Documentation ¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the complianceoperator v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=compliance.openshift.io
Package v1alpha1 contains API Schema definitions for the complianceoperator v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=compliance.openshift.io
Index ¶
- Constants
- Variables
- func AddRemediationAnnotation(obj metav1.Object)
- func RemediationWasCreatedByOperator(obj metav1.Object) bool
- type ComplianceCheckResult
- type ComplianceCheckResultList
- type ComplianceCheckResultSeverity
- type ComplianceCheckStatus
- type ComplianceRemediation
- func (r *ComplianceRemediation) AddOwnershipLabels(obj metav1.Object)
- func (in *ComplianceRemediation) DeepCopy() *ComplianceRemediation
- func (in *ComplianceRemediation) DeepCopyInto(out *ComplianceRemediation)
- func (in *ComplianceRemediation) DeepCopyObject() runtime.Object
- func (r *ComplianceRemediation) GetEnforcementType() string
- func (r *ComplianceRemediation) GetMcName() string
- func (r *ComplianceRemediation) GetScan() string
- func (r *ComplianceRemediation) GetSuite() string
- func (r *ComplianceRemediation) HasAnnotation(ann string) bool
- func (r *ComplianceRemediation) HasLabel(label string) bool
- func (r *ComplianceRemediation) HasUnmetDependencies() bool
- func (r *ComplianceRemediation) HasUnmetKubeDependencies() bool
- func (r *ComplianceRemediation) IsApplied() bool
- func (r *ComplianceRemediation) ParseRemediationDependencyRefs() ([]RemediationObjectDependencyReference, error)
- func (r *ComplianceRemediation) RemediationPayloadDiffers(other *ComplianceRemediation) bool
- type ComplianceRemediationList
- type ComplianceRemediationPayload
- type ComplianceRemediationSpec
- type ComplianceRemediationSpecMeta
- type ComplianceRemediationStatus
- type ComplianceScan
- func (in *ComplianceScan) DeepCopy() *ComplianceScan
- func (in *ComplianceScan) DeepCopyInto(out *ComplianceScan)
- func (in *ComplianceScan) DeepCopyObject() runtime.Object
- func (cs *ComplianceScan) GetScanType() ComplianceScanType
- func (cs *ComplianceScan) GetScanTypeIfValid() (ComplianceScanType, error)
- func (cs *ComplianceScan) IsStrictNodeScan() bool
- func (cs *ComplianceScan) NeedsRescan() bool
- func (cs *ComplianceScan) RemediationEnforcementIsOff() bool
- func (cs *ComplianceScan) RemediationEnforcementTypeMatches(etype string) bool
- type ComplianceScanList
- type ComplianceScanSettings
- type ComplianceScanSpec
- type ComplianceScanSpecWrapper
- type ComplianceScanStatus
- type ComplianceScanStatusPhase
- type ComplianceScanStatusResult
- type ComplianceScanStatusWrapper
- type ComplianceScanType
- type ComplianceSuite
- func (s *ComplianceSuite) ApplyRemediationsAnnotationSet() bool
- func (in *ComplianceSuite) DeepCopy() *ComplianceSuite
- func (in *ComplianceSuite) DeepCopyInto(out *ComplianceSuite)
- func (in *ComplianceSuite) DeepCopyObject() runtime.Object
- func (s *ComplianceSuite) IsResultAvailable() bool
- func (s *ComplianceSuite) LowestCommonResult() ComplianceScanStatusResult
- func (s *ComplianceSuite) LowestCommonState() ComplianceScanStatusPhase
- func (s *ComplianceSuite) RemoveOutdatedAnnotationSet() bool
- func (s *ComplianceSuite) ShouldApplyRemediations() bool
- func (s *ComplianceSuite) ShouldRemoveOutdated() bool
- type ComplianceSuiteList
- type ComplianceSuiteSettings
- type ComplianceSuiteSpec
- type ComplianceSuiteStatus
- func (in *ComplianceSuiteStatus) DeepCopy() *ComplianceSuiteStatus
- func (in *ComplianceSuiteStatus) DeepCopyInto(out *ComplianceSuiteStatus)
- func (s *ComplianceSuiteStatus) SetConditionInvalid()
- func (s *ComplianceSuiteStatus) SetConditionPending()
- func (s *ComplianceSuiteStatus) SetConditionReady()
- func (s *ComplianceSuiteStatus) SetConditionsProcessing()
- type DataStreamStatusType
- type FixDefinition
- type NamedObjectReference
- type OutputRef
- type Profile
- type ProfileBundle
- type ProfileBundleList
- type ProfileBundleSpec
- type ProfileBundleStatus
- type ProfileList
- type ProfilePayload
- type ProfileRule
- type ProfileValue
- type RawResultStorageSettings
- type RemediationApplicationState
- type RemediationObjectDependencyReference
- type RemediationType
- type Rule
- type RuleList
- type RulePayload
- type RuleReferenceSpec
- type ScanSetting
- type ScanSettingBinding
- type ScanSettingBindingList
- type ScanSettingBindingStatus
- func (in *ScanSettingBindingStatus) DeepCopy() *ScanSettingBindingStatus
- func (in *ScanSettingBindingStatus) DeepCopyInto(out *ScanSettingBindingStatus)
- func (s *ScanSettingBindingStatus) SetConditionInvalid(msg string)
- func (s *ScanSettingBindingStatus) SetConditionPending()
- func (s *ScanSettingBindingStatus) SetConditionReady()
- type ScanSettingList
- type StorageReference
- type TailoredProfile
- type TailoredProfileList
- type TailoredProfileSpec
- type TailoredProfileState
- type TailoredProfileStatus
- type TailoringConfigMapRef
- type ValueSelection
- type Variable
- type VariableList
- type VariablePayload
- type VariableType
- type VariableValueSpec
Constants ¶
const ( RemediationEnforcementEmpty string = "" RemediationEnforcementOff string = "off" RemediationEnforcementAll string = "all" )
const ( // OutdatedRemediationLabel specifies that the remediation has been superseded by a newer version. OutdatedRemediationLabel = "complianceoperator.openshift.io/outdated-remediation" // RemediationHasUnmetDependenciesLabel specifies that a remediation has unmet dependencies // and thus cannot be applied. RemediationHasUnmetDependenciesLabel = "compliance.openshift.io/has-unmet-dependencies" // RemediationUnsetValueLabel specifies that a remediation requires a value // to be set. RemediationUnsetValueLabel = "compliance.openshift.io/has-unset-variable" // RemediationValueRequiredProcessedLabel specifies that a remediation's needed value // has been processed. RemediationValueRequiredProcessedLabel = "compliance.openshift.io/value-required-processed" // RemediationCreatedByOperatorAnnotation specifies that a remediation was // created by the Compliance Operator; this is used for the Compliance Operator to // know whether it can delete the object or not when un-applying a remediation. RemediationCreatedByOperatorAnnotation = "compliance.openshift.io/remediation" // RemediationDependencyAnnotation specifies that a remediation depends on // an XCCDF rule passing in order to be applied. RemediationDependencyAnnotation = "compliance.openshift.io/depends-on" // RemediationObjectDependencyAnnotation specifies that a remediation depends on // another Kubernetes object existing in order to be applied. RemediationObjectDependencyAnnotation = "compliance.openshift.io/depends-on-obj" // RemediationDependenciesMetAnnotation specifies that a remediation's dependencies // have been met. RemediationDependenciesMetAnnotation = "compliance.openshift.io/dependencies-met" // RemediationOptionalAnnotation specifies that a remediation is optional, // and thus failures applying it are to be ignored. RemediationOptionalAnnotation = "compliance.openshift.io/optional" // RemediationEnforcementTypeAnnotation specifies that a remediation is // of a certain policy enforcement type. This generally marks the engine // that the policy will be evaluated with. e.g. gatekeeper RemediationEnforcementTypeAnnotation = "compliance.openshift.io/enforcement-type" // RemediationValueRequiredAnnotation specifies that a remediation requires // a value to be set before being applied. RemediationValueRequiredAnnotation = "compliance.openshift.io/value-required" // RemediationUnsetValueAnnotation specifies the unset value that's missing // for the remediation RemediationUnsetValueAnnotation = "compliance.openshift.io/unset-value" // RemediationValueUsedAnnotation specifies the values used for a remediation RemediationValueUsedAnnotation = "compliance.openshift.io/xccdf-value-used" // OCPVersionDependencyAnnotation specifies that the OCP cluster needs to fall // into a range in order to be applied OCPVersionDependencyAnnotation = "compliance.openshift.io/ocp-version" // K8SVersionDependencyAnnotation specifies that the k8s cluster needs to fall // into a range in order to be applied K8SVersionDependencyAnnotation = "compliance.openshift.io/k8s-version" )
const ( // ResultNot available represents the compliance scan not having finished yet ResultNotAvailable ComplianceScanStatusResult = "NOT-AVAILABLE" // ResultCompliant represents the compliance scan having succeeded ResultCompliant ComplianceScanStatusResult = "COMPLIANT" // ResultNotApplicable represents the compliance scan having no useful results after finished ResultNotApplicable ComplianceScanStatusResult = "NOT-APPLICABLE" // ResultError represents a compliance scan pod having failed to run the scan or encountered an error ResultError ComplianceScanStatusResult = "ERROR" // ResultNonCompliant represents the compliance scan having found a gap ResultNonCompliant ComplianceScanStatusResult = "NON-COMPLIANT" // ResultInconsistent represents checks differing across the machines ResultInconsistent ComplianceScanStatusResult = "INCONSISTENT" ScanTypeNode ComplianceScanType = "Node" ScanTypePlatform ComplianceScanType = "Platform" )
const ( CheckTypePlatform = "Platform" CheckTypeNode = "Node" CheckTypeNone = "" )
const ( VarTypeNumber = "number" VarTypeBool = "bool" VarTypeString = "string" )
const (
AllRoles = "@all"
)
const ApplyRemediationsAnnotation = "compliance.openshift.io/apply-remediations"
ApplyRemediationsAnnotation is an annotation that, when set on a ComplianceSuite will apply all the remediations that were generated. It will be removed once they've been applied.
const CmScanResultAnnotation = "compliance.openshift.io/scan-result"
CmScanResultAnnotation holds the processed scanner result
const CmScanResultErrMsg = "compliance.openshift.io/scan-error-msg"
CmScanResultErrMsg holds the processed scanner error message
const ComplianceCheckInconsistentLabel = "compliance.openshift.io/inconsistent-check"
ComplianceCheckInconsistentLabel signifies that the check's results were not consistent across the target nodes
const ComplianceCheckResultErrorAnnotation = "compliance.openshift.io/error-msg"
const ComplianceCheckResultHasRemediation = "compliance.openshift.io/automated-remediation"
ComplianceCheckResultLabel defines a label that will be included in the ComplianceCheckResult objects. It indicates whether the result has an automated remediation or not.
const ComplianceCheckResultInconsistentSourceAnnotation = "compliance.openshift.io/inconsistent-source"
ComplianceCheckResultInconsistentSourceAnnotation is only used with an Inconsistent check result It either lists statuses of nodes that differ from ComplianceCheckResultMostCommonAnnotation or, if the most common state does not exist, just lists all sources of all nodes.
const ComplianceCheckResultMostCommonAnnotation = "compliance.openshift.io/most-common-status"
ComplianceCheckResultMostCommonAnnotation stores the most common ComplianceCheckStatus value in an inconsistent check. In order for the result to be most common, at least 60% of the nodes must report the same result. The nodes that differ from the most common status are listed using ComplianceCheckResultInconsistentSourceAnnotation
const ComplianceCheckResultRuleAnnotation = "compliance.openshift.io/rule"
ComplianceCheckResultRuleAnnotation exposes the DNS-friendly name of a rule as a label. This provides a way to link a result to a Rule object.
const ComplianceCheckResultSeverityLabel = "compliance.openshift.io/check-severity"
const ComplianceCheckResultStatusLabel = "compliance.openshift.io/check-status"
ComplianceCheckResultLabel defines a label that will be included in the ComplianceCheckResult objects. It indicates the result in an easy-to-find way.
const ComplianceCheckResultValueLabel = "compliance.openshift.io/check-has-value"
const (
// The key of a ComplianceCheckResult that dependency annotations point to
ComplianceRemediationDependencyField = "id"
)
const ComplianceScanLabel = "compliance.openshift.io/scan-name"
ComplianceScanLabel serves as an indicator for which ComplianceScan owns the referenced object
const ComplianceScanRescanAnnotation = "compliance.openshift.io/rescan"
ComplianceScanRescanAnnotation indicates that a ComplianceScan should be re-run
const DefaultRawStorageSize = "1Gi"
DefaultRawStorageSize specifies the default storage size where the raw results will be stored at
const DefaultStorageRotation = 3
const ProductAnnotation = "compliance.openshift.io/product"
ProductAnnotation specifies the name of the platform this Profile or TailoredProfile is targetting. Example: ocp4, rhcos4, ...
const ProductTypeAnnotation = "compliance.openshift.io/product-type"
ProductTypeAnnotation specifies what kind of platform (node,platform) this Profile or a TailoredProfile targets
const ProfileBundleFinalizer = "profilebundle.finalizers.compliance.openshift.io"
ProfileBundleFinalizer is a finalizer for ProfileBundles. It gets automatically added by the ProfileBundle controller in order to delete resources.
const ProfileBundleOwnerLabel = "compliance.openshift.io/profile-bundle"
ProfileBundleOwnerLabel marks a profile or rule as owned by a profile bundle and helps users filter such objects
const ProfileImageDigestAnnotation = "compliance.openshift.io/image-digest"
ProfileImageDigestAnnotation is the parsed out digest of the content image
const RemoveOutdatedAnnotation = "compliance.openshift.io/remove-outdated"
RemoveOutdatedAnnotation is an annotation that, when set on a ComplianceSuite will automatically remove outdated remediations so the operator will apply only the up-to-date ones. It'll be removed once the outdated remediations have been removed.
const ResultLabel = "complianceoperator.openshift.io/scan-result"
ResultLabel defines that the object is a result of a scan
const RuleIDAnnotationKey = "compliance.openshift.io/rule"
RuleIDAnnotationKey exposes the DNS-friendly name of a rule as an annotation. This provides a way to link a result to a Rule object. TODO(jaosorior): Decide where this actually belongs... should it be here or in the compliance-operator?
const RuleVariableAnnotationKey = "compliance.openshift.io/rule-variable"
RuleVariableAnnotationKey store list of xccdf variables used to render the rule
const ScanFinalizer = "scan.finalizers.compliance.openshift.io"
ScanFinalizer is a finalizer for ComplianceScans. It gets automatically added by the ComplianceScan controller in order to delete resources.
const ScriptLabel = "complianceoperator.openshift.io/scan-script"
ScriptLabel defines that the object is a script for a scan object
const SuiteFinalizer = "suite.finalizers.compliance.openshift.io"
SuiteFinalizer is a finalizer for ComplianceSuites. It gets automatically added by the ComplianceSuite controller in order to delete resources.
const SuiteLabel = "compliance.openshift.io/suite"
SuiteLabel indicates that an object (normally the ComplianceScan or a ComplianceRemediation) belongs to a certain ComplianceSuite. This is an easy way to filter them.
const SuiteScriptLabel = "compliance.openshift.io/suite-script"
SuiteScriptLabel indicates that the object is a script belonging to the compliance suite controller
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: "compliance.openshift.io", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} )
var ErrUnkownScanType = errors.New("Unknown scan type")
var (
KubeDepsNotFound = errors.New("kubernetes dependency annotation not found")
)
Functions ¶
func AddRemediationAnnotation ¶ added in v0.1.20
AddRemediationAnnotation annotates an object to say it was created by this operator
func RemediationWasCreatedByOperator ¶ added in v0.1.20
AddRemediationAnnotation tells us if an object was created by this operator
Types ¶
type ComplianceCheckResult ¶ added in v0.1.9
type ComplianceCheckResult struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // A unique identifier of a check ID string `json:"id"` // The result of a check Status ComplianceCheckStatus `json:"status"` // The severity of a check status Severity ComplianceCheckResultSeverity `json:"severity"` // A human-readable check description, what and why it does Description string `json:"description,omitempty"` // How to evaluate if the rule status manually. If no automatic test is present, the rule status will be MANUAL // and the administrator should follow these instructions. Instructions string `json:"instructions,omitempty"` // Any warnings that the user should be aware about. // +nullable Warnings []string `json:"warnings,omitempty"` // It stores a list of values used by the check ValuesUsed []string `json:"valuesUsed,omitempty"` }
ComplianceCheckResult represent a result of a single compliance "test" +kubebuilder:resource:path=compliancecheckresults,scope=Namespaced,shortName=ccr;checkresults;checkresult +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status` +kubebuilder:printcolumn:name="Severity",type="string",JSONPath=`.severity`
func (*ComplianceCheckResult) DeepCopy ¶ added in v0.1.9
func (in *ComplianceCheckResult) DeepCopy() *ComplianceCheckResult
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceCheckResult.
func (*ComplianceCheckResult) DeepCopyInto ¶ added in v0.1.9
func (in *ComplianceCheckResult) DeepCopyInto(out *ComplianceCheckResult)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceCheckResult) DeepCopyObject ¶ added in v0.1.9
func (in *ComplianceCheckResult) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ComplianceCheckResult) IDToDNSFriendlyName ¶ added in v0.1.10
func (ccr *ComplianceCheckResult) IDToDNSFriendlyName() string
IDToDNSFriendlyName gets the ID from the scan and returns a DNS friendly name
type ComplianceCheckResultList ¶ added in v0.1.9
type ComplianceCheckResultList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ComplianceCheckResult `json:"items"` }
ComplianceCheckResultList contains a list of ComplianceCheckResult
func (*ComplianceCheckResultList) DeepCopy ¶ added in v0.1.9
func (in *ComplianceCheckResultList) DeepCopy() *ComplianceCheckResultList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceCheckResultList.
func (*ComplianceCheckResultList) DeepCopyInto ¶ added in v0.1.9
func (in *ComplianceCheckResultList) DeepCopyInto(out *ComplianceCheckResultList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceCheckResultList) DeepCopyObject ¶ added in v0.1.9
func (in *ComplianceCheckResultList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ComplianceCheckResultSeverity ¶ added in v0.1.9
type ComplianceCheckResultSeverity string
const ( CheckResultSeverityUnknown ComplianceCheckResultSeverity = "unknown" CheckResultSeverityInfo ComplianceCheckResultSeverity = "info" CheckResultSeverityLow ComplianceCheckResultSeverity = "low" CheckResultSeverityMedium ComplianceCheckResultSeverity = "medium" CheckResultSeverityHigh ComplianceCheckResultSeverity = "high" )
type ComplianceCheckStatus ¶ added in v0.1.9
type ComplianceCheckStatus string
const ( // The check ran to completion and passed CheckResultPass ComplianceCheckStatus = "PASS" // The check ran to completion and failed CheckResultFail ComplianceCheckStatus = "FAIL" // The check ran to completion and found something not severe enough to be considered error CheckResultInfo ComplianceCheckStatus = "INFO" // The check ran to completion and found something not severe enough to be considered error CheckResultManual ComplianceCheckStatus = "MANUAL" // The check ran, but could not complete properly CheckResultError ComplianceCheckStatus = "ERROR" // The check didn't run because it is not applicable or not selected CheckResultNotApplicable ComplianceCheckStatus = "NOT-APPLICABLE" // The check reports different results from different sources, typically cluster nodes CheckResultInconsistent ComplianceCheckStatus = "INCONSISTENT" // The check didn't yield a usable result CheckResultNoResult ComplianceCheckStatus = "" )
type ComplianceRemediation ¶
type ComplianceRemediation struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Contains the definition of what the remediation should be Spec ComplianceRemediationSpec `json:"spec,omitempty"` // Contains information on the remediation (whether it's applied or not) Status ComplianceRemediationStatus `json:"status,omitempty"` }
ComplianceRemediation represents a remediation that can be applied to the cluster to fix the found issues. +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=complianceremediations,scope=Namespaced,shortName=cr;remediations;remediation;rems +kubebuilder:printcolumn:name="State",type="string",JSONPath=`.status.applicationState`
func (*ComplianceRemediation) AddOwnershipLabels ¶ added in v0.1.23
func (r *ComplianceRemediation) AddOwnershipLabels(obj metav1.Object)
AddOwnershipLabels labels an object to say it was created by this operator and is owned by a specific scan and suite
func (*ComplianceRemediation) DeepCopy ¶
func (in *ComplianceRemediation) DeepCopy() *ComplianceRemediation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediation.
func (*ComplianceRemediation) DeepCopyInto ¶
func (in *ComplianceRemediation) DeepCopyInto(out *ComplianceRemediation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceRemediation) DeepCopyObject ¶
func (in *ComplianceRemediation) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ComplianceRemediation) GetEnforcementType ¶ added in v0.1.38
func (r *ComplianceRemediation) GetEnforcementType() string
func (*ComplianceRemediation) GetMcName ¶
func (r *ComplianceRemediation) GetMcName() string
func (*ComplianceRemediation) GetScan ¶
func (r *ComplianceRemediation) GetScan() string
func (*ComplianceRemediation) GetSuite ¶
func (r *ComplianceRemediation) GetSuite() string
func (*ComplianceRemediation) HasAnnotation ¶ added in v0.1.40
func (r *ComplianceRemediation) HasAnnotation(ann string) bool
func (*ComplianceRemediation) HasLabel ¶ added in v0.1.40
func (r *ComplianceRemediation) HasLabel(label string) bool
func (*ComplianceRemediation) HasUnmetDependencies ¶ added in v0.1.27
func (r *ComplianceRemediation) HasUnmetDependencies() bool
func (*ComplianceRemediation) HasUnmetKubeDependencies ¶ added in v0.1.38
func (r *ComplianceRemediation) HasUnmetKubeDependencies() bool
func (*ComplianceRemediation) IsApplied ¶ added in v0.1.25
func (r *ComplianceRemediation) IsApplied() bool
IsApplied tells whether the ComplianceRemediation has been applied. Note that a Remediation is considered applied if the state of it is indeed applied, or if it has been requested to be applied but it has become outdated
func (*ComplianceRemediation) ParseRemediationDependencyRefs ¶ added in v0.1.38
func (r *ComplianceRemediation) ParseRemediationDependencyRefs() ([]RemediationObjectDependencyReference, error)
func (*ComplianceRemediation) RemediationPayloadDiffers ¶ added in v0.1.12
func (r *ComplianceRemediation) RemediationPayloadDiffers(other *ComplianceRemediation) bool
type ComplianceRemediationList ¶
type ComplianceRemediationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ComplianceRemediation `json:"items"` }
ComplianceRemediationList contains a list of ComplianceRemediation
func (*ComplianceRemediationList) DeepCopy ¶
func (in *ComplianceRemediationList) DeepCopy() *ComplianceRemediationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationList.
func (*ComplianceRemediationList) DeepCopyInto ¶
func (in *ComplianceRemediationList) DeepCopyInto(out *ComplianceRemediationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceRemediationList) DeepCopyObject ¶
func (in *ComplianceRemediationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ComplianceRemediationPayload ¶ added in v0.1.12
type ComplianceRemediationPayload struct { // The remediation payload. This would normally be a full Kubernetes // object. // +kubebuilder:pruning:PreserveUnknownFields // +kubebuilder:validation:EmbeddedResource // +kubebuilder:validation:nullable Object *unstructured.Unstructured `json:"object,omitempty"` }
func (*ComplianceRemediationPayload) DeepCopy ¶ added in v0.1.12
func (in *ComplianceRemediationPayload) DeepCopy() *ComplianceRemediationPayload
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationPayload.
func (*ComplianceRemediationPayload) DeepCopyInto ¶ added in v0.1.12
func (in *ComplianceRemediationPayload) DeepCopyInto(out *ComplianceRemediationPayload)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceRemediationSpec ¶
type ComplianceRemediationSpec struct { ComplianceRemediationSpecMeta `json:",inline"` // Defines the remediation that is proposed by the scan. If there is no "outdated" // remediation in this object, the "current" remediation is what will be applied. Current ComplianceRemediationPayload `json:"current,omitempty"` // In case there was a previous remediation proposed by a previous scan, and that remediation // now differs, the old remediation will be kept in this "outdated" key. This requires admin // intervention to remove this outdated object and ensure the current is what's applied. Outdated ComplianceRemediationPayload `json:"outdated,omitempty"` }
ComplianceRemediationSpec defines the desired state of ComplianceRemediation +k8s:openapi-gen=true
func (*ComplianceRemediationSpec) DeepCopy ¶
func (in *ComplianceRemediationSpec) DeepCopy() *ComplianceRemediationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationSpec.
func (*ComplianceRemediationSpec) DeepCopyInto ¶
func (in *ComplianceRemediationSpec) DeepCopyInto(out *ComplianceRemediationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceRemediationSpecMeta ¶
type ComplianceRemediationSpecMeta struct { // Whether the remediation should be picked up and applied by the operator Apply bool `json:"apply"` // The type of remediation that this object applies. The available // types are: Configuration and Enforcement. Where the Configuration // type fixes a configuration to match a compliance expectation. // The Enforcement type, on the other hand, ensures that the cluster // stays in compliance via means of authorization. // +kubebuilder:default="Configuration" Type RemediationType `json:"type,omitempty"` }
func (*ComplianceRemediationSpecMeta) DeepCopy ¶
func (in *ComplianceRemediationSpecMeta) DeepCopy() *ComplianceRemediationSpecMeta
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationSpecMeta.
func (*ComplianceRemediationSpecMeta) DeepCopyInto ¶
func (in *ComplianceRemediationSpecMeta) DeepCopyInto(out *ComplianceRemediationSpecMeta)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceRemediationStatus ¶
type ComplianceRemediationStatus struct { // Whether the remediation is already applied or not // +kubebuilder:default="NotApplied" ApplicationState RemediationApplicationState `json:"applicationState,omitempty"` ErrorMessage string `json:"errorMessage,omitempty"` }
ComplianceRemediationStatus defines the observed state of ComplianceRemediation +k8s:openapi-gen=true
func (*ComplianceRemediationStatus) DeepCopy ¶
func (in *ComplianceRemediationStatus) DeepCopy() *ComplianceRemediationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationStatus.
func (*ComplianceRemediationStatus) DeepCopyInto ¶
func (in *ComplianceRemediationStatus) DeepCopyInto(out *ComplianceRemediationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceScan ¶
type ComplianceScan struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // The spec is the configuration for the compliance scan. Spec ComplianceScanSpec `json:"spec,omitempty"` // The status will give valuable information on what's going on with the // scan; and, more importantly, if the scan is successful (compliant) or // not (non-compliant) Status ComplianceScanStatus `json:"status,omitempty"` }
ComplianceScan represents a scan with a certain configuration that will be applied to objects of a certain entity in the host. These could be nodes that apply to a certain nodeSelector, or the cluster itself. +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=compliancescans,scope=Namespaced,shortName=scans;scan +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=`.status.phase` +kubebuilder:printcolumn:name="Result",type="string",JSONPath=`.status.result`
func ComplianceScanFromWrapper ¶ added in v0.1.6
func ComplianceScanFromWrapper(sw *ComplianceScanSpecWrapper) *ComplianceScan
ComplianceScanFromWrapper returns a ComplianceScan from the wrapper that's given to a ComplianceSuite. This will return all the values that are derivable from the wrapper in order to build a scan. Anything missing must be added separately.
func (*ComplianceScan) DeepCopy ¶
func (in *ComplianceScan) DeepCopy() *ComplianceScan
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScan.
func (*ComplianceScan) DeepCopyInto ¶
func (in *ComplianceScan) DeepCopyInto(out *ComplianceScan)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceScan) DeepCopyObject ¶
func (in *ComplianceScan) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ComplianceScan) GetScanType ¶ added in v0.1.13
func (cs *ComplianceScan) GetScanType() ComplianceScanType
GetScanType get's the scan type for a scan
func (*ComplianceScan) GetScanTypeIfValid ¶ added in v0.1.13
func (cs *ComplianceScan) GetScanTypeIfValid() (ComplianceScanType, error)
GetScanTypeIfValid returns scan type if the scan has a valid one, else it returns an error
func (*ComplianceScan) IsStrictNodeScan ¶ added in v0.1.44
func (cs *ComplianceScan) IsStrictNodeScan() bool
GetScanType get's the scan type for a scan
func (*ComplianceScan) NeedsRescan ¶ added in v0.1.9
func (cs *ComplianceScan) NeedsRescan() bool
NeedsRescan indicates whether a ComplianceScan needs to rescan or not
func (*ComplianceScan) RemediationEnforcementIsOff ¶ added in v0.1.38
func (cs *ComplianceScan) RemediationEnforcementIsOff() bool
Returns whether remediation enforcement is off or not
func (*ComplianceScan) RemediationEnforcementTypeMatches ¶ added in v0.1.38
func (cs *ComplianceScan) RemediationEnforcementTypeMatches(etype string) bool
Returns whether remediation enforcement is off or not
type ComplianceScanList ¶
type ComplianceScanList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ComplianceScan `json:"items"` }
ComplianceScanList contains a list of ComplianceScan
func (*ComplianceScanList) DeepCopy ¶
func (in *ComplianceScanList) DeepCopy() *ComplianceScanList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanList.
func (*ComplianceScanList) DeepCopyInto ¶
func (in *ComplianceScanList) DeepCopyInto(out *ComplianceScanList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceScanList) DeepCopyObject ¶
func (in *ComplianceScanList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ComplianceScanSettings ¶ added in v0.1.10
type ComplianceScanSettings struct { // Enable debug logging of workloads and OpenSCAP Debug bool `json:"debug,omitempty"` // Specifies settings that pertain to raw result storage. RawResultStorage RawResultStorageSettings `json:"rawResultStorage,omitempty"` // Defines that no external resources in the Data Stream should be used. External // resources could be, for instance, CVE feeds. This is useful for disconnected // installations without access to a proxy. NoExternalResources bool `json:"noExternalResources,omitempty"` // It is recommended to set the proxy via the config.openshift.io/Proxy object // Defines a proxy for the scan to get external resources from. This is useful for // disconnected installations with access to a proxy. HTTPSProxy string `json:"httpsProxy,omitempty"` // Specifies tolerations needed for the scan to run on the nodes. This is useful // in case the target set of nodes have custom taints that don't allow certain // workloads to run. Defaults to allowing scheduling on all nodes. // +kubebuilder:default={{operator: "Exists"}} ScanTolerations []corev1.Toleration `json:"scanTolerations,omitempty"` // Defines whether the scan should proceed if we're not able to // scan all the nodes or not. `true` means that the operator // should be strict and error out. `false` means that we don't // need to be strict and we can proceed. // +kubebuilder:default=true StrictNodeScan *bool `json:"strictNodeScan,omitempty"` // Specifies what to do with remediations of Enforcement type. If left empty, // this defaults to "off" which doesn't create nor apply any enforcement remediations. // If set to "all" this creates any enforcement remediations it encounters. // Subsequently, this can also be set to a specific type. e.g. setting it to // "gatekeeper" will apply any enforcement remediations relevant to the // Gatekeeper OPA system. // These objects will annotated in the content itself with: // complianceascode.io/enforcement-type: <type> RemediationEnforcement string `json:"remediationEnforcement,omitempty"` // Determines whether to hide or show results that are not applicable. // +kubebuilder:default=false ShowNotApplicable bool `json:"showNotApplicable,omitempty"` }
ComplianceScanSettings groups together settings of a ComplianceScan +k8s:openapi-gen=true
func (*ComplianceScanSettings) DeepCopy ¶ added in v0.1.10
func (in *ComplianceScanSettings) DeepCopy() *ComplianceScanSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSettings.
func (*ComplianceScanSettings) DeepCopyInto ¶ added in v0.1.10
func (in *ComplianceScanSettings) DeepCopyInto(out *ComplianceScanSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceScanSpec ¶
type ComplianceScanSpec struct { // The type of Compliance scan. // +kubebuilder:default=Node ScanType ComplianceScanType `json:"scanType,omitempty"` // Is the image with the content (Data Stream), that will be used to run // OpenSCAP. ContentImage string `json:"contentImage,omitempty"` // Is the profile in the data stream to be used. This is the collection of // rules that will be checked for. Profile string `json:"profile,omitempty"` // A Rule can be specified if the scan should check only for a specific // rule. Note that when leaving this empty, the scan will check for all the // rules for a specific profile. Rule string `json:"rule,omitempty"` // Is the path to the file that contains the content (the data stream). // Note that the path needs to be relative to the `/` (root) directory, as // it is in the ContentImage Content string `json:"content,omitempty"` // By setting this, it's possible to only run the scan on certain nodes in // the cluster. Note that when applying remediations generated from the // scan, this should match the selector of the MachineConfigPool you want // to apply the remediations to. NodeSelector map[string]string `json:"nodeSelector,omitempty"` // Is a reference to a ConfigMap that contains the // tailoring file. It assumes a key called `tailoring.xml` which will // have the tailoring contents. TailoringConfigMap *TailoringConfigMapRef `json:"tailoringConfigMap,omitempty"` ComplianceScanSettings `json:",inline"` }
ComplianceScanSpec defines the desired state of ComplianceScan +k8s:openapi-gen=true
func (*ComplianceScanSpec) DeepCopy ¶
func (in *ComplianceScanSpec) DeepCopy() *ComplianceScanSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSpec.
func (*ComplianceScanSpec) DeepCopyInto ¶
func (in *ComplianceScanSpec) DeepCopyInto(out *ComplianceScanSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceScanSpecWrapper ¶
type ComplianceScanSpecWrapper struct { ComplianceScanSpec `json:",inline"` // Contains a human readable name for the scan. This is to identify the // objects that it creates. Name string `json:"name,omitempty"` }
ComplianceScanSpecWrapper provides a ComplianceScanSpec and a Name +k8s:openapi-gen=true
func (*ComplianceScanSpecWrapper) DeepCopy ¶
func (in *ComplianceScanSpecWrapper) DeepCopy() *ComplianceScanSpecWrapper
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSpecWrapper.
func (*ComplianceScanSpecWrapper) DeepCopyInto ¶
func (in *ComplianceScanSpecWrapper) DeepCopyInto(out *ComplianceScanSpecWrapper)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceScanSpecWrapper) ScanSpecDiffers ¶ added in v0.1.12
func (sw *ComplianceScanSpecWrapper) ScanSpecDiffers(other *ComplianceScan) bool
type ComplianceScanStatus ¶
type ComplianceScanStatus struct { // Is the phase where the scan is at. Normally, one must wait for the scan // to reach the phase DONE. Phase ComplianceScanStatusPhase `json:"phase,omitempty"` // Once the scan reaches the phase DONE, this will contain the result of // the scan. Where COMPLIANT means that the scan succeeded; NON-COMPLIANT // means that there were rule violations; and ERROR means that the scan // couldn't complete due to an issue. Result ComplianceScanStatusResult `json:"result,omitempty"` // If there are issues on the scan, this will be filled up with an error // message. ErrorMessage string `json:"errormsg,omitempty"` // Specifies the current index of the scan. Given multiple scans, this marks the // amount that have been executed. CurrentIndex int64 `json:"currentIndex,omitempty"` // Specifies the object that's storing the raw results for the scan. ResultsStorage StorageReference `json:"resultsStorage,omitempty"` // If there are warnings on the scan, this will be filled up with warning // messages. Warnings string `json:"warnings,omitempty"` }
ComplianceScanStatus defines the observed state of ComplianceScan +k8s:openapi-gen=true
func (*ComplianceScanStatus) DeepCopy ¶
func (in *ComplianceScanStatus) DeepCopy() *ComplianceScanStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanStatus.
