v1beta1

package
v0.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 27, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package v1beta1 contains API Schema definitions for the varmor v1beta1 API group +kubebuilder:object:generate=true +groupName=crd.varmor.org

Index

Constants

This section is empty.

Variables

View Source
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "crd.varmor.org", Version: "v1beta1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = GroupVersion

SchemeGroupVersion is group version used to register these objects.

Functions

func Resource

func Resource(resource string) schema.GroupResource

Types

type AppArmor added in v0.5.6

type AppArmor struct {
	Profiles     []string  `json:"profiles,omitempty"`
	Executions   []string  `json:"executions,omitempty"`
	Files        []File    `json:"files,omitempty"`
	Capabilities []string  `json:"capabilities,omitempty"`
	Networks     []Network `json:"networks,omitempty"`
	Ptraces      []Ptrace  `json:"ptraces,omitempty"`
	Signals      []Signal  `json:"signals,omitempty"`
	Unhandled    []string  `json:"unhandled,omitempty"`
}

func (*AppArmor) DeepCopy added in v0.5.6

func (in *AppArmor) DeepCopy() *AppArmor

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppArmor.

func (*AppArmor) DeepCopyInto added in v0.5.6

func (in *AppArmor) DeepCopyInto(out *AppArmor)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ArmorProfile

type ArmorProfile struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ArmorProfileSpec   `json:"spec"`
	Status ArmorProfileStatus `json:"status,omitempty"`
}

ArmorProfile is the Schema for the armorprofiles API

func (*ArmorProfile) DeepCopy

func (in *ArmorProfile) DeepCopy() *ArmorProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfile.

func (*ArmorProfile) DeepCopyInto

func (in *ArmorProfile) DeepCopyInto(out *ArmorProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ArmorProfile) DeepCopyObject

func (in *ArmorProfile) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ArmorProfileCondition

type ArmorProfileCondition struct {
	// Type of ArmorProfile condition.
	Type ArmorProfileConditionType `json:"type"`
	// Status of the condition, one of True, False, Unknown.
	Status v1.ConditionStatus `json:"status"`
	// Last time the condition transitioned from one status to another.
	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
	// The reason for the condition's last transition.
	// +optional
	Reason string `json:"reason,omitempty"`
	// A human readable message indicating details about the transition.
	// +optional
	Message  string `json:"message,omitempty"`
	NodeName string `json:"nodeName"`
}

func (*ArmorProfileCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileCondition.

func (*ArmorProfileCondition) DeepCopyInto

func (in *ArmorProfileCondition) DeepCopyInto(out *ArmorProfileCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ArmorProfileConditionType

type ArmorProfileConditionType string

type ArmorProfileList

type ArmorProfileList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ArmorProfile `json:"items"`
}

ArmorProfileList contains a list of ArmorProfile

func (*ArmorProfileList) DeepCopy

func (in *ArmorProfileList) DeepCopy() *ArmorProfileList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileList.

func (*ArmorProfileList) DeepCopyInto

func (in *ArmorProfileList) DeepCopyInto(out *ArmorProfileList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ArmorProfileList) DeepCopyObject

func (in *ArmorProfileList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ArmorProfileModel

type ArmorProfileModel struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Data   ArmorProfileModelData   `json:"data"`
	Status ArmorProfileModelStatus `json:"status,omitempty"`
}

ArmorProfileModel is the Schema for the armorprofilemodels API

func (*ArmorProfileModel) DeepCopy

func (in *ArmorProfileModel) DeepCopy() *ArmorProfileModel

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModel.

func (*ArmorProfileModel) DeepCopyInto

func (in *ArmorProfileModel) DeepCopyInto(out *ArmorProfileModel)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ArmorProfileModel) DeepCopyObject

func (in *ArmorProfileModel) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ArmorProfileModelCondition

type ArmorProfileModelCondition struct {
	// Type of ArmorProfile condition.
	Type ArmorProfileModelConditionType `json:"type"`
	// Status of the condition, one of True, False, Unknown.
	Status v1.ConditionStatus `json:"status"`
	// Last time the condition transitioned from one status to another.
	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
	// The reason for the condition's last transition.
	// +optional
	Reason string `json:"reason,omitempty"`
	// A human readable message indicating details about the transition.
	// +optional
	Message  string `json:"message,omitempty"`
	NodeName string `json:"nodeName"`
}

func (*ArmorProfileModelCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModelCondition.

