v1alpha1

package
v0.1.31 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 12, 2021 License: Apache-2.0 Imports: 12 Imported by: 1

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the complianceoperator v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=compliance.openshift.io

Package v1alpha1 contains API Schema definitions for the complianceoperator v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=compliance.openshift.io

Index

Constants

View Source
const (
	// OutdatedRemediationLabel specifies that the remediation has been superseded by a newer version
	OutdatedRemediationLabel               = "complianceoperator.openshift.io/outdated-remediation"
	RemediationHasUnmetDependenciesLabel   = "compliance.openshift.io/has-unmet-dependencies"
	RemediationCreatedByOperatorAnnotation = "compliance.openshift.io/remediation"
	RemediationDependencyAnnotation        = "compliance.openshift.io/depends-on"
	RemediationDependenciesMetAnnotation   = "compliance.openshift.io/dependencies-met"
)
View Source
const (
	// ResultNot available represents the compliance scan not having finished yet
	ResultNotAvailable ComplianceScanStatusResult = "NOT-AVAILABLE"
	// ResultCompliant represents the compliance scan having succeeded
	ResultCompliant ComplianceScanStatusResult = "COMPLIANT"
	// ResultNotApplicable represents the compliance scan having no useful results after finished
	ResultNotApplicable ComplianceScanStatusResult = "NOT-APPLICABLE"
	// ResultError represents a compliance scan pod having failed to run the scan or encountered an error
	ResultError ComplianceScanStatusResult = "ERROR"
	// ResultNonCompliant represents the compliance scan having found a gap
	ResultNonCompliant ComplianceScanStatusResult = "NON-COMPLIANT"
	// ResultInconsistent represents checks differing across the machines
	ResultInconsistent ComplianceScanStatusResult = "INCONSISTENT"
	ScanTypeNode       ComplianceScanType         = "Node"
	ScanTypePlatform   ComplianceScanType         = "Platform"
)
View Source
const (
	VarTypeNumber = "number"
	VarTypeBool   = "bool"
	VarTypeString = "string"
)
View Source
const ApplyRemediationsAnnotation = "compliance.openshift.io/apply-remediations"

ApplyRemediationsAnnotation is an annotation that, when set on a ComplianceSuite will apply all the remediations that were generated. It will be removed once they've been applied.

View Source
const CmScanResultAnnotation = "compliance.openshift.io/scan-result"

CmScanResultAnnotation holds the processed scanner result

View Source
const CmScanResultErrMsg = "compliance.openshift.io/scan-error-msg"

CmScanResultErrMsg holds the processed scanner error message

View Source
const ComplianceCheckInconsistentLabel = "compliance.openshift.io/inconsistent-check"

ComplianceCheckInconsistentLabel signifies that the check's results were not consistent across the target nodes

View Source
const ComplianceCheckResultErrorAnnotation = "compliance.openshift.io/error-msg"
View Source
const ComplianceCheckResultHasRemediation = "compliance.openshift.io/automated-remediation"

ComplianceCheckResultLabel defines a label that will be included in the ComplianceCheckResult objects. It indicates whether the result has an automated remediation or not.

View Source
const ComplianceCheckResultInconsistentSourceAnnotation = "compliance.openshift.io/inconsistent-source"

ComplianceCheckResultInconsistentSourceAnnotation is only used with an Inconsistent check result It either lists statuses of nodes that differ from ComplianceCheckResultMostCommonAnnotation or, if the most common state does not exist, just lists all sources of all nodes.

View Source
const ComplianceCheckResultMostCommonAnnotation = "compliance.openshift.io/most-common-status"

ComplianceCheckResultMostCommonAnnotation stores the most common ComplianceCheckStatus value in an inconsistent check. In order for the result to be most common, at least 60% of the nodes must report the same result. The nodes that differ from the most common status are listed using ComplianceCheckResultInconsistentSourceAnnotation

View Source
const ComplianceCheckResultRuleAnnotation = "compliance.openshift.io/rule"

ComplianceCheckResultRuleAnnotation exposes the DNS-friendly name of a rule as a label. This provides a way to link a result to a Rule object.

View Source
const ComplianceCheckResultSeverityLabel = "compliance.openshift.io/check-severity"
View Source
const ComplianceCheckResultStatusLabel = "compliance.openshift.io/check-status"

ComplianceCheckResultLabel defines a label that will be included in the ComplianceCheckResult objects. It indicates the result in an easy-to-find way.

View Source
const (
	// The key of a ComplianceCheckResult that dependency annotations point to
	ComplianceRemediationDependencyField = "id"
)
View Source
const ComplianceScanLabel = "compliance.openshift.io/scan-name"

ComplianceScanLabel serves as an indicator for which ComplianceScan owns the referenced object

View Source
const ComplianceScanRescanAnnotation = "compliance.openshift.io/rescan"

ComplianceScanRescanAnnotation indicates that a ComplianceScan should be re-run

View Source
const DefaultRawStorageSize = "1Gi"

DefaultRawStorageSize specifies the default storage size where the raw results will be stored at

View Source
const DefaultStorageRotation = 3
View Source
const ProductAnnotation = "compliance.openshift.io/product"

ProductAnnotation specifies the name of the platform this Profile or TailoredProfile is targetting. Example: ocp4, rhcos4, ...

View Source
const ProductTypeAnnotation = "compliance.openshift.io/product-type"

ProductTypeAnnotation specifies what kind of platform (node,platform) this Profile or a TailoredProfile targets

View Source
const ProfileBundleFinalizer = "profilebundle.finalizers.compliance.openshift.io"

ProfileBundleFinalizer is a finalizer for ProfileBundles. It gets automatically added by the ProfileBundle controller in order to delete resources.

View Source
const ProfileBundleOwnerLabel = "compliance.openshift.io/profile-bundle"

ProfileBundleOwnerLabel marks a profile or rule as owned by a profile bundle and helps users filter such objects

View Source
const ProfileImageDigestAnnotation = "compliance.openshift.io/image-digest"

ProfileImageDigestAnnotation is the parsed out digest of the content image

View Source
const RemoveOutdatedAnnotation = "compliance.openshift.io/remove-outdated"

RemoveOutdatedAnnotation is an annotation that, when set on a ComplianceSuite will automatically remove outdated remediations so the operator will apply only the up-to-date ones. It'll be removed once the outdated remediations have been removed.

View Source
const ResultLabel = "complianceoperator.openshift.io/scan-result"

ResultLabel defines that the object is a result of a scan

View Source
const RuleIDAnnotationKey = "compliance.openshift.io/rule"

RuleIDAnnotationKey exposes the DNS-friendly name of a rule as an annotation. This provides a way to link a result to a Rule object. TODO(jaosorior): Decide where this actually belongs... should it be here or in the compliance-operator?

View Source
const ScanFinalizer = "scan.finalizers.compliance.openshift.io"

ScanFinalizer is a finalizer for ComplianceScans. It gets automatically added by the ComplianceScan controller in order to delete resources.