func (*ComplianceScanStatus) DeepCopyInto ¶
func (in *ComplianceScanStatus) DeepCopyInto(out *ComplianceScanStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceScanStatusPhase ¶
type ComplianceScanStatusPhase string
Represents the status of the compliance scan run.
const ( // PhasePending represents the scan pending to be scheduled PhasePending ComplianceScanStatusPhase = "PENDING" // PhaseLaunching represents being scheduled and launching pods to run the scans PhaseLaunching ComplianceScanStatusPhase = "LAUNCHING" // PhaseRunning represents the scan being ran by the pods and waiting for the results PhaseRunning ComplianceScanStatusPhase = "RUNNING" // PhaseAggregating represents the scan aggregating the results PhaseAggregating ComplianceScanStatusPhase = "AGGREGATING" // PhaseDone represents the scan pods being done and the results being available PhaseDone ComplianceScanStatusPhase = "DONE" )
type ComplianceScanStatusResult ¶
type ComplianceScanStatusResult string
Represents the result of the compliance scan
type ComplianceScanStatusWrapper ¶
type ComplianceScanStatusWrapper struct { ComplianceScanStatus `json:",inline"` // Contains a human readable name for the scan. This is to identify the // objects that it creates. Name string `json:"name,omitempty"` }
ComplianceScanStatusWrapper provides a ComplianceScanStatus and a Name +k8s:openapi-gen=true
func ScanStatusWrapperFromScan ¶ added in v0.1.6
func ScanStatusWrapperFromScan(s *ComplianceScan) ComplianceScanStatusWrapper
ScanStatusWrapperFromScan returns a ComplianceScanStatusWrapper object (used by the ComplianceSuite object) in order to display the status of a scan
func (*ComplianceScanStatusWrapper) DeepCopy ¶
func (in *ComplianceScanStatusWrapper) DeepCopy() *ComplianceScanStatusWrapper
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanStatusWrapper.
func (*ComplianceScanStatusWrapper) DeepCopyInto ¶
func (in *ComplianceScanStatusWrapper) DeepCopyInto(out *ComplianceScanStatusWrapper)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceScanType ¶ added in v0.1.9
type ComplianceScanType string
ComplianceScanType +k8s:openapi-gen=true
type ComplianceSuite ¶
type ComplianceSuite struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Contains the definition of the suite Spec ComplianceSuiteSpec `json:"spec,omitempty"` // Contains the current state of the suite Status ComplianceSuiteStatus `json:"status,omitempty"` }
ComplianceSuite represents a set of scans that will be applied to the cluster. These should help deployers achieve a certain compliance target. +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=compliancesuites,scope=Namespaced,shortName=suites;suite +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=`.status.phase` +kubebuilder:printcolumn:name="Result",type="string",JSONPath=`.status.result`
func (*ComplianceSuite) ApplyRemediationsAnnotationSet ¶ added in v0.1.25
func (s *ComplianceSuite) ApplyRemediationsAnnotationSet() bool
func (*ComplianceSuite) DeepCopy ¶
func (in *ComplianceSuite) DeepCopy() *ComplianceSuite
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuite.
func (*ComplianceSuite) DeepCopyInto ¶
func (in *ComplianceSuite) DeepCopyInto(out *ComplianceSuite)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceSuite) DeepCopyObject ¶
func (in *ComplianceSuite) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ComplianceSuite) IsResultAvailable ¶ added in v0.1.9
func (s *ComplianceSuite) IsResultAvailable() bool
func (*ComplianceSuite) LowestCommonResult ¶ added in v0.1.7
func (s *ComplianceSuite) LowestCommonResult() ComplianceScanStatusResult
func (*ComplianceSuite) LowestCommonState ¶ added in v0.1.7
func (s *ComplianceSuite) LowestCommonState() ComplianceScanStatusPhase
func (*ComplianceSuite) RemoveOutdatedAnnotationSet ¶ added in v0.1.29
func (s *ComplianceSuite) RemoveOutdatedAnnotationSet() bool
func (*ComplianceSuite) ShouldApplyRemediations ¶ added in v0.1.25
func (s *ComplianceSuite) ShouldApplyRemediations() bool
ShouldApplyRemediations returns whether the ComplianceSuite requires that the CoplianceRemediations that were generated from it be applied.
func (*ComplianceSuite) ShouldRemoveOutdated ¶ added in v0.1.29
func (s *ComplianceSuite) ShouldRemoveOutdated() bool
type ComplianceSuiteList ¶
type ComplianceSuiteList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ComplianceSuite `json:"items"` }
ComplianceSuiteList contains a list of ComplianceSuite
func (*ComplianceSuiteList) DeepCopy ¶
func (in *ComplianceSuiteList) DeepCopy() *ComplianceSuiteList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteList.
func (*ComplianceSuiteList) DeepCopyInto ¶
func (in *ComplianceSuiteList) DeepCopyInto(out *ComplianceSuiteList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceSuiteList) DeepCopyObject ¶
func (in *ComplianceSuiteList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ComplianceSuiteSettings ¶ added in v0.1.10
type ComplianceSuiteSettings struct { // Defines whether or not the remediations should be applied automatically AutoApplyRemediations bool `json:"autoApplyRemediations,omitempty"` // Defines whether or not the remediations should be updated automatically. // This is done by deleting the "outdated" object from the remediation. AutoUpdateRemediations bool `json:"autoUpdateRemediations,omitempty"` // Defines a schedule for the scans to run. This is in cronjob format. // Note the scan will still be triggered immediately, and the scheduled // scans will start running only after the initial results are ready. Schedule string `json:"schedule,omitempty"` }
ComplianceSuiteSettings groups together settings of a ComplianceSuite +k8s:openapi-gen=true
func (*ComplianceSuiteSettings) DeepCopy ¶ added in v0.1.10
func (in *ComplianceSuiteSettings) DeepCopy() *ComplianceSuiteSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteSettings.
func (*ComplianceSuiteSettings) DeepCopyInto ¶ added in v0.1.10
func (in *ComplianceSuiteSettings) DeepCopyInto(out *ComplianceSuiteSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceSuiteSpec ¶
type ComplianceSuiteSpec struct { ComplianceSuiteSettings `json:",inline"` // Contains a list of the scans to execute on the cluster // +listType=atomic Scans []ComplianceScanSpecWrapper `json:"scans"` }
ComplianceSuiteSpec defines the desired state of ComplianceSuite +k8s:openapi-gen=true
func (*ComplianceSuiteSpec) DeepCopy ¶
func (in *ComplianceSuiteSpec) DeepCopy() *ComplianceSuiteSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteSpec.
func (*ComplianceSuiteSpec) DeepCopyInto ¶
func (in *ComplianceSuiteSpec) DeepCopyInto(out *ComplianceSuiteSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceSuiteStatus ¶
type ComplianceSuiteStatus struct { // +listType=atomic ScanStatuses []ComplianceScanStatusWrapper `json:"scanStatuses,omitempty"` Phase ComplianceScanStatusPhase `json:"phase,omitempty"` Result ComplianceScanStatusResult `json:"result,omitempty"` ErrorMessage string `json:"errorMessage,omitempty"` // +optional Conditions conditions.Conditions `json:"conditions,omitempty"` }
ComplianceSuiteStatus defines the observed state of ComplianceSuite +k8s:openapi-gen=true
func (*ComplianceSuiteStatus) DeepCopy ¶
func (in *ComplianceSuiteStatus) DeepCopy() *ComplianceSuiteStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteStatus.
func (*ComplianceSuiteStatus) DeepCopyInto ¶
func (in *ComplianceSuiteStatus) DeepCopyInto(out *ComplianceSuiteStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ComplianceSuiteStatus) SetConditionInvalid ¶ added in v0.1.28
func (s *ComplianceSuiteStatus) SetConditionInvalid()
func (*ComplianceSuiteStatus) SetConditionPending ¶ added in v0.1.28
func (s *ComplianceSuiteStatus) SetConditionPending()
func (*ComplianceSuiteStatus) SetConditionReady ¶ added in v0.1.28
func (s *ComplianceSuiteStatus) SetConditionReady()
func (*ComplianceSuiteStatus) SetConditionsProcessing ¶ added in v0.1.28
func (s *ComplianceSuiteStatus) SetConditionsProcessing()
type DataStreamStatusType ¶ added in v0.1.10
type DataStreamStatusType string
DataStreamStatusType is the type for the data stream status
const ( // DataStreamPending represents the state where the data stream // hasn't been processed yet DataStreamPending DataStreamStatusType = "PENDING" // DataStreamValid represents the status for a valid data stream DataStreamValid DataStreamStatusType = "VALID" // DataStreamInvalid represents the status for an invalid data stream DataStreamInvalid DataStreamStatusType = "INVALID" )
type FixDefinition ¶ added in v0.1.10
type FixDefinition struct { // The platform that the fix applies to Platform string `json:"platform,omitempty"` // An estimate of the potential disruption or operational // degradation that this fix will impose in the target system Disruption string `json:"disruption,omitempty"` // an object that should bring the rule into compliance // +kubebuilder:pruning:PreserveUnknownFields // +kubebuilder:validation:EmbeddedResource // +kubebuilder:validation:nullable FixObject *unstructured.Unstructured `json:"fixObject,omitempty"` }
FixDefinition Specifies a fix or remediation that applies to a rule
func (*FixDefinition) DeepCopy ¶ added in v0.1.10
func (in *FixDefinition) DeepCopy() *FixDefinition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FixDefinition.
func (*FixDefinition) DeepCopyInto ¶ added in v0.1.10
func (in *FixDefinition) DeepCopyInto(out *FixDefinition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NamedObjectReference ¶ added in v0.1.10
type NamedObjectReference struct { Name string `json:"name,omitempty"` Kind string `json:"kind,omitempty"` APIGroup string `json:"apiGroup,omitempty"` }
func (*NamedObjectReference) DeepCopy ¶ added in v0.1.10
func (in *NamedObjectReference) DeepCopy() *NamedObjectReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedObjectReference.
func (*NamedObjectReference) DeepCopyInto ¶ added in v0.1.10
func (in *NamedObjectReference) DeepCopyInto(out *NamedObjectReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OutputRef ¶ added in v0.1.10
OutputRef is a reference to the object created from the tailored profile
func (*OutputRef) DeepCopy ¶ added in v0.1.10
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutputRef.
func (*OutputRef) DeepCopyInto ¶ added in v0.1.10
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Profile ¶ added in v0.1.10
type Profile struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` ProfilePayload `json:",inline"` }
Profile is the Schema for the profiles API +kubebuilder:resource:path=profiles,scope=Namespaced,shortName=profs;prof
func (*Profile) DeepCopy ¶ added in v0.1.10
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Profile.
func (*Profile) DeepCopyInto ¶ added in v0.1.10
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Profile) DeepCopyObject ¶ added in v0.1.10
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProfileBundle ¶ added in v0.1.10
type ProfileBundle struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ProfileBundleSpec `json:"spec,omitempty"` Status ProfileBundleStatus `json:"status,omitempty"` }
ProfileBundle is the Schema for the profilebundles API +kubebuilder:subresource:status +kubebuilder:resource:path=profilebundles,scope=Namespaced,shortName=pb +kubebuilder:printcolumn:name="ContentImage",type="string",JSONPath=`.spec.contentImage` +kubebuilder:printcolumn:name="ContentFile",type="string",JSONPath=`.spec.contentFile` +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status.dataStreamStatus`
func (*ProfileBundle) DeepCopy ¶ added in v0.1.10
func (in *ProfileBundle) DeepCopy() *ProfileBundle
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundle.
func (*ProfileBundle) DeepCopyInto ¶ added in v0.1.10
func (in *ProfileBundle) DeepCopyInto(out *ProfileBundle)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProfileBundle) DeepCopyObject ¶ added in v0.1.10
func (in *ProfileBundle) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProfileBundleList ¶ added in v0.1.10
type ProfileBundleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ProfileBundle `json:"items"` }
ProfileBundleList contains a list of ProfileBundle
func (*ProfileBundleList) DeepCopy ¶ added in v0.1.10
func (in *ProfileBundleList) DeepCopy() *ProfileBundleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleList.
func (*ProfileBundleList) DeepCopyInto ¶ added in v0.1.10
func (in *ProfileBundleList) DeepCopyInto(out *ProfileBundleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProfileBundleList) DeepCopyObject ¶ added in v0.1.10
func (in *ProfileBundleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProfileBundleSpec ¶ added in v0.1.10
type ProfileBundleSpec struct { // Is the path for the image that contains the content for this bundle. ContentImage string `json:"contentImage"` // Is the path for the file in the image that contains the content for this bundle. ContentFile string `json:"contentFile"` }
Defines the desired state of ProfileBundle
func (*ProfileBundleSpec) DeepCopy ¶ added in v0.1.10
func (in *ProfileBundleSpec) DeepCopy() *ProfileBundleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleSpec.
func (*ProfileBundleSpec) DeepCopyInto ¶ added in v0.1.10
func (in *ProfileBundleSpec) DeepCopyInto(out *ProfileBundleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProfileBundleStatus ¶ added in v0.1.10
type ProfileBundleStatus struct { // Presents the current status for the datastream for this bundle // +kubebuilder:default=PENDING DataStreamStatus DataStreamStatusType `json:"dataStreamStatus,omitempty"` // If there's an error in the datastream, it'll be presented here ErrorMessage string `json:"errorMessage,omitempty"` // Defines the conditions for the ProfileBundle. Valid conditions are: // - Ready: Indicates if the ProfileBundle is Ready parsing or not. // +optional Conditions conditions.Conditions `json:"conditions,omitempty"` }
Defines the observed state of ProfileBundle
func (*ProfileBundleStatus) DeepCopy ¶ added in v0.1.10
func (in *ProfileBundleStatus) DeepCopy() *ProfileBundleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleStatus.
func (*ProfileBundleStatus) DeepCopyInto ¶ added in v0.1.10
func (in *ProfileBundleStatus) DeepCopyInto(out *ProfileBundleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProfileBundleStatus) SetConditionInvalid ¶ added in v0.1.28
func (s *ProfileBundleStatus) SetConditionInvalid()
func (*ProfileBundleStatus) SetConditionPending ¶ added in v0.1.28
func (s *ProfileBundleStatus) SetConditionPending()
func (*ProfileBundleStatus) SetConditionReady ¶ added in v0.1.28
func (s *ProfileBundleStatus) SetConditionReady()
type ProfileList ¶ added in v0.1.10
type ProfileList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Profile `json:"items"` }
ProfileList contains a list of Profile
func (*ProfileList) DeepCopy ¶ added in v0.1.10
func (in *ProfileList) DeepCopy() *ProfileList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileList.
func (*ProfileList) DeepCopyInto ¶ added in v0.1.10
func (in *ProfileList) DeepCopyInto(out *ProfileList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProfileList) DeepCopyObject ¶ added in v0.1.10
func (in *ProfileList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProfilePayload ¶ added in v0.1.12
type ProfilePayload struct { Title string `json:"title"` Description string `json:"description"` ID string `json:"id"` // +nullable // +optional // +listType=atomic Rules []ProfileRule `json:"rules,omitempty"` // +nullable // +optional // +listType=atomic Values []ProfileValue `json:"values,omitempty"` }
func (*ProfilePayload) DeepCopy ¶ added in v0.1.12
func (in *ProfilePayload) DeepCopy() *ProfilePayload
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfilePayload.
func (*ProfilePayload) DeepCopyInto ¶ added in v0.1.12
func (in *ProfilePayload) DeepCopyInto(out *ProfilePayload)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProfileRule ¶ added in v0.1.10
type ProfileRule string
ProfileRule defines the name of a specific rule in the profile
func NewProfileRule ¶ added in v0.1.10
func NewProfileRule(rule string) ProfileRule
NewProfileRule returns a new ProfileRule from the given rule string
type ProfileValue ¶ added in v0.1.10
type ProfileValue string
ProfileValue defines a value for a setting in the profile
type RawResultStorageSettings ¶ added in v0.1.11
type RawResultStorageSettings struct { // Specifies the amount of storage to ask for storing the raw results. Note that // if re-scans happen, the new results will also need to be stored. Defaults to 1Gi. // +kubebuilder:validation:Default=1Gi // +kubebuilder:default="1Gi" Size string `json:"size,omitempty"` // Specifies the amount of scans for which the raw results will be stored. // Older results will get rotated, and it's the responsibility of administrators // to store these results elsewhere before rotation happens. Note that a rotation // policy of '0' disables rotation entirely. Defaults to 3. // +kubebuilder:default=3 Rotation uint16 `json:"rotation,omitempty"` // Specifies the StorageClassName to use when creating the PersistentVolumeClaim // to hold the raw results. By default this is null, which will attempt to use the // default storage class configured in the cluster. If there is no default class specified // then this needs to be set. // +nullable StorageClassName *string `json:"storageClassName,omitempty"` // Specifies the access modes that the PersistentVolume will be created with. // The persistent volume will hold the raw results of the scan. // +kubebuilder:default={"ReadWriteOnce"} PVAccessModes []corev1.PersistentVolumeAccessMode `json:"pvAccessModes,omitempty"` // By setting this, it's possible to configure where the result server instances // are run. These instances will mount a Persistent Volume to store the raw // results, so special care should be taken to schedule these in trusted nodes. NodeSelector map[string]string `json:"nodeSelector,omitempty"` // Specifies tolerations needed for the result server to run on the nodes. This is useful // in case the target set of nodes have custom taints that don't allow certain // workloads to run. Defaults to allowing scheduling on master nodes. Tolerations []corev1.Toleration `json:"tolerations,omitempty"` }
When changing the defaults, remember to change also the DefaultRawStorageSize and DefaultStorageRotation constants
func (*RawResultStorageSettings) DeepCopy ¶ added in v0.1.11
func (in *RawResultStorageSettings) DeepCopy() *RawResultStorageSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RawResultStorageSettings.
