Documentation ¶
Overview ¶
Package v1beta1 contains API Schema definitions for the policy v1beta1 API group +k8s:deepcopy-gen=package +kubebuilder:object:generate=true +k8s:openapi-gen=true +groupName=wgpolicyk8s.io
Package v1beta1 contains API Schema definitions for the policy v1beta1 API group +kubebuilder:object:generate=true +groupName=wgpolicyk8s.io
Index ¶
- Variables
- func Kind(kind string) schema.GroupKind
- func Resource(resource string) schema.GroupResource
- type ClusterPolicyReport
- type ClusterPolicyReportList
- type Limits
- type PolicyReport
- type PolicyReportConfiguration
- type PolicyReportList
- type PolicyReportResult
- type PolicyReportSummary
- type PolicyResult
- type PolicyResultSeverity
- type StatusFilter
Constants ¶
This section is empty.
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: "wgpolicyk8s.io", Version: "v1beta1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Package v1beta1 contains API Schema definitions for the policy v1beta1 API group +kubebuilder:object:generate=true +groupName=wgpolicyk8s.io
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type ClusterPolicyReport ¶
type ClusterPolicyReport struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Source is an identifier for the source e.g. a policy engine that manages this report. // Use this field if all the results are produced by a single policy engine. // If the results are produced by multiple sources e.g. different engines or scanners, // then use the Source field at the PolicyReportResult level. // +optional Source string `json:"source"` // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) // +optional Scope *corev1.ObjectReference `json:"scope,omitempty"` // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. // +optional ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` // Configuration is an optional field which can be used to specify // a contract between PolicyReport generators and consumers // +optional Configuration *PolicyReportConfiguration `json:"configuration,omitempty"` // PolicyReportSummary provides a summary of results // +optional Summary PolicyReportSummary `json:"summary,omitempty"` // PolicyReportResult provides result details // +optional Results []PolicyReportResult `json:"results,omitempty"` }
ClusterPolicyReport is the Schema for the clusterpolicyreports API
func (*ClusterPolicyReport) DeepCopy ¶
func (in *ClusterPolicyReport) DeepCopy() *ClusterPolicyReport
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport.
func (*ClusterPolicyReport) DeepCopyInto ¶
func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterPolicyReport) DeepCopyObject ¶
func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterPolicyReportList ¶
type ClusterPolicyReportList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ClusterPolicyReport `json:"items"` }
ClusterPolicyReportList contains a list of ClusterPolicyReport +kubebuilder:object:root=true +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*ClusterPolicyReportList) DeepCopy ¶
func (in *ClusterPolicyReportList) DeepCopy() *ClusterPolicyReportList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList.
func (*ClusterPolicyReportList) DeepCopyInto ¶
func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterPolicyReportList) DeepCopyObject ¶
func (in *ClusterPolicyReportList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type Limits ¶
type Limits struct { // MaxResults is the maximum number of results contained in the report // +optional MaxResults int `json:"maxResults"` // StatusFilter indicates that the PolicyReport contains only those reports with statuses specified in this list // +optional StatusFilter []StatusFilter `json:"statusFilter,omitempty"` }
func (*Limits) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limits.
func (*Limits) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyReport ¶
type PolicyReport struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Source is an identifier for the source e.g. a policy engine that manages this report. // Use this field if all the results are produced by a single policy engine. // If the results are produced by multiple sources e.g. different engines or scanners, // then use the Source field at the PolicyReportResult level. // +optional Source string `json:"source"` // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) // +optional Scope *corev1.ObjectReference `json:"scope,omitempty"` // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. // +optional ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` // Configuration is an optional field which can be used to specify // a contract between PolicyReport generators and consumers // +optional Configuration *PolicyReportConfiguration `json:"configuration,omitempty"` // PolicyReportSummary provides a summary of results // +optional Summary PolicyReportSummary `json:"summary,omitempty"` // PolicyReportResult provides result details // +optional Results []PolicyReportResult `json:"results,omitempty"` }
PolicyReport is the Schema for the policyreports API
func (*PolicyReport) DeepCopy ¶
func (in *PolicyReport) DeepCopy() *PolicyReport
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport.
func (*PolicyReport) DeepCopyInto ¶
func (in *PolicyReport) DeepCopyInto(out *PolicyReport)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PolicyReport) DeepCopyObject ¶
func (in *PolicyReport) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PolicyReportConfiguration ¶
type PolicyReportConfiguration struct {
Limits Limits `json:"limits"`
}
func (*PolicyReportConfiguration) DeepCopy ¶
func (in *PolicyReportConfiguration) DeepCopy() *PolicyReportConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportConfiguration.
func (*PolicyReportConfiguration) DeepCopyInto ¶
func (in *PolicyReportConfiguration) DeepCopyInto(out *PolicyReportConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyReportList ¶
type PolicyReportList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []PolicyReport `json:"items"` }
PolicyReportList contains a list of PolicyReport +kubebuilder:object:root=true +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*PolicyReportList) DeepCopy ¶
func (in *PolicyReportList) DeepCopy() *PolicyReportList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList.
func (*PolicyReportList) DeepCopyInto ¶
func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PolicyReportList) DeepCopyObject ¶
func (in *PolicyReportList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PolicyReportResult ¶
type PolicyReportResult struct { // Source is an identifier for the policy engine that manages this report // If the Source is specified at this level, it will override the Source // field set at the PolicyReport level // +optional Source string `json:"source"` // Policy is the name or identifier of the policy Policy string `json:"policy"` // Rule is the name or identifier of the rule within the policy // +optional Rule string `json:"rule,omitempty"` // Category indicates policy category // +optional Category string `json:"category,omitempty"` // Severity indicates policy check result criticality // +optional Severity PolicyResultSeverity `json:"severity,omitempty"` // Timestamp indicates the time the result was found Timestamp metav1.Timestamp `json:"timestamp,omitempty"` // Result indicates the outcome of the policy rule execution Result PolicyResult `json:"result,omitempty"` // Scored indicates if this result is scored Scored bool `json:"scored,omitempty"` // Subjects is an optional reference to the checked Kubernetes resources // +optional Subjects []corev1.ObjectReference `json:"resources,omitempty"` // ResourceSelector is an optional label selector for checked Kubernetes resources. // For example, a policy result may apply to all pods that match a label. // Either a Subject or a ResourceSelector can be specified. If neither are provided, the // result is assumed to be for the policy report scope. // +optional ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"` // Description is a short user friendly message for the policy rule Description string `json:"message,omitempty"` // Properties provides additional information for the policy rule Properties map[string]string `json:"properties,omitempty"` }
PolicyReportResult provides the result for an individual policy
func (*PolicyReportResult) DeepCopy ¶
func (in *PolicyReportResult) DeepCopy() *PolicyReportResult
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult.
func (*PolicyReportResult) DeepCopyInto ¶
func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyReportSummary ¶
type PolicyReportSummary struct { // Pass provides the count of policies whose requirements were met // +optional Pass int `json:"pass"` // Fail provides the count of policies whose requirements were not met // +optional Fail int `json:"fail"` // Warn provides the count of non-scored policies whose requirements were not met // +optional Warn int `json:"warn"` // Error provides the count of policies that could not be evaluated // +optional Error int `json:"error"` // Skip indicates the count of policies that were not selected for evaluation // +optional Skip int `json:"skip"` }
PolicyReportSummary provides a status count summary
func (*PolicyReportSummary) DeepCopy ¶
func (in *PolicyReportSummary) DeepCopy() *PolicyReportSummary
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary.
func (*PolicyReportSummary) DeepCopyInto ¶
func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyResult ¶
type PolicyResult string
PolicyResult has one of the following values:
- pass: the policy requirements are met
- fail: the policy requirements are not met
- warn: the policy requirements are not met and the policy is not scored
- error: the policy could not be evaluated
- skip: the policy was not selected based on user inputs or applicability
+kubebuilder:validation:Enum=pass;fail;warn;error;skip
type PolicyResultSeverity ¶
type PolicyResultSeverity string
PolicyResultSeverity has one of the following values:
- critical
- high
- low
- medium
- info
+kubebuilder:validation:Enum=critical;high;low;medium;info
type StatusFilter ¶
type StatusFilter string
StatusFilter is used by PolicyReport generators to write only those reports whose status is specified by the filters +kubebuilder:validation:Enum=pass;fail;warn;error;skip