v1

package
v1.3.0-rc12 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 9, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// SchemeBuilder builds the scheme
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)

	// AddToScheme adds all types of this clientset into the given scheme
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: kyverno.GroupName, Version: "v1"}

SchemeGroupVersion is group version used to register these objects

Functions

func Kind 

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type CloneFrom 

type CloneFrom struct {

	// Namespace specifies source resource namespace.
	// +optional
	Namespace string `json:"namespace,omitempty" yaml:"namespace,omitempty"`

	// Name specifies name of the resource.
	Name string `json:"name,omitempty" yaml:"name,omitempty"`
}

CloneFrom provides the location of the source resource used to generate target resources. The resource kind is derived from the match criteria.

func (*CloneFrom) DeepCopy 

func (in *CloneFrom) DeepCopy() *CloneFrom

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloneFrom.

func (*CloneFrom) DeepCopyInto 

func (in *CloneFrom) DeepCopyInto(out *CloneFrom)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterPolicy 

type ClusterPolicy struct {
	metav1.TypeMeta   `json:",inline,omitempty" yaml:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`

	// Spec declares policy behaviors.
	Spec Spec `json:"spec" yaml:"spec"`

	// Status contains policy runtime data.
	// +optional
	Status PolicyStatus `json:"status,omitempty" yaml:"status,omitempty"`
}

ClusterPolicy declares validation, mutation, and generation behaviors for matching resources. +genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:resource:path=clusterpolicies,scope="Cluster",shortName=cpol +kubebuilder:printcolumn:name="Background",type="string",JSONPath=".spec.background" +kubebuilder:printcolumn:name="Action",type="string",JSONPath=".spec.validationFailureAction"

func (*ClusterPolicy) BackgroundProcessingEnabled added in v1.2.0 

func (p *ClusterPolicy) BackgroundProcessingEnabled() bool

BackgroundProcessingEnabled checks if background is set to true

func (*ClusterPolicy) DeepCopy 

func (in *ClusterPolicy) DeepCopy() *ClusterPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicy.

func (*ClusterPolicy) DeepCopyInto 

func (in *ClusterPolicy) DeepCopyInto(out *ClusterPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterPolicy) DeepCopyObject 

func (in *ClusterPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterPolicy) HasAutoGenAnnotation added in v1.2.0 

func (p *ClusterPolicy) HasAutoGenAnnotation() bool

HasAutoGenAnnotation checks if a policy has auto-gen annotation

func (*ClusterPolicy) HasMutateOrValidateOrGenerate added in v1.1.0 

func (p *ClusterPolicy) HasMutateOrValidateOrGenerate() bool

HasMutateOrValidateOrGenerate checks for rule types

type ClusterPolicyList 

type ClusterPolicyList struct {
	metav1.TypeMeta `json:",inline" yaml:",inline"`
	metav1.ListMeta `json:"metadata" yaml:"metadata"`
	Items           []ClusterPolicy `json:"items" yaml:"items"`
}

ClusterPolicyList is a list of ClusterPolicy instances. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*ClusterPolicyList) DeepCopy 

func (in *ClusterPolicyList) DeepCopy() *ClusterPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyList.

func (*ClusterPolicyList) DeepCopyInto 

func (in *ClusterPolicyList) DeepCopyInto(out *ClusterPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterPolicyList) DeepCopyObject 

func (in *ClusterPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type Condition added in v1.1.0 

type Condition struct {
	// Key is the context entry (using JMESPath) for conditional rule evaluation.
	// +kubebuilder:validation:XPreserveUnknownFields
	Key apiextensions.JSON `json:"key,omitempty" yaml:"key,omitempty"`

	// Operator is the operation to perform.
	Operator ConditionOperator `json:"operator,omitempty" yaml:"operator,omitempty"`

	// Value is the conditional value, or set of values. The values can be fixed set
	// or can be variables declared using using JMESPath.
	// +kubebuilder:validation:XPreserveUnknownFields
	// +optional
	Value apiextensions.JSON `json:"value,omitempty" yaml:"value,omitempty"`
}

Condition defines variable-based conditional criteria for rule execution.

func (*Condition) DeepCopy added in v1.1.0 

func (in *Condition) DeepCopy() *Condition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.

func (*Condition) DeepCopyInto added in v1.1.0 

func (cond *Condition) DeepCopyInto(out *Condition)

DeepCopyInto is declared because k8s:deepcopy-gen is not able to generate this method for interface{} member

type ConditionOperator added in v1.1.0 

type ConditionOperator string

ConditionOperator is the operation performed on condition key and value. +kubebuilder:validation:Enum=Equals;NotEquals;In;NotIn 

const (
	// Equal evaluates if the key is equal to the value.
	// Deprecated. Use Equals instead.
	Equal ConditionOperator = "Equal"
	// Equals evaluates if the key is equal to the value.
	Equals ConditionOperator = "Equals"
	// NotEqual evaluates if the key is not equal to the value.
	// Deprecated. Use NotEquals instead.
	NotEqual ConditionOperator = "NotEqual"
	// NotEquals evaluates if the key is not equal to the value.
	NotEquals ConditionOperator = "NotEquals"
	// In evaluates if the key is contained in the set of values.
	In ConditionOperator = "In"
	// NotIn evaluates if the key is not contained in the set of values.
	NotIn ConditionOperator = "NotIn"
)

type ConfigMapReference added in v1.2.0 

type ConfigMapReference struct {
	Name      string `json:"name,omitempty" yaml:"name,omitempty"`
	Namespace string `json:"namespace,omitempty" yaml:"namespace,omitempty"`
}

ConfigMapReference refers to a ConfigMap

func (*ConfigMapReference) DeepCopy added in v1.2.0 

func (in *ConfigMapReference) DeepCopy() *ConfigMapReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapReference.

func (*ConfigMapReference) DeepCopyInto added in v1.2.0 

func (in *ConfigMapReference) DeepCopyInto(out *ConfigMapReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ContextEntry added in v1.2.0 

type ContextEntry struct {
	Name      string              `json:"name,omitempty" yaml:"name,omitempty"`
	ConfigMap *ConfigMapReference `json:"configMap,omitempty" yaml:"configMap,omitempty"`
}

ContextEntry adds variables and data sources to a rule Context

func (*ContextEntry) DeepCopy added in v1.2.0 

func (in *ContextEntry) DeepCopy() *ContextEntry

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContextEntry.

func (*ContextEntry) DeepCopyInto added in v1.2.0 

func (in *ContextEntry) DeepCopyInto(out *ContextEntry)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Deny added in v1.2.0 

type Deny struct {
	// Specifies set of condition to deny.
	Conditions []Condition `json:"conditions,omitempty" yaml:"conditions,omitempty"`
}

Deny specifies a list of conditions. The validation rule fails, if any Condition evaluates to "false".

func (*Deny) DeepCopy added in v1.2.0 

func (in *Deny) DeepCopy() *Deny

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Deny.

func (*Deny) DeepCopyInto added in v1.2.0 

func (in *Deny) DeepCopyInto(out *Deny)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExcludeResources 

type ExcludeResources struct {
	// UserInfo contains information about the user performing the operation.
	// +optional
	UserInfo `json:",omitempty" yaml:",omitempty"`

	// ResourceDescription contains information about the resource being created or modified.
	// +optional
	ResourceDescription `json:"resources,omitempty" yaml:"resources,omitempty"`
}

ExcludeResources specifies resource and admission review request data for which a policy rule is not applicable.

func (*ExcludeResources) DeepCopy 

func (in *ExcludeResources) DeepCopy() *ExcludeResources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludeResources.

func (*ExcludeResources) DeepCopyInto 

func (in *ExcludeResources) DeepCopyInto(out *ExcludeResources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GenerateRequest added in v1.1.0 

type GenerateRequest struct {
	metav1.TypeMeta   `json:",inline" yaml:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`

	// Spec is the information to identify the generate request.
	Spec GenerateRequestSpec `json:"spec" yaml:"spec"`

	// Status contains statistics related to generate request.
	// +optional
	Status GenerateRequestStatus `json:"status" yaml:"status"`
}

GenerateRequest is a request to process generate rule. +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Policy",type="string",JSONPath=".spec.policy" +kubebuilder:printcolumn:name="ResourceKind",type="string",JSONPath=".spec.resource.kind" +kubebuilder:printcolumn:name="ResourceName",type="string",JSONPath=".spec.resource.name" +kubebuilder:printcolumn:name="ResourceNamespace",type="string",JSONPath=".spec.resource.namespace" +kubebuilder:printcolumn:name="status",type="string",JSONPath=".status.state" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:resource:shortName=gr

func (*GenerateRequest) DeepCopy added in v1.1.0 

func (in *GenerateRequest) DeepCopy() *GenerateRequest

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenerateRequest.

func (*GenerateRequest) DeepCopyInto added in v1.1.0 

func (in *GenerateRequest) DeepCopyInto(out *GenerateRequest)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GenerateRequest) DeepCopyObject added in v1.1.0 

func (in *GenerateRequest) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GenerateRequestContext added in v1.1.0 

type GenerateRequestContext struct {
	// +optional
	UserRequestInfo RequestInfo `json:"userInfo,omitempty" yaml:"userInfo,omitempty"`
}

GenerateRequestContext stores the context to be shared.

func (*GenerateRequestContext) DeepCopy added in v1.1.0 

func (in *GenerateRequestContext) DeepCopy() *GenerateRequestContext

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenerateRequestContext.

func (*GenerateRequestContext) DeepCopyInto added in v1.1.0 

func (in *GenerateRequestContext) DeepCopyInto(out *GenerateRequestContext)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GenerateRequestList added in v1.1.0 

type GenerateRequestList struct {
	metav1.TypeMeta `json:",inline" yaml:",inline"`
	metav1.ListMeta `json:"metadata" yaml:"metadata"`
	Items           []GenerateRequest `json:"items" yaml:"items"`
}

GenerateRequestList stores the list of generate requests.

func (*GenerateRequestList) DeepCopy added in v1.1.0 

func (in *GenerateRequestList) DeepCopy() *GenerateRequestList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenerateRequestList.

func (*GenerateRequestList) DeepCopyInto added in v1.1.0 

func (in *GenerateRequestList) DeepCopyInto(out *GenerateRequestList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GenerateRequestList) DeepCopyObject added in v1.1.0 

func (in *GenerateRequestList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GenerateRequestSpec added in v1.1.0 

type GenerateRequestSpec struct {
	// Specifies the name of the policy.
	Policy string `json:"policy" yaml:"policy"`

	// ResourceSpec is the information to identify the generate request.
	Resource ResourceSpec `json:"resource" yaml:"resource"`

	// Context ...
	Context GenerateRequestContext `json:"context" yaml:"context"`
}

GenerateRequestSpec stores the request specification.

func (*GenerateRequestSpec) DeepCopy added in v1.1.0 

func (in *GenerateRequestSpec) DeepCopy() *GenerateRequestSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenerateRequestSpec.

func (*GenerateRequestSpec) DeepCopyInto added in v1.1.0 

func (in *GenerateRequestSpec) DeepCopyInto(out *GenerateRequestSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GenerateRequestState added in v1.1.0 

type GenerateRequestState string

GenerateRequestState defines the state of request. 

const (
	// Pending - the Request is yet to be processed or resource has not been created.
	Pending GenerateRequestState = "Pending"

	// Failed - the Generate Request Controller failed to process the rules.
	Failed GenerateRequestState = "Failed"

	// Completed - the Generate Request Controller created resources defined in the policy.
	Completed GenerateRequestState = "Completed"
)

type GenerateRequestStatus added in v1.1.0 

type GenerateRequestStatus struct {
	// State represents state of the generate request.
	State GenerateRequestState `json:"state" yaml:"state"`

	// Specifies request status message.
	// +optional
	Message string `json:"message,omitempty" yaml:"message,omitempty"`

	// This will track the resources that are generated by the generate Policy.
	// Will be used during clean up resources.
	GeneratedResources []ResourceSpec `json:"generatedResources,omitempty" yaml:"generatedResources,omitempty"`
}

GenerateRequestStatus stores the status of generated request.

func (*GenerateRequestStatus) DeepCopy added in v1.1.0 

func (in *GenerateRequestStatus) DeepCopy() *GenerateRequestStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenerateRequestStatus.

func (*GenerateRequestStatus) DeepCopyInto added in v1.1.0 

func (in *GenerateRequestStatus) DeepCopyInto(out *GenerateRequestStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Generation 

type Generation struct {

	// ResourceSpec contains information to select the resource.
	ResourceSpec `json:",omitempty" yaml:",omitempty"`

	// Synchronize controls if generated resources should be kept in-sync with their source resource.
	// If Synchronize is set to "true" changes to generated resources will be overwritten with resource
	// data from Data or the resource specified in the Clone declaration.
	// Optional. Defaults to "false" if not specified.
	// +optional
	Synchronize bool `json:"synchronize,omitempty" yaml:"synchronize,omitempty"`

	// Data provides the resource declaration used to populate each generated resource.
	// At most one of Data or Clone must be specified. If neither are provided, the generated
	// resource will be created with default data only.
	// +kubebuilder:pruning:PreserveUnknownFields
	// +optional
	Data apiextensions.JSON `json:"data,omitempty" yaml:"data,omitempty"`

	// Clone specifies the source resource used to populate each generated resource.
	// At most one of Data or Clone can be specified. If neither are provided, the generated
	// resource will be created with default data only.
	// +optional
	Clone CloneFrom `json:"clone,omitempty" yaml:"clone,omitempty"`
}

Generation defines how new resources should be created and managed.

func (*Generation) DeepCopy 

func (in *Generation) DeepCopy() *Generation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Generation.

func (*Generation) DeepCopyInto 

func (gen *Generation) DeepCopyInto(out *Generation)

DeepCopyInto is declared because k8s:deepcopy-gen is not able to generate this method for interface{} member

type MatchResources 

type MatchResources struct {
	// UserInfo contains information about the user performing the operation.
	// +optional
	UserInfo `json:",omitempty" yaml:",omitempty"`

	// ResourceDescription contains information about the resource being created or modified.
	ResourceDescription `json:"resources,omitempty" yaml:"resources,omitempty"`
}

MatchResources is used to specify resource and admission review request data for which a policy rule is applicable.

func (*MatchResources) DeepCopy 

func (in *MatchResources) DeepCopy() *MatchResources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchResources.

func (*MatchResources) DeepCopyInto 

func (in *MatchResources) DeepCopyInto(out *MatchResources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Mutation 

type Mutation struct {
	// Overlay specifies an overlay pattern to modify resources.
	// DEPRECATED. Use PatchStrategicMerge instead. Scheduled for
	// removal in release 1.5+.
	// +kubebuilder:validation:XPreserveUnknownFields
	// +optional
	Overlay apiextensions.JSON `json:"overlay,omitempty"`

	// Patches specifies a RFC 6902 JSON Patch to modify resources.
	// DEPRECATED. Use PatchesJSON6902 instead. Scheduled for
	// removal in release 1.5+.
	// +kubebuilder:validation:XPreserveUnknownFields
	// +nullable
	// +optional
	Patches []Patch `json:"patches,omitempty" yaml:"patches,omitempty"`

	// PatchStrategicMerge is a strategic merge patch used to modify resources.
	// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/
	// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/.
	// +kubebuilder:validation:XPreserveUnknownFields
	// +optional
	PatchStrategicMerge apiextensions.JSON `json:"patchStrategicMerge,omitempty" yaml:"patchStrategicMerge,omitempty"`

	// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.
	// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/.
	// +optional
	PatchesJSON6902 string `json:"patchesJson6902,omitempty" yaml:"patchesJson6902,omitempty"`
}

Mutation defines how resource are modified.

func (*Mutation) DeepCopy 

func (in *Mutation) DeepCopy() *Mutation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Mutation.

func (*Mutation) DeepCopyInto 

func (in *Mutation) DeepCopyInto(out *Mutation)

DeepCopyInto is declared because k8s:deepcopy-gen is not able to generate this method for interface{} member

type Patch 

type Patch struct {

	// Path specifies path of the resource.
	Path string `json:"path,omitempty" yaml:"path,omitempty"`

	// Operation specifies operations supported by JSON Patch.
	// i.e:- add, replace and delete.
	Operation string `json:"op,omitempty" yaml:"op,omitempty"`

	// Value specifies the value to be applied.
	// +kubebuilder:validation:XPreserveUnknownFields
	// +optional
	Value apiextensions.JSON `json:"value,omitempty" yaml:"value,omitempty"`
}

Patch is a RFC 6902 JSON Patch. See: https://tools.ietf.org/html/rfc6902

func (*Patch) DeepCopyInto 

func (pp *Patch) DeepCopyInto(out *Patch)

DeepCopyInto is declared because k8s:deepcopy-gen is not able to generate this method for interface{} member

type Policy 

type Policy struct {
	metav1.TypeMeta   `json:",inline,omitempty" yaml:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`

	// Spec defines policy behaviors and contains one or rules.
	Spec Spec `json:"spec" yaml:"spec"`

	// Status contains policy runtime information.
	// +optional
	Status PolicyStatus `json:"status,omitempty" yaml:"status,omitempty"`
}

Policy declares validation, mutation, and generation behaviors for matching resources. See: https://kyverno.io/docs/writing-policies/ for more information. +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Background",type="string",JSONPath=".spec.background" +kubebuilder:printcolumn:name="Validation Failure Action",type="string",JSONPath=".spec.validationFailureAction" +kubebuilder:resource:shortName=pol

func (*Policy) DeepCopy 

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto 

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Policy) DeepCopyObject added in v1.2.0 

func (in *Policy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PolicyList added in v1.2.0 

type PolicyList struct {
	metav1.TypeMeta `json:",inline" yaml:",inline"`
	metav1.ListMeta `json:"metadata" yaml:"metadata"`
	Items           []Policy `json:"items" yaml:"items"`
}

PolicyList is a list of Policy instances. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*PolicyList) DeepCopy added in v1.2.0 

func (in *PolicyList) DeepCopy() *PolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.

func (*PolicyList) DeepCopyInto added in v1.2.0 

func (in *PolicyList) DeepCopyInto(out *PolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyList) DeepCopyObject added in v1.2.0 

func (in *PolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PolicyStatus 

type PolicyStatus struct {
	// AvgExecutionTime is the average time taken to process the policy rules on a resource.
	// +optional
	AvgExecutionTime string `json:"averageExecutionTime,omitempty" yaml:"averageExecutionTime,omitempty"`

	// ViolationCount is the total count of policy failure results for this policy.
	// +optional
	ViolationCount int `json:"violationCount,omitempty" yaml:"violationCount,omitempty"`

	// RulesFailedCount is the total count of policy execution errors for this policy.
	// +optional
	RulesFailedCount int `json:"rulesFailedCount,omitempty" yaml:"rulesFailedCount,omitempty"`

	// RulesAppliedCount is the total number of times this policy was applied.
	// +optional
	RulesAppliedCount int `json:"rulesAppliedCount,omitempty" yaml:"rulesAppliedCount,omitempty"`

	// ResourcesBlockedCount is the total count of admission review requests that were blocked by this policy.
	// +optional
	ResourcesBlockedCount int `json:"resourcesBlockedCount,omitempty" yaml:"resourcesBlockedCount,omitempty"`

	// ResourcesMutatedCount is the total count of resources that were mutated by this policy.
	// +optional
	ResourcesMutatedCount int `json:"resourcesMutatedCount,omitempty" yaml:"resourcesMutatedCount,omitempty"`

	// ResourcesGeneratedCount is the total count of resources that were generated by this policy.
	// +optional
	ResourcesGeneratedCount int `json:"resourcesGeneratedCount,omitempty" yaml:"resourcesGeneratedCount,omitempty"`

	// Rules provides per rule statistics
	// +optional
	Rules []RuleStats `json:"ruleStatus,omitempty" yaml:"ruleStatus,omitempty"`
}

PolicyStatus mostly contains runtime information related to policy execution.

func (*PolicyStatus) DeepCopy 

func (in *PolicyStatus) DeepCopy() *PolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus.

func (*PolicyStatus) DeepCopyInto 

func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RequestInfo added in v1.1.0 

type RequestInfo struct {
	// Roles is a list of possible role send the request.
	// +nullable
	// +optional
	Roles []string `json:"roles" yaml:"roles"`

	// ClusterRoles is a list of possible clusterRoles send the request.
	// +nullable
	// +optional
	ClusterRoles []string `json:"clusterRoles" yaml:"clusterRoles"`

	// UserInfo is the userInfo carried in the admission request.
	// +optional
	AdmissionUserInfo authenticationv1.UserInfo `json:"userInfo" yaml:"userInfo"`
}

RequestInfo contains permission info carried in an admission request.

func (*RequestInfo) DeepCopy added in v1.1.0 

func (in *RequestInfo) DeepCopy() *RequestInfo

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestInfo.

func (*RequestInfo) DeepCopyInto added in v1.1.0 

func (in *RequestInfo) DeepCopyInto(out *RequestInfo)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceDescription 

type ResourceDescription struct {
	// Kinds is a list of resource kinds.
	// +optional
	Kinds []string `json:"kinds,omitempty" yaml:"kinds,omitempty"`

	// Name is the name of the resource. The name supports wildcard characters
	// "*" (matches zero or many characters) and "?" (at least one character).
	// +optional
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// Namespaces is a list of namespaces names. Each name supports wildcard characters
	// "*" (matches zero or many characters) and "?" (at least one character).
	// +optional
	Namespaces []string `json:"namespaces,omitempty" yaml:"namespaces,omitempty"`

	// Annotations is a  map of annotations (key-value pairs of type string). Annotation keys
	// and values support the wildcard characters "*" (matches zero or many characters) and
	// "?" (matches at least one character).
	// +optional
	Annotations map[string]string `json:"annotations,omitempty" yaml:"annotations,omitempty"`

	// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard
	// characters `*` (matches zero or many characters) and `?` (matches one character).
	// Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that
	// using ["*" : "*"] matches any key and value but does not match an empty label set.
	// +optional
	Selector *metav1.LabelSelector `json:"selector,omitempty" yaml:"selector,omitempty"`
}

ResourceDescription contains criteria used to match resources.

func (*ResourceDescription) DeepCopy 

func (in *ResourceDescription) DeepCopy() *ResourceDescription

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceDescription.

func (*ResourceDescription) DeepCopyInto 

func (in *ResourceDescription) DeepCopyInto(out *ResourceDescription)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceSpec 

type ResourceSpec struct {
	// APIVersion specifies resource apiVersion.
	// +optional
	APIVersion string `json:"apiVersion,omitempty" yaml:"apiVersion,omitempty"`
	// Kind specifies resource kind.
	Kind string `json:"kind,omitempty" yaml:"kind,omitempty"`
	// Namespace specifies resource namespace.
	// +optional
	Namespace string `json:"namespace,omitempty" yaml:"namespace,omitempty"`
	// Name specifies the resource name.
	Name string `json:"name,omitempty" yaml:"name,omitempty"`
}

ResourceSpec contains information to identify a resource.

func (*ResourceSpec) DeepCopy 

func (in *ResourceSpec) DeepCopy() *ResourceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceSpec.

func (*ResourceSpec) DeepCopyInto 

func (in *ResourceSpec) DeepCopyInto(out *ResourceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (ResourceSpec) ToKey 

func (rs ResourceSpec) ToKey() string

ToKey generates the key string used for adding label to polivy violation

type Rule 

type Rule struct {

	// Name is a label to identify the rule, It must be unique within the policy.
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// Context defines variables and data sources that can be used during rule execution.
	// +optional
	Context []ContextEntry `json:"context,omitempty" yaml:"context,omitempty"`

	// MatchResources defines when this policy rule should be applied. The match
	// criteria can include resource information (e.g. kind, name, namespace, labels)
	// and admission review request information like the user name or role.
	// At least one kind is required.
	MatchResources MatchResources `json:"match,omitempty" yaml:"match,omitempty"`

	// ExcludeResources defines when this policy rule should not be applied. The exclude
	// criteria can include resource information (e.g. kind, name, namespace, labels)
	// and admission review request information like the name or role.
	// +optional
	ExcludeResources ExcludeResources `json:"exclude,omitempty" yaml:"exclude,omitempty"`

	// Conditions enable variable-based conditional rule execution. This is useful for
	// finer control of when an rule is applied. A condition can reference object data
	// using JMESPath notation.
	// +optional
	Conditions []Condition `json:"preconditions,omitempty" yaml:"preconditions,omitempty"`

	// Mutation is used to modify matching resources.
	// +optional
	Mutation Mutation `json:"mutate,omitempty" yaml:"mutate,omitempty"`

	// Validation is used to validate matching resources.
	// +optional
	Validation Validation `json:"validate,omitempty" yaml:"validate,omitempty"`

	// Generation is used to create new resources.
	// +optional
	Generation Generation `json:"generate,omitempty" yaml:"generate,omitempty"`
}

Rule defines a validation, mutation, or generation control for matching resources. Each rules contains a match declaration to select resources, and an optional exclude declaration to specify which resources to exclude.

func (*Rule) DeepCopy 

func (in *Rule) DeepCopy() *Rule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.

func (*Rule) DeepCopyInto 

func (in *Rule) DeepCopyInto(out *Rule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (Rule) HasGenerate 

func (r Rule) HasGenerate() bool

HasGenerate checks for generate rule

func (Rule) HasMutate 

func (r Rule) HasMutate() bool

HasMutate checks for mutate rule

func (Rule) HasValidate 

func (r Rule) HasValidate() bool

HasValidate checks for validate rule

type RuleStats 

type RuleStats struct {
	// Name is the rule name.
	Name string `json:"ruleName" yaml:"ruleName"`

	// ExecutionTime is the average time taken to execute this rule.
	// +optional
	ExecutionTime string `json:"averageExecutionTime,omitempty" yaml:"averageExecutionTime,omitempty"`

	// ViolationCount is the total count of policy failure results for this rule.
	// +optional
	ViolationCount int `json:"violationCount,omitempty" yaml:"violationCount,omitempty"`

	// FailedCount is the total count of policy error results for this rule.
	// +optional
	FailedCount int `json:"failedCount,omitempty" yaml:"failedCount,omitempty"`

	// AppliedCount is the total number of times this rule was applied.
	// +optional
	AppliedCount int `json:"appliedCount,omitempty" yaml:"appliedCount,omitempty"`

	// ResourcesBlockedCount is the total count of admission review requests that were blocked by this rule.
	// +optional
	ResourcesBlockedCount int `json:"resourcesBlockedCount,omitempty" yaml:"resourcesBlockedCount,omitempty"`

	// ResourcesMutatedCount is the total count of resources that were mutated by this rule.
	// +optional
	ResourcesMutatedCount int `json:"resourcesMutatedCount,omitempty" yaml:"resourcesMutatedCount,omitempty"`

	// ResourcesGeneratedCount is the total count of resources that were generated by this rule.
	// +optional
	ResourcesGeneratedCount int `json:"resourcesGeneratedCount,omitempty" yaml:"resourcesGeneratedCount,omitempty"`
}

RuleStats provides statistics for an individual rule within a policy.

func (*RuleStats) DeepCopy 

func (in *RuleStats) DeepCopy() *RuleStats

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleStats.

func (*RuleStats) DeepCopyInto 

func (in *RuleStats) DeepCopyInto(out *RuleStats)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Spec 

type Spec struct {

	// Rules is a list of Rule instances. A Policy contains multiple rules and
	// each rule can validate, mutate, or generate resources.
	Rules []Rule `json:"rules,omitempty" yaml:"rules,omitempty"`

	// ValidationFailureAction controls if a validation policy rule failure should disallow
	// the admission review request (enforce), or allow (audit) the admission review request
	// and report an error in a policy report. Optional. The default value is "audit".
	// +optional
	ValidationFailureAction string `json:"validationFailureAction,omitempty" yaml:"validationFailureAction,omitempty"`

	// Background controls if rules are applied to existing resources during a background scan.
	// Optional. Default value is "true". The value must be set to "false" if the policy rule
	// uses variables that are only available in the admission review request (e.g. user name).
	// +optional
	Background *bool `json:"background,omitempty" yaml:"background,omitempty"`
}

Spec contains a list of Rule instances and other policy controls.

func (*Spec) DeepCopy 

func (in *Spec) DeepCopy() *Spec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Spec.

func (*Spec) DeepCopyInto 

func (in *Spec) DeepCopyInto(out *Spec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type UserInfo added in v1.1.0 

type UserInfo struct {
	// Roles is the list of namespaced role names for the user.
	// +optional
	Roles []string `json:"roles,omitempty" yaml:"roles,omitempty"`

	// ClusterRoles is the list of cluster-wide role names for the user.
	// +optional
	ClusterRoles []string `json:"clusterRoles,omitempty" yaml:"clusterRoles,omitempty"`

	// Subjects is the list of subject names like users, user groups, and service accounts.
	// +optional
	Subjects []rbacv1.Subject `json:"subjects,omitempty" yaml:"subjects,omitempty"`
}

UserInfo contains information about the user performing the operation.

func (*UserInfo) DeepCopy added in v1.1.0 

func (in *UserInfo) DeepCopy() *UserInfo

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo.

func (*UserInfo) DeepCopyInto added in v1.1.0 

func (in *UserInfo) DeepCopyInto(out *UserInfo)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Validation 

type Validation struct {

	// Message specifies a custom message to be displayed on failure.
	// +optional
	Message string `json:"message,omitempty" yaml:"message,omitempty"`

	// Pattern specifies an overlay-style pattern used to check resources.
	// +kubebuilder:validation:XPreserveUnknownFields
	// +optional
	Pattern apiextensions.JSON `json:"pattern,omitempty" yaml:"pattern,omitempty"`

	// AnyPattern specifies list of validation patterns. At least one of the patterns
	// must be satisfied for the validation rule to succeed.
	// +kubebuilder:validation:XPreserveUnknownFields
	// +optional
	AnyPattern apiextensions.JSON `json:"anyPattern,omitempty" yaml:"anyPattern,omitempty"`

	// Deny defines conditions to fail the validation rule.
	// +optional
	Deny *Deny `json:"deny,omitempty" yaml:"deny,omitempty"`
}

Validation defines checks to be performed on matching resources.

func (*Validation) DeepCopy 

func (in *Validation) DeepCopy() *Validation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validation.

func (*Validation) DeepCopyInto 

func (in *Validation) DeepCopyInto(out *Validation)

DeepCopyInto is declared because k8s:deepcopy-gen is not able to generate this method for interface{} member

func (*Validation) DeserializeAnyPattern added in v1.3.0 

func (in *Validation) DeserializeAnyPattern() ([]interface{}, error)

DeserializeAnyPattern deserialize apiextensions.JSON to []interface{}

type ViolatedRule 

type ViolatedRule struct {
	// Specifies violated rule name.
	Name string `json:"name" yaml:"name"`

	// Specifies violated rule type.
	Type string `json:"type" yaml:"type"`

	// Specifies violation message.
	// +optional
	Message string `json:"message" yaml:"message"`

	// +optional
	Check string `json:"check" yaml:"check"`
}

ViolatedRule stores the information regarding the rule.

func (*ViolatedRule) DeepCopy 

func (in *ViolatedRule) DeepCopy() *ViolatedRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ViolatedRule.

func (*ViolatedRule) DeepCopyInto 

func (in *ViolatedRule) DeepCopyInto(out *ViolatedRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.