePayload) DeepCopyInto(out *RulePayload)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RuleReferenceSpec ¶
type RuleReferenceSpec struct { // Name of the rule that's being referenced Name string `json:"name"` // Rationale of why this rule is being selected/deselected Rationale string `json:"rationale"` }
RuleReferenceSpec specifies a rule to be selected/deselected, as well as the reason why
func (*RuleReferenceSpec) DeepCopy ¶
func (in *RuleReferenceSpec) DeepCopy() *RuleReferenceSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleReferenceSpec.
func (*RuleReferenceSpec) DeepCopyInto ¶
func (in *RuleReferenceSpec) DeepCopyInto(out *RuleReferenceSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ScanSetting ¶
type ScanSetting struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` ComplianceSuiteSettings `json:",inline"` ComplianceScanSettings `json:",inline"` // The list of roles to apply node-specific checks to. // // This will be translated to the standard Kubernetes // role label `node-role.kubernetes.io/<role name>`. // // It's also possible to specify `@all` as a role, which // will run a scan on all nodes by not specifying a node // selector as we normally do. The usage of `@all` in // OpenShift is discouraged as the operator won't // be able to apply remediations unless roles are specified. // // Note that tolerations must still be configured for // the opeartor to appropriately schedule scans. Roles []string `json:"roles,omitempty"` }
ScanSetting is the Schema for the scansettings API +kubebuilder:subresource:status +kubebuilder:resource:path=scansettings,scope=Namespaced,shortName=ss
func (*ScanSetting) DeepCopy ¶
func (in *ScanSetting) DeepCopy() *ScanSetting
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSetting.
func (*ScanSetting) DeepCopyInto ¶
func (in *ScanSetting) DeepCopyInto(out *ScanSetting)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ScanSetting) DeepCopyObject ¶
func (in *ScanSetting) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ScanSettingBinding ¶
type ScanSettingBinding struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ScanSettingBindingSpec `json:"spec,omitempty"` Profiles []NamedObjectReference `json:"profiles,omitempty"` SettingsRef *NamedObjectReference `json:"settingsRef,omitempty"` // +optional Status ScanSettingBindingStatus `json:"status,omitempty"` }
ScanSettingBinding is the Schema for the scansettingbindings API +kubebuilder:subresource:status +kubebuilder:resource:path=scansettingbindings,scope=Namespaced,shortName=ssb
func (*ScanSettingBinding) DeepCopy ¶
func (in *ScanSettingBinding) DeepCopy() *ScanSettingBinding
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBinding.
func (*ScanSettingBinding) DeepCopyInto ¶
func (in *ScanSettingBinding) DeepCopyInto(out *ScanSettingBinding)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ScanSettingBinding) DeepCopyObject ¶
func (in *ScanSettingBinding) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ScanSettingBindingList ¶
type ScanSettingBindingList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ScanSettingBinding `json:"items"` }
ScanSettingBindingList contains a list of ScanSettingBinding
func (*ScanSettingBindingList) DeepCopy ¶
func (in *ScanSettingBindingList) DeepCopy() *ScanSettingBindingList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingList.
func (*ScanSettingBindingList) DeepCopyInto ¶
func (in *ScanSettingBindingList) DeepCopyInto(out *ScanSettingBindingList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ScanSettingBindingList) DeepCopyObject ¶
func (in *ScanSettingBindingList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ScanSettingBindingSpec ¶
type ScanSettingBindingSpec struct{}
This is a dummy spec to accommodate https://github.com/operator-framework/operator-sdk/issues/5584
func (*ScanSettingBindingSpec) DeepCopy ¶
func (in *ScanSettingBindingSpec) DeepCopy() *ScanSettingBindingSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingSpec.
func (*ScanSettingBindingSpec) DeepCopyInto ¶
func (in *ScanSettingBindingSpec) DeepCopyInto(out *ScanSettingBindingSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ScanSettingBindingStatus ¶
type ScanSettingBindingStatus struct { // +optional Conditions Conditions `json:"conditions,omitempty"` // Reference to the object generated from this ScanSettingBinding // +optional // +nullable OutputRef *corev1.TypedLocalObjectReference `json:"outputRef,omitempty"` }
func (*ScanSettingBindingStatus) DeepCopy ¶
func (in *ScanSettingBindingStatus) DeepCopy() *ScanSettingBindingStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingStatus.
func (*ScanSettingBindingStatus) DeepCopyInto ¶
func (in *ScanSettingBindingStatus) DeepCopyInto(out *ScanSettingBindingStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ScanSettingBindingStatus) SetConditionInvalid ¶
func (s *ScanSettingBindingStatus) SetConditionInvalid(msg string)
func (*ScanSettingBindingStatus) SetConditionPending ¶
func (s *ScanSettingBindingStatus) SetConditionPending()
func (*ScanSettingBindingStatus) SetConditionReady ¶
func (s *ScanSettingBindingStatus) SetConditionReady()
type ScanSettingList ¶
type ScanSettingList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ScanSetting `json:"items"` }
ScanSettingList contains a list of ScanSetting
func (*ScanSettingList) DeepCopy ¶
func (in *ScanSettingList) DeepCopy() *ScanSettingList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingList.
func (*ScanSettingList) DeepCopyInto ¶
func (in *ScanSettingList) DeepCopyInto(out *ScanSettingList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ScanSettingList) DeepCopyObject ¶
func (in *ScanSettingList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type StorageReference ¶
type StorageReference struct { // Kind of the referent. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds // +optional Kind string `json:"kind,omitempty"` // Namespace of the referent. // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ // +optional Namespace string `json:"namespace,omitempty"` // Name of the referent. // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names // +optional Name string `json:"name,omitempty"` // API version of the referent. // +optional APIVersion string `json:"apiVersion,omitempty"` }
StorageReference stores a reference to where certain objects are being stored
func (*StorageReference) DeepCopy ¶
func (in *StorageReference) DeepCopy() *StorageReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageReference.
func (*StorageReference) DeepCopyInto ¶
func (in *StorageReference) DeepCopyInto(out *StorageReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TailoredProfile ¶
type TailoredProfile struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec TailoredProfileSpec `json:"spec,omitempty"` Status TailoredProfileStatus `json:"status,omitempty"` }
TailoredProfile is the Schema for the tailoredprofiles API +kubebuilder:subresource:status +kubebuilder:resource:path=tailoredprofiles,scope=Namespaced,shortName=tp;tprof +kubebuilder:printcolumn:name="State",type="string",JSONPath=`.status.state`,description="State of the tailored profile"
func (*TailoredProfile) DeepCopy ¶
func (in *TailoredProfile) DeepCopy() *TailoredProfile
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfile.
func (*TailoredProfile) DeepCopyInto ¶
func (in *TailoredProfile) DeepCopyInto(out *TailoredProfile)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TailoredProfile) DeepCopyObject ¶
func (in *TailoredProfile) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TailoredProfileList ¶
type TailoredProfileList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []TailoredProfile `json:"items"` }
TailoredProfileList contains a list of TailoredProfile
func (*TailoredProfileList) DeepCopy ¶
func (in *TailoredProfileList) DeepCopy() *TailoredProfileList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileList.
func (*TailoredProfileList) DeepCopyInto ¶
func (in *TailoredProfileList) DeepCopyInto(out *TailoredProfileList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TailoredProfileList) DeepCopyObject ¶
func (in *TailoredProfileList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TailoredProfileSpec ¶
type TailoredProfileSpec struct { // +optional // Points to the name of the profile to extend Extends string `json:"extends,omitempty"` // Title for the tailored profile. It can't be empty. // +kubebuilder:validation:Pattern=^.+$ Title string `json:"title"` // Description of tailored profile. It can't be empty. // +kubebuilder:validation:Pattern=^.+$ Description string `json:"description"` // Enables the referenced rules // +optional // +nullable EnableRules []RuleReferenceSpec `json:"enableRules,omitempty"` // Disables the referenced rules // +optional // +nullable DisableRules []RuleReferenceSpec `json:"disableRules,omitempty"` // Disables the automated check on referenced rules for manual check // +optional // +nullable ManualRules []RuleReferenceSpec `json:"manualRules,omitempty"` // Sets the referenced variables to selected values // +optional // +nullable SetValues []VariableValueSpec `json:"setValues,omitempty"` }
TailoredProfileSpec defines the desired state of TailoredProfile
func (*TailoredProfileSpec) DeepCopy ¶
func (in *TailoredProfileSpec) DeepCopy() *TailoredProfileSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileSpec.
func (*TailoredProfileSpec) DeepCopyInto ¶
func (in *TailoredProfileSpec) DeepCopyInto(out *TailoredProfileSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TailoredProfileState ¶
type TailoredProfileState string
TailoredProfileState defines the state fo the tailored profile
const ( // TailoredProfileStatePending is a state where a tailored profile is still pending to be processed TailoredProfileStatePending TailoredProfileState = "PENDING" // TailoredProfileStateReady is a state where a tailored profile is ready to be used TailoredProfileStateReady TailoredProfileState = "READY" // TailoredProfileStateError is a state where a tailored profile had an error while processing TailoredProfileStateError TailoredProfileState = "ERROR" )
type TailoredProfileStatus ¶
type TailoredProfileStatus struct { // The XCCDF ID of the tailored profile ID string `json:"id,omitempty"` // Points to the generated resource OutputRef OutputRef `json:"outputRef,omitempty"` // The current state of the tailored profile State TailoredProfileState `json:"state,omitempty"` ErrorMessage string `json:"errorMessage,omitempty"` }
TailoredProfileStatus defines the observed state of TailoredProfile
func (*TailoredProfileStatus) DeepCopy ¶
func (in *TailoredProfileStatus) DeepCopy() *TailoredProfileStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileStatus.
func (*TailoredProfileStatus) DeepCopyInto ¶
func (in *TailoredProfileStatus) DeepCopyInto(out *TailoredProfileStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TailoringConfigMapRef ¶
type TailoringConfigMapRef struct { // Name of the ConfigMap being referenced Name string `json:"name"` }
TailoringConfigMapRef is a reference to a ConfigMap that contains the tailoring file. It assumes a key called `tailoring.xml` which will have the tailoring contents.
func (*TailoringConfigMapRef) DeepCopy ¶
func (in *TailoringConfigMapRef) DeepCopy() *TailoringConfigMapRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoringConfigMapRef.
func (*TailoringConfigMapRef) DeepCopyInto ¶
func (in *TailoringConfigMapRef) DeepCopyInto(out *TailoringConfigMapRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ValueSelection ¶
type ValueSelection struct { // The string description of the selection Description string `json:"description,omitempty"` // The value of the variable Value string `json:"value,omitempty"` }
func (*ValueSelection) DeepCopy ¶
func (in *ValueSelection) DeepCopy() *ValueSelection
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueSelection.
func (*ValueSelection) DeepCopyInto ¶
func (in *ValueSelection) DeepCopyInto(out *ValueSelection)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Variable ¶
type Variable struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` VariablePayload `json:",inline"` }
Variable describes a tunable in the XCCDF profile +kubebuilder:resource:path=variables,scope=Namespaced,shortName=var
func (*Variable) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Variable.
func (*Variable) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Variable) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VariableList ¶
type VariableList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Variable `json:"items"` }
VariableList contains a list of Variable
func (*VariableList) DeepCopy ¶
func (in *VariableList) DeepCopy() *VariableList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariableList.
func (*VariableList) DeepCopyInto ¶
func (in *VariableList) DeepCopyInto(out *VariableList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VariableList) DeepCopyObject ¶
func (in *VariableList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VariablePayload ¶
type VariablePayload struct { // the ID of the variable ID string `json:"id"` // The title of the Variable Title string `json:"title"` // The description of the Variable Description string `json:"description,omitempty"` // The type of the variable Type VariableType `json:"type"` // The value of the variable Value string `json:"value,omitempty"` // Enumerates what values are allowed for this variable. Can be empty. // +optional // +nullable // +listType=atomic Selections []ValueSelection `json:"selections,omitempty"` }
func (*VariablePayload) DeepCopy ¶
func (in *VariablePayload) DeepCopy() *VariablePayload
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariablePayload.
func (*VariablePayload) DeepCopyInto ¶
func (in *VariablePayload) DeepCopyInto(out *VariablePayload)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VariableValueSpec ¶
type VariableValueSpec struct { // Name of the variable that's being referenced Name string `json:"name"` // Rationale of why this value is being tailored Rationale string `json:"rationale"` // Value of the variable being set Value string `json:"value"` }
ValueReferenceSpec specifies a value to be set for a variable with a reason why
func (*VariableValueSpec) DeepCopy ¶
func (in *VariableValueSpec) DeepCopy() *VariableValueSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariableValueSpec.
func (*VariableValueSpec) DeepCopyInto ¶
func (in *VariableValueSpec) DeepCopyInto(out *VariableValueSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files ¶
- compliancecheckresult_types.go
- complianceremediation_types.go
- compliancescan_types.go
- compliancesuite_types.go
- conditions.go
- doc.go
- profile_types.go
- profilebundle_types.go
- register.go
- rule_types.go
- scansetting_types.go
- scansettingbinding_types.go
- tailoredprofile_types.go
- variable_types.go
- zz_generated.deepcopy.go