Documentation ¶
Overview ¶
Package v1 contains API Schema definitions for the policy v1 API group +kubebuilder:object:generate=true +groupName=policy.open-cluster-management.io
Index ¶
- Variables
- type ComplianceMap
- type CompliancePerClusterStatus
- type ComplianceState
- type ComplianceType
- type Condition
- type ConfigurationPolicy
- type ConfigurationPolicyList
- type ConfigurationPolicySpec
- type ConfigurationPolicyStatus
- type EvaluationInterval
- type MetadataComplianceType
- type NonEmptyString
- type ObjectMetadata
- type ObjectProperties
- type ObjectResource
- type ObjectTemplate
- type PruneObjectBehavior
- type RecordDiff
- type RelatedObject
- type RemediationAction
- type Severity
- type Target
- type TemplateStatus
- type Validity
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "policy.open-cluster-management.io", Version: "v1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
var ErrIsNever = errors.New("the interval is set to never")
Functions ¶
This section is empty.
Types ¶
type ComplianceMap ¶
type ComplianceMap map[string]*CompliancePerClusterStatus
ComplianceMap map to hold CompliancePerClusterStatus objects
func (ComplianceMap) DeepCopy ¶
func (in ComplianceMap) DeepCopy() ComplianceMap
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceMap.
func (ComplianceMap) DeepCopyInto ¶
func (in ComplianceMap) DeepCopyInto(out *ComplianceMap)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CompliancePerClusterStatus ¶
type CompliancePerClusterStatus struct { AggregatePolicyStatus map[string]*ConfigurationPolicyStatus `json:"aggregatePoliciesStatus,omitempty"` ComplianceState ComplianceState `json:"compliant,omitempty"` ClusterName string `json:"clustername,omitempty"` }
CompliancePerClusterStatus contains aggregate status of other policies in cluster
func (*CompliancePerClusterStatus) DeepCopy ¶
func (in *CompliancePerClusterStatus) DeepCopy() *CompliancePerClusterStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompliancePerClusterStatus.
func (*CompliancePerClusterStatus) DeepCopyInto ¶
func (in *CompliancePerClusterStatus) DeepCopyInto(out *CompliancePerClusterStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ComplianceState ¶
type ComplianceState string
ComplianceState shows the state of enforcement
const ( // Compliant is an ComplianceState Compliant ComplianceState = "Compliant" // NonCompliant is an ComplianceState NonCompliant ComplianceState = "NonCompliant" // UnknownCompliancy is an ComplianceState UnknownCompliancy ComplianceState = "UnknownCompliancy" // Terminating is a ComplianceState Terminating ComplianceState = "Terminating" )
type ComplianceType ¶
type ComplianceType string
ComplianceType describes whether we must or must not have a given resource +kubebuilder:validation:Enum=MustHave;Musthave;musthave;MustOnlyHave;Mustonlyhave;mustonlyhave;MustNotHave;Mustnothave;mustnothave
const ( // MustNotHave is an enforcement state to exclude a resource MustNotHave ComplianceType = "Mustnothave" // MustHave is an enforcement state to include a resource MustHave ComplianceType = "Musthave" // MustOnlyHave is an enforcement state to exclusively include a resource MustOnlyHave ComplianceType = "Mustonlyhave" )
func (ComplianceType) IsMustHave ¶ added in v0.13.0
func (c ComplianceType) IsMustHave() bool
func (ComplianceType) IsMustNotHave ¶ added in v0.13.0
func (c ComplianceType) IsMustNotHave() bool
func (ComplianceType) IsMustOnlyHave ¶ added in v0.13.0
func (c ComplianceType) IsMustOnlyHave() bool
type Condition ¶
type Condition struct { // Type of condition, e.g Complete or Failed. Type string `json:"type"` // Status of the condition, one of True, False, Unknown. Status corev1.ConditionStatus `json:"status,omitempty" protobuf:"bytes,12,rep,name=status"` // The last time the condition transitioned from one status to another. // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,3,opt,name=lastTransitionTime"` // The reason for the condition's last transition. // +optional Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"` // A human readable message indicating details about the transition. // +optional Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"` }
Condition is the base struct for representing resource conditions
func (*Condition) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
func (*Condition) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConfigurationPolicy ¶
type ConfigurationPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec *ConfigurationPolicySpec `json:"spec,omitempty"` Status ConfigurationPolicyStatus `json:"status,omitempty"` }
ConfigurationPolicy is the Schema for the configurationpolicies API
func (*ConfigurationPolicy) DeepCopy ¶
func (in *ConfigurationPolicy) DeepCopy() *ConfigurationPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigurationPolicy.
func (*ConfigurationPolicy) DeepCopyInto ¶
func (in *ConfigurationPolicy) DeepCopyInto(out *ConfigurationPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ConfigurationPolicy) DeepCopyObject ¶
func (in *ConfigurationPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ConfigurationPolicyList ¶
type ConfigurationPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ConfigurationPolicy `json:"items"` }
ConfigurationPolicyList contains a list of ConfigurationPolicy
func (*ConfigurationPolicyList) DeepCopy ¶
func (in *ConfigurationPolicyList) DeepCopy() *ConfigurationPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigurationPolicyList.
func (*ConfigurationPolicyList) DeepCopyInto ¶
func (in *ConfigurationPolicyList) DeepCopyInto(out *ConfigurationPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ConfigurationPolicyList) DeepCopyObject ¶
func (in *ConfigurationPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ConfigurationPolicySpec ¶
type ConfigurationPolicySpec struct { Severity Severity `json:"severity,omitempty"` // low, medium, high RemediationAction RemediationAction `json:"remediationAction"` // enforce, inform // 'namespaceSelector' defines the list of namespaces to include/exclude for objects defined in // spec.objectTemplates. All selector rules are ANDed. If 'include' is not provided but // 'matchLabels' and/or 'matchExpressions' are, 'include' will behave as if ['*'] were given. If // 'matchExpressions' and 'matchLabels' are both not provided, 'include' must be provided to // retrieve namespaces. NamespaceSelector Target `json:"namespaceSelector,omitempty"` // 'object-templates' and 'object-templates-raw' are arrays of objects for the configuration // policy to check, create, modify, or delete on the cluster. 'object-templates' is an array // of objects, while 'object-templates-raw' is a string containing an array of objects in // YAML format. Only one of the two object-templates variables can be set in a given // configurationPolicy. ObjectTemplates []*ObjectTemplate `json:"object-templates,omitempty"` // 'object-templates' and 'object-templates-raw' are arrays of objects for the configuration // policy to check, create, modify, or delete on the cluster. 'object-templates' is an array // of objects, while 'object-templates-raw' is a string containing an array of objects in // YAML format. Only one of the two object-templates variables can be set in a given // configurationPolicy. ObjectTemplatesRaw string `json:"object-templates-raw,omitempty"` EvaluationInterval EvaluationInterval `json:"evaluationInterval,omitempty"` // +kubebuilder:default:=None PruneObjectBehavior PruneObjectBehavior `json:"pruneObjectBehavior,omitempty"` }
ConfigurationPolicySpec defines the desired state of ConfigurationPolicy
func (*ConfigurationPolicySpec) DeepCopy ¶
func (in *ConfigurationPolicySpec) DeepCopy() *ConfigurationPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigurationPolicySpec.
func (*ConfigurationPolicySpec) DeepCopyInto ¶
func (in *ConfigurationPolicySpec) DeepCopyInto(out *ConfigurationPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConfigurationPolicyStatus ¶
type ConfigurationPolicyStatus struct { ComplianceState ComplianceState `json:"compliant,omitempty"` // Compliant/NonCompliant/UnknownCompliancy CompliancyDetails []TemplateStatus `json:"compliancyDetails,omitempty"` // reason for non-compliancy // An ISO-8601 timestamp of the last time the policy was evaluated LastEvaluated string `json:"lastEvaluated,omitempty"` // The generation of the ConfigurationPolicy object when it was last evaluated LastEvaluatedGeneration int64 `json:"lastEvaluatedGeneration,omitempty"` // List of resources processed by the policy RelatedObjects []RelatedObject `json:"relatedObjects,omitempty"` }
ConfigurationPolicyStatus defines the observed state of ConfigurationPolicy
func (*ConfigurationPolicyStatus) DeepCopy ¶
func (in *ConfigurationPolicyStatus) DeepCopy() *ConfigurationPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigurationPolicyStatus.
func (*ConfigurationPolicyStatus) DeepCopyInto ¶
func (in *ConfigurationPolicyStatus) DeepCopyInto(out *ConfigurationPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EvaluationInterval ¶ added in v0.7.0
type EvaluationInterval struct { //+kubebuilder:validation:Pattern=`^(?:(?:(?:[0-9]+(?:.[0-9])?)(?:h|m|s|(?:ms)|(?:us)|(?:ns)))|never)+$` // The minimum elapsed time before a ConfigurationPolicy is reevaluated when in the compliant state. Set this to // "never" to disable reevaluation when in the compliant state. Compliant string `json:"compliant,omitempty"` //+kubebuilder:validation:Pattern=`^(?:(?:(?:[0-9]+(?:.[0-9])?)(?:h|m|s|(?:ms)|(?:us)|(?:ns)))|never)+$` // The minimum elapsed time before a ConfigurationPolicy is reevaluated when in the noncompliant state. Set this to // "never" to disable reevaluation when in the noncompliant state. NonCompliant string `json:"noncompliant,omitempty"` }
Configures the minimum elapsed time before a ConfigurationPolicy is reevaluated. If the policy spec is changed, or if the list of namespaces selected by the policy changes, the policy may be evaluated regardless of the settings here.
func (*EvaluationInterval) DeepCopy ¶ added in v0.8.0
func (in *EvaluationInterval) DeepCopy() *EvaluationInterval
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EvaluationInterval.
func (*EvaluationInterval) DeepCopyInto ¶ added in v0.8.0
func (in *EvaluationInterval) DeepCopyInto(out *EvaluationInterval)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (EvaluationInterval) GetCompliantInterval ¶ added in v0.7.0
func (e EvaluationInterval) GetCompliantInterval() (time.Duration, error)
GetCompliantInterval converts the Compliant interval to a duration. ErrIsNever is returned when the string is set to "never".
func (EvaluationInterval) GetNonCompliantInterval ¶ added in v0.7.0
func (e EvaluationInterval) GetNonCompliantInterval() (time.Duration, error)
GetNonCompliantInterval converts the NonCompliant interval to a duration. ErrIsNever is returned when the string is set to "never".
type MetadataComplianceType ¶ added in v0.7.0
type MetadataComplianceType string
MetadataComplianceType describes how to check compliance for the labels/annotations of a given object +kubebuilder:validation:Enum=MustHave;Musthave;musthave;MustOnlyHave;Mustonlyhave;mustonlyhave
type ObjectMetadata ¶
type ObjectMetadata struct { // Name of the referent. More info: // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Name string `json:"name,omitempty"` // Namespace of the referent. More info: // https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ Namespace string `json:"namespace,omitempty"` }
ObjectMetadata contains the resource metadata for an object being processed by the policy
func (*ObjectMetadata) DeepCopy ¶
func (in *ObjectMetadata) DeepCopy() *ObjectMetadata
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectMetadata.
func (*ObjectMetadata) DeepCopyInto ¶
func (in *ObjectMetadata) DeepCopyInto(out *ObjectMetadata)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ObjectProperties ¶ added in v0.8.0
type ObjectProperties struct { // Whether the object was created by the parent policy CreatedByPolicy *bool `json:"createdByPolicy,omitempty"` // Store object UID to help track object ownership for deletion UID string `json:"uid,omitempty"` }
func (*ObjectProperties) DeepCopy ¶ added in v0.10.0
func (in *ObjectProperties) DeepCopy() *ObjectProperties
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectProperties.
func (*ObjectProperties) DeepCopyInto ¶ added in v0.10.0
func (in *ObjectProperties) DeepCopyInto(out *ObjectProperties)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ObjectResource ¶
type ObjectResource struct { // Kind of the referent. More info: // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds Kind string `json:"kind,omitempty"` // API version of the referent. APIVersion string `json:"apiVersion,omitempty"` // Metadata values from the referent. Metadata ObjectMetadata `json:"metadata,omitempty"` }
ObjectResource is an object identified by the policy as a resource that needs to be validated.
func ObjectResourceFromObj ¶ added in v0.13.0
func ObjectResourceFromObj(obj client.Object) ObjectResource
func (*ObjectResource) DeepCopy ¶
func (in *ObjectResource) DeepCopy() *ObjectResource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectResource.
func (*ObjectResource) DeepCopyInto ¶
func (in *ObjectResource) DeepCopyInto(out *ObjectResource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ObjectTemplate ¶
type ObjectTemplate struct { // ComplianceType specifies whether it is: musthave, mustnothave, mustonlyhave ComplianceType ComplianceType `json:"complianceType"` MetadataComplianceType MetadataComplianceType `json:"metadataComplianceType,omitempty"` // ObjectDefinition defines required fields for the object // +kubebuilder:pruning:PreserveUnknownFields ObjectDefinition runtime.RawExtension `json:"objectDefinition"` // RecordDiff specifies whether (and where) to log the diff between the object on the // cluster and the objectDefinition in the policy. Defaults to "None". RecordDiff RecordDiff `json:"recordDiff,omitempty"` }
ObjectTemplate describes how an object should look
func (*ObjectTemplate) DeepCopy ¶
func (in *ObjectTemplate) DeepCopy() *ObjectTemplate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectTemplate.
func (*ObjectTemplate) DeepCopyInto ¶
func (in *ObjectTemplate) DeepCopyInto(out *ObjectTemplate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PruneObjectBehavior ¶ added in v0.8.0
type PruneObjectBehavior string
PruneObjectBehavior is used to remove objects that are managed by the policy upon policy deletion. +kubebuilder:validation:Enum=DeleteAll;DeleteIfCreated;None;
type RecordDiff ¶ added in v0.13.0
type RecordDiff string
+kubebuilder:validation:Enum=Log;None
const ( RecordDiffLog RecordDiff = "Log" RecordDiffNone RecordDiff = "None" )
type RelatedObject ¶
type RelatedObject struct { // Object ObjectResource `json:"object,omitempty"` // Compliant string `json:"compliant,omitempty"` // Reason string `json:"reason,omitempty"` Properties *ObjectProperties `json:"properties,omitempty"` }
RelatedObject is the list of objects matched by this Policy resource.
func (*RelatedObject) DeepCopy ¶
func (in *RelatedObject) DeepCopy() *RelatedObject
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelatedObject.
func (*RelatedObject) DeepCopyInto ¶
func (in *RelatedObject) DeepCopyInto(out *RelatedObject)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RemediationAction ¶
type RemediationAction string
RemediationAction : enforce or inform +kubebuilder:validation:Enum=Inform;inform;Enforce;enforce
const ( // Enforce is an remediationAction to make changes Enforce RemediationAction = "Enforce" // Inform is an remediationAction to only inform Inform RemediationAction = "Inform" )
func (RemediationAction) IsEnforce ¶ added in v0.13.0
func (ra RemediationAction) IsEnforce() bool
func (RemediationAction) IsInform ¶ added in v0.13.0
func (ra RemediationAction) IsInform() bool
type Severity ¶
type Severity string
Severity : low, medium, high, or critical +kubebuilder:validation:Enum=low;Low;medium;Medium;high;High;critical;Critical
type Target ¶
type Target struct { // 'include' is an array of filepath expressions to include objects by name. Include []NonEmptyString `json:"include,omitempty"` // 'exclude' is an array of filepath expressions to exclude objects by name. Exclude []NonEmptyString `json:"exclude,omitempty"` // 'matchLabels' is a map of {key,value} pairs matching objects by label. MatchLabels *map[string]string `json:"matchLabels,omitempty"` // 'matchExpressions' is an array of label selector requirements matching objects by label. MatchExpressions *[]metav1.LabelSelectorRequirement `json:"matchExpressions,omitempty"` }
func (*Target) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Target.
func (*Target) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateStatus ¶
type TemplateStatus struct { ComplianceState ComplianceState `json:"Compliant,omitempty"` // Compliant, NonCompliant, UnknownCompliancy // +optional // +patchMergeKey=type // +patchStrategy=merge Conditions []Condition `json:"conditions,omitempty"` Validity Validity `json:"Validity,omitempty"` // a template can be invalid if it has conflicting roles }
TemplateStatus hold the status result
func (*TemplateStatus) DeepCopy ¶
func (in *TemplateStatus) DeepCopy() *TemplateStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateStatus.
func (*TemplateStatus) DeepCopyInto ¶
func (in *TemplateStatus) DeepCopyInto(out *TemplateStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Validity ¶
type Validity struct { Valid *bool `json:"valid,omitempty"` Reason string `json:"reason,omitempty"` }
Validity describes if it is valid or not
func (*Validity) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validity.
func (*Validity) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.