View Source
const ScriptLabel = "complianceoperator.openshift.io/scan-script"

ScriptLabel defines that the object is a script for a scan object

View Source
const SuiteFinalizer = "suite.finalizers.compliance.openshift.io"

SuiteFinalizer is a finalizer for ComplianceSuites. It gets automatically added by the ComplianceSuite controller in order to delete resources.

View Source
const SuiteLabel = "compliance.openshift.io/suite"

SuiteLabel indicates that an object (normally the ComplianceScan or a ComplianceRemediation) belongs to a certain ComplianceSuite. This is an easy way to filter them.

View Source
const SuiteScriptLabel = "compliance.openshift.io/suite-script"

SuiteScriptLabel indicates that the object is a script belonging to the compliance suite controller

Variables

View Source
var (
	// SchemeGroupVersion is group version used to register these objects
	SchemeGroupVersion = schema.GroupVersion{Group: "compliance.openshift.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
)
View Source
var ErrUnkownScanType = errors.New("Unknown scan type")

Functions

func AddRemediationAnnotation added in v0.1.20

func AddRemediationAnnotation(obj metav1.Object)

AddRemediationAnnotation annotates an object to say it was created by this operator

func RemediationWasCreatedByOperator added in v0.1.20

func RemediationWasCreatedByOperator(obj metav1.Object) bool

AddRemediationAnnotation tells us if an object was created by this operator

Types

type ComplianceCheckResult added in v0.1.9

type ComplianceCheckResult struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// A unique identifier of a check
	ID string `json:"id"`
	// The result of a check
	Status ComplianceCheckStatus `json:"status"`
	// The severity of a check status
	Severity ComplianceCheckResultSeverity `json:"severity"`
	// A human-readable check description, what and why it does
	Description string `json:"description,omitempty"`
	// How to evaluate if the rule status manually. If no automatic test is present, the rule status will be MANUAL
	// and the administrator should follow these instructions.
	Instructions string `json:"instructions,omitempty"`
	// Any warnings that the user should be aware about.
	// +nullable
	Warnings []string `json:"warnings,omitempty"`
}

ComplianceCheckResult represent a result of a single compliance "test" +kubebuilder:resource:path=compliancecheckresults,scope=Namespaced,shortName=ccr;checkresults;checkresult +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status` +kubebuilder:printcolumn:name="Severity",type="string",JSONPath=`.severity`

func (*ComplianceCheckResult) DeepCopy added in v0.1.9

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceCheckResult.

func (*ComplianceCheckResult) DeepCopyInto added in v0.1.9

func (in *ComplianceCheckResult) DeepCopyInto(out *ComplianceCheckResult)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceCheckResult) DeepCopyObject added in v0.1.9

func (in *ComplianceCheckResult) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ComplianceCheckResult) IDToDNSFriendlyName added in v0.1.10

func (ccr *ComplianceCheckResult) IDToDNSFriendlyName() string

IDToDNSFriendlyName gets the ID from the scan and returns a DNS friendly name

type ComplianceCheckResultList added in v0.1.9

type ComplianceCheckResultList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ComplianceCheckResult `json:"items"`
}

ComplianceCheckResultList contains a list of ComplianceCheckResult

func (*ComplianceCheckResultList) DeepCopy added in v0.1.9

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceCheckResultList.

func (*ComplianceCheckResultList) DeepCopyInto added in v0.1.9

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceCheckResultList) DeepCopyObject added in v0.1.9

func (in *ComplianceCheckResultList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceCheckResultSeverity added in v0.1.9

type ComplianceCheckResultSeverity string
const (
	CheckResultSeverityUnknown ComplianceCheckResultSeverity = "unknown"
	CheckResultSeverityInfo    ComplianceCheckResultSeverity = "info"
	CheckResultSeverityLow     ComplianceCheckResultSeverity = "low"
	CheckResultSeverityMedium  ComplianceCheckResultSeverity = "medium"
	CheckResultSeverityHigh    ComplianceCheckResultSeverity = "high"
)

type ComplianceCheckStatus added in v0.1.9

type ComplianceCheckStatus string
const (
	// The check ran to completion and passed
	CheckResultPass ComplianceCheckStatus = "PASS"
	// The check ran to completion and failed
	CheckResultFail ComplianceCheckStatus = "FAIL"
	// The check ran to completion and found something not severe enough to be considered error
	CheckResultInfo ComplianceCheckStatus = "INFO"
	// The check ran to completion and found something not severe enough to be considered error
	CheckResultManual ComplianceCheckStatus = "MANUAL"
	// The check ran, but could not complete properly
	CheckResultError ComplianceCheckStatus = "ERROR"
	// The check didn't run because it is not applicable or not selected
	CheckResultNotApplicable ComplianceCheckStatus = "NOT-APPLICABLE"
	// The check reports different results from different sources, typically cluster nodes
	CheckResultInconsistent ComplianceCheckStatus = "INCONSISTENT"
	// The check didn't yield a usable result
	CheckResultNoResult ComplianceCheckStatus = ""
)

type ComplianceRemediation

type ComplianceRemediation struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Contains the definition of what the remediation should be
	Spec ComplianceRemediationSpec `json:"spec,omitempty"`
	// Contains information on the remediation (whether it's applied or not)
	Status ComplianceRemediationStatus `json:"status,omitempty"`
}

ComplianceRemediation represents a remediation that can be applied to the cluster to fix the found issues. +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=complianceremediations,scope=Namespaced,shortName=cr;remediations;remediation;rems +kubebuilder:printcolumn:name="State",type="string",JSONPath=`.status.applicationState`

func (*ComplianceRemediation) AddOwnershipLabels added in v0.1.23

func (r *ComplianceRemediation) AddOwnershipLabels(obj metav1.Object)

AddOwnershipLabels labels an object to say it was created by this operator and is owned by a specific scan and suite

func (*ComplianceRemediation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediation.

func (*ComplianceRemediation) DeepCopyInto

func (in *ComplianceRemediation) DeepCopyInto(out *ComplianceRemediation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceRemediation) DeepCopyObject

func (in *ComplianceRemediation) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ComplianceRemediation) GetMcName

func (r *ComplianceRemediation) GetMcName() string

func (*ComplianceRemediation) GetScan

func (r *ComplianceRemediation) GetScan() string

func (*ComplianceRemediation) GetSuite

func (r *ComplianceRemediation) GetSuite() string

func (*ComplianceRemediation) HasUnmetDependencies added in v0.1.27

func (r *ComplianceRemediation) HasUnmetDependencies() bool

func (*ComplianceRemediation) IsApplied added in v0.1.25

func (r *ComplianceRemediation) IsApplied() bool

IsApplied tells whether the ComplianceRemediation has been applied. Note that a Remediation is considered applied if the state of it is indeed applied, or if it has been requested to be applied but it has become outdated

func (*ComplianceRemediation) RemediationPayloadDiffers added in v0.1.12

func (r *ComplianceRemediation) RemediationPayloadDiffers(other *ComplianceRemediation) bool

type ComplianceRemediationList

type ComplianceRemediationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ComplianceRemediation `json:"items"`
}

ComplianceRemediationList contains a list of ComplianceRemediation

func (*ComplianceRemediationList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationList.

func (*ComplianceRemediationList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceRemediationList) DeepCopyObject

func (in *ComplianceRemediationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceRemediationPayload added in v0.1.12

type ComplianceRemediationPayload struct {
	// The remediation payload. This would normally be a full Kubernetes
	// object.
	// +kubebuilder:pruning:PreserveUnknownFields
	// +kubebuilder:validation:EmbeddedResource
	// +kubebuilder:validation:nullable
	Object *unstructured.Unstructured `json:"object,omitempty"`
}

func (*ComplianceRemediationPayload) DeepCopy added in v0.1.12

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationPayload.

func (*ComplianceRemediationPayload) DeepCopyInto added in v0.1.12

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceRemediationSpec

type ComplianceRemediationSpec struct {
	ComplianceRemediationSpecMeta `json:",inline"`
	// Defines the remediation that is proposed by the scan. If there is no "outdated"
	// remediation in this object, the "current" remediation is what will be applied.
	Current ComplianceRemediationPayload `json:"current,omitempty"`
	// In case there was a previous remediation proposed by a previous scan, and that remediation
	// now differs, the old remediation will be kept in this "outdated" key. This requires admin
	// intervention to remove this outdated object and ensure the current is what's applied.
	Outdated ComplianceRemediationPayload `json:"outdated,omitempty"`
}

ComplianceRemediationSpec defines the desired state of ComplianceRemediation +k8s:openapi-gen=true

func (*ComplianceRemediationSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationSpec.

func (*ComplianceRemediationSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceRemediationSpecMeta

type ComplianceRemediationSpecMeta struct {
	// Whether the remediation should be picked up and applied by the operator
	Apply bool `json:"apply"`
}

func (*ComplianceRemediationSpecMeta) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationSpecMeta.

func (*ComplianceRemediationSpecMeta) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceRemediationStatus

type ComplianceRemediationStatus struct {
	// Whether the remediation is already applied or not
	// +kubebuilder:default="NotApplied"
	ApplicationState RemediationApplicationState `json:"applicationState,omitempty"`
	ErrorMessage     string                      `json:"errorMessage,omitempty"`
}

ComplianceRemediationStatus defines the observed state of ComplianceRemediation +k8s:openapi-gen=true

func (*ComplianceRemediationStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceRemediationStatus.

func (*ComplianceRemediationStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScan

type ComplianceScan struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// The spec is the configuration for the compliance scan.
	Spec ComplianceScanSpec `json:"spec,omitempty"`
	// The status will give valuable information on what's going on with the
	// scan; and, more importantly, if the scan is successful (compliant) or
	// not (non-compliant)
	Status ComplianceScanStatus `json:"status,omitempty"`
}

ComplianceScan represents a scan with a certain configuration that will be applied to objects of a certain entity in the host. These could be nodes that apply to a certain nodeSelector, or the cluster itself. +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=compliancescans,scope=Namespaced,shortName=scans;scan +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=`.status.phase` +kubebuilder:printcolumn:name="Result",type="string",JSONPath=`.status.result`

func ComplianceScanFromWrapper added in v0.1.6

func ComplianceScanFromWrapper(sw *ComplianceScanSpecWrapper) *ComplianceScan

ComplianceScanFromWrapper returns a ComplianceScan from the wrapper that's given to a ComplianceSuite. This will return all the values that are derivable from the wrapper in order to build a scan. Anything missing must be added separately.

func (*ComplianceScan) DeepCopy

func (in *ComplianceScan) DeepCopy() *ComplianceScan

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScan.

func (*ComplianceScan) DeepCopyInto

func (in *ComplianceScan) DeepCopyInto(out *ComplianceScan)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceScan) DeepCopyObject

func (in *ComplianceScan) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ComplianceScan) GetScanType added in v0.1.13

func (cs *ComplianceScan) GetScanType() ComplianceScanType

GetScanType get's the scan type for a scan

func (*ComplianceScan) GetScanTypeIfValid added in v0.1.13

func (cs *ComplianceScan) GetScanTypeIfValid() (ComplianceScanType, error)

GetScanTypeIfValid returns scan type if the scan has a valid one, else it returns an error

func (*ComplianceScan) NeedsRescan added in v0.1.9

func (cs *ComplianceScan) NeedsRescan() bool

NeedsRescan indicates whether a ComplianceScan needs to rescan or not

type ComplianceScanList

type ComplianceScanList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ComplianceScan `json:"items"`
}

ComplianceScanList contains a list of ComplianceScan

func (*ComplianceScanList) DeepCopy

func (in *ComplianceScanList) DeepCopy() *ComplianceScanList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanList.

func (*ComplianceScanList) DeepCopyInto

func (in *ComplianceScanList) DeepCopyInto(out *ComplianceScanList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceScanList) DeepCopyObject

func (in *ComplianceScanList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceScanSettings added in v0.1.10

type ComplianceScanSettings struct {
	// Enable debug logging of workloads and OpenSCAP
	Debug bool `json:"debug,omitempty"`
	// Specifies settings that pertain to raw result storage.
	RawResultStorage RawResultStorageSettings `json:"rawResultStorage,omitempty"`
	// Defines that no external resources in the Data Stream should be used. External
	// resources could be, for instance, CVE feeds. This is useful for disconnected
	// installations without access to a proxy.
	NoExternalResources bool `json:"noExternalResources,omitempty"`
	// Defines a proxy for the scan to get external resources from. This is useful for
	// disconnected installations with access to a proxy.
	HTTPSProxy string `json:"httpsProxy,omitempty"`
	// Specifies tolerations needed for the scan to run on the nodes. This is useful
	// in case the target set of nodes have custom taints that don't allow certain
	// workloads to run. Defaults to allowing scheduling on the master nodes.
	// +kubebuilder:default={{key: "node-role.kubernetes.io/master", operator: "Exists", effect: "NoSchedule"}}
	ScanTolerations []corev1.Toleration `json:"scanTolerations,omitempty"`
}

ComplianceScanSettings groups together settings of a ComplianceScan +k8s:openapi-gen=true

func (*ComplianceScanSettings) DeepCopy added in v0.1.10

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSettings.

func (*ComplianceScanSettings) DeepCopyInto added in v0.1.10

func (in *ComplianceScanSettings) DeepCopyInto(out *ComplianceScanSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScanSpec

type ComplianceScanSpec struct {
	// The type of Compliance scan.
	// +kubebuilder:default=Node
	ScanType ComplianceScanType `json:"scanType,omitempty"`
	// Is the image with the content (Data Stream), that will be used to run
	// OpenSCAP.
	ContentImage string `json:"contentImage,omitempty"`
	// Is the profile in the data stream to be used. This is the collection of
	// rules that will be checked for.
	Profile string `json:"profile,omitempty"`
	// A Rule can be specified if the scan should check only for a specific
	// rule. Note that when leaving this empty, the scan will check for all the
	// rules for a specific profile.
	Rule string `json:"rule,omitempty"`
	// Is the path to the file that contains the content (the data stream).
	// Note that the path needs to be relative to the `/` (root) directory, as
	// it is in the ContentImage
	Content string `json:"content,omitempty"`
	// By setting this, it's possible to only run the scan on certain nodes in
	// the cluster. Note that when applying remediations generated from the
	// scan, this should match the selector of the MachineConfigPool you want
	// to apply the remediations to.
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
	// Is a reference to a ConfigMap that contains the
	// tailoring file. It assumes a key called `tailoring.xml` which will
	// have the tailoring contents.
	TailoringConfigMap *TailoringConfigMapRef `json:"tailoringConfigMap,omitempty"`

	ComplianceScanSettings `json:",inline"`
}

ComplianceScanSpec defines the desired state of ComplianceScan +k8s:openapi-gen=true

func (*ComplianceScanSpec) DeepCopy

func (in *ComplianceScanSpec) DeepCopy() *ComplianceScanSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSpec.

func (*ComplianceScanSpec) DeepCopyInto

func (in *ComplianceScanSpec) DeepCopyInto(out *ComplianceScanSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScanSpecWrapper

type ComplianceScanSpecWrapper struct {
	ComplianceScanSpec `json:",inline"`

	// Contains a human readable name for the scan. This is to identify the
	// objects that it creates.
	Name string `json:"name,omitempty"`
}

ComplianceScanSpecWrapper provides a ComplianceScanSpec and a Name +k8s:openapi-gen=true

func (*ComplianceScanSpecWrapper) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanSpecWrapper.

func (*ComplianceScanSpecWrapper) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceScanSpecWrapper) ScanSpecDiffers added in v0.1.12

func (sw *ComplianceScanSpecWrapper) ScanSpecDiffers(other *ComplianceScan) bool

type ComplianceScanStatus

type ComplianceScanStatus struct {
	// Is the phase where the scan is at. Normally, one must wait for the scan
	// to reach the phase DONE.
	Phase ComplianceScanStatusPhase `json:"phase,omitempty"`
	// Once the scan reaches the phase DONE, this will contain the result of
	// the scan. Where COMPLIANT means that the scan succeeded; NON-COMPLIANT
	// means that there were rule violations; and ERROR means that the scan
	// couldn't complete due to an issue.
	Result ComplianceScanStatusResult `json:"result,omitempty"`
	// If there are issues on the scan, this will be filled up with an error
	// message.
	ErrorMessage string `json:"errormsg,omitempty"`
	// Specifies the current index of the scan. Given multiple scans, this marks the
	// amount that have been executed.
	CurrentIndex int64 `json:"currentIndex,omitempty"`
	// Specifies the object that's storing the raw results for the scan.
	ResultsStorage StorageReference `json:"resultsStorage,omitempty"`
	// If there are warnings on the scan, this will be filled up with warning
	// messages.
	Warnings string `json:"warnings,omitempty"`
}

ComplianceScanStatus defines the observed state of ComplianceScan +k8s:openapi-gen=true

func (*ComplianceScanStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanStatus.

func (*ComplianceScanStatus) DeepCopyInto

func (in *ComplianceScanStatus) DeepCopyInto(out *ComplianceScanStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScanStatusPhase

type ComplianceScanStatusPhase string

Represents the status of the compliance scan run.

const (
	// PhasePending represents the scan pending to be scheduled
	PhasePending ComplianceScanStatusPhase = "PENDING"
	// PhaseLaunching represents being scheduled and launching pods to run the scans
	PhaseLaunching ComplianceScanStatusPhase = "LAUNCHING"
	// PhaseRunning represents the scan being ran by the pods and waiting for the results
	PhaseRunning ComplianceScanStatusPhase = "RUNNING"
	// PhaseAggregating represents the scan aggregating the results
	PhaseAggregating ComplianceScanStatusPhase = "AGGREGATING"
	// PhaseDone represents the scan pods being done and the results being available
	PhaseDone ComplianceScanStatusPhase = "DONE"
)

type ComplianceScanStatusResult

type ComplianceScanStatusResult string

Represents the result of the compliance scan

type ComplianceScanStatusWrapper

type ComplianceScanStatusWrapper struct {
	ComplianceScanStatus `json:",inline"`

	// Contains a human readable name for the scan. This is to identify the
	// objects that it creates.
	Name string `json:"name,omitempty"`
}

ComplianceScanStatusWrapper provides a ComplianceScanStatus and a Name +k8s:openapi-gen=true

func ScanStatusWrapperFromScan added in v0.1.6

func ScanStatusWrapperFromScan(s *ComplianceScan) ComplianceScanStatusWrapper

ScanStatusWrapperFromScan returns a ComplianceScanStatusWrapper object (used by the ComplianceSuite object) in order to display the status of a scan

func (*ComplianceScanStatusWrapper) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceScanStatusWrapper.

func (*ComplianceScanStatusWrapper) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceScanType added in v0.1.9

type ComplianceScanType string

ComplianceScanType +k8s:openapi-gen=true

type ComplianceSuite

type ComplianceSuite struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Contains the definition of the suite
	Spec ComplianceSuiteSpec `json:"spec,omitempty"`
	// Contains the current state of the suite
	Status ComplianceSuiteStatus `json:"status,omitempty"`
}

ComplianceSuite represents a set of scans that will be applied to the cluster. These should help deployers achieve a certain compliance target. +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=compliancesuites,scope=Namespaced,shortName=suites;suite +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=`.status.phase` +kubebuilder:printcolumn:name="Result",type="string",JSONPath=`.status.result`

func (*ComplianceSuite) ApplyRemediationsAnnotationSet added in v0.1.25

func (s *ComplianceSuite) ApplyRemediationsAnnotationSet() bool

func (*ComplianceSuite) DeepCopy

func (in *ComplianceSuite) DeepCopy() *ComplianceSuite

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuite.

func (*ComplianceSuite) DeepCopyInto

func (in *ComplianceSuite) DeepCopyInto(out *ComplianceSuite)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceSuite) DeepCopyObject

func (in *ComplianceSuite) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ComplianceSuite) IsResultAvailable added in v0.1.9

func (s *ComplianceSuite) IsResultAvailable() bool

func (*ComplianceSuite) LowestCommonResult added in v0.1.7

func (s *ComplianceSuite) LowestCommonResult() ComplianceScanStatusResult

func (*ComplianceSuite) LowestCommonState added in v0.1.7

func (s *ComplianceSuite) LowestCommonState() ComplianceScanStatusPhase

func (*ComplianceSuite) RemoveOutdatedAnnotationSet added in v0.1.29

func (s *ComplianceSuite) RemoveOutdatedAnnotationSet() bool

func (*ComplianceSuite) ShouldApplyRemediations added in v0.1.25

func (s *ComplianceSuite) ShouldApplyRemediations() bool

ShouldApplyRemediations returns whether the ComplianceSuite requires that the CoplianceRemediations that were generated from it be applied.

func (*ComplianceSuite) ShouldRemoveOutdated added in v0.1.29

func (s *ComplianceSuite) ShouldRemoveOutdated() bool

type ComplianceSuiteList

type ComplianceSuiteList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ComplianceSuite `json:"items"`
}

ComplianceSuiteList contains a list of ComplianceSuite

func (*ComplianceSuiteList) DeepCopy

func (in *ComplianceSuiteList) DeepCopy() *ComplianceSuiteList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteList.

func (*ComplianceSuiteList) DeepCopyInto

func (in *ComplianceSuiteList) DeepCopyInto(out *ComplianceSuiteList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceSuiteList) DeepCopyObject

func (in *ComplianceSuiteList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ComplianceSuiteSettings added in v0.1.10

type ComplianceSuiteSettings struct {
	// Defines whether or not the remediations should be applied automatically
	AutoApplyRemediations bool `json:"autoApplyRemediations,omitempty"`
	// Defines whether or not the remediations should be updated automatically.
	// This is done by deleting the "outdated" object from the remediation.
	AutoUpdateRemediations bool `json:"autoUpdateRemediations,omitempty"`
	// Defines a schedule for the scans to run. This is in cronjob format.
	// Note the scan will still be triggered immediately, and the scheduled
	// scans will start running only after the initial results are ready.
	Schedule string `json:"schedule,omitempty"`
}

ComplianceSuiteSettings groups together settings of a ComplianceSuite +k8s:openapi-gen=true

func (*ComplianceSuiteSettings) DeepCopy added in v0.1.10

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteSettings.

func (*ComplianceSuiteSettings) DeepCopyInto added in v0.1.10

func (in *ComplianceSuiteSettings) DeepCopyInto(out *ComplianceSuiteSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceSuiteSpec

type ComplianceSuiteSpec struct {
	ComplianceSuiteSettings `json:",inline"`
	// Contains a list of the scans to execute on the cluster
	// +listType=atomic
	Scans []ComplianceScanSpecWrapper `json:"scans"`
}

ComplianceSuiteSpec defines the desired state of ComplianceSuite +k8s:openapi-gen=true

func (*ComplianceSuiteSpec) DeepCopy

func (in *ComplianceSuiteSpec) DeepCopy() *ComplianceSuiteSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteSpec.

func (*ComplianceSuiteSpec) DeepCopyInto

func (in *ComplianceSuiteSpec) DeepCopyInto(out *ComplianceSuiteSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceSuiteStatus

type ComplianceSuiteStatus struct {
	// +listType=atomic
	ScanStatuses []ComplianceScanStatusWrapper `json:"scanStatuses,omitempty"`
	Phase        ComplianceScanStatusPhase     `json:"phase,omitempty"`
	Result       ComplianceScanStatusResult    `json:"result,omitempty"`
	ErrorMessage string                        `json:"errorMessage,omitempty"`
	// +optional
	Conditions conditions.Conditions `json:"conditions,omitempty"`
}

ComplianceSuiteStatus defines the observed state of ComplianceSuite +k8s:openapi-gen=true

func (*ComplianceSuiteStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceSuiteStatus.

func (*ComplianceSuiteStatus) DeepCopyInto

func (in *ComplianceSuiteStatus) DeepCopyInto(out *ComplianceSuiteStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ComplianceSuiteStatus) SetConditionInvalid added in v0.1.28

func (s *ComplianceSuiteStatus) SetConditionInvalid()

func (*ComplianceSuiteStatus) SetConditionPending added in v0.1.28

func (s *ComplianceSuiteStatus) SetConditionPending()

func (*ComplianceSuiteStatus) SetConditionReady added in v0.1.28

func (s *ComplianceSuiteStatus) SetConditionReady()

func (*ComplianceSuiteStatus) SetConditionsProcessing added in v0.1.28

func (s *ComplianceSuiteStatus) SetConditionsProcessing()

type DataStreamStatusType added in v0.1.10

type DataStreamStatusType string

DataStreamStatusType is the type for the data stream status

const (
	// DataStreamPending represents the state where the data stream
	// hasn't been processed yet
	DataStreamPending DataStreamStatusType = "PENDING"
	// DataStreamValid represents the status for a valid data stream
	DataStreamValid DataStreamStatusType = "VALID"
	// DataStreamInvalid represents the status for an invalid data stream
	DataStreamInvalid DataStreamStatusType = "INVALID"
)

type FixDefinition added in v0.1.10

type FixDefinition struct {
	// The platform that the fix applies to
	Platform string `json:"platform,omitempty"`
	// An estimate of the potential disruption or operational
	// degradation that this fix will impose in the target system
	Disruption string `json:"disruption,omitempty"`
	// an object that should bring the rule into compliance
	// +kubebuilder:pruning:PreserveUnknownFields
	// +kubebuilder:validation:EmbeddedResource
	// +kubebuilder:validation:nullable
	FixObject *unstructured.Unstructured `json:"fixObject,omitempty"`
}

FixDefinition Specifies a fix or remediation that applies to a rule

func (*FixDefinition) DeepCopy added in v0.1.10

func (in *FixDefinition) DeepCopy() *FixDefinition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FixDefinition.

func (*FixDefinition) DeepCopyInto added in v0.1.10

func (in *FixDefinition) DeepCopyInto(out *FixDefinition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NamedObjectReference added in v0.1.10

type NamedObjectReference struct {
	Name     string `json:"name,omitempty"`
	Kind     string `json:"kind,omitempty"`
	APIGroup string `json:"apiGroup,omitempty"`
}

func (*NamedObjectReference) DeepCopy added in v0.1.10

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedObjectReference.

func (*NamedObjectReference) DeepCopyInto added in v0.1.10

func (in *NamedObjectReference) DeepCopyInto(out *NamedObjectReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OutputRef added in v0.1.10

type OutputRef struct {
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
}

OutputRef is a reference to the object created from the tailored profile

func (*OutputRef) DeepCopy added in v0.1.10

func (in *OutputRef) DeepCopy() *OutputRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutputRef.

func (*OutputRef) DeepCopyInto added in v0.1.10

func (in *OutputRef) DeepCopyInto(out *OutputRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Profile added in v0.1.10

type Profile struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	ProfilePayload `json:",inline"`
}

Profile is the Schema for the profiles API +kubebuilder:resource:path=profiles,scope=Namespaced,shortName=profs;prof

func (*Profile) DeepCopy added in v0.1.10

func (in *Profile) DeepCopy() *Profile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Profile.

func (*Profile) DeepCopyInto added in v0.1.10

func (in *Profile) DeepCopyInto(out *Profile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Profile) DeepCopyObject added in v0.1.10

func (in *Profile) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfileBundle added in v0.1.10

type ProfileBundle struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ProfileBundleSpec   `json:"spec,omitempty"`
	Status ProfileBundleStatus `json:"status,omitempty"`
}

ProfileBundle is the Schema for the profilebundles API +kubebuilder:subresource:status +kubebuilder:resource:path=profilebundles,scope=Namespaced,shortName=pb +kubebuilder:printcolumn:name="ContentImage",type="string",JSONPath=`.spec.contentImage` +kubebuilder:printcolumn:name="ContentFile",type="string",JSONPath=`.spec.contentFile` +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status.dataStreamStatus`

func (*ProfileBundle) DeepCopy added in v0.1.10

func (in *ProfileBundle) DeepCopy() *ProfileBundle

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundle.

func (*ProfileBundle) DeepCopyInto added in v0.1.10

func (in *ProfileBundle) DeepCopyInto(out *ProfileBundle)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileBundle) DeepCopyObject added in v0.1.10

func (in *ProfileBundle) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfileBundleList added in v0.1.10

type ProfileBundleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ProfileBundle `json:"items"`
}

ProfileBundleList contains a list of ProfileBundle

func (*ProfileBundleList) DeepCopy added in v0.1.10

func (in *ProfileBundleList) DeepCopy() *ProfileBundleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleList.

func (*ProfileBundleList) DeepCopyInto added in v0.1.10

func (in *ProfileBundleList) DeepCopyInto(out *ProfileBundleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileBundleList) DeepCopyObject added in v0.1.10

func (in *ProfileBundleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfileBundleSpec added in v0.1.10

type ProfileBundleSpec struct {
	// Is the path for the image that contains the content for this bundle.
	ContentImage string `json:"contentImage"`
	// Is the path for the file in the image that contains the content for this bundle.
	ContentFile string `json:"contentFile"`
}

Defines the desired state of ProfileBundle

func (*ProfileBundleSpec) DeepCopy added in v0.1.10

func (in *ProfileBundleSpec) DeepCopy() *ProfileBundleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleSpec.

func (*ProfileBundleSpec) DeepCopyInto added in v0.1.10

func (in *ProfileBundleSpec) DeepCopyInto(out *ProfileBundleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProfileBundleStatus added in v0.1.10

type ProfileBundleStatus struct {
	// Presents the current status for the datastream for this bundle
	// +kubebuilder:default=PENDING
	DataStreamStatus DataStreamStatusType `json:"dataStreamStatus,omitempty"`
	// If there's an error in the datastream, it'll be presented here
	ErrorMessage string `json:"errorMessage,omitempty"`
	// Defines the conditions for the ProfileBundle. Valid conditions are:
	//  - Ready: Indicates if the ProfileBundle is Ready parsing or not.
	// +optional
	Conditions conditions.Conditions `json:"conditions,omitempty"`
}

Defines the observed state of ProfileBundle

func (*ProfileBundleStatus) DeepCopy added in v0.1.10

func (in *ProfileBundleStatus) DeepCopy() *ProfileBundleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileBundleStatus.

func (*ProfileBundleStatus) DeepCopyInto added in v0.1.10

func (in *ProfileBundleStatus) DeepCopyInto(out *ProfileBundleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileBundleStatus) SetConditionInvalid added in v0.1.28

func (s *ProfileBundleStatus) SetConditionInvalid()

func (*ProfileBundleStatus) SetConditionPending added in v0.1.28

func (s *ProfileBundleStatus) SetConditionPending()

func (*ProfileBundleStatus) SetConditionReady added in v0.1.28

func (s *ProfileBundleStatus) SetConditionReady()

type ProfileList added in v0.1.10

type ProfileList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Profile `json:"items"`
}

ProfileList contains a list of Profile

func (*ProfileList) DeepCopy added in v0.1.10

func (in *ProfileList) DeepCopy() *ProfileList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileList.

func (*ProfileList) DeepCopyInto added in v0.1.10

func (in *ProfileList) DeepCopyInto(out *ProfileList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProfileList) DeepCopyObject added in v0.1.10

func (in *ProfileList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProfilePayload added in v0.1.12

type ProfilePayload struct {
	Title       string `json:"title"`
	Description string `json:"description"`
	ID          string `json:"id"`
	// +nullable
	// +optional
	// +listType=atomic
	Rules []ProfileRule `json:"rules,omitempty"`
	// +nullable
	// +optional
	// +listType=atomic
	Values []ProfileValue `json:"values,omitempty"`
}

func (*ProfilePayload) DeepCopy added in v0.1.12

func (in *ProfilePayload) DeepCopy() *ProfilePayload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfilePayload.

func (*ProfilePayload) DeepCopyInto added in v0.1.12

func (in *ProfilePayload) DeepCopyInto(out *ProfilePayload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProfileRule added in v0.1.10

type ProfileRule string

ProfileRule defines the name of a specific rule in the profile

func NewProfileRule added in v0.1.10

func NewProfileRule(rule string) ProfileRule

NewProfileRule returns a new ProfileRule from the given rule string

type ProfileValue added in v0.1.10

type ProfileValue string

ProfileValue defines a value for a setting in the profile

type RawResultStorageSettings added in v0.1.11

type RawResultStorageSettings struct {
	// Specifies the amount of storage to ask for storing the raw results. Note that
	// if re-scans happen, the new results will also need to be stored. Defaults to 1Gi.
	// +kubebuilder:validation:Default=1Gi
	// +kubebuilder:default="1Gi"
	Size string `json:"size,omitempty"`
	// Specifies the amount of scans for which the raw results will be stored.
	// Older results will get rotated, and it's the responsibility of administrators
	// to store these results elsewhere before rotation happens. Note that a rotation
	// policy of '0' disables rotation entirely. Defaults to 3.
	// +kubebuilder:default=3
	Rotation uint16 `json:"rotation,omitempty"`
	// Specifies the StorageClassName to use when creating the PersistentVolumeClaim
	// to hold the raw results. By default this is null, which will attempt to use the
	// default storage class configured in the cluster. If there is no default class specified
	// then this needs to be set.
	// +nullable
	StorageClassName *string `json:"storageClassName,omitempty"`
	// Specifies the access modes that the PersistentVolume will be created with.
	// The persistent volume will hold the raw results of the scan.
	// +kubebuilder:default={"ReadWriteOnce"}
	PVAccessModes []corev1.PersistentVolumeAccessMode `json:"pvAccessModes,omitempty"`
}

When changing the defaults, remember to change also the DefaultRawStorageSize and DefaultStorageRotation constants

func (*RawResultStorageSettings) DeepCopy added in v0.1.11

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RawResultStorageSettings.

func (*RawResultStorageSettings) DeepCopyInto added in v0.1.11

func (in *RawResultStorageSettings) DeepCopyInto(out *RawResultStorageSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RemediationApplicationState

type RemediationApplicationState string
const (
	RemediationPending             RemediationApplicationState = "Pending"
	RemediationNotApplied          RemediationApplicationState = "NotApplied"
	RemediationApplied             RemediationApplicationState = "Applied"
	RemediationOutdated            RemediationApplicationState = "Outdated"
	RemediationError               RemediationApplicationState = "Error"
	RemediationMissingDependencies RemediationApplicationState = "MissingDependencies"
)

type RemediationType

type RemediationType string

type Rule added in v0.1.10

type Rule struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	RulePayload `json:",inline"`
}

Rule is the Schema for the rules API +kubebuilder:resource:path=rules,scope=Namespaced

func (*Rule) DeepCopy added in v0.1.10

func (in *Rule) DeepCopy() *Rule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.

func (*Rule) DeepCopyInto added in v0.1.10

func (in *Rule) DeepCopyInto(out *Rule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Rule) DeepCopyObject added in v0.1.10

func (in *Rule) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RuleList added in v0.1.10

type RuleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Rule `json:"items"`
}

RuleList contains a list of Rule

func (*RuleList) DeepCopy added in v0.1.10

func (in *RuleList) DeepCopy() *RuleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleList.

func (*RuleList) DeepCopyInto added in v0.1.10

func (in *RuleList) DeepCopyInto(out *RuleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RuleList) DeepCopyObject added in v0.1.10

func (in *RuleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RulePayload added in v0.1.12

type RulePayload struct {
	// The XCCDF ID
	ID string `json:"id"`
	// The title of the Rule
	Title string `json:"title"`
	// The description of the Rule
	Description string `json:"description,omitempty"`
	// The rationale of the Rule
	Rationale string `json:"rationale,omitempty"`
	// A discretionary warning about the of the Rule
	Warning string `json:"warning,omitempty"`
	// The severity level
	Severity string `json:"severity,omitempty"`
	// The Available fixes
	// +nullable
	// +optional
	// +listType=atomic
	AvailableFixes []FixDefinition `json:"availableFixes,omitempty"`
}

func (*RulePayload) DeepCopy added in v0.1.12

func (in *RulePayload) DeepCopy() *RulePayload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulePayload.

func (*RulePayload) DeepCopyInto added in v0.1.12

func (in *RulePayload) DeepCopyInto(out *RulePayload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleReferenceSpec added in v0.1.10

type RuleReferenceSpec struct {
	// Name of the rule that's being referenced
	Name string `json:"name"`
	// Rationale of why this rule is being selected/deselected
	Rationale string `json:"rationale"`
}

RuleReferenceSpec specifies a rule to be selected/deselected, as well as the reason why

func (*RuleReferenceSpec) DeepCopy added in v0.1.10

func (in *RuleReferenceSpec) DeepCopy() *RuleReferenceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleReferenceSpec.

func (*RuleReferenceSpec) DeepCopyInto added in v0.1.10

func (in *RuleReferenceSpec) DeepCopyInto(out *RuleReferenceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ScanSetting added in v0.1.10

type ScanSetting struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	ComplianceSuiteSettings `json:",inline"`
	ComplianceScanSettings  `json:",inline"`
	// The list of roles to apply node-specific checks to
	Roles []string `json:"roles,omitempty"`
}

ScanSetting is the Schema for the scansettings API +kubebuilder:subresource:status +kubebuilder:resource:path=scansettings,scope=Namespaced,shortName=ss

func (*ScanSetting) DeepCopy added in v0.1.10

func (in *ScanSetting) DeepCopy() *ScanSetting

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSetting.

func (*ScanSetting) DeepCopyInto added in v0.1.10

func (in *ScanSetting) DeepCopyInto(out *ScanSetting)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSetting) DeepCopyObject added in v0.1.10

func (in *ScanSetting) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ScanSettingBinding added in v0.1.10

type ScanSettingBinding struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Profiles    []NamedObjectReference `json:"profiles,omitempty"`
	SettingsRef *NamedObjectReference  `json:"settingsRef,omitempty"`
	// +optional
	Status ScanSettingBindingStatus `json:"status,omitempty"`
}

ScanSettingBinding is the Schema for the scansettingbindings API +k8s:openapi-gen=true +kubebuilder:subresource:status +kubebuilder:resource:path=scansettingbindings,scope=Namespaced,shortName=ssb

func (*ScanSettingBinding) DeepCopy added in v0.1.10

func (in *ScanSettingBinding) DeepCopy() *ScanSettingBinding

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBinding.

func (*ScanSettingBinding) DeepCopyInto added in v0.1.10

func (in *ScanSettingBinding) DeepCopyInto(out *ScanSettingBinding)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSettingBinding) DeepCopyObject added in v0.1.10

func (in *ScanSettingBinding) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ScanSettingBindingList added in v0.1.10

type ScanSettingBindingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ScanSettingBinding `json:"items"`
}

ScanSettingBindingList contains a list of ScanSettingBinding

func (*ScanSettingBindingList) DeepCopy added in v0.1.10

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingList.

func (*ScanSettingBindingList) DeepCopyInto added in v0.1.10

func (in *ScanSettingBindingList) DeepCopyInto(out *ScanSettingBindingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSettingBindingList) DeepCopyObject added in v0.1.10

func (in *ScanSettingBindingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ScanSettingBindingStatus added in v0.1.28

type ScanSettingBindingStatus struct {
	// +optional
	Conditions conditions.Conditions `json:"conditions,omitempty"`
	// Reference to the object generated from this ScanSettingBinding
	// +optional
	// +nullable
	OutputRef *corev1.TypedLocalObjectReference `json:"outputRef,omitempty"`
}

func (*ScanSettingBindingStatus) DeepCopy added in v0.1.28

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingBindingStatus.

func (*ScanSettingBindingStatus) DeepCopyInto added in v0.1.28

func (in *ScanSettingBindingStatus) DeepCopyInto(out *ScanSettingBindingStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSettingBindingStatus) SetConditionInvalid added in v0.1.28

func (s *ScanSettingBindingStatus) SetConditionInvalid(msg string)

func (*ScanSettingBindingStatus) SetConditionPending added in v0.1.28

func (s *ScanSettingBindingStatus) SetConditionPending()

func (*ScanSettingBindingStatus) SetConditionReady added in v0.1.28

func (s *ScanSettingBindingStatus) SetConditionReady()

type ScanSettingList added in v0.1.10

type ScanSettingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ScanSetting `json:"items"`
}

ScanSettingList contains a list of ScanSetting

func (*ScanSettingList) DeepCopy added in v0.1.10

func (in *ScanSettingList) DeepCopy() *ScanSettingList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanSettingList.

func (*ScanSettingList) DeepCopyInto added in v0.1.10

func (in *ScanSettingList) DeepCopyInto(out *ScanSettingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ScanSettingList) DeepCopyObject added in v0.1.10

func (in *ScanSettingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type StorageReference added in v0.1.10

type StorageReference struct {
	// Kind of the referent.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	// +optional
	Kind string `json:"kind,omitempty"`
	// Namespace of the referent.
	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
	// +optional
	Namespace string `json:"namespace,omitempty"`
	// Name of the referent.
	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
	// +optional
	Name string `json:"name,omitempty"`
	// API version of the referent.
	// +optional
	APIVersion string `json:"apiVersion,omitempty"`
}

StorageReference stores a reference to where certain objects are being stored

func (*StorageReference) DeepCopy added in v0.1.10

func (in *StorageReference) DeepCopy() *StorageReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageReference.

func (*StorageReference) DeepCopyInto added in v0.1.10

func (in *StorageReference) DeepCopyInto(out *StorageReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TailoredProfile added in v0.1.10

type TailoredProfile struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TailoredProfileSpec   `json:"spec,omitempty"`
	Status TailoredProfileStatus `json:"status,omitempty"`
}

TailoredProfile is the Schema for the tailoredprofiles API +kubebuilder:subresource:status +kubebuilder:resource:path=tailoredprofiles,scope=Namespaced,shortName=tp;tprof +kubebuilder:printcolumn:name="State",type="string",JSONPath=`.status.state`,description="State of the tailored profile"

func (*TailoredProfile) DeepCopy added in v0.1.10

func (in *TailoredProfile) DeepCopy() *TailoredProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfile.

func (*TailoredProfile) DeepCopyInto added in v0.1.10

func (in *TailoredProfile) DeepCopyInto(out *TailoredProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TailoredProfile) DeepCopyObject added in v0.1.10

func (in *TailoredProfile) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TailoredProfileList added in v0.1.10

type TailoredProfileList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []TailoredProfile `json:"items"`
}

TailoredProfileList contains a list of TailoredProfile

func (*TailoredProfileList) DeepCopy added in v0.1.10

func (in *TailoredProfileList) DeepCopy() *TailoredProfileList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileList.

func (*TailoredProfileList) DeepCopyInto added in v0.1.10

func (in *TailoredProfileList) DeepCopyInto(out *TailoredProfileList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TailoredProfileList) DeepCopyObject added in v0.1.10

func (in *TailoredProfileList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TailoredProfileSpec added in v0.1.10

type TailoredProfileSpec struct {
	// Points to the name of the profile to extend
	Extends string `json:"extends"`
	// Overwrites the title of the extended profile (optional)
	Title string `json:"title,omitempty"`
	// Overwrites the description of the extended profile (optional)
	Description string `json:"description,omitempty"`
	// Enables the referenced rules
	// +optional
	// +nullable
	EnableRules []RuleReferenceSpec `json:"enableRules,omitempty"`
	// Disables the referenced rules
	// +optional
	// +nullable
	DisableRules []RuleReferenceSpec `json:"disableRules,omitempty"`
	// Sets the referenced variables to selected values
	// +optional
	// +nullable
	SetValues []VariableValueSpec `json:"setValues,omitempty"`
}

TailoredProfileSpec defines the desired state of TailoredProfile

func (*TailoredProfileSpec) DeepCopy added in v0.1.10

func (in *TailoredProfileSpec) DeepCopy() *TailoredProfileSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileSpec.

func (*TailoredProfileSpec) DeepCopyInto added in v0.1.10

func (in *TailoredProfileSpec) DeepCopyInto(out *TailoredProfileSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TailoredProfileState added in v0.1.10

type TailoredProfileState string

TailoredProfileState defines the state fo the tailored profile

const (
	// TailoredProfileStatePending is a state where a tailored profile is still pending to be processed
	TailoredProfileStatePending TailoredProfileState = "PENDING"
	// TailoredProfileStateReady is a state where a tailored profile is ready to be used
	TailoredProfileStateReady TailoredProfileState = "READY"
	// TailoredProfileStateError is a state where a tailored profile had an error while processing
	TailoredProfileStateError TailoredProfileState = "ERROR"
)

type TailoredProfileStatus added in v0.1.10

type TailoredProfileStatus struct {
	// The XCCDF ID of the tailored profile
	ID string `json:"id,omitempty"`
	// Points to the generated resource
	OutputRef OutputRef `json:"outputRef,omitempty"`
	// The current state of the tailored profile
	State        TailoredProfileState `json:"state,omitempty"`
	ErrorMessage string               `json:"errorMessagae,omitempty"`
}

TailoredProfileStatus defines the observed state of TailoredProfile

func (*TailoredProfileStatus) DeepCopy added in v0.1.10

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoredProfileStatus.

func (*TailoredProfileStatus) DeepCopyInto added in v0.1.10

func (in *TailoredProfileStatus) DeepCopyInto(out *TailoredProfileStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TailoringConfigMapRef added in v0.1.9

type TailoringConfigMapRef struct {
	// Name of the ConfigMap being referenced
	Name string `json:"name"`
}

TailoringConfigMapRef is a reference to a ConfigMap that contains the tailoring file. It assumes a key called `tailoring.xml` which will have the tailoring contents.

func (*TailoringConfigMapRef) DeepCopy added in v0.1.9

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TailoringConfigMapRef.

func (*TailoringConfigMapRef) DeepCopyInto added in v0.1.9

func (in *TailoringConfigMapRef) DeepCopyInto(out *TailoringConfigMapRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ValueSelection added in v0.1.10

type ValueSelection struct {
	// The string description of the selection
	Description string `json:"description,omitempty"`
	// The value of the variable
	Value string `json:"value,omitempty"`
}

func (*ValueSelection) DeepCopy added in v0.1.10

func (in *ValueSelection) DeepCopy() *ValueSelection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueSelection.

func (*ValueSelection) DeepCopyInto added in v0.1.10

func (in *ValueSelection) DeepCopyInto(out *ValueSelection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Variable added in v0.1.10

type Variable struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	VariablePayload `json:",inline"`
}

Variable describes a tunable in the XCCDF profile +kubebuilder:resource:path=variables,scope=Namespaced,shortName=var

func (*Variable) DeepCopy added in v0.1.10

func (in *Variable) DeepCopy() *Variable

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Variable.

func (*Variable) DeepCopyInto added in v0.1.10

func (in *Variable) DeepCopyInto(out *Variable)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Variable) DeepCopyObject added in v0.1.10

func (in *Variable) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Variable) SetValue added in v0.1.10

func (v *Variable) SetValue(val string) error

type VariableList added in v0.1.10

type VariableList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Variable `json:"items"`
}

VariableList contains a list of Variable

func (*VariableList) DeepCopy added in v0.1.10

func (in *VariableList) DeepCopy() *VariableList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariableList.

func (*VariableList) DeepCopyInto added in v0.1.10

func (in *VariableList) DeepCopyInto(out *VariableList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VariableList) DeepCopyObject added in v0.1.10

func (in *VariableList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VariablePayload added in v0.1.12

type VariablePayload struct {

	// the ID of the variable
	ID string `json:"id"`
	// The title of the Variable
	Title string `json:"title"`
	// The description of the Variable
	Description string `json:"description,omitempty"`
	// The type of the variable
	Type VariableType `json:"type"`
	// The value of the variable
	Value string `json:"value,omitempty"`
	// Enumerates what values are allowed for this variable. Can be empty.
	// +optional
	// +nullable
	// +listType=atomic
	Selections []ValueSelection `json:"selections,omitempty"`
}

func (*VariablePayload) DeepCopy added in v0.1.12

func (in *VariablePayload) DeepCopy() *VariablePayload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariablePayload.

func (*VariablePayload) DeepCopyInto added in v0.1.12

func (in *VariablePayload) DeepCopyInto(out *VariablePayload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VariableType added in v0.1.10

type VariableType string

+kubebuilder:validation:Enum=number;bool;string

type VariableValueSpec added in v0.1.10

type VariableValueSpec struct {
	// Name of the variable that's being referenced
	Name string `json:"name"`
	// Rationale of why this value is being tailored
	Rationale string `json:"rationale"`
	// Rationale of why this value is being tailored
	Value string `json:"value"`
}

ValueReferenceSpec specifies a value to be set for a variable with a reason why

func (*VariableValueSpec) DeepCopy added in v0.1.10

func (in *VariableValueSpec) DeepCopy() *VariableValueSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VariableValueSpec.

func (*VariableValueSpec) DeepCopyInto added in v0.1.10

func (in *VariableValueSpec) DeepCopyInto(out *VariableValueSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL