Documentation
¶
Index ¶
- type CheckMatch
- type CheckResult
- type Context
- type ContextSpec
- type ImageData
- type NamespaceSelector
- type Policy
- type Resource
- type Rule
- type Subresource
- type Test
- type TestResourceSpec
- type TestResult
- type TestResultBase
- type TestResultData
- type TestResultDeprecated
- type UserInfo
- type Values
- type ValuesSpec
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CheckMatch ¶ added in v1.12.0
type CheckResult ¶ added in v1.12.0
type CheckResult struct {
// Match tells how to match relevant rule responses
Match CheckMatch `json:"match,omitempty"`
// Assert contains assertion to be performed on the relevant rule responses
Assert v1alpha1.Any `json:"assert"`
// Error contains negative assertion to be performed on the relevant rule responses
Error v1alpha1.Any `json:"error"`
}
type Context ¶ added in v1.14.0
type Context struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
ContextSpec `json:"spec"`
}
Values declares values to be loaded by the Kyverno CLI
type ContextSpec ¶ added in v1.14.0
type ContextSpec struct {
Resources []unstructured.Unstructured `json:"resources,omitempty"`
Images []ImageData `json:"images,omitempty"`
}
type ImageData ¶ added in v1.14.0
type ImageData struct {
Image string `json:"image"`
ResolvedImage string `json:"resolvedImage"`
Registry string `json:"registry"`
Repository string `json:"repository"`
Tag string `json:"tag,omitempty"`
Digest string `json:"digest,omitempty"`
ImageIndex v1alpha1.Any `json:"imageIndex,omitempty"`
Manifest v1alpha1.Any `json:"manifest,omitempty"`
ConfigData v1alpha1.Any `json:"config,omitempty"`
}
type NamespaceSelector ¶
type NamespaceSelector struct {
// Name is the namespace name
Name string `json:"name"`
// Labels are the labels for the given namespace
Labels map[string]string `json:"labels"`
}
NamespaceSelector declares labels for a given namespace
type Policy ¶
type Policy struct {
// Name is the policy name
Name string `json:"name"`
// Resources are values for specific resources
Resources []Resource `json:"resources,omitempty"`
// Rules are values for specific policy rules
Rules []Rule `json:"rules,omitempty"`
}
Policy declares values for a given policy
type Resource ¶
type Resource struct {
// Name is the name of the resource
Name string `json:"name"`
// Values are the values for the given resource
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
Values map[string]interface{} `json:"values,omitempty"`
}
Resource declares values for a given resource
type Rule ¶
type Rule struct {
// Name is the name of the ppolicy rule
Name string `json:"name"`
// Values are the values for the given policy rule
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
Values map[string]interface{} `json:"values,omitempty"`
// ForeachValues are the foreach values for the given policy rule
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
ForeachValues map[string][]interface{} `json:"foreachValues,omitempty"`
}
Rule declares values for a given policy rule
type Subresource ¶
type Subresource struct {
// Subresource declares the subresource api
Subresource metav1.APIResource `json:"subresource"`
// ParentResource declares the parent resource api
ParentResource metav1.APIResource `json:"parentResource"`
}
Subresource declares subresource/parent resource mapping
type Test ¶
type Test struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Name is the name of the test.
// This field is deprecated, use `metadata.name` instead
Name string `json:"name,omitempty"`
// Policies are the policies to be used in the test
Policies []string `json:"policies,omitempty"`
// Resources are the resource to be used in the test
Resources []string `json:"resources,omitempty"`
// JSONPayload is the JSON payload to be used in the test
JSONPayload string `json:"jsonPayload,omitempty"`
// Target Resources are for policies that have mutate existing
TargetResources []string `json:"targetResources,omitempty"`
// Variables is the values to be used in the test
Variables string `json:"variables,omitempty"`
// UserInfo is the user info to be used in the test
UserInfo string `json:"userinfo,omitempty"`
// Results are the results to be checked in the test
Results []TestResult `json:"results,omitempty"`
// Checks are the verifications to be checked in the test
Checks []CheckResult `json:"checks,omitempty"`
// Values are the values to be used in the test
Values *ValuesSpec `json:"values,omitempty"`
// PolicyExceptions are the policy exceptions to be used in the test
PolicyExceptions []string `json:"exceptions,omitempty"`
// Context file containing context data for CEL policies
Context string `json:"context,omitempty"`
}
Test declares a test
type TestResourceSpec ¶ added in v1.14.0
type TestResult ¶
type TestResult struct {
TestResultBase `json:",inline"`
TestResultDeprecated `json:",inline"`
TestResultData `json:",inline"`
}
TestResult declares a test result
type TestResultBase ¶
type TestResultBase struct {
// Policy mentions the name of the policy.
Policy string `json:"policy"`
// Rule mentions the name of the rule in the policy.
// It's required in case policy is a kyverno policy.
// +optional
Rule string `json:"rule,omitempty"`
// IsValidatingAdmissionPolicy indicates if the policy is a validating admission policy.
// It's required in case the policy is a validating admission policy.
// +optional
IsValidatingAdmissionPolicy bool `json:"isValidatingAdmissionPolicy,omitempty"`
// IsValidatingPolicy indicates if the policy is a validating policy.
// It's required in case the policy is a validating policy.
// +optional
IsValidatingPolicy bool `json:"isValidatingPolicy,omitempty"`
// IsImageValidatingPolicy indicates if the policy is an image validating policy.
// It's required in case the policy is an image validating policy.
// +optional
IsImageValidatingPolicy bool `json:"isImageValidatingPolicy,omitempty"`
// Result mentions the result that the user is expecting.
// Possible values are pass, fail and skip.
Result policyreportv1alpha2.PolicyResult `json:"result"`
// Kind mentions the kind of the resource on which the policy is to be applied.
Kind string `json:"kind"`
// PatchedResource takes a resource configuration file in yaml format from
// the user to compare it against the Kyverno mutated resource configuration.
// Multiple resources can be passed in the same file
PatchedResources string `json:"patchedResources,omitempty"`
// GeneratedResource takes a resource configuration file in yaml format from
// the user to compare it against the Kyverno generated resource configuration.
GeneratedResource string `json:"generatedResource,omitempty"`
// CloneSourceResource takes the resource configuration file in yaml format
// from the user which is meant to be cloned by the generate rule.
CloneSourceResource string `json:"cloneSourceResource,omitempty"`
}
TestResultBase declares a test result base fields
type TestResultData ¶ added in v1.14.0
type TestResultData struct {
// Resources gives us the list of resources on which the policy is going to be applied.
Resources []string `json:"resources,omitempty"`
// Resources gives us the list of resources on which the policy is going to be applied.
ResourceSpecs []TestResourceSpec `json:"resourceSpecs,omitempty"`
}
TestResultData declares a test result data
type TestResultDeprecated ¶
type TestResultDeprecated struct {
// Status mentions the status that the user is expecting.
// Possible values are pass, fail and skip.
// This is DEPRECATED, use `Result` instead.
Status policyreportv1alpha2.PolicyResult `json:"status,omitempty"`
// Resource mentions the name of the resource on which the policy is to be applied.
// This is DEPRECATED, use `Resources` instead.
Resource string `json:"resource,omitempty"`
// Namespace mentions the namespace of the policy which has namespace scope.
// This is DEPRECATED, use a name in the form `<namespace>/<name>` for policies and/or resources instead.
Namespace string `json:"namespace,omitempty"`
// PatchedResource takes a resource configuration file in yaml format from
// the user to compare it against the Kyverno mutated resource configuration.
// This is DEPRECATED, Use `patchedResources` instead.
PatchedResource string `json:"patchedResource,omitempty"`
}
TestResultBase declares a test result deprecated fields
type UserInfo ¶
type UserInfo struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// RequestInfo declares user infos
kyvernov2.RequestInfo `json:",inline"`
}
UserInfo declares user infos to be loaded by the Kyverno CLI
type Values ¶
type Values struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// ValuesSpec declares values
ValuesSpec `json:",inline"`
}
Values declares values to be loaded by the Kyverno CLI
type ValuesSpec ¶
type ValuesSpec struct {
// GlobalValues are the global values
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
GlobalValues map[string]interface{} `json:"globalValues,omitempty"`
// Policies are the policy values
Policies []Policy `json:"policies,omitempty"`
// NamespaceSelectors are the namespace labels
NamespaceSelectors []NamespaceSelector `json:"namespaceSelector,omitempty"`
// Namespaces are the namespaces
Namespaces []corev1.Namespace `json:"namespaces,omitempty"`
// Subresources are the subresource/parent resource mappings
Subresources []Subresource `json:"subresources,omitempty"`
}
ValuesSpec declares values to be loaded by the Kyverno CLI
Source Files
Click to show internal directories.
Click to hide internal directories.