v1beta1

package
v0.5.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 9, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package v1beta1 contains API Schema definitions for the varmor v1beta1 API group +kubebuilder:object:generate=true +groupName=crd.varmor.org

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "crd.varmor.org", Version: "v1beta1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = GroupVersion

SchemeGroupVersion is group version used to register these objects.

Functions

func Resource 

func Resource(resource string) schema.GroupResource

Types

type AppArmor added in v0.5.6 

type AppArmor struct {
	Profiles     []string  `json:"profiles,omitempty"`
	Executions   []string  `json:"executions,omitempty"`
	Files        []File    `json:"files,omitempty"`
	Capabilities []string  `json:"capabilities,omitempty"`
	Networks     []Network `json:"networks,omitempty"`
	Ptraces      []Ptrace  `json:"ptraces,omitempty"`
	Signals      []Signal  `json:"signals,omitempty"`
	Unhandled    []string  `json:"unhandled,omitempty"`
}

func (*AppArmor) DeepCopy added in v0.5.6 

func (in *AppArmor) DeepCopy() *AppArmor

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppArmor.

func (*AppArmor) DeepCopyInto added in v0.5.6 

func (in *AppArmor) DeepCopyInto(out *AppArmor)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ArmorProfile 

type ArmorProfile struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ArmorProfileSpec   `json:"spec"`
	Status ArmorProfileStatus `json:"status,omitempty"`
}

ArmorProfile is the Schema for the armorprofiles API

func (*ArmorProfile) DeepCopy 

func (in *ArmorProfile) DeepCopy() *ArmorProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfile.

func (*ArmorProfile) DeepCopyInto 

func (in *ArmorProfile) DeepCopyInto(out *ArmorProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ArmorProfile) DeepCopyObject 

func (in *ArmorProfile) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ArmorProfileCondition 

type ArmorProfileCondition struct {
	// Type of ArmorProfile condition.
	Type ArmorProfileConditionType `json:"type"`
	// Status of the condition, one of True, False, Unknown.
	Status v1.ConditionStatus `json:"status"`
	// Last time the condition transitioned from one status to another.
	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
	// The reason for the condition's last transition.
	// +optional
	Reason string `json:"reason,omitempty"`
	// A human readable message indicating details about the transition.
	// +optional
	Message  string `json:"message,omitempty"`
	NodeName string `json:"nodeName"`
}

func (*ArmorProfileCondition) DeepCopy 

func (in *ArmorProfileCondition) DeepCopy() *ArmorProfileCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileCondition.

func (*ArmorProfileCondition) DeepCopyInto 

func (in *ArmorProfileCondition) DeepCopyInto(out *ArmorProfileCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ArmorProfileConditionType 

type ArmorProfileConditionType string

type ArmorProfileList 

type ArmorProfileList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ArmorProfile `json:"items"`
}

ArmorProfileList contains a list of ArmorProfile

func (*ArmorProfileList) DeepCopy 

func (in *ArmorProfileList) DeepCopy() *ArmorProfileList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileList.

func (*ArmorProfileList) DeepCopyInto 

func (in *ArmorProfileList) DeepCopyInto(out *ArmorProfileList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ArmorProfileList) DeepCopyObject 

func (in *ArmorProfileList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ArmorProfileModel 

type ArmorProfileModel struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Data   ArmorProfileModelData   `json:"data"`
	Status ArmorProfileModelStatus `json:"status,omitempty"`
}

ArmorProfileModel is the Schema for the armorprofilemodels API

func (*ArmorProfileModel) DeepCopy 

func (in *ArmorProfileModel) DeepCopy() *ArmorProfileModel

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModel.

func (*ArmorProfileModel) DeepCopyInto 

func (in *ArmorProfileModel) DeepCopyInto(out *ArmorProfileModel)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ArmorProfileModel) DeepCopyObject 

func (in *ArmorProfileModel) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ArmorProfileModelCondition 

type ArmorProfileModelCondition struct {
	// Type of ArmorProfile condition.
	Type ArmorProfileModelConditionType `json:"type"`
	// Status of the condition, one of True, False, Unknown.
	Status v1.ConditionStatus `json:"status"`
	// Last time the condition transitioned from one status to another.
	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
	// The reason for the condition's last transition.
	// +optional
	Reason string `json:"reason,omitempty"`
	// A human readable message indicating details about the transition.
	// +optional
	Message  string `json:"message,omitempty"`
	NodeName string `json:"nodeName"`
}

func (*ArmorProfileModelCondition) DeepCopy 

func (in *ArmorProfileModelCondition) DeepCopy() *ArmorProfileModelCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModelCondition.

func (*ArmorProfileModelCondition) DeepCopyInto 

func (in *ArmorProfileModelCondition) DeepCopyInto(out *ArmorProfileModelCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ArmorProfileModelConditionType 

type ArmorProfileModelConditionType string

type ArmorProfileModelData added in v0.5.6 

type ArmorProfileModelData struct {
	DynamicResult DynamicResult `json:"dynamicResult,omitempty"`
	StaticResult  StaticResult  `json:"staticResult,omitempty"`
	Profile       Profile       `json:"profile,omitempty"`
}

ArmorProfileModelData defines the behavior model and the profile

func (*ArmorProfileModelData) DeepCopy added in v0.5.6 

func (in *ArmorProfileModelData) DeepCopy() *ArmorProfileModelData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModelData.

func (*ArmorProfileModelData) DeepCopyInto added in v0.5.6 

func (in *ArmorProfileModelData) DeepCopyInto(out *ArmorProfileModelData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ArmorProfileModelList 

type ArmorProfileModelList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ArmorProfileModel `json:"items"`
}

ArmorProfileModelList contains a list of ArmorProfileModel

func (*ArmorProfileModelList) DeepCopy 

func (in *ArmorProfileModelList) DeepCopy() *ArmorProfileModelList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModelList.

func (*ArmorProfileModelList) DeepCopyInto 

func (in *ArmorProfileModelList) DeepCopyInto(out *ArmorProfileModelList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ArmorProfileModelList) DeepCopyObject 

func (in *ArmorProfileModelList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ArmorProfileModelStatus 

type ArmorProfileModelStatus struct {
	DesiredNumber   int `json:"desiredNumber,omitempty"`
	CompletedNumber int `json:"completedNumber,omitempty"`
	// It indicate whether the AppArmor Profile for target is built successfully
	Ready      bool                         `json:"ready"`
	Conditions []ArmorProfileModelCondition `json:"conditions,omitempty"`
}

ArmorProfileModelStatus defines the observed state of ArmorProfileModel

func (*ArmorProfileModelStatus) DeepCopy 

func (in *ArmorProfileModelStatus) DeepCopy() *ArmorProfileModelStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModelStatus.

func (*ArmorProfileModelStatus) DeepCopyInto 

func (in *ArmorProfileModelStatus) DeepCopyInto(out *ArmorProfileModelStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ArmorProfileSpec 

type ArmorProfileSpec struct {
	Target                  Target           `json:"target,omitempty"`
	Profile                 Profile          `json:"profile"`
	BehaviorModeling        BehaviorModeling `json:"behaviorModeling"`
	UpdateExistingWorkloads bool             `json:"updateExistingWorkloads"`
}

ArmorProfileSpec defines the desired state of ArmorProfile

func (*ArmorProfileSpec) DeepCopy 

func (in *ArmorProfileSpec) DeepCopy() *ArmorProfileSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileSpec.

func (*ArmorProfileSpec) DeepCopyInto 

func (in *ArmorProfileSpec) DeepCopyInto(out *ArmorProfileSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ArmorProfileStatus 

type ArmorProfileStatus struct {
	DesiredNumberLoaded int                     `json:"desiredNumberLoaded"`
	CurrentNumberLoaded int                     `json:"currentNumberLoaded"`
	Conditions          []ArmorProfileCondition `json:"conditions,omitempty"`
}

ArmorProfileStatus defines the observed state of ArmorProfile

func (*ArmorProfileStatus) DeepCopy 

func (in *ArmorProfileStatus) DeepCopy() *ArmorProfileStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileStatus.

func (*ArmorProfileStatus) DeepCopyInto 

func (in *ArmorProfileStatus) DeepCopyInto(out *ArmorProfileStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttackProtectionRules 

type AttackProtectionRules struct {
	// Rules is the list of built-in attack protection rules to be used.
	Rules []string `json:"rules"`
	// Targets are used to specify the workloads to which the policy applies. They must be specified as full paths to executable files,
	// and this feature is only effective when using AppArmor as the enforcer.
	// +optional
	Targets []string `json:"targets,omitempty"`
}

func (*AttackProtectionRules) DeepCopy 

func (in *AttackProtectionRules) DeepCopy() *AttackProtectionRules

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttackProtectionRules.

func (*AttackProtectionRules) DeepCopyInto 

func (in *AttackProtectionRules) DeepCopyInto(out *AttackProtectionRules)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BehaviorModeling 

type BehaviorModeling struct {
	// Enable is the switch for modeling
	Enable bool `json:"enable"`
	// Duration is the duration in minutes to modeling
	Duration int `json:"duration"`
}

func (*BehaviorModeling) DeepCopy 

func (in *BehaviorModeling) DeepCopy() *BehaviorModeling

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BehaviorModeling.

func (*BehaviorModeling) DeepCopyInto 

func (in *BehaviorModeling) DeepCopyInto(out *BehaviorModeling)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BpfContent 

type BpfContent struct {
	Capabilities uint64           `json:"capabilities,omitempty"`
	Files        []FileContent    `json:"files,omitempty"`
	Processes    []FileContent    `json:"processes,omitempty"`
	Networks     []NetworkContent `json:"networks,omitempty"`
	Ptrace       *PtraceContent   `json:"ptrace,omitempty"`
	Mounts       []MountContent   `json:"mounts,omitempty"`
}

func (*BpfContent) DeepCopy 

func (in *BpfContent) DeepCopy() *BpfContent

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfContent.

func (*BpfContent) DeepCopyInto 

func (in *BpfContent) DeepCopyInto(out *BpfContent)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BpfRawRules 

type BpfRawRules struct {
	Files     []FileRule  `json:"files,omitempty"`
	Processes []FileRule  `json:"processes,omitempty"`
	Network   NetworkRule `json:"network,omitempty"`
	Ptrace    PtraceRule  `json:"ptrace,omitempty"`
	Mounts    []MountRule `json:"mounts,omitempty"`
}

func (*BpfRawRules) DeepCopy 

func (in *BpfRawRules) DeepCopy() *BpfRawRules

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfRawRules.

func (*BpfRawRules) DeepCopyInto 

func (in *BpfRawRules) DeepCopyInto(out *BpfRawRules)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DynamicResult 

type DynamicResult struct {
	AppArmor AppArmor `json:"apparmor,omitempty"`
	Seccomp  Seccomp  `json:"seccomp,omitempty"`
}

func (*DynamicResult) DeepCopy 

func (in *DynamicResult) DeepCopy() *DynamicResult

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicResult.

func (*DynamicResult) DeepCopyInto 

func (in *DynamicResult) DeepCopyInto(out *DynamicResult)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnhanceProtect 

type EnhanceProtect struct {
	// HardeningRules are used to specify the built-in hardening rules
	// +optional
	HardeningRules []string `json:"hardeningRules,omitempty"`
	// AttackProtectionRules are used to specify the built-in attack protection rules
	// +optional
	AttackProtectionRules []AttackProtectionRules `json:"attackProtectionRules,omitempty"`
	// VulMitigationRules are used to specify the built-in vulnerability mitigation rules
	// +optional
	VulMitigationRules []string `json:"vulMitigationRules,omitempty"`
	// AppArmorRawRules is used to set native AppArmor rules, each rule must end with a comma
	// +optional
	AppArmorRawRules []string `json:"appArmorRawRules,omitempty"`
	// BpfRawRules is used to set native BPF rules
	// +optional
	BpfRawRules BpfRawRules `json:"bpfRawRules,omitempty"`
	// SyscallRawRules is used to set the syscalls blocklist rules with Seccomp enforcer.
	// +optional
	SyscallRawRules []specs.LinuxSyscall `json:"syscallRawRules,omitempty"`
	// Privileged is used to identify whether the policy is for the privileged container.
	// If set to `nil` or `false`, the EnhanceProtect mode will build AppArmor or BPF profile on
	// top of the RuntimeDefault mode. Otherwise, it will build AppArmor or BPF profile on top of the AlwaysAllow mode.
	// Default is false.
	//
	// Note:
	// If set to `true`, vArmor will not build Seccomp profile for the target workloads.
	// +optional
	Privileged bool `json:"privileged,omitempty"`
	// AuditViolations determines whether to audit the actions that violate the mandatory access
	// control rules. Currently, this feature supports only the AppArmor enforcer. Any detected
	// violation will be logged to the system's audit file. If you are using syslog or rsyslog,
	// the default log path is `/var/log/kern.log`.
	//
	// Default is false.
	// +optional
	AuditViolations bool `json:"auditViolations,omitempty"`
}

func (*EnhanceProtect) DeepCopy 

func (in *EnhanceProtect) DeepCopy() *EnhanceProtect

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnhanceProtect.

func (*EnhanceProtect) DeepCopyInto 

func (in *EnhanceProtect) DeepCopyInto(out *EnhanceProtect)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type File 

type File struct {
	Path        string   `json:"path"`
	Owner       bool     `json:"owner"`
	Permissions []string `json:"permissions"`
	OldPath     string   `json:"oldPath"`
}

func (*File) DeepCopy 

func (in *File) DeepCopy() *File

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new File.

func (*File) DeepCopyInto 

func (in *File) DeepCopyInto(out *File)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FileContent 

type FileContent struct {
	Permissions uint32      `json:"permissions"`
	Pattern     PathPattern `json:"pattern"`
}

func (*FileContent) DeepCopy 

func (in *FileContent) DeepCopy() *FileContent

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileContent.

func (*FileContent) DeepCopyInto 

func (in *FileContent) DeepCopyInto(out *FileContent)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FileRule 

type FileRule struct {
	// Pattern can be any string (maximum length 128 bytes) that conforms to the policy syntax, used for matching file paths and filenames
	Pattern string `json:"pattern"`
	// Permissions are used to specify the file permissions to be disabled.
	Permissions []string `json:"permissions"`
}

func (*FileRule) DeepCopy 

func (in *FileRule) DeepCopy() *FileRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileRule.

func (*FileRule) DeepCopyInto 

func (in *FileRule) DeepCopyInto(out *FileRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ModelingOptions added in v0.5.5 

type ModelingOptions struct {
	// Duration is the duration in minutes to modeling
	Duration int `json:"duration"`
}

func (*ModelingOptions) DeepCopy added in v0.5.5 

func (in *ModelingOptions) DeepCopy() *ModelingOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModelingOptions.

func (*ModelingOptions) DeepCopyInto added in v0.5.5 

func (in *ModelingOptions) DeepCopyInto(out *ModelingOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MountContent added in v0.5.4 

type MountContent struct {
	MountFlags        uint32      `json:"mountFlags"`
	ReverseMountflags uint32      `json:"reverseMountflags"`
	Fstype            string      `json:"fstype"`
	Pattern           PathPattern `json:"pattern"`
}

func (*MountContent) DeepCopy added in v0.5.4 

func (in *MountContent) DeepCopy() *MountContent

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MountContent.

func (*MountContent) DeepCopyInto added in v0.5.4 

func (in *MountContent) DeepCopyInto(out *MountContent)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MountRule added in v0.5.4 

type MountRule struct {
	// SourcePattern can be any string (maximum length 128 bytes) that conforms to the policy syntax, used for matching file paths and filenames
	SourcePattern string `json:"sourcePattern"`
	// Fstype is used to specify the type of filesystem to enforce. It can be '*' to match any type.
	Fstype string `json:"fstype"`
	// Flags are used to specify the mount flags to enforce. They are almost the same as the 'MOUNT FLAGS LIST' of AppArmor.
	//
	// Available values:
	//
	//       All Flags: all
	//   Command Flags: ro(r, read-only), rw(w), suid, nosuid, dev, nodev, exec, noexec,
	//                  sync, async, mand, nomand, dirsync, atime, noatime, diratime, nodiratime,
	//                  silent, loud, relatime, norelatime, iversion, noiversion, strictatime,
	//                  nostrictatime
	//   Generic Flags: remount, bind(B), move(M), rbind(R), make-unbindable, make-private(private),
	//                  make-slave(slave), make-shared(shared), make-runbindable, make-rprivate,
	//                  make-rslave, make-rshared
	//     Other Flags: umount
	//
	Flags []string `json:"flags"`
}

func (*MountRule) DeepCopy added in v0.5.4 

func (in *MountRule) DeepCopy() *MountRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MountRule.

func (*MountRule) DeepCopyInto added in v0.5.4 

func (in *MountRule) DeepCopyInto(out *MountRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Network 

type Network struct {
	Family   string `json:"family"`
	SockType string `json:"sockType"`
	Protocol string `json:"protocol"`
}

func (*Network) DeepCopy 

func (in *Network) DeepCopy() *Network

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Network.

func (*Network) DeepCopyInto 

func (in *Network) DeepCopyInto(out *Network)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkContent 

type NetworkContent struct {
	Flags   uint32 `json:"flags"`
	Address string `json:"address,omitempty"`
	CIDR    string `json:"cidr,omitempty"`
	Port    uint32 `json:"port,omitempty"`
}

func (*NetworkContent) DeepCopy 

func (in *NetworkContent) DeepCopy() *NetworkContent

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkContent.

func (*NetworkContent) DeepCopyInto 

func (in *NetworkContent) DeepCopyInto(out *NetworkContent)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkEgressRule 

type NetworkEgressRule struct {
	// IPBlock defines policy on a particular IPBlock with CIDR. If this field is set then neither of the IP field can be.
	// +optional
	IPBlock string `json:"ipBlock,omitempty"`
	// IP defines policy on a particular IP. If this field is set then neither of the IPBlock field can be.
	// +optional
	IP string `json:"ip,omitempty"`
	// Port defines policy on a particular port. If this field is zero or missing, this rule matches all ports.
	// +optional
	Port int `json:"port,omitempty"`
}

func (*NetworkEgressRule) DeepCopy 

func (in *NetworkEgressRule) DeepCopy() *NetworkEgressRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkEgressRule.

func (*NetworkEgressRule) DeepCopyInto 

func (in *NetworkEgressRule) DeepCopyInto(out *NetworkEgressRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkRule 

type NetworkRule struct {
	// Egresses are the list of egress rules to be applied to restrict particular IPs and ports.
	Egresses []NetworkEgressRule `json:"egresses"`
}

func (*NetworkRule) DeepCopy 

func (in *NetworkRule) DeepCopy() *NetworkRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRule.

func (*NetworkRule) DeepCopyInto 

func (in *NetworkRule) DeepCopyInto(out *NetworkRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PathPattern added in v0.5.4 

type PathPattern struct {
	Flags  uint32 `json:"flags"`
	Prefix string `json:"prefix,omitempty"`
	Suffix string `json:"suffix,omitempty"`
}

func (*PathPattern) DeepCopy added in v0.5.4 

func (in *PathPattern) DeepCopy() *PathPattern

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PathPattern.

func (*PathPattern) DeepCopyInto added in v0.5.4 

func (in *PathPattern) DeepCopyInto(out *PathPattern)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Policy 

type Policy struct {
	// Enforcer is used to specify which LSM to use for mandatory access control.
	// Available values: AppArmor, BPF, Seccomp, AppArmorBPF, AppArmorSeccomp, BPFSeccomp, AppArmorBPFSeccomp
	Enforcer string `json:"enforcer"`
	// Available values: AlwaysAllow, RuntimeDefault, EnhanceProtect, BehaviorModeling, DefenseInDepth
	//
	// Note:
	// BehaviorModeling and DefenseInDepth modes are experimental features and currently only work
	// with AppArmor/Seccomp/AppArmorSeccomp enforcers.
	Mode VarmorPolicyMode `json:"mode"`
	// EnhanceProtect is used to specify which built-in or custom rules are employed to protect the target workloads.
	// +optional
	EnhanceProtect EnhanceProtect `json:"enhanceProtect,omitempty"`
	// ModelingOptions is used for the modeling settings.
	// +optional
	ModelingOptions ModelingOptions `json:"modelingOptions,omitempty"`
}

func (*Policy) DeepCopy 

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto 

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Profile 

type Profile struct {
	Name           string      `json:"name"`
	Enforcer       string      `json:"enforcer"`
	Mode           string      `json:"mode"`
	Content        string      `json:"content,omitempty"`
	BpfContent     *BpfContent `json:"bpfContent,omitempty"`
	SeccompContent string      `json:"seccompContent,omitempty"`
}

func (*Profile) DeepCopy 

func (in *Profile) DeepCopy() *Profile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Profile.

func (*Profile) DeepCopyInto 

func (in *Profile) DeepCopyInto(out *Profile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Ptrace 

type Ptrace struct {
	Peer        string   `json:"peer"`
	Permissions []string `json:"permissions"`
}

func (*Ptrace) DeepCopy 

func (in *Ptrace) DeepCopy() *Ptrace

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ptrace.

func (*Ptrace) DeepCopyInto 

func (in *Ptrace) DeepCopyInto(out *Ptrace)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PtraceContent added in v0.5.3 

type PtraceContent struct {
	Permissions uint32 `json:"permissions,omitempty"`
	Flags       uint32 `json:"flags,omitempty"`
}

func (*PtraceContent) DeepCopy added in v0.5.3 

func (in *PtraceContent) DeepCopy() *PtraceContent

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PtraceContent.

func (*PtraceContent) DeepCopyInto added in v0.5.3 

func (in *PtraceContent) DeepCopyInto(out *PtraceContent)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PtraceRule added in v0.5.3 

type PtraceRule struct {
	// StrictMode is used to indicate whether to restrict ptrace permissions for all source and destination processes.
	// Default is false.
	// If set to false, it restricts ptrace-related permissions only for processes in other containers.
	// If set to true, it restricts ptrace-related permissions for all processes, except those within the init mnt namespace.
	// +optional
	StrictMode bool `json:"strictMode,omitempty"`
	// Permissions are used to indicate which ptrace-related permissions of the target container should be restricted.
	// Available values: trace, traceby, read, readby.
	//
	// trace, traceby
	//
	//    For "write" operations, or other operations that are more dangerous, such as: ptrace attaching (PTRACE_ATTACH) to
	//    another process or calling process_vm_writev(2).
	//
	// read, readby
	//
	//    For "read" operations or other operations that are less dangerous, such as: get_robust_list(2); kcmp(2); reading
	//    /proc/pid/auxv, /proc/pid/environ, or /proc/pid/stat; or readlink(2) of a /proc/pid/ns/* file.
	//
	Permissions []string `json:"permissions"`
}

func (*PtraceRule) DeepCopy added in v0.5.3 

func (in *PtraceRule) DeepCopy() *PtraceRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PtraceRule.

func (*PtraceRule) DeepCopyInto added in v0.5.3 

func (in *PtraceRule) DeepCopyInto(out *PtraceRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Seccomp added in v0.5.6 

type Seccomp struct {
	Syscalls []string `json:"syscalls,omitempty"`
}

func (*Seccomp) DeepCopy added in v0.5.6 

func (in *Seccomp) DeepCopy() *Seccomp

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Seccomp.

func (*Seccomp) DeepCopyInto added in v0.5.6 

func (in *Seccomp) DeepCopyInto(out *Seccomp)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Signal 

type Signal struct {
	Peer        string   `json:"peer"`
	Permissions []string `json:"permissions"`
	Signals     []string `json:"signals"`
}

func (*Signal) DeepCopy 

func (in *Signal) DeepCopy() *Signal

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Signal.

func (*Signal) DeepCopyInto 

func (in *Signal) DeepCopyInto(out *Signal)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StaticResult 

type StaticResult struct {
}

func (*StaticResult) DeepCopy 

func (in *StaticResult) DeepCopy() *StaticResult

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticResult.

func (*StaticResult) DeepCopyInto 

func (in *StaticResult) DeepCopyInto(out *StaticResult)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Target 

type Target struct {
	// Kind is used to specify the type of workloads for the protection targets.
	// Available values: Deployment, StatefulSet, DaemonSet, Pod.
	Kind string `json:"kind"`
	// Name is used to specify a specific workload name. Note that the name field and selector field are mutually exclusive.
	// +optional
	Name string `json:"name,omitempty"`
	// Containers are used to specify the names of the protected containers. If it is empty, sandbox protection
	// will be enabled for all containers within the workload (excluding initContainers and ephemeralContainers).
	// +optional
	Containers []string `json:"containers,omitempty"`
	// LabelSelector is used to match workloads that meet the specified conditions
	//
	// Note:
	// The type of workloads is determined by the KIND field.
	// +optional
	Selector *metav1.LabelSelector `json:"selector,omitempty"`
}

Target Structure

func (*Target) DeepCopy 

func (in *Target) DeepCopy() *Target

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Target.

func (*Target) DeepCopyInto 

func (in *Target) DeepCopyInto(out *Target)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VarmorClusterPolicy added in v0.5.4 

type VarmorClusterPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VarmorPolicySpec   `json:"spec"`
	Status VarmorPolicyStatus `json:"status,omitempty"`
}

VarmorClusterPolicy is the Schema for the varmorclusterpolicies API

func (*VarmorClusterPolicy) DeepCopy added in v0.5.4 

func (in *VarmorClusterPolicy) DeepCopy() *VarmorClusterPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorClusterPolicy.

func (*VarmorClusterPolicy) DeepCopyInto added in v0.5.4 

func (in *VarmorClusterPolicy) DeepCopyInto(out *VarmorClusterPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VarmorClusterPolicy) DeepCopyObject added in v0.5.4 

func (in *VarmorClusterPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VarmorClusterPolicyList added in v0.5.4 

type VarmorClusterPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VarmorClusterPolicy `json:"items"`
}

VarmorClusterPolicyList contains a list of VarmorClusterPolicy

func (*VarmorClusterPolicyList) DeepCopy added in v0.5.4 

func (in *VarmorClusterPolicyList) DeepCopy() *VarmorClusterPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorClusterPolicyList.

func (*VarmorClusterPolicyList) DeepCopyInto added in v0.5.4 

func (in *VarmorClusterPolicyList) DeepCopyInto(out *VarmorClusterPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VarmorClusterPolicyList) DeepCopyObject added in v0.5.4 

func (in *VarmorClusterPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VarmorPolicy 

type VarmorPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VarmorPolicySpec   `json:"spec"`
	Status VarmorPolicyStatus `json:"status,omitempty"`
}

VarmorPolicy is the Schema for the varmorpolicies API

func (*VarmorPolicy) DeepCopy 

func (in *VarmorPolicy) DeepCopy() *VarmorPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicy.

func (*VarmorPolicy) DeepCopyInto 

func (in *VarmorPolicy) DeepCopyInto(out *VarmorPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VarmorPolicy) DeepCopyObject 

func (in *VarmorPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VarmorPolicyCondition 

type VarmorPolicyCondition struct {
	// Type of ArmorProfile condition.
	Type VarmorPolicyConditionType `json:"type"`
	// Status of the condition, one of True, False, Unknown.
	Status v1.ConditionStatus `json:"status"`
	// Last time the condition transitioned from one status to another.
	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
	// The reason for the condition's last transition.
	// +optional
	Reason string `json:"reason,omitempty"`
	// A human readable message indicating details about the transition.
	// +optional
	Message string `json:"message,omitempty"`
}

func (*VarmorPolicyCondition) DeepCopy 

func (in *VarmorPolicyCondition) DeepCopy() *VarmorPolicyCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicyCondition.

func (*VarmorPolicyCondition) DeepCopyInto 

func (in *VarmorPolicyCondition) DeepCopyInto(out *VarmorPolicyCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VarmorPolicyConditionType 

type VarmorPolicyConditionType string

type VarmorPolicyList 

type VarmorPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VarmorPolicy `json:"items"`
}

VarmorPolicyList contains a list of VarmorPolicy

func (*VarmorPolicyList) DeepCopy 

func (in *VarmorPolicyList) DeepCopy() *VarmorPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicyList.

func (*VarmorPolicyList) DeepCopyInto 

func (in *VarmorPolicyList) DeepCopyInto(out *VarmorPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VarmorPolicyList) DeepCopyObject 

func (in *VarmorPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VarmorPolicyMode 

type VarmorPolicyMode string

type VarmorPolicyPhase 

type VarmorPolicyPhase string

type VarmorPolicySpec 

type VarmorPolicySpec struct {

	// A label query over ArmorProfile that are managed by VarmorPolicy.
	// Must match in order to be controlled.
	// It must match the VarmorPolicy's labels.
	Target Target `json:"target"`
	Policy Policy `json:"policy"`
	// UpdateExistingWorkloads is used to indicate whether to perform a rolling update on target existing workloads,
	// thus enabling or disabling the protection of the target workloads when policies are created or deleted.
	// Default is false.
	//
	// Note:
	// vArmor only performs a rolling update on Deployment, StatefulSet, or DaemonSet type workloads.
	// If `.spec.target.kind` is Pod, you need to rebuild the Pod yourself to enable or disable protection.
	// +optional
	UpdateExistingWorkloads bool `json:"updateExistingWorkloads,omitempty"`
}

VarmorPolicySpec defines the desired state of VarmorPolicy or VarmorClusterPolicy

func (*VarmorPolicySpec) DeepCopy 

func (in *VarmorPolicySpec) DeepCopy() *VarmorPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicySpec.

func (*VarmorPolicySpec) DeepCopyInto 

func (in *VarmorPolicySpec) DeepCopyInto(out *VarmorPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VarmorPolicyStatus 

type VarmorPolicyStatus struct {
	ProfileName string `json:"profileName"`
	// Conditions
	Conditions []VarmorPolicyCondition `json:"conditions,omitempty"`
	// Ready is used to indicate whether the profile of policy is loaded.
	Ready bool `json:"ready"`
	// Phase is used to indicate the processing phase of the policy.
	// Possible values: Pending, Modeling, Completed, Protecting, Error.
	//
	// Note:
	// You can find out which varmor-agent has an error by reading the
	// ArmorProfile/status corresponding to the current VarmorPolicy
	Phase VarmorPolicyPhase `json:"phase,omitempty"`
}

VarmorPolicyStatus defines the observed state of VarmorPolicy or VarmorClusterPolicy

func (*VarmorPolicyStatus) DeepCopy 

func (in *VarmorPolicyStatus) DeepCopy() *VarmorPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicyStatus.

func (*VarmorPolicyStatus) DeepCopyInto 

func (in *VarmorPolicyStatus) DeepCopyInto(out *VarmorPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.