func (*RawResultStorageSettings) DeepCopyInto ¶ added in v0.1.11
func (in *RawResultStorageSettings) DeepCopyInto(out *RawResultStorageSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RemediationApplicationState ¶
type RemediationApplicationState string
const ( RemediationPending RemediationApplicationState = "Pending" RemediationNotApplied RemediationApplicationState = "NotApplied" RemediationApplied RemediationApplicationState = "Applied" RemediationOutdated RemediationApplicationState = "Outdated" RemediationError RemediationApplicationState = "Error" RemediationMissingDependencies RemediationApplicationState = "MissingDependencies" RemediationNeedsReview RemediationApplicationState = "NeedsReview" )
type RemediationObjectDependencyReference ¶ added in v0.1.38
type RemediationObjectDependencyReference struct { metav1.TypeMeta `json:",inline"` Name string `json:"name"` Namespace string `json:"namespace,omitempty"` }
func (*RemediationObjectDependencyReference) DeepCopy ¶ added in v0.1.38
func (in *RemediationObjectDependencyReference) DeepCopy() *RemediationObjectDependencyReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemediationObjectDependencyReference.
func (*RemediationObjectDependencyReference) DeepCopyInto ¶ added in v0.1.38
func (in *RemediationObjectDependencyReference) DeepCopyInto(out *RemediationObjectDependencyReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RemediationType ¶
type RemediationType string
+kubebuilder:validation:Enum=Configuration;Enforcement
const ( ConfigurationRemediation RemediationType = "Configuration" EnforcementRemediation RemediationType = "Enforcement" )
type Rule ¶ added in v0.1.10
type Rule struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` RulePayload `json:",inline"` }
Rule is the Schema for the rules API +kubebuilder:resource:path=rules,scope=Namespaced
func (*Rule) DeepCopy ¶ added in v0.1.10
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
func (*Rule) DeepCopyInto ¶ added in v0.1.10
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Rule) DeepCopyObject ¶ added in v0.1.10
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RuleList ¶ added in v0.1.10
type RuleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Rule `json:"items"` }
RuleList contains a list of Rule
func (*RuleList) DeepCopy ¶ added in v0.1.10
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleList.
func (*RuleList) DeepCopyInto ¶ added in v0.1.10
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RuleList) DeepCopyObject ¶ added in v0.1.10
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RulePayload ¶ added in v0.1.12
type RulePayload struct { // The XCCDF ID ID string `json:"id"` // The title of the Rule Title string `json:"title"` // The description of the Rule Description string `json:"description,omitempty"` // The rationale of the Rule Rationale string `json:"rationale,omitempty"` // A discretionary warning about the of the Rule Warning string `json:"warning,omitempty"` // The severity level Severity string `json:"severity,omitempty"` // Instructions for auditing this specific rule Instructions string `json:"instructions,omitempty"` // What type of check will this rule execute: // Platform, Node or none (represented by an empty string) CheckType string `json:"checkType,omitempty"` // The Available fixes // +nullable // +optional // +listType=atomic AvailableFixes []FixDefinition `json:"availableFixes,omitempty"` }
func (*RulePayload) DeepCopy ¶ added in v0.1.12
func (in *RulePayload) DeepCopy() *RulePayload
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulePayload.
func (*RulePayload) DeepCopyInto ¶ added in v0.1.12
func (in *RulePayload) DeepCopyInto(out *RulePayload)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RuleReferenceSpec ¶ added in v0.1.10
type RuleReferenceSpec struct { // Name of the rule that's being referenced Name string `json:"name"` // Rationale of why this rule is being selected/deselected Rationale string `json:"rationale"` }
RuleReferenceSpec specifies a rule to be selected/deselected, as well as the reason why
func (*RuleReferenceSpec) DeepCopy ¶ added in v0.1.10
func (in *RuleReferenceSpec) DeepCopy() *RuleReferenceSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleReferenceSpec.
func (*RuleReferenceSpec) DeepCopyInto ¶ added in v0.1.10
func (in *RuleReferenceSpec) DeepCopyInto(out *RuleReferenceSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ScanSetting ¶ added in v0.1.10
type ScanSetting struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` ComplianceSuiteSettings `json:",inline"` ComplianceScanSettings `json:",inline"` // The list of roles to apply node-specific checks to. // // This will be translated to the standard Kubernetes // role label `node-role.kubernetes.io/<role name>`. // // It's also possible to specify `@all` as a role, which // will run a scan on all nodes by not specifying a node // selector as we normally do. The usage of `@all` in // OpenShift is discouraged as the operator won't // be able to apply remediations unless roles are specified. // // Note that tolerations must still be configured for // the opeartor to appropriately schedule scans. Roles []string `json:"roles,omitempty"` }
ScanSetting is the Schema for the scansettings API +kubebuilder:subresource:status +kubebuilder:resource:path=scansettings,scope=Namespaced,shortName=ss
func (*ScanSetting) DeepCopy ¶ added in v0.1.10
func (in *ScanSetting) DeepCopy() *ScanSetting
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSetting.
func (*ScanSetting) DeepCopyInto ¶ added in v0.1.10
func (in *ScanSetting) DeepCopyInto(out *ScanSetting)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ScanSetting) DeepCopyObject ¶ added in v0.1.10
func (in *ScanSetting) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ScanSettingBinding ¶ added in v0.1.10
type ScanSettingBinding struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Profiles []NamedObjectReference `json:"profiles,omitempty"` SettingsRef *NamedObjectReference `json:"settingsRef,omitempty"` // +optional Status ScanSettingBindingStatus `json:"status,omitempty"` }
ScanSettingBinding is the Schema for the scansettingbindings API +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=scansettingbindings,scope=Namespaced,shortName=ssb
func (*ScanSettingBinding) DeepCopy ¶ added in v0.1.10
func (in *ScanSettingBinding) DeepCopy() *ScanSettingBinding
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBinding.
func (*ScanSettingBinding) DeepCopyInto ¶ added in v0.1.10
func (in *ScanSettingBinding) DeepCopyInto(out *ScanSettingBinding)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ScanSettingBinding) DeepCopyObject ¶ added in v0.1.10
func (in *ScanSettingBinding) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ScanSettingBindingList ¶ added in v0.1.10
type ScanSettingBindingList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ScanSettingBinding `json:"items"` }
ScanSettingBindingList contains a list of ScanSettingBinding
func (*ScanSettingBindingList) DeepCopy ¶ added in v0.1.10
func (in *ScanSettingBindingList) DeepCopy() *ScanSettingBindingList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingList.
func (*ScanSettingBindingList) DeepCopyInto ¶ added in v0.1.10
func (in *ScanSettingBindingList) DeepCopyInto(out *ScanSettingBindingList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ScanSettingBindingList) DeepCopyObject ¶ added in v0.1.10
func (in *ScanSettingBindingList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ScanSettingBindingStatus ¶ added in v0.1.28
type ScanSettingBindingStatus struct { // +optional Conditions conditions.Conditions `json:"conditions,omitempty"` // Reference to the object generated from this ScanSettingBinding // +optional // +nullable OutputRef *corev1.TypedLocalObjectReference `json:"outputRef,omitempty"` }
func (*ScanSettingBindingStatus) DeepCopy ¶ added in v0.1.28
func (in *ScanSettingBindingStatus) DeepCopy() *ScanSettingBindingStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingStatus.
func (*ScanSettingBindingStatus) DeepCopyInto ¶ added in v0.1.28
func (in *ScanSettingBindingStatus) DeepCopyInto(out *ScanSettingBindingStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ScanSettingBindingStatus) SetConditionInvalid ¶ added in v0.1.28
func (s *ScanSettingBindingStatus) SetConditionInvalid(msg string)
func (*ScanSettingBindingStatus) SetConditionPending ¶ added in v0.1.28
func (s *ScanSettingBindingStatus) SetConditionPending()
func (*ScanSettingBindingStatus) SetConditionReady ¶ added in v0.1.28
func (s *ScanSettingBindingStatus) SetConditionReady()
type ScanSettingList ¶ added in v0.1.10
type ScanSettingList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ScanSetting `json:"items"` }
ScanSettingList contains a list of ScanSetting
func (*ScanSettingList) DeepCopy ¶ added in v0.1.10
func (in *ScanSettingList) DeepCopy() *ScanSettingList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingList.
func (*ScanSettingList) DeepCopyInto ¶ added in v0.1.10
func (in *ScanSettingList) DeepCopyInto(out *ScanSettingList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ScanSettingList) DeepCopyObject ¶ added in v0.1.10
func (in *ScanSettingList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type StorageReference ¶ added in v0.1.10
type StorageReference struct { // Kind of the referent. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds // +optional Kind string `json:"kind,omitempty"` // Namespace of the referent. // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ // +optional Namespace string `json:"namespace,omitempty"` // Name of the referent. // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names // +optional Name string `json:"name,omitempty"` // API version of the referent. // +optional APIVersion string `json:"apiVersion,omitempty"` }
StorageReference stores a reference to where certain objects are being stored
func (*StorageReference) DeepCopy ¶ added in v0.1.10
func (in *StorageReference) DeepCopy() *StorageReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageReference.
func (*StorageReference) DeepCopyInto ¶ added in v0.1.10
func (in *StorageReference) DeepCopyInto(out *StorageReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TailoredProfile ¶ added in v0.1.10
type TailoredProfile struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec TailoredProfileSpec `json:"spec,omitempty"` Status TailoredProfileStatus `json:"status,omitempty"` }
TailoredProfile is the Schema for the tailoredprofiles API +kubebuilder:subresource:status +kubebuilder:resource:path=tailoredprofiles,scope=Namespaced,shortName=tp;tprof +kubebuilder:printcolumn:name="State",type="string",JSONPath=`.status.state`,description="State of the tailored profile"
func (*TailoredProfile) DeepCopy ¶ added in v0.1.10
func (in *TailoredProfile) DeepCopy() *TailoredProfile
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfile.
func (*TailoredProfile) DeepCopyInto ¶ added in v0.1.10
func (in *TailoredProfile) DeepCopyInto(out *TailoredProfile)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TailoredProfile) DeepCopyObject ¶ added in v0.1.10
func (in *TailoredProfile) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TailoredProfileList ¶ added in v0.1.10
type TailoredProfileList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []TailoredProfile `json:"items"` }
TailoredProfileList contains a list of TailoredProfile
func (*TailoredProfileList) DeepCopy ¶ added in v0.1.10
func (in *TailoredProfileList) DeepCopy() *TailoredProfileList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileList.
func (*TailoredProfileList) DeepCopyInto ¶ added in v0.1.10
func (in *TailoredProfileList) DeepCopyInto(out *TailoredProfileList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TailoredProfileList) DeepCopyObject ¶ added in v0.1.10
func (in *TailoredProfileList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TailoredProfileSpec ¶ added in v0.1.10
type TailoredProfileSpec struct { // +optional // Points to the name of the profile to extend Extends string `json:"extends,omitempty"` // Title for the tailored profile. It can't be empty. // +kubebuilder:validation:Pattern=^.+$ Title string `json:"title"` // Description of tailored profile. It can't be empty. // +kubebuilder:validation:Pattern=^.+$ Description string `json:"description"` // Enables the referenced rules // +optional // +nullable EnableRules []RuleReferenceSpec `json:"enableRules,omitempty"` // Disables the referenced rules // +optional // +nullable DisableRules []RuleReferenceSpec `json:"disableRules,omitempty"` // Sets the referenced variables to selected values // +optional // +nullable SetValues []VariableValueSpec `json:"setValues,omitempty"` }
TailoredProfileSpec defines the desired state of TailoredProfile
func (*TailoredProfileSpec) DeepCopy ¶ added in v0.1.10
func (in *TailoredProfileSpec) DeepCopy() *TailoredProfileSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileSpec.
func (*TailoredProfileSpec) DeepCopyInto ¶ added in v0.1.10
func (in *TailoredProfileSpec) DeepCopyInto(out *TailoredProfileSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TailoredProfileState ¶ added in v0.1.10
type TailoredProfileState string
TailoredProfileState defines the state fo the tailored profile
const ( // TailoredProfileStatePending is a state where a tailored profile is still pending to be processed TailoredProfileStatePending TailoredProfileState = "PENDING" // TailoredProfileStateReady is a state where a tailored profile is ready to be used TailoredProfileStateReady TailoredProfileState = "READY" // TailoredProfileStateError is a state where a tailored profile had an error while processing TailoredProfileStateError TailoredProfileState = "ERROR" )
type TailoredProfileStatus ¶ added in v0.1.10
type TailoredProfileStatus struct { // The XCCDF ID of the tailored profile ID string `json:"id,omitempty"` // Points to the generated resource OutputRef OutputRef `json:"outputRef,omitempty"` // The current state of the tailored profile State TailoredProfileState `json:"state,omitempty"` ErrorMessage string `json:"errorMessage,omitempty"` }
TailoredProfileStatus defines the observed state of TailoredProfile
func (*TailoredProfileStatus) DeepCopy ¶ added in v0.1.10
func (in *TailoredProfileStatus) DeepCopy() *TailoredProfileStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileStatus.
func (*TailoredProfileStatus) DeepCopyInto ¶ added in v0.1.10
func (in *TailoredProfileStatus) DeepCopyInto(out *TailoredProfileStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TailoringConfigMapRef ¶ added in v0.1.9
type TailoringConfigMapRef struct { // Name of the ConfigMap being referenced Name string `json:"name"` }
TailoringConfigMapRef is a reference to a ConfigMap that contains the tailoring file. It assumes a key called `tailoring.xml` which will have the tailoring contents.
func (*TailoringConfigMapRef) DeepCopy ¶ added in v0.1.9
func (in *TailoringConfigMapRef) DeepCopy() *TailoringConfigMapRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoringConfigMapRef.
func (*TailoringConfigMapRef) DeepCopyInto ¶ added in v0.1.9
func (in *TailoringConfigMapRef) DeepCopyInto(out *TailoringConfigMapRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ValueSelection ¶ added in v0.1.10
type ValueSelection struct { // The string description of the selection Description string `json:"description,omitempty"` // The value of the variable Value string `json:"value,omitempty"` }
func (*ValueSelection) DeepCopy ¶ added in v0.1.10
func (in *ValueSelection) DeepCopy() *ValueSelection
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueSelection.
func (*ValueSelection) DeepCopyInto ¶ added in v0.1.10
func (in *ValueSelection) DeepCopyInto(out *ValueSelection)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Variable ¶ added in v0.1.10
type Variable struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` VariablePayload `json:",inline"` }
Variable describes a tunable in the XCCDF profile +kubebuilder:resource:path=variables,scope=Namespaced,shortName=var
func (*Variable) DeepCopy ¶ added in v0.1.10
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Variable.
func (*Variable) DeepCopyInto ¶ added in v0.1.10
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Variable) DeepCopyObject ¶ added in v0.1.10
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VariableList ¶ added in v0.1.10
type VariableList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Variable `json:"items"` }
VariableList contains a list of Variable
func (*VariableList) DeepCopy ¶ added in v0.1.10
func (in *VariableList) DeepCopy() *VariableList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariableList.
func (*VariableList) DeepCopyInto ¶ added in v0.1.10
func (in *VariableList) DeepCopyInto(out *VariableList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VariableList) DeepCopyObject ¶ added in v0.1.10
func (in *VariableList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VariablePayload ¶ added in v0.1.12
type VariablePayload struct { // the ID of the variable ID string `json:"id"` // The title of the Variable Title string `json:"title"` // The description of the Variable Description string `json:"description,omitempty"` // The type of the variable Type VariableType `json:"type"` // The value of the variable Value string `json:"value,omitempty"` // Enumerates what values are allowed for this variable. Can be empty. // +optional // +nullable // +listType=atomic Selections []ValueSelection `json:"selections,omitempty"` }
func (*VariablePayload) DeepCopy ¶ added in v0.1.12
func (in *VariablePayload) DeepCopy() *VariablePayload
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariablePayload.
func (*VariablePayload) DeepCopyInto ¶ added in v0.1.12
func (in *VariablePayload) DeepCopyInto(out *VariablePayload)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VariableType ¶ added in v0.1.10
type VariableType string
+kubebuilder:validation:Enum=number;bool;string
type VariableValueSpec ¶ added in v0.1.10
type VariableValueSpec struct { // Name of the variable that's being referenced Name string `json:"name"` // Rationale of why this value is being tailored Rationale string `json:"rationale"` // Value of the variable being set Value string `json:"value"` }
ValueReferenceSpec specifies a value to be set for a variable with a reason why
func (*VariableValueSpec) DeepCopy ¶ added in v0.1.10
func (in *VariableValueSpec) DeepCopy() *VariableValueSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariableValueSpec.
func (*VariableValueSpec) DeepCopyInto ¶ added in v0.1.10
func (in *VariableValueSpec) DeepCopyInto(out *VariableValueSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files ¶
- compliancecheckresult_types.go
- complianceremediation_types.go
- compliancescan_types.go
- compliancesuite_types.go
- doc.go
- profile_types.go
- profilebundle_types.go
- register.go
- rule_types.go
- scansetting_types.go
- scansettingbinding_types.go
- tailoredprofile_types.go
- variable_types.go
- zz_generated.deepcopy.go