func (*ArmorProfileModelCondition) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ArmorProfileModelConditionType

type ArmorProfileModelConditionType string

type ArmorProfileModelData added in v0.5.6

type ArmorProfileModelData struct {
	DynamicResult DynamicResult `json:"dynamicResult,omitempty"`
	StaticResult  StaticResult  `json:"staticResult,omitempty"`
	Profile       Profile       `json:"profile,omitempty"`
}

ArmorProfileModelData defines the behavior model and the profile

func (*ArmorProfileModelData) DeepCopy added in v0.5.6

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModelData.

func (*ArmorProfileModelData) DeepCopyInto added in v0.5.6

func (in *ArmorProfileModelData) DeepCopyInto(out *ArmorProfileModelData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ArmorProfileModelList

type ArmorProfileModelList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ArmorProfileModel `json:"items"`
}

ArmorProfileModelList contains a list of ArmorProfileModel

func (*ArmorProfileModelList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModelList.

func (*ArmorProfileModelList) DeepCopyInto

func (in *ArmorProfileModelList) DeepCopyInto(out *ArmorProfileModelList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ArmorProfileModelList) DeepCopyObject

func (in *ArmorProfileModelList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ArmorProfileModelStatus

type ArmorProfileModelStatus struct {
	DesiredNumber   int `json:"desiredNumber,omitempty"`
	CompletedNumber int `json:"completedNumber,omitempty"`
	// It indicate whether the AppArmor Profile for target is built successfully
	Ready      bool                         `json:"ready"`
	Conditions []ArmorProfileModelCondition `json:"conditions,omitempty"`
}

ArmorProfileModelStatus defines the observed state of ArmorProfileModel

func (*ArmorProfileModelStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModelStatus.

func (*ArmorProfileModelStatus) DeepCopyInto

func (in *ArmorProfileModelStatus) DeepCopyInto(out *ArmorProfileModelStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ArmorProfileSpec

type ArmorProfileSpec struct {
	Target                  Target           `json:"target,omitempty"`
	Profile                 Profile          `json:"profile"`
	BehaviorModeling        BehaviorModeling `json:"behaviorModeling"`
	UpdateExistingWorkloads bool             `json:"updateExistingWorkloads"`
}

ArmorProfileSpec defines the desired state of ArmorProfile

func (*ArmorProfileSpec) DeepCopy

func (in *ArmorProfileSpec) DeepCopy() *ArmorProfileSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileSpec.

func (*ArmorProfileSpec) DeepCopyInto

func (in *ArmorProfileSpec) DeepCopyInto(out *ArmorProfileSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ArmorProfileStatus

type ArmorProfileStatus struct {
	DesiredNumberLoaded int                     `json:"desiredNumberLoaded"`
	CurrentNumberLoaded int                     `json:"currentNumberLoaded"`
	Conditions          []ArmorProfileCondition `json:"conditions,omitempty"`
}

ArmorProfileStatus defines the observed state of ArmorProfile

func (*ArmorProfileStatus) DeepCopy

func (in *ArmorProfileStatus) DeepCopy() *ArmorProfileStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileStatus.

func (*ArmorProfileStatus) DeepCopyInto

func (in *ArmorProfileStatus) DeepCopyInto(out *ArmorProfileStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttackProtectionRules

type AttackProtectionRules struct {
	// Rules is the list of built-in attack protection rules to be used.
	Rules []string `json:"rules"`
	// Targets specify the executable files to which the rules apply. They must be specified as full paths to the executable files.
	// This feature is only effective when using AppArmor as the enforcer
	// +optional
	Targets []string `json:"targets,omitempty"`
}

func (*AttackProtectionRules) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttackProtectionRules.

func (*AttackProtectionRules) DeepCopyInto

func (in *AttackProtectionRules) DeepCopyInto(out *AttackProtectionRules)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BehaviorModeling

type BehaviorModeling struct {
	// Enable is the switch for modeling
	Enable bool `json:"enable"`
	// Duration is the duration in minutes to modeling
	Duration int `json:"duration"`
}

func (*BehaviorModeling) DeepCopy

func (in *BehaviorModeling) DeepCopy() *BehaviorModeling

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BehaviorModeling.

func (*BehaviorModeling) DeepCopyInto

func (in *BehaviorModeling) DeepCopyInto(out *BehaviorModeling)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BpfContent

type BpfContent struct {
	Capabilities *CapabilitiesContent `json:"capabilities,omitempty"`
	Files        []FileContent        `json:"files,omitempty"`
	Processes    []FileContent        `json:"processes,omitempty"`
	Networks     []NetworkContent     `json:"networks,omitempty"`
	Ptrace       *PtraceContent       `json:"ptrace,omitempty"`
	Mounts       []MountContent       `json:"mounts,omitempty"`
}

func (*BpfContent) DeepCopy

func (in *BpfContent) DeepCopy() *BpfContent

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfContent.

func (*BpfContent) DeepCopyInto

func (in *BpfContent) DeepCopyInto(out *BpfContent)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BpfRawRules

type BpfRawRules struct {
	Files     []FileRule   `json:"files,omitempty"`
	Processes []FileRule   `json:"processes,omitempty"`
	Network   *NetworkRule `json:"network,omitempty"`
	Ptrace    *PtraceRule  `json:"ptrace,omitempty"`
	Mounts    []MountRule  `json:"mounts,omitempty"`
}

func (*BpfRawRules) DeepCopy

func (in *BpfRawRules) DeepCopy() *BpfRawRules

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfRawRules.

func (*BpfRawRules) DeepCopyInto

func (in *BpfRawRules) DeepCopyInto(out *BpfRawRules)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CapabilitiesContent added in v0.6.0

type CapabilitiesContent struct {
	Mode         uint32 `json:"mode,omitempty"`
	Capabilities uint64 `json:"capabilities"`
}

func (*CapabilitiesContent) DeepCopy added in v0.6.0

func (in *CapabilitiesContent) DeepCopy() *CapabilitiesContent

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilitiesContent.

func (*CapabilitiesContent) DeepCopyInto added in v0.6.0

func (in *CapabilitiesContent) DeepCopyInto(out *CapabilitiesContent)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DynamicResult

type DynamicResult struct {
	AppArmor *AppArmor `json:"apparmor,omitempty"`
	Seccomp  *Seccomp  `json:"seccomp,omitempty"`
}

func (*DynamicResult) DeepCopy

func (in *DynamicResult) DeepCopy() *DynamicResult

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicResult.

func (*DynamicResult) DeepCopyInto

func (in *DynamicResult) DeepCopyInto(out *DynamicResult)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnhanceProtect

type EnhanceProtect struct {
	// HardeningRules are used to specify the built-in hardening rules
	// +optional
	HardeningRules []string `json:"hardeningRules,omitempty"`
	// AttackProtectionRules are used to specify the built-in attack protection rules
	// +optional
	AttackProtectionRules []AttackProtectionRules `json:"attackProtectionRules,omitempty"`
	// VulMitigationRules are used to specify the built-in vulnerability mitigation rules
	// +optional
	VulMitigationRules []string `json:"vulMitigationRules,omitempty"`
	// AppArmorRawRules is used to set native AppArmor rules, each rule must end with a comma
	// +optional
	AppArmorRawRules []string `json:"appArmorRawRules,omitempty"`
	// BpfRawRules is used to set native BPF rules
	// +optional
	BpfRawRules *BpfRawRules `json:"bpfRawRules,omitempty"`
	// SyscallRawRules is used to set the syscalls blocklist rules with Seccomp enforcer.
	// +optional
	SyscallRawRules []specs.LinuxSyscall `json:"syscallRawRules,omitempty"`
	// Privileged is used to identify whether the policy is for the privileged container.
	// If set to `nil` or `false`, the EnhanceProtect mode will build AppArmor or BPF profile on
	// top of the RuntimeDefault mode. Otherwise, it will build AppArmor or BPF profile on top of the AlwaysAllow mode.
	// Default is false.
	//
	// Note:
	// If set to `true`, vArmor will not build Seccomp profile for the target workloads.
	// +optional
	Privileged bool `json:"privileged,omitempty"`
	// AuditViolations determines whether to audit the actions that violate the mandatory access
	// control rules. Currently, this feature supports AppArmor and BPF enforcers. Any detected
	// violation will be logged to `/var/log/varmor/violations.log` file in the host.
	//
	// Default is false.
	// +optional
	AuditViolations bool `json:"auditViolations,omitempty"`
}

func (*EnhanceProtect) DeepCopy

func (in *EnhanceProtect) DeepCopy() *EnhanceProtect

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnhanceProtect.

func (*EnhanceProtect) DeepCopyInto

func (in *EnhanceProtect) DeepCopyInto(out *EnhanceProtect)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type File

type File struct {
	Path        string   `json:"path"`
	Owner       bool     `json:"owner"`
	Permissions []string `json:"permissions"`
	OldPath     string   `json:"oldPath"`
}

func (*File) DeepCopy

func (in *File) DeepCopy() *File

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new File.

func (*File) DeepCopyInto

func (in *File) DeepCopyInto(out *File)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FileContent

type FileContent struct {
	Mode        uint32      `json:"mode,omitempty"`
	Permissions uint32      `json:"permissions"`
	Pattern     PathPattern `json:"pattern"`
}

func (*FileContent) DeepCopy

func (in *FileContent) DeepCopy() *FileContent

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileContent.

func (*FileContent) DeepCopyInto

func (in *FileContent) DeepCopyInto(out *FileContent)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FileRule

type FileRule struct {
	// Pattern can be any string (maximum length 128 bytes) that conforms to the policy syntax, used for matching file paths and filenames
	Pattern string `json:"pattern"`
	// Permissions are used to specify the file permissions to be disabled.
	//
	// Available values: all(*), read(r), write(w), exec(x), append(a)
	//
	Permissions []string `json:"permissions"`
}

func (*FileRule) DeepCopy

func (in *FileRule) DeepCopy() *FileRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileRule.

func (*FileRule) DeepCopyInto

func (in *FileRule) DeepCopyInto(out *FileRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ModelingOptions added in v0.5.5

type ModelingOptions struct {
	// Duration is the duration in minutes to modeling
	Duration int `json:"duration"`
}

func (*ModelingOptions) DeepCopy added in v0.5.5

func (in *ModelingOptions) DeepCopy() *ModelingOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModelingOptions.

func (*ModelingOptions) DeepCopyInto added in v0.5.5

func (in *ModelingOptions) DeepCopyInto(out *ModelingOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MountContent added in v0.5.4

type MountContent struct {
	Mode              uint32      `json:"mode,omitempty"`
	MountFlags        uint32      `json:"mountFlags"`
	ReverseMountflags uint32      `json:"reverseMountflags"`
	Pattern           PathPattern `json:"pattern"`
	Fstype            string      `json:"fstype"`
}

func (*MountContent) DeepCopy added in v0.5.4

func (in *MountContent) DeepCopy() *MountContent

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MountContent.

func (*MountContent) DeepCopyInto added in v0.5.4

func (in *MountContent) DeepCopyInto(out *MountContent)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MountRule added in v0.5.4

type MountRule struct {
	// SourcePattern can be any string (maximum length 128 bytes) that conforms to the policy syntax, used for matching file paths and filenames
	SourcePattern string `json:"sourcePattern"`
	// Fstype is used to specify the type of filesystem to enforce. It can be '*' to match any type.
	Fstype string `json:"fstype"`
	// Flags are used to specify the mount flags to enforce. They are almost the same as the 'MOUNT FLAGS LIST' of AppArmor.
	//
	// Available values:
	//       All Flags: all(*)
	//   Command Flags: ro(r, read-only), rw(w), suid, nosuid, dev, nodev, exec, noexec,
	//                  sync, async, mand, nomand, dirsync, atime, noatime, diratime, nodiratime,
	//                  silent, loud, relatime, norelatime, iversion, noiversion, strictatime,
	//                  nostrictatime
	//   Generic Flags: remount, bind(B), move(M), rbind(R), make-unbindable, make-private(private),
	//                  make-slave(slave), make-shared(shared), make-runbindable, make-rprivate,
	//                  make-rslave, make-rshared
	//     Other Flags: umount
	//
	Flags []string `json:"flags"`
}

func (*MountRule) DeepCopy added in v0.5.4

func (in *MountRule) DeepCopy() *MountRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MountRule.

func (*MountRule) DeepCopyInto added in v0.5.4

func (in *MountRule) DeepCopyInto(out *MountRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Network

type Network struct {
	Family   string `json:"family"`
	SockType string `json:"sockType"`
	Protocol string `json:"protocol"`
}

func (*Network) DeepCopy

func (in *Network) DeepCopy() *Network

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Network.

func (*Network) DeepCopyInto

func (in *Network) DeepCopyInto(out *Network)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkAddress added in v0.6.0

type NetworkAddress struct {
	IP   string `json:"ip,omitempty"`
	CIDR string `json:"cidr,omitempty"`
	Port uint32 `json:"port,omitempty"`
}

func (*NetworkAddress) DeepCopy added in v0.6.0

func (in *NetworkAddress) DeepCopy() *NetworkAddress

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkAddress.

func (*NetworkAddress) DeepCopyInto added in v0.6.0

func (in *NetworkAddress) DeepCopyInto(out *NetworkAddress)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkContent

type NetworkContent struct {
	Mode    uint32          `json:"mode,omitempty"`
	Flags   uint32          `json:"flags"`
	Socket  *NetworkSocket  `json:"socket,omitempty"`
	Address *NetworkAddress `json:"address,omitempty"`
}

func (*NetworkContent) DeepCopy

func (in *NetworkContent) DeepCopy() *NetworkContent

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkContent.

func (*NetworkContent) DeepCopyInto

func (in *NetworkContent) DeepCopyInto(out *NetworkContent)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkEgressRule

type NetworkEgressRule struct {
	// IPBlock defines policy on a particular IPBlock with CIDR.
	// +optional
	IPBlock string `json:"ipBlock,omitempty"`
	// IP defines policy on a particular IP. Note that the ip field and ipBlock field are mutually exclusive.
	// +optional
	IP string `json:"ip,omitempty"`
	// Port defines policy on a particular port. If this field is zero or missing, this rule matches all ports.
	// +optional
	Port int `json:"port,omitempty"`
}

func (*NetworkEgressRule) DeepCopy

func (in *NetworkEgressRule) DeepCopy() *NetworkEgressRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkEgressRule.

func (*NetworkEgressRule) DeepCopyInto

func (in *NetworkEgressRule) DeepCopyInto(out *NetworkEgressRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkRule

type NetworkRule struct {
	// Sockets are the list of socket rules to restrict all socket(2) operations.
	Sockets []NetworkSocketRule `json:"sockets,omitempty"`
	// Egresses are the list of egress rules to be applied to restrict particular IPs and ports.
	Egresses []NetworkEgressRule `json:"egresses,omitempty"`
}

func (*NetworkRule) DeepCopy

func (in *NetworkRule) DeepCopy() *NetworkRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRule.

func (*NetworkRule) DeepCopyInto

func (in *NetworkRule) DeepCopyInto(out *NetworkRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkSocket added in v0.6.0

type NetworkSocket struct {
	Domains   uint64 `json:"domains,omitempty"`
	Types     uint64 `json:"types,omitempty"`
	Protocols uint64 `json:"protocols,omitempty"`
}

func (*NetworkSocket) DeepCopy added in v0.6.0

func (in *NetworkSocket) DeepCopy() *NetworkSocket

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkSocket.

func (*NetworkSocket) DeepCopyInto added in v0.6.0

func (in *NetworkSocket) DeepCopyInto(out *NetworkSocket)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkSocketRule added in v0.6.0

type NetworkSocketRule struct {
	// Domains specifies the communication domains of socket.
	//
	// Available values:
	//       all(*), unix, inet, ax25, ipx, appletalk, netrom, bridge, atmpvc, x25,
	//       inet6, rose, netbeui, security, key, netlink, packet, ash, econet, atmsvc,
	//       rds, sna, irda, pppox, wanpipe, llc, ib, mpls, can, tipc, bluetooth, iucv,
	//       rxrpc, isdn, phonet, ieee802154, caif, alg, nfc, vsock, kcm, qipcrtr, smc,
	//       xdp, mctp
	//
	Domains []string `json:"domains,omitempty"`
	// Types specifies the communication semantics of socket.
	//
	// Available values: all(*), stream, dgram, raw, rdm, seqpacket, dccp, packet
	//
	Types []string `json:"types,omitempty"`
	// Protocols specifies the particular protocols to be used with the socket. Note that the protocols field
	// and types field are mutually exclusive.
	//
	// Available values: all(*), icmp, tcp, udp
	//
	Protocols []string `json:"protocols,omitempty"`
}

func (*NetworkSocketRule) DeepCopy added in v0.6.0

func (in *NetworkSocketRule) DeepCopy() *NetworkSocketRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkSocketRule.

func (*NetworkSocketRule) DeepCopyInto added in v0.6.0

func (in *NetworkSocketRule) DeepCopyInto(out *NetworkSocketRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PathPattern added in v0.5.4

type PathPattern struct {
	Flags  uint32 `json:"flags"`
	Prefix string `json:"prefix,omitempty"`
	Suffix string `json:"suffix,omitempty"`
}

func (*PathPattern) DeepCopy added in v0.5.4

func (in *PathPattern) DeepCopy() *PathPattern

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PathPattern.

func (*PathPattern) DeepCopyInto added in v0.5.4

func (in *PathPattern) DeepCopyInto(out *PathPattern)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Policy

type Policy struct {
	// Enforcer is used to specify which LSM to use for mandatory access control.
	// Available values: AppArmor, BPF, Seccomp, AppArmorBPF, AppArmorSeccomp, BPFSeccomp, AppArmorBPFSeccomp
	Enforcer string `json:"enforcer"`
	// Available values: AlwaysAllow, RuntimeDefault, EnhanceProtect, BehaviorModeling, DefenseInDepth
	//
	// Note:
	// BehaviorModeling and DefenseInDepth modes are experimental features and currently only work
	// with AppArmor/Seccomp/AppArmorSeccomp enforcers.
	Mode VarmorPolicyMode `json:"mode"`
	// EnhanceProtect is used to specify which built-in or custom rules are employed to protect the target workloads.
	// +optional
	EnhanceProtect *EnhanceProtect `json:"enhanceProtect,omitempty"`
	// ModelingOptions is used for the modeling settings.
	// +optional
	ModelingOptions *ModelingOptions `json:"modelingOptions,omitempty"`
}

func (*Policy) DeepCopy

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Profile

type Profile struct {
	Name           string      `json:"name"`
	Enforcer       string      `json:"enforcer"`
	Mode           string      `json:"mode"`
	Content        string      `json:"content,omitempty"`
	BpfContent     *BpfContent `json:"bpfContent,omitempty"`
	SeccompContent string      `json:"seccompContent,omitempty"`
}

func (*Profile) DeepCopy

func (in *Profile) DeepCopy() *Profile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Profile.

func (*Profile) DeepCopyInto

func (in *Profile) DeepCopyInto(out *Profile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Ptrace

type Ptrace struct {
	Peer        string   `json:"peer"`
	Permissions []string `json:"permissions"`
}

func (*Ptrace) DeepCopy

func (in *Ptrace) DeepCopy() *Ptrace

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ptrace.

func (*Ptrace) DeepCopyInto

func (in *Ptrace) DeepCopyInto(out *Ptrace)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PtraceContent added in v0.5.3

type PtraceContent struct {
	Mode        uint32 `json:"mode,omitempty"`
	Permissions uint32 `json:"permissions,omitempty"`
	Flags       uint32 `json:"flags,omitempty"`
}

func (*PtraceContent) DeepCopy added in v0.5.3

func (in *PtraceContent) DeepCopy() *PtraceContent

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PtraceContent.

func (*PtraceContent) DeepCopyInto added in v0.5.3

func (in *PtraceContent) DeepCopyInto(out *PtraceContent)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PtraceRule added in v0.5.3

type PtraceRule struct {
	// StrictMode is used to indicate whether to restrict ptrace operations for all source and destination processes.
	// Default is false.
	// If set to false, it allows a process to perform trace and read operations on other processes within the same container,
	// and also allows a process to be subjected to traceby and readby operations by other processes within the same container.
	// If set to true, it prohibits all trace, read, traceby, and readby operations within the container.
	// +optional
	StrictMode bool `json:"strictMode,omitempty"`
	// Permissions are used to indicate which ptrace-related permissions of the target container should be restricted.
	//
	// Available values: all(*), trace, traceby, read, readby.
	//    - trace: prohibiting tracing of other processes.
	//    - read: prohibiting reading of other processes.
	//    - traceby: prohibiting being traced by other processes (excluding the host processes).
	//    - readby: prohibiting being read by other processes (excluding the host processes).
	//
	//  The trace, traceby permissions for "write" operations, or other operations that are more dangerous, such as:
	//  ptrace attaching (PTRACE_ATTACH) to another process or calling process_vm_writev(2).
	//
	//  The read, readby permissions for "read" operations or other operations that are less dangerous, such as:
	//  get_robust_list(2); kcmp(2); reading /proc/pid/auxv, /proc/pid/environ, or /proc/pid/stat; or readlink(2) of a /proc/pid/ns/* file.
	Permissions []string `json:"permissions"`
}

func (*PtraceRule) DeepCopy added in v0.5.3

func (in *PtraceRule) DeepCopy() *PtraceRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PtraceRule.

func (*PtraceRule) DeepCopyInto added in v0.5.3

func (in *PtraceRule) DeepCopyInto(out *PtraceRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Seccomp added in v0.5.6

type Seccomp struct {
	Syscalls []string `json:"syscalls,omitempty"`
}

func (*Seccomp) DeepCopy added in v0.5.6

func (in *Seccomp) DeepCopy() *Seccomp

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Seccomp.

func (*Seccomp) DeepCopyInto added in v0.5.6

func (in *Seccomp) DeepCopyInto(out *Seccomp)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Signal

type Signal struct {
	Peer        string   `json:"peer"`
	Permissions []string `json:"permissions"`
	Signals     []string `json:"signals"`
}

func (*Signal) DeepCopy

func (in *Signal) DeepCopy() *Signal

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Signal.

func (*Signal) DeepCopyInto

func (in *Signal) DeepCopyInto(out *Signal)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StaticResult

type StaticResult struct {
}

func (*StaticResult) DeepCopy

func (in *StaticResult) DeepCopy() *StaticResult

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticResult.

func (*StaticResult) DeepCopyInto

func (in *StaticResult) DeepCopyInto(out *StaticResult)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Target

type Target struct {
	// Kind is used to specify the type of workloads for the protection targets.
	// Available values: Deployment, StatefulSet, DaemonSet, Pod.
	Kind string `json:"kind"`
	// Name is used to specify a specific workload name.
	// +optional
	Name string `json:"name,omitempty"`
	// Containers are used to specify the names of the protected containers. If it is empty, sandbox protection
	// will be enabled for all containers within the workload (excluding initContainers and ephemeralContainers).
	// +optional
	Containers []string `json:"containers,omitempty"`
	// LabelSelector is used to match workloads that meet the specified conditions. Note that the selector field and name field are mutually exclusive.
	// +optional
	Selector *metav1.LabelSelector `json:"selector,omitempty"`
}

func (*Target) DeepCopy

func (in *Target) DeepCopy() *Target

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Target.

func (*Target) DeepCopyInto

func (in *Target) DeepCopyInto(out *Target)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VarmorClusterPolicy added in v0.5.4

type VarmorClusterPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VarmorPolicySpec   `json:"spec"`
	Status VarmorPolicyStatus `json:"status,omitempty"`
}

VarmorClusterPolicy is the Schema for the varmorclusterpolicies API

func (*VarmorClusterPolicy) DeepCopy added in v0.5.4

func (in *VarmorClusterPolicy) DeepCopy() *VarmorClusterPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorClusterPolicy.

func (*VarmorClusterPolicy) DeepCopyInto added in v0.5.4

func (in *VarmorClusterPolicy) DeepCopyInto(out *VarmorClusterPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VarmorClusterPolicy) DeepCopyObject added in v0.5.4

func (in *VarmorClusterPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VarmorClusterPolicyList added in v0.5.4

type VarmorClusterPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VarmorClusterPolicy `json:"items"`
}

VarmorClusterPolicyList contains a list of VarmorClusterPolicy

func (*VarmorClusterPolicyList) DeepCopy added in v0.5.4

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorClusterPolicyList.

func (*VarmorClusterPolicyList) DeepCopyInto added in v0.5.4

func (in *VarmorClusterPolicyList) DeepCopyInto(out *VarmorClusterPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VarmorClusterPolicyList) DeepCopyObject added in v0.5.4

func (in *VarmorClusterPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VarmorPolicy

type VarmorPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VarmorPolicySpec   `json:"spec"`
	Status VarmorPolicyStatus `json:"status,omitempty"`
}

VarmorPolicy is the Schema for the varmorpolicies API

func (*VarmorPolicy) DeepCopy

func (in *VarmorPolicy) DeepCopy() *VarmorPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicy.

func (*VarmorPolicy) DeepCopyInto

func (in *VarmorPolicy) DeepCopyInto(out *VarmorPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VarmorPolicy) DeepCopyObject

func (in *VarmorPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VarmorPolicyCondition

type VarmorPolicyCondition struct {
	// Type of ArmorProfile condition.
	// Possible values: Created, Updated, Ready
	Type VarmorPolicyConditionType `json:"type"`
	// Status of the condition, one of True, False, Unknown.
	Status v1.ConditionStatus `json:"status"`
	// Last time the condition transitioned from one status to another.
	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
	// The reason for the condition's last transition.
	// +optional
	Reason string `json:"reason,omitempty"`
	// A human readable message indicating details about the transition.
	// +optional
	Message string `json:"message,omitempty"`
}

func (*VarmorPolicyCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicyCondition.

func (*VarmorPolicyCondition) DeepCopyInto

func (in *VarmorPolicyCondition) DeepCopyInto(out *VarmorPolicyCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VarmorPolicyConditionType

type VarmorPolicyConditionType string

type VarmorPolicyList

type VarmorPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VarmorPolicy `json:"items"`
}

VarmorPolicyList contains a list of VarmorPolicy

func (*VarmorPolicyList) DeepCopy

func (in *VarmorPolicyList) DeepCopy() *VarmorPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicyList.

func (*VarmorPolicyList) DeepCopyInto

func (in *VarmorPolicyList) DeepCopyInto(out *VarmorPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VarmorPolicyList) DeepCopyObject

func (in *VarmorPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VarmorPolicyMode

type VarmorPolicyMode string

type VarmorPolicyPhase

type VarmorPolicyPhase string

type VarmorPolicySpec

type VarmorPolicySpec struct {

	// Target specifies the workloads and their containers you want to harden.
	Target Target `json:"target"`
	// Policy specifies which enforcer, mode and rules you want to use to apply to the target.
	Policy Policy `json:"policy"`
	// UpdateExistingWorkloads is used to indicate whether to perform a rolling update on target existing workloads,
	// thus enabling or disabling the protection of the target workloads when policies are created or deleted.
	// Default is false.
	//
	// Note:
	// vArmor only performs a rolling update on Deployment, StatefulSet, or DaemonSet type workloads.
	// If `.spec.target.kind` is Pod, you need to rebuild the Pod yourself to enable or disable protection.
	// +optional
	UpdateExistingWorkloads bool `json:"updateExistingWorkloads,omitempty"`
}

VarmorPolicySpec defines the desired state of VarmorPolicy or VarmorClusterPolicy

func (*VarmorPolicySpec) DeepCopy

func (in *VarmorPolicySpec) DeepCopy() *VarmorPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicySpec.

func (*VarmorPolicySpec) DeepCopyInto

func (in *VarmorPolicySpec) DeepCopyInto(out *VarmorPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VarmorPolicyStatus

type VarmorPolicyStatus struct {
	ProfileName string `json:"profileName"`
	// Conditions
	Conditions []VarmorPolicyCondition `json:"conditions,omitempty"`
	// Ready is used to indicate whether the profile of policy is loaded.
	Ready bool `json:"ready"`
	// Phase is used to indicate the processing phase of the policy.
	// Possible values: Pending, Modeling, Completed, Protecting, Error.
	//
	// Note:
	// You can find out which varmor-agent has an error by reading the
	// ArmorProfile/status corresponding to the current VarmorPolicy
	Phase VarmorPolicyPhase `json:"phase,omitempty"`
}

VarmorPolicyStatus defines the observed state of VarmorPolicy or VarmorClusterPolicy

func (*VarmorPolicyStatus) DeepCopy

func (in *VarmorPolicyStatus) DeepCopy() *VarmorPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicyStatus.

func (*VarmorPolicyStatus) DeepCopyInto

func (in *VarmorPolicyStatus) DeepCopyInto(out *VarmorPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL