v1

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 29, 2024 License: Apache-2.0 Imports: 13 Imported by: 65

Documentation

Overview

Package v1 contains API Schema definitions for the policy v1 API group +kubebuilder:object:generate=true +groupName=policy.open-cluster-management.io

Index

Constants

View Source 
const Kind = "Policy"

Kind Policy

View Source 
const PolicySetKind = "PolicySet"

PolicySetKind Policy

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion       = schema.GroupVersion{Group: "policy.open-cluster-management.io", Version: "v1"}
	SchemeGroupVersion = GroupVersion

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type BindingOverrides added in v0.12.0 

type BindingOverrides struct {
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=Enforce;enforce
	// This field overrides the policy remediationAction on target clusters
	RemediationAction string `json:"remediationAction,omitempty"`
}

BindingOverrides defines the overrides to the Subjects

func (*BindingOverrides) DeepCopy added in v0.12.0 

func (in *BindingOverrides) DeepCopy() *BindingOverrides

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BindingOverrides.

func (*BindingOverrides) DeepCopyInto added in v0.12.0 

func (in *BindingOverrides) DeepCopyInto(out *BindingOverrides)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceHistory 

type ComplianceHistory struct {
	LastTimestamp metav1.Time `json:"lastTimestamp,omitempty" protobuf:"bytes,7,opt,name=lastTimestamp"`
	Message       string      `json:"message,omitempty" protobuf:"bytes,4,opt,name=message"`
	EventName     string      `json:"eventName,omitempty"`
}

ComplianceHistory defines compliance details history

func (*ComplianceHistory) DeepCopy 

func (in *ComplianceHistory) DeepCopy() *ComplianceHistory

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComplianceHistory.

func (*ComplianceHistory) DeepCopyInto 

func (in *ComplianceHistory) DeepCopyInto(out *ComplianceHistory)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CompliancePerClusterStatus 

type CompliancePerClusterStatus struct {
	ComplianceState  ComplianceState `json:"compliant,omitempty"`
	ClusterName      string          `json:"clustername,omitempty"`
	ClusterNamespace string          `json:"clusternamespace,omitempty"`
}

CompliancePerClusterStatus defines compliance per cluster status

func (*CompliancePerClusterStatus) DeepCopy 

func (in *CompliancePerClusterStatus) DeepCopy() *CompliancePerClusterStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompliancePerClusterStatus.

func (*CompliancePerClusterStatus) DeepCopyInto 

func (in *CompliancePerClusterStatus) DeepCopyInto(out *CompliancePerClusterStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComplianceState 

type ComplianceState string

ComplianceState shows the state of enforcement 

const (
	// Compliant is a ComplianceState
	Compliant ComplianceState = "Compliant"

	// NonCompliant is a ComplianceState
	NonCompliant ComplianceState = "NonCompliant"

	// Pending is a ComplianceState
	Pending ComplianceState = "Pending"
)

type DetailsPerTemplate 

type DetailsPerTemplate struct {
	// +kubebuilder:pruning:PreserveUnknownFields
	TemplateMeta    metav1.ObjectMeta   `json:"templateMeta,omitempty"`
	ComplianceState ComplianceState     `json:"compliant,omitempty"`
	History         []ComplianceHistory `json:"history,omitempty"`
}

DetailsPerTemplate defines compliance details and history

func (*DetailsPerTemplate) DeepCopy 

func (in *DetailsPerTemplate) DeepCopy() *DetailsPerTemplate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DetailsPerTemplate.

func (*DetailsPerTemplate) DeepCopyInto 

func (in *DetailsPerTemplate) DeepCopyInto(out *DetailsPerTemplate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Placement 

type Placement struct {
	PlacementBinding string              `json:"placementBinding,omitempty"`
	PlacementRule    string              `json:"placementRule,omitempty"`
	Placement        string              `json:"placement,omitempty"`
	Decisions        []PlacementDecision `json:"decisions,omitempty"`
	PolicySet        string              `json:"policySet,omitempty"`
}

Placement defines the placement results

func (*Placement) DeepCopy 

func (in *Placement) DeepCopy() *Placement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Placement.

func (*Placement) DeepCopyInto 

func (in *Placement) DeepCopyInto(out *Placement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PlacementBinding 

type PlacementBinding struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// +kubebuilder:validation:Optional
	BindingOverrides BindingOverrides `json:"bindingOverrides,omitempty"`
	// This field provides the ability to select a subset of bound clusters
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=restricted
	SubFilter SubFilter `json:"subFilter,omitempty"`
	// +kubebuilder:validation:Required
	PlacementRef PlacementSubject `json:"placementRef"`
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Subjects []Subject              `json:"subjects"`
	Status   PlacementBindingStatus `json:"status,omitempty"`
}

PlacementBinding is the Schema for the placementbindings API +kubebuilder:subresource:status +kubebuilder:resource:path=placementbindings,scope=Namespaced +kubebuilder:resource:path=placementbindings,shortName=pb

func (*PlacementBinding) DeepCopy 

func (in *PlacementBinding) DeepCopy() *PlacementBinding

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlacementBinding.

func (*PlacementBinding) DeepCopyInto 

func (in *PlacementBinding) DeepCopyInto(out *PlacementBinding)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PlacementBinding) DeepCopyObject 

func (in *PlacementBinding) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PlacementBindingList 

type PlacementBindingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PlacementBinding `json:"items"`
}

PlacementBindingList contains a list of PlacementBinding

func (*PlacementBindingList) DeepCopy 

func (in *PlacementBindingList) DeepCopy() *PlacementBindingList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlacementBindingList.

func (*PlacementBindingList) DeepCopyInto 

func (in *PlacementBindingList) DeepCopyInto(out *PlacementBindingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PlacementBindingList) DeepCopyObject 

func (in *PlacementBindingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PlacementBindingStatus 

type PlacementBindingStatus struct{}

PlacementBindingStatus defines the observed state of PlacementBinding

func (*PlacementBindingStatus) DeepCopy 

func (in *PlacementBindingStatus) DeepCopy() *PlacementBindingStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlacementBindingStatus.

func (*PlacementBindingStatus) DeepCopyInto 

func (in *PlacementBindingStatus) DeepCopyInto(out *PlacementBindingStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PlacementDecision 

type PlacementDecision struct {
	ClusterName      string `json:"clusterName,omitempty"`
	ClusterNamespace string `json:"clusterNamespace,omitempty"`
}

PlacementDecision defines the decision made by controller

func (*PlacementDecision) DeepCopy 

func (in *PlacementDecision) DeepCopy() *PlacementDecision

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlacementDecision.

func (*PlacementDecision) DeepCopyInto 

func (in *PlacementDecision) DeepCopyInto(out *PlacementDecision)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PlacementSubject 

type PlacementSubject struct {
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Enum=apps.open-cluster-management.io;cluster.open-cluster-management.io
	APIGroup string `json:"apiGroup"`
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Enum=PlacementRule;Placement
	Kind string `json:"kind"`
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`
}

PlacementSubject defines the resource that can be used as PlacementBinding placementRef

func (*PlacementSubject) DeepCopy 

func (in *PlacementSubject) DeepCopy() *PlacementSubject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlacementSubject.

func (*PlacementSubject) DeepCopyInto 

func (in *PlacementSubject) DeepCopyInto(out *PlacementSubject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Policy 

type Policy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata"`

	Spec   PolicySpec   `json:"spec"`
	Status PolicyStatus `json:"status,omitempty"`
}

Policy is the Schema for the policies API +kubebuilder:subresource:status +kubebuilder:resource:path=policies,scope=Namespaced +kubebuilder:resource:path=policies,shortName=plc +kubebuilder:printcolumn:name="Remediation action",type="string",JSONPath=".spec.remediationAction" +kubebuilder:printcolumn:name="Compliance state",type="string",JSONPath=".status.compliant" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func (*Policy) DeepCopy 

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto 

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Policy) DeepCopyObject 

func (in *Policy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Policy) SetupWebhookWithManager added in v0.12.0 

func (r *Policy) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*Policy) ValidateCreate added in v0.12.0 

func (r *Policy) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*Policy) ValidateDelete added in v0.12.0 

func (r *Policy) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*Policy) ValidateUpdate added in v0.12.0 

func (r *Policy) ValidateUpdate(_ runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type PolicyDependency added in v0.10.0 

type PolicyDependency struct {
	metav1.TypeMeta `json:",inline"`

	// The name of the object to be checked
	Name string `json:"name"`

	// The namespace of the object to be checked (optional)
	Namespace string `json:"namespace,omitempty"`

	// The ComplianceState (at path .status.compliant) required before the policy should be created
	// +kubebuilder:validation:Enum=Compliant;Pending;NonCompliant
	Compliance ComplianceState `json:"compliance"`
}

Each PolicyDependency defines an object reference which must be in a certain compliance state before the policy should be created.

func (*PolicyDependency) DeepCopy added in v0.10.0 

func (in *PolicyDependency) DeepCopy() *PolicyDependency

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyDependency.

func (*PolicyDependency) DeepCopyInto added in v0.10.0 

func (in *PolicyDependency) DeepCopyInto(out *PolicyDependency)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyList 

type PolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Policy `json:"items"`
}

PolicyList contains a list of Policy

func (*PolicyList) DeepCopy 

func (in *PolicyList) DeepCopy() *PolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.

func (*PolicyList) DeepCopyInto 

func (in *PolicyList) DeepCopyInto(out *PolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyList) DeepCopyObject 

func (in *PolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PolicySpec 

type PolicySpec struct {
	// This provides the ability to enable and disable your policies.
	Disabled bool `json:"disabled"`

	// If set to true (default), all the policy's labels and annotations will be copied to the replicated policy.
	// If set to false, only the policy framework specific policy labels and annotations will be copied to the
	// replicated policy.
	// +kubebuilder:validation:Optional
	CopyPolicyMetadata *bool `json:"copyPolicyMetadata,omitempty"`

	// This value (Enforce or Inform) will override the remediationAction on each template
	RemediationAction RemediationAction `json:"remediationAction,omitempty"`

	// Used to create one or more policies to apply to a managed cluster
	PolicyTemplates []*PolicyTemplate `json:"policy-templates"`

	// PolicyDependencies that apply to each template in this Policy
	Dependencies []PolicyDependency `json:"dependencies,omitempty"`
}

PolicySpec defines the desired state of Policy

func (*PolicySpec) DeepCopy 

func (in *PolicySpec) DeepCopy() *PolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec.

func (*PolicySpec) DeepCopyInto 

func (in *PolicySpec) DeepCopyInto(out *PolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyStatus 

type PolicyStatus struct {
	Placement []*Placement                  `json:"placement,omitempty"` // used by root policy
	Status    []*CompliancePerClusterStatus `json:"status,omitempty"`    // used by root policy

	// +kubebuilder:validation:Enum=Compliant;Pending;NonCompliant
	ComplianceState ComplianceState       `json:"compliant,omitempty"` // used by replicated policy
	Details         []*DetailsPerTemplate `json:"details,omitempty"`   // used by replicated policy
}

PolicyStatus defines the observed state of Policy

func (*PolicyStatus) DeepCopy 

func (in *PolicyStatus) DeepCopy() *PolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus.

func (*PolicyStatus) DeepCopyInto 

func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyTemplate 

type PolicyTemplate struct {
	// +kubebuilder:pruning:PreserveUnknownFields
	// A Kubernetes object defining the policy to apply to a managed cluster
	ObjectDefinition runtime.RawExtension `json:"objectDefinition"`

	// Additional PolicyDependencies that only apply to this template
	ExtraDependencies []PolicyDependency `json:"extraDependencies,omitempty"`

	// Ignore this template's Pending status when calculating the overall Policy status
	IgnorePending bool `json:"ignorePending,omitempty"`
}

PolicyTemplate template for custom security policy

func (*PolicyTemplate) DeepCopy 

func (in *PolicyTemplate) DeepCopy() *PolicyTemplate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTemplate.

func (*PolicyTemplate) DeepCopyInto 

func (in *PolicyTemplate) DeepCopyInto(out *PolicyTemplate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RemediationAction 

type RemediationAction string

RemediationAction describes weather to enforce or inform +kubebuilder:validation:Enum=Inform;inform;Enforce;enforce 

const (
	// Enforce is an remediationAction to make changes
	Enforce RemediationAction = "Enforce"

	// Inform is an remediationAction to only inform
	Inform RemediationAction = "Inform"
)

type SubFilter added in v0.12.0 

type SubFilter string

SubFilter defines the selection rule for bound clusters 

const Restricted SubFilter = "restricted"

type Subject 

type Subject struct {
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Enum=policy.open-cluster-management.io
	APIGroup string `json:"apiGroup"`
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Enum=Policy;PolicySet
	Kind string `json:"kind"`
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`
}

Subject defines the resource that can be used as PlacementBinding subject

func (*Subject) DeepCopy 

func (in *Subject) DeepCopy() *Subject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subject.

func (*Subject) DeepCopyInto 

func (in *Subject) DeepCopyInto(out *Subject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.