v1

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2024 License: Apache-2.0 Imports: 10 Imported by: 12

Documentation

Overview

Package v1 contains API Schema definitions for the policy v1 API group +kubebuilder:object:generate=true +groupName=policy.open-cluster-management.io

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "policy.open-cluster-management.io", Version: "v1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source 
var ErrIsNever = errors.New("the interval is set to never")

Functions

This section is empty.

Types

type ComplianceMap 

type ComplianceMap map[string]*CompliancePerClusterStatus

ComplianceMap map to hold CompliancePerClusterStatus objects

func (ComplianceMap) DeepCopy 

func (in ComplianceMap) DeepCopy() ComplianceMap

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceMap.

func (ComplianceMap) DeepCopyInto 

func (in ComplianceMap) DeepCopyInto(out *ComplianceMap)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CompliancePerClusterStatus 

type CompliancePerClusterStatus struct {
	AggregatePolicyStatus map[string]*ConfigurationPolicyStatus `json:"aggregatePoliciesStatus,omitempty"`
	ComplianceState       ComplianceState                       `json:"compliant,omitempty"`
	ClusterName           string                                `json:"clustername,omitempty"`
}

CompliancePerClusterStatus contains aggregate status of other policies in cluster

func (*CompliancePerClusterStatus) DeepCopy 

func (in *CompliancePerClusterStatus) DeepCopy() *CompliancePerClusterStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompliancePerClusterStatus.

func (*CompliancePerClusterStatus) DeepCopyInto 

func (in *CompliancePerClusterStatus) DeepCopyInto(out *CompliancePerClusterStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceState 

type ComplianceState string

ComplianceState shows the state of enforcement 

const (
	// Compliant is an ComplianceState
	Compliant ComplianceState = "Compliant"

	// NonCompliant is an ComplianceState
	NonCompliant ComplianceState = "NonCompliant"

	// UnknownCompliancy is an ComplianceState
	UnknownCompliancy ComplianceState = "UnknownCompliancy"

	// Terminating is a ComplianceState
	Terminating ComplianceState = "Terminating"
)

type ComplianceType 

type ComplianceType string

ComplianceType describes whether we must or must not have a given resource +kubebuilder:validation:Enum=MustHave;Musthave;musthave;MustOnlyHave;Mustonlyhave;mustonlyhave;MustNotHave;Mustnothave;mustnothave 

const (
	// MustNotHave is an enforcement state to exclude a resource
	MustNotHave ComplianceType = "Mustnothave"

	// MustHave is an enforcement state to include a resource
	MustHave ComplianceType = "Musthave"

	// MustOnlyHave is an enforcement state to exclusively include a resource
	MustOnlyHave ComplianceType = "Mustonlyhave"
)

func (ComplianceType) IsMustHave added in v0.13.0 

func (c ComplianceType) IsMustHave() bool

func (ComplianceType) IsMustNotHave added in v0.13.0 

func (c ComplianceType) IsMustNotHave() bool

func (ComplianceType) IsMustOnlyHave added in v0.13.0 

func (c ComplianceType) IsMustOnlyHave() bool

type Condition 

type Condition struct {
	// Type of condition, e.g Complete or Failed.
	Type string `json:"type"`
	// Status of the condition, one of True, False, Unknown.
	Status corev1.ConditionStatus `json:"status,omitempty" protobuf:"bytes,12,rep,name=status"`
	// The last time the condition transitioned from one status to another.
	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,3,opt,name=lastTransitionTime"`
	// The reason for the condition's last transition.
	// +optional
	Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"`
	// A human readable message indicating details about the transition.
	// +optional
	Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"`
}

Condition is the base struct for representing resource conditions

func (*Condition) DeepCopy 

func (in *Condition) DeepCopy() *Condition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.

func (*Condition) DeepCopyInto 

func (in *Condition) DeepCopyInto(out *Condition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConfigurationPolicy 

type ConfigurationPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   *ConfigurationPolicySpec  `json:"spec,omitempty"`
	Status ConfigurationPolicyStatus `json:"status,omitempty"`
}

ConfigurationPolicy is the Schema for the configurationpolicies API

func (*ConfigurationPolicy) DeepCopy 

func (in *ConfigurationPolicy) DeepCopy() *ConfigurationPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigurationPolicy.

func (*ConfigurationPolicy) DeepCopyInto 

func (in *ConfigurationPolicy) DeepCopyInto(out *ConfigurationPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ConfigurationPolicy) DeepCopyObject 

func (in *ConfigurationPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ConfigurationPolicyList 

type ConfigurationPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ConfigurationPolicy `json:"items"`
}

ConfigurationPolicyList contains a list of ConfigurationPolicy

func (*ConfigurationPolicyList) DeepCopy 

func (in *ConfigurationPolicyList) DeepCopy() *ConfigurationPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigurationPolicyList.

func (*ConfigurationPolicyList) DeepCopyInto 

func (in *ConfigurationPolicyList) DeepCopyInto(out *ConfigurationPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ConfigurationPolicyList) DeepCopyObject 

func (in *ConfigurationPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ConfigurationPolicySpec 

type ConfigurationPolicySpec struct {
	Severity          Severity          `json:"severity,omitempty"` // low, medium, high
	RemediationAction RemediationAction `json:"remediationAction"`  // enforce, inform
	// 'namespaceSelector' defines the list of namespaces to include/exclude for objects defined in
	// spec.objectTemplates. All selector rules are ANDed. If 'include' is not provided but
	// 'matchLabels' and/or 'matchExpressions' are, 'include' will behave as if ['*'] were given. If
	// 'matchExpressions' and 'matchLabels' are both not provided, 'include' must be provided to
	// retrieve namespaces.
	NamespaceSelector Target `json:"namespaceSelector,omitempty"`
	// 'object-templates' and 'object-templates-raw' are arrays of objects for the configuration
	// policy to check, create, modify, or delete on the cluster. 'object-templates' is an array
	// of objects, while 'object-templates-raw' is a string containing an array of objects in
	// YAML format. Only one of the two object-templates variables can be set in a given
	// configurationPolicy.
	ObjectTemplates []*ObjectTemplate `json:"object-templates,omitempty"`
	// 'object-templates' and 'object-templates-raw' are arrays of objects for the configuration
	// policy to check, create, modify, or delete on the cluster. 'object-templates' is an array
	// of objects, while 'object-templates-raw' is a string containing an array of objects in
	// YAML format. Only one of the two object-templates variables can be set in a given
	// configurationPolicy.
	ObjectTemplatesRaw string             `json:"object-templates-raw,omitempty"`
	EvaluationInterval EvaluationInterval `json:"evaluationInterval,omitempty"`
	// +kubebuilder:default:=None
	PruneObjectBehavior PruneObjectBehavior `json:"pruneObjectBehavior,omitempty"`
}

ConfigurationPolicySpec defines the desired state of ConfigurationPolicy

func (*ConfigurationPolicySpec) DeepCopy 

func (in *ConfigurationPolicySpec) DeepCopy() *ConfigurationPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigurationPolicySpec.

func (*ConfigurationPolicySpec) DeepCopyInto 

func (in *ConfigurationPolicySpec) DeepCopyInto(out *ConfigurationPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConfigurationPolicyStatus 

type ConfigurationPolicyStatus struct {
	ComplianceState   ComplianceState  `json:"compliant,omitempty"`         // Compliant/NonCompliant/UnknownCompliancy
	CompliancyDetails []TemplateStatus `json:"compliancyDetails,omitempty"` // reason for non-compliancy
	// An ISO-8601 timestamp of the last time the policy was evaluated
	LastEvaluated string `json:"lastEvaluated,omitempty"`
	// The generation of the ConfigurationPolicy object when it was last evaluated
	LastEvaluatedGeneration int64 `json:"lastEvaluatedGeneration,omitempty"`
	// List of resources processed by the policy
	RelatedObjects []RelatedObject `json:"relatedObjects,omitempty"`
}

ConfigurationPolicyStatus defines the observed state of ConfigurationPolicy

func (*ConfigurationPolicyStatus) DeepCopy 

func (in *ConfigurationPolicyStatus) DeepCopy() *ConfigurationPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigurationPolicyStatus.

func (*ConfigurationPolicyStatus) DeepCopyInto 

func (in *ConfigurationPolicyStatus) DeepCopyInto(out *ConfigurationPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EvaluationInterval added in v0.7.0 

type EvaluationInterval struct {
	//+kubebuilder:validation:Pattern=`^(?:(?:(?:[0-9]+(?:.[0-9])?)(?:h|m|s|(?:ms)|(?:us)|(?:ns)))|never)+$`
	// The minimum elapsed time before a ConfigurationPolicy is reevaluated when in the compliant state. Set this to
	// "never" to disable reevaluation when in the compliant state.
	Compliant string `json:"compliant,omitempty"`
	//+kubebuilder:validation:Pattern=`^(?:(?:(?:[0-9]+(?:.[0-9])?)(?:h|m|s|(?:ms)|(?:us)|(?:ns)))|never)+$`
	// The minimum elapsed time before a ConfigurationPolicy is reevaluated when in the noncompliant state. Set this to
	// "never" to disable reevaluation when in the noncompliant state.
	NonCompliant string `json:"noncompliant,omitempty"`
}

Configures the minimum elapsed time before a ConfigurationPolicy is reevaluated. If the policy spec is changed, or if the list of namespaces selected by the policy changes, the policy may be evaluated regardless of the settings here.

func (*EvaluationInterval) DeepCopy added in v0.8.0 

func (in *EvaluationInterval) DeepCopy() *EvaluationInterval

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EvaluationInterval.

func (*EvaluationInterval) DeepCopyInto added in v0.8.0 

func (in *EvaluationInterval) DeepCopyInto(out *EvaluationInterval)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (EvaluationInterval) GetCompliantInterval added in v0.7.0 

func (e EvaluationInterval) GetCompliantInterval() (time.Duration, error)

GetCompliantInterval converts the Compliant interval to a duration. ErrIsNever is returned when the string is set to "never".

func (EvaluationInterval) GetNonCompliantInterval added in v0.7.0 

func (e EvaluationInterval) GetNonCompliantInterval() (time.Duration, error)

GetNonCompliantInterval converts the NonCompliant interval to a duration. ErrIsNever is returned when the string is set to "never".

type MetadataComplianceType added in v0.7.0 

type MetadataComplianceType string

MetadataComplianceType describes how to check compliance for the labels/annotations of a given object +kubebuilder:validation:Enum=MustHave;Musthave;musthave;MustOnlyHave;Mustonlyhave;mustonlyhave

type NonEmptyString 

type NonEmptyString string

+kubebuilder:validation:MinLength=1

type ObjectMetadata 

type ObjectMetadata struct {
	// Name of the referent. More info:
	// https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
	Name string `json:"name,omitempty"`
	// Namespace of the referent. More info:
	// https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
	Namespace string `json:"namespace,omitempty"`
}

ObjectMetadata contains the resource metadata for an object being processed by the policy

func (*ObjectMetadata) DeepCopy 

func (in *ObjectMetadata) DeepCopy() *ObjectMetadata

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectMetadata.

func (*ObjectMetadata) DeepCopyInto 

func (in *ObjectMetadata) DeepCopyInto(out *ObjectMetadata)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ObjectProperties added in v0.8.0 

type ObjectProperties struct {
	// Whether the object was created by the parent policy
	CreatedByPolicy *bool `json:"createdByPolicy,omitempty"`
	// Store object UID to help track object ownership for deletion
	UID string `json:"uid,omitempty"`
}

func (*ObjectProperties) DeepCopy added in v0.10.0 

func (in *ObjectProperties) DeepCopy() *ObjectProperties

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectProperties.

func (*ObjectProperties) DeepCopyInto added in v0.10.0 

func (in *ObjectProperties) DeepCopyInto(out *ObjectProperties)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ObjectResource 

type ObjectResource struct {
	// Kind of the referent. More info:
	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind string `json:"kind,omitempty"`
	// API version of the referent.
	APIVersion string `json:"apiVersion,omitempty"`
	// Metadata values from the referent.
	Metadata ObjectMetadata `json:"metadata,omitempty"`
}

ObjectResource is an object identified by the policy as a resource that needs to be validated.

func ObjectResourceFromObj added in v0.13.0 

func ObjectResourceFromObj(obj client.Object) ObjectResource

func (*ObjectResource) DeepCopy 

func (in *ObjectResource) DeepCopy() *ObjectResource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectResource.

func (*ObjectResource) DeepCopyInto 

func (in *ObjectResource) DeepCopyInto(out *ObjectResource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ObjectTemplate 

type ObjectTemplate struct {
	// ComplianceType specifies whether it is: musthave, mustnothave, mustonlyhave
	ComplianceType ComplianceType `json:"complianceType"`

	MetadataComplianceType MetadataComplianceType `json:"metadataComplianceType,omitempty"`

	// ObjectDefinition defines required fields for the object
	// +kubebuilder:pruning:PreserveUnknownFields
	ObjectDefinition runtime.RawExtension `json:"objectDefinition"`

	// RecordDiff specifies whether (and where) to log the diff between the object on the
	// cluster and the objectDefinition in the policy. Defaults to "None".
	RecordDiff RecordDiff `json:"recordDiff,omitempty"`
}

ObjectTemplate describes how an object should look

func (*ObjectTemplate) DeepCopy 

func (in *ObjectTemplate) DeepCopy() *ObjectTemplate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectTemplate.

func (*ObjectTemplate) DeepCopyInto 

func (in *ObjectTemplate) DeepCopyInto(out *ObjectTemplate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PruneObjectBehavior added in v0.8.0 

type PruneObjectBehavior string

PruneObjectBehavior is used to remove objects that are managed by the policy upon policy deletion. +kubebuilder:validation:Enum=DeleteAll;DeleteIfCreated;None;

type RecordDiff added in v0.13.0 

type RecordDiff string

+kubebuilder:validation:Enum=Log;None 

const (
	RecordDiffLog  RecordDiff = "Log"
	RecordDiffNone RecordDiff = "None"
)

type RelatedObject 

type RelatedObject struct {
	//
	Object ObjectResource `json:"object,omitempty"`
	//
	Compliant string `json:"compliant,omitempty"`
	//
	Reason     string            `json:"reason,omitempty"`
	Properties *ObjectProperties `json:"properties,omitempty"`
}

RelatedObject is the list of objects matched by this Policy resource.

func (*RelatedObject) DeepCopy 

func (in *RelatedObject) DeepCopy() *RelatedObject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelatedObject.

func (*RelatedObject) DeepCopyInto 

func (in *RelatedObject) DeepCopyInto(out *RelatedObject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RemediationAction 

type RemediationAction string

RemediationAction : enforce or inform +kubebuilder:validation:Enum=Inform;inform;Enforce;enforce 

const (
	// Enforce is an remediationAction to make changes
	Enforce RemediationAction = "Enforce"

	// Inform is an remediationAction to only inform
	Inform RemediationAction = "Inform"
)

func (RemediationAction) IsEnforce added in v0.13.0 

func (ra RemediationAction) IsEnforce() bool

func (RemediationAction) IsInform added in v0.13.0 

func (ra RemediationAction) IsInform() bool

type Severity 

type Severity string

Severity : low, medium, high, or critical +kubebuilder:validation:Enum=low;Low;medium;Medium;high;High;critical;Critical

type Target 

type Target struct {
	// 'include' is an array of filepath expressions to include objects by name.
	Include []NonEmptyString `json:"include,omitempty"`
	// 'exclude' is an array of filepath expressions to exclude objects by name.
	Exclude []NonEmptyString `json:"exclude,omitempty"`
	// 'matchLabels' is a map of {key,value} pairs matching objects by label.
	MatchLabels *map[string]string `json:"matchLabels,omitempty"`
	// 'matchExpressions' is an array of label selector requirements matching objects by label.
	MatchExpressions *[]metav1.LabelSelectorRequirement `json:"matchExpressions,omitempty"`
}

func (*Target) DeepCopy 

func (in *Target) DeepCopy() *Target

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Target.

func (*Target) DeepCopyInto 

func (in *Target) DeepCopyInto(out *Target)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (Target) String added in v0.8.0 

func (t Target) String() string

Define String() so that the LabelSelector is dereferenced in the logs

type TemplateStatus 

type TemplateStatus struct {
	ComplianceState ComplianceState `json:"Compliant,omitempty"` // Compliant, NonCompliant, UnknownCompliancy
	// +optional
	// +patchMergeKey=type
	// +patchStrategy=merge
	Conditions []Condition `json:"conditions,omitempty"`

	Validity Validity `json:"Validity,omitempty"` // a template can be invalid if it has conflicting roles
}

TemplateStatus hold the status result

func (*TemplateStatus) DeepCopy 

func (in *TemplateStatus) DeepCopy() *TemplateStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateStatus.

func (*TemplateStatus) DeepCopyInto 

func (in *TemplateStatus) DeepCopyInto(out *TemplateStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Validity 

type Validity struct {
	Valid  *bool  `json:"valid,omitempty"`
	Reason string `json:"reason,omitempty"`
}

Validity describes if it is valid or not

func (*Validity) DeepCopy 

func (in *Validity) DeepCopy() *Validity

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validity.

func (*Validity) DeepCopyInto 

func (in *Validity) DeepCopyInto(out *Validity)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.