From 0d5574b019ad39298fb4581a4bca8c5437885c36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Guilherme=20Vanz?= Date: Fri, 14 Mar 2025 10:41:14 -0300 Subject: [PATCH 1/2] chore: copy to policy reports API definition MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Copy the PolicyReport API definition from the Kubernetes working group repository to this one. Signed-off-by: José Guilherme Vanz --- go.mod | 61 + go.sum | 185 +++ policy-report/.gitignore | 24 + policy-report/Makefile | 94 ++ policy-report/README.md | 87 ++ .../v1beta2/clusterpolicyreport_types.go | 88 ++ .../apis/reports.x-k8s.io/v1beta2/doc.go | 22 + .../v1beta2/groupversion_info.go | 49 + .../v1beta2/policyreport_types.go | 197 ++++ .../v1beta2/zz_generated.deepcopy.go | 279 +++++ .../v1alpha1/clusterpolicyreport_types.go | 75 ++ .../apis/wgpolicyk8s.io/v1alpha1/doc.go | 22 + .../v1alpha1/groupversion_info.go | 49 + .../v1alpha1/policyreport_types.go | 171 +++ .../v1alpha1/zz_generated.deepcopy.go | 230 ++++ .../v1alpha2/clusterpolicyreport_types.go | 75 ++ .../apis/wgpolicyk8s.io/v1alpha2/doc.go | 22 + .../v1alpha2/groupversion_info.go | 49 + .../v1alpha2/policyreport_types.go | 164 +++ .../v1alpha2/zz_generated.deepcopy.go | 231 ++++ .../v1beta1/clusterpolicyreport_types.go | 88 ++ .../apis/wgpolicyk8s.io/v1beta1/doc.go | 22 + .../v1beta1/groupversion_info.go | 49 + .../v1beta1/policyreport_types.go | 197 ++++ .../v1beta1/zz_generated.deepcopy.go | 279 +++++ ...reports.x-k8s.io_clusterpolicyreports.yaml | 420 +++++++ .../reports.x-k8s.io_policyreports.yaml | 419 +++++++ .../wgpolicyk8s.io_clusterpolicyreports.yaml | 338 ++++++ .../wgpolicyk8s.io_policyreports.yaml | 337 ++++++ .../wgpolicyk8s.io_clusterpolicyreports.yaml | 1011 ++++++++++++++++ .../wgpolicyk8s.io_policyreports.yaml | 1008 ++++++++++++++++ .../wgpolicyk8s.io_clusterpolicyreports.yaml | 1047 +++++++++++++++++ .../v1beta1/wgpolicyk8s.io_policyreports.yaml | 1044 ++++++++++++++++ policy-report/docs/api-docs.md | 239 ++++ policy-report/docs/config.yaml | 15 + policy-report/hack/boilerplate.go.txt | 15 + policy-report/hack/codegen.go | 5 + policy-report/hack/update-codegen.sh | 38 + .../client/clientset/versioned/clientset.go | 158 +++ .../versioned/fake/clientset_generated.go | 105 ++ .../client/clientset/versioned/fake/doc.go | 19 + .../clientset/versioned/fake/register.go | 61 + .../client/clientset/versioned/scheme/doc.go | 19 + .../clientset/versioned/scheme/register.go | 61 + .../v1beta2/clusterpolicyreport.go | 167 +++ .../typed/reports.x-k8s.io/v1beta2/doc.go | 19 + .../reports.x-k8s.io/v1beta2/fake/doc.go | 19 + .../v1beta2/fake/fake_clusterpolicyreport.go | 120 ++ .../v1beta2/fake/fake_policyreport.go | 128 ++ .../fake/fake_reports.x-k8s.io_client.go | 43 + .../v1beta2/generated_expansion.go | 22 + .../reports.x-k8s.io/v1beta2/policyreport.go | 177 +++ .../v1beta2/reports.x-k8s.io_client.go | 111 ++ .../v1alpha1/clusterpolicyreport.go | 167 +++ .../typed/wgpolicyk8s.io/v1alpha1/doc.go | 19 + .../typed/wgpolicyk8s.io/v1alpha1/fake/doc.go | 19 + .../v1alpha1/fake/fake_clusterpolicyreport.go | 120 ++ .../v1alpha1/fake/fake_policyreport.go | 128 ++ .../fake/fake_wgpolicyk8s.io_client.go | 43 + .../v1alpha1/generated_expansion.go | 22 + .../wgpolicyk8s.io/v1alpha1/policyreport.go | 177 +++ .../v1alpha1/wgpolicyk8s.io_client.go | 111 ++ .../v1alpha2/clusterpolicyreport.go | 167 +++ .../typed/wgpolicyk8s.io/v1alpha2/doc.go | 19 + .../typed/wgpolicyk8s.io/v1alpha2/fake/doc.go | 19 + .../v1alpha2/fake/fake_clusterpolicyreport.go | 120 ++ .../v1alpha2/fake/fake_policyreport.go | 128 ++ .../fake/fake_wgpolicyk8s.io_client.go | 43 + .../v1alpha2/generated_expansion.go | 22 + .../wgpolicyk8s.io/v1alpha2/policyreport.go | 177 +++ .../v1alpha2/wgpolicyk8s.io_client.go | 111 ++ .../v1beta1/clusterpolicyreport.go | 167 +++ .../typed/wgpolicyk8s.io/v1beta1/doc.go | 19 + .../typed/wgpolicyk8s.io/v1beta1/fake/doc.go | 19 + .../v1beta1/fake/fake_clusterpolicyreport.go | 120 ++ .../v1beta1/fake/fake_policyreport.go | 128 ++ .../fake/fake_wgpolicyk8s.io_client.go | 43 + .../v1beta1/generated_expansion.go | 22 + .../wgpolicyk8s.io/v1beta1/policyreport.go | 177 +++ .../v1beta1/wgpolicyk8s.io_client.go | 111 ++ .../informers/externalversions/factory.go | 266 +++++ .../informers/externalversions/generic.go | 84 ++ .../internalinterfaces/factory_interfaces.go | 39 + .../reports.x-k8s.io/interface.go | 45 + .../v1beta2/clusterpolicyreport.go | 88 ++ .../reports.x-k8s.io/v1beta2/interface.go | 51 + .../reports.x-k8s.io/v1beta2/policyreport.go | 89 ++ .../wgpolicyk8s.io/interface.go | 61 + .../v1alpha1/clusterpolicyreport.go | 88 ++ .../wgpolicyk8s.io/v1alpha1/interface.go | 51 + .../wgpolicyk8s.io/v1alpha1/policyreport.go | 89 ++ .../v1alpha2/clusterpolicyreport.go | 88 ++ .../wgpolicyk8s.io/v1alpha2/interface.go | 51 + .../wgpolicyk8s.io/v1alpha2/policyreport.go | 89 ++ .../v1beta1/clusterpolicyreport.go | 88 ++ .../wgpolicyk8s.io/v1beta1/interface.go | 51 + .../wgpolicyk8s.io/v1beta1/policyreport.go | 89 ++ .../v1beta2/clusterpolicyreport.go | 67 ++ .../v1beta2/expansion_generated.go | 30 + .../reports.x-k8s.io/v1beta2/policyreport.go | 98 ++ .../v1alpha1/clusterpolicyreport.go | 67 ++ .../v1alpha1/expansion_generated.go | 30 + .../wgpolicyk8s.io/v1alpha1/policyreport.go | 98 ++ .../v1alpha2/clusterpolicyreport.go | 67 ++ .../v1alpha2/expansion_generated.go | 30 + .../wgpolicyk8s.io/v1alpha2/policyreport.go | 98 ++ .../v1beta1/clusterpolicyreport.go | 67 ++ .../v1beta1/expansion_generated.go | 30 + .../wgpolicyk8s.io/v1beta1/policyreport.go | 98 ++ 109 files changed, 14579 insertions(+) create mode 100644 go.mod create mode 100644 go.sum create mode 100644 policy-report/.gitignore create mode 100644 policy-report/Makefile create mode 100644 policy-report/README.md create mode 100644 policy-report/apis/reports.x-k8s.io/v1beta2/clusterpolicyreport_types.go create mode 100644 policy-report/apis/reports.x-k8s.io/v1beta2/doc.go create mode 100644 policy-report/apis/reports.x-k8s.io/v1beta2/groupversion_info.go create mode 100644 policy-report/apis/reports.x-k8s.io/v1beta2/policyreport_types.go create mode 100644 policy-report/apis/reports.x-k8s.io/v1beta2/zz_generated.deepcopy.go create mode 100755 policy-report/apis/wgpolicyk8s.io/v1alpha1/clusterpolicyreport_types.go create mode 100755 policy-report/apis/wgpolicyk8s.io/v1alpha1/doc.go create mode 100755 policy-report/apis/wgpolicyk8s.io/v1alpha1/groupversion_info.go create mode 100755 policy-report/apis/wgpolicyk8s.io/v1alpha1/policyreport_types.go create mode 100644 policy-report/apis/wgpolicyk8s.io/v1alpha1/zz_generated.deepcopy.go create mode 100644 policy-report/apis/wgpolicyk8s.io/v1alpha2/clusterpolicyreport_types.go create mode 100644 policy-report/apis/wgpolicyk8s.io/v1alpha2/doc.go create mode 100644 policy-report/apis/wgpolicyk8s.io/v1alpha2/groupversion_info.go create mode 100644 policy-report/apis/wgpolicyk8s.io/v1alpha2/policyreport_types.go create mode 100644 policy-report/apis/wgpolicyk8s.io/v1alpha2/zz_generated.deepcopy.go create mode 100644 policy-report/apis/wgpolicyk8s.io/v1beta1/clusterpolicyreport_types.go create mode 100644 policy-report/apis/wgpolicyk8s.io/v1beta1/doc.go create mode 100644 policy-report/apis/wgpolicyk8s.io/v1beta1/groupversion_info.go create mode 100644 policy-report/apis/wgpolicyk8s.io/v1beta1/policyreport_types.go create mode 100644 policy-report/apis/wgpolicyk8s.io/v1beta1/zz_generated.deepcopy.go create mode 100644 policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterpolicyreports.yaml create mode 100644 policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_policyreports.yaml create mode 100644 policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_clusterpolicyreports.yaml create mode 100644 policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_policyreports.yaml create mode 100644 policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_clusterpolicyreports.yaml create mode 100644 policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_policyreports.yaml create mode 100644 policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_clusterpolicyreports.yaml create mode 100644 policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_policyreports.yaml create mode 100644 policy-report/docs/api-docs.md create mode 100644 policy-report/docs/config.yaml create mode 100644 policy-report/hack/boilerplate.go.txt create mode 100644 policy-report/hack/codegen.go create mode 100755 policy-report/hack/update-codegen.sh create mode 100644 policy-report/pkg/client/clientset/versioned/clientset.go create mode 100644 policy-report/pkg/client/clientset/versioned/fake/clientset_generated.go create mode 100644 policy-report/pkg/client/clientset/versioned/fake/doc.go create mode 100644 policy-report/pkg/client/clientset/versioned/fake/register.go create mode 100644 policy-report/pkg/client/clientset/versioned/scheme/doc.go create mode 100644 policy-report/pkg/client/clientset/versioned/scheme/register.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/doc.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/doc.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterpolicyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_policyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_reports.x-k8s.io_client.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/generated_expansion.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/policyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/reports.x-k8s.io_client.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/doc.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/doc.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_clusterpolicyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_policyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_wgpolicyk8s.io_client.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/generated_expansion.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/policyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_client.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/doc.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/doc.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_clusterpolicyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_policyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_wgpolicyk8s.io_client.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/generated_expansion.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/policyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_client.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/doc.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/doc.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_clusterpolicyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_policyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_wgpolicyk8s.io_client.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/generated_expansion.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/policyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_client.go create mode 100644 policy-report/pkg/client/informers/externalversions/factory.go create mode 100644 policy-report/pkg/client/informers/externalversions/generic.go create mode 100644 policy-report/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go create mode 100644 policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/interface.go create mode 100644 policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/interface.go create mode 100644 policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/policyreport.go create mode 100644 policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/interface.go create mode 100644 policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/interface.go create mode 100644 policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/policyreport.go create mode 100644 policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/interface.go create mode 100644 policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/policyreport.go create mode 100644 policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/interface.go create mode 100644 policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/policyreport.go create mode 100644 policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/expansion_generated.go create mode 100644 policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/policyreport.go create mode 100644 policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/expansion_generated.go create mode 100644 policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/policyreport.go create mode 100644 policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/expansion_generated.go create mode 100644 policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/policyreport.go create mode 100644 policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/expansion_generated.go create mode 100644 policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/policyreport.go diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..d27c23a --- /dev/null +++ b/go.mod @@ -0,0 +1,61 @@ +module sigs.k8s.io/wg-policy-prototypes + +go 1.22.0 + +toolchain go1.22.1 + +require ( + k8s.io/api v0.29.3 + k8s.io/apimachinery v0.30.0-rc.2 + k8s.io/client-go v0.29.3 + k8s.io/code-generator v0.30.0-rc.2 + sigs.k8s.io/controller-runtime v0.16.3 +) + +require ( + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch v5.7.0+incompatible // indirect + github.com/go-logr/logr v1.4.1 // indirect + github.com/go-openapi/jsonpointer v0.20.0 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.4 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/stretchr/testify v1.9.0 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.24.0 // indirect + golang.org/x/oauth2 v0.14.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.5.0 // indirect + golang.org/x/tools v0.20.0 // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/protobuf v1.33.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect + k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect + k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..bee4090 --- /dev/null +++ b/go.sum @@ -0,0 +1,185 @@ +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= +github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ= +github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU= +github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b h1:RMpPgZTSApbPf7xaVel+QkoGPRLFLrwFO89uDUHEGf0= +github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= +github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE= +github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0= +golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= +golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= +k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= +k8s.io/apimachinery v0.30.0-rc.2 h1:Q1JPqws5zCGjRwKtLW8ZKOY8lvl6aJejqIixJlHoAhc= +k8s.io/apimachinery v0.30.0-rc.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= +k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= +k8s.io/code-generator v0.30.0-rc.2 h1:FpFPiuhuaZXGm6MUNBRwCdcBO9RhTvu0DwU8xW07XJo= +k8s.io/code-generator v0.30.0-rc.2/go.mod h1:EnOT8yIxF1CXH4qxYhPgJ3wqVeATHN0LCF7RnVmMCyE= +k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo= +k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= +k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= +sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/policy-report/.gitignore b/policy-report/.gitignore new file mode 100644 index 0000000..d97ffc5 --- /dev/null +++ b/policy-report/.gitignore @@ -0,0 +1,24 @@ + +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin + +# Test binary, build with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Kubernetes Generated files - skip generated files, except for vendored files + +!vendor/**/zz_generated.* + +# editor and IDE paraphernalia +.idea +*.swp +*.swo +*~ diff --git a/policy-report/Makefile b/policy-report/Makefile new file mode 100644 index 0000000..166e347 --- /dev/null +++ b/policy-report/Makefile @@ -0,0 +1,94 @@ +GO_CMD ?= go + +PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST)))) + +# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) +ifeq (,$(shell go env GOBIN)) +GOBIN=$(shell go env GOPATH)/bin +else +GOBIN=$(shell go env GOBIN) +endif + +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +CONTROLLER_TOOLS_VERSION ?= v0.14.0 +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen +GEN_CRD_API_REFERENCE_DOCS ?= $(LOCALBIN)/crd-ref-docs +GEN_CRD_API_REFERENCE_DOCS_VERSION ?= latest + +all: manifests generate generate-api-docs generate-client build fmt vet + +.PHONY: manifests +manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. + $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./apis/reports.x-k8s.io/v1beta2" output:crd:artifacts:config=crd/reports.x-k8s.io/v1beta2 + +.PHONY: generate +generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. + $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./apis/..." + +.PHONY: generate-client +generate-client: + ./hack/update-codegen.sh + + +# Run go build against code +build: + go build ./... + +# Run go fmt against code +fmt: + go fmt ./... + +# Run go vet against code +vet: + go vet ./... + +.PHONY: controller-gen +controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. +$(CONTROLLER_GEN): $(LOCALBIN) + test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \ + GOBIN=$(LOCALBIN) $(GO_CMD) install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION) + +# Use same code-generator version as k8s.io/api +CODEGEN_VERSION := v0.30.0-rc.2 +CODEGEN = $(shell pwd)/bin/code-generator +CODEGEN_ROOT = $(shell $(GO_CMD) env GOMODCACHE)/k8s.io/code-generator@$(CODEGEN_VERSION) +.PHONY: code-generator +code-generator: + @GOBIN=$(PROJECT_DIR)/bin GO111MODULE=on $(GO_CMD) install k8s.io/code-generator/cmd/client-gen@$(CODEGEN_VERSION) + cp -f $(CODEGEN_ROOT)/generate-groups.sh $(PROJECT_DIR)/bin/ + cp -f $(CODEGEN_ROOT)/generate-internal-groups.sh $(PROJECT_DIR)/bin/ + cp -f $(CODEGEN_ROOT)/kube_codegen.sh $(PROJECT_DIR)/bin/ + +# generate-api-docs will create api docs +generate-api-docs: $(GEN_CRD_API_REFERENCE_DOCS) + $(GEN_CRD_API_REFERENCE_DOCS) --source-path=./apis/reports.x-k8s.io/v1beta2 --config=./docs/config.yaml --renderer=markdown --output-path=./docs/api-docs.md + +$(GEN_CRD_API_REFERENCE_DOCS): $(LOCALBIN) + $(call go-install-tool,$(GEN_CRD_API_REFERENCE_DOCS),github.com/elastic/crd-ref-docs,$(GEN_CRD_API_REFERENCE_DOCS_VERSION)) + +.PHONY: codegen-api-docs +codegen-api-docs: $(PACKAGE_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) $(GENREF) ## Generate API docs + @echo Generate api docs... >&2 + $(GEN_CRD_API_REFERENCE_DOCS) -v=4 \ + -api-dir pkg/api \ + -config docs/config.json \ + -template-dir docs/template \ + -out-file docs/index.html + +# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist +# $1 - target path with name of binary (ideally with version) +# $2 - package url which can be installed +# $3 - specific version of package +define go-install-tool +@[ -f $(1) ] || { \ +set -e; \ +package=$(2)@$(3) ;\ +echo "Downloading $${package}" ;\ +GOBIN=$(LOCALBIN) go install $${package} ;\ +mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ +} +endef diff --git a/policy-report/README.md b/policy-report/README.md new file mode 100644 index 0000000..e73ff56 --- /dev/null +++ b/policy-report/README.md @@ -0,0 +1,87 @@ +# Kubernetes Policy Report API + +**NOTE: The Policy Report API specification is currently in review. See [KEP 4447](https://github.com/kubernetes/enhancements/pull/4448)** + +The Kubernetes Policy Report API enables uniform reporting of results and findings from policy engines, scanners, or other tooling. + +This repository contains the API specification and Custom Resource Definitions (CRDs). + +## Concepts + +The API provides a `ClusterPolicyReport` and its namespaced variant `PolicyReport`. + +Each `PolicyReport` contains a set of `results` and a `summary`. Each `result` contains attributes such as the source policy and rule name, severity, timestamp, and the resource. + +## Reference + +* [API Reference](./docs/api-docs.md) + +## Demonstration + +Typically the Policy Report API is installed and managed by a [producer](#producers). However, to try out the API in a test cluster you can follow the steps below: + +1. Add Policy Report API CRDs to your cluster (v1beta2): + +```sh +kubectl create -f crd/v1beta2/ +``` +2. Create a sample policy report resource: + +```sh +kubectl create -f samples/sample-cis-k8s.yaml +``` +3. View policy report resources: + +```sh +kubectl get policyreports +``` + +## Implementations + +The following is a list of projects that produce or consume policy reports: + +*(To add your project, please create a [pull request](https://github.com/kubernetes-sigs/wg-policy-prototypes/pulls).)* + +### Producers + +* [Falco](https://github.com/falcosecurity/falcosidekick/blob/master/outputs/policyreport.go) +* [Image Scanner](https://github.com/statnett/image-scanner-operator) +* [jsPolicy](https://github.com/loft-sh/jspolicy/) +* [Kyverno](https://kyverno.io/docs/policy-reports/) +* [Netchecks](https://docs.netchecks.io/) +* [Tracee Adapter](https://github.com/fjogeleit/tracee-polr-adapter) +* [Trivy Operator](https://aquasecurity.github.io/trivy-operator/v0.15.1/tutorials/integrations/policy-reporter/) + +### Consumers + +* [Fairwinds Insights](https://fairwinds.com/insights) +* [Kyverno Policy Reporter](https://kyverno.github.io/policy-reporter/) +* [Open Cluster Management](https://open-cluster-management.io/) + +## Building + +```sh +make all +``` + +## Community, discussion, contribution, and support + +Learn how to engage with the Kubernetes community on the [community page](http://kubernetes.io/community/). + +You can reach the maintainers of this project at: + +- [Slack](https://kubernetes.slack.com/messages/wg-policy) +- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-wg-policy) +- [WG Policy](https://github.com/kubernetes/community/blob/master/wg-policy/README.md) + +### Code of conduct + +Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md). + +[owners]: https://git.k8s.io/community/contributors/guide/owners.md +[Creative Commons 4.0]: https://git.k8s.io/website/LICENSE + +# Historical References + +See the [proposal](https://docs.google.com/document/d/1nICYLkYS1RE3gJzuHOfHeAC25QIkFZfgymFjgOzMDVw/edit#) for background and details. + diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/clusterpolicyreport_types.go b/policy-report/apis/reports.x-k8s.io/v1beta2/clusterpolicyreport_types.go new file mode 100644 index 0000000..6422cb9 --- /dev/null +++ b/policy-report/apis/reports.x-k8s.io/v1beta2/clusterpolicyreport_types.go @@ -0,0 +1,88 @@ +/* +Copyright 2024 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +genclient:nonNamespaced +// +kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusterpolicyreports,scope="Cluster",shortName=cpolr +// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1 +// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1 +// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass` +// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail` +// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn` +// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error` +// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" + +// ClusterPolicyReport is the Schema for the clusterpolicyreports API +type ClusterPolicyReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Source is an identifier for the source e.g. a policy engine that manages this report. + // Use this field if all the results are produced by a single policy engine. + // If the results are produced by multiple sources e.g. different engines or scanners, + // then use the Source field at the PolicyReportResult level. + // +optional + Source string `json:"source"` + + // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) + // +optional + Scope *corev1.ObjectReference `json:"scope,omitempty"` + + // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). + // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. + // +optional + ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` + + // Configuration is an optional field which can be used to specify + // a contract between PolicyReport generators and consumers + // +optional + Configuration *PolicyReportConfiguration `json:"configuration,omitempty"` + + // PolicyReportSummary provides a summary of results + // +optional + Summary PolicyReportSummary `json:"summary,omitempty"` + + // PolicyReportResult provides result details + // +optional + Results []PolicyReportResult `json:"results,omitempty"` +} + +// ClusterPolicyReportList contains a list of ClusterPolicyReport +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type ClusterPolicyReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClusterPolicyReport `json:"items"` +} + +func init() { + SchemeBuilder.Register(&ClusterPolicyReport{}, &ClusterPolicyReportList{}) +} diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/doc.go b/policy-report/apis/reports.x-k8s.io/v1beta2/doc.go new file mode 100644 index 0000000..5dc8060 --- /dev/null +++ b/policy-report/apis/reports.x-k8s.io/v1beta2/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2024 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta2 contains API Schema definitions for the policy v1beta2 API group +// +k8s:deepcopy-gen=package +// +kubebuilder:object:generate=true +// +k8s:openapi-gen=true +// +groupName=reports.x-k8s.io +package v1beta2 diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/groupversion_info.go b/policy-report/apis/reports.x-k8s.io/v1beta2/groupversion_info.go new file mode 100644 index 0000000..cc11bd0 --- /dev/null +++ b/policy-report/apis/reports.x-k8s.io/v1beta2/groupversion_info.go @@ -0,0 +1,49 @@ +/* +Copyright 2024 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta2 contains API Schema definitions for the policy v1beta2 API group +// +kubebuilder:object:generate=true +// +groupName=reports.x-k8s.io +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package v1beta2 contains API Schema definitions for the policy v1beta2 API group +// +kubebuilder:object:generate=true +// +groupName=reports.x-k8s.io +var ( + // SchemeGroupVersion is group version used to register these objects + SchemeGroupVersion = schema.GroupVersion{Group: "reports.x-k8s.io", Version: "v1beta2"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/policyreport_types.go b/policy-report/apis/reports.x-k8s.io/v1beta2/policyreport_types.go new file mode 100644 index 0000000..bb61a69 --- /dev/null +++ b/policy-report/apis/reports.x-k8s.io/v1beta2/policyreport_types.go @@ -0,0 +1,197 @@ +/* +Copyright 2024 The Kubernetes authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// StatusFilter is used by PolicyReport generators to write only those reports whose status is specified by the filters +// +kubebuilder:validation:Enum=pass;fail;warn;error;skip +type StatusFilter string + +type Limits struct { + // MaxResults is the maximum number of results contained in the report + // +optional + MaxResults int `json:"maxResults"` + + // StatusFilter indicates that the PolicyReport contains only those reports with statuses specified in this list + // +optional + StatusFilter []StatusFilter `json:"statusFilter,omitempty"` +} + +type PolicyReportConfiguration struct { + Limits Limits `json:"limits"` +} + +// PolicyReportSummary provides a status count summary +type PolicyReportSummary struct { + + // Pass provides the count of policies whose requirements were met + // +optional + Pass int `json:"pass"` + + // Fail provides the count of policies whose requirements were not met + // +optional + Fail int `json:"fail"` + + // Warn provides the count of non-scored policies whose requirements were not met + // +optional + Warn int `json:"warn"` + + // Error provides the count of policies that could not be evaluated + // +optional + Error int `json:"error"` + + // Skip indicates the count of policies that were not selected for evaluation + // +optional + Skip int `json:"skip"` +} + +// PolicyResult has one of the following values: +// - pass: the policy requirements are met +// - fail: the policy requirements are not met +// - warn: the policy requirements are not met and the policy is not scored +// - error: the policy could not be evaluated +// - skip: the policy was not selected based on user inputs or applicability +// +// +kubebuilder:validation:Enum=pass;fail;warn;error;skip +type PolicyResult string + +// PolicyResultSeverity has one of the following values: +// - critical +// - high +// - low +// - medium +// - info +// +// +kubebuilder:validation:Enum=critical;high;low;medium;info +type PolicyResultSeverity string + +// PolicyReportResult provides the result for an individual policy +type PolicyReportResult struct { + + // Source is an identifier for the policy engine that manages this report + // If the Source is specified at this level, it will override the Source + // field set at the PolicyReport level + // +optional + Source string `json:"source"` + + // Policy is the name or identifier of the policy + Policy string `json:"policy"` + + // Rule is the name or identifier of the rule within the policy + // +optional + Rule string `json:"rule,omitempty"` + + // Category indicates policy category + // +optional + Category string `json:"category,omitempty"` + + // Severity indicates policy check result criticality + // +optional + Severity PolicyResultSeverity `json:"severity,omitempty"` + + // Timestamp indicates the time the result was found + Timestamp metav1.Timestamp `json:"timestamp,omitempty"` + + // Result indicates the outcome of the policy rule execution + Result PolicyResult `json:"result,omitempty"` + + // Scored indicates if this result is scored + Scored bool `json:"scored,omitempty"` + + // Subjects is an optional reference to the checked Kubernetes resources + // +optional + Subjects []corev1.ObjectReference `json:"resources,omitempty"` + + // ResourceSelector is an optional label selector for checked Kubernetes resources. + // For example, a policy result may apply to all pods that match a label. + // Either a Subject or a ResourceSelector can be specified. If neither are provided, the + // result is assumed to be for the policy report scope. + // +optional + ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"` + + // Description is a short user friendly message for the policy rule + Description string `json:"message,omitempty"` + + // Properties provides additional information for the policy rule + Properties map[string]string `json:"properties,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1 +// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1 +// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass` +// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail` +// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn` +// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error` +// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:shortName=polr + +// PolicyReport is the Schema for the policyreports API +type PolicyReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Source is an identifier for the source e.g. a policy engine that manages this report. + // Use this field if all the results are produced by a single policy engine. + // If the results are produced by multiple sources e.g. different engines or scanners, + // then use the Source field at the PolicyReportResult level. + // +optional + Source string `json:"source"` + + // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) + // +optional + Scope *corev1.ObjectReference `json:"scope,omitempty"` + + // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). + // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. + // +optional + ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` + + // Configuration is an optional field which can be used to specify + // a contract between PolicyReport generators and consumers + // +optional + Configuration *PolicyReportConfiguration `json:"configuration,omitempty"` + + // PolicyReportSummary provides a summary of results + // +optional + Summary PolicyReportSummary `json:"summary,omitempty"` + + // PolicyReportResult provides result details + // +optional + Results []PolicyReportResult `json:"results,omitempty"` +} + +// PolicyReportList contains a list of PolicyReport +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type PolicyReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []PolicyReport `json:"items"` +} + +func init() { + SchemeBuilder.Register(&PolicyReport{}, &PolicyReportList{}) +} diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/zz_generated.deepcopy.go b/policy-report/apis/reports.x-k8s.io/v1beta2/zz_generated.deepcopy.go new file mode 100644 index 0000000..28bc262 --- /dev/null +++ b/policy-report/apis/reports.x-k8s.io/v1beta2/zz_generated.deepcopy.go @@ -0,0 +1,279 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1beta2 + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(v1.ObjectReference) + **out = **in + } + if in.ScopeSelector != nil { + in, out := &in.ScopeSelector, &out.ScopeSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.Configuration != nil { + in, out := &in.Configuration, &out.Configuration + *out = new(PolicyReportConfiguration) + (*in).DeepCopyInto(*out) + } + out.Summary = in.Summary + if in.Results != nil { + in, out := &in.Results, &out.Results + *out = make([]PolicyReportResult, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport. +func (in *ClusterPolicyReport) DeepCopy() *ClusterPolicyReport { + if in == nil { + return nil + } + out := new(ClusterPolicyReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterPolicyReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList. +func (in *ClusterPolicyReportList) DeepCopy() *ClusterPolicyReportList { + if in == nil { + return nil + } + out := new(ClusterPolicyReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterPolicyReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Limits) DeepCopyInto(out *Limits) { + *out = *in + if in.StatusFilter != nil { + in, out := &in.StatusFilter, &out.StatusFilter + *out = make([]StatusFilter, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limits. +func (in *Limits) DeepCopy() *Limits { + if in == nil { + return nil + } + out := new(Limits) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReport) DeepCopyInto(out *PolicyReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(v1.ObjectReference) + **out = **in + } + if in.ScopeSelector != nil { + in, out := &in.ScopeSelector, &out.ScopeSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.Configuration != nil { + in, out := &in.Configuration, &out.Configuration + *out = new(PolicyReportConfiguration) + (*in).DeepCopyInto(*out) + } + out.Summary = in.Summary + if in.Results != nil { + in, out := &in.Results, &out.Results + *out = make([]PolicyReportResult, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport. +func (in *PolicyReport) DeepCopy() *PolicyReport { + if in == nil { + return nil + } + out := new(PolicyReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportConfiguration) DeepCopyInto(out *PolicyReportConfiguration) { + *out = *in + in.Limits.DeepCopyInto(&out.Limits) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportConfiguration. +func (in *PolicyReportConfiguration) DeepCopy() *PolicyReportConfiguration { + if in == nil { + return nil + } + out := new(PolicyReportConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PolicyReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList. +func (in *PolicyReportList) DeepCopy() *PolicyReportList { + if in == nil { + return nil + } + out := new(PolicyReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult) { + *out = *in + out.Timestamp = in.Timestamp + if in.Subjects != nil { + in, out := &in.Subjects, &out.Subjects + *out = make([]v1.ObjectReference, len(*in)) + copy(*out, *in) + } + if in.ResourceSelector != nil { + in, out := &in.ResourceSelector, &out.ResourceSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.Properties != nil { + in, out := &in.Properties, &out.Properties + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult. +func (in *PolicyReportResult) DeepCopy() *PolicyReportResult { + if in == nil { + return nil + } + out := new(PolicyReportResult) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary. +func (in *PolicyReportSummary) DeepCopy() *PolicyReportSummary { + if in == nil { + return nil + } + out := new(PolicyReportSummary) + in.DeepCopyInto(out) + return out +} diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha1/clusterpolicyreport_types.go b/policy-report/apis/wgpolicyk8s.io/v1alpha1/clusterpolicyreport_types.go new file mode 100755 index 0000000..1be0ebd --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1alpha1/clusterpolicyreport_types.go @@ -0,0 +1,75 @@ +/* +Copyright 2020 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +genclient:nonNamespaced +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusterpolicyreports,scope="Cluster",shortName=cpolr +// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1 +// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1 +// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass` +// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail` +// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn` +// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error` +// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" + +// ClusterPolicyReport is the Schema for the clusterpolicyreports API +type ClusterPolicyReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) + // +optional + Scope *corev1.ObjectReference `json:"scope,omitempty"` + + // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). + // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. + // +optional + ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` + + // PolicyReportSummary provides a summary of results + // +optional + Summary PolicyReportSummary `json:"summary,omitempty"` + + // PolicyReportResult provides result details + // +optional + Results []PolicyReportResult `json:"results,omitempty"` +} + +// ClusterPolicyReportList contains a list of ClusterPolicyReport +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type ClusterPolicyReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClusterPolicyReport `json:"items"` +} + +func init() { + SchemeBuilder.Register(&ClusterPolicyReport{}, &ClusterPolicyReportList{}) +} diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha1/doc.go b/policy-report/apis/wgpolicyk8s.io/v1alpha1/doc.go new file mode 100755 index 0000000..f147d5e --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1alpha1/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2020 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group +// +k8s:deepcopy-gen=package +// +kubebuilder:object:generate=true +// +k8s:openapi-gen=true +// +groupName=wgpolicyk8s.io +package v1alpha1 diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha1/groupversion_info.go b/policy-report/apis/wgpolicyk8s.io/v1alpha1/groupversion_info.go new file mode 100755 index 0000000..2573e89 --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1alpha1/groupversion_info.go @@ -0,0 +1,49 @@ +/* +Copyright 2020 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group +// +kubebuilder:object:generate=true +// +groupName=wgpolicyk8s.io +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group +// +kubebuilder:object:generate=true +// +groupName=wgpolicyk8s.io +var ( + // SchemeGroupVersion is group version used to register these objects + SchemeGroupVersion = schema.GroupVersion{Group: "wgpolicyk8s.io", Version: "v1alpha1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha1/policyreport_types.go b/policy-report/apis/wgpolicyk8s.io/v1alpha1/policyreport_types.go new file mode 100755 index 0000000..ad4a379 --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1alpha1/policyreport_types.go @@ -0,0 +1,171 @@ +/* +Copyright 2020 The Kubernetes authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// Status specifies state of a policy result +const ( + StatusPass = "pass" + StatusFail = "fail" + StatusWarn = "warn" + StatusError = "error" + StatusSkip = "skip" +) + +// Severity specifies priority of a policy result +const ( + SeverityHigh = "high" + SeverityMedium = "medium" + SeverityLow = "low" +) + +// PolicyReportSummary provides a status count summary +type PolicyReportSummary struct { + + // Pass provides the count of policies whose requirements were met + // +optional + Pass int `json:"pass"` + + // Fail provides the count of policies whose requirements were not met + // +optional + Fail int `json:"fail"` + + // Warn provides the count of unscored policies whose requirements were not met + // +optional + Warn int `json:"warn"` + + // Error provides the count of policies that could not be evaluated + // +optional + Error int `json:"error"` + + // Skip indicates the count of policies that were not selected for evaluation + // +optional + Skip int `json:"skip"` +} + +// PolicyStatus has one of the following values: +// - pass: indicates that the policy requirements are met +// - fail: indicates that the policy requirements are not met +// - warn: indicates that the policy requirements and not met, and the policy is not scored +// - error: indicates that the policy could not be evaluated +// - skip: indicates that the policy was not selected based on user inputs or applicability +// +// +kubebuilder:validation:Enum=pass;fail;warn;error;skip +type PolicyStatus string + +// PolicySeverity has one of the following values: +// - high +// - low +// - medium +// +// +kubebuilder:validation:Enum=high;low;medium +type PolicySeverity string + +// PolicyReportResult provides the result for an individual policy +type PolicyReportResult struct { + + // Policy is the name of the policy + Policy string `json:"policy"` + + // Rule is the name of the policy rule + // +optional + Rule string `json:"rule,omitempty"` + + // Resources is an optional reference to the resource checked by the policy and rule + // +optional + Resources []corev1.ObjectReference `json:"resources,omitempty"` + + // ResourceSelector is an optional selector for policy results that apply to multiple resources. + // For example, a policy result may apply to all pods that match a label. + // Either a Resource or a ResourceSelector can be specified. If neither are provided, the + // result is assumed to be for the policy report scope. + // +optional + ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"` + + // Message is a short user friendly description of the policy rule + Message string `json:"message,omitempty"` + + // Status indicates the result of the policy rule check + Status PolicyStatus `json:"status,omitempty"` + + // Scored indicates if this policy rule is scored + Scored bool `json:"scored,omitempty"` + + // Data provides additional information for the policy rule + Data map[string]string `json:"data,omitempty"` + + // Category indicates policy category + // +optional + Category string `json:"category,omitempty"` + + // Severity indicates policy severity + // +optional + Severity PolicySeverity `json:"severity,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1 +// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1 +// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass` +// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail` +// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn` +// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error` +// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:shortName=polr + +// PolicyReport is the Schema for the policyreports API +type PolicyReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) + // +optional + Scope *corev1.ObjectReference `json:"scope,omitempty"` + + // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). + // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. + // +optional + ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` + + // PolicyReportSummary provides a summary of results + // +optional + Summary PolicyReportSummary `json:"summary,omitempty"` + + // PolicyReportResult provides result details + // +optional + Results []PolicyReportResult `json:"results,omitempty"` +} + +// PolicyReportList contains a list of PolicyReport +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type PolicyReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []PolicyReport `json:"items"` +} + +func init() { + SchemeBuilder.Register(&PolicyReport{}, &PolicyReportList{}) +} diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha1/zz_generated.deepcopy.go b/policy-report/apis/wgpolicyk8s.io/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 0000000..76afefd --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,230 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(v1.ObjectReference) + **out = **in + } + if in.ScopeSelector != nil { + in, out := &in.ScopeSelector, &out.ScopeSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + out.Summary = in.Summary + if in.Results != nil { + in, out := &in.Results, &out.Results + *out = make([]PolicyReportResult, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport. +func (in *ClusterPolicyReport) DeepCopy() *ClusterPolicyReport { + if in == nil { + return nil + } + out := new(ClusterPolicyReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterPolicyReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList. +func (in *ClusterPolicyReportList) DeepCopy() *ClusterPolicyReportList { + if in == nil { + return nil + } + out := new(ClusterPolicyReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterPolicyReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReport) DeepCopyInto(out *PolicyReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(v1.ObjectReference) + **out = **in + } + if in.ScopeSelector != nil { + in, out := &in.ScopeSelector, &out.ScopeSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + out.Summary = in.Summary + if in.Results != nil { + in, out := &in.Results, &out.Results + *out = make([]PolicyReportResult, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport. +func (in *PolicyReport) DeepCopy() *PolicyReport { + if in == nil { + return nil + } + out := new(PolicyReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PolicyReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList. +func (in *PolicyReportList) DeepCopy() *PolicyReportList { + if in == nil { + return nil + } + out := new(PolicyReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult) { + *out = *in + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]v1.ObjectReference, len(*in)) + copy(*out, *in) + } + if in.ResourceSelector != nil { + in, out := &in.ResourceSelector, &out.ResourceSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.Data != nil { + in, out := &in.Data, &out.Data + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult. +func (in *PolicyReportResult) DeepCopy() *PolicyReportResult { + if in == nil { + return nil + } + out := new(PolicyReportResult) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary. +func (in *PolicyReportSummary) DeepCopy() *PolicyReportSummary { + if in == nil { + return nil + } + out := new(PolicyReportSummary) + in.DeepCopyInto(out) + return out +} diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha2/clusterpolicyreport_types.go b/policy-report/apis/wgpolicyk8s.io/v1alpha2/clusterpolicyreport_types.go new file mode 100644 index 0000000..0e873b3 --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1alpha2/clusterpolicyreport_types.go @@ -0,0 +1,75 @@ +/* +Copyright 2020 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha2 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +genclient:nonNamespaced +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusterpolicyreports,scope="Cluster",shortName=cpolr +// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1 +// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1 +// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass` +// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail` +// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn` +// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error` +// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" + +// ClusterPolicyReport is the Schema for the clusterpolicyreports API +type ClusterPolicyReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) + // +optional + Scope *corev1.ObjectReference `json:"scope,omitempty"` + + // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). + // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. + // +optional + ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` + + // PolicyReportSummary provides a summary of results + // +optional + Summary PolicyReportSummary `json:"summary,omitempty"` + + // PolicyReportResult provides result details + // +optional + Results []PolicyReportResult `json:"results,omitempty"` +} + +// ClusterPolicyReportList contains a list of ClusterPolicyReport +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type ClusterPolicyReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClusterPolicyReport `json:"items"` +} + +func init() { + SchemeBuilder.Register(&ClusterPolicyReport{}, &ClusterPolicyReportList{}) +} diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha2/doc.go b/policy-report/apis/wgpolicyk8s.io/v1alpha2/doc.go new file mode 100644 index 0000000..7407d3d --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1alpha2/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2020 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group +// +k8s:deepcopy-gen=package +// +kubebuilder:object:generate=true +// +k8s:openapi-gen=true +// +groupName=wgpolicyk8s.io +package v1alpha2 diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha2/groupversion_info.go b/policy-report/apis/wgpolicyk8s.io/v1alpha2/groupversion_info.go new file mode 100644 index 0000000..463433e --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1alpha2/groupversion_info.go @@ -0,0 +1,49 @@ +/* +Copyright 2020 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group +// +kubebuilder:object:generate=true +// +groupName=wgpolicyk8s.io +package v1alpha2 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group +// +kubebuilder:object:generate=true +// +groupName=wgpolicyk8s.io +var ( + // SchemeGroupVersion is group version used to register these objects + SchemeGroupVersion = schema.GroupVersion{Group: "wgpolicyk8s.io", Version: "v1alpha2"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha2/policyreport_types.go b/policy-report/apis/wgpolicyk8s.io/v1alpha2/policyreport_types.go new file mode 100644 index 0000000..28a5ca2 --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1alpha2/policyreport_types.go @@ -0,0 +1,164 @@ +/* +Copyright 2020 The Kubernetes authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha2 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// PolicyReportSummary provides a status count summary +type PolicyReportSummary struct { + + // Pass provides the count of policies whose requirements were met + // +optional + Pass int `json:"pass"` + + // Fail provides the count of policies whose requirements were not met + // +optional + Fail int `json:"fail"` + + // Warn provides the count of non-scored policies whose requirements were not met + // +optional + Warn int `json:"warn"` + + // Error provides the count of policies that could not be evaluated + // +optional + Error int `json:"error"` + + // Skip indicates the count of policies that were not selected for evaluation + // +optional + Skip int `json:"skip"` +} + +// PolicyResult has one of the following values: +// - pass: the policy requirements are met +// - fail: the policy requirements are not met +// - warn: the policy requirements are not met and the policy is not scored +// - error: the policy could not be evaluated +// - skip: the policy was not selected based on user inputs or applicability +// +// +kubebuilder:validation:Enum=pass;fail;warn;error;skip +type PolicyResult string + +// PolicyResultSeverity has one of the following values: +// - critical +// - high +// - low +// - medium +// - info +// +// +kubebuilder:validation:Enum=critical;high;low;medium;info +type PolicyResultSeverity string + +// PolicyReportResult provides the result for an individual policy +type PolicyReportResult struct { + + // Source is an identifier for the policy engine that manages this report + // +optional + Source string `json:"source"` + + // Policy is the name or identifier of the policy + Policy string `json:"policy"` + + // Rule is the name or identifier of the rule within the policy + // +optional + Rule string `json:"rule,omitempty"` + + // Category indicates policy category + // +optional + Category string `json:"category,omitempty"` + + // Severity indicates policy check result criticality + // +optional + Severity PolicyResultSeverity `json:"severity,omitempty"` + + // Timestamp indicates the time the result was found + Timestamp metav1.Timestamp `json:"timestamp,omitempty"` + + // Result indicates the outcome of the policy rule execution + Result PolicyResult `json:"result,omitempty"` + + // Scored indicates if this result is scored + Scored bool `json:"scored,omitempty"` + + // Subjects is an optional reference to the checked Kubernetes resources + // +optional + Subjects []corev1.ObjectReference `json:"resources,omitempty"` + + // SubjectSelector is an optional label selector for checked Kubernetes resources. + // For example, a policy result may apply to all pods that match a label. + // Either a Subject or a SubjectSelector can be specified. If neither are provided, the + // result is assumed to be for the policy report scope. + // +optional + SubjectSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"` + + // Description is a short user friendly message for the policy rule + Description string `json:"message,omitempty"` + + // Properties provides additional information for the policy rule + Properties map[string]string `json:"properties,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1 +// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1 +// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass` +// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail` +// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn` +// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error` +// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:shortName=polr + +// PolicyReport is the Schema for the policyreports API +type PolicyReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) + // +optional + Scope *corev1.ObjectReference `json:"scope,omitempty"` + + // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). + // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. + // +optional + ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` + + // PolicyReportSummary provides a summary of results + // +optional + Summary PolicyReportSummary `json:"summary,omitempty"` + + // PolicyReportResult provides result details + // +optional + Results []PolicyReportResult `json:"results,omitempty"` +} + +// PolicyReportList contains a list of PolicyReport +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type PolicyReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []PolicyReport `json:"items"` +} + +func init() { + SchemeBuilder.Register(&PolicyReport{}, &PolicyReportList{}) +} diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha2/zz_generated.deepcopy.go b/policy-report/apis/wgpolicyk8s.io/v1alpha2/zz_generated.deepcopy.go new file mode 100644 index 0000000..d5f6028 --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1alpha2/zz_generated.deepcopy.go @@ -0,0 +1,231 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(v1.ObjectReference) + **out = **in + } + if in.ScopeSelector != nil { + in, out := &in.ScopeSelector, &out.ScopeSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + out.Summary = in.Summary + if in.Results != nil { + in, out := &in.Results, &out.Results + *out = make([]PolicyReportResult, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport. +func (in *ClusterPolicyReport) DeepCopy() *ClusterPolicyReport { + if in == nil { + return nil + } + out := new(ClusterPolicyReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterPolicyReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList. +func (in *ClusterPolicyReportList) DeepCopy() *ClusterPolicyReportList { + if in == nil { + return nil + } + out := new(ClusterPolicyReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterPolicyReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReport) DeepCopyInto(out *PolicyReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(v1.ObjectReference) + **out = **in + } + if in.ScopeSelector != nil { + in, out := &in.ScopeSelector, &out.ScopeSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + out.Summary = in.Summary + if in.Results != nil { + in, out := &in.Results, &out.Results + *out = make([]PolicyReportResult, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport. +func (in *PolicyReport) DeepCopy() *PolicyReport { + if in == nil { + return nil + } + out := new(PolicyReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PolicyReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList. +func (in *PolicyReportList) DeepCopy() *PolicyReportList { + if in == nil { + return nil + } + out := new(PolicyReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult) { + *out = *in + out.Timestamp = in.Timestamp + if in.Subjects != nil { + in, out := &in.Subjects, &out.Subjects + *out = make([]v1.ObjectReference, len(*in)) + copy(*out, *in) + } + if in.SubjectSelector != nil { + in, out := &in.SubjectSelector, &out.SubjectSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.Properties != nil { + in, out := &in.Properties, &out.Properties + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult. +func (in *PolicyReportResult) DeepCopy() *PolicyReportResult { + if in == nil { + return nil + } + out := new(PolicyReportResult) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary. +func (in *PolicyReportSummary) DeepCopy() *PolicyReportSummary { + if in == nil { + return nil + } + out := new(PolicyReportSummary) + in.DeepCopyInto(out) + return out +} diff --git a/policy-report/apis/wgpolicyk8s.io/v1beta1/clusterpolicyreport_types.go b/policy-report/apis/wgpolicyk8s.io/v1beta1/clusterpolicyreport_types.go new file mode 100644 index 0000000..2be56c5 --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1beta1/clusterpolicyreport_types.go @@ -0,0 +1,88 @@ +/* +Copyright 2020 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +genclient:nonNamespaced +// +kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusterpolicyreports,scope="Cluster",shortName=cpolr +// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1 +// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1 +// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass` +// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail` +// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn` +// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error` +// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" + +// ClusterPolicyReport is the Schema for the clusterpolicyreports API +type ClusterPolicyReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Source is an identifier for the source e.g. a policy engine that manages this report. + // Use this field if all the results are produced by a single policy engine. + // If the results are produced by multiple sources e.g. different engines or scanners, + // then use the Source field at the PolicyReportResult level. + // +optional + Source string `json:"source"` + + // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) + // +optional + Scope *corev1.ObjectReference `json:"scope,omitempty"` + + // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). + // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. + // +optional + ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` + + // Configuration is an optional field which can be used to specify + // a contract between PolicyReport generators and consumers + // +optional + Configuration *PolicyReportConfiguration `json:"configuration,omitempty"` + + // PolicyReportSummary provides a summary of results + // +optional + Summary PolicyReportSummary `json:"summary,omitempty"` + + // PolicyReportResult provides result details + // +optional + Results []PolicyReportResult `json:"results,omitempty"` +} + +// ClusterPolicyReportList contains a list of ClusterPolicyReport +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type ClusterPolicyReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClusterPolicyReport `json:"items"` +} + +func init() { + SchemeBuilder.Register(&ClusterPolicyReport{}, &ClusterPolicyReportList{}) +} diff --git a/policy-report/apis/wgpolicyk8s.io/v1beta1/doc.go b/policy-report/apis/wgpolicyk8s.io/v1beta1/doc.go new file mode 100644 index 0000000..af7c0f9 --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1beta1/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2022 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta1 contains API Schema definitions for the policy v1beta1 API group +// +k8s:deepcopy-gen=package +// +kubebuilder:object:generate=true +// +k8s:openapi-gen=true +// +groupName=wgpolicyk8s.io +package v1beta1 diff --git a/policy-report/apis/wgpolicyk8s.io/v1beta1/groupversion_info.go b/policy-report/apis/wgpolicyk8s.io/v1beta1/groupversion_info.go new file mode 100644 index 0000000..89a2697 --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1beta1/groupversion_info.go @@ -0,0 +1,49 @@ +/* +Copyright 2020 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta1 contains API Schema definitions for the policy v1beta1 API group +// +kubebuilder:object:generate=true +// +groupName=wgpolicyk8s.io +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package v1beta1 contains API Schema definitions for the policy v1beta1 API group +// +kubebuilder:object:generate=true +// +groupName=wgpolicyk8s.io +var ( + // SchemeGroupVersion is group version used to register these objects + SchemeGroupVersion = schema.GroupVersion{Group: "wgpolicyk8s.io", Version: "v1beta1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/policy-report/apis/wgpolicyk8s.io/v1beta1/policyreport_types.go b/policy-report/apis/wgpolicyk8s.io/v1beta1/policyreport_types.go new file mode 100644 index 0000000..bfadc60 --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1beta1/policyreport_types.go @@ -0,0 +1,197 @@ +/* +Copyright 2020 The Kubernetes authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// StatusFilter is used by PolicyReport generators to write only those reports whose status is specified by the filters +// +kubebuilder:validation:Enum=pass;fail;warn;error;skip +type StatusFilter string + +type Limits struct { + // MaxResults is the maximum number of results contained in the report + // +optional + MaxResults int `json:"maxResults"` + + // StatusFilter indicates that the PolicyReport contains only those reports with statuses specified in this list + // +optional + StatusFilter []StatusFilter `json:"statusFilter,omitempty"` +} + +type PolicyReportConfiguration struct { + Limits Limits `json:"limits"` +} + +// PolicyReportSummary provides a status count summary +type PolicyReportSummary struct { + + // Pass provides the count of policies whose requirements were met + // +optional + Pass int `json:"pass"` + + // Fail provides the count of policies whose requirements were not met + // +optional + Fail int `json:"fail"` + + // Warn provides the count of non-scored policies whose requirements were not met + // +optional + Warn int `json:"warn"` + + // Error provides the count of policies that could not be evaluated + // +optional + Error int `json:"error"` + + // Skip indicates the count of policies that were not selected for evaluation + // +optional + Skip int `json:"skip"` +} + +// PolicyResult has one of the following values: +// - pass: the policy requirements are met +// - fail: the policy requirements are not met +// - warn: the policy requirements are not met and the policy is not scored +// - error: the policy could not be evaluated +// - skip: the policy was not selected based on user inputs or applicability +// +// +kubebuilder:validation:Enum=pass;fail;warn;error;skip +type PolicyResult string + +// PolicyResultSeverity has one of the following values: +// - critical +// - high +// - low +// - medium +// - info +// +// +kubebuilder:validation:Enum=critical;high;low;medium;info +type PolicyResultSeverity string + +// PolicyReportResult provides the result for an individual policy +type PolicyReportResult struct { + + // Source is an identifier for the policy engine that manages this report + // If the Source is specified at this level, it will override the Source + // field set at the PolicyReport level + // +optional + Source string `json:"source"` + + // Policy is the name or identifier of the policy + Policy string `json:"policy"` + + // Rule is the name or identifier of the rule within the policy + // +optional + Rule string `json:"rule,omitempty"` + + // Category indicates policy category + // +optional + Category string `json:"category,omitempty"` + + // Severity indicates policy check result criticality + // +optional + Severity PolicyResultSeverity `json:"severity,omitempty"` + + // Timestamp indicates the time the result was found + Timestamp metav1.Timestamp `json:"timestamp,omitempty"` + + // Result indicates the outcome of the policy rule execution + Result PolicyResult `json:"result,omitempty"` + + // Scored indicates if this result is scored + Scored bool `json:"scored,omitempty"` + + // Subjects is an optional reference to the checked Kubernetes resources + // +optional + Subjects []corev1.ObjectReference `json:"resources,omitempty"` + + // ResourceSelector is an optional label selector for checked Kubernetes resources. + // For example, a policy result may apply to all pods that match a label. + // Either a Subject or a ResourceSelector can be specified. If neither are provided, the + // result is assumed to be for the policy report scope. + // +optional + ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"` + + // Description is a short user friendly message for the policy rule + Description string `json:"message,omitempty"` + + // Properties provides additional information for the policy rule + Properties map[string]string `json:"properties,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1 +// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1 +// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass` +// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail` +// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn` +// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error` +// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:shortName=polr + +// PolicyReport is the Schema for the policyreports API +type PolicyReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Source is an identifier for the source e.g. a policy engine that manages this report. + // Use this field if all the results are produced by a single policy engine. + // If the results are produced by multiple sources e.g. different engines or scanners, + // then use the Source field at the PolicyReportResult level. + // +optional + Source string `json:"source"` + + // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) + // +optional + Scope *corev1.ObjectReference `json:"scope,omitempty"` + + // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). + // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. + // +optional + ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` + + // Configuration is an optional field which can be used to specify + // a contract between PolicyReport generators and consumers + // +optional + Configuration *PolicyReportConfiguration `json:"configuration,omitempty"` + + // PolicyReportSummary provides a summary of results + // +optional + Summary PolicyReportSummary `json:"summary,omitempty"` + + // PolicyReportResult provides result details + // +optional + Results []PolicyReportResult `json:"results,omitempty"` +} + +// PolicyReportList contains a list of PolicyReport +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type PolicyReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []PolicyReport `json:"items"` +} + +func init() { + SchemeBuilder.Register(&PolicyReport{}, &PolicyReportList{}) +} diff --git a/policy-report/apis/wgpolicyk8s.io/v1beta1/zz_generated.deepcopy.go b/policy-report/apis/wgpolicyk8s.io/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 0000000..ca2a78a --- /dev/null +++ b/policy-report/apis/wgpolicyk8s.io/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,279 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1beta1 + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(v1.ObjectReference) + **out = **in + } + if in.ScopeSelector != nil { + in, out := &in.ScopeSelector, &out.ScopeSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.Configuration != nil { + in, out := &in.Configuration, &out.Configuration + *out = new(PolicyReportConfiguration) + (*in).DeepCopyInto(*out) + } + out.Summary = in.Summary + if in.Results != nil { + in, out := &in.Results, &out.Results + *out = make([]PolicyReportResult, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport. +func (in *ClusterPolicyReport) DeepCopy() *ClusterPolicyReport { + if in == nil { + return nil + } + out := new(ClusterPolicyReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterPolicyReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList. +func (in *ClusterPolicyReportList) DeepCopy() *ClusterPolicyReportList { + if in == nil { + return nil + } + out := new(ClusterPolicyReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterPolicyReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Limits) DeepCopyInto(out *Limits) { + *out = *in + if in.StatusFilter != nil { + in, out := &in.StatusFilter, &out.StatusFilter + *out = make([]StatusFilter, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limits. +func (in *Limits) DeepCopy() *Limits { + if in == nil { + return nil + } + out := new(Limits) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReport) DeepCopyInto(out *PolicyReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(v1.ObjectReference) + **out = **in + } + if in.ScopeSelector != nil { + in, out := &in.ScopeSelector, &out.ScopeSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.Configuration != nil { + in, out := &in.Configuration, &out.Configuration + *out = new(PolicyReportConfiguration) + (*in).DeepCopyInto(*out) + } + out.Summary = in.Summary + if in.Results != nil { + in, out := &in.Results, &out.Results + *out = make([]PolicyReportResult, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport. +func (in *PolicyReport) DeepCopy() *PolicyReport { + if in == nil { + return nil + } + out := new(PolicyReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportConfiguration) DeepCopyInto(out *PolicyReportConfiguration) { + *out = *in + in.Limits.DeepCopyInto(&out.Limits) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportConfiguration. +func (in *PolicyReportConfiguration) DeepCopy() *PolicyReportConfiguration { + if in == nil { + return nil + } + out := new(PolicyReportConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PolicyReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList. +func (in *PolicyReportList) DeepCopy() *PolicyReportList { + if in == nil { + return nil + } + out := new(PolicyReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult) { + *out = *in + out.Timestamp = in.Timestamp + if in.Subjects != nil { + in, out := &in.Subjects, &out.Subjects + *out = make([]v1.ObjectReference, len(*in)) + copy(*out, *in) + } + if in.ResourceSelector != nil { + in, out := &in.ResourceSelector, &out.ResourceSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.Properties != nil { + in, out := &in.Properties, &out.Properties + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult. +func (in *PolicyReportResult) DeepCopy() *PolicyReportResult { + if in == nil { + return nil + } + out := new(PolicyReportResult) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary. +func (in *PolicyReportSummary) DeepCopy() *PolicyReportSummary { + if in == nil { + return nil + } + out := new(PolicyReportSummary) + in.DeepCopyInto(out) + return out +} diff --git a/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterpolicyreports.yaml b/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterpolicyreports.yaml new file mode 100644 index 0000000..93b0fe9 --- /dev/null +++ b/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterpolicyreports.yaml @@ -0,0 +1,420 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: clusterpolicyreports.reports.x-k8s.io +spec: + group: reports.x-k8s.io + names: + kind: ClusterPolicyReport + listKind: ClusterPolicyReportList + plural: clusterpolicyreports + shortNames: + - cpolr + singular: clusterpolicyreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: ClusterPolicyReport is the Schema for the clusterpolicyreports + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + configuration: + description: |- + Configuration is an optional field which can be used to specify + a contract between PolicyReport generators and consumers + properties: + limits: + properties: + maxResults: + description: MaxResults is the maximum number of results contained + in the report + type: integer + statusFilter: + description: StatusFilter indicates that the PolicyReport contains + only those reports with statuses specified in this list + items: + description: StatusFilter is used by PolicyReport generators + to write only those reports whose status is specified by the + filters + enum: + - pass + - fail + - warn + - error + - skip + type: string + type: array + type: object + required: + - limits + type: object + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the + policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the + policy rule + type: object + resourceSelector: + description: |- + ResourceSelector is an optional label selector for checked Kubernetes resources. + For example, a policy result may apply to all pods that match a label. + Either a Subject or a ResourceSelector can be specified. If neither are provided, the + result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked Kubernetes + resources + items: + description: |- + ObjectReference contains enough information to let you inspect or modify the referred object. + --- + New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. + 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. + 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". + Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. + 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple + and the version of the actual struct is irrelevant. + 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. + + + Instead of using this type, create a locally provided and used type that is well-focused on your reference. + For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the + policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: |- + Source is an identifier for the policy engine that manages this report + If the Source is specified at this level, it will override the Source + field set at the PolicyReport level + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: |- + Non-negative fractions of a second at nanosecond resolution. Negative + second values with fractions must still have non-negative nanos values + that count forward in time. Must be from 0 to 999,999,999 + inclusive. This field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: |- + Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + scopeSelector: + description: |- + ScopeSelector is an optional selector for multiple scopes (e.g. Pods). + Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + source: + description: |- + Source is an identifier for the source e.g. a policy engine that manages this report. + Use this field if all the results are produced by a single policy engine. + If the results are produced by multiple sources e.g. different engines or scanners, + then use the Source field at the PolicyReportResult level. + type: string + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_policyreports.yaml b/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_policyreports.yaml new file mode 100644 index 0000000..f07f051 --- /dev/null +++ b/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_policyreports.yaml @@ -0,0 +1,419 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: policyreports.reports.x-k8s.io +spec: + group: reports.x-k8s.io + names: + kind: PolicyReport + listKind: PolicyReportList + plural: policyreports + shortNames: + - polr + singular: policyreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: PolicyReport is the Schema for the policyreports API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + configuration: + description: |- + Configuration is an optional field which can be used to specify + a contract between PolicyReport generators and consumers + properties: + limits: + properties: + maxResults: + description: MaxResults is the maximum number of results contained + in the report + type: integer + statusFilter: + description: StatusFilter indicates that the PolicyReport contains + only those reports with statuses specified in this list + items: + description: StatusFilter is used by PolicyReport generators + to write only those reports whose status is specified by the + filters + enum: + - pass + - fail + - warn + - error + - skip + type: string + type: array + type: object + required: + - limits + type: object + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the + policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the + policy rule + type: object + resourceSelector: + description: |- + ResourceSelector is an optional label selector for checked Kubernetes resources. + For example, a policy result may apply to all pods that match a label. + Either a Subject or a ResourceSelector can be specified. If neither are provided, the + result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked Kubernetes + resources + items: + description: |- + ObjectReference contains enough information to let you inspect or modify the referred object. + --- + New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. + 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. + 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". + Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. + 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple + and the version of the actual struct is irrelevant. + 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. + + + Instead of using this type, create a locally provided and used type that is well-focused on your reference. + For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the + policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: |- + Source is an identifier for the policy engine that manages this report + If the Source is specified at this level, it will override the Source + field set at the PolicyReport level + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: |- + Non-negative fractions of a second at nanosecond resolution. Negative + second values with fractions must still have non-negative nanos values + that count forward in time. Must be from 0 to 999,999,999 + inclusive. This field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: |- + Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + scopeSelector: + description: |- + ScopeSelector is an optional selector for multiple scopes (e.g. Pods). + Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + source: + description: |- + Source is an identifier for the source e.g. a policy engine that manages this report. + Use this field if all the results are produced by a single policy engine. + If the results are produced by multiple sources e.g. different engines or scanners, + then use the Source field at the PolicyReportResult level. + type: string + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_clusterpolicyreports.yaml b/policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_clusterpolicyreports.yaml new file mode 100644 index 0000000..a662d76 --- /dev/null +++ b/policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_clusterpolicyreports.yaml @@ -0,0 +1,338 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: clusterpolicyreports.wgpolicyk8s.io +spec: + group: wgpolicyk8s.io + names: + kind: ClusterPolicyReport + listKind: ClusterPolicyReportList + plural: clusterpolicyreports + shortNames: + - cpolr + singular: clusterpolicyreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterPolicyReport is the Schema for the clusterpolicyreports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + data: + additionalProperties: + type: string + description: Data provides additional information for the policy + rule + type: object + message: + description: Message is a short user friendly description of the + policy rule + type: string + policy: + description: Policy is the name of the policy + type: string + resourceSelector: + description: ResourceSelector is an optional selector for policy + results that apply to multiple resources. For example, a policy + result may apply to all pods that match a label. Either a Resource + or a ResourceSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Resources is an optional reference to the resource + checked by the policy and rule + items: + description: 'ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular restrictions + like, "must refer only to types A and B" or "UID not honored" + or "name must be restricted". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, + which makes it hard for users to predict what will happen. 4. + The fields are both imprecise and overly precise. Kind is not + a precise mapping to a URL. This can produce ambiguity during + interpretation and require a REST mapping. In most cases, the + dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don''t make + new APIs embed an underspecified API type they do not control. + Instead of using this type, create a locally provided and used + type that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + rule: + description: Rule is the name of the policy rule + type: string + scored: + description: Scored indicates if this policy rule is scored + type: boolean + severity: + description: Severity indicates policy severity + enum: + - high + - low + - medium + type: string + status: + description: Status indicates the result of the policy rule check + enum: + - pass + - fail + - warn + - error + - skip + type: string + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of unscored policies whose requirements + were not met + type: integer + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_policyreports.yaml b/policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_policyreports.yaml new file mode 100644 index 0000000..a14def9 --- /dev/null +++ b/policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_policyreports.yaml @@ -0,0 +1,337 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: policyreports.wgpolicyk8s.io +spec: + group: wgpolicyk8s.io + names: + kind: PolicyReport + listKind: PolicyReportList + plural: policyreports + shortNames: + - polr + singular: policyreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: PolicyReport is the Schema for the policyreports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + data: + additionalProperties: + type: string + description: Data provides additional information for the policy + rule + type: object + message: + description: Message is a short user friendly description of the + policy rule + type: string + policy: + description: Policy is the name of the policy + type: string + resourceSelector: + description: ResourceSelector is an optional selector for policy + results that apply to multiple resources. For example, a policy + result may apply to all pods that match a label. Either a Resource + or a ResourceSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Resources is an optional reference to the resource + checked by the policy and rule + items: + description: 'ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular restrictions + like, "must refer only to types A and B" or "UID not honored" + or "name must be restricted". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, + which makes it hard for users to predict what will happen. 4. + The fields are both imprecise and overly precise. Kind is not + a precise mapping to a URL. This can produce ambiguity during + interpretation and require a REST mapping. In most cases, the + dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don''t make + new APIs embed an underspecified API type they do not control. + Instead of using this type, create a locally provided and used + type that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + rule: + description: Rule is the name of the policy rule + type: string + scored: + description: Scored indicates if this policy rule is scored + type: boolean + severity: + description: Severity indicates policy severity + enum: + - high + - low + - medium + type: string + status: + description: Status indicates the result of the policy rule check + enum: + - pass + - fail + - warn + - error + - skip + type: string + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of unscored policies whose requirements + were not met + type: integer + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_clusterpolicyreports.yaml b/policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_clusterpolicyreports.yaml new file mode 100644 index 0000000..7d5e164 --- /dev/null +++ b/policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_clusterpolicyreports.yaml @@ -0,0 +1,1011 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + creationTimestamp: null + name: clusterpolicyreports.wgpolicyk8s.io +spec: + group: wgpolicyk8s.io + names: + kind: ClusterPolicyReport + listKind: ClusterPolicyReportList + plural: clusterpolicyreports + shortNames: + - cpolr + singular: clusterpolicyreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterPolicyReport is the Schema for the clusterpolicyreports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + data: + additionalProperties: + type: string + description: Data provides additional information for the policy + rule + type: object + message: + description: Message is a short user friendly description of the + policy rule + type: string + policy: + description: Policy is the name of the policy + type: string + resourceSelector: + description: ResourceSelector is an optional selector for policy + results that apply to multiple resources. For example, a policy + result may apply to all pods that match a label. Either a Resource + or a ResourceSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Resources is an optional reference to the resource + checked by the policy and rule + items: + description: 'ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID + not honored" or "name must be restricted". Those cannot be well + described when embedded. 3. Inconsistent validation. Because + the usages are different, the validation rules are different + by usage, which makes it hard for users to predict what will + happen. 4. The fields are both imprecise and overly precise. Kind + is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don''t make new + APIs embed an underspecified API type they do not control. Instead + of using this type, create a locally provided and used type + that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + rule: + description: Rule is the name of the policy rule + type: string + scored: + description: Scored indicates if this policy rule is scored + type: boolean + severity: + description: Severity indicates policy severity + enum: + - high + - low + - medium + type: string + status: + description: Status indicates the result of the policy rule check + enum: + - pass + - fail + - warn + - error + - skip + type: string + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of unscored policies whose requirements + were not met + type: integer + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + description: ClusterPolicyReport is the Schema for the clusterpolicyreports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the + policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the + policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for checked + Kubernetes resources. For example, a policy result may apply to + all pods that match a label. Either a Subject or a SubjectSelector + can be specified. If neither are provided, the result is assumed + to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Subjects is an optional reference to the checked Kubernetes + resources + items: + description: 'ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID + not honored" or "name must be restricted". Those cannot be well + described when embedded. 3. Inconsistent validation. Because + the usages are different, the validation rules are different + by usage, which makes it hard for users to predict what will + happen. 4. The fields are both imprecise and overly precise. Kind + is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don''t make new + APIs embed an underspecified API type they do not control. Instead + of using this type, create a locally provided and used type + that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the + policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must still + have non-negative nanos values that count forward in time. + Must be from 0 to 999,999,999 inclusive. This field may be + limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterPolicyReport is the Schema for the clusterpolicyreports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the + policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the + policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for checked + Kubernetes resources. For example, a policy result may apply to + all pods that match a label. Either a Subject or a SubjectSelector + can be specified. If neither are provided, the result is assumed + to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Subjects is an optional reference to the checked Kubernetes + resources + items: + description: 'ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID + not honored" or "name must be restricted". Those cannot be well + described when embedded. 3. Inconsistent validation. Because + the usages are different, the validation rules are different + by usage, which makes it hard for users to predict what will + happen. 4. The fields are both imprecise and overly precise. Kind + is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don''t make new + APIs embed an underspecified API type they do not control. Instead + of using this type, create a locally provided and used type + that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the + policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must still + have non-negative nanos values that count forward in time. + Must be from 0 to 999,999,999 inclusive. This field may be + limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_policyreports.yaml b/policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_policyreports.yaml new file mode 100644 index 0000000..bf77e93 --- /dev/null +++ b/policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_policyreports.yaml @@ -0,0 +1,1008 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + creationTimestamp: null + name: policyreports.wgpolicyk8s.io +spec: + group: wgpolicyk8s.io + names: + kind: PolicyReport + listKind: PolicyReportList + plural: policyreports + shortNames: + - polr + singular: policyreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: PolicyReport is the Schema for the policyreports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + data: + additionalProperties: + type: string + description: Data provides additional information for the policy + rule + type: object + message: + description: Message is a short user friendly description of the + policy rule + type: string + policy: + description: Policy is the name of the policy + type: string + resourceSelector: + description: ResourceSelector is an optional selector for policy + results that apply to multiple resources. For example, a policy + result may apply to all pods that match a label. Either a Resource + or a ResourceSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Resources is an optional reference to the resource + checked by the policy and rule + items: + description: 'ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID + not honored" or "name must be restricted". Those cannot be well + described when embedded. 3. Inconsistent validation. Because + the usages are different, the validation rules are different + by usage, which makes it hard for users to predict what will + happen. 4. The fields are both imprecise and overly precise. Kind + is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don''t make new + APIs embed an underspecified API type they do not control. Instead + of using this type, create a locally provided and used type + that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + rule: + description: Rule is the name of the policy rule + type: string + scored: + description: Scored indicates if this policy rule is scored + type: boolean + severity: + description: Severity indicates policy severity + enum: + - high + - low + - medium + type: string + status: + description: Status indicates the result of the policy rule check + enum: + - pass + - fail + - warn + - error + - skip + type: string + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of unscored policies whose requirements + were not met + type: integer + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + description: PolicyReport is the Schema for the policyreports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the + policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the + policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for checked + Kubernetes resources. For example, a policy result may apply to + all pods that match a label. Either a Subject or a SubjectSelector + can be specified. If neither are provided, the result is assumed + to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Subjects is an optional reference to the checked Kubernetes + resources + items: + description: 'ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID + not honored" or "name must be restricted". Those cannot be well + described when embedded. 3. Inconsistent validation. Because + the usages are different, the validation rules are different + by usage, which makes it hard for users to predict what will + happen. 4. The fields are both imprecise and overly precise. Kind + is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don''t make new + APIs embed an underspecified API type they do not control. Instead + of using this type, create a locally provided and used type + that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the + policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must still + have non-negative nanos values that count forward in time. + Must be from 0 to 999,999,999 inclusive. This field may be + limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: PolicyReport is the Schema for the policyreports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the + policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the + policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for checked + Kubernetes resources. For example, a policy result may apply to + all pods that match a label. Either a Subject or a SubjectSelector + can be specified. If neither are provided, the result is assumed + to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Subjects is an optional reference to the checked Kubernetes + resources + items: + description: 'ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID + not honored" or "name must be restricted". Those cannot be well + described when embedded. 3. Inconsistent validation. Because + the usages are different, the validation rules are different + by usage, which makes it hard for users to predict what will + happen. 4. The fields are both imprecise and overly precise. Kind + is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don''t make new + APIs embed an underspecified API type they do not control. Instead + of using this type, create a locally provided and used type + that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the + policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must still + have non-negative nanos values that count forward in time. + Must be from 0 to 999,999,999 inclusive. This field may be + limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_clusterpolicyreports.yaml b/policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_clusterpolicyreports.yaml new file mode 100644 index 0000000..d2c6944 --- /dev/null +++ b/policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_clusterpolicyreports.yaml @@ -0,0 +1,1047 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.1 + name: clusterpolicyreports.wgpolicyk8s.io +spec: + group: wgpolicyk8s.io + names: + kind: ClusterPolicyReport + listKind: ClusterPolicyReportList + plural: clusterpolicyreports + shortNames: + - cpolr + singular: clusterpolicyreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterPolicyReport is the Schema for the clusterpolicyreports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + data: + additionalProperties: + type: string + description: Data provides additional information for the policy + rule + type: object + message: + description: Message is a short user friendly description of the + policy rule + type: string + policy: + description: Policy is the name of the policy + type: string + resourceSelector: + description: ResourceSelector is an optional selector for policy + results that apply to multiple resources. For example, a policy + result may apply to all pods that match a label. Either a Resource + or a ResourceSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Resources is an optional reference to the resource + checked by the policy and rule + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular + restrictions like, \"must refer only to types A and B\" or \"UID + not honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. Because + the usages are different, the validation rules are different + by usage, which makes it hard for users to predict what will + happen. 4. The fields are both imprecise and overly precise. + \ Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n Instead + of using this type, create a locally provided and used type + that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + rule: + description: Rule is the name of the policy rule + type: string + scored: + description: Scored indicates if this policy rule is scored + type: boolean + severity: + description: Severity indicates policy severity + enum: + - high + - low + - medium + type: string + status: + description: Status indicates the result of the policy rule check + enum: + - pass + - fail + - warn + - error + - skip + type: string + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of unscored policies whose requirements + were not met + type: integer + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + description: ClusterPolicyReport is the Schema for the clusterpolicyreports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the + policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the + policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for checked + Kubernetes resources. For example, a policy result may apply to + all pods that match a label. Either a Subject or a SubjectSelector + can be specified. If neither are provided, the result is assumed + to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Subjects is an optional reference to the checked Kubernetes + resources + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular + restrictions like, \"must refer only to types A and B\" or \"UID + not honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. Because + the usages are different, the validation rules are different + by usage, which makes it hard for users to predict what will + happen. 4. The fields are both imprecise and overly precise. + \ Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n Instead + of using this type, create a locally provided and used type + that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the + policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must still + have non-negative nanos values that count forward in time. + Must be from 0 to 999,999,999 inclusive. This field may be + limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterPolicyReport is the Schema for the clusterpolicyreports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + configuration: + description: Configuration is an optional field which can be used to specify + a contract between PolicyReport generators and consumers + properties: + limits: + properties: + maxResults: + description: MaxResults is the maximum number of results contained + in the report + type: integer + statusFilter: + description: StatusFilter indicates that the PolicyReport contains + only those reports with statuses specified in this list + items: + description: StatusFilter is used by PolicyReport generators + to write only those reports whose status is specified by the + filters + enum: + - pass + - fail + - warn + - error + - skip + type: string + type: array + type: object + required: + - limits + type: object + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the + policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the + policy rule + type: object + resourceSelector: + description: ResourceSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result may + apply to all pods that match a label. Either a Subject or a ResourceSelector + can be specified. If neither are provided, the result is assumed + to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Subjects is an optional reference to the checked Kubernetes + resources + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular + restrictions like, \"must refer only to types A and B\" or \"UID + not honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. Because + the usages are different, the validation rules are different + by usage, which makes it hard for users to predict what will + happen. 4. The fields are both imprecise and overly precise. + \ Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n Instead + of using this type, create a locally provided and used type + that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the + policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report If the Source is specified at this level, + it will override the Source field set at the PolicyReport level + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must still + have non-negative nanos values that count forward in time. + Must be from 0 to 999,999,999 inclusive. This field may be + limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + source: + description: Source is an identifier for the source e.g. a policy engine + that manages this report. Use this field if all the results are produced + by a single policy engine. If the results are produced by multiple sources + e.g. different engines or scanners, then use the Source field at the + PolicyReportResult level. + type: string + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_policyreports.yaml b/policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_policyreports.yaml new file mode 100644 index 0000000..9bfe775 --- /dev/null +++ b/policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_policyreports.yaml @@ -0,0 +1,1044 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.1 + name: policyreports.wgpolicyk8s.io +spec: + group: wgpolicyk8s.io + names: + kind: PolicyReport + listKind: PolicyReportList + plural: policyreports + shortNames: + - polr + singular: policyreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: PolicyReport is the Schema for the policyreports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + data: + additionalProperties: + type: string + description: Data provides additional information for the policy + rule + type: object + message: + description: Message is a short user friendly description of the + policy rule + type: string + policy: + description: Policy is the name of the policy + type: string + resourceSelector: + description: ResourceSelector is an optional selector for policy + results that apply to multiple resources. For example, a policy + result may apply to all pods that match a label. Either a Resource + or a ResourceSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Resources is an optional reference to the resource + checked by the policy and rule + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular + restrictions like, \"must refer only to types A and B\" or \"UID + not honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. Because + the usages are different, the validation rules are different + by usage, which makes it hard for users to predict what will + happen. 4. The fields are both imprecise and overly precise. + \ Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n Instead + of using this type, create a locally provided and used type + that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + rule: + description: Rule is the name of the policy rule + type: string + scored: + description: Scored indicates if this policy rule is scored + type: boolean + severity: + description: Severity indicates policy severity + enum: + - high + - low + - medium + type: string + status: + description: Status indicates the result of the policy rule check + enum: + - pass + - fail + - warn + - error + - skip + type: string + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of unscored policies whose requirements + were not met + type: integer + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + description: PolicyReport is the Schema for the policyreports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the + policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the + policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for checked + Kubernetes resources. For example, a policy result may apply to + all pods that match a label. Either a Subject or a SubjectSelector + can be specified. If neither are provided, the result is assumed + to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Subjects is an optional reference to the checked Kubernetes + resources + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular + restrictions like, \"must refer only to types A and B\" or \"UID + not honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. Because + the usages are different, the validation rules are different + by usage, which makes it hard for users to predict what will + happen. 4. The fields are both imprecise and overly precise. + \ Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n Instead + of using this type, create a locally provided and used type + that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the + policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must still + have non-negative nanos values that count forward in time. + Must be from 0 to 999,999,999 inclusive. This field may be + limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - jsonPath: .scope.kind + name: Kind + priority: 1 + type: string + - jsonPath: .scope.name + name: Name + priority: 1 + type: string + - jsonPath: .summary.pass + name: Pass + type: integer + - jsonPath: .summary.fail + name: Fail + type: integer + - jsonPath: .summary.warn + name: Warn + type: integer + - jsonPath: .summary.error + name: Error + type: integer + - jsonPath: .summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: PolicyReport is the Schema for the policyreports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + configuration: + description: Configuration is an optional field which can be used to specify + a contract between PolicyReport generators and consumers + properties: + limits: + properties: + maxResults: + description: MaxResults is the maximum number of results contained + in the report + type: integer + statusFilter: + description: StatusFilter indicates that the PolicyReport contains + only those reports with statuses specified in this list + items: + description: StatusFilter is used by PolicyReport generators + to write only those reports whose status is specified by the + filters + enum: + - pass + - fail + - warn + - error + - skip + type: string + type: array + type: object + required: + - limits + type: object + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the + policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the + policy rule + type: object + resourceSelector: + description: ResourceSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result may + apply to all pods that match a label. Either a Subject or a ResourceSelector + can be specified. If neither are provided, the result is assumed + to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Subjects is an optional reference to the checked Kubernetes + resources + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many + fields which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular + restrictions like, \"must refer only to types A and B\" or \"UID + not honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. Because + the usages are different, the validation rules are different + by usage, which makes it hard for users to predict what will + happen. 4. The fields are both imprecise and overly precise. + \ Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the version + of the actual struct is irrelevant. 5. We cannot easily change + it. Because this type is embedded in many locations, updates + to this type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n Instead + of using this type, create a locally provided and used type + that is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the + policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report If the Source is specified at this level, + it will override the Source field set at the PolicyReport level + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must still + have non-negative nanos values that count forward in time. + Must be from 0 to 999,999,999 inclusive. This field may be + limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + scope: + description: Scope is an optional reference to the report scope (e.g. + a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + scopeSelector: + description: ScopeSelector is an optional selector for multiple scopes + (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector + should be specified. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + source: + description: Source is an identifier for the source e.g. a policy engine + that manages this report. Use this field if all the results are produced + by a single policy engine. If the results are produced by multiple sources + e.g. different engines or scanners, then use the Source field at the + PolicyReportResult level. + type: string + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be + evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected + for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/policy-report/docs/api-docs.md b/policy-report/docs/api-docs.md new file mode 100644 index 0000000..c604357 --- /dev/null +++ b/policy-report/docs/api-docs.md @@ -0,0 +1,239 @@ +# API Reference + +## Packages +- [reports.x-k8s.io/v1beta2](#reportsx-k8siov1beta2) + + +## reports.x-k8s.io/v1beta2 + +Package v1beta2 contains API Schema definitions for the policy v1beta2 API group + +Package v1beta2 contains API Schema definitions for the policy v1beta2 API group + +### Resource Types +- [ClusterPolicyReport](#clusterpolicyreport) +- [ClusterPolicyReportList](#clusterpolicyreportlist) +- [PolicyReport](#policyreport) +- [PolicyReportList](#policyreportlist) + + + +#### ClusterPolicyReport + + + +ClusterPolicyReport is the Schema for the clusterpolicyreports API + + + +_Appears in:_ +- [ClusterPolicyReportList](#clusterpolicyreportlist) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `apiVersion` _string_ | `reports.x-k8s.io/v1beta2` | | | +| `kind` _string_ | `ClusterPolicyReport` | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `source` _string_ | Source is an identifier for the source e.g. a policy engine that manages this report.
Use this field if all the results are produced by a single policy engine.
If the results are produced by multiple sources e.g. different engines or scanners,
then use the Source field at the PolicyReportResult level. | | | +| `scope` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectreference-v1-core)_ | Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) | | | +| `scopeSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta)_ | ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. | | | +| `configuration` _[PolicyReportConfiguration](#policyreportconfiguration)_ | Configuration is an optional field which can be used to specify
a contract between PolicyReport generators and consumers | | | +| `summary` _[PolicyReportSummary](#policyreportsummary)_ | PolicyReportSummary provides a summary of results | | | +| `results` _[PolicyReportResult](#policyreportresult) array_ | PolicyReportResult provides result details | | | + + +#### ClusterPolicyReportList + + + +ClusterPolicyReportList contains a list of ClusterPolicyReport + + + + + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `apiVersion` _string_ | `reports.x-k8s.io/v1beta2` | | | +| `kind` _string_ | `ClusterPolicyReportList` | | | +| `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `items` _[ClusterPolicyReport](#clusterpolicyreport) array_ | | | | + + +#### Limits + + + + + + + +_Appears in:_ +- [PolicyReportConfiguration](#policyreportconfiguration) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `maxResults` _integer_ | MaxResults is the maximum number of results contained in the report | | | +| `statusFilter` _[StatusFilter](#statusfilter) array_ | StatusFilter indicates that the PolicyReport contains only those reports with statuses specified in this list | | Enum: [pass fail warn error skip]
| + + +#### PolicyReport + + + +PolicyReport is the Schema for the policyreports API + + + +_Appears in:_ +- [PolicyReportList](#policyreportlist) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `apiVersion` _string_ | `reports.x-k8s.io/v1beta2` | | | +| `kind` _string_ | `PolicyReport` | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `source` _string_ | Source is an identifier for the source e.g. a policy engine that manages this report.
Use this field if all the results are produced by a single policy engine.
If the results are produced by multiple sources e.g. different engines or scanners,
then use the Source field at the PolicyReportResult level. | | | +| `scope` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectreference-v1-core)_ | Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) | | | +| `scopeSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta)_ | ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. | | | +| `configuration` _[PolicyReportConfiguration](#policyreportconfiguration)_ | Configuration is an optional field which can be used to specify
a contract between PolicyReport generators and consumers | | | +| `summary` _[PolicyReportSummary](#policyreportsummary)_ | PolicyReportSummary provides a summary of results | | | +| `results` _[PolicyReportResult](#policyreportresult) array_ | PolicyReportResult provides result details | | | + + +#### PolicyReportConfiguration + + + + + + + +_Appears in:_ +- [ClusterPolicyReport](#clusterpolicyreport) +- [PolicyReport](#policyreport) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `limits` _[Limits](#limits)_ | | | | + + +#### PolicyReportList + + + +PolicyReportList contains a list of PolicyReport + + + + + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `apiVersion` _string_ | `reports.x-k8s.io/v1beta2` | | | +| `kind` _string_ | `PolicyReportList` | | | +| `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `items` _[PolicyReport](#policyreport) array_ | | | | + + +#### PolicyReportResult + + + +PolicyReportResult provides the result for an individual policy + + + +_Appears in:_ +- [ClusterPolicyReport](#clusterpolicyreport) +- [PolicyReport](#policyreport) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `source` _string_ | Source is an identifier for the policy engine that manages this report
If the Source is specified at this level, it will override the Source
field set at the PolicyReport level | | | +| `policy` _string_ | Policy is the name or identifier of the policy | | | +| `rule` _string_ | Rule is the name or identifier of the rule within the policy | | | +| `category` _string_ | Category indicates policy category | | | +| `severity` _[PolicyResultSeverity](#policyresultseverity)_ | Severity indicates policy check result criticality | | Enum: [critical high low medium info]
| +| `timestamp` _[Timestamp](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#timestamp-v1-meta)_ | Timestamp indicates the time the result was found | | | +| `result` _[PolicyResult](#policyresult)_ | Result indicates the outcome of the policy rule execution | | Enum: [pass fail warn error skip]
| +| `scored` _boolean_ | Scored indicates if this result is scored | | | +| `resources` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectreference-v1-core) array_ | Subjects is an optional reference to the checked Kubernetes resources | | | +| `resourceSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta)_ | ResourceSelector is an optional label selector for checked Kubernetes resources.
For example, a policy result may apply to all pods that match a label.
Either a Subject or a ResourceSelector can be specified. If neither are provided, the
result is assumed to be for the policy report scope. | | | +| `message` _string_ | Description is a short user friendly message for the policy rule | | | +| `properties` _object (keys:string, values:string)_ | Properties provides additional information for the policy rule | | | + + +#### PolicyReportSummary + + + +PolicyReportSummary provides a status count summary + + + +_Appears in:_ +- [ClusterPolicyReport](#clusterpolicyreport) +- [PolicyReport](#policyreport) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `pass` _integer_ | Pass provides the count of policies whose requirements were met | | | +| `fail` _integer_ | Fail provides the count of policies whose requirements were not met | | | +| `warn` _integer_ | Warn provides the count of non-scored policies whose requirements were not met | | | +| `error` _integer_ | Error provides the count of policies that could not be evaluated | | | +| `skip` _integer_ | Skip indicates the count of policies that were not selected for evaluation | | | + + +#### PolicyResult + +_Underlying type:_ _string_ + +PolicyResult has one of the following values: + - pass: the policy requirements are met + - fail: the policy requirements are not met + - warn: the policy requirements are not met and the policy is not scored + - error: the policy could not be evaluated + - skip: the policy was not selected based on user inputs or applicability + +_Validation:_ +- Enum: [pass fail warn error skip] + +_Appears in:_ +- [PolicyReportResult](#policyreportresult) + + + +#### PolicyResultSeverity + +_Underlying type:_ _string_ + +PolicyResultSeverity has one of the following values: + - critical + - high + - low + - medium + - info + +_Validation:_ +- Enum: [critical high low medium info] + +_Appears in:_ +- [PolicyReportResult](#policyreportresult) + + + +#### StatusFilter + +_Underlying type:_ _string_ + +StatusFilter is used by PolicyReport generators to write only those reports whose status is specified by the filters + +_Validation:_ +- Enum: [pass fail warn error skip] + +_Appears in:_ +- [Limits](#limits) + + + diff --git a/policy-report/docs/config.yaml b/policy-report/docs/config.yaml new file mode 100644 index 0000000..e9d4aa9 --- /dev/null +++ b/policy-report/docs/config.yaml @@ -0,0 +1,15 @@ +processor: + ignoreGroupVersions: + ignoreTypes: + ignoreFields: + - "status$" + - "TypeMeta$" + - "kind$" + - "apiVersion$" + customMarkers: + - name: "hidefromdoc" + target: field + +render: + kubernetesVersion: 1.29 + knownTypes: diff --git a/policy-report/hack/boilerplate.go.txt b/policy-report/hack/boilerplate.go.txt new file mode 100644 index 0000000..e332f2a --- /dev/null +++ b/policy-report/hack/boilerplate.go.txt @@ -0,0 +1,15 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ \ No newline at end of file diff --git a/policy-report/hack/codegen.go b/policy-report/hack/codegen.go new file mode 100644 index 0000000..18f752a --- /dev/null +++ b/policy-report/hack/codegen.go @@ -0,0 +1,5 @@ +package hack + +import ( + _ "k8s.io/code-generator" +) diff --git a/policy-report/hack/update-codegen.sh b/policy-report/hack/update-codegen.sh new file mode 100755 index 0000000..b6394d8 --- /dev/null +++ b/policy-report/hack/update-codegen.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash + +# Copyright 2023 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Derived from: https://github.com/kubernetes/code-generator/blob/master/examples/hack/update-codegen.sh + +set -o errexit +set -o nounset +set -o pipefail + +SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")" +SCRIPT_ROOT="${SCRIPT_DIR}/.." +CODEGEN_PKG="${CODEGEN_PKG:-"${SCRIPT_ROOT}/bin"}" + +source "${CODEGEN_PKG}/kube_codegen.sh" + +kube::codegen::gen_helpers \ + --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \ + "${SCRIPT_ROOT}/apis" + +kube::codegen::gen_client \ + --with-watch \ + --output-dir "${SCRIPT_ROOT}/pkg/client" \ + --output-pkg "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client" \ + --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \ + "${SCRIPT_ROOT}/apis" diff --git a/policy-report/pkg/client/clientset/versioned/clientset.go b/policy-report/pkg/client/clientset/versioned/clientset.go new file mode 100644 index 0000000..f597377 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/clientset.go @@ -0,0 +1,158 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package versioned + +import ( + "fmt" + "net/http" + + discovery "k8s.io/client-go/discovery" + rest "k8s.io/client-go/rest" + flowcontrol "k8s.io/client-go/util/flowcontrol" + reportsv1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2" + wgpolicyk8sv1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1" + wgpolicyk8sv1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2" + wgpolicyk8sv1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1" +) + +type Interface interface { + Discovery() discovery.DiscoveryInterface + ReportsV1beta2() reportsv1beta2.ReportsV1beta2Interface + Wgpolicyk8sV1alpha1() wgpolicyk8sv1alpha1.Wgpolicyk8sV1alpha1Interface + Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface + Wgpolicyk8sV1beta1() wgpolicyk8sv1beta1.Wgpolicyk8sV1beta1Interface +} + +// Clientset contains the clients for groups. +type Clientset struct { + *discovery.DiscoveryClient + reportsV1beta2 *reportsv1beta2.ReportsV1beta2Client + wgpolicyk8sV1alpha1 *wgpolicyk8sv1alpha1.Wgpolicyk8sV1alpha1Client + wgpolicyk8sV1alpha2 *wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Client + wgpolicyk8sV1beta1 *wgpolicyk8sv1beta1.Wgpolicyk8sV1beta1Client +} + +// ReportsV1beta2 retrieves the ReportsV1beta2Client +func (c *Clientset) ReportsV1beta2() reportsv1beta2.ReportsV1beta2Interface { + return c.reportsV1beta2 +} + +// Wgpolicyk8sV1alpha1 retrieves the Wgpolicyk8sV1alpha1Client +func (c *Clientset) Wgpolicyk8sV1alpha1() wgpolicyk8sv1alpha1.Wgpolicyk8sV1alpha1Interface { + return c.wgpolicyk8sV1alpha1 +} + +// Wgpolicyk8sV1alpha2 retrieves the Wgpolicyk8sV1alpha2Client +func (c *Clientset) Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface { + return c.wgpolicyk8sV1alpha2 +} + +// Wgpolicyk8sV1beta1 retrieves the Wgpolicyk8sV1beta1Client +func (c *Clientset) Wgpolicyk8sV1beta1() wgpolicyk8sv1beta1.Wgpolicyk8sV1beta1Interface { + return c.wgpolicyk8sV1beta1 +} + +// Discovery retrieves the DiscoveryClient +func (c *Clientset) Discovery() discovery.DiscoveryInterface { + if c == nil { + return nil + } + return c.DiscoveryClient +} + +// NewForConfig creates a new Clientset for the given config. +// If config's RateLimiter is not set and QPS and Burst are acceptable, +// NewForConfig will generate a rate-limiter in configShallowCopy. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*Clientset, error) { + configShallowCopy := *c + + if configShallowCopy.UserAgent == "" { + configShallowCopy.UserAgent = rest.DefaultKubernetesUserAgent() + } + + // share the transport between all clients + httpClient, err := rest.HTTPClientFor(&configShallowCopy) + if err != nil { + return nil, err + } + + return NewForConfigAndClient(&configShallowCopy, httpClient) +} + +// NewForConfigAndClient creates a new Clientset for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +// If config's RateLimiter is not set and QPS and Burst are acceptable, +// NewForConfigAndClient will generate a rate-limiter in configShallowCopy. +func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, error) { + configShallowCopy := *c + if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 { + if configShallowCopy.Burst <= 0 { + return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0") + } + configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst) + } + + var cs Clientset + var err error + cs.reportsV1beta2, err = reportsv1beta2.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } + cs.wgpolicyk8sV1alpha1, err = wgpolicyk8sv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } + cs.wgpolicyk8sV1alpha2, err = wgpolicyk8sv1alpha2.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } + cs.wgpolicyk8sV1beta1, err = wgpolicyk8sv1beta1.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } + + cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } + return &cs, nil +} + +// NewForConfigOrDie creates a new Clientset for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *Clientset { + cs, err := NewForConfig(c) + if err != nil { + panic(err) + } + return cs +} + +// New creates a new Clientset for the given RESTClient. +func New(c rest.Interface) *Clientset { + var cs Clientset + cs.reportsV1beta2 = reportsv1beta2.New(c) + cs.wgpolicyk8sV1alpha1 = wgpolicyk8sv1alpha1.New(c) + cs.wgpolicyk8sV1alpha2 = wgpolicyk8sv1alpha2.New(c) + cs.wgpolicyk8sV1beta1 = wgpolicyk8sv1beta1.New(c) + + cs.DiscoveryClient = discovery.NewDiscoveryClient(c) + return &cs +} diff --git a/policy-report/pkg/client/clientset/versioned/fake/clientset_generated.go b/policy-report/pkg/client/clientset/versioned/fake/clientset_generated.go new file mode 100644 index 0000000..82b26d3 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/fake/clientset_generated.go @@ -0,0 +1,105 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/watch" + "k8s.io/client-go/discovery" + fakediscovery "k8s.io/client-go/discovery/fake" + "k8s.io/client-go/testing" + clientset "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned" + reportsv1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2" + fakereportsv1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake" + wgpolicyk8sv1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1" + fakewgpolicyk8sv1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake" + wgpolicyk8sv1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2" + fakewgpolicyk8sv1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake" + wgpolicyk8sv1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1" + fakewgpolicyk8sv1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake" +) + +// NewSimpleClientset returns a clientset that will respond with the provided objects. +// It's backed by a very simple object tracker that processes creates, updates and deletions as-is, +// without applying any validations and/or defaults. It shouldn't be considered a replacement +// for a real clientset and is mostly useful in simple unit tests. +func NewSimpleClientset(objects ...runtime.Object) *Clientset { + o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) + for _, obj := range objects { + if err := o.Add(obj); err != nil { + panic(err) + } + } + + cs := &Clientset{tracker: o} + cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake} + cs.AddReactor("*", "*", testing.ObjectReaction(o)) + cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) { + gvr := action.GetResource() + ns := action.GetNamespace() + watch, err := o.Watch(gvr, ns) + if err != nil { + return false, nil, err + } + return true, watch, nil + }) + + return cs +} + +// Clientset implements clientset.Interface. Meant to be embedded into a +// struct to get a default implementation. This makes faking out just the method +// you want to test easier. +type Clientset struct { + testing.Fake + discovery *fakediscovery.FakeDiscovery + tracker testing.ObjectTracker +} + +func (c *Clientset) Discovery() discovery.DiscoveryInterface { + return c.discovery +} + +func (c *Clientset) Tracker() testing.ObjectTracker { + return c.tracker +} + +var ( + _ clientset.Interface = &Clientset{} + _ testing.FakeClient = &Clientset{} +) + +// ReportsV1beta2 retrieves the ReportsV1beta2Client +func (c *Clientset) ReportsV1beta2() reportsv1beta2.ReportsV1beta2Interface { + return &fakereportsv1beta2.FakeReportsV1beta2{Fake: &c.Fake} +} + +// Wgpolicyk8sV1alpha1 retrieves the Wgpolicyk8sV1alpha1Client +func (c *Clientset) Wgpolicyk8sV1alpha1() wgpolicyk8sv1alpha1.Wgpolicyk8sV1alpha1Interface { + return &fakewgpolicyk8sv1alpha1.FakeWgpolicyk8sV1alpha1{Fake: &c.Fake} +} + +// Wgpolicyk8sV1alpha2 retrieves the Wgpolicyk8sV1alpha2Client +func (c *Clientset) Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface { + return &fakewgpolicyk8sv1alpha2.FakeWgpolicyk8sV1alpha2{Fake: &c.Fake} +} + +// Wgpolicyk8sV1beta1 retrieves the Wgpolicyk8sV1beta1Client +func (c *Clientset) Wgpolicyk8sV1beta1() wgpolicyk8sv1beta1.Wgpolicyk8sV1beta1Interface { + return &fakewgpolicyk8sv1beta1.FakeWgpolicyk8sV1beta1{Fake: &c.Fake} +} diff --git a/policy-report/pkg/client/clientset/versioned/fake/doc.go b/policy-report/pkg/client/clientset/versioned/fake/doc.go new file mode 100644 index 0000000..5fae9fd --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/fake/doc.go @@ -0,0 +1,19 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated fake clientset. +package fake diff --git a/policy-report/pkg/client/clientset/versioned/fake/register.go b/policy-report/pkg/client/clientset/versioned/fake/register.go new file mode 100644 index 0000000..b3fe634 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/fake/register.go @@ -0,0 +1,61 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + serializer "k8s.io/apimachinery/pkg/runtime/serializer" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + reportsv1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" + wgpolicyk8sv1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1" + wgpolicyk8sv1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2" + wgpolicyk8sv1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1" +) + +var scheme = runtime.NewScheme() +var codecs = serializer.NewCodecFactory(scheme) + +var localSchemeBuilder = runtime.SchemeBuilder{ + reportsv1beta2.AddToScheme, + wgpolicyk8sv1alpha1.AddToScheme, + wgpolicyk8sv1alpha2.AddToScheme, + wgpolicyk8sv1beta1.AddToScheme, +} + +// AddToScheme adds all types of this clientset into the given scheme. This allows composition +// of clientsets, like in: +// +// import ( +// "k8s.io/client-go/kubernetes" +// clientsetscheme "k8s.io/client-go/kubernetes/scheme" +// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" +// ) +// +// kclientset, _ := kubernetes.NewForConfig(c) +// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) +// +// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types +// correctly. +var AddToScheme = localSchemeBuilder.AddToScheme + +func init() { + v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"}) + utilruntime.Must(AddToScheme(scheme)) +} diff --git a/policy-report/pkg/client/clientset/versioned/scheme/doc.go b/policy-report/pkg/client/clientset/versioned/scheme/doc.go new file mode 100644 index 0000000..16d8889 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/scheme/doc.go @@ -0,0 +1,19 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +// This package contains the scheme of the automatically generated clientset. +package scheme diff --git a/policy-report/pkg/client/clientset/versioned/scheme/register.go b/policy-report/pkg/client/clientset/versioned/scheme/register.go new file mode 100644 index 0000000..f60527e --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/scheme/register.go @@ -0,0 +1,61 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package scheme + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + serializer "k8s.io/apimachinery/pkg/runtime/serializer" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + reportsv1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" + wgpolicyk8sv1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1" + wgpolicyk8sv1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2" + wgpolicyk8sv1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1" +) + +var Scheme = runtime.NewScheme() +var Codecs = serializer.NewCodecFactory(Scheme) +var ParameterCodec = runtime.NewParameterCodec(Scheme) +var localSchemeBuilder = runtime.SchemeBuilder{ + reportsv1beta2.AddToScheme, + wgpolicyk8sv1alpha1.AddToScheme, + wgpolicyk8sv1alpha2.AddToScheme, + wgpolicyk8sv1beta1.AddToScheme, +} + +// AddToScheme adds all types of this clientset into the given scheme. This allows composition +// of clientsets, like in: +// +// import ( +// "k8s.io/client-go/kubernetes" +// clientsetscheme "k8s.io/client-go/kubernetes/scheme" +// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" +// ) +// +// kclientset, _ := kubernetes.NewForConfig(c) +// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) +// +// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types +// correctly. +var AddToScheme = localSchemeBuilder.AddToScheme + +func init() { + v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) + utilruntime.Must(AddToScheme(Scheme)) +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterpolicyreport.go new file mode 100644 index 0000000..ca341e5 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterpolicyreport.go @@ -0,0 +1,167 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "context" + "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" + scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +// ClusterPolicyReportsGetter has a method to return a ClusterPolicyReportInterface. +// A group's client should implement this interface. +type ClusterPolicyReportsGetter interface { + ClusterPolicyReports() ClusterPolicyReportInterface +} + +// ClusterPolicyReportInterface has methods to work with ClusterPolicyReport resources. +type ClusterPolicyReportInterface interface { + Create(ctx context.Context, clusterPolicyReport *v1beta2.ClusterPolicyReport, opts v1.CreateOptions) (*v1beta2.ClusterPolicyReport, error) + Update(ctx context.Context, clusterPolicyReport *v1beta2.ClusterPolicyReport, opts v1.UpdateOptions) (*v1beta2.ClusterPolicyReport, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta2.ClusterPolicyReport, error) + List(ctx context.Context, opts v1.ListOptions) (*v1beta2.ClusterPolicyReportList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.ClusterPolicyReport, err error) + ClusterPolicyReportExpansion +} + +// clusterPolicyReports implements ClusterPolicyReportInterface +type clusterPolicyReports struct { + client rest.Interface +} + +// newClusterPolicyReports returns a ClusterPolicyReports +func newClusterPolicyReports(c *ReportsV1beta2Client) *clusterPolicyReports { + return &clusterPolicyReports{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any. +func (c *clusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.ClusterPolicyReport, err error) { + result = &v1beta2.ClusterPolicyReport{} + err = c.client.Get(). + Resource("clusterpolicyreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors. +func (c *clusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.ClusterPolicyReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1beta2.ClusterPolicyReportList{} + err = c.client.Get(). + Resource("clusterpolicyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterPolicyReports. +func (c *clusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterpolicyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *clusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1beta2.ClusterPolicyReport, opts v1.CreateOptions) (result *v1beta2.ClusterPolicyReport, err error) { + result = &v1beta2.ClusterPolicyReport{} + err = c.client.Post(). + Resource("clusterpolicyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterPolicyReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *clusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1beta2.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1beta2.ClusterPolicyReport, err error) { + result = &v1beta2.ClusterPolicyReport{} + err = c.client.Put(). + Resource("clusterpolicyreports"). + Name(clusterPolicyReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterPolicyReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs. +func (c *clusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterpolicyreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterpolicyreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterPolicyReport. +func (c *clusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.ClusterPolicyReport, err error) { + result = &v1beta2.ClusterPolicyReport{} + err = c.client.Patch(pt). + Resource("clusterpolicyreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/doc.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/doc.go new file mode 100644 index 0000000..bfa7cbb --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/doc.go @@ -0,0 +1,19 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1beta2 diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/doc.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/doc.go new file mode 100644 index 0000000..3b00159 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/doc.go @@ -0,0 +1,19 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterpolicyreport.go new file mode 100644 index 0000000..119c43c --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterpolicyreport.go @@ -0,0 +1,120 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" +) + +// FakeClusterPolicyReports implements ClusterPolicyReportInterface +type FakeClusterPolicyReports struct { + Fake *FakeReportsV1beta2 +} + +var clusterpolicyreportsResource = v1beta2.SchemeGroupVersion.WithResource("clusterpolicyreports") + +var clusterpolicyreportsKind = v1beta2.SchemeGroupVersion.WithKind("ClusterPolicyReport") + +// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any. +func (c *FakeClusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterpolicyreportsResource, name), &v1beta2.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta2.ClusterPolicyReport), err +} + +// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors. +func (c *FakeClusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.ClusterPolicyReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterpolicyreportsResource, clusterpolicyreportsKind, opts), &v1beta2.ClusterPolicyReportList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1beta2.ClusterPolicyReportList{ListMeta: obj.(*v1beta2.ClusterPolicyReportList).ListMeta} + for _, item := range obj.(*v1beta2.ClusterPolicyReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterPolicyReports. +func (c *FakeClusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterpolicyreportsResource, opts)) +} + +// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *FakeClusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1beta2.ClusterPolicyReport, opts v1.CreateOptions) (result *v1beta2.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1beta2.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta2.ClusterPolicyReport), err +} + +// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *FakeClusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1beta2.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1beta2.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1beta2.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta2.ClusterPolicyReport), err +} + +// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs. +func (c *FakeClusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterpolicyreportsResource, name, opts), &v1beta2.ClusterPolicyReport{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterpolicyreportsResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1beta2.ClusterPolicyReportList{}) + return err +} + +// Patch applies the patch and returns the patched clusterPolicyReport. +func (c *FakeClusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyreportsResource, name, pt, data, subresources...), &v1beta2.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta2.ClusterPolicyReport), err +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_policyreport.go new file mode 100644 index 0000000..4ab6f2d --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_policyreport.go @@ -0,0 +1,128 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" +) + +// FakePolicyReports implements PolicyReportInterface +type FakePolicyReports struct { + Fake *FakeReportsV1beta2 + ns string +} + +var policyreportsResource = v1beta2.SchemeGroupVersion.WithResource("policyreports") + +var policyreportsKind = v1beta2.SchemeGroupVersion.WithKind("PolicyReport") + +// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any. +func (c *FakePolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(policyreportsResource, c.ns, name), &v1beta2.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta2.PolicyReport), err +} + +// List takes label and field selectors, and returns the list of PolicyReports that match those selectors. +func (c *FakePolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.PolicyReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(policyreportsResource, policyreportsKind, c.ns, opts), &v1beta2.PolicyReportList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1beta2.PolicyReportList{ListMeta: obj.(*v1beta2.PolicyReportList).ListMeta} + for _, item := range obj.(*v1beta2.PolicyReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested policyReports. +func (c *FakePolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(policyreportsResource, c.ns, opts)) + +} + +// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *FakePolicyReports) Create(ctx context.Context, policyReport *v1beta2.PolicyReport, opts v1.CreateOptions) (result *v1beta2.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(policyreportsResource, c.ns, policyReport), &v1beta2.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta2.PolicyReport), err +} + +// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *FakePolicyReports) Update(ctx context.Context, policyReport *v1beta2.PolicyReport, opts v1.UpdateOptions) (result *v1beta2.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(policyreportsResource, c.ns, policyReport), &v1beta2.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta2.PolicyReport), err +} + +// Delete takes name of the policyReport and deletes it. Returns an error if one occurs. +func (c *FakePolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(policyreportsResource, c.ns, name, opts), &v1beta2.PolicyReport{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakePolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(policyreportsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1beta2.PolicyReportList{}) + return err +} + +// Patch applies the patch and returns the patched policyReport. +func (c *FakePolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(policyreportsResource, c.ns, name, pt, data, subresources...), &v1beta2.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta2.PolicyReport), err +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_reports.x-k8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_reports.x-k8s.io_client.go new file mode 100644 index 0000000..f0613f2 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_reports.x-k8s.io_client.go @@ -0,0 +1,43 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2" +) + +type FakeReportsV1beta2 struct { + *testing.Fake +} + +func (c *FakeReportsV1beta2) ClusterPolicyReports() v1beta2.ClusterPolicyReportInterface { + return &FakeClusterPolicyReports{c} +} + +func (c *FakeReportsV1beta2) PolicyReports(namespace string) v1beta2.PolicyReportInterface { + return &FakePolicyReports{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeReportsV1beta2) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/generated_expansion.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/generated_expansion.go new file mode 100644 index 0000000..a878c0e --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/generated_expansion.go @@ -0,0 +1,22 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1beta2 + +type ClusterPolicyReportExpansion interface{} + +type PolicyReportExpansion interface{} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/policyreport.go new file mode 100644 index 0000000..502ea60 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/policyreport.go @@ -0,0 +1,177 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "context" + "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" + scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +// PolicyReportsGetter has a method to return a PolicyReportInterface. +// A group's client should implement this interface. +type PolicyReportsGetter interface { + PolicyReports(namespace string) PolicyReportInterface +} + +// PolicyReportInterface has methods to work with PolicyReport resources. +type PolicyReportInterface interface { + Create(ctx context.Context, policyReport *v1beta2.PolicyReport, opts v1.CreateOptions) (*v1beta2.PolicyReport, error) + Update(ctx context.Context, policyReport *v1beta2.PolicyReport, opts v1.UpdateOptions) (*v1beta2.PolicyReport, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta2.PolicyReport, error) + List(ctx context.Context, opts v1.ListOptions) (*v1beta2.PolicyReportList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.PolicyReport, err error) + PolicyReportExpansion +} + +// policyReports implements PolicyReportInterface +type policyReports struct { + client rest.Interface + ns string +} + +// newPolicyReports returns a PolicyReports +func newPolicyReports(c *ReportsV1beta2Client, namespace string) *policyReports { + return &policyReports{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any. +func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.PolicyReport, err error) { + result = &v1beta2.PolicyReport{} + err = c.client.Get(). + Namespace(c.ns). + Resource("policyreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of PolicyReports that match those selectors. +func (c *policyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.PolicyReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1beta2.PolicyReportList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested policyReports. +func (c *policyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *policyReports) Create(ctx context.Context, policyReport *v1beta2.PolicyReport, opts v1.CreateOptions) (result *v1beta2.PolicyReport, err error) { + result = &v1beta2.PolicyReport{} + err = c.client.Post(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(policyReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *policyReports) Update(ctx context.Context, policyReport *v1beta2.PolicyReport, opts v1.UpdateOptions) (result *v1beta2.PolicyReport, err error) { + result = &v1beta2.PolicyReport{} + err = c.client.Put(). + Namespace(c.ns). + Resource("policyreports"). + Name(policyReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(policyReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the policyReport and deletes it. Returns an error if one occurs. +func (c *policyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("policyreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *policyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched policyReport. +func (c *policyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.PolicyReport, err error) { + result = &v1beta2.PolicyReport{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("policyreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/reports.x-k8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/reports.x-k8s.io_client.go new file mode 100644 index 0000000..2729914 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/reports.x-k8s.io_client.go @@ -0,0 +1,111 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "net/http" + + rest "k8s.io/client-go/rest" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" + "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +type ReportsV1beta2Interface interface { + RESTClient() rest.Interface + ClusterPolicyReportsGetter + PolicyReportsGetter +} + +// ReportsV1beta2Client is used to interact with features provided by the reports.x-k8s.io group. +type ReportsV1beta2Client struct { + restClient rest.Interface +} + +func (c *ReportsV1beta2Client) ClusterPolicyReports() ClusterPolicyReportInterface { + return newClusterPolicyReports(c) +} + +func (c *ReportsV1beta2Client) PolicyReports(namespace string) PolicyReportInterface { + return newPolicyReports(c, namespace) +} + +// NewForConfig creates a new ReportsV1beta2Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*ReportsV1beta2Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new ReportsV1beta2Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*ReportsV1beta2Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) + if err != nil { + return nil, err + } + return &ReportsV1beta2Client{client}, nil +} + +// NewForConfigOrDie creates a new ReportsV1beta2Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *ReportsV1beta2Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new ReportsV1beta2Client for the given RESTClient. +func New(c rest.Interface) *ReportsV1beta2Client { + return &ReportsV1beta2Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1beta2.