Documentation
¶
Overview ¶
Copyright Contributors to the Open Cluster Management project
Index ¶
- Constants
- Variables
- func GetClusterForeignKey(ctx context.Context, db *sql.DB, cluster Cluster) (int32, error)
- func MonitorDatabaseConnection(ctx context.Context, complianceServerCtx *ComplianceServerCtx, ...)
- func ParseDBSecret(dbSecret *corev1.Secret, tempDirPath string) (string, error)
- type Cluster
- type ComplianceAPIServer
- type ComplianceDBSecretReconciler
- type ComplianceEvent
- type ComplianceServerCtx
- type EventDetails
- type JSONMap
- type ListResponse
- type ParentPolicy
- type Policy
- type Scannable
- type Spec
Constants ¶
const ( ControllerName = "compliance-events-api" DBSecretName = "governance-policy-database" WatchNamespaceEnvVar = "WATCH_NAMESPACE_COMPLIANCE_EVENTS_STORE" )
Variables ¶
var ( ErrInvalidDBSecret = errors.New("the governance-policy-database secret is invalid") ErrInvalidConnectionURL = errors.New("the database connection URL is invalid") ErrDBConnectionFailed = errors.New("the compliance events database could not be connected to") ErrRetryable = errors.New("") )
Functions ¶
func GetClusterForeignKey ¶ added in v0.13.0
GetClusterForeignKey will return the database ID based on the cluster.ClusterID.
func MonitorDatabaseConnection ¶ added in v0.13.0
func MonitorDatabaseConnection( ctx context.Context, complianceServerCtx *ComplianceServerCtx, client *kubernetes.Clientset, controllerNamespace string, reconcileRequests chan<- event.GenericEvent, )
MonitorDatabaseConnection will check the database connection health every 20 seconds. If healthy, it will migrate the database if necessary, and send any reconcile requests to the replicated policy controller from complianceServerCtx.Queue. To stop MonitorDatabaseConnection, cancel the input context.
Types ¶
type Cluster ¶ added in v0.13.0
type Cluster struct {
KeyID int32 `db:"id" json:"-"`
Name string `db:"name" json:"name"`
ClusterID string `db:"cluster_id" json:"cluster_id"` //nolint:tagliatelle
}
func (*Cluster) GetOrCreate ¶ added in v0.13.0
func (*Cluster) InsertQuery ¶ added in v0.13.0
func (*Cluster) SelectQuery ¶ added in v0.13.0
type ComplianceAPIServer ¶ added in v0.13.0
type ComplianceAPIServer struct {
// contains filtered or unexported fields
}
func NewComplianceAPIServer ¶ added in v0.13.0
func NewComplianceAPIServer(listenAddress string, cfg *rest.Config, cert *tls.Certificate) *ComplianceAPIServer
func (*ComplianceAPIServer) Start ¶ added in v0.13.0
func (s *ComplianceAPIServer) Start(ctx context.Context, serverContext *ComplianceServerCtx) error
Start starts the HTTP server and blocks until ctx is closed or there was an error starting the HTTP server.
type ComplianceDBSecretReconciler ¶ added in v0.13.0
type ComplianceDBSecretReconciler struct {
DynamicWatcher k8sdepwatches.DynamicWatcher
Client *kubernetes.Clientset
// TempDir is used for temporary files such as a custom CA to use to verify the Postgres TLS connection. The
// caller is responsible for cleaning it up after the controller stops.
TempDir string
ConnectionURL string
ComplianceServerCtx *ComplianceServerCtx
}
ComplianceDBSecretReconciler is responsible for managing the compliance events history database migrations and keeping the shared database connection up to date.
func (*ComplianceDBSecretReconciler) Reconcile ¶ added in v0.13.0
func (r *ComplianceDBSecretReconciler) Reconcile( ctx context.Context, watcher k8sdepwatches.ObjectIdentifier, ) (ctrl.Result, error)
Reconcile watches the governance-policy-database secret in the controller namespace. On updates it'll trigger a database migration and update the shared database connection.
type ComplianceEvent ¶ added in v0.13.0
type ComplianceEvent struct {
EventID int32 `json:"id"`
Cluster Cluster `json:"cluster"`
Event EventDetails `json:"event"`
ParentPolicy *ParentPolicy `json:"parent_policy"` //nolint:tagliatelle
Policy Policy `json:"policy"`
}
func (ComplianceEvent) Validate ¶ added in v0.13.0
func (ce ComplianceEvent) Validate(ctx context.Context, serverContext *ComplianceServerCtx) error
Validate ensures that a valid POST request for a compliance event is set. This means that if the shorthand approach of providing parent_policy.id and/or policy.id is used, the other fields for ParentPolicy and Policy will not be present.
type ComplianceServerCtx ¶ added in v0.13.0
type ComplianceServerCtx struct {
// A write lock is used when the database connection changes and the DB object needs to be replaced.
// A read lock should be used when the DB is accessed.
Lock sync.RWMutex
DB *sql.DB
Queue workqueue.TypedInterface[types.NamespacedName]
// These caches get reset after a database migration due to a connection drop and reconnect.
ParentPolicyToID sync.Map
PolicyToID sync.Map
ClusterID string
// contains filtered or unexported fields
}
ComplianceServerCtx acts as a "global" database instance that all required controllers share. The ComplianceDBSecretReconciler reconciler is responsible for updating the DB field if the connection info gets added or changes. MonitorDatabaseConnection will periodically check the health of the database connection and monitor the Queue. See MonitorDatabaseConnection for more information.
func NewComplianceServerCtx ¶ added in v0.13.0
func NewComplianceServerCtx(dbConnectionURL string, clusterID string) (*ComplianceServerCtx, error)
NewComplianceServerCtx returns a ComplianceServerCtx with initialized values. It does not start a connection but does validate the connection URL for syntax. If the connection URL is not provided or is invalid, ErrInvalidConnectionURL is returned.
func (*ComplianceServerCtx) MigrateDB ¶ added in v0.13.0
func (c *ComplianceServerCtx) MigrateDB( ctx context.Context, client *kubernetes.Clientset, controllerNamespace string, ) error
MigrateDB will perform a database migration if required and send Kubernetes events if the migration fails. ErrDBConnectionFailed will be returned if the database connection failed. Obtain a write lock before calling this method if multiple goroutines use this ComplianceServerCtx instance.
type EventDetails ¶ added in v0.13.0
type EventDetails struct {
KeyID int32 `db:"id" json:"-"`
ClusterID int32 `db:"cluster_id" json:"-"`
PolicyID int32 `db:"policy_id" json:"-"`
ParentPolicyID *int32 `db:"parent_policy_id" json:"-"`
Compliance string `db:"compliance" json:"compliance"`
Message string `db:"message" json:"message"`
Timestamp time.Time `db:"timestamp" json:"timestamp"`
Metadata JSONMap `db:"metadata" json:"metadata"`
ReportedBy *string `db:"reported_by" json:"reported_by"` //nolint:tagliatelle
}
func (*EventDetails) InsertQuery ¶ added in v0.13.0
func (e *EventDetails) InsertQuery() (string, []any)
func (EventDetails) Validate ¶ added in v0.13.0
func (e EventDetails) Validate() error
type JSONMap ¶ added in v0.13.0
type JSONMap map[string]interface{}
type ListResponse ¶ added in v0.13.0
type ListResponse struct {
Data []ComplianceEvent `json:"data"`
Metadata metadata `json:"metadata"`
}
type ParentPolicy ¶ added in v0.13.0
type ParentPolicy struct {
KeyID int32 `db:"id" json:"id"`
Name string `db:"name" json:"name"`
Namespace string `db:"namespace" json:"namespace"`
Categories pq.StringArray `db:"categories" json:"categories"`
Controls pq.StringArray `db:"controls" json:"controls"`
Standards pq.StringArray `db:"standards" json:"standards"`
}
func ParentPolicyFromPolicyObj ¶ added in v0.13.0
func ParentPolicyFromPolicyObj(plc *policiesv1.Policy) ParentPolicy
func (*ParentPolicy) GetOrCreate ¶ added in v0.13.0
func (*ParentPolicy) InsertQuery ¶ added in v0.13.0
func (p *ParentPolicy) InsertQuery() (string, []any)
func (ParentPolicy) Key ¶ added in v0.13.0
func (p ParentPolicy) Key() string
func (*ParentPolicy) SelectQuery ¶ added in v0.13.0
func (p *ParentPolicy) SelectQuery(returnedColumns ...string) (string, []any)
func (ParentPolicy) Validate ¶ added in v0.13.0
func (p ParentPolicy) Validate() error
type Policy ¶ added in v0.13.0
type Policy struct {
KeyID int32 `db:"id" json:"id"`
Kind string `db:"kind" json:"kind"`
APIGroup string `db:"api_group" json:"apiGroup"`
Name string `db:"name" json:"name"`
Namespace *string `db:"namespace" json:"namespace"`
Spec JSONMap `json:"spec,omitempty"`
SpecID int32 `db:"spec_id" json:"-"`
Severity *string `db:"severity" json:"severity"`
}
func PolicyFromUnstructured ¶ added in v0.13.0
func PolicyFromUnstructured(obj unstructured.Unstructured) *Policy
Source Files