v1beta1

package
v0.0.0-...-25056e1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 7, 2024 License: Apache-2.0 Imports: 5 Imported by: 2

Documentation

Overview

Package v1beta1 contains API Schema definitions for the policy v1beta1 API group +k8s:deepcopy-gen=package +kubebuilder:object:generate=true +k8s:openapi-gen=true +groupName=wgpolicyk8s.io

Package v1beta1 contains API Schema definitions for the policy v1beta1 API group +kubebuilder:object:generate=true +groupName=wgpolicyk8s.io

Index

Constants

This section is empty.

Variables

View Source
var (
	// SchemeGroupVersion is group version used to register these objects
	SchemeGroupVersion = schema.GroupVersion{Group: "wgpolicyk8s.io", Version: "v1beta1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Package v1beta1 contains API Schema definitions for the policy v1beta1 API group +kubebuilder:object:generate=true +groupName=wgpolicyk8s.io

Functions

func Kind

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type ClusterPolicyReport

type ClusterPolicyReport struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Source is an identifier for the source e.g. a policy engine that manages this report.
	// Use this field if all the results are produced by a single policy engine.
	// If the results are produced by multiple sources e.g. different engines or scanners,
	// then use the Source field at the PolicyReportResult level.
	// +optional
	Source string `json:"source"`

	// Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
	// +optional
	Scope *corev1.ObjectReference `json:"scope,omitempty"`

	// ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
	// Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
	// +optional
	ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`

	// Configuration is an optional field which can be used to specify
	// a contract between PolicyReport generators and consumers
	// +optional
	Configuration *PolicyReportConfiguration `json:"configuration,omitempty"`

	// PolicyReportSummary provides a summary of results
	// +optional
	Summary PolicyReportSummary `json:"summary,omitempty"`

	// PolicyReportResult provides result details
	// +optional
	Results []PolicyReportResult `json:"results,omitempty"`
}

ClusterPolicyReport is the Schema for the clusterpolicyreports API

func (*ClusterPolicyReport) DeepCopy

func (in *ClusterPolicyReport) DeepCopy() *ClusterPolicyReport

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport.

func (*ClusterPolicyReport) DeepCopyInto

func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterPolicyReport) DeepCopyObject

func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterPolicyReportList

type ClusterPolicyReportList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterPolicyReport `json:"items"`
}

ClusterPolicyReportList contains a list of ClusterPolicyReport +kubebuilder:object:root=true +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*ClusterPolicyReportList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList.

func (*ClusterPolicyReportList) DeepCopyInto

func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterPolicyReportList) DeepCopyObject

func (in *ClusterPolicyReportList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type Limits

type Limits struct {
	// MaxResults is the maximum number of results contained in the report
	// +optional
	MaxResults int `json:"maxResults"`

	// StatusFilter indicates that the PolicyReport contains only those reports with statuses specified in this list
	// +optional
	StatusFilter []StatusFilter `json:"statusFilter,omitempty"`
}

func (*Limits) DeepCopy

func (in *Limits) DeepCopy() *Limits

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limits.

func (*Limits) DeepCopyInto

func (in *Limits) DeepCopyInto(out *Limits)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyReport

type PolicyReport struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Source is an identifier for the source e.g. a policy engine that manages this report.
	// Use this field if all the results are produced by a single policy engine.
	// If the results are produced by multiple sources e.g. different engines or scanners,
	// then use the Source field at the PolicyReportResult level.
	// +optional
	Source string `json:"source"`

	// Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
	// +optional
	Scope *corev1.ObjectReference `json:"scope,omitempty"`

	// ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
	// Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
	// +optional
	ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`

	// Configuration is an optional field which can be used to specify
	// a contract between PolicyReport generators and consumers
	// +optional
	Configuration *PolicyReportConfiguration `json:"configuration,omitempty"`

	// PolicyReportSummary provides a summary of results
	// +optional
	Summary PolicyReportSummary `json:"summary,omitempty"`

	// PolicyReportResult provides result details
	// +optional
	Results []PolicyReportResult `json:"results,omitempty"`
}

PolicyReport is the Schema for the policyreports API

func (*PolicyReport) DeepCopy

func (in *PolicyReport) DeepCopy() *PolicyReport

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport.

func (*PolicyReport) DeepCopyInto

func (in *PolicyReport) DeepCopyInto(out *PolicyReport)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyReport) DeepCopyObject

func (in *PolicyReport) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PolicyReportConfiguration

type PolicyReportConfiguration struct {
	Limits Limits `json:"limits"`
}

func (*PolicyReportConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportConfiguration.

func (*PolicyReportConfiguration) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyReportList

type PolicyReportList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PolicyReport `json:"items"`
}

PolicyReportList contains a list of PolicyReport +kubebuilder:object:root=true +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*PolicyReportList) DeepCopy

func (in *PolicyReportList) DeepCopy() *PolicyReportList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList.

func (*PolicyReportList) DeepCopyInto

func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyReportList) DeepCopyObject

func (in *PolicyReportList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PolicyReportResult

type PolicyReportResult struct {

	// Source is an identifier for the policy engine that manages this report
	// If the Source is specified at this level, it will override the Source
	// field set at the PolicyReport level
	// +optional
	Source string `json:"source"`

	// Policy is the name or identifier of the policy
	Policy string `json:"policy"`

	// Rule is the name or identifier of the rule within the policy
	// +optional
	Rule string `json:"rule,omitempty"`

	// Category indicates policy category
	// +optional
	Category string `json:"category,omitempty"`

	// Severity indicates policy check result criticality
	// +optional
	Severity PolicyResultSeverity `json:"severity,omitempty"`

	// Timestamp indicates the time the result was found
	Timestamp metav1.Timestamp `json:"timestamp,omitempty"`

	// Result indicates the outcome of the policy rule execution
	Result PolicyResult `json:"result,omitempty"`

	// Scored indicates if this result is scored
	Scored bool `json:"scored,omitempty"`

	// Subjects is an optional reference to the checked Kubernetes resources
	// +optional
	Subjects []corev1.ObjectReference `json:"resources,omitempty"`

	// ResourceSelector is an optional label selector for checked Kubernetes resources.
	// For example, a policy result may apply to all pods that match a label.
	// Either a Subject or a ResourceSelector can be specified. If neither are provided, the
	// result is assumed to be for the policy report scope.
	// +optional
	ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"`

	// Description is a short user friendly message for the policy rule
	Description string `json:"message,omitempty"`

	// Properties provides additional information for the policy rule
	Properties map[string]string `json:"properties,omitempty"`
}

PolicyReportResult provides the result for an individual policy

func (*PolicyReportResult) DeepCopy

func (in *PolicyReportResult) DeepCopy() *PolicyReportResult

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult.

func (*PolicyReportResult) DeepCopyInto

func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyReportSummary

type PolicyReportSummary struct {

	// Pass provides the count of policies whose requirements were met
	// +optional
	Pass int `json:"pass"`

	// Fail provides the count of policies whose requirements were not met
	// +optional
	Fail int `json:"fail"`

	// Warn provides the count of non-scored policies whose requirements were not met
	// +optional
	Warn int `json:"warn"`

	// Error provides the count of policies that could not be evaluated
	// +optional
	Error int `json:"error"`

	// Skip indicates the count of policies that were not selected for evaluation
	// +optional
	Skip int `json:"skip"`
}

PolicyReportSummary provides a status count summary

func (*PolicyReportSummary) DeepCopy

func (in *PolicyReportSummary) DeepCopy() *PolicyReportSummary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary.

func (*PolicyReportSummary) DeepCopyInto

func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyResult

type PolicyResult string

PolicyResult has one of the following values:

  • pass: the policy requirements are met
  • fail: the policy requirements are not met
  • warn: the policy requirements are not met and the policy is not scored
  • error: the policy could not be evaluated
  • skip: the policy was not selected based on user inputs or applicability

+kubebuilder:validation:Enum=pass;fail;warn;error;skip

type PolicyResultSeverity

type PolicyResultSeverity string

PolicyResultSeverity has one of the following values:

  • critical
  • high
  • low
  • medium
  • info

+kubebuilder:validation:Enum=critical;high;low;medium;info

type StatusFilter

type StatusFilter string

StatusFilter is used by PolicyReport generators to write only those reports whose status is specified by the filters +kubebuilder:validation:Enum=pass;fail;warn;error;skip

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL