Documentation
¶
Index ¶
- type ComplianceHistory
- type CompliancePerClusterStatus
- type ComplianceState
- type DetailsPerTemplate
- type NonEmptyString
- type Placement
- type PlacementDecision
- type Policy
- type PolicyDependency
- type PolicyList
- type PolicySet
- type PolicySetSpec
- type PolicySetStatus
- type PolicySetStatusPlacement
- type PolicySpec
- type PolicyStatus
- type PolicyTemplate
- type RemediationAction
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ComplianceHistory ¶
type ComplianceHistory struct {
LastTimestamp metav1.Time `json:"lastTimestamp,omitempty" protobuf:"bytes,7,opt,name=lastTimestamp"`
Message string `json:"message,omitempty" protobuf:"bytes,4,opt,name=message"`
EventName string `json:"eventName,omitempty"`
}
ComplianceHistory defines compliance details history
type CompliancePerClusterStatus ¶
type CompliancePerClusterStatus struct {
ComplianceState ComplianceState `json:"compliant,omitempty"`
ClusterName string `json:"clustername,omitempty"`
ClusterNamespace string `json:"clusternamespace,omitempty"`
}
CompliancePerClusterStatus defines compliance per cluster status
type ComplianceState ¶
type ComplianceState string
ComplianceState shows the state of enforcement
const ( // Compliant is a ComplianceState Compliant ComplianceState = "Compliant" // NonCompliant is a ComplianceState NonCompliant ComplianceState = "NonCompliant" // Pending is a ComplianceState Pending ComplianceState = "Pending" )
type DetailsPerTemplate ¶
type DetailsPerTemplate struct {
TemplateMeta metav1.ObjectMeta `json:"templateMeta,omitempty"`
ComplianceState ComplianceState `json:"compliant,omitempty"`
History []ComplianceHistory `json:"history,omitempty"`
}
DetailsPerTemplate defines compliance details and history
type NonEmptyString ¶
type NonEmptyString string
type Placement ¶
type Placement struct {
PlacementBinding string `json:"placementBinding,omitempty"`
PlacementRule string `json:"placementRule,omitempty"`
Placement string `json:"placement,omitempty"`
Decisions []PlacementDecision `json:"decisions,omitempty"`
PolicySet string `json:"policySet,omitempty"`
}
Placement defines the placement results
type PlacementDecision ¶
type PlacementDecision struct {
ClusterName string `json:"clusterName,omitempty"`
ClusterNamespace string `json:"clusterNamespace,omitempty"`
}
PlacementDecision defines the decision made by controller
type Policy ¶
type Policy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
Spec PolicySpec `json:"spec"`
Status PolicyStatus `json:"status,omitempty"`
}
Policy is the Schema for the policies API
func (*Policy) GetAnnotation ¶
func (*Policy) GetNamespace ¶
type PolicyDependency ¶
type PolicyDependency struct {
metav1.TypeMeta `json:",inline"`
// The name of the object to be checked
Name string `json:"name"`
// The namespace of the object to be checked (optional)
Namespace string `json:"namespace,omitempty"`
// The ComplianceState (at path .status.compliant) required before the policy should be created
Compliance ComplianceState `json:"compliance"`
}
Each PolicyDependency defines an object reference which must be in a certain compliance state before the policy should be created.
type PolicyList ¶
type PolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Policy `json:"items"`
}
PolicyList contains a list of Policy
type PolicySet ¶
type PolicySet struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec PolicySetSpec `json:"spec"`
Status PolicySetStatus `json:"status,omitempty"`
}
PolicySet is the Schema for the policysets API
func (*PolicySet) GetAnnotation ¶
func (*PolicySet) GetNamespace ¶
type PolicySetSpec ¶
type PolicySetSpec struct {
// Description of this PolicySet.
Description string `json:"description,omitempty"`
// Policies that are grouped together within the PolicySet.
Policies []NonEmptyString `json:"policies"`
}
PolicySetSpec describes a group of policies that are related and can be placed on the same managed clusters.
type PolicySetStatus ¶
type PolicySetStatus struct {
Placement []PolicySetStatusPlacement `json:"placement,omitempty"`
Compliant string `json:"compliant,omitempty"`
StatusMessage string `json:"statusMessage,omitempty"`
}
PolicySetStatus defines the observed state of PolicySet
type PolicySetStatusPlacement ¶
type PolicySetStatusPlacement struct {
PlacementBinding string `json:"placementBinding,omitempty"`
Placement string `json:"placement,omitempty"`
PlacementRule string `json:"placementRule,omitempty"`
}
PolicySetStatusPlacement defines a placement object for the status
type PolicySpec ¶
type PolicySpec struct {
// This provides the ability to enable and disable your policies.
Disabled bool `json:"disabled"`
// If set to true (default), all the policy's labels and annotations will be copied to the replicated policy.
// If set to false, only the policy framework specific policy labels and annotations will be copied to the
// replicated policy.
CopyPolicyMetadata *bool `json:"copyPolicyMetadata,omitempty"`
// This value (Enforce or Inform) will override the remediationAction on each template
RemediationAction RemediationAction `json:"remediationAction,omitempty"`
// Used to create one or more policies to apply to a managed cluster
PolicyTemplates []*PolicyTemplate `json:"policy-templates"`
// PolicyDependencies that apply to each template in this Policy
Dependencies []PolicyDependency `json:"dependencies,omitempty"`
}
PolicySpec defines the desired state of Policy
type PolicyStatus ¶
type PolicyStatus struct {
Placement []*Placement `json:"placement,omitempty"` // used by root policy
Status []*CompliancePerClusterStatus `json:"status,omitempty"` // used by root policy
// +kubebuilder:validation:Enum=Compliant;Pending;NonCompliant
ComplianceState ComplianceState `json:"compliant,omitempty"` // used by replicated policy
Details []*DetailsPerTemplate `json:"details,omitempty"` // used by replicated policy
}
PolicyStatus defines the observed state of Policy
type PolicyTemplate ¶
type PolicyTemplate struct {
// A Kubernetes object defining the policy to apply to a managed cluster
ObjectDefinition runtime.RawExtension `json:"objectDefinition"`
// Additional PolicyDependencies that only apply to this template
ExtraDependencies []PolicyDependency `json:"extraDependencies,omitempty"`
// Ignore this template's Pending status when calculating the overall Policy status
IgnorePending bool `json:"ignorePending,omitempty"`
}
PolicyTemplate template for custom security policy
type RemediationAction ¶
type RemediationAction string
RemediationAction describes weather to enforce or inform
const ( // Enforce is an remediationAction to make changes Enforce RemediationAction = "Enforce" // Inform is an remediationAction to only inform Inform RemediationAction = "Inform" )
Source Files
Click to show internal directories.
Click to hide internal directories.