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *ReportsV1beta2Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go new file mode 100644 index 0000000..329ec73 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go @@ -0,0 +1,167 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1" + scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +// ClusterPolicyReportsGetter has a method to return a ClusterPolicyReportInterface. +// A group's client should implement this interface. +type ClusterPolicyReportsGetter interface { + ClusterPolicyReports() ClusterPolicyReportInterface +} + +// ClusterPolicyReportInterface has methods to work with ClusterPolicyReport resources. +type ClusterPolicyReportInterface interface { + Create(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.CreateOptions) (*v1alpha1.ClusterPolicyReport, error) + Update(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.UpdateOptions) (*v1alpha1.ClusterPolicyReport, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ClusterPolicyReport, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ClusterPolicyReportList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterPolicyReport, err error) + ClusterPolicyReportExpansion +} + +// clusterPolicyReports implements ClusterPolicyReportInterface +type clusterPolicyReports struct { + client rest.Interface +} + +// newClusterPolicyReports returns a ClusterPolicyReports +func newClusterPolicyReports(c *Wgpolicyk8sV1alpha1Client) *clusterPolicyReports { + return &clusterPolicyReports{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any. +func (c *clusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterPolicyReport, err error) { + result = &v1alpha1.ClusterPolicyReport{} + err = c.client.Get(). + Resource("clusterpolicyreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors. +func (c *clusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterPolicyReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.ClusterPolicyReportList{} + err = c.client.Get(). + Resource("clusterpolicyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterPolicyReports. +func (c *clusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterpolicyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *clusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha1.ClusterPolicyReport, err error) { + result = &v1alpha1.ClusterPolicyReport{} + err = c.client.Post(). + Resource("clusterpolicyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterPolicyReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *clusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha1.ClusterPolicyReport, err error) { + result = &v1alpha1.ClusterPolicyReport{} + err = c.client.Put(). + Resource("clusterpolicyreports"). + Name(clusterPolicyReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterPolicyReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs. +func (c *clusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterpolicyreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterpolicyreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterPolicyReport. +func (c *clusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterPolicyReport, err error) { + result = &v1alpha1.ClusterPolicyReport{} + err = c.client.Patch(pt). + Resource("clusterpolicyreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/doc.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/doc.go new file mode 100644 index 0000000..5d69c12 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/doc.go @@ -0,0 +1,19 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/doc.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/doc.go new file mode 100644 index 0000000..3b00159 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/doc.go @@ -0,0 +1,19 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_clusterpolicyreport.go new file mode 100644 index 0000000..733099a --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_clusterpolicyreport.go @@ -0,0 +1,120 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" + v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1" +) + +// FakeClusterPolicyReports implements ClusterPolicyReportInterface +type FakeClusterPolicyReports struct { + Fake *FakeWgpolicyk8sV1alpha1 +} + +var clusterpolicyreportsResource = v1alpha1.SchemeGroupVersion.WithResource("clusterpolicyreports") + +var clusterpolicyreportsKind = v1alpha1.SchemeGroupVersion.WithKind("ClusterPolicyReport") + +// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any. +func (c *FakeClusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterpolicyreportsResource, name), &v1alpha1.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.ClusterPolicyReport), err +} + +// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors. +func (c *FakeClusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterPolicyReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterpolicyreportsResource, clusterpolicyreportsKind, opts), &v1alpha1.ClusterPolicyReportList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.ClusterPolicyReportList{ListMeta: obj.(*v1alpha1.ClusterPolicyReportList).ListMeta} + for _, item := range obj.(*v1alpha1.ClusterPolicyReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterPolicyReports. +func (c *FakeClusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterpolicyreportsResource, opts)) +} + +// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *FakeClusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha1.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha1.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.ClusterPolicyReport), err +} + +// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *FakeClusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha1.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha1.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.ClusterPolicyReport), err +} + +// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs. +func (c *FakeClusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterpolicyreportsResource, name, opts), &v1alpha1.ClusterPolicyReport{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterpolicyreportsResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.ClusterPolicyReportList{}) + return err +} + +// Patch applies the patch and returns the patched clusterPolicyReport. +func (c *FakeClusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyreportsResource, name, pt, data, subresources...), &v1alpha1.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.ClusterPolicyReport), err +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_policyreport.go new file mode 100644 index 0000000..e05f1e5 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_policyreport.go @@ -0,0 +1,128 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" + v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1" +) + +// FakePolicyReports implements PolicyReportInterface +type FakePolicyReports struct { + Fake *FakeWgpolicyk8sV1alpha1 + ns string +} + +var policyreportsResource = v1alpha1.SchemeGroupVersion.WithResource("policyreports") + +var policyreportsKind = v1alpha1.SchemeGroupVersion.WithKind("PolicyReport") + +// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any. +func (c *FakePolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(policyreportsResource, c.ns, name), &v1alpha1.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.PolicyReport), err +} + +// List takes label and field selectors, and returns the list of PolicyReports that match those selectors. +func (c *FakePolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PolicyReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(policyreportsResource, policyreportsKind, c.ns, opts), &v1alpha1.PolicyReportList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.PolicyReportList{ListMeta: obj.(*v1alpha1.PolicyReportList).ListMeta} + for _, item := range obj.(*v1alpha1.PolicyReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested policyReports. +func (c *FakePolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(policyreportsResource, c.ns, opts)) + +} + +// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *FakePolicyReports) Create(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.CreateOptions) (result *v1alpha1.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(policyreportsResource, c.ns, policyReport), &v1alpha1.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.PolicyReport), err +} + +// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *FakePolicyReports) Update(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.UpdateOptions) (result *v1alpha1.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(policyreportsResource, c.ns, policyReport), &v1alpha1.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.PolicyReport), err +} + +// Delete takes name of the policyReport and deletes it. Returns an error if one occurs. +func (c *FakePolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(policyreportsResource, c.ns, name, opts), &v1alpha1.PolicyReport{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakePolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(policyreportsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.PolicyReportList{}) + return err +} + +// Patch applies the patch and returns the patched policyReport. +func (c *FakePolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(policyreportsResource, c.ns, name, pt, data, subresources...), &v1alpha1.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.PolicyReport), err +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_wgpolicyk8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_wgpolicyk8s.io_client.go new file mode 100644 index 0000000..bf5180f --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_wgpolicyk8s.io_client.go @@ -0,0 +1,43 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" + v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1" +) + +type FakeWgpolicyk8sV1alpha1 struct { + *testing.Fake +} + +func (c *FakeWgpolicyk8sV1alpha1) ClusterPolicyReports() v1alpha1.ClusterPolicyReportInterface { + return &FakeClusterPolicyReports{c} +} + +func (c *FakeWgpolicyk8sV1alpha1) PolicyReports(namespace string) v1alpha1.PolicyReportInterface { + return &FakePolicyReports{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeWgpolicyk8sV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/generated_expansion.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/generated_expansion.go new file mode 100644 index 0000000..5f3f1ab --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/generated_expansion.go @@ -0,0 +1,22 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type ClusterPolicyReportExpansion interface{} + +type PolicyReportExpansion interface{} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/policyreport.go new file mode 100644 index 0000000..c5e6d80 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/policyreport.go @@ -0,0 +1,177 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1" + scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +// PolicyReportsGetter has a method to return a PolicyReportInterface. +// A group's client should implement this interface. +type PolicyReportsGetter interface { + PolicyReports(namespace string) PolicyReportInterface +} + +// PolicyReportInterface has methods to work with PolicyReport resources. +type PolicyReportInterface interface { + Create(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.CreateOptions) (*v1alpha1.PolicyReport, error) + Update(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.UpdateOptions) (*v1alpha1.PolicyReport, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.PolicyReport, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.PolicyReportList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyReport, err error) + PolicyReportExpansion +} + +// policyReports implements PolicyReportInterface +type policyReports struct { + client rest.Interface + ns string +} + +// newPolicyReports returns a PolicyReports +func newPolicyReports(c *Wgpolicyk8sV1alpha1Client, namespace string) *policyReports { + return &policyReports{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any. +func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PolicyReport, err error) { + result = &v1alpha1.PolicyReport{} + err = c.client.Get(). + Namespace(c.ns). + Resource("policyreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of PolicyReports that match those selectors. +func (c *policyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PolicyReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.PolicyReportList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested policyReports. +func (c *policyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *policyReports) Create(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.CreateOptions) (result *v1alpha1.PolicyReport, err error) { + result = &v1alpha1.PolicyReport{} + err = c.client.Post(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(policyReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *policyReports) Update(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.UpdateOptions) (result *v1alpha1.PolicyReport, err error) { + result = &v1alpha1.PolicyReport{} + err = c.client.Put(). + Namespace(c.ns). + Resource("policyreports"). + Name(policyReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(policyReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the policyReport and deletes it. Returns an error if one occurs. +func (c *policyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("policyreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *policyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched policyReport. +func (c *policyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyReport, err error) { + result = &v1alpha1.PolicyReport{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("policyreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_client.go new file mode 100644 index 0000000..4c01be3 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_client.go @@ -0,0 +1,111 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "net/http" + + rest "k8s.io/client-go/rest" + v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1" + "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +type Wgpolicyk8sV1alpha1Interface interface { + RESTClient() rest.Interface + ClusterPolicyReportsGetter + PolicyReportsGetter +} + +// Wgpolicyk8sV1alpha1Client is used to interact with features provided by the wgpolicyk8s.io group. +type Wgpolicyk8sV1alpha1Client struct { + restClient rest.Interface +} + +func (c *Wgpolicyk8sV1alpha1Client) ClusterPolicyReports() ClusterPolicyReportInterface { + return newClusterPolicyReports(c) +} + +func (c *Wgpolicyk8sV1alpha1Client) PolicyReports(namespace string) PolicyReportInterface { + return newPolicyReports(c, namespace) +} + +// NewForConfig creates a new Wgpolicyk8sV1alpha1Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*Wgpolicyk8sV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new Wgpolicyk8sV1alpha1Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*Wgpolicyk8sV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) + if err != nil { + return nil, err + } + return &Wgpolicyk8sV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new Wgpolicyk8sV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *Wgpolicyk8sV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new Wgpolicyk8sV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *Wgpolicyk8sV1alpha1Client { + return &Wgpolicyk8sV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *Wgpolicyk8sV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go new file mode 100644 index 0000000..6f152d4 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go @@ -0,0 +1,167 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + "context" + "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2" + scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +// ClusterPolicyReportsGetter has a method to return a ClusterPolicyReportInterface. +// A group's client should implement this interface. +type ClusterPolicyReportsGetter interface { + ClusterPolicyReports() ClusterPolicyReportInterface +} + +// ClusterPolicyReportInterface has methods to work with ClusterPolicyReport resources. +type ClusterPolicyReportInterface interface { + Create(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.CreateOptions) (*v1alpha2.ClusterPolicyReport, error) + Update(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.UpdateOptions) (*v1alpha2.ClusterPolicyReport, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.ClusterPolicyReport, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.ClusterPolicyReportList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterPolicyReport, err error) + ClusterPolicyReportExpansion +} + +// clusterPolicyReports implements ClusterPolicyReportInterface +type clusterPolicyReports struct { + client rest.Interface +} + +// newClusterPolicyReports returns a ClusterPolicyReports +func newClusterPolicyReports(c *Wgpolicyk8sV1alpha2Client) *clusterPolicyReports { + return &clusterPolicyReports{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any. +func (c *clusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ClusterPolicyReport, err error) { + result = &v1alpha2.ClusterPolicyReport{} + err = c.client.Get(). + Resource("clusterpolicyreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors. +func (c *clusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.ClusterPolicyReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha2.ClusterPolicyReportList{} + err = c.client.Get(). + Resource("clusterpolicyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterPolicyReports. +func (c *clusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterpolicyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *clusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha2.ClusterPolicyReport, err error) { + result = &v1alpha2.ClusterPolicyReport{} + err = c.client.Post(). + Resource("clusterpolicyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterPolicyReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *clusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha2.ClusterPolicyReport, err error) { + result = &v1alpha2.ClusterPolicyReport{} + err = c.client.Put(). + Resource("clusterpolicyreports"). + Name(clusterPolicyReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterPolicyReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs. +func (c *clusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterpolicyreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterpolicyreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterPolicyReport. +func (c *clusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterPolicyReport, err error) { + result = &v1alpha2.ClusterPolicyReport{} + err = c.client.Patch(pt). + Resource("clusterpolicyreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/doc.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/doc.go new file mode 100644 index 0000000..35adcce --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/doc.go @@ -0,0 +1,19 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