Documentation ¶
Index ¶
- Constants
- Variables
- func Kind(kind string) schema.GroupKind
- func Resource(resource string) schema.GroupResource
- type ClusterPolicyReport
- type ClusterPolicyReportList
- type PolicyReport
- type PolicyReportList
- type PolicyReportResult
- type PolicyReportSummary
- type PolicyResult
- type PolicySeverity
- type Priority
Constants ¶
const ( StatusPass = "pass" StatusFail = "fail" StatusWarn = "warn" StatusError = "error" StatusSkip = "skip" )
Status specifies state of a policy result
const ( SeverityCritical = "critical" SeverityHigh = "high" SeverityMedium = "medium" SeverityLow = "low" SeverityInfo = "info" )
Severity specifies priority of a policy result
const ResultIDKey = "resultID"
Variables ¶
var ( // SchemeBuilder builds the scheme SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme adds all types of this clientset into the given scheme AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: policyreport.GroupName, Version: "v1alpha2"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type ClusterPolicyReport ¶
type ClusterPolicyReport struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) // +optional Scope *corev1.ObjectReference `json:"scope,omitempty"` // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. // +optional ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` // PolicyReportSummary provides a summary of results // +optional Summary PolicyReportSummary `json:"summary,omitempty"` // PolicyReportResult provides result details // +optional Results []PolicyReportResult `json:"results,omitempty"` }
ClusterPolicyReport is the Schema for the clusterpolicyreports API
func (*ClusterPolicyReport) DeepCopy ¶
func (in *ClusterPolicyReport) DeepCopy() *ClusterPolicyReport
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport.
func (*ClusterPolicyReport) DeepCopyInto ¶
func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterPolicyReport) DeepCopyObject ¶
func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterPolicyReportList ¶
type ClusterPolicyReportList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ClusterPolicyReport `json:"items"` }
ClusterPolicyReportList contains a list of ClusterPolicyReport
func (*ClusterPolicyReportList) DeepCopy ¶
func (in *ClusterPolicyReportList) DeepCopy() *ClusterPolicyReportList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList.
func (*ClusterPolicyReportList) DeepCopyInto ¶
func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterPolicyReportList) DeepCopyObject ¶
func (in *ClusterPolicyReportList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PolicyReport ¶
type PolicyReport struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) // +optional Scope *corev1.ObjectReference `json:"scope,omitempty"` // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. // +optional ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` // PolicyReportSummary provides a summary of results // +optional Summary PolicyReportSummary `json:"summary,omitempty"` // PolicyReportResult provides result details // +optional Results []PolicyReportResult `json:"results,omitempty"` }
PolicyReport is the Schema for the policyreports API
func (*PolicyReport) DeepCopy ¶
func (in *PolicyReport) DeepCopy() *PolicyReport
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport.
func (*PolicyReport) DeepCopyInto ¶
func (in *PolicyReport) DeepCopyInto(out *PolicyReport)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PolicyReport) DeepCopyObject ¶
func (in *PolicyReport) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PolicyReportList ¶
type PolicyReportList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []PolicyReport `json:"items"` }
PolicyReportList contains a list of PolicyReport
func (*PolicyReportList) DeepCopy ¶
func (in *PolicyReportList) DeepCopy() *PolicyReportList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList.
func (*PolicyReportList) DeepCopyInto ¶
func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PolicyReportList) DeepCopyObject ¶
func (in *PolicyReportList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PolicyReportResult ¶
type PolicyReportResult struct { ID string `json:"-"` // Source is an identifier for the policy engine that manages this report // +optional Source string `json:"source"` // Policy is the name or identifier of the policy Policy string `json:"policy"` // Rule is the name or identifier of the rule within the policy // +optional Rule string `json:"rule,omitempty"` // Subjects is an optional reference to the checked Kubernetes resources // +optional Resources []corev1.ObjectReference `json:"resources,omitempty"` // SubjectSelector is an optional label selector for checked Kubernetes resources. // For example, a policy result may apply to all pods that match a label. // Either a Subject or a SubjectSelector can be specified. // If neither are provided, the result is assumed to be for the policy report scope. // +optional ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"` // Description is a short user friendly message for the policy rule Message string `json:"message,omitempty"` // Result indicates the outcome of the policy rule execution Result PolicyResult `json:"result,omitempty"` // Scored indicates if this result is scored Scored bool `json:"scored,omitempty"` // Properties provides additional information for the policy rule Properties map[string]string `json:"properties,omitempty"` // Timestamp indicates the time the result was found Timestamp metav1.Timestamp `json:"timestamp,omitempty"` // Category indicates policy category // +optional Category string `json:"category,omitempty"` // Severity indicates policy check result criticality // +optional Severity PolicySeverity `json:"severity,omitempty"` Priority Priority `json:"-"` }
PolicyReportResult provides the result for an individual policy
func (*PolicyReportResult) DeepCopy ¶
func (in *PolicyReportResult) DeepCopy() *PolicyReportResult
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult.
func (*PolicyReportResult) DeepCopyInto ¶
func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyReportSummary ¶
type PolicyReportSummary struct { // Pass provides the count of policies whose requirements were met // +optional Pass int `json:"pass"` // Fail provides the count of policies whose requirements were not met // +optional Fail int `json:"fail"` // Warn provides the count of non-scored policies whose requirements were not met // +optional Warn int `json:"warn"` // Error provides the count of policies that could not be evaluated // +optional Error int `json:"error"` // Skip indicates the count of policies that were not selected for evaluation // +optional Skip int `json:"skip"` }
PolicyReportSummary provides a status count summary
func (*PolicyReportSummary) DeepCopy ¶
func (in *PolicyReportSummary) DeepCopy() *PolicyReportSummary
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary.
func (*PolicyReportSummary) DeepCopyInto ¶
func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (PolicyReportSummary) ToMap ¶
func (prs PolicyReportSummary) ToMap() map[string]interface{}
type PolicyResult ¶
type PolicyResult string
PolicyResult has one of the following values:
- pass: indicates that the policy requirements are met
- fail: indicates that the policy requirements are not met
- warn: indicates that the policy requirements and not met, and the policy is not scored
- error: indicates that the policy could not be evaluated
- skip: indicates that the policy was not selected based on user inputs or applicability
type PolicySeverity ¶
type PolicySeverity string
PolicySeverity has one of the following values: - critical - high - low - medium - info