v1alpha1

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 11, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

This is carried from github.com/operator-framework/operator-sdk/pkg/status

Package v1alpha1 contains API Schema definitions for the complianceoperator v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=compliance.openshift.io

Package v1alpha1 contains API Schema definitions for the complianceoperator v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=compliance.openshift.io

Index

Constants

View Source
const (
	RemediationEnforcementEmpty string = ""
	RemediationEnforcementOff   string = "off"
	RemediationEnforcementAll   string = "all"
)
View Source
const (
	// OutdatedRemediationLabel specifies that the remediation has been superseded by a newer version.
	OutdatedRemediationLabel = "complianceoperator.openshift.io/outdated-remediation"
	// RemediationHasUnmetDependenciesLabel specifies that a remediation has unmet dependencies
	// and thus cannot be applied.
	RemediationHasUnmetDependenciesLabel = "compliance.openshift.io/has-unmet-dependencies"
	// RemediationUnsetValueLabel specifies that a remediation requires a value
	// to be set.
	RemediationUnsetValueLabel = "compliance.openshift.io/has-unset-variable"
	// RemediationValueRequiredProcessedLabel specifies that a remediation's needed value
	// has been processed.
	RemediationValueRequiredProcessedLabel = "compliance.openshift.io/value-required-processed"
	// RemediationCreatedByOperatorAnnotation specifies that a remediation was
	// created by the Compliance Operator; this is used for the Compliance Operator to
	// know whether it can delete the object or not when un-applying a remediation.
	RemediationCreatedByOperatorAnnotation = "compliance.openshift.io/remediation"
	// RemediationNodeRoleAnnotation specifies that a remediation applies to a node role.
	RemediationNodeRoleAnnotation = "compliance.openshift.io/node-role"
	// RemediationDependencyAnnotation specifies that a remediation depends on
	// an XCCDF rule passing in order to be applied.
	RemediationDependencyAnnotation = "compliance.openshift.io/depends-on"
	// RemediationObjectDependencyAnnotation specifies that a remediation depends on
	// another Kubernetes object existing in order to be applied.
	RemediationObjectDependencyAnnotation = "compliance.openshift.io/depends-on-obj"
	// RemediationDependenciesMetAnnotation specifies that a remediation's dependencies
	// have been met.
	RemediationDependenciesMetAnnotation = "compliance.openshift.io/dependencies-met"
	// RemediationOptionalAnnotation specifies that a remediation is optional,
	// and thus failures applying it are to be ignored.
	RemediationOptionalAnnotation = "compliance.openshift.io/optional"
	// RemediationEnforcementTypeAnnotation specifies that a remediation is
	// of a certain policy enforcement type. This generally marks the engine
	// that the policy will be evaluated with. e.g. gatekeeper
	RemediationEnforcementTypeAnnotation = "compliance.openshift.io/enforcement-type"
	// RemediationValueRequiredAnnotation specifies that a remediation requires
	// a value to be set before being applied.
	RemediationValueRequiredAnnotation = "compliance.openshift.io/value-required"
	// RemediationUnsetValueAnnotation specifies the unset value that's missing
	// for the remediation
	RemediationUnsetValueAnnotation = "compliance.openshift.io/unset-value"
	// RemediationValueUsedAnnotation specifies the values used for a remediation
	RemediationValueUsedAnnotation = "compliance.openshift.io/xccdf-value-used"
	// OCPVersionDependencyAnnotation specifies that the OCP cluster needs to fall
	// into a range in order to be applied
	OCPVersionDependencyAnnotation = "compliance.openshift.io/ocp-version"
	// K8SVersionDependencyAnnotation specifies that the k8s cluster needs to fall
	// into a range in order to be applied
	K8SVersionDependencyAnnotation = "compliance.openshift.io/k8s-version"
)
View Source
const (
	// ResultNot available represents the compliance scan not having finished yet
	ResultNotAvailable ComplianceScanStatusResult = "NOT-AVAILABLE"
	// ResultCompliant represents the compliance scan having succeeded
	ResultCompliant ComplianceScanStatusResult = "COMPLIANT"
	// ResultNotApplicable represents the compliance scan having no useful results after finished
	ResultNotApplicable ComplianceScanStatusResult = "NOT-APPLICABLE"
	// ResultError represents a compliance scan pod having failed to run the scan or encountered an error
	ResultError ComplianceScanStatusResult = "ERROR"
	// ResultNonCompliant represents the compliance scan having found a gap
	ResultNonCompliant ComplianceScanStatusResult = "NON-COMPLIANT"
	// ResultInconsistent represents checks differing across the machines
	ResultInconsistent ComplianceScanStatusResult = "INCONSISTENT"
	ScanTypeNode       ComplianceScanType         = "Node"
	ScanTypePlatform   ComplianceScanType         = "Platform"
)
View Source
const (
	CheckTypePlatform = "Platform"
	CheckTypeNode     = "Node"
	CheckTypeNone     = ""
)
View Source
const (
	VarTypeNumber = "number"
	VarTypeBool   = "bool"
	VarTypeString = "string"
)
View Source
const (
	AllRoles = "@all"
)
View Source
const ApplyRemediationsAnnotation = "compliance.openshift.io/apply-remediations"

ApplyRemediationsAnnotation is an annotation that, when set on a ComplianceSuite will apply all the remediations that were generated. It will be removed once they've been applied.

View Source
const CmScanResultAnnotation = "compliance.openshift.io/scan-result"

CmScanResultAnnotation holds the processed scanner result

View Source
const CmScanResultErrMsg = "compliance.openshift.io/scan-error-msg"

CmScanResultErrMsg holds the processed scanner error message

View Source
const ComplianceCheckInconsistentLabel = "compliance.openshift.io/inconsistent-check"

ComplianceCheckInconsistentLabel signifies that the check's results were not consistent across the target nodes

View Source
const ComplianceCheckResultErrorAnnotation = "compliance.openshift.io/error-msg"
View Source
const ComplianceCheckResultHasRemediation = "compliance.openshift.io/automated-remediation"

ComplianceCheckResultLabel defines a label that will be included in the ComplianceCheckResult objects. It indicates whether the result has an automated remediation or not.

View Source
const ComplianceCheckResultInconsistentSourceAnnotation = "compliance.openshift.io/inconsistent-source"

ComplianceCheckResultInconsistentSourceAnnotation is only used with an Inconsistent check result It either lists statuses of nodes that differ from ComplianceCheckResultMostCommonAnnotation or, if the most common state does not exist, just lists all sources of all nodes.

View Source
const ComplianceCheckResultMostCommonAnnotation = "compliance.openshift.io/most-common-status"

ComplianceCheckResultMostCommonAnnotation stores the most common ComplianceCheckStatus value in an inconsistent check. In order for the result to be most common, at least 60% of the nodes must report the same result. The nodes that differ from the most common status are listed using ComplianceCheckResultInconsistentSourceAnnotation

View Source
const ComplianceCheckResultRuleAnnotation = "compliance.openshift.io/rule"

ComplianceCheckResultRuleAnnotation exposes the DNS-friendly name of a rule as a label. This provides a way to link a result to a Rule object.

View Source
const ComplianceCheckResultSeverityLabel = "compliance.openshift.io/check-severity"
View Source
const ComplianceCheckResultStatusLabel = "compliance.openshift.io/check-status"

ComplianceCheckResultLabel defines a label that will be included in the ComplianceCheckResult objects. It indicates the result in an easy-to-find way.

View Source
const ComplianceCheckResultValueLabel = "compliance.openshift.io/check-has-value"
View Source
const (
	// The key of a ComplianceCheckResult that dependency annotations point to
	ComplianceRemediationDependencyField = "id"
)
View Source
const ComplianceScanLabel = "compliance.openshift.io/scan-name"

ComplianceScanLabel serves as an indicator for which ComplianceScan owns the referenced object

View Source
const ComplianceScanRescanAnnotation = "compliance.openshift.io/rescan"

ComplianceScanRescanAnnotation indicates that a ComplianceScan should be re-run

View Source
const ComplianceScanTimeoutAnnotation = "compliance.openshift.io/timeout"

ComplianceScanTimeoutAnnotation indicates that a ComplianceScan got a timeout, we will put the timeout node name in the annotation if the scan is a node scan. If it's a platform scan, we will put "api-checks" in the annotation.

View Source
const DefaultRawStorageSize = "1Gi"

DefaultRawStorageSize specifies the default storage size where the raw results will be stored at

View Source
const DefaultStorageRotation = 3
View Source
const ProductAnnotation = "compliance.openshift.io/product"

ProductAnnotation specifies the name of the platform this Profile or TailoredProfile is targetting. Example: ocp4, rhcos4, ...

View Source
const ProductTypeAnnotation = "compliance.openshift.io/product-type"

ProductTypeAnnotation specifies what kind of platform (node,platform) this Profile or a TailoredProfile targets

View Source
const ProfileBundleFinalizer = "profilebundle.finalizers.compliance.openshift.io"

ProfileBundleFinalizer is a finalizer for ProfileBundles. It gets automatically added by the ProfileBundle controller in order to delete resources.

View Source
const ProfileBundleOwnerLabel = "compliance.openshift.io/profile-bundle"

ProfileBundleOwnerLabel marks a profile or rule as owned by a profile bundle and helps users filter such objects

View Source
const ProfileImageDigestAnnotation = "compliance.openshift.io/image-digest"

ProfileImageDigestAnnotation is the parsed out digest of the content image

View Source
const RemoveOutdatedAnnotation = "compliance.openshift.io/remove-outdated"

RemoveOutdatedAnnotation is an annotation that, when set on a ComplianceSuite will automatically remove outdated remediations so the operator will apply only the up-to-date ones. It'll be removed once the outdated remediations have been removed.

View Source
const ResultLabel = "complianceoperator.openshift.io/scan-result"

ResultLabel defines that the object is a result of a scan

View Source
const RuleHideTagAnnotationKey = "compliance.openshift.io/hide-tag"

RuleHideTagAnnotationKey is the annotation used to mark a rule to be hidden from the ComplianceCheckResult

View Source
const RuleIDAnnotationKey = "compliance.openshift.io/rule"

RuleIDAnnotationKey exposes the DNS-friendly name of a rule as an annotation. This provides a way to link a result to a Rule object. TODO(jaosorior): Decide where this actually belongs... should it be here or in the compliance-operator?

View Source
const RuleVariableAnnotationKey = "compliance.openshift.io/rule-variable"

RuleVariableAnnotationKey store list of xccdf variables used to render the rule

View Source
const ScanFinalizer = "scan.finalizers.compliance.openshift.io"

ScanFinalizer is a finalizer for ComplianceScans. It gets automatically added by the ComplianceScan controller in order to delete resources.

View Source
const ScriptLabel = "complianceoperator.openshift.io/scan-script"

ScriptLabel defines that the object is a script for a scan object

View Source
const SuiteFinalizer = "suite.finalizers.compliance.openshift.io"

SuiteFinalizer is a finalizer for ComplianceSuites. It gets automatically added by the ComplianceSuite controller in order to delete resources.

View Source
const SuiteLabel = "compliance.openshift.io/suite"

SuiteLabel indicates that an object (normally the ComplianceScan or a ComplianceRemediation) belongs to a certain ComplianceSuite. This is an easy way to filter them.

View Source
const SuiteScriptLabel = "compliance.openshift.io/suite-script"

SuiteScriptLabel indicates that the object is a script belonging to the compliance suite controller

Variables

View Source
var (
	// SchemeGroupVersion is group version used to register these objects
	SchemeGroupVersion = schema.GroupVersion{Group: "compliance.openshift.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
)
View Source
var ErrUnkownScanType = errors.New("Unknown scan type")
View Source
var (
	KubeDepsNotFound = errors.New("kubernetes dependency annotation not found")
)

Functions

func AddRemediationAnnotation

func AddRemediationAnnotation(obj metav1.Object)

AddRemediationAnnotation annotates an object to say it was created by this operator

func RemediationWasCreatedByOperator

func RemediationWasCreatedByOperator(obj metav1.Object) bool

AddRemediationAnnotation tells us if an object was created by this operator

Types

type ComplianceCheckResult

type ComplianceCheckResult struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// A unique identifier of a check
	ID string `json:"id"`
	// The result of a check
	Status ComplianceCheckStatus `json:"status"`
	// The severity of a check status
	Severity ComplianceCheckResultSeverity `json:"severity"`
	// A human-readable check description, what and why it does
	Description string `json:"description,omitempty"`
	// The rationale of the Rule
	Rationale string `json:"rationale,omitempty"`
	// How to evaluate if the rule status manually. If no automatic test is present, the rule status will be MANUAL
	// and the administrator should follow these instructions.
	Instructions string `json:"instructions,omitempty"`
	// Any warnings that the user should be aware about.
	// +nullable
	Warnings []string `json:"warnings,omitempty"`
	// It stores a list of values used by the check
	ValuesUsed []string `json:"valuesUsed,omitempty"`
}

ComplianceCheckResult represent a result of a single compliance "test" +kubebuilder:resource:path=compliancecheckresults,scope=Namespaced,shortName=ccr;checkresults;checkresult +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status` +kubebuilder:printcolumn:name="Severity",type="string",JSONPath=`.severity`

func (*ComplianceCheckResult) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceCheckResult.

func (*ComplianceCheckResult) DeepCopyInto

func (in *ComplianceCheckResult) DeepCopyInto(out *ComplianceCheckResult)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceCheckResult) DeepCopyObject

func (in *ComplianceCheckResult) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceCheckResultList

type ComplianceCheckResultList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ComplianceCheckResult `json:"items"`
}

ComplianceCheckResultList contains a list of ComplianceCheckResult

func (*ComplianceCheckResultList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceCheckResultList.

func (*ComplianceCheckResultList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceCheckResultList) DeepCopyObject

func (in *ComplianceCheckResultList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceCheckResultSeverity

type ComplianceCheckResultSeverity string
const (
	CheckResultSeverityUnknown ComplianceCheckResultSeverity = "unknown"
	CheckResultSeverityInfo    ComplianceCheckResultSeverity = "info"
	CheckResultSeverityLow     ComplianceCheckResultSeverity = "low"
	CheckResultSeverityMedium  ComplianceCheckResultSeverity = "medium"
	CheckResultSeverityHigh    ComplianceCheckResultSeverity = "high"
)

type ComplianceCheckStatus

type ComplianceCheckStatus string
const (
	// The check ran to completion and passed
	CheckResultPass ComplianceCheckStatus = "PASS"
	// The check ran to completion and failed
	CheckResultFail ComplianceCheckStatus = "FAIL"
	// The check ran to completion and found something not severe enough to be considered error
	CheckResultInfo ComplianceCheckStatus = "INFO"
	// The check ran to completion and found something not severe enough to be considered error
	CheckResultManual ComplianceCheckStatus = "MANUAL"
	// The check ran, but could not complete properly
	CheckResultError ComplianceCheckStatus = "ERROR"
	// The check didn't run because it is not applicable or not selected
	CheckResultNotApplicable ComplianceCheckStatus = "NOT-APPLICABLE"
	// The check reports different results from different sources, typically cluster nodes
	CheckResultInconsistent ComplianceCheckStatus = "INCONSISTENT"
	// The check didn't yield a usable result
	CheckResultNoResult ComplianceCheckStatus = ""
)

type ComplianceRemediation

type ComplianceRemediation struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Contains the definition of what the remediation should be
	Spec ComplianceRemediationSpec `json:"spec,omitempty"`
	// Contains information on the remediation (whether it's applied or not)
	Status ComplianceRemediationStatus `json:"status,omitempty"`
}

ComplianceRemediation represents a remediation that can be applied to the cluster to fix the found issues. +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=complianceremediations,scope=Namespaced,shortName=cr;remediations;remediation;rems +kubebuilder:printcolumn:name="State",type="string",JSONPath=`.status.applicationState`

func (*ComplianceRemediation) AddOwnershipLabels

func (r *ComplianceRemediation) AddOwnershipLabels(obj metav1.Object)

AddOwnershipLabels labels an object to say it was created by this operator and is owned by a specific scan and suite

func (*ComplianceRemediation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediation.

func (*ComplianceRemediation) DeepCopyInto

func (in *ComplianceRemediation) DeepCopyInto(out *ComplianceRemediation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceRemediation) DeepCopyObject

func (in *ComplianceRemediation) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ComplianceRemediation) GetEnforcementType

func (r *ComplianceRemediation) GetEnforcementType() string

func (*ComplianceRemediation) GetMcName

func (r *ComplianceRemediation) GetMcName() string

func (*ComplianceRemediation) GetScan

func (r *ComplianceRemediation) GetScan() string

func (*ComplianceRemediation) GetSuite

func (r *ComplianceRemediation) GetSuite() string

func (*ComplianceRemediation) HasAnnotation

func (r *ComplianceRemediation) HasAnnotation(ann string) bool

func (*ComplianceRemediation) HasLabel

func (r *ComplianceRemediation) HasLabel(label string) bool

func (*ComplianceRemediation) HasUnmetDependencies

func (r *ComplianceRemediation) HasUnmetDependencies() bool

func (*ComplianceRemediation) HasUnmetKubeDependencies

func (r *ComplianceRemediation) HasUnmetKubeDependencies() bool

func (*ComplianceRemediation) IsApplied

func (r *ComplianceRemediation) IsApplied() bool

IsApplied tells whether the ComplianceRemediation has been applied. Note that a Remediation is considered applied if the state of it is indeed applied, or if it has been requested to be applied but it has become outdated

func (*ComplianceRemediation) ParseRemediationDependencyRefs

func (r *ComplianceRemediation) ParseRemediationDependencyRefs() ([]RemediationObjectDependencyReference, error)

func (*ComplianceRemediation) RemediationPayloadDiffers

func (r *ComplianceRemediation) RemediationPayloadDiffers(other *ComplianceRemediation) bool

type ComplianceRemediationList

type ComplianceRemediationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ComplianceRemediation `json:"items"`
}

ComplianceRemediationList contains a list of ComplianceRemediation

func (*ComplianceRemediationList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationList.

func (*ComplianceRemediationList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceRemediationList) DeepCopyObject

func (in *ComplianceRemediationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceRemediationPayload

type ComplianceRemediationPayload struct {
	// The remediation payload. This would normally be a full Kubernetes
	// object.
	// +kubebuilder:pruning:PreserveUnknownFields
	// +kubebuilder:validation:EmbeddedResource
	// +kubebuilder:validation:nullable
	Object *unstructured.Unstructured `json:"object,omitempty"`
}

func (*ComplianceRemediationPayload) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationPayload.

func (*ComplianceRemediationPayload) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceRemediationSpec

type ComplianceRemediationSpec struct {
	ComplianceRemediationSpecMeta `json:",inline"`
	// Defines the remediation that is proposed by the scan. If there is no "outdated"
	// remediation in this object, the "current" remediation is what will be applied.
	Current ComplianceRemediationPayload `json:"current,omitempty"`
	// In case there was a previous remediation proposed by a previous scan, and that remediation
	// now differs, the old remediation will be kept in this "outdated" key. This requires admin
	// intervention to remove this outdated object and ensure the current is what's applied.
	Outdated ComplianceRemediationPayload `json:"outdated,omitempty"`
}

ComplianceRemediationSpec defines the desired state of ComplianceRemediation +k8s:openapi-gen=true

func (*ComplianceRemediationSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationSpec.

func (*ComplianceRemediationSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceRemediationSpecMeta

type ComplianceRemediationSpecMeta struct {
	// Whether the remediation should be picked up and applied by the operator
	Apply bool `json:"apply"`
	// The type of remediation that this object applies. The available
	// types are: Configuration and Enforcement. Where the Configuration
	// type fixes a configuration to match a compliance expectation.
	// The Enforcement type, on the other hand, ensures that the cluster
	// stays in compliance via means of authorization.
	// +kubebuilder:default="Configuration"
	Type RemediationType `json:"type,omitempty"`
}

func (*ComplianceRemediationSpecMeta) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationSpecMeta.

func (*ComplianceRemediationSpecMeta) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceRemediationStatus

type ComplianceRemediationStatus struct {
	// Whether the remediation is already applied or not
	// +kubebuilder:default="NotApplied"
	ApplicationState RemediationApplicationState `json:"applicationState,omitempty"`
	ErrorMessage     string                      `json:"errorMessage,omitempty"`
}

ComplianceRemediationStatus defines the observed state of ComplianceRemediation +k8s:openapi-gen=true

func (*ComplianceRemediationStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationStatus.

func (*ComplianceRemediationStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScan

type ComplianceScan struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// The spec is the configuration for the compliance scan.
	Spec ComplianceScanSpec `json:"spec,omitempty"`
	// The status will give valuable information on what's going on with the
	// scan; and, more importantly, if the scan is successful (compliant) or
	// not (non-compliant)
	Status ComplianceScanStatus `json:"status,omitempty"`
}

ComplianceScan represents a scan with a certain configuration that will be applied to objects of a certain entity in the host. These could be nodes that apply to a certain nodeSelector, or the cluster itself. +kubebuilder:subresource:status +kubebuilder:resource:path=compliancescans,scope=Namespaced,shortName=scans;scan +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=`.status.phase` +kubebuilder:printcolumn:name="Result",type="string",JSONPath=`.status.result`

func ComplianceScanFromWrapper

func ComplianceScanFromWrapper(sw *ComplianceScanSpecWrapper) *ComplianceScan

ComplianceScanFromWrapper returns a ComplianceScan from the wrapper that's given to a ComplianceSuite. This will return all the values that are derivable from the wrapper in order to build a scan. Anything missing must be added separately.

func (*ComplianceScan) DeepCopy

func (in *ComplianceScan) DeepCopy() *ComplianceScan

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScan.

func (*ComplianceScan) DeepCopyInto

func (in *ComplianceScan) DeepCopyInto(out *ComplianceScan)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceScan) DeepCopyObject

func (in *ComplianceScan) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ComplianceScan) GetScanType

func (cs *ComplianceScan) GetScanType() ComplianceScanType

GetScanType get's the scan type for a scan

func (*ComplianceScan) GetScanTypeIfValid

func (cs *ComplianceScan) GetScanTypeIfValid() (ComplianceScanType, error)

GetScanTypeIfValid returns scan type if the scan has a valid one, else it returns an error

func (*ComplianceScan) IsStrictNodeScan

func (cs *ComplianceScan) IsStrictNodeScan() bool

GetScanType get's the scan type for a scan

func (*ComplianceScan) NeedsRescan

func (cs *ComplianceScan) NeedsRescan() bool

NeedsRescan indicates whether a ComplianceScan needs to rescan or not

func (*ComplianceScan) NeedsTimeoutRescan added in v0.1.60

func (cs *ComplianceScan) NeedsTimeoutRescan() bool

NeedsTimeoutRescan indicates whether a ComplianceScan needs to rescan due to timeout

func (*ComplianceScan) RemediationEnforcementIsOff

func (cs *ComplianceScan) RemediationEnforcementIsOff() bool

Returns whether remediation enforcement is off or not

func (*ComplianceScan) RemediationEnforcementTypeMatches

func (cs *ComplianceScan) RemediationEnforcementTypeMatches(etype string) bool

Returns whether remediation enforcement is off or not

type ComplianceScanList

type ComplianceScanList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ComplianceScan `json:"items"`
}

ComplianceScanList contains a list of ComplianceScan

func (*ComplianceScanList) DeepCopy

func (in *ComplianceScanList) DeepCopy() *ComplianceScanList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanList.

func (*ComplianceScanList) DeepCopyInto

func (in *ComplianceScanList) DeepCopyInto(out *ComplianceScanList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceScanList) DeepCopyObject

func (in *ComplianceScanList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceScanSettings

type ComplianceScanSettings struct {
	// Enable debug logging of workloads and OpenSCAP
	Debug bool `json:"debug,omitempty"`
	// Specifies settings that pertain to raw result storage.
	RawResultStorage RawResultStorageSettings `json:"rawResultStorage,omitempty"`
	// Defines that no external resources in the Data Stream should be used. External
	// resources could be, for instance, CVE feeds. This is useful for disconnected
	// installations without access to a proxy.
	NoExternalResources bool `json:"noExternalResources,omitempty"`
	// It is recommended to set the proxy via the config.openshift.io/Proxy object
	// Defines a proxy for the scan to get external resources from. This is useful for
	// disconnected installations with access to a proxy.
	HTTPSProxy string `json:"httpsProxy,omitempty"`
	// Specifies tolerations needed for the scan to run on the nodes. This is useful
	// in case the target set of nodes have custom taints that don't allow certain
	// workloads to run. Defaults to allowing scheduling on all nodes.
	// +kubebuilder:default={{operator: "Exists"}}
	ScanTolerations []corev1.Toleration `json:"scanTolerations,omitempty"`

	// Defines whether the scan should proceed if we're not able to
	// scan all the nodes or not. `true` means that the operator
	// should be strict and error out. `false` means that we don't
	// need to be strict and we can proceed.
	// +kubebuilder:default=true
	StrictNodeScan *bool `json:"strictNodeScan,omitempty"`

	// Specifies what to do with remediations of Enforcement type. If left empty,
	// this defaults to "off" which doesn't create nor apply any enforcement remediations.
	// If set to "all" this creates any enforcement remediations it encounters.
	// Subsequently, this can also be set to a specific type. e.g. setting it to
	// "gatekeeper" will apply any enforcement remediations relevant to the
	// Gatekeeper OPA system.
	// These objects will annotated in the content itself with:
	//     complianceascode.io/enforcement-type: <type>
	RemediationEnforcement string `json:"remediationEnforcement,omitempty"`

	// Determines whether to hide or show results that are not applicable.
	// +kubebuilder:default=false
	ShowNotApplicable bool `json:"showNotApplicable,omitempty"`

	// Defines the PriorityClass to use for launching scan related pods,
	// the Name of a desired PriorityClass should be set here, this is an
	// optional field, if PriorityClass is invalid or not found, it will be ignored.
	PriorityClass string `json:"priorityClass,omitempty"`

	// ScanLimits allows to set the resource limits that the scan pods are allowed to use.
	// By default, compliance operator will use sensible defaults (500Mi memory, 100m CPU
	// for the scanner container and 200Mi memory with 100m CPU for the api-resource-collector
	// container).
	ScanLimits map[corev1.ResourceName]resource.Quantity `json:"scanLimits,omitempty"`

	// Timeout is the maximum amount of time the scan can run. If the scan
	// hasn't finished by then, it will be aborted.
	// +kubebuilder:default="30m"
	Timeout string `json:"timeout,omitempty"`

	// MaxRetryOnTimeout is the maximum number of times the scan will be retried if it times out.
	// +kubebuilder:default=3
	MaxRetryOnTimeout int `json:"maxRetryOnTimeout,omitempty"`
}

ComplianceScanSettings groups together settings of a ComplianceScan

func (*ComplianceScanSettings) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSettings.

func (*ComplianceScanSettings) DeepCopyInto

func (in *ComplianceScanSettings) DeepCopyInto(out *ComplianceScanSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScanSpec

type ComplianceScanSpec struct {
	// The type of Compliance scan.
	// +kubebuilder:default=Node
	ScanType ComplianceScanType `json:"scanType,omitempty"`
	// Is the image with the content (Data Stream), that will be used to run
	// OpenSCAP.
	ContentImage string `json:"contentImage,omitempty"`
	// Is the profile in the data stream to be used. This is the collection of
	// rules that will be checked for.
	Profile string `json:"profile,omitempty"`
	// A Rule can be specified if the scan should check only for a specific
	// rule. Note that when leaving this empty, the scan will check for all the
	// rules for a specific profile.
	Rule string `json:"rule,omitempty"`
	// Is the path to the file that contains the content (the data stream).
	// Note that the path needs to be relative to the `/` (root) directory, as
	// it is in the ContentImage
	Content string `json:"content,omitempty"`
	// By setting this, it's possible to only run the scan on certain nodes in
	// the cluster. Note that when applying remediations generated from the
	// scan, this should match the selector of the MachineConfigPool you want
	// to apply the remediations to.
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
	// Is a reference to a ConfigMap that contains the
	// tailoring file. It assumes a key called `tailoring.xml` which will
	// have the tailoring contents.
	TailoringConfigMap *TailoringConfigMapRef `json:"tailoringConfigMap,omitempty"`

	ComplianceScanSettings `json:",inline"`
}

ComplianceScanSpec defines the desired state of ComplianceScan

func (*ComplianceScanSpec) DeepCopy

func (in *ComplianceScanSpec) DeepCopy() *ComplianceScanSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSpec.

func (*ComplianceScanSpec) DeepCopyInto

func (in *ComplianceScanSpec) DeepCopyInto(out *ComplianceScanSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScanSpecWrapper

type ComplianceScanSpecWrapper struct {
	ComplianceScanSpec `json:",inline"`

	// Contains a human readable name for the scan. This is to identify the
	// objects that it creates.
	Name string `json:"name,omitempty"`
}

ComplianceScanSpecWrapper provides a ComplianceScanSpec and a Name +k8s:openapi-gen=true

func (*ComplianceScanSpecWrapper) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSpecWrapper.

func (*ComplianceScanSpecWrapper) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceScanSpecWrapper) ScanSpecDiffers

func (sw *ComplianceScanSpecWrapper) ScanSpecDiffers(other *ComplianceScan) bool

type ComplianceScanStatus

type ComplianceScanStatus struct {
	// Is the phase where the scan is at. Normally, one must wait for the scan
	// to reach the phase DONE.
	Phase ComplianceScanStatusPhase `json:"phase,omitempty"`
	// Once the scan reaches the phase DONE, this will contain the result of
	// the scan. Where COMPLIANT means that the scan succeeded; NON-COMPLIANT
	// means that there were rule violations; and ERROR means that the scan
	// couldn't complete due to an issue.
	Result ComplianceScanStatusResult `json:"result,omitempty"`
	// If there are issues on the scan, this will be filled up with an error
	// message.
	ErrorMessage string `json:"errormsg,omitempty"`
	// Specifies the current index of the scan. Given multiple scans, this marks the
	// amount that have been executed.
	CurrentIndex int64 `json:"currentIndex,omitempty"`
	// Specifies the object that's storing the raw results for the scan.
	ResultsStorage StorageReference `json:"resultsStorage,omitempty"`
	// If there are warnings on the scan, this will be filled up with warning
	// messages.
	Warnings string `json:"warnings,omitempty"`
	// +optional
	Conditions Conditions `json:"conditions,omitempty"`
	//Is the number of retries left for the scan on timeout
	RemainingRetries int `json:"remainingRetries,omitempty"`
	// Is the time when the scan was started
	StartTimestamp *metav1.Time `json:"startTimestamp,omitempty"`
	// Is the time when the scan was finished
	EndTimestamp *metav1.Time `json:"endTimestamp,omitempty"`
}

ComplianceScanStatus defines the observed state of ComplianceScan

func (*ComplianceScanStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanStatus.

func (*ComplianceScanStatus) DeepCopyInto

func (in *ComplianceScanStatus) DeepCopyInto(out *ComplianceScanStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceScanStatus) SetConditionInvalid

func (s *ComplianceScanStatus) SetConditionInvalid()

func (*ComplianceScanStatus) SetConditionPending

func (s *ComplianceScanStatus) SetConditionPending()

func (*ComplianceScanStatus) SetConditionReady

func (s *ComplianceScanStatus) SetConditionReady()

func (*ComplianceScanStatus) SetConditionTimeout added in v0.1.60

func (s *ComplianceScanStatus) SetConditionTimeout()

func (*ComplianceScanStatus) SetConditionsProcessing

func (s *ComplianceScanStatus) SetConditionsProcessing()

type ComplianceScanStatusPhase

type ComplianceScanStatusPhase string

Represents the status of the compliance scan run.

const (
	// PhasePending represents the scan pending to be scheduled
	PhasePending ComplianceScanStatusPhase = "PENDING"
	// PhaseLaunching represents being scheduled and launching pods to run the scans
	PhaseLaunching ComplianceScanStatusPhase = "LAUNCHING"
	// PhaseRunning represents the scan being ran by the pods and waiting for the results
	PhaseRunning ComplianceScanStatusPhase = "RUNNING"
	// PhaseAggregating represents the scan aggregating the results
	PhaseAggregating ComplianceScanStatusPhase = "AGGREGATING"
	// PhaseDone represents the scan pods being done and the results being available
	PhaseDone ComplianceScanStatusPhase = "DONE"
)

type ComplianceScanStatusResult

type ComplianceScanStatusResult string

Represents the result of the compliance scan

type ComplianceScanStatusWrapper

type ComplianceScanStatusWrapper struct {
	ComplianceScanStatus `json:",inline"`

	// Contains a human readable name for the scan. This is to identify the
	// objects that it creates.
	Name string `json:"name,omitempty"`
}

ComplianceScanStatusWrapper provides a ComplianceScanStatus and a Name +k8s:openapi-gen=true

func ScanStatusWrapperFromScan

func ScanStatusWrapperFromScan(s *ComplianceScan) ComplianceScanStatusWrapper

ScanStatusWrapperFromScan returns a ComplianceScanStatusWrapper object (used by the ComplianceSuite object) in order to display the status of a scan

func (*ComplianceScanStatusWrapper) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanStatusWrapper.

func (*ComplianceScanStatusWrapper) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScanType

type ComplianceScanType string

ComplianceScanType +k8s:openapi-gen=true

type ComplianceSuite

type ComplianceSuite struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Contains the definition of the suite
	Spec ComplianceSuiteSpec `json:"spec,omitempty"`
	// Contains the current state of the suite
	Status ComplianceSuiteStatus `json:"status,omitempty"`
}

ComplianceSuite represents a set of scans that will be applied to the cluster. These should help deployers achieve a certain compliance target. +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=compliancesuites,scope=Namespaced,shortName=suites;suite +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=`.status.phase` +kubebuilder:printcolumn:name="Result",type="string",JSONPath=`.status.result`

func (*ComplianceSuite) ApplyRemediationsAnnotationSet

func (s *ComplianceSuite) ApplyRemediationsAnnotationSet() bool

func (*ComplianceSuite) DeepCopy

func (in *ComplianceSuite) DeepCopy() *ComplianceSuite

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuite.

func (*ComplianceSuite) DeepCopyInto

func (in *ComplianceSuite) DeepCopyInto(out *ComplianceSuite)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceSuite) DeepCopyObject

func (in *ComplianceSuite) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ComplianceSuite) IsResultAvailable

func (s *ComplianceSuite) IsResultAvailable() bool

func (*ComplianceSuite) LowestCommonResult

func (s *ComplianceSuite) LowestCommonResult() ComplianceScanStatusResult

func (*ComplianceSuite) LowestCommonState

func (s *ComplianceSuite) LowestCommonState() ComplianceScanStatusPhase

func (*ComplianceSuite) RemoveOutdatedAnnotationSet

func (s *ComplianceSuite) RemoveOutdatedAnnotationSet() bool

func (*ComplianceSuite) ShouldApplyRemediations

func (s *ComplianceSuite) ShouldApplyRemediations() bool

ShouldApplyRemediations returns whether the ComplianceSuite requires that the CoplianceRemediations that were generated from it be applied.

func (*ComplianceSuite) ShouldRemoveOutdated

func (s *ComplianceSuite) ShouldRemoveOutdated() bool

type ComplianceSuiteList

type ComplianceSuiteList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ComplianceSuite `json:"items"`
}

ComplianceSuiteList contains a list of ComplianceSuite

func (*ComplianceSuiteList) DeepCopy

func (in *ComplianceSuiteList) DeepCopy() *ComplianceSuiteList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteList.

func (*ComplianceSuiteList) DeepCopyInto

func (in *ComplianceSuiteList) DeepCopyInto(out *ComplianceSuiteList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceSuiteList) DeepCopyObject

func (in *ComplianceSuiteList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceSuiteSettings

type ComplianceSuiteSettings struct {
	// Defines whether or not the remediations should be applied automatically
	AutoApplyRemediations bool `json:"autoApplyRemediations,omitempty"`
	// Defines whether or not the remediations should be updated automatically.
	// This is done by deleting the "outdated" object from the remediation.
	AutoUpdateRemediations bool `json:"autoUpdateRemediations,omitempty"`
	// Defines a schedule for the scans to run. This is in cronjob format.
	// Note the scan will still be triggered immediately, and the scheduled
	// scans will start running only after the initial results are ready.
	Schedule string `json:"schedule,omitempty"`
}

ComplianceSuiteSettings groups together settings of a ComplianceSuite +k8s:openapi-gen=true

func (*ComplianceSuiteSettings) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteSettings.

func (*ComplianceSuiteSettings) DeepCopyInto

func (in *ComplianceSuiteSettings) DeepCopyInto(out *ComplianceSuiteSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceSuiteSpec

type ComplianceSuiteSpec struct {
	ComplianceSuiteSettings `json:",inline"`
	// Contains a list of the scans to execute on the cluster
	// +listType=atomic
	Scans []ComplianceScanSpecWrapper `json:"scans"`
}

ComplianceSuiteSpec defines the desired state of ComplianceSuite +k8s:openapi-gen=true

func (*ComplianceSuiteSpec) DeepCopy

func (in *ComplianceSuiteSpec) DeepCopy() *ComplianceSuiteSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteSpec.

func (*ComplianceSuiteSpec) DeepCopyInto

func (in *ComplianceSuiteSpec) DeepCopyInto(out *ComplianceSuiteSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceSuiteStatus

type ComplianceSuiteStatus struct {
	// +listType=atomic
	ScanStatuses []ComplianceScanStatusWrapper `json:"scanStatuses,omitempty"`
	Phase        ComplianceScanStatusPhase     `json:"phase,omitempty"`
	Result       ComplianceScanStatusResult    `json:"result,omitempty"`
	ErrorMessage string                        `json:"errorMessage,omitempty"`
	// +optional
	Conditions Conditions `json:"conditions,omitempty"`
}

ComplianceSuiteStatus defines the observed state of ComplianceSuite +k8s:openapi-gen=true

func (*ComplianceSuiteStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteStatus.

func (*ComplianceSuiteStatus) DeepCopyInto

func (in *ComplianceSuiteStatus) DeepCopyInto(out *ComplianceSuiteStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceSuiteStatus) SetConditionInvalid

func (s *ComplianceSuiteStatus) SetConditionInvalid()

func (*ComplianceSuiteStatus) SetConditionPending

func (s *ComplianceSuiteStatus) SetConditionPending()

func (*ComplianceSuiteStatus) SetConditionReady

func (s *ComplianceSuiteStatus) SetConditionReady()

func (*ComplianceSuiteStatus) SetConditionsProcessing

func (s *ComplianceSuiteStatus) SetConditionsProcessing()

type Condition

type Condition struct {
	Type               ConditionType          `json:"type"`
	Status             corev1.ConditionStatus `json:"status"`
	Reason             ConditionReason        `json:"reason,omitempty"`
	Message            string                 `json:"message,omitempty"`
	LastTransitionTime metav1.Time            `json:"lastTransitionTime,omitempty"`
}

Condition represents an observation of an object's state. Conditions are an extension mechanism intended to be used when the details of an observation are not a priori known or would not apply to all instances of a given Kind.

Conditions should be added to explicitly convey properties that users and components care about rather than requiring those properties to be inferred from other observations. Once defined, the meaning of a Condition can not be changed arbitrarily - it becomes part of the API, and has the same backwards- and forwards-compatibility concerns of any other part of the API.

func (*Condition) DeepCopy

func (in *Condition) DeepCopy() *Condition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.

func (*Condition) DeepCopyInto

func (c *Condition) DeepCopyInto(cpy *Condition)

DeepCopyInto copies in into out.

func (Condition) IsFalse

func (c Condition) IsFalse() bool

IsFalse returns whether the condition status is "False".

func (Condition) IsTrue

func (c Condition) IsTrue() bool

IsTrue Condition whether the condition status is "True".

func (Condition) IsUnknown

func (c Condition) IsUnknown() bool

IsUnknown returns whether the condition status is "Unknown".

type ConditionReason

type ConditionReason string

ConditionReason is intended to be a one-word, CamelCase representation of the category of cause of the current status. It is intended to be used in concise output, such as one-line kubectl get output, and in summarizing occurrences of causes.

type ConditionType

type ConditionType string

ConditionType is the type of the condition and is typically a CamelCased word or short phrase.

Condition types should indicate state in the "abnormal-true" polarity. For example, if the condition indicates when a policy is invalid, the "is valid" case is probably the norm, so the condition should be called "Invalid".

type Conditions

type Conditions []Condition

Conditions is a set of Condition instances.

func NewConditions

func NewConditions(conds ...Condition) Conditions

NewConditions initializes a set of conditions with the given list of conditions.

func (Conditions) DeepCopy

func (in Conditions) DeepCopy() Conditions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Conditions.

func (Conditions) DeepCopyInto

func (in Conditions) DeepCopyInto(out *Conditions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (Conditions) GetCondition

func (conditions Conditions) GetCondition(t ConditionType) *Condition

GetCondition searches the set of conditions for the condition with the given ConditionType and returns it. If the matching condition is not found, GetCondition returns nil.

func (Conditions) IsFalseFor

func (conditions Conditions) IsFalseFor(t ConditionType) bool

IsFalseFor searches the set of conditions for a condition with the given ConditionType. If found, it returns `condition.IsFalse()`. If not found, it returns false.

func (Conditions) IsTrueFor

func (conditions Conditions) IsTrueFor(t ConditionType) bool

IsTrueFor searches the set of conditions for a condition with the given ConditionType. If found, it returns `condition.IsTrue()`. If not found, it returns false.

func (Conditions) IsUnknownFor

func (conditions Conditions) IsUnknownFor(t ConditionType) bool

IsUnknownFor searches the set of conditions for a condition with the given ConditionType. If found, it returns `condition.IsUnknown()`. If not found, it returns true.

func (Conditions) MarshalJSON

func (conditions Conditions) MarshalJSON() ([]byte, error)

MarshalJSON marshals the set of conditions as a JSON array, sorted by condition type.

func (*Conditions) RemoveCondition

func (conditions *Conditions) RemoveCondition(t ConditionType) bool

RemoveCondition removes the condition with the given ConditionType from the conditions set. If no condition with that type is found, RemoveCondition returns without performing any action. If the passed condition type is not found in the set of conditions, RemoveCondition returns false.

func (*Conditions) SetCondition

func (conditions *Conditions) SetCondition(newCond Condition) bool

SetCondition adds (or updates) the set of conditions with the given condition. It returns a boolean value indicating whether the set condition is new or was a change to the existing condition with the same type.

func (*Conditions) SetConditionInvalid

func (conditions *Conditions) SetConditionInvalid(what string)

func (*Conditions) SetConditionPending

func (conditions *Conditions) SetConditionPending(what string)

func (*Conditions) SetConditionReady

func (conditions *Conditions) SetConditionReady(what string)

func (*Conditions) SetConditionTimeout added in v0.1.60

func (conditions *Conditions) SetConditionTimeout(what string)

func (*Conditions) SetConditionsProcessing

func (conditions *Conditions) SetConditionsProcessing(what string)

type DataStreamStatusType

type DataStreamStatusType string

DataStreamStatusType is the type for the data stream status

const (
	// DataStreamPending represents the state where the data stream
	// hasn't been processed yet
	DataStreamPending DataStreamStatusType = "PENDING"
	// DataStreamValid represents the status for a valid data stream
	DataStreamValid DataStreamStatusType = "VALID"
	// DataStreamInvalid represents the status for an invalid data stream
	DataStreamInvalid DataStreamStatusType = "INVALID"
)

type FixDefinition

type FixDefinition struct {
	// The platform that the fix applies to
	Platform string `json:"platform,omitempty"`
	// An estimate of the potential disruption or operational
	// degradation that this fix will impose in the target system
	Disruption string `json:"disruption,omitempty"`
	// an object that should bring the rule into compliance
	// +kubebuilder:pruning:PreserveUnknownFields
	// +kubebuilder:validation:EmbeddedResource
	// +kubebuilder:validation:nullable
	FixObject *unstructured.Unstructured `json:"fixObject,omitempty"`
}

FixDefinition Specifies a fix or remediation that applies to a rule

func (*FixDefinition) DeepCopy

func (in *FixDefinition) DeepCopy() *FixDefinition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FixDefinition.

func (*FixDefinition) DeepCopyInto

func (in *FixDefinition) DeepCopyInto(out *FixDefinition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NamedObjectReference

type NamedObjectReference struct {
	Name     string `json:"name,omitempty"`
	Kind     string `json:"kind,omitempty"`
	APIGroup string `json:"apiGroup,omitempty"`
}

func (*NamedObjectReference) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedObjectReference.

func (*NamedObjectReference) DeepCopyInto

func (in *NamedObjectReference) DeepCopyInto(out *NamedObjectReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OutputRef

type OutputRef struct {
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
}

OutputRef is a reference to the object created from the tailored profile

func (*OutputRef) DeepCopy

func (in *OutputRef) DeepCopy() *OutputRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutputRef.

func (*OutputRef) DeepCopyInto

func (in *OutputRef) DeepCopyInto(out *OutputRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Profile

type Profile struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	ProfilePayload `json:",inline"`
}

Profile is the Schema for the profiles API +kubebuilder:resource:path=profiles,scope=Namespaced,shortName=profs;prof

func (*Profile) DeepCopy

func (in *Profile) DeepCopy() *Profile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Profile.

func (*Profile) DeepCopyInto

func (in *Profile) DeepCopyInto(out *Profile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Profile) DeepCopyObject

func (in *Profile) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfileBundle

type ProfileBundle struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ProfileBundleSpec   `json:"spec,omitempty"`
	Status ProfileBundleStatus `json:"status,omitempty"`
}

ProfileBundle is the Schema for the profilebundles API +kubebuilder:subresource:status +kubebuilder:resource:path=profilebundles,scope=Namespaced,shortName=pb +kubebuilder:printcolumn:name="ContentImage",type="string",JSONPath=`.spec.contentImage` +kubebuilder:printcolumn:name="ContentFile",type="string",JSONPath=`.spec.contentFile` +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status.dataStreamStatus`

func (*ProfileBundle) DeepCopy

func (in *ProfileBundle) DeepCopy() *ProfileBundle

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundle.

func (*ProfileBundle) DeepCopyInto

func (in *ProfileBundle) DeepCopyInto(out *ProfileBundle)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileBundle) DeepCopyObject

func (in *ProfileBundle) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfileBundleList

type ProfileBundleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ProfileBundle `json:"items"`
}

ProfileBundleList contains a list of ProfileBundle

func (*ProfileBundleList) DeepCopy

func (in *ProfileBundleList) DeepCopy() *ProfileBundleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleList.

func (*ProfileBundleList) DeepCopyInto

func (in *ProfileBundleList) DeepCopyInto(out *ProfileBundleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileBundleList) DeepCopyObject

func (in *ProfileBundleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfileBundleSpec

type ProfileBundleSpec struct {
	// Is the path for the image that contains the content for this bundle.
	ContentImage string `json:"contentImage"`
	// Is the path for the file in the image that contains the content for this bundle.
	ContentFile string `json:"contentFile"`
}

Defines the desired state of ProfileBundle

func (*ProfileBundleSpec) DeepCopy

func (in *ProfileBundleSpec) DeepCopy() *ProfileBundleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleSpec.

func (*ProfileBundleSpec) DeepCopyInto

func (in *ProfileBundleSpec) DeepCopyInto(out *ProfileBundleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProfileBundleStatus

type ProfileBundleStatus struct {
	// Presents the current status for the datastream for this bundle
	// +kubebuilder:default=PENDING
	DataStreamStatus DataStreamStatusType `json:"dataStreamStatus,omitempty"`
	// If there's an error in the datastream, it'll be presented here
	ErrorMessage string `json:"errorMessage,omitempty"`
	// Defines the conditions for the ProfileBundle. Valid conditions are:
	//  - Ready: Indicates if the ProfileBundle is Ready parsing or not.
	// +optional
	Conditions Conditions `json:"conditions,omitempty"`
}

Defines the observed state of ProfileBundle

func (*ProfileBundleStatus) DeepCopy

func (in *ProfileBundleStatus) DeepCopy() *ProfileBundleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleStatus.

func (*ProfileBundleStatus) DeepCopyInto

func (in *ProfileBundleStatus) DeepCopyInto(out *ProfileBundleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileBundleStatus) SetConditionInvalid

func (s *ProfileBundleStatus) SetConditionInvalid()

func (*ProfileBundleStatus) SetConditionPending

func (s *ProfileBundleStatus) SetConditionPending()

func (*ProfileBundleStatus) SetConditionReady

func (s *ProfileBundleStatus) SetConditionReady()

type ProfileList

type ProfileList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Profile `json:"items"`
}

ProfileList contains a list of Profile

func (*ProfileList) DeepCopy

func (in *ProfileList) DeepCopy() *ProfileList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileList.

func (*ProfileList) DeepCopyInto

func (in *ProfileList) DeepCopyInto(out *ProfileList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileList) DeepCopyObject

func (in *ProfileList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfilePayload

type ProfilePayload struct {
	Title       string `json:"title"`
	Description string `json:"description"`
	ID          string `json:"id"`
	// +nullable
	// +optional
	// +listType=atomic
	Rules []ProfileRule `json:"rules,omitempty"`
	// +nullable
	// +optional
	// +listType=atomic
	Values []ProfileValue `json:"values,omitempty"`
}

func (*ProfilePayload) DeepCopy

func (in *ProfilePayload) DeepCopy() *ProfilePayload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfilePayload.

func (*ProfilePayload) DeepCopyInto

func (in *ProfilePayload) DeepCopyInto(out *ProfilePayload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProfileRule

type ProfileRule string

ProfileRule defines the name of a specific rule in the profile

func NewProfileRule

func NewProfileRule(rule string) ProfileRule

NewProfileRule returns a new ProfileRule from the given rule string

type ProfileValue

type ProfileValue string

ProfileValue defines a value for a setting in the profile

type RawResultStorageSettings

type RawResultStorageSettings struct {
	// Specifies the amount of storage to ask for storing the raw results. Note that
	// if re-scans happen, the new results will also need to be stored. Defaults to 1Gi.
	// +kubebuilder:validation:Default=1Gi
	// +kubebuilder:default="1Gi"
	Size string `json:"size,omitempty"`
	// Specifies the amount of scans for which the raw results will be stored.
	// Older results will get rotated, and it's the responsibility of administrators
	// to store these results elsewhere before rotation happens. Note that a rotation
	// policy of '0' disables rotation entirely. Defaults to 3.
	// +kubebuilder:default=3
	Rotation uint16 `json:"rotation,omitempty"`
	// Specifies the StorageClassName to use when creating the PersistentVolumeClaim
	// to hold the raw results. By default this is null, which will attempt to use the
	// default storage class configured in the cluster. If there is no default class specified
	// then this needs to be set.
	// +nullable
	StorageClassName *string `json:"storageClassName,omitempty"`
	// Specifies the access modes that the PersistentVolume will be created with.
	// The persistent volume will hold the raw results of the scan.
	// +kubebuilder:default={"ReadWriteOnce"}
	PVAccessModes []corev1.PersistentVolumeAccessMode `json:"pvAccessModes,omitempty"`
	// By setting this, it's possible to configure where the result server instances
	// are run. These instances will mount a Persistent Volume to store the raw
	// results, so special care should be taken to schedule these in trusted nodes.
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
	// Specifies tolerations needed for the result server to run on the nodes. This is useful
	// in case the target set of nodes have custom taints that don't allow certain
	// workloads to run. Defaults to allowing scheduling on master nodes.
	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
}

When changing the defaults, remember to change also the DefaultRawStorageSize and DefaultStorageRotation constants

func (*RawResultStorageSettings) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RawResultStorageSettings.

func (*RawResultStorageSettings) DeepCopyInto

func (in *RawResultStorageSettings) DeepCopyInto(out *RawResultStorageSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RemediationApplicationState

type RemediationApplicationState string
const (
	RemediationPending             RemediationApplicationState = "Pending"
	RemediationNotApplied          RemediationApplicationState = "NotApplied"
	RemediationApplied             RemediationApplicationState = "Applied"
	RemediationOutdated            RemediationApplicationState = "Outdated"
	RemediationError               RemediationApplicationState = "Error"
	RemediationMissingDependencies RemediationApplicationState = "MissingDependencies"
	RemediationNeedsReview         RemediationApplicationState = "NeedsReview"
)

type RemediationObjectDependencyReference

type RemediationObjectDependencyReference struct {
	metav1.TypeMeta `json:",inline"`
	Name            string `json:"name"`
	Namespace       string `json:"namespace,omitempty"`
}

func (*RemediationObjectDependencyReference) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemediationObjectDependencyReference.

func (*RemediationObjectDependencyReference) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RemediationType

type RemediationType string

+kubebuilder:validation:Enum=Configuration;Enforcement

const (
	ConfigurationRemediation RemediationType = "Configuration"
	EnforcementRemediation   RemediationType = "Enforcement"
)

type Rule

type Rule struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	RulePayload `json:",inline"`
}

Rule is the Schema for the rules API +kubebuilder:resource:path=rules,scope=Namespaced

func (*Rule) DeepCopy

func (in *Rule) DeepCopy() *Rule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.

func (*Rule) DeepCopyInto

func (in *Rule) DeepCopyInto(out *Rule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Rule) DeepCopyObject

func (in *Rule) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RuleList

type RuleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Rule `json:"items"`
}

RuleList contains a list of Rule

func (*RuleList) DeepCopy

func (in *RuleList) DeepCopy() *RuleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleList.

func (*RuleList) DeepCopyInto

func (in *RuleList) DeepCopyInto(out *RuleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RuleList) DeepCopyObject

func (in *RuleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RulePayload

type RulePayload struct {
	// The XCCDF ID
	ID string `json:"id"`
	// The title of the Rule
	Title string `json:"title"`
	// The description of the Rule
	Description string `json:"description,omitempty"`
	// The rationale of the Rule
	Rationale string `json:"rationale,omitempty"`
	// A discretionary warning about the of the Rule
	Warning string `json:"warning,omitempty"`
	// The severity level
	Severity string `json:"severity,omitempty"`
	// Instructions for auditing this specific rule
	Instructions string `json:"instructions,omitempty"`
	// What type of check will this rule execute:
	// Platform, Node or none (represented by an empty string)
	CheckType string `json:"checkType,omitempty"`
	// The Available fixes
	// +nullable
	// +optional
	// +listType=atomic
	AvailableFixes []FixDefinition `json:"availableFixes,omitempty"`
}

func (*RulePayload) DeepCopy

func (in *RulePayload) DeepCopy() *RulePayload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulePayload.

func (*RulePayload) DeepCopyInto

func (in *RulePayload) DeepCopyInto(out *RulePayload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleReferenceSpec

type RuleReferenceSpec struct {
	// Name of the rule that's being referenced
	Name string `json:"name"`
	// Rationale of why this rule is being selected/deselected
	Rationale string `json:"rationale"`
}

RuleReferenceSpec specifies a rule to be selected/deselected, as well as the reason why

func (*RuleReferenceSpec) DeepCopy

func (in *RuleReferenceSpec) DeepCopy() *RuleReferenceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleReferenceSpec.

func (*RuleReferenceSpec) DeepCopyInto

func (in *RuleReferenceSpec) DeepCopyInto(out *RuleReferenceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ScanSetting

type ScanSetting struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	ComplianceSuiteSettings `json:",inline"`
	ComplianceScanSettings  `json:",inline"`
	// The list of roles to apply node-specific checks to.
	//
	// This will be translated to the standard Kubernetes
	// role label `node-role.kubernetes.io/<role name>`.
	//
	// It's also possible to specify `@all` as a role, which
	// will run a scan on all nodes by not specifying a node
	// selector as we normally do. The usage of `@all` in
	// OpenShift is discouraged as the operator won't
	// be able to apply remediations unless roles are specified.
	//
	// Note that tolerations must still be configured for
	// the opeartor to appropriately schedule scans.
	Roles []string `json:"roles,omitempty"`
}

ScanSetting is the Schema for the scansettings API +kubebuilder:subresource:status +kubebuilder:resource:path=scansettings,scope=Namespaced,shortName=ss

func (*ScanSetting) DeepCopy

func (in *ScanSetting) DeepCopy() *ScanSetting

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSetting.

func (*ScanSetting) DeepCopyInto

func (in *ScanSetting) DeepCopyInto(out *ScanSetting)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSetting) DeepCopyObject

func (in *ScanSetting) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ScanSettingBinding

type ScanSettingBinding struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec     ScanSettingBindingSpec `json:"spec,omitempty"`
	Profiles []NamedObjectReference `json:"profiles,omitempty"`
	// +kubebuilder:default={"name":"default","kind": "ScanSetting", "apiGroup": "compliance.openshift.io/v1alpha1"}
	SettingsRef *NamedObjectReference `json:"settingsRef,omitempty"`
	// +optional
	Status ScanSettingBindingStatus `json:"status,omitempty"`
}

ScanSettingBinding is the Schema for the scansettingbindings API +kubebuilder:subresource:status +kubebuilder:resource:path=scansettingbindings,scope=Namespaced,shortName=ssb

func (*ScanSettingBinding) DeepCopy

func (in *ScanSettingBinding) DeepCopy() *ScanSettingBinding

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBinding.

func (*ScanSettingBinding) DeepCopyInto

func (in *ScanSettingBinding) DeepCopyInto(out *ScanSettingBinding)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSettingBinding) DeepCopyObject

func (in *ScanSettingBinding) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ScanSettingBindingList

type ScanSettingBindingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ScanSettingBinding `json:"items"`
}

ScanSettingBindingList contains a list of ScanSettingBinding

func (*ScanSettingBindingList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingList.

func (*ScanSettingBindingList) DeepCopyInto

func (in *ScanSettingBindingList) DeepCopyInto(out *ScanSettingBindingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSettingBindingList) DeepCopyObject

func (in *ScanSettingBindingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ScanSettingBindingSpec

type ScanSettingBindingSpec struct{}

This is a dummy spec to accommodate https://github.com/operator-framework/operator-sdk/issues/5584

func (*ScanSettingBindingSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingSpec.

func (*ScanSettingBindingSpec) DeepCopyInto

func (in *ScanSettingBindingSpec) DeepCopyInto(out *ScanSettingBindingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ScanSettingBindingStatus

type ScanSettingBindingStatus struct {
	// +optional
	Conditions Conditions `json:"conditions,omitempty"`
	// Reference to the object generated from this ScanSettingBinding
	// +optional
	// +nullable
	OutputRef *corev1.TypedLocalObjectReference `json:"outputRef,omitempty"`
}

func (*ScanSettingBindingStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingStatus.

func (*ScanSettingBindingStatus) DeepCopyInto

func (in *ScanSettingBindingStatus) DeepCopyInto(out *ScanSettingBindingStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSettingBindingStatus) SetConditionInvalid

func (s *ScanSettingBindingStatus) SetConditionInvalid(msg string)

func (*ScanSettingBindingStatus) SetConditionPending

func (s *ScanSettingBindingStatus) SetConditionPending()

func (*ScanSettingBindingStatus) SetConditionReady

func (s *ScanSettingBindingStatus) SetConditionReady()

type ScanSettingList

type ScanSettingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ScanSetting `json:"items"`
}

ScanSettingList contains a list of ScanSetting

func (*ScanSettingList) DeepCopy

func (in *ScanSettingList) DeepCopy() *ScanSettingList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingList.

func (*ScanSettingList) DeepCopyInto

func (in *ScanSettingList) DeepCopyInto(out *ScanSettingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSettingList) DeepCopyObject

func (in *ScanSettingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type StorageReference

type StorageReference struct {
	// Kind of the referent.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	// +optional
	Kind string `json:"kind,omitempty"`
	// Namespace of the referent.
	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
	// +optional
	Namespace string `json:"namespace,omitempty"`
	// Name of the referent.
	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
	// +optional
	Name string `json:"name,omitempty"`
	// API version of the referent.
	// +optional
	APIVersion string `json:"apiVersion,omitempty"`
}

StorageReference stores a reference to where certain objects are being stored

func (*StorageReference) DeepCopy

func (in *StorageReference) DeepCopy() *StorageReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageReference.

func (*StorageReference) DeepCopyInto

func (in *StorageReference) DeepCopyInto(out *StorageReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TailoredProfile

type TailoredProfile struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TailoredProfileSpec   `json:"spec,omitempty"`
	Status TailoredProfileStatus `json:"status,omitempty"`
}

TailoredProfile is the Schema for the tailoredprofiles API +kubebuilder:subresource:status +kubebuilder:resource:path=tailoredprofiles,scope=Namespaced,shortName=tp;tprof +kubebuilder:printcolumn:name="State",type="string",JSONPath=`.status.state`,description="State of the tailored profile"

func (*TailoredProfile) DeepCopy

func (in *TailoredProfile) DeepCopy() *TailoredProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfile.

func (*TailoredProfile) DeepCopyInto

func (in *TailoredProfile) DeepCopyInto(out *TailoredProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TailoredProfile) DeepCopyObject

func (in *TailoredProfile) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TailoredProfileList

type TailoredProfileList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []TailoredProfile `json:"items"`
}

TailoredProfileList contains a list of TailoredProfile

func (*TailoredProfileList) DeepCopy

func (in *TailoredProfileList) DeepCopy() *TailoredProfileList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileList.

func (*TailoredProfileList) DeepCopyInto

func (in *TailoredProfileList) DeepCopyInto(out *TailoredProfileList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TailoredProfileList) DeepCopyObject

func (in *TailoredProfileList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TailoredProfileSpec

type TailoredProfileSpec struct {
	// +optional
	// Points to the name of the profile to extend
	Extends string `json:"extends,omitempty"`
	// Title for the tailored profile. It can't be empty.
	// +kubebuilder:validation:Pattern=^.+$
	Title string `json:"title"`
	// Description of tailored profile. It can't be empty.
	// +kubebuilder:validation:Pattern=^.+$
	Description string `json:"description"`
	// Enables the referenced rules
	// +optional
	// +nullable
	EnableRules []RuleReferenceSpec `json:"enableRules,omitempty"`
	// Disables the referenced rules
	// +optional
	// +nullable
	DisableRules []RuleReferenceSpec `json:"disableRules,omitempty"`
	// Disables the automated check on referenced rules for manual check
	// +optional
	// +nullable
	ManualRules []RuleReferenceSpec `json:"manualRules,omitempty"`
	// Sets the referenced variables to selected values
	// +optional
	// +nullable
	SetValues []VariableValueSpec `json:"setValues,omitempty"`
}

TailoredProfileSpec defines the desired state of TailoredProfile

func (*TailoredProfileSpec) DeepCopy

func (in *TailoredProfileSpec) DeepCopy() *TailoredProfileSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileSpec.

func (*TailoredProfileSpec) DeepCopyInto

func (in *TailoredProfileSpec) DeepCopyInto(out *TailoredProfileSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TailoredProfileState

type TailoredProfileState string

TailoredProfileState defines the state fo the tailored profile

const (
	// TailoredProfileStatePending is a state where a tailored profile is still pending to be processed
	TailoredProfileStatePending TailoredProfileState = "PENDING"
	// TailoredProfileStateReady is a state where a tailored profile is ready to be used
	TailoredProfileStateReady TailoredProfileState = "READY"
	// TailoredProfileStateError is a state where a tailored profile had an error while processing
	TailoredProfileStateError TailoredProfileState = "ERROR"
)

type TailoredProfileStatus

type TailoredProfileStatus struct {
	// The XCCDF ID of the tailored profile
	ID string `json:"id,omitempty"`
	// Points to the generated resource
	OutputRef OutputRef `json:"outputRef,omitempty"`
	// The current state of the tailored profile
	State        TailoredProfileState `json:"state,omitempty"`
	ErrorMessage string               `json:"errorMessage,omitempty"`
}

TailoredProfileStatus defines the observed state of TailoredProfile

func (*TailoredProfileStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileStatus.

func (*TailoredProfileStatus) DeepCopyInto

func (in *TailoredProfileStatus) DeepCopyInto(out *TailoredProfileStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TailoringConfigMapRef

type TailoringConfigMapRef struct {
	// Name of the ConfigMap being referenced
	Name string `json:"name"`
}

TailoringConfigMapRef is a reference to a ConfigMap that contains the tailoring file. It assumes a key called `tailoring.xml` which will have the tailoring contents.

func (*TailoringConfigMapRef) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoringConfigMapRef.

func (*TailoringConfigMapRef) DeepCopyInto

func (in *TailoringConfigMapRef) DeepCopyInto(out *TailoringConfigMapRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ValueSelection

type ValueSelection struct {
	// The string description of the selection
	Description string `json:"description,omitempty"`
	// The value of the variable
	Value string `json:"value,omitempty"`
}

func (*ValueSelection) DeepCopy

func (in *ValueSelection) DeepCopy() *ValueSelection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueSelection.

func (*ValueSelection) DeepCopyInto

func (in *ValueSelection) DeepCopyInto(out *ValueSelection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Variable

type Variable struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	VariablePayload `json:",inline"`
}

Variable describes a tunable in the XCCDF profile +kubebuilder:resource:path=variables,scope=Namespaced,shortName=var

func (*Variable) DeepCopy

func (in *Variable) DeepCopy() *Variable

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Variable.

func (*Variable) DeepCopyInto

func (in *Variable) DeepCopyInto(out *Variable)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Variable) DeepCopyObject

func (in *Variable) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Variable) SetValue

func (v *Variable) SetValue(val string) error

type VariableList

type VariableList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Variable `json:"items"`
}

VariableList contains a list of Variable

func (*VariableList) DeepCopy

func (in *VariableList) DeepCopy() *VariableList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariableList.

func (*VariableList) DeepCopyInto

func (in *VariableList) DeepCopyInto(out *VariableList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VariableList) DeepCopyObject

func (in *VariableList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VariablePayload

type VariablePayload struct {

	// the ID of the variable
	ID string `json:"id"`
	// The title of the Variable
	Title string `json:"title"`
	// The description of the Variable
	Description string `json:"description,omitempty"`
	// The type of the variable
	Type VariableType `json:"type"`
	// The value of the variable
	Value string `json:"value,omitempty"`
	// Enumerates what values are allowed for this variable. Can be empty.
	// +optional
	// +nullable
	// +listType=atomic
	Selections []ValueSelection `json:"selections,omitempty"`
}

func (*VariablePayload) DeepCopy

func (in *VariablePayload) DeepCopy() *VariablePayload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariablePayload.

func (*VariablePayload) DeepCopyInto

func (in *VariablePayload) DeepCopyInto(out *VariablePayload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VariableType

type VariableType string

+kubebuilder:validation:Enum=number;bool;string

type VariableValueSpec

type VariableValueSpec struct {
	// Name of the variable that's being referenced
	Name string `json:"name"`
	// Rationale of why this value is being tailored
	Rationale string `json:"rationale"`
	// Value of the variable being set
	Value string `json:"value"`
}

ValueReferenceSpec specifies a value to be set for a variable with a reason why

func (*VariableValueSpec) DeepCopy

func (in *VariableValueSpec) DeepCopy() *VariableValueSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariableValueSpec.

func (*VariableValueSpec) DeepCopyInto

func (in *VariableValueSpec) DeepCopyInto(out *VariableValueSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL