v1alpha1

package
v0.3.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2023 License: GPL-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the terraform v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=terraform.appvia.io

Index

Constants

View Source 
const (
	// ConditionProviderReady indicate the status of the provider
	ConditionProviderReady corev1alpha1.ConditionType = "ProviderReady"
	// ConditionTerraformPlan indicates the status of the terraform plan
	ConditionTerraformPlan corev1alpha1.ConditionType = "TerraformPlan"
	// ConditionTerraformPolicy indicates the status of the terraform apply
	ConditionTerraformPolicy corev1alpha1.ConditionType = "SecurityPolicy"
	// ConditionTerraformApply indicates the status of the terraform apply
	ConditionTerraformApply corev1alpha1.ConditionType = "TerraformApply"
)
View Source 
const (
	// ApplyAnnotation is the annotation used to mark a resource as a plan rather than apply
	ApplyAnnotation = "terraform.appvia.io/apply"
	// DriftAnnotation is the annotation used to mark a resource for drift detection
	DriftAnnotation = "terraform.appvia.io/drift"
	// ReconcileAnnotation is the label used control reconciliation
	ReconcileAnnotation = "terraform.appvia.io/reconcile"
	// RetryAnnotation is the annotation used to mark a resource for retry
	RetryAnnotation = "terraform.appvia.io/retry"
	// OrphanAnnotation is the label used to orphan a configuration
	OrphanAnnotation = "terraform.appvia.io/orphan"
	// VersionAnnotation is the label used to hold the version
	VersionAnnotation = "terraform.appvia.io/version"
)
View Source 
const (
	// CheckovJobTemplateConfigMapKey is the key name for the job template in the configmap
	CheckovJobTemplateConfigMapKey = "checkov.yaml"
	// TerraformBackendConfigMapKey is the key name for the terraform backend in the configmap
	TerraformBackendConfigMapKey = "backend.tf"
	// TerraformVariablesConfigMapKey is the key name for the terraform variables in the configmap
	TerraformVariablesConfigMapKey = "variables.tfvars.json"
	// TerraformProviderConfigMapKey is the key name for the terraform variables in the configmap
	TerraformProviderConfigMapKey = "provider.tf"
	// TerraformJobTemplateConfigMapKey is the key name for the job template in the configmap
	TerraformJobTemplateConfigMapKey = "job.yaml"
)
View Source 
const (
	// ConfigurationGenerationLabel is the label used to identify a configuration generation
	ConfigurationGenerationLabel = "terraform.appvia.io/generation"
	// ConfigurationNameLabel is the label used to identify a configuration
	ConfigurationNameLabel = "terraform.appvia.io/configuration"
	// ConfigurationUIDLabel is the uid of the configuration
	ConfigurationUIDLabel = "terraform.appvia.io/configuration-uid"
	// ConfigurationNamespaceLabel is the label used to identify a configuration namespace
	ConfigurationNamespaceLabel = "terraform.appvia.io/namespace"
	// ConfigurationStageLabel is the label used to identify a configuration stage
	ConfigurationStageLabel = "terraform.appvia.io/stage"
)
View Source 
const (
	// StageTerraformApply is the stage for a terraform apply
	StageTerraformApply = "apply"
	// StageTerraformDestroy is the stage for a terraform destroy
	StageTerraformDestroy = "destroy"
	// StageTerraformPlan is the stage for a terraform plan
	StageTerraformPlan = "plan"
	// StageTerraformVerify is the stage for a verify
	StageTerraformVerify = "verify"
)
View Source 
const (
	// DefaultVariablesAnnotation is the annotation applied when default variables are set
	DefaultVariablesAnnotation = "terraform.appvia.io/defaults"
	// SkipDefaultsValidationCheck is the annotation indicating to skip the check
	SkipDefaultsValidationCheck = "terraform.appvia.io/skip-defaults-check"
)
View Source 
const (
	// SourceSecret is the source type for a secret
	SourceSecret = "secret"
	// SourceInjected indicates the source is pod identity
	SourceInjected = "injected"
)
View Source 
const ConfigurationKind = "Configuration"

ConfigurationKind is the kind for a Configuration

View Source 
const GroupName = "terraform.appvia.io"

GroupName specifies the group name used to register the objects.

View Source 
const PolicyKind = "Policy"

PolicyKind is the kind for a Policy

View Source 
const ProviderKind = "Provider"

ProviderKind is the kind for a Provider

View Source 
const (
	// ProviderSecretSkipChecks is the annotation to skip checks on the secret keys
	ProviderSecretSkipChecks = "providers.terraform.appvia.io/skip-checks"
)
View Source 
const (
	// TerraformStateSecretKey is the key used by the terraform state secret
	TerraformStateSecretKey = "tfstate"
)

Variables

View Source 
var (
	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
	SchemeBuilder runtime.SchemeBuilder

	// Depreciated: use Install instead
	AddToScheme = localSchemeBuilder.AddToScheme
	Install     = localSchemeBuilder.AddToScheme
)
View Source 
var ConfigurationGVK = schema.GroupVersionKind{
	Group:   GroupVersion.Group,
	Version: GroupVersion.Version,
	Kind:    ConfigurationKind,
}

ConfigurationGVK is the GVK for a Configuration

View Source 
var DefaultConfigurationConditions = []corev1alpha1.ConditionSpec{
	{Type: ConditionProviderReady, Name: "Provider ready"},
	{Type: ConditionTerraformPlan, Name: "Terraform Plan"},
	{Type: ConditionTerraformPolicy, Name: "Security Policy"},
	{Type: ConditionTerraformApply, Name: "Terraform Apply"},
	{Type: corev1alpha1.ConditionReady, Name: "Ready"},
}

DefaultConfigurationConditions are the default conditions for all configurations

View Source 
var DefaultProviderConditions = []corev1alpha1.ConditionSpec{
	{Type: corev1alpha1.ConditionReady, Name: "Provider Ready"},
}

DefaultProviderConditions returns the default conditions for a provider

View Source 
var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1alpha1"}

GroupVersion specifies the group and the version used to register the objects.

View Source 
var PolicyGVK = schema.GroupVersionKind{
	Group:   GroupVersion.Group,
	Version: GroupVersion.Version,
	Kind:    PolicyKind,
}

PolicyGVK is the GVK for a Policy

View Source 
var ProviderGVK = schema.GroupVersionKind{
	Group:   GroupVersion.Group,
	Version: GroupVersion.Version,
	Kind:    ProviderKind,
}

ProviderGVK is the GVK for a Provider

View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

SchemeGroupVersion is group version used to register these objects Deprecated: use GroupVersion instead.

View Source 
var SupportedProviderTypes = []ProviderType{
	AWSProviderType,
	AliCloudProviderType,
	AzureActiveDirectoryProviderType,
	AzureCloudStackProviderType,
	AzureProviderType,
	GCPProviderType,
	GoogleWorkpspaceProviderType,
	KubernetesProviderType,
	VSphereProviderType,
	VaultProviderType,
}

SupportedProviderTypes returns the supported provider types

Functions

func IsSupportedProviderType 

func IsSupportedProviderType(providerType ProviderType) bool

IsSupportedProviderType returns true if the provider type is supported

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

func SupportedProviderTypeList 

func SupportedProviderTypeList() []string

SupportedProviderTypeList returns a list of supported provider types

Types

type Configuration 

type Configuration struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ConfigurationSpec   `json:"spec,omitempty"`
	Status ConfigurationStatus `json:"status,omitempty"`
}

Configuration is the schema for terraform definitions in terraform controller +k8s:openapi-gen=true +kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Module",type="string",JSONPath=".spec.module" +kubebuilder:printcolumn:name="Secret",type="string",JSONPath=".spec.writeConnectionSecretToRef.name" +kubebuilder:printcolumn:name="Estimated",type="string",JSONPath=".status.costs.monthly" +kubebuilder:printcolumn:name="Synchronized",type="string",JSONPath=".status.resourceStatus" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func NewConfiguration 

func NewConfiguration(namespace, name string) *Configuration

NewConfiguration returns an empty configuration

func (*Configuration) DeepCopy 

func (in *Configuration) DeepCopy() *Configuration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Configuration.

func (*Configuration) DeepCopyInto 

func (in *Configuration) DeepCopyInto(out *Configuration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Configuration) DeepCopyObject 

func (in *Configuration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Configuration) GetCommonStatus 

func (c *Configuration) GetCommonStatus() *corev1alpha1.CommonStatus

GetCommonStatus returns the common status

func (*Configuration) GetNamespacedName 

func (c *Configuration) GetNamespacedName() types.NamespacedName

GetNamespacedName returns the namespaced resource type

func (*Configuration) GetTerraformConfigSecretName 

func (c *Configuration) GetTerraformConfigSecretName() string

GetTerraformConfigSecretName returns the name of the configuration secret

func (*Configuration) GetTerraformCostSecretName 

func (c *Configuration) GetTerraformCostSecretName() string

GetTerraformCostSecretName returns the name which should be used for the costs report

func (*Configuration) GetTerraformPolicySecretName 

func (c *Configuration) GetTerraformPolicySecretName() string

GetTerraformPolicySecretName returns the name of the secret holding the terraform state

func (*Configuration) GetTerraformStateSecretName 

func (c *Configuration) GetTerraformStateSecretName() string

GetTerraformStateSecretName returns the name of the secret holding the terraform state

func (*Configuration) GetVariables 

func (c *Configuration) GetVariables() (map[string]interface{}, error)

GetVariables returns the variables for the configuration

func (*Configuration) HasApproval 

func (c *Configuration) HasApproval() bool

HasApproval returns true if the configuration has an approval

func (*Configuration) HasRetryableAnnotation added in v0.3.14 

func (c *Configuration) HasRetryableAnnotation() bool

HasRetryableAnnotation returns true if the configuration has the retryable annotation

func (*Configuration) HasVariables 

func (c *Configuration) HasVariables() bool

HasVariables returns true if the configuration has variables

func (*Configuration) IsRetryable added in v0.3.14 

func (c *Configuration) IsRetryable() bool

IsRetryable returns true if the configuration is in a state where it can be retried

func (*Configuration) IsRetryableValid added in v0.3.14 

func (c *Configuration) IsRetryableValid() bool

IsRetryableValid returns true if the retryable annotation is valid

func (*Configuration) NeedsApproval 

func (c *Configuration) NeedsApproval() bool

NeedsApproval returns true if the configuration needs approval

type ConfigurationList 

type ConfigurationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Configuration `json:"items"`
}

ConfigurationList contains a list of configurations

func (*ConfigurationList) DeepCopy 

func (in *ConfigurationList) DeepCopy() *ConfigurationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigurationList.

func (*ConfigurationList) DeepCopyInto 

func (in *ConfigurationList) DeepCopyInto(out *ConfigurationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ConfigurationList) DeepCopyObject 

func (in *ConfigurationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ConfigurationSpec 

type ConfigurationSpec struct {
	// Auth is used to configure any options required when the source of the terraform
	// module is private or requires credentials to retrieve. This could be SSH keys or git
	// user/pass or AWS credentials for an s3 bucket.
	// +kubebuilder:validation:Optional
	Auth *v1.SecretReference `json:"auth,omitempty"`
	// EnableAutoApproval when enabled indicates the configuration does not need to be
	// manually approved. On a change to the configuration, the controller will automatically
	// approve the configuration. Note it still needs to adhere to any checks or policies.
	// +kubebuilder:validation:Optional
	EnableAutoApproval bool `json:"enableAutoApproval,omitempty"`
	// EnableDriftDetection when enabled run periodic reconciliation configurations looking
	// for any drift between the expected and current state. If any drift is detected the
	// status is changed and a kubernetes event raised.
	EnableDriftDetection bool `json:"enableDriftDetection,omitempty"`
	// Module is the URL to the source of the terraform module. The format of the URL is
	// a direct implementation of terraform's module reference. Please see the following
	// repository for more details https://github.com/hashicorp/go-getter
	// +kubebuilder:validation:Required
	Module string `json:"module"`
	// ProviderRef is the reference to the provider which should be used to execute this
	// configuration.
	// +kubebuilder:validation:Required
	ProviderRef *ProviderReference `json:"providerRef"`
	// WriteConnectionSecretToRef is the name for a secret. On execution of the terraform module
	// any module outputs are written to this secret. The outputs are automatically uppercased
	// and ready to be consumed as environment variables.
	// +kubebuilder:validation:Optional
	// WriteConnectionSecretRef is the secret where the terraform outputs will be written.
	// +kubebuilder:validation:Required
	WriteConnectionSecretToRef *WriteConnectionSecret `json:"writeConnectionSecretToRef,omitempty"`
	// Variables provides the inputs for the terraform module itself. These are passed to the
	// terraform executor and used to execute the plan, apply and destroy phases.
	// +kubebuilder:validation:Optional
	// +kubebuilder:pruning:PreserveUnknownFields
	Variables *runtime.RawExtension `json:"variables,omitempty"`
	// ValueFromSource is a collection of value from sources, where the source of the value
	// is taken from a secret
	// +kubebuilder:validation:Optional
	ValueFrom []ValueFromSource `json:"valueFrom,omitempty"`
	// TerraformVersion provides the ability to override the default terraform version. Before
	// changing this field its best to consult with platform administrator. As the
	// value of this field is used to change the tag of the terraform container image.
	// +kubebuilder:validation:Optional
	TerraformVersion string `json:"terraformVersion,omitempty"`
}

ConfigurationSpec defines the desired state of a terraform +k8s:openapi-gen=true

func (*ConfigurationSpec) DeepCopy 

func (in *ConfigurationSpec) DeepCopy() *ConfigurationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigurationSpec.

func (*ConfigurationSpec) DeepCopyInto 

func (in *ConfigurationSpec) DeepCopyInto(out *ConfigurationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConfigurationStatus 

type ConfigurationStatus struct {
	corev1alpha1.CommonStatus `json:",inline"`
	// Costs is the predicted costs of this configuration. Note this field is only populated
	// when the integration has been configured by the administrator.
	// +kubebuilder:validation:Optional
	Costs *CostStatus `json:"costs,omitempty"`
	// DriftTimestamp is the timestamp of the last drift detection
	// +kubebuilder:validation:Optional
	DriftTimestamp string `json:"driftTimestamp,omitempty"`
	// Resources is the number of managed cloud resources which are currently under management.
	// This field is taken from the terraform state itself.
	// +kubebuilder:validation:Optional
	Resources int `json:"resources,omitempty"`
	// ResourceStatus indicates the status of the resources and if the resources are insync with the
	// configuration
	ResourceStatus ResourceStatus `json:"resourceStatus,omitempty"`
	// TerraformVersion is the version of terraform which was last used to run this
	// configuration
	// +kubebuilder:validation:Optional
	TerraformVersion string `json:"terraformVersion,omitempty"`
}

ConfigurationStatus defines the observed state of a terraform +k8s:openapi-gen=true

func (*ConfigurationStatus) DeepCopy 

func (in *ConfigurationStatus) DeepCopy() *ConfigurationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigurationStatus.

func (*ConfigurationStatus) DeepCopyInto 

func (in *ConfigurationStatus) DeepCopyInto(out *ConfigurationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Constraints 

type Constraints struct {
	// Modules provides the ability to control the source for all terraform modules. Allowing
	// platform teams to control where the modules can be downloaded from.
	// +kubebuilder:validation:Optional
	Modules *ModuleConstraint `json:"modules,omitempty"`
	// Checkov provides the ability to enforce a set of security standards on all configurations.
	// These can be configured to target specific resources based on namespace and resource
	// labels
	// +kubebuilder:validation:Optional
	Checkov *PolicyConstraint `json:"checkov,omitempty"`
}

Constraints defined a collection of constraints which can be applied against the terraform configurations

func (*Constraints) DeepCopy 

func (in *Constraints) DeepCopy() *Constraints

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Constraints.

func (*Constraints) DeepCopyInto 

func (in *Constraints) DeepCopyInto(out *Constraints)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CostStatus 

type CostStatus struct {
	// Enabled indicates if the cost integration was enabled when this configuration was last
	// executed.
	// +kubebuilder:validation:Optional
	Enabled bool `json:"enabled,omitempty"`
	// Hourly is the hourly estimated cost of the configuration
	// +kubebuilder:validation:Optional
	Hourly string `json:"hourly,omitempty"`
	// Monthly is the monthly estimated cost of the configuration
	// +kubebuilder:validation:Optional
	Monthly string `json:"monthly,omitempty"`
}

CostStatus defines the cost status of a configuration

func (*CostStatus) DeepCopy 

func (in *CostStatus) DeepCopy() *CostStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CostStatus.

func (*CostStatus) DeepCopyInto 

func (in *CostStatus) DeepCopyInto(out *CostStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DefaultVariables 

type DefaultVariables struct {
	// Selector is used to determine which configurations the variables should be injected into
	// +kubebuilder:validation:Required
	Selector DefaultVariablesSelector `json:"selector"`
	// Secrets is a collection of secrets which are used to inject variables into the configuration
	// +kubebuilder:validation:Optional
	Secrets []string `json:"secrets,omitempty"`
	// Variables is a collection of variables to inject into the configuration
	// +kubebuilder:validation:Optional
	// +kubebuilder:pruning:PreserveUnknownFields
	Variables runtime.RawExtension `json:"variables,omitempty"`
}

DefaultVariables provides platform administrators the ability to inject default variables into a configuration

func (*DefaultVariables) DeepCopy 

func (in *DefaultVariables) DeepCopy() *DefaultVariables

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultVariables.

func (*DefaultVariables) DeepCopyInto 

func (in *DefaultVariables) DeepCopyInto(out *DefaultVariables)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DefaultVariablesSelector 

type DefaultVariablesSelector struct {
	// Namespace selectors all configurations under one or more namespaces, determined by the
	// labeling on the namespace.
	// +kubebuilder:validation:Optional
	Namespace *metav1.LabelSelector `json:"namespace,omitempty"`
	// Modules provides a collection of regexes which are used to match against the
	// configuration module
	// +kubebuilder:validation:Optional
	Modules []string `json:"modules,omitempty"`
}

DefaultVariablesSelector is used to determine which configurations the variables should be injected into - this can take into account the namespace labels and the modules themselvesA

func (*DefaultVariablesSelector) DeepCopy 

func (in *DefaultVariablesSelector) DeepCopy() *DefaultVariablesSelector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultVariablesSelector.

func (*DefaultVariablesSelector) DeepCopyInto 

func (in *DefaultVariablesSelector) DeepCopyInto(out *DefaultVariablesSelector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (DefaultVariablesSelector) IsLabelsMatch 

func (d DefaultVariablesSelector) IsLabelsMatch(object client.Object) (bool, error)

IsLabelsMatch returns if the selector matches the namespace label selector

func (DefaultVariablesSelector) IsModulesMatch 

func (d DefaultVariablesSelector) IsModulesMatch(config *Configuration) (bool, error)

IsModulesMatch returns true of the module matches the regex

type ExternalCheck 

type ExternalCheck struct {
	// Name provides a arbitrary name to the checks - note, this name is used as the directory
	// name when we source the code
	// +kubebuilder:validation:Required
	Name string `json:"name,omitempty"`
	// URL is the source external checks - this is usually a git repository. The notation
	// for this is https://github.com/hashicorp/go-getter
	// +kubebuilder:validation:Required
	URL string `json:"url,omitempty"`
	// SecretRef is reference to secret which contains environment variables used by the source
	// command to retrieve the code. This could be cloud credentials, ssh keys, git username
	// and password etc
	// +kubebuilder:validation:Optional
	SecretRef *v1.SecretReference `json:"secretRef,omitempty"`
}

ExternalCheck defines the definition for an external check - this comprises of the source and any optional secret

func (*ExternalCheck) DeepCopy 

func (in *ExternalCheck) DeepCopy() *ExternalCheck

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalCheck.

func (*ExternalCheck) DeepCopyInto 

func (in *ExternalCheck) DeepCopyInto(out *ExternalCheck)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSource added in v0.3.7 

type ExternalSource struct {
	// Configuration is the configuration to use within the source directory
	// +kubebuilder:validation:Required
	Configuration string `json:"configuration,omitempty"`
	// URL is the source external checks - this is usually a git repository. The notation
	// for this is https://github.com/hashicorp/go-getter
	// +kubebuilder:validation:Required
	URL string `json:"url,omitempty"`
	// SecretRef is reference to secret which contains environment variables used by the source
	// command to retrieve the code. This could be cloud credentials, ssh keys, git username
	// and password etc
	// +kubebuilder:validation:Optional
	SecretRef *v1.SecretReference `json:"secretRef,omitempty"`
}

ExternalSource is a external source for the checkov configuration

func (*ExternalSource) DeepCopy added in v0.3.7 

func (in *ExternalSource) DeepCopy() *ExternalSource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSource.

func (*ExternalSource) DeepCopyInto added in v0.3.7 

func (in *ExternalSource) DeepCopyInto(out *ExternalSource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ModuleConstraint 

type ModuleConstraint struct {
	// Allowed is a collection of regexes which are applied to the source of the terraform
	// configuration. The configuration MUST match one or more of the regexes in order to
	// be allowed to run.
	// +kubebuilder:validation:Optional
	Allowed []string `json:"allowed,omitempty"`
	// Selector is the selector on the namespace or labels on the configuration. By leaving
	// this field empty you are implicitly selecting all configurations.
	// +kubebuilder:validation:Optional
	Selector *Selector `json:"selector,omitempty"`
}

ModuleConstraint provides a collection of constraints on modules

func (*ModuleConstraint) DeepCopy 

func (in *ModuleConstraint) DeepCopy() *ModuleConstraint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModuleConstraint.

func (*ModuleConstraint) DeepCopyInto 

func (in *ModuleConstraint) DeepCopyInto(out *ModuleConstraint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ModuleConstraint) Matches 

func (m *ModuleConstraint) Matches(module string) (bool, error)

Matches returns true if the module matches the regex

type Policy 

type Policy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PolicySpec   `json:"spec,omitempty"`
	Status PolicyStatus `json:"status,omitempty"`
}

Policy is the schema for provider definitions in terraform controller +k8s:openapi-gen=true +kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:resource:path=policies,scope=Cluster,categories={terraform} +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func (*Policy) DeepCopy 

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto 

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Policy) DeepCopyObject 

func (in *Policy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Policy) GetCommonStatus 

func (p *Policy) GetCommonStatus() *corev1alpha1.CommonStatus

GetCommonStatus returns the common status

type PolicyConstraint 

type PolicyConstraint struct {
	// Checks is a list of checks which should be applied against the configuration. Note, an
	// empty list here implies checkov should run ALL checks.
	// Please see https://www.checkov.io/5.Policy%20Index/terraform.html
	// +kubebuilder:validation:Optional
	Checks []string `json:"checks,omitempty"`
	// External is a collection of external checks which should be included in the scan. Each
	// of the external sources and retrieved and sourced into /run/policy/NAME where they can
	// be included as part of the scan
	// +kubebuilder:validation:Optional
	External []ExternalCheck `json:"external,omitempty"`
	// Selector is the selector on the namespace or labels on the configuration. By leaving this
	// fields empty you can implicitly selecting all configurations.
	// +kubebuilder:validation:Optional
	Selector *Selector `json:"selector,omitempty"`
	// SkipChecks is a collection of checkov checks which you can defined as skipped. The security
	// scan will ignore any failures on these checks.
	// +kubebuilder:validation:Optional
	SkipChecks []string `json:"skipChecks,omitempty"`
	// Source indicates an external source for the checkov configurations
	// +kubebuilder:validation:Optional
	Source *ExternalSource `json:"source,omitempty"`
}

PolicyConstraint defines the checkov policies the configurations must comply with

func (*PolicyConstraint) DeepCopy 

func (in *PolicyConstraint) DeepCopy() *PolicyConstraint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyConstraint.

func (*PolicyConstraint) DeepCopyInto 

func (in *PolicyConstraint) DeepCopyInto(out *PolicyConstraint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyConstraint) ExternalCheckNames 

func (p *PolicyConstraint) ExternalCheckNames() []string

ExternalCheckNames returns the name of the external check names

type PolicyList 

type PolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Policy `json:"items"`
}

PolicyList contains a list of providers

func (*PolicyList) DeepCopy 

func (in *PolicyList) DeepCopy() *PolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.

func (*PolicyList) DeepCopyInto 

func (in *PolicyList) DeepCopyInto(out *PolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyList) DeepCopyObject 

func (in *PolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PolicySpec 

type PolicySpec struct {
	// Summary is an optional field which can be used to define a summary of what the policy is
	// configured to enforce.
	// +kubebuilder:validation:Optional
	Summary string `json:"summary,omitempty"`
	// Constraints provides a series or constraints that must be enforced on the selectored
	// terraform configurations.
	// +kubebuilder:validation:Optional
	Constraints *Constraints `json:"constraints,omitempty"`
	// Defaults provides the ability to target specific terraform module based on namespace or
	// resource labels and automatically inject variables into the configurations.
	// +kubebuilder:validation:Optional
	Defaults []DefaultVariables `json:"defaults,omitempty"`
}

PolicySpec defines the desired state of a provider +k8s:openapi-gen=true

func (*PolicySpec) DeepCopy 

func (in *PolicySpec) DeepCopy() *PolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec.

func (*PolicySpec) DeepCopyInto 

func (in *PolicySpec) DeepCopyInto(out *PolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyStatus 

type PolicyStatus struct {
	corev1alpha1.CommonStatus `json:",inline"`
}

PolicyStatus defines the observed state of a provider +k8s:openapi-gen=true

func (*PolicyStatus) DeepCopy 

func (in *PolicyStatus) DeepCopy() *PolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus.

func (*PolicyStatus) DeepCopyInto 

func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Provider 

type Provider struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ProviderSpec   `json:"spec,omitempty"`
	Status ProviderStatus `json:"status,omitempty"`
}

Provider is the schema for provider definitions in terraform controller +k8s:openapi-gen=true +kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:resource:path=providers,scope=Cluster,categories={terraform} +kubebuilder:printcolumn:name="Source",type="string",JSONPath=".spec.source" +kubebuilder:printcolumn:name="Provider",type="string",JSONPath=".spec.provider" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func (*Provider) DeepCopy 

func (in *Provider) DeepCopy() *Provider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Provider.

func (*Provider) DeepCopyInto 

func (in *Provider) DeepCopyInto(out *Provider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Provider) DeepCopyObject 

func (in *Provider) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Provider) GetCommonStatus 

func (p *Provider) GetCommonStatus() *corev1alpha1.CommonStatus

GetCommonStatus returns the common status

func (*Provider) GetConfiguration 

func (p *Provider) GetConfiguration() []byte

GetConfiguration returns the provider configuration is any

func (*Provider) GetNamespacedName 

func (p *Provider) GetNamespacedName() types.NamespacedName

GetNamespacedName returns the namespaced name type

func (*Provider) HasConfiguration 

func (p *Provider) HasConfiguration() bool

HasConfiguration returns true if the provider has custom configuration

type ProviderList 

type ProviderList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Provider `json:"items"`
}

ProviderList contains a list of providers

func (*ProviderList) DeepCopy 

func (in *ProviderList) DeepCopy() *ProviderList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderList.

func (*ProviderList) DeepCopyInto 

func (in *ProviderList) DeepCopyInto(out *ProviderList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProviderList) DeepCopyObject 

func (in *ProviderList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProviderReference 

type ProviderReference struct {
	// Name is the name of the provider which contains the credentials to use for this
	// configuration.
	// +kubebuilder:validation:Required
	Name string `json:"name"`
	// Namespace is the namespace of the provider itself.
	// +kubebuilder:validation:Optional
	// +kubebuilder:deprecatedversion:warning="namespace is a deprecated field for provider references"
	Namespace string `json:"namespace,omitempty"`
}

ProviderReference is the reference to the provider which is used to create the configuration

func (*ProviderReference) DeepCopy 

func (in *ProviderReference) DeepCopy() *ProviderReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderReference.

func (*ProviderReference) DeepCopyInto 

func (in *ProviderReference) DeepCopyInto(out *ProviderReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProviderSpec 

type ProviderSpec struct {
	// Configuration is optional configuration to the provider. This is terraform provider specific.
	// +kubebuilder:validation:Optional
	// +kubebuilder:pruning:PreserveUnknownFields
	Configuration *runtime.RawExtension `json:"configuration,omitempty"`
	// ProviderType defines the cloud provider which is being used, currently supported providers are
	// aws, google or azurerm.
	// +kubebuilder:validation:Required
	Provider ProviderType `json:"provider"`
	// SecretRef is a reference to a kubernetes secret. This is required only when using the source: secret.
	// The secret should include the environment variables required to by the terraform provider.
	// +kubebuilder:validation:Optional
	SecretRef *v1.SecretReference `json:"secretRef,omitempty"`
	// Selector provider the ability to filter who can use this provider. If empty, all users
	// in the cluster is permitted to use the provider. Otherrise you can specify a selector
	// which can use namespace and resource labels
	// +kubebuilder:validation:Optional
	Selector *Selector `json:"selector,omitempty"`
	// ServiceAccount is the name of a service account to use when the provider source is 'injected'. The
	// service account should exist in the terraform controller namespace and be configure per cloud vendor
	// requirements for pod identity.
	// +kubebuilder:validation:Optional
	ServiceAccount *string `json:"serviceAccount,omitempty"`
	// Source defines the type of credentials the provider is wrapper, this could be wrapping a static secret
	// or using a managed identity. The currently supported values are secret and injected.
	// +kubebuilder:validation:Required
	Source SourceType `json:"source"`
	// Summary provides a human readable description of the provider
	// +kubebuilder:validation:Optional
	Summary string `json:"summary,omitempty"`
}

ProviderSpec defines the desired state of a provider +k8s:openapi-gen=true

func (*ProviderSpec) DeepCopy 

func (in *ProviderSpec) DeepCopy() *ProviderSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderSpec.

func (*ProviderSpec) DeepCopyInto 

func (in *ProviderSpec) DeepCopyInto(out *ProviderSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProviderStatus 

type ProviderStatus struct {
	corev1alpha1.CommonStatus `json:",inline"`
}

ProviderStatus defines the observed state of a provider +k8s:openapi-gen=true

func (*ProviderStatus) DeepCopy 

func (in *ProviderStatus) DeepCopy() *ProviderStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderStatus.

func (*ProviderStatus) DeepCopyInto 

func (in *ProviderStatus) DeepCopyInto(out *ProviderStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProviderType 

type ProviderType string

ProviderType is the type of cloud 

const (
	// AliCloudProviderType is the Alibaba Cloud provider type
	AliCloudProviderType ProviderType = "alicloud"
	// AzureProviderType is the Azure provider type
	AzureProviderType ProviderType = "azurerm"
	// AzureCloudStackProviderType is the Azure Cloud Stack provider type
	AzureCloudStackProviderType ProviderType = "azurestack"
	// AWSProviderType is the AWS provider type
	AWSProviderType ProviderType = "aws"
	// AzureActiveDirectoryProviderType is the Azure Active Directory provider type
	AzureActiveDirectoryProviderType ProviderType = "azuread"
	// GCPProviderType is the GCP provider type
	GCPProviderType ProviderType = "google"
	// GoogleWorkpspaceProviderType is the Google Workspace provider type
	GoogleWorkpspaceProviderType ProviderType = "googleworkspace"
	// KubernetesProviderType is the Kubernetes provider type
	KubernetesProviderType ProviderType = "kubernetes"
	// VaultProviderType is the Vault provider type
	VaultProviderType ProviderType = "vault"
	// VSphereProviderType is the VSphere provider type
	VSphereProviderType ProviderType = "vsphere"
)

type ResourceStatus 

type ResourceStatus string

ResourceStatus is the status of the resources 

const (
	// ResourcesInSync is the status when the configuration is in sync
	ResourcesInSync ResourceStatus = "InSync"
	// ResourcesOutOfSync is the status when the configuration is out of sync
	ResourcesOutOfSync ResourceStatus = "OutOfSync"
	// DestroyingResources is the status when the configuration is being destroyed
	DestroyingResources ResourceStatus = "Deleting"
	// DestroyingResourcesFailed is the status when the configuration is being destroyed and failed
	DestroyingResourcesFailed ResourceStatus = "DeletionFailed"
	// UnknownResourceStatus is the status when the configuration is unknown
	UnknownResourceStatus ResourceStatus = ""
)

type Selector 

type Selector struct {
	// Namespace is used to filter a configuration based on the namespace labels of
	// where it exists
	// +kubebuilder:validation:Optional
	Namespace *metav1.LabelSelector `json:"namespace,omitempty"`
	// Resource provides the ability to filter a configuration based on it's labels
	// +kubebuilder:validation:Optional
	Resource *metav1.LabelSelector `json:"resource,omitempty"`
}

Selector defines the definition for a selector on configuration labels of the namespace the resource resides

func (*Selector) DeepCopy 

func (in *Selector) DeepCopy() *Selector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Selector.

func (*Selector) DeepCopyInto 

func (in *Selector) DeepCopyInto(out *Selector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SourceType 

type SourceType string

SourceType is the type of source

type ValueFromSource 

type ValueFromSource struct {
	// Optional indicates the secret can be optional, i.e if the secret does not exist, or the key is
	// not contained in the secret, we ignore the error
	// +kubebuilder:validation:Optional
	Optional bool `json:"optional,omitempty"`
	// Key is the key in the secret which we should used for the value
	// +kubebuilder:validation:Required
	Key string `json:"key"`
	// Secret is the name of the secret in the configuration namespace
	// +kubebuilder:validation:Required
	Secret string `json:"secret"`
}

ValueFromSource defines a value which is taken from a secret

func (*ValueFromSource) DeepCopy 

func (in *ValueFromSource) DeepCopy() *ValueFromSource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueFromSource.

func (*ValueFromSource) DeepCopyInto 

func (in *ValueFromSource) DeepCopyInto(out *ValueFromSource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WriteConnectionSecret 

type WriteConnectionSecret struct {
	// Name is the of the secret where you want to the terraform output to be written. The terraform outputs
	// will be written to the secret as a key value pair. All are uppercased can read to be consumed by the
	// workload.
	// +kubebuilder:validation:Required
	Name string `json:"name"`
	// Keys is a collection of name used to filter the terraform output. By default all keys from the
	// output of the terraform state are written to the connection secret. Here we can define exactly
	// which keys we want from that output.
	// +kubebuilder:validation:Optional
	Keys []string `json:"keys,omitempty"`
}

WriteConnectionSecret defines the options around the secret produced by the terraform code

func (*WriteConnectionSecret) AddKey added in v0.3.15 

func (w *WriteConnectionSecret) AddKey(key, override string)

AddKey adds a key to the list

func (*WriteConnectionSecret) DeepCopy 

func (in *WriteConnectionSecret) DeepCopy() *WriteConnectionSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WriteConnectionSecret.

func (*WriteConnectionSecret) DeepCopyInto 

func (in *WriteConnectionSecret) DeepCopyInto(out *WriteConnectionSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WriteConnectionSecret) HasKeys 

func (w *WriteConnectionSecret) HasKeys() bool

HasKeys returns true if the keys are not empty

func (*WriteConnectionSecret) KeysMap 

func (w *WriteConnectionSecret) KeysMap() (map[string]string, error)

KeysMap returns the map of keys to name

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.