v1alpha1

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 3, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

This is carried from github.com/operator-framework/operator-sdk/pkg/status

Package v1alpha1 contains API Schema definitions for the complianceoperator v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=compliance.openshift.io

Package v1alpha1 contains API Schema definitions for the complianceoperator v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=compliance.openshift.io

Index

Constants

View Source 
const (
	RemediationEnforcementEmpty string = ""
	RemediationEnforcementOff   string = "off"
	RemediationEnforcementAll   string = "all"
)
View Source 
const (
	// OutdatedRemediationLabel specifies that the remediation has been superseded by a newer version.
	OutdatedRemediationLabel = "complianceoperator.openshift.io/outdated-remediation"
	// RemediationHasUnmetDependenciesLabel specifies that a remediation has unmet dependencies
	// and thus cannot be applied.
	RemediationHasUnmetDependenciesLabel = "compliance.openshift.io/has-unmet-dependencies"
	// RemediationUnsetValueLabel specifies that a remediation requires a value
	// to be set.
	RemediationUnsetValueLabel = "compliance.openshift.io/has-unset-variable"
	// RemediationValueRequiredProcessedLabel specifies that a remediation's needed value
	// has been processed.
	RemediationValueRequiredProcessedLabel = "compliance.openshift.io/value-required-processed"
	// RemediationCreatedByOperatorAnnotation specifies that a remediation was
	// created by the Compliance Operator; this is used for the Compliance Operator to
	// know whether it can delete the object or not when un-applying a remediation.
	RemediationCreatedByOperatorAnnotation = "compliance.openshift.io/remediation"
	// RemediationNodeRoleAnnotation specifies that a remediation applies to a node role.
	RemediationNodeRoleAnnotation = "compliance.openshift.io/node-role"
	// RemediationDependencyAnnotation specifies that a remediation depends on
	// an XCCDF rule passing in order to be applied.
	RemediationDependencyAnnotation = "compliance.openshift.io/depends-on"
	// RemediationObjectDependencyAnnotation specifies that a remediation depends on
	// another Kubernetes object existing in order to be applied.
	RemediationObjectDependencyAnnotation = "compliance.openshift.io/depends-on-obj"
	// RemediationDependenciesMetAnnotation specifies that a remediation's dependencies
	// have been met.
	RemediationDependenciesMetAnnotation = "compliance.openshift.io/dependencies-met"
	// RemediationOptionalAnnotation specifies that a remediation is optional,
	// and thus failures applying it are to be ignored.
	RemediationOptionalAnnotation = "compliance.openshift.io/optional"
	// RemediationEnforcementTypeAnnotation specifies that a remediation is
	// of a certain policy enforcement type. This generally marks the engine
	// that the policy will be evaluated with. e.g. gatekeeper
	RemediationEnforcementTypeAnnotation = "compliance.openshift.io/enforcement-type"
	// RemediationValueRequiredAnnotation specifies that a remediation requires
	// a value to be set before being applied.
	RemediationValueRequiredAnnotation = "compliance.openshift.io/value-required"
	// RemediationUnsetValueAnnotation specifies the unset value that's missing
	// for the remediation
	RemediationUnsetValueAnnotation = "compliance.openshift.io/unset-value"
	// RemediationValueUsedAnnotation specifies the values used for a remediation
	RemediationValueUsedAnnotation = "compliance.openshift.io/xccdf-value-used"
	// OCPVersionDependencyAnnotation specifies that the OCP cluster needs to fall
	// into a range in order to be applied
	OCPVersionDependencyAnnotation = "compliance.openshift.io/ocp-version"
	// K8SVersionDependencyAnnotation specifies that the k8s cluster needs to fall
	// into a range in order to be applied
	K8SVersionDependencyAnnotation = "compliance.openshift.io/k8s-version"
)
View Source 
const (
	// ResultNot available represents the compliance scan not having finished yet
	ResultNotAvailable ComplianceScanStatusResult = "NOT-AVAILABLE"
	// ResultCompliant represents the compliance scan having succeeded
	ResultCompliant ComplianceScanStatusResult = "COMPLIANT"
	// ResultNotApplicable represents the compliance scan having no useful results after finished
	ResultNotApplicable ComplianceScanStatusResult = "NOT-APPLICABLE"
	// ResultError represents a compliance scan pod having failed to run the scan or encountered an error
	ResultError ComplianceScanStatusResult = "ERROR"
	// ResultNonCompliant represents the compliance scan having found a gap
	ResultNonCompliant ComplianceScanStatusResult = "NON-COMPLIANT"
	// ResultInconsistent represents checks differing across the machines
	ResultInconsistent ComplianceScanStatusResult = "INCONSISTENT"
	ScanTypeNode       ComplianceScanType         = "Node"
	ScanTypePlatform   ComplianceScanType         = "Platform"
)
View Source 
const (
	CheckTypePlatform = "Platform"
	CheckTypeNode     = "Node"
	CheckTypeNone     = ""
)
View Source 
const (
	VarTypeNumber = "number"
	VarTypeBool   = "bool"
	VarTypeString = "string"
)
View Source 
const (
	AllRoles = "@all"
)
View Source 
const ApplyRemediationsAnnotation = "compliance.openshift.io/apply-remediations"

ApplyRemediationsAnnotation is an annotation that, when set on a ComplianceSuite will apply all the remediations that were generated. It will be removed once they've been applied.

View Source 
const CmScanResultAnnotation = "compliance.openshift.io/scan-result"

CmScanResultAnnotation holds the processed scanner result

View Source 
const CmScanResultErrMsg = "compliance.openshift.io/scan-error-msg"

CmScanResultErrMsg holds the processed scanner error message

View Source 
const ComplianceCheckInconsistentLabel = "compliance.openshift.io/inconsistent-check"

ComplianceCheckInconsistentLabel signifies that the check's results were not consistent across the target nodes

View Source 
const ComplianceCheckResultErrorAnnotation = "compliance.openshift.io/error-msg"
View Source 
const ComplianceCheckResultHasRemediation = "compliance.openshift.io/automated-remediation"

ComplianceCheckResultLabel defines a label that will be included in the ComplianceCheckResult objects. It indicates whether the result has an automated remediation or not.

View Source 
const ComplianceCheckResultInconsistentSourceAnnotation = "compliance.openshift.io/inconsistent-source"

ComplianceCheckResultInconsistentSourceAnnotation is only used with an Inconsistent check result It either lists statuses of nodes that differ from ComplianceCheckResultMostCommonAnnotation or, if the most common state does not exist, just lists all sources of all nodes.

View Source 
const ComplianceCheckResultMostCommonAnnotation = "compliance.openshift.io/most-common-status"

ComplianceCheckResultMostCommonAnnotation stores the most common ComplianceCheckStatus value in an inconsistent check. In order for the result to be most common, at least 60% of the nodes must report the same result. The nodes that differ from the most common status are listed using ComplianceCheckResultInconsistentSourceAnnotation

View Source 
const ComplianceCheckResultRuleAnnotation = "compliance.openshift.io/rule"

ComplianceCheckResultRuleAnnotation exposes the DNS-friendly name of a rule as a label. This provides a way to link a result to a Rule object.

View Source 
const ComplianceCheckResultSeverityLabel = "compliance.openshift.io/check-severity"
View Source 
const ComplianceCheckResultStatusLabel = "compliance.openshift.io/check-status"

ComplianceCheckResultLabel defines a label that will be included in the ComplianceCheckResult objects. It indicates the result in an easy-to-find way.

View Source 
const ComplianceCheckResultValueLabel = "compliance.openshift.io/check-has-value"
View Source 
const (
	// The key of a ComplianceCheckResult that dependency annotations point to
	ComplianceRemediationDependencyField = "id"
)
View Source 
const ComplianceScanLabel = "compliance.openshift.io/scan-name"

ComplianceScanLabel serves as an indicator for which ComplianceScan owns the referenced object

View Source 
const ComplianceScanRescanAnnotation = "compliance.openshift.io/rescan"

ComplianceScanRescanAnnotation indicates that a ComplianceScan should be re-run

View Source 
const ComplianceScanTimeoutAnnotation = "compliance.openshift.io/timeout"

ComplianceScanTimeoutAnnotation indicates that a ComplianceScan got a timeout, we will put the timeout node name in the annotation if the scan is a node scan. If it's a platform scan, we will put "api-checks" in the annotation.

View Source 
const DefaultRawStorageSize = "1Gi"

DefaultRawStorageSize specifies the default storage size where the raw results will be stored at

View Source 
const DefaultStorageRotation = 3
View Source 
const DisableOutdatedReferenceValidation = "compliance.openshift.io/disable-outdated-reference-validation"

DisableOutdatedReferenceValidation a label is used to disable validation of outdated references

View Source 
const ExtendedProfileGuidLabel = "compliance.openshift.io/extended-profile-unique-id"

ExtendedProfileGuidLabel is a label used to store the unique ID of the profile being extends

View Source 
const KubeletConfigLabel = "complianceoperator.openshift.io/scan-kubeletconfig"

KubeletConfigLabel defines that the object is a fetched KubeletConfig for a scan object

View Source 
const ProductAnnotation = "compliance.openshift.io/product"

ProductAnnotation specifies the name of the platform this Profile or TailoredProfile is targetting. Example: ocp4, rhcos4, ...

View Source 
const ProductTypeAnnotation = "compliance.openshift.io/product-type"

ProductTypeAnnotation specifies what kind of platform (node,platform) this Profile or a TailoredProfile targets

View Source 
const ProfileBundleFinalizer = "profilebundle.finalizers.compliance.openshift.io"

ProfileBundleFinalizer is a finalizer for ProfileBundles. It gets automatically added by the ProfileBundle controller in order to delete resources.

View Source 
const ProfileBundleOwnerLabel = "compliance.openshift.io/profile-bundle"

ProfileBundleOwnerLabel marks a profile or rule as owned by a profile bundle and helps users filter such objects

View Source 
const ProfileGuidLabel = "compliance.openshift.io/profile-guid"

ProfileGuidLabel specifies the unique identifier of the Profile

View Source 
const ProfileImageDigestAnnotation = "compliance.openshift.io/image-digest"

ProfileImageDigestAnnotation is the parsed out digest of the content image

View Source 
const PruneOutdatedReferencesAnnotationKey = "compliance.openshift.io/prune-outdated-references"

PruneOutdatedReferencesAnnotationKey is the annotation key used to indicate that the outdated references of rules or variables should be pruned

View Source 
const RemoveOutdatedAnnotation = "compliance.openshift.io/remove-outdated"

RemoveOutdatedAnnotation is an annotation that, when set on a ComplianceSuite will automatically remove outdated remediations so the operator will apply only the up-to-date ones. It'll be removed once the outdated remediations have been removed.

View Source 
const ResultLabel = "complianceoperator.openshift.io/scan-result"

ResultLabel defines that the object is a result of a scan

View Source 
const RuleHideTagAnnotationKey = "compliance.openshift.io/hide-tag"

RuleHideTagAnnotationKey is the annotation used to mark a rule to be hidden from the ComplianceCheckResult

View Source 
const RuleIDAnnotationKey = "compliance.openshift.io/rule"

RuleIDAnnotationKey exposes the DNS-friendly name of a rule as an annotation. This provides a way to link a result to a Rule object. TODO(jaosorior): Decide where this actually belongs... should it be here or in the compliance-operator?

View Source 
const RuleLastCheckTypeChangedAnnotationKey = "compliance.openshift.io/rule-last-check-type"

RuleLastCheckTypeChangedAnnotationKey is the annotation key used to indicate that the rule check type has changed, store its previous check type

View Source 
const RuleProfileAnnotationKey = "compliance.openshift.io/profiles"

RuleProfileAnnotationKey is the annotation used to store which profiles are using a particular rule

View Source 
const RuleVariableAnnotationKey = "compliance.openshift.io/rule-variable"

RuleVariableAnnotationKey store list of xccdf variables used to render the rule

View Source 
const ScanFinalizer = "scan.finalizers.compliance.openshift.io"

ScanFinalizer is a finalizer for ComplianceScans. It gets automatically added by the ComplianceScan controller in order to delete resources.

View Source 
const ScriptLabel = "complianceoperator.openshift.io/scan-script"

ScriptLabel defines that the object is a script for a scan object

View Source 
const SuiteFinalizer = "suite.finalizers.compliance.openshift.io"

SuiteFinalizer is a finalizer for ComplianceSuites. It gets automatically added by the ComplianceSuite controller in order to delete resources.

View Source 
const SuiteLabel = "compliance.openshift.io/suite"

SuiteLabel indicates that an object (normally the ComplianceScan or a ComplianceRemediation) belongs to a certain ComplianceSuite. This is an easy way to filter them.

View Source 
const SuiteScriptLabel = "compliance.openshift.io/suite-script"

SuiteScriptLabel indicates that the object is a script belonging to the compliance suite controller

Variables

View Source 
var (
	// SchemeGroupVersion is group version used to register these objects
	SchemeGroupVersion = schema.GroupVersion{Group: "compliance.openshift.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
)
View Source 
var ErrUnkownScanType = errors.New("Unknown scan type")
View Source 
var (
	KubeDepsNotFound = errors.New("kubernetes dependency annotation not found")
)

Functions

func AddRemediationAnnotation 

func AddRemediationAnnotation(obj metav1.Object)

AddRemediationAnnotation annotates an object to say it was created by this operator

func RemediationWasCreatedByOperator 

func RemediationWasCreatedByOperator(obj metav1.Object) bool

AddRemediationAnnotation tells us if an object was created by this operator

Types

type ComplianceCheckResult 

type ComplianceCheckResult struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// A unique identifier of a check
	ID string `json:"id"`
	// The result of a check
	Status ComplianceCheckStatus `json:"status"`
	// The severity of a check status
	Severity ComplianceCheckResultSeverity `json:"severity"`
	// A human-readable check description, what and why it does
	Description string `json:"description,omitempty"`
	// The rationale of the Rule
	Rationale string `json:"rationale,omitempty"`
	// How to evaluate if the rule status manually. If no automatic test is present, the rule status will be MANUAL
	// and the administrator should follow these instructions.
	Instructions string `json:"instructions,omitempty"`
	// Any warnings that the user should be aware about.
	// +nullable
	Warnings []string `json:"warnings,omitempty"`
	// It stores a list of values used by the check
	ValuesUsed []string `json:"valuesUsed,omitempty"`
}

ComplianceCheckResult represent a result of a single compliance "test" +kubebuilder:resource:path=compliancecheckresults,scope=Namespaced,shortName=ccr;checkresults;checkresult +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status` +kubebuilder:printcolumn:name="Severity",type="string",JSONPath=`.severity`

func (*ComplianceCheckResult) DeepCopy 

func (in *ComplianceCheckResult) DeepCopy() *ComplianceCheckResult

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceCheckResult.

func (*ComplianceCheckResult) DeepCopyInto 

func (in *ComplianceCheckResult) DeepCopyInto(out *ComplianceCheckResult)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceCheckResult) DeepCopyObject 

func (in *ComplianceCheckResult) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceCheckResultList 

type ComplianceCheckResultList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ComplianceCheckResult `json:"items"`
}

ComplianceCheckResultList contains a list of ComplianceCheckResult

func (*ComplianceCheckResultList) DeepCopy 

func (in *ComplianceCheckResultList) DeepCopy() *ComplianceCheckResultList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceCheckResultList.

func (*ComplianceCheckResultList) DeepCopyInto 

func (in *ComplianceCheckResultList) DeepCopyInto(out *ComplianceCheckResultList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceCheckResultList) DeepCopyObject 

func (in *ComplianceCheckResultList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceCheckResultSeverity 

type ComplianceCheckResultSeverity string
const (
	CheckResultSeverityUnknown ComplianceCheckResultSeverity = "unknown"
	CheckResultSeverityInfo    ComplianceCheckResultSeverity = "info"
	CheckResultSeverityLow     ComplianceCheckResultSeverity = "low"
	CheckResultSeverityMedium  ComplianceCheckResultSeverity = "medium"
	CheckResultSeverityHigh    ComplianceCheckResultSeverity = "high"
)

type ComplianceCheckStatus 

type ComplianceCheckStatus string
const (
	// The check ran to completion and passed
	CheckResultPass ComplianceCheckStatus = "PASS"
	// The check ran to completion and failed
	CheckResultFail ComplianceCheckStatus = "FAIL"
	// The check ran to completion and found something not severe enough to be considered error
	CheckResultInfo ComplianceCheckStatus = "INFO"
	// The check ran to completion and found something not severe enough to be considered error
	CheckResultManual ComplianceCheckStatus = "MANUAL"
	// The check ran, but could not complete properly
	CheckResultError ComplianceCheckStatus = "ERROR"
	// The check didn't run because it is not applicable or not selected
	CheckResultNotApplicable ComplianceCheckStatus = "NOT-APPLICABLE"
	// The check reports different results from different sources, typically cluster nodes
	CheckResultInconsistent ComplianceCheckStatus = "INCONSISTENT"
	// The check didn't yield a usable result
	CheckResultNoResult ComplianceCheckStatus = ""
)

type ComplianceRemediation 

type ComplianceRemediation struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Contains the definition of what the remediation should be
	Spec ComplianceRemediationSpec `json:"spec,omitempty"`
	// Contains information on the remediation (whether it's applied or not)
	Status ComplianceRemediationStatus `json:"status,omitempty"`
}

ComplianceRemediation represents a remediation that can be applied to the cluster to fix the found issues. +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=complianceremediations,scope=Namespaced,shortName=cr;remediations;remediation;rems +kubebuilder:printcolumn:name="State",type="string",JSONPath=`.status.applicationState`

func (*ComplianceRemediation) AddOwnershipLabels 

func (r *ComplianceRemediation) AddOwnershipLabels(obj metav1.Object)

AddOwnershipLabels labels an object to say it was created by this operator and is owned by a specific scan and suite

func (*ComplianceRemediation) DeepCopy 

func (in *ComplianceRemediation) DeepCopy() *ComplianceRemediation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediation.

func (*ComplianceRemediation) DeepCopyInto 

func (in *ComplianceRemediation) DeepCopyInto(out *ComplianceRemediation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceRemediation) DeepCopyObject 

func (in *ComplianceRemediation) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ComplianceRemediation) GetEnforcementType 

func (r *ComplianceRemediation) GetEnforcementType() string

func (*ComplianceRemediation) GetMcName 

func (r *ComplianceRemediation) GetMcName() string

func (*ComplianceRemediation) GetScan 

func (r *ComplianceRemediation) GetScan() string

func (*ComplianceRemediation) GetSuite 

func (r *ComplianceRemediation) GetSuite() string

func (*ComplianceRemediation) HasAnnotation 

func (r *ComplianceRemediation) HasAnnotation(ann string) bool

func (*ComplianceRemediation) HasLabel 

func (r *ComplianceRemediation) HasLabel(label string) bool

func (*ComplianceRemediation) HasUnmetDependencies 

func (r *ComplianceRemediation) HasUnmetDependencies() bool

func (*ComplianceRemediation) HasUnmetKubeDependencies 

func (r *ComplianceRemediation) HasUnmetKubeDependencies() bool

func (*ComplianceRemediation) IsApplied 

func (r *ComplianceRemediation) IsApplied() bool

IsApplied tells whether the ComplianceRemediation has been applied. Note that a Remediation is considered applied if the state of it is indeed applied, or if it has been requested to be applied but it has become outdated

func (*ComplianceRemediation) ParseRemediationDependencyRefs 

func (r *ComplianceRemediation) ParseRemediationDependencyRefs() ([]RemediationObjectDependencyReference, error)

func (*ComplianceRemediation) RemediationPayloadDiffers 

func (r *ComplianceRemediation) RemediationPayloadDiffers(other *ComplianceRemediation) bool

type ComplianceRemediationList 

type ComplianceRemediationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ComplianceRemediation `json:"items"`
}

ComplianceRemediationList contains a list of ComplianceRemediation

func (*ComplianceRemediationList) DeepCopy 

func (in *ComplianceRemediationList) DeepCopy() *ComplianceRemediationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationList.

func (*ComplianceRemediationList) DeepCopyInto 

func (in *ComplianceRemediationList) DeepCopyInto(out *ComplianceRemediationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceRemediationList) DeepCopyObject 

func (in *ComplianceRemediationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceRemediationPayload 

type ComplianceRemediationPayload struct {
	// The remediation payload. This would normally be a full Kubernetes
	// object.
	// +kubebuilder:pruning:PreserveUnknownFields
	// +kubebuilder:validation:EmbeddedResource
	// +kubebuilder:validation:nullable
	Object *unstructured.Unstructured `json:"object,omitempty"`
}

func (*ComplianceRemediationPayload) DeepCopy 

func (in *ComplianceRemediationPayload) DeepCopy() *ComplianceRemediationPayload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationPayload.

func (*ComplianceRemediationPayload) DeepCopyInto 

func (in *ComplianceRemediationPayload) DeepCopyInto(out *ComplianceRemediationPayload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceRemediationSpec 

type ComplianceRemediationSpec struct {
	ComplianceRemediationSpecMeta `json:",inline"`
	// Defines the remediation that is proposed by the scan. If there is no "outdated"
	// remediation in this object, the "current" remediation is what will be applied.
	Current ComplianceRemediationPayload `json:"current,omitempty"`
	// In case there was a previous remediation proposed by a previous scan, and that remediation
	// now differs, the old remediation will be kept in this "outdated" key. This requires admin
	// intervention to remove this outdated object and ensure the current is what's applied.
	Outdated ComplianceRemediationPayload `json:"outdated,omitempty"`
}

ComplianceRemediationSpec defines the desired state of ComplianceRemediation +k8s:openapi-gen=true

func (*ComplianceRemediationSpec) DeepCopy 

func (in *ComplianceRemediationSpec) DeepCopy() *ComplianceRemediationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationSpec.

func (*ComplianceRemediationSpec) DeepCopyInto 

func (in *ComplianceRemediationSpec) DeepCopyInto(out *ComplianceRemediationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceRemediationSpecMeta 

type ComplianceRemediationSpecMeta struct {
	// Whether the remediation should be picked up and applied by the operator
	Apply bool `json:"apply"`
	// The type of remediation that this object applies. The available
	// types are: Configuration and Enforcement. Where the Configuration
	// type fixes a configuration to match a compliance expectation.
	// The Enforcement type, on the other hand, ensures that the cluster
	// stays in compliance via means of authorization.
	// +kubebuilder:default="Configuration"
	Type RemediationType `json:"type,omitempty"`
}

func (*ComplianceRemediationSpecMeta) DeepCopy 

func (in *ComplianceRemediationSpecMeta) DeepCopy() *ComplianceRemediationSpecMeta

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationSpecMeta.

func (*ComplianceRemediationSpecMeta) DeepCopyInto 

func (in *ComplianceRemediationSpecMeta) DeepCopyInto(out *ComplianceRemediationSpecMeta)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceRemediationStatus 

type ComplianceRemediationStatus struct {
	// Whether the remediation is already applied or not
	// +kubebuilder:default="NotApplied"
	ApplicationState RemediationApplicationState `json:"applicationState,omitempty"`
	ErrorMessage     string                      `json:"errorMessage,omitempty"`
}

ComplianceRemediationStatus defines the observed state of ComplianceRemediation +k8s:openapi-gen=true

func (*ComplianceRemediationStatus) DeepCopy 

func (in *ComplianceRemediationStatus) DeepCopy() *ComplianceRemediationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationStatus.

func (*ComplianceRemediationStatus) DeepCopyInto 

func (in *ComplianceRemediationStatus) DeepCopyInto(out *ComplianceRemediationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScan 

type ComplianceScan struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// The spec is the configuration for the compliance scan.
	Spec ComplianceScanSpec `json:"spec,omitempty"`
	// The status will give valuable information on what's going on with the
	// scan; and, more importantly, if the scan is successful (compliant) or
	// not (non-compliant)
	Status ComplianceScanStatus `json:"status,omitempty"`
}

ComplianceScan represents a scan with a certain configuration that will be applied to objects of a certain entity in the host. These could be nodes that apply to a certain nodeSelector, or the cluster itself. +kubebuilder:subresource:status +kubebuilder:resource:path=compliancescans,scope=Namespaced,shortName=scans;scan +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=`.status.phase` +kubebuilder:printcolumn:name="Result",type="string",JSONPath=`.status.result`

func ComplianceScanFromWrapper 

func ComplianceScanFromWrapper(sw *ComplianceScanSpecWrapper) *ComplianceScan

ComplianceScanFromWrapper returns a ComplianceScan from the wrapper that's given to a ComplianceSuite. This will return all the values that are derivable from the wrapper in order to build a scan. Anything missing must be added separately.

func (*ComplianceScan) DeepCopy 

func (in *ComplianceScan) DeepCopy() *ComplianceScan

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScan.

func (*ComplianceScan) DeepCopyInto 

func (in *ComplianceScan) DeepCopyInto(out *ComplianceScan)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceScan) DeepCopyObject 

func (in *ComplianceScan) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ComplianceScan) GetScanType 

func (cs *ComplianceScan) GetScanType() ComplianceScanType

GetScanType get's the scan type for a scan

func (*ComplianceScan) GetScanTypeIfValid 

func (cs *ComplianceScan) GetScanTypeIfValid() (ComplianceScanType, error)

GetScanTypeIfValid returns scan type if the scan has a valid one, else it returns an error

func (*ComplianceScan) IsStrictNodeScan 

func (cs *ComplianceScan) IsStrictNodeScan() bool

GetScanType get's the scan type for a scan

func (*ComplianceScan) NeedsRescan 

func (cs *ComplianceScan) NeedsRescan() bool

NeedsRescan indicates whether a ComplianceScan needs to rescan or not

func (*ComplianceScan) NeedsTimeoutRescan added in v0.1.60 

func (cs *ComplianceScan) NeedsTimeoutRescan() bool

NeedsTimeoutRescan indicates whether a ComplianceScan needs to rescan due to timeout

func (*ComplianceScan) RemediationEnforcementIsOff 

func (cs *ComplianceScan) RemediationEnforcementIsOff() bool

Returns whether remediation enforcement is off or not

func (*ComplianceScan) RemediationEnforcementTypeMatches 

func (cs *ComplianceScan) RemediationEnforcementTypeMatches(etype string) bool

Returns whether remediation enforcement is off or not

type ComplianceScanList 

type ComplianceScanList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ComplianceScan `json:"items"`
}

ComplianceScanList contains a list of ComplianceScan

func (*ComplianceScanList) DeepCopy 

func (in *ComplianceScanList) DeepCopy() *ComplianceScanList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanList.

func (*ComplianceScanList) DeepCopyInto 

func (in *ComplianceScanList) DeepCopyInto(out *ComplianceScanList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceScanList) DeepCopyObject 

func (in *ComplianceScanList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceScanSettings 

type ComplianceScanSettings struct {
	// Enable debug logging of workloads and OpenSCAP
	Debug bool `json:"debug,omitempty"`
	// Specifies settings that pertain to raw result storage.
	RawResultStorage RawResultStorageSettings `json:"rawResultStorage,omitempty"`
	// Defines that no external resources in the Data Stream should be used. External
	// resources could be, for instance, CVE feeds. This is useful for disconnected
	// installations without access to a proxy.
	NoExternalResources bool `json:"noExternalResources,omitempty"`
	// It is recommended to set the proxy via the config.openshift.io/Proxy object
	// Defines a proxy for the scan to get external resources from. This is useful for
	// disconnected installations with access to a proxy.
	HTTPSProxy string `json:"httpsProxy,omitempty"`
	// Specifies tolerations needed for the scan to run on the nodes. This is useful
	// in case the target set of nodes have custom taints that don't allow certain
	// workloads to run. Defaults to allowing scheduling on all nodes.
	// +kubebuilder:default={{operator: "Exists"}}
	ScanTolerations []corev1.Toleration `json:"scanTolerations,omitempty"`

	// Defines whether the scan should proceed if we're not able to
	// scan all the nodes or not. `true` means that the operator
	// should be strict and error out. `false` means that we don't
	// need to be strict and we can proceed.
	// +kubebuilder:default=true
	StrictNodeScan *bool `json:"strictNodeScan,omitempty"`

	// Specifies what to do with remediations of Enforcement type. If left empty,
	// this defaults to "off" which doesn't create nor apply any enforcement remediations.
	// If set to "all" this creates any enforcement remediations it encounters.
	// Subsequently, this can also be set to a specific type. e.g. setting it to
	// "gatekeeper" will apply any enforcement remediations relevant to the
	// Gatekeeper OPA system.
	// These objects will annotated in the content itself with:
	//     complianceascode.io/enforcement-type: <type>
	RemediationEnforcement string `json:"remediationEnforcement,omitempty"`

	// Determines whether to hide or show results that are not applicable.
	// +kubebuilder:default=false
	ShowNotApplicable bool `json:"showNotApplicable,omitempty"`

	// Defines the PriorityClass to use for launching scan related pods,
	// the Name of a desired PriorityClass should be set here, this is an
	// optional field, if PriorityClass is invalid or not found, it will be ignored.
	PriorityClass string `json:"priorityClass,omitempty"`

	// ScanLimits allows to set the resource limits that the scan pods are allowed to use.
	// By default, compliance operator will use sensible defaults (500Mi memory, 100m CPU
	// for the scanner container and 200Mi memory with 100m CPU for the api-resource-collector
	// container).
	ScanLimits map[corev1.ResourceName]resource.Quantity `json:"scanLimits,omitempty"`

	// Timeout is the maximum amount of time the scan can run. If the scan
	// hasn't finished by then, it will be aborted.
	// +kubebuilder:default="30m"
	Timeout string `json:"timeout,omitempty"`

	// MaxRetryOnTimeout is the maximum number of times the scan will be retried if it times out.
	// +kubebuilder:default=3
	MaxRetryOnTimeout int `json:"maxRetryOnTimeout,omitempty"`
}

ComplianceScanSettings groups together settings of a ComplianceScan

func (*ComplianceScanSettings) DeepCopy 

func (in *ComplianceScanSettings) DeepCopy() *ComplianceScanSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSettings.

func (*ComplianceScanSettings) DeepCopyInto 

func (in *ComplianceScanSettings) DeepCopyInto(out *ComplianceScanSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScanSpec 

type ComplianceScanSpec struct {
	// The type of Compliance scan.
	// +kubebuilder:default=Node
	ScanType ComplianceScanType `json:"scanType,omitempty"`
	// Is the image with the content (Data Stream), that will be used to run
	// OpenSCAP.
	ContentImage string `json:"contentImage,omitempty"`
	// Is the profile in the data stream to be used. This is the collection of
	// rules that will be checked for.
	Profile string `json:"profile,omitempty"`
	// A Rule can be specified if the scan should check only for a specific
	// rule. Note that when leaving this empty, the scan will check for all the
	// rules for a specific profile.
	Rule string `json:"rule,omitempty"`
	// Is the path to the file that contains the content (the data stream).
	// Note that the path needs to be relative to the `/` (root) directory, as
	// it is in the ContentImage
	Content string `json:"content,omitempty"`
	// By setting this, it's possible to only run the scan on certain nodes in
	// the cluster. Note that when applying remediations generated from the
	// scan, this should match the selector of the MachineConfigPool you want
	// to apply the remediations to.
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
	// Is a reference to a ConfigMap that contains the
	// tailoring file. It assumes a key called `tailoring.xml` which will
	// have the tailoring contents.
	TailoringConfigMap *TailoringConfigMapRef `json:"tailoringConfigMap,omitempty"`

	ComplianceScanSettings `json:",inline"`
}

ComplianceScanSpec defines the desired state of ComplianceScan

func (*ComplianceScanSpec) DeepCopy 

func (in *ComplianceScanSpec) DeepCopy() *ComplianceScanSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSpec.

func (*ComplianceScanSpec) DeepCopyInto 

func (in *ComplianceScanSpec) DeepCopyInto(out *ComplianceScanSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScanSpecWrapper 

type ComplianceScanSpecWrapper struct {
	ComplianceScanSpec `json:",inline"`

	// Contains a human readable name for the scan. This is to identify the
	// objects that it creates.
	Name string `json:"name,omitempty"`
}

ComplianceScanSpecWrapper provides a ComplianceScanSpec and a Name +k8s:openapi-gen=true

func (*ComplianceScanSpecWrapper) DeepCopy 

func (in *ComplianceScanSpecWrapper) DeepCopy() *ComplianceScanSpecWrapper

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSpecWrapper.

func (*ComplianceScanSpecWrapper) DeepCopyInto 

func (in *ComplianceScanSpecWrapper) DeepCopyInto(out *ComplianceScanSpecWrapper)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceScanSpecWrapper) ScanSpecDiffers 

func (sw *ComplianceScanSpecWrapper) ScanSpecDiffers(other *ComplianceScan) bool

type ComplianceScanStatus 

type ComplianceScanStatus struct {
	// Is the phase where the scan is at. Normally, one must wait for the scan
	// to reach the phase DONE.
	Phase ComplianceScanStatusPhase `json:"phase,omitempty"`
	// Once the scan reaches the phase DONE, this will contain the result of
	// the scan. Where COMPLIANT means that the scan succeeded; NON-COMPLIANT
	// means that there were rule violations; and ERROR means that the scan
	// couldn't complete due to an issue.
	Result ComplianceScanStatusResult `json:"result,omitempty"`
	// If there are issues on the scan, this will be filled up with an error
	// message.
	ErrorMessage string `json:"errormsg,omitempty"`
	// Specifies the current index of the scan. Given multiple scans, this marks the
	// amount that have been executed.
	CurrentIndex int64 `json:"currentIndex,omitempty"`
	// Specifies the object that's storing the raw results for the scan.
	ResultsStorage StorageReference `json:"resultsStorage,omitempty"`
	// If there are warnings on the scan, this will be filled up with warning
	// messages.
	Warnings string `json:"warnings,omitempty"`
	// +optional
	Conditions Conditions `json:"conditions,omitempty"`
	//Is the number of retries left for the scan on timeout
	RemainingRetries int `json:"remainingRetries,omitempty"`
	// Is the time when the scan was started
	StartTimestamp *metav1.Time `json:"startTimestamp,omitempty"`
	// Is the time when the scan was finished
	EndTimestamp *metav1.Time `json:"endTimestamp,omitempty"`
}

ComplianceScanStatus defines the observed state of ComplianceScan

func (*ComplianceScanStatus) DeepCopy 

func (in *ComplianceScanStatus) DeepCopy() *ComplianceScanStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanStatus.

func (*ComplianceScanStatus) DeepCopyInto 

func (in *ComplianceScanStatus) DeepCopyInto(out *ComplianceScanStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceScanStatus) SetConditionInvalid 

func (s *ComplianceScanStatus) SetConditionInvalid()

func (*ComplianceScanStatus) SetConditionPending 

func (s *ComplianceScanStatus) SetConditionPending()

func (*ComplianceScanStatus) SetConditionReady 

func (s *ComplianceScanStatus) SetConditionReady()

func (*ComplianceScanStatus) SetConditionTimeout added in v0.1.60 

func (s *ComplianceScanStatus) SetConditionTimeout()

func (*ComplianceScanStatus) SetConditionsProcessing 

func (s *ComplianceScanStatus) SetConditionsProcessing()

type ComplianceScanStatusPhase 

type ComplianceScanStatusPhase string

Represents the status of the compliance scan run. 

const (
	// PhasePending represents the scan pending to be scheduled
	PhasePending ComplianceScanStatusPhase = "PENDING"
	// PhaseLaunching represents being scheduled and launching pods to run the scans
	PhaseLaunching ComplianceScanStatusPhase = "LAUNCHING"
	// PhaseRunning represents the scan being ran by the pods and waiting for the results
	PhaseRunning ComplianceScanStatusPhase = "RUNNING"
	// PhaseAggregating represents the scan aggregating the results
	PhaseAggregating ComplianceScanStatusPhase = "AGGREGATING"
	// PhaseDone represents the scan pods being done and the results being available
	PhaseDone ComplianceScanStatusPhase = "DONE"
)

type ComplianceScanStatusResult 

type ComplianceScanStatusResult string

Represents the result of the compliance scan

type ComplianceScanStatusWrapper 

type ComplianceScanStatusWrapper struct {
	ComplianceScanStatus `json:",inline"`

	// Contains a human readable name for the scan. This is to identify the
	// objects that it creates.
	Name string `json:"name,omitempty"`
}

ComplianceScanStatusWrapper provides a ComplianceScanStatus and a Name +k8s:openapi-gen=true

func ScanStatusWrapperFromScan 

func ScanStatusWrapperFromScan(s *ComplianceScan) ComplianceScanStatusWrapper

ScanStatusWrapperFromScan returns a ComplianceScanStatusWrapper object (used by the ComplianceSuite object) in order to display the status of a scan

func (*ComplianceScanStatusWrapper) DeepCopy 

func (in *ComplianceScanStatusWrapper) DeepCopy() *ComplianceScanStatusWrapper

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanStatusWrapper.

func (*ComplianceScanStatusWrapper) DeepCopyInto 

func (in *ComplianceScanStatusWrapper) DeepCopyInto(out *ComplianceScanStatusWrapper)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScanType 

type ComplianceScanType string

ComplianceScanType +k8s:openapi-gen=true

type ComplianceSuite 

type ComplianceSuite struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Contains the definition of the suite
	Spec ComplianceSuiteSpec `json:"spec,omitempty"`
	// Contains the current state of the suite
	Status ComplianceSuiteStatus `json:"status,omitempty"`
}

ComplianceSuite represents a set of scans that will be applied to the cluster. These should help deployers achieve a certain compliance target. +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=compliancesuites,scope=Namespaced,shortName=suites;suite +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=`.status.phase` +kubebuilder:printcolumn:name="Result",type="string",JSONPath=`.status.result`

func (*ComplianceSuite) ApplyRemediationsAnnotationSet 

func (s *ComplianceSuite) ApplyRemediationsAnnotationSet() bool

func (*ComplianceSuite) DeepCopy 

func (in *ComplianceSuite) DeepCopy() *ComplianceSuite

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuite.

func (*ComplianceSuite) DeepCopyInto 

func (in *ComplianceSuite) DeepCopyInto(out *ComplianceSuite)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceSuite) DeepCopyObject 

func (in *ComplianceSuite) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ComplianceSuite) IsResultAvailable 

func (s *ComplianceSuite) IsResultAvailable() bool

func (*ComplianceSuite) LowestCommonResult 

func (s *ComplianceSuite) LowestCommonResult() ComplianceScanStatusResult

func (*ComplianceSuite) LowestCommonState 

func (s *ComplianceSuite) LowestCommonState() ComplianceScanStatusPhase

func (*ComplianceSuite) RemoveOutdatedAnnotationSet 

func (s *ComplianceSuite) RemoveOutdatedAnnotationSet() bool

func (*ComplianceSuite) ShouldApplyRemediations 

func (s *ComplianceSuite) ShouldApplyRemediations() bool

ShouldApplyRemediations returns whether the ComplianceSuite requires that the CoplianceRemediations that were generated from it be applied.

func (*ComplianceSuite) ShouldRemoveOutdated 

func (s *ComplianceSuite) ShouldRemoveOutdated() bool

type ComplianceSuiteList 

type ComplianceSuiteList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ComplianceSuite `json:"items"`
}

ComplianceSuiteList contains a list of ComplianceSuite

func (*ComplianceSuiteList) DeepCopy 

func (in *ComplianceSuiteList) DeepCopy() *ComplianceSuiteList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteList.

func (*ComplianceSuiteList) DeepCopyInto 

func (in *ComplianceSuiteList) DeepCopyInto(out *ComplianceSuiteList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceSuiteList) DeepCopyObject 

func (in *ComplianceSuiteList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceSuiteSettings 

type ComplianceSuiteSettings struct {
	// Defines whether or not the remediations should be applied automatically
	AutoApplyRemediations bool `json:"autoApplyRemediations,omitempty"`
	// Defines whether or not the remediations should be updated automatically.
	// This is done by deleting the "outdated" object from the remediation.
	AutoUpdateRemediations bool `json:"autoUpdateRemediations,omitempty"`
	// Defines a schedule for the scans to run. This is in cronjob format.
	// Note the scan will still be triggered immediately, and the scheduled
	// scans will start running only after the initial results are ready.
	Schedule string `json:"schedule,omitempty"`
	// Defines if a schedule should be suspended and is a boolean value,
	// defaulting to False.
	// +kubebuilder:default=false
	Suspend bool `json:"suspend,omitempty"`
}

ComplianceSuiteSettings groups together settings of a ComplianceSuite +k8s:openapi-gen=true

func (*ComplianceSuiteSettings) DeepCopy 

func (in *ComplianceSuiteSettings) DeepCopy() *ComplianceSuiteSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteSettings.

func (*ComplianceSuiteSettings) DeepCopyInto 

func (in *ComplianceSuiteSettings) DeepCopyInto(out *ComplianceSuiteSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceSuiteSpec 

type ComplianceSuiteSpec struct {
	ComplianceSuiteSettings `json:",inline"`
	// Contains a list of the scans to execute on the cluster
	// +listType=atomic
	Scans []ComplianceScanSpecWrapper `json:"scans"`
}

ComplianceSuiteSpec defines the desired state of ComplianceSuite +k8s:openapi-gen=true

func (*ComplianceSuiteSpec) DeepCopy 

func (in *ComplianceSuiteSpec) DeepCopy() *ComplianceSuiteSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteSpec.

func (*ComplianceSuiteSpec) DeepCopyInto 

func (in *ComplianceSuiteSpec) DeepCopyInto(out *ComplianceSuiteSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceSuiteStatus 

type ComplianceSuiteStatus struct {
	// +listType=atomic
	ScanStatuses []ComplianceScanStatusWrapper `json:"scanStatuses,omitempty"`
	Phase        ComplianceScanStatusPhase     `json:"phase,omitempty"`
	Result       ComplianceScanStatusResult    `json:"result,omitempty"`
	ErrorMessage string                        `json:"errorMessage,omitempty"`
	// +optional
	Conditions Conditions `json:"conditions,omitempty"`
}

ComplianceSuiteStatus defines the observed state of ComplianceSuite +k8s:openapi-gen=true

func (*ComplianceSuiteStatus) DeepCopy 

func (in *ComplianceSuiteStatus) DeepCopy() *ComplianceSuiteStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteStatus.

func (*ComplianceSuiteStatus) DeepCopyInto 

func (in *ComplianceSuiteStatus) DeepCopyInto(out *ComplianceSuiteStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceSuiteStatus) SetConditionInvalid 

func (s *ComplianceSuiteStatus) SetConditionInvalid()

func (*ComplianceSuiteStatus) SetConditionPending 

func (s *ComplianceSuiteStatus) SetConditionPending()

func (*ComplianceSuiteStatus) SetConditionReady 

func (s *ComplianceSuiteStatus) SetConditionReady()

func (*ComplianceSuiteStatus) SetConditionsProcessing 

func (s *ComplianceSuiteStatus) SetConditionsProcessing()

type Condition 

type Condition struct {
	Type               ConditionType          `json:"type"`
	Status             corev1.ConditionStatus `json:"status"`
	Reason             ConditionReason        `json:"reason,omitempty"`
	Message            string                 `json:"message,omitempty"`
	LastTransitionTime metav1.Time            `json:"lastTransitionTime,omitempty"`
}

Condition represents an observation of an object's state. Conditions are an extension mechanism intended to be used when the details of an observation are not a priori known or would not apply to all instances of a given Kind.

Conditions should be added to explicitly convey properties that users and components care about rather than requiring those properties to be inferred from other observations. Once defined, the meaning of a Condition can not be changed arbitrarily - it becomes part of the API, and has the same backwards- and forwards-compatibility concerns of any other part of the API.

func (*Condition) DeepCopy 

func (in *Condition) DeepCopy() *Condition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.

func (*Condition) DeepCopyInto 

func (c *Condition) DeepCopyInto(cpy *Condition)

DeepCopyInto copies in into out.

func (Condition) IsFalse 

func (c Condition) IsFalse() bool

IsFalse returns whether the condition status is "False".

func (Condition) IsTrue 

func (c Condition) IsTrue() bool

IsTrue Condition whether the condition status is "True".

func (Condition) IsUnknown 

func (c Condition) IsUnknown() bool

IsUnknown returns whether the condition status is "Unknown".

type ConditionReason 

type ConditionReason string

ConditionReason is intended to be a one-word, CamelCase representation of the category of cause of the current status. It is intended to be used in concise output, such as one-line kubectl get output, and in summarizing occurrences of causes.

type ConditionType 

type ConditionType string

ConditionType is the type of the condition and is typically a CamelCased word or short phrase.

Condition types should indicate state in the "abnormal-true" polarity. For example, if the condition indicates when a policy is invalid, the "is valid" case is probably the norm, so the condition should be called "Invalid".

type Conditions 

type Conditions []Condition

Conditions is a set of Condition instances.

func NewConditions 

func NewConditions(conds ...Condition) Conditions

NewConditions initializes a set of conditions with the given list of conditions.

func (Conditions) DeepCopy 

func (in Conditions) DeepCopy() Conditions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Conditions.

func (Conditions) DeepCopyInto 

func (in Conditions) DeepCopyInto(out *Conditions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (Conditions) GetCondition 

func (conditions Conditions) GetCondition(t ConditionType) *Condition

GetCondition searches the set of conditions for the condition with the given ConditionType and returns it. If the matching condition is not found, GetCondition returns nil.

func (Conditions) IsFalseFor 

func (conditions Conditions) IsFalseFor(t ConditionType) bool

IsFalseFor searches the set of conditions for a condition with the given ConditionType. If found, it returns `condition.IsFalse()`. If not found, it returns false.

func (Conditions) IsTrueFor 

func (conditions Conditions) IsTrueFor(t ConditionType) bool

IsTrueFor searches the set of conditions for a condition with the given ConditionType. If found, it returns `condition.IsTrue()`. If not found, it returns false.

func (Conditions) IsUnknownFor 

func (conditions Conditions) IsUnknownFor(t ConditionType) bool

IsUnknownFor searches the set of conditions for a condition with the given ConditionType. If found, it returns `condition.IsUnknown()`. If not found, it returns true.

func (Conditions) MarshalJSON 

func (conditions Conditions) MarshalJSON() ([]byte, error)

MarshalJSON marshals the set of conditions as a JSON array, sorted by condition type.

func (*Conditions) RemoveCondition 

func (conditions *Conditions) RemoveCondition(t ConditionType) bool

RemoveCondition removes the condition with the given ConditionType from the conditions set. If no condition with that type is found, RemoveCondition returns without performing any action. If the passed condition type is not found in the set of conditions, RemoveCondition returns false.

func (*Conditions) SetCondition 

func (conditions *Conditions) SetCondition(newCond Condition) bool

SetCondition adds (or updates) the set of conditions with the given condition. It returns a boolean value indicating whether the set condition is new or was a change to the existing condition with the same type.

func (*Conditions) SetConditionInvalid 

func (conditions *Conditions) SetConditionInvalid(what string)

func (*Conditions) SetConditionPending 

func (conditions *Conditions) SetConditionPending(what string)

func (*Conditions) SetConditionReady 

func (conditions *Conditions) SetConditionReady(what string)

func (*Conditions) SetConditionTimeout added in v0.1.60 

func (conditions *Conditions) SetConditionTimeout(what string)

func (*Conditions) SetConditionsProcessing 

func (conditions *Conditions) SetConditionsProcessing(what string)

type DataStreamStatusType 

type DataStreamStatusType string

DataStreamStatusType is the type for the data stream status 

const (
	// DataStreamPending represents the state where the data stream
	// hasn't been processed yet
	DataStreamPending DataStreamStatusType = "PENDING"
	// DataStreamValid represents the status for a valid data stream
	DataStreamValid DataStreamStatusType = "VALID"
	// DataStreamInvalid represents the status for an invalid data stream
	DataStreamInvalid DataStreamStatusType = "INVALID"
)

type FixDefinition 

type FixDefinition struct {
	// The platform that the fix applies to
	Platform string `json:"platform,omitempty"`
	// An estimate of the potential disruption or operational
	// degradation that this fix will impose in the target system
	Disruption string `json:"disruption,omitempty"`
	// an object that should bring the rule into compliance
	// +kubebuilder:pruning:PreserveUnknownFields
	// +kubebuilder:validation:EmbeddedResource
	// +kubebuilder:validation:nullable
	FixObject *unstructured.Unstructured `json:"fixObject,omitempty"`
}

FixDefinition Specifies a fix or remediation that applies to a rule

func (*FixDefinition) DeepCopy 

func (in *FixDefinition) DeepCopy() *FixDefinition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FixDefinition.

func (*FixDefinition) DeepCopyInto 

func (in *FixDefinition) DeepCopyInto(out *FixDefinition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NamedObjectReference 

type NamedObjectReference struct {
	Name     string `json:"name,omitempty"`
	Kind     string `json:"kind,omitempty"`
	APIGroup string `json:"apiGroup,omitempty"`
}

func (*NamedObjectReference) DeepCopy 

func (in *NamedObjectReference) DeepCopy() *NamedObjectReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedObjectReference.

func (*NamedObjectReference) DeepCopyInto 

func (in *NamedObjectReference) DeepCopyInto(out *NamedObjectReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OutputRef 

type OutputRef struct {
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
}

OutputRef is a reference to the object created from the tailored profile

func (*OutputRef) DeepCopy 

func (in *OutputRef) DeepCopy() *OutputRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutputRef.

func (*OutputRef) DeepCopyInto 

func (in *OutputRef) DeepCopyInto(out *OutputRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Profile 

type Profile struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	ProfilePayload `json:",inline"`
}

Profile is the Schema for the profiles API +kubebuilder:resource:path=profiles,scope=Namespaced,shortName=profs;prof +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Version",type="string",JSONPath=`.version`

func (*Profile) DeepCopy 

func (in *Profile) DeepCopy() *Profile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Profile.

func (*Profile) DeepCopyInto 

func (in *Profile) DeepCopyInto(out *Profile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Profile) DeepCopyObject 

func (in *Profile) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfileBundle 

type ProfileBundle struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ProfileBundleSpec   `json:"spec,omitempty"`
	Status ProfileBundleStatus `json:"status,omitempty"`
}

ProfileBundle is the Schema for the profilebundles API +kubebuilder:subresource:status +kubebuilder:resource:path=profilebundles,scope=Namespaced,shortName=pb +kubebuilder:printcolumn:name="ContentImage",type="string",JSONPath=`.spec.contentImage` +kubebuilder:printcolumn:name="ContentFile",type="string",JSONPath=`.spec.contentFile` +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status.dataStreamStatus`

func (*ProfileBundle) DeepCopy 

func (in *ProfileBundle) DeepCopy() *ProfileBundle

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundle.

func (*ProfileBundle) DeepCopyInto 

func (in *ProfileBundle) DeepCopyInto(out *ProfileBundle)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileBundle) DeepCopyObject 

func (in *ProfileBundle) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfileBundleList 

type ProfileBundleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ProfileBundle `json:"items"`
}

ProfileBundleList contains a list of ProfileBundle

func (*ProfileBundleList) DeepCopy 

func (in *ProfileBundleList) DeepCopy() *ProfileBundleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleList.

func (*ProfileBundleList) DeepCopyInto 

func (in *ProfileBundleList) DeepCopyInto(out *ProfileBundleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileBundleList) DeepCopyObject 

func (in *ProfileBundleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfileBundleSpec 

type ProfileBundleSpec struct {
	// Is the path for the image that contains the content for this bundle.
	ContentImage string `json:"contentImage"`
	// Is the path for the file in the image that contains the content for this bundle.
	ContentFile string `json:"contentFile"`
}

Defines the desired state of ProfileBundle

func (*ProfileBundleSpec) DeepCopy 

func (in *ProfileBundleSpec) DeepCopy() *ProfileBundleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleSpec.

func (*ProfileBundleSpec) DeepCopyInto 

func (in *ProfileBundleSpec) DeepCopyInto(out *ProfileBundleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProfileBundleStatus 

type ProfileBundleStatus struct {
	// Presents the current status for the datastream for this bundle
	// +kubebuilder:default=PENDING
	DataStreamStatus DataStreamStatusType `json:"dataStreamStatus,omitempty"`
	// If there's an error in the datastream, it'll be presented here
	ErrorMessage string `json:"errorMessage,omitempty"`
	// Defines the conditions for the ProfileBundle. Valid conditions are:
	//  - Ready: Indicates if the ProfileBundle is Ready parsing or not.
	// +optional
	Conditions Conditions `json:"conditions,omitempty"`
}

Defines the observed state of ProfileBundle

func (*ProfileBundleStatus) DeepCopy 

func (in *ProfileBundleStatus) DeepCopy() *ProfileBundleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleStatus.

func (*ProfileBundleStatus) DeepCopyInto 

func (in *ProfileBundleStatus) DeepCopyInto(out *ProfileBundleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileBundleStatus) SetConditionInvalid 

func (s *ProfileBundleStatus) SetConditionInvalid()

func (*ProfileBundleStatus) SetConditionPending 

func (s *ProfileBundleStatus) SetConditionPending()

func (*ProfileBundleStatus) SetConditionReady 

func (s *ProfileBundleStatus) SetConditionReady()

type ProfileList 

type ProfileList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Profile `json:"items"`
}

ProfileList contains a list of Profile

func (*ProfileList) DeepCopy 

func (in *ProfileList) DeepCopy() *ProfileList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileList.

func (*ProfileList) DeepCopyInto 

func (in *ProfileList) DeepCopyInto(out *ProfileList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileList) DeepCopyObject 

func (in *ProfileList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfilePayload 

type ProfilePayload struct {
	Title       string `json:"title"`
	Description string `json:"description"`
	ID          string `json:"id"`
	// +nullable
	// +optional
	// +listType=atomic
	Rules []ProfileRule `json:"rules,omitempty"`
	// +nullable
	// +optional
	// +listType=atomic
	Values []ProfileValue `json:"values,omitempty"`
	// +optional
	Version string `json:"version"`
}

func (*ProfilePayload) DeepCopy 

func (in *ProfilePayload) DeepCopy() *ProfilePayload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfilePayload.

func (*ProfilePayload) DeepCopyInto 

func (in *ProfilePayload) DeepCopyInto(out *ProfilePayload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProfileRule 

type ProfileRule string

ProfileRule defines the name of a specific rule in the profile

func NewProfileRule 

func NewProfileRule(rule string) ProfileRule

NewProfileRule returns a new ProfileRule from the given rule string

type ProfileValue 

type ProfileValue string

ProfileValue defines a value for a setting in the profile

type RawResultStorageSettings 

type RawResultStorageSettings struct {
	// Specifies the amount of storage to ask for storing the raw results. Note that
	// if re-scans happen, the new results will also need to be stored. Defaults to 1Gi.
	// +kubebuilder:validation:Default=1Gi
	// +kubebuilder:default="1Gi"
	Size string `json:"size,omitempty"`
	// Specifies the amount of scans for which the raw results will be stored.
	// Older results will get rotated, and it's the responsibility of administrators
	// to store these results elsewhere before rotation happens. Note that a rotation
	// policy of '0' disables rotation entirely. Defaults to 3.
	// +kubebuilder:default=3
	Rotation uint16 `json:"rotation,omitempty"`
	// Specifies the StorageClassName to use when creating the PersistentVolumeClaim
	// to hold the raw results. By default this is null, which will attempt to use the
	// default storage class configured in the cluster. If there is no default class specified
	// then this needs to be set.
	// +nullable
	StorageClassName *string `json:"storageClassName,omitempty"`
	// Specifies the access modes that the PersistentVolume will be created with.
	// The persistent volume will hold the raw results of the scan.
	// +kubebuilder:default={"ReadWriteOnce"}
	PVAccessModes []corev1.PersistentVolumeAccessMode `json:"pvAccessModes,omitempty"`
	// By setting this, it's possible to configure where the result server instances
	// are run. These instances will mount a Persistent Volume to store the raw
	// results, so special care should be taken to schedule these in trusted nodes.
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
	// Specifies tolerations needed for the result server to run on the nodes. This is useful
	// in case the target set of nodes have custom taints that don't allow certain
	// workloads to run. Defaults to allowing scheduling on master nodes.
	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
}

When changing the defaults, remember to change also the DefaultRawStorageSize and DefaultStorageRotation constants

func (*RawResultStorageSettings) DeepCopy 

func (in *RawResultStorageSettings) DeepCopy() *RawResultStorageSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RawResultStorageSettings.

func (*RawResultStorageSettings) DeepCopyInto 

func (in *RawResultStorageSettings) DeepCopyInto(out *RawResultStorageSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RemediationApplicationState 

type RemediationApplicationState string
const (
	RemediationPending             RemediationApplicationState = "Pending"
	RemediationNotApplied          RemediationApplicationState = "NotApplied"
	RemediationApplied             RemediationApplicationState = "Applied"
	RemediationOutdated            RemediationApplicationState = "Outdated"
	RemediationError               RemediationApplicationState = "Error"
	RemediationMissingDependencies RemediationApplicationState = "MissingDependencies"
	RemediationNeedsReview         RemediationApplicationState = "NeedsReview"
)

type RemediationObjectDependencyReference 

type RemediationObjectDependencyReference struct {
	metav1.TypeMeta `json:",inline"`
	Name            string `json:"name"`
	Namespace       string `json:"namespace,omitempty"`
}

func (*RemediationObjectDependencyReference) DeepCopy 

func (in *RemediationObjectDependencyReference) DeepCopy() *RemediationObjectDependencyReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemediationObjectDependencyReference.

func (*RemediationObjectDependencyReference) DeepCopyInto 

func (in *RemediationObjectDependencyReference) DeepCopyInto(out *RemediationObjectDependencyReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RemediationType 

type RemediationType string

+kubebuilder:validation:Enum=Configuration;Enforcement 

const (
	ConfigurationRemediation RemediationType = "Configuration"
	EnforcementRemediation   RemediationType = "Enforcement"
)

type Rule 

type Rule struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	RulePayload `json:",inline"`
}

Rule is the Schema for the rules API +kubebuilder:resource:path=rules,scope=Namespaced

func (*Rule) DeepCopy 

func (in *Rule) DeepCopy() *Rule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.

func (*Rule) DeepCopyInto 

func (in *Rule) DeepCopyInto(out *Rule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Rule) DeepCopyObject 

func (in *Rule) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RuleList 

type RuleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Rule `json:"items"`
}

RuleList contains a list of Rule

func (*RuleList) DeepCopy 

func (in *RuleList) DeepCopy() *RuleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleList.

func (*RuleList) DeepCopyInto 

func (in *RuleList) DeepCopyInto(out *RuleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RuleList) DeepCopyObject 

func (in *RuleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RulePayload 

type RulePayload struct {
	// The XCCDF ID
	ID string `json:"id"`
	// The title of the Rule
	Title string `json:"title"`
	// The description of the Rule
	Description string `json:"description,omitempty"`
	// The rationale of the Rule
	Rationale string `json:"rationale,omitempty"`
	// A discretionary warning about the of the Rule
	Warning string `json:"warning,omitempty"`
	// The severity level
	Severity string `json:"severity,omitempty"`
	// Instructions for auditing this specific rule
	Instructions string `json:"instructions,omitempty"`
	// What type of check will this rule execute:
	// Platform, Node or none (represented by an empty string)
	CheckType string `json:"checkType,omitempty"`
	// The Available fixes
	// +nullable
	// +optional
	// +listType=atomic
	AvailableFixes []FixDefinition `json:"availableFixes,omitempty"`
}

func (*RulePayload) DeepCopy 

func (in *RulePayload) DeepCopy() *RulePayload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulePayload.

func (*RulePayload) DeepCopyInto 

func (in *RulePayload) DeepCopyInto(out *RulePayload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleReferenceSpec 

type RuleReferenceSpec struct {
	// Name of the rule that's being referenced
	Name string `json:"name"`
	// Rationale of why this rule is being selected/deselected
	Rationale string `json:"rationale"`
}

RuleReferenceSpec specifies a rule to be selected/deselected, as well as the reason why

func (*RuleReferenceSpec) DeepCopy 

func (in *RuleReferenceSpec) DeepCopy() *RuleReferenceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleReferenceSpec.

func (*RuleReferenceSpec) DeepCopyInto 

func (in *RuleReferenceSpec) DeepCopyInto(out *RuleReferenceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ScanSetting 

type ScanSetting struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	ComplianceSuiteSettings `json:",inline"`
	ComplianceScanSettings  `json:",inline"`
	// The list of roles to apply node-specific checks to.
	//
	// This will be translated to the standard Kubernetes
	// role label `node-role.kubernetes.io/<role name>`.
	//
	// It's also possible to specify `@all` as a role, which
	// will run a scan on all nodes by not specifying a node
	// selector as we normally do. The usage of `@all` in
	// OpenShift is discouraged as the operator won't
	// be able to apply remediations unless roles are specified.
	//
	// Note that tolerations must still be configured for
	// the opeartor to appropriately schedule scans.
	Roles []string `json:"roles,omitempty"`
}

ScanSetting is the Schema for the scansettings API +kubebuilder:subresource:status +kubebuilder:resource:path=scansettings,scope=Namespaced,shortName=ss

func (*ScanSetting) DeepCopy 

func (in *ScanSetting) DeepCopy() *ScanSetting

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSetting.

func (*ScanSetting) DeepCopyInto 

func (in *ScanSetting) DeepCopyInto(out *ScanSetting)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSetting) DeepCopyObject 

func (in *ScanSetting) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ScanSettingBinding 

type ScanSettingBinding struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec     ScanSettingBindingSpec `json:"spec,omitempty"`
	Profiles []NamedObjectReference `json:"profiles,omitempty"`
	// +kubebuilder:default={"name":"default","kind": "ScanSetting", "apiGroup": "compliance.openshift.io/v1alpha1"}
	SettingsRef *NamedObjectReference `json:"settingsRef,omitempty"`
	// +optional
	Status ScanSettingBindingStatus `json:"status,omitempty"`
}

ScanSettingBinding is the Schema for the scansettingbindings API +kubebuilder:subresource:status +kubebuilder:resource:path=scansettingbindings,scope=Namespaced,shortName=ssb +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status.phase`

func (*ScanSettingBinding) DeepCopy 

func (in *ScanSettingBinding) DeepCopy() *ScanSettingBinding

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBinding.

func (*ScanSettingBinding) DeepCopyInto 

func (in *ScanSettingBinding) DeepCopyInto(out *ScanSettingBinding)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSettingBinding) DeepCopyObject 

func (in *ScanSettingBinding) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ScanSettingBindingList 

type ScanSettingBindingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ScanSettingBinding `json:"items"`
}

ScanSettingBindingList contains a list of ScanSettingBinding

func (*ScanSettingBindingList) DeepCopy 

func (in *ScanSettingBindingList) DeepCopy() *ScanSettingBindingList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingList.

func (*ScanSettingBindingList) DeepCopyInto 

func (in *ScanSettingBindingList) DeepCopyInto(out *ScanSettingBindingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSettingBindingList) DeepCopyObject 

func (in *ScanSettingBindingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ScanSettingBindingSpec 

type ScanSettingBindingSpec struct{}

This is a dummy spec to accommodate https://github.com/operator-framework/operator-sdk/issues/5584

func (*ScanSettingBindingSpec) DeepCopy 

func (in *ScanSettingBindingSpec) DeepCopy() *ScanSettingBindingSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingSpec.

func (*ScanSettingBindingSpec) DeepCopyInto 

func (in *ScanSettingBindingSpec) DeepCopyInto(out *ScanSettingBindingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ScanSettingBindingStatus 

type ScanSettingBindingStatus struct {
	Phase ScanSettingBindingStatusPhase `json:"phase,omitempty"`
	// +optional
	Conditions Conditions `json:"conditions,omitempty"`
	// Reference to the object generated from this ScanSettingBinding
	// +optional
	// +nullable
	OutputRef *corev1.TypedLocalObjectReference `json:"outputRef,omitempty"`
}

func (*ScanSettingBindingStatus) DeepCopy 

func (in *ScanSettingBindingStatus) DeepCopy() *ScanSettingBindingStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingStatus.

func (*ScanSettingBindingStatus) DeepCopyInto 

func (in *ScanSettingBindingStatus) DeepCopyInto(out *ScanSettingBindingStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSettingBindingStatus) SetConditionInvalid 

func (s *ScanSettingBindingStatus) SetConditionInvalid(msg string)

func (*ScanSettingBindingStatus) SetConditionPending 

func (s *ScanSettingBindingStatus) SetConditionPending()

func (*ScanSettingBindingStatus) SetConditionReady 

func (s *ScanSettingBindingStatus) SetConditionReady()

func (*ScanSettingBindingStatus) SetConditionSuspended added in v1.4.0 

func (s *ScanSettingBindingStatus) SetConditionSuspended()

type ScanSettingBindingStatusPhase added in v1.4.0 

type ScanSettingBindingStatusPhase string
const (
	ScanSettingBindingPhasePending   ScanSettingBindingStatusPhase = "PENDING"
	ScanSettingBindingPhaseReady     ScanSettingBindingStatusPhase = "READY"
	ScanSettingBindingPhaseInvalid   ScanSettingBindingStatusPhase = "INVALID"
	ScanSettingBindingPhaseSuspended ScanSettingBindingStatusPhase = "SUSPENDED"
)

type ScanSettingList 

type ScanSettingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ScanSetting `json:"items"`
}

ScanSettingList contains a list of ScanSetting

func (*ScanSettingList) DeepCopy 

func (in *ScanSettingList) DeepCopy() *ScanSettingList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingList.

func (*ScanSettingList) DeepCopyInto 

func (in *ScanSettingList) DeepCopyInto(out *ScanSettingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSettingList) DeepCopyObject 

func (in *ScanSettingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type StorageReference 

type StorageReference struct {
	// Kind of the referent.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	// +optional
	Kind string `json:"kind,omitempty"`
	// Namespace of the referent.
	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
	// +optional
	Namespace string `json:"namespace,omitempty"`
	// Name of the referent.
	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
	// +optional
	Name string `json:"name,omitempty"`
	// API version of the referent.
	// +optional
	APIVersion string `json:"apiVersion,omitempty"`
}

StorageReference stores a reference to where certain objects are being stored

func (*StorageReference) DeepCopy 

func (in *StorageReference) DeepCopy() *StorageReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageReference.

func (*StorageReference) DeepCopyInto 

func (in *StorageReference) DeepCopyInto(out *StorageReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TailoredProfile 

type TailoredProfile struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TailoredProfileSpec   `json:"spec,omitempty"`
	Status TailoredProfileStatus `json:"status,omitempty"`
}

TailoredProfile is the Schema for the tailoredprofiles API +kubebuilder:subresource:status +kubebuilder:resource:path=tailoredprofiles,scope=Namespaced,shortName=tp;tprof +kubebuilder:printcolumn:name="State",type="string",JSONPath=`.status.state`,description="State of the tailored profile"

func (*TailoredProfile) DeepCopy 

func (in *TailoredProfile) DeepCopy() *TailoredProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfile.

func (*TailoredProfile) DeepCopyInto 

func (in *TailoredProfile) DeepCopyInto(out *TailoredProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TailoredProfile) DeepCopyObject 

func (in *TailoredProfile) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TailoredProfileList 

type TailoredProfileList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []TailoredProfile `json:"items"`
}

TailoredProfileList contains a list of TailoredProfile

func (*TailoredProfileList) DeepCopy 

func (in *TailoredProfileList) DeepCopy() *TailoredProfileList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileList.

func (*TailoredProfileList) DeepCopyInto 

func (in *TailoredProfileList) DeepCopyInto(out *TailoredProfileList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TailoredProfileList) DeepCopyObject 

func (in *TailoredProfileList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TailoredProfileSpec 

type TailoredProfileSpec struct {
	// +optional
	// Points to the name of the profile to extend
	Extends string `json:"extends,omitempty"`
	// Title for the tailored profile. It can't be empty.
	// +kubebuilder:validation:Pattern=^.+$
	Title string `json:"title"`
	// Description of tailored profile. It can't be empty.
	// +kubebuilder:validation:Pattern=^.+$
	Description string `json:"description"`
	// Enables the referenced rules
	// +optional
	// +nullable
	EnableRules []RuleReferenceSpec `json:"enableRules,omitempty"`
	// Disables the referenced rules
	// +optional
	// +nullable
	DisableRules []RuleReferenceSpec `json:"disableRules,omitempty"`
	// Disables the automated check on referenced rules for manual check
	// +optional
	// +nullable
	ManualRules []RuleReferenceSpec `json:"manualRules,omitempty"`
	// Sets the referenced variables to selected values
	// +optional
	// +nullable
	SetValues []VariableValueSpec `json:"setValues,omitempty"`
}

TailoredProfileSpec defines the desired state of TailoredProfile

func (*TailoredProfileSpec) DeepCopy 

func (in *TailoredProfileSpec) DeepCopy() *TailoredProfileSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileSpec.

func (*TailoredProfileSpec) DeepCopyInto 

func (in *TailoredProfileSpec) DeepCopyInto(out *TailoredProfileSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TailoredProfileState 

type TailoredProfileState string

TailoredProfileState defines the state fo the tailored profile 

const (
	// TailoredProfileStatePending is a state where a tailored profile is still pending to be processed
	TailoredProfileStatePending TailoredProfileState = "PENDING"
	// TailoredProfileStateReady is a state where a tailored profile is ready to be used
	TailoredProfileStateReady TailoredProfileState = "READY"
	// TailoredProfileStateError is a state where a tailored profile had an error while processing
	TailoredProfileStateError TailoredProfileState = "ERROR"
)

type TailoredProfileStatus 

type TailoredProfileStatus struct {
	// The XCCDF ID of the tailored profile
	ID string `json:"id,omitempty"`
	// Points to the generated resource
	OutputRef OutputRef `json:"outputRef,omitempty"`
	// The current state of the tailored profile
	State        TailoredProfileState `json:"state,omitempty"`
	ErrorMessage string               `json:"errorMessage,omitempty"`
	Warnings     string               `json:"warnings,omitempty"`
}

TailoredProfileStatus defines the observed state of TailoredProfile

func (*TailoredProfileStatus) DeepCopy 

func (in *TailoredProfileStatus) DeepCopy() *TailoredProfileStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileStatus.

func (*TailoredProfileStatus) DeepCopyInto 

func (in *TailoredProfileStatus) DeepCopyInto(out *TailoredProfileStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TailoringConfigMapRef 

type TailoringConfigMapRef struct {
	// Name of the ConfigMap being referenced
	Name string `json:"name"`
}

TailoringConfigMapRef is a reference to a ConfigMap that contains the tailoring file. It assumes a key called `tailoring.xml` which will have the tailoring contents.

func (*TailoringConfigMapRef) DeepCopy 

func (in *TailoringConfigMapRef) DeepCopy() *TailoringConfigMapRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoringConfigMapRef.

func (*TailoringConfigMapRef) DeepCopyInto 

func (in *TailoringConfigMapRef) DeepCopyInto(out *TailoringConfigMapRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ValueSelection 

type ValueSelection struct {
	// The string description of the selection
	Description string `json:"description,omitempty"`
	// The value of the variable
	Value string `json:"value,omitempty"`
}

func (*ValueSelection) DeepCopy 

func (in *ValueSelection) DeepCopy() *ValueSelection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueSelection.

func (*ValueSelection) DeepCopyInto 

func (in *ValueSelection) DeepCopyInto(out *ValueSelection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Variable 

type Variable struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	VariablePayload `json:",inline"`
}

Variable describes a tunable in the XCCDF profile +kubebuilder:resource:path=variables,scope=Namespaced,shortName=var

func (*Variable) DeepCopy 

func (in *Variable) DeepCopy() *Variable

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Variable.

func (*Variable) DeepCopyInto 

func (in *Variable) DeepCopyInto(out *Variable)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Variable) DeepCopyObject 

func (in *Variable) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Variable) SetValue 

func (v *Variable) SetValue(val string) error

type VariableList 

type VariableList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Variable `json:"items"`
}

VariableList contains a list of Variable

func (*VariableList) DeepCopy 

func (in *VariableList) DeepCopy() *VariableList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariableList.

func (*VariableList) DeepCopyInto 

func (in *VariableList) DeepCopyInto(out *VariableList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VariableList) DeepCopyObject 

func (in *VariableList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VariablePayload 

type VariablePayload struct {

	// the ID of the variable
	ID string `json:"id"`
	// The title of the Variable
	Title string `json:"title"`
	// The description of the Variable
	Description string `json:"description,omitempty"`
	// The type of the variable
	Type VariableType `json:"type"`
	// The value of the variable
	Value string `json:"value,omitempty"`
	// Enumerates what values are allowed for this variable. Can be empty.
	// +optional
	// +nullable
	// +listType=atomic
	Selections []ValueSelection `json:"selections,omitempty"`
}

func (*VariablePayload) DeepCopy 

func (in *VariablePayload) DeepCopy() *VariablePayload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariablePayload.

func (*VariablePayload) DeepCopyInto 

func (in *VariablePayload) DeepCopyInto(out *VariablePayload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VariableType 

type VariableType string

+kubebuilder:validation:Enum=number;bool;string

type VariableValueSpec 

type VariableValueSpec struct {
	// Name of the variable that's being referenced
	Name string `json:"name"`
	// Rationale of why this value is being tailored
	Rationale string `json:"rationale"`
	// Value of the variable being set
	Value string `json:"value"`
}

ValueReferenceSpec specifies a value to be set for a variable with a reason why

func (*VariableValueSpec) DeepCopy 

func (in *VariableValueSpec) DeepCopy() *VariableValueSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariableValueSpec.

func (*VariableValueSpec) DeepCopyInto 

func (in *VariableValueSpec) DeepCopyInto(out *VariableValueSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.