Documentation
¶
Overview ¶
Package v1 contains API Schema definitions for the policy v1 API group +kubebuilder:object:generate=true +groupName=policy.open-cluster-management.io
Index ¶
- Variables
- func RecordComplianceEvent(r record.EventRecorder, policy ObjectWithCompliance, msg string)
- type ComplianceState
- type NamespaceSelector
- type NonEmptyString
- type ObjectRef
- type ObjectWithCompliance
- type PolicyCore
- type PolicyCoreList
- type PolicyCoreSpec
- type PolicyCoreStatus
- type ReferenceMetadata
- type RelatedObject
- type RemediationAction
- type Severity
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "policy.open-cluster-management.io", Version: "v1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
func RecordComplianceEvent ¶
func RecordComplianceEvent(r record.EventRecorder, policy ObjectWithCompliance, msg string)
RecordComplianceEvent creates an event on the "parent" policy of the given object (found through ownerReferences, which is set by the policy framework) which can be recognized by the policy framework to update the parent policy's status. This is the way that compliance information gets sent to the hub. The provided message will be prepended with "Compliant; " or "NonCompliant; " as required by the policy framework. The record.EventRecorder needs access to create and update events, like the access given by this kubebuilder tag: `//+kubebuilder:rbac:groups="",resources=events,verbs=create;patch`
Types ¶
type ComplianceState ¶
type ComplianceState string
+kubebuilder:validation:Enum=Compliant;NonCompliant;UnknownCompliancy
const ( // Compliant is an ComplianceState Compliant ComplianceState = "Compliant" // NonCompliant is an ComplianceState NonCompliant ComplianceState = "NonCompliant" // UnknownCompliancy is an ComplianceState UnknownCompliancy ComplianceState = "UnknownCompliancy" )
type NamespaceSelector ¶
type NamespaceSelector struct {
Include []NonEmptyString `json:"include,omitempty"`
Exclude []NonEmptyString `json:"exclude,omitempty"`
}
+kubebuilder:validation:Required
func (*NamespaceSelector) DeepCopy ¶
func (in *NamespaceSelector) DeepCopy() *NamespaceSelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceSelector.
func (*NamespaceSelector) DeepCopyInto ¶
func (in *NamespaceSelector) DeepCopyInto(out *NamespaceSelector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (NamespaceSelector) GetNamespaces ¶
GetNamespaces fetches all namespaces in the cluster and returns a list of the namespaces that match the NamespaceSelector. The client.Reader needs access for viewing namespaces, like the access given by this kubebuilder tag: `//+kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch`
type ObjectRef ¶
type ObjectRef struct {
metav1.TypeMeta `json:",inline"`
Metadata ReferenceMetadata `json:"metadata,omitempty"`
}
func (*ObjectRef) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectRef.
func (*ObjectRef) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ObjectWithCompliance ¶
type ObjectWithCompliance interface {
client.Object
GetComplianceState() ComplianceState
}
ObjectWithCompliance contains the usual client.Object metadata interface, as well as a user-implemented method to get the compliance state, which is used when creating compliance events to propagate status back to the hub cluster.
type PolicyCore ¶
type PolicyCore struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec PolicyCoreSpec `json:"spec,omitempty"`
Status PolicyCoreStatus `json:"status,omitempty"`
}
PolicyCore is the Schema for the policycores API
func (*PolicyCore) DeepCopy ¶
func (in *PolicyCore) DeepCopy() *PolicyCore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyCore.
func (*PolicyCore) DeepCopyInto ¶
func (in *PolicyCore) DeepCopyInto(out *PolicyCore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PolicyCore) DeepCopyObject ¶
func (in *PolicyCore) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PolicyCoreList ¶
type PolicyCoreList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []PolicyCore `json:"items"`
}
PolicyCoreList contains a list of PolicyCore
func (*PolicyCoreList) DeepCopy ¶
func (in *PolicyCoreList) DeepCopy() *PolicyCoreList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyCoreList.
func (*PolicyCoreList) DeepCopyInto ¶
func (in *PolicyCoreList) DeepCopyInto(out *PolicyCoreList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PolicyCoreList) DeepCopyObject ¶
func (in *PolicyCoreList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PolicyCoreSpec ¶
type PolicyCoreSpec struct {
Severity Severity `json:"severity,omitempty"`
RemediationAction RemediationAction `json:"remediationAction,omitempty"`
NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"`
}
func (*PolicyCoreSpec) DeepCopy ¶
func (in *PolicyCoreSpec) DeepCopy() *PolicyCoreSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyCoreSpec.
func (*PolicyCoreSpec) DeepCopyInto ¶
func (in *PolicyCoreSpec) DeepCopyInto(out *PolicyCoreSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyCoreStatus ¶
type PolicyCoreStatus struct {
ComplianceState ComplianceState `json:"compliant,omitempty"`
RelatedObjects []RelatedObject `json:"relatedObjects,omitempty"`
}
func (*PolicyCoreStatus) DeepCopy ¶
func (in *PolicyCoreStatus) DeepCopy() *PolicyCoreStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyCoreStatus.
func (*PolicyCoreStatus) DeepCopyInto ¶
func (in *PolicyCoreStatus) DeepCopyInto(out *PolicyCoreStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ReferenceMetadata ¶
type ReferenceMetadata struct {
Name string `json:"name,omitempty"`
Namespace string `json:"namespace,omitempty"`
}
func (*ReferenceMetadata) DeepCopy ¶
func (in *ReferenceMetadata) DeepCopy() *ReferenceMetadata
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceMetadata.
func (*ReferenceMetadata) DeepCopyInto ¶
func (in *ReferenceMetadata) DeepCopyInto(out *ReferenceMetadata)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RelatedObject ¶
type RelatedObject struct {
Object ObjectRef `json:"object,omitempty"`
Compliant ComplianceState `json:"compliant,omitempty"`
Reason string `json:"reason,omitempty"`
}
func (*RelatedObject) DeepCopy ¶
func (in *RelatedObject) DeepCopy() *RelatedObject
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelatedObject.
func (*RelatedObject) DeepCopyInto ¶
func (in *RelatedObject) DeepCopyInto(out *RelatedObject)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (RelatedObject) SortString ¶
func (o RelatedObject) SortString() string
SortString returns a string which can help sort RelatedObjects.
type RemediationAction ¶
type RemediationAction string
+kubebuilder:validation:Enum=inform;enforce
const ( Inform RemediationAction = "inform" Enforce RemediationAction = "enforce" )
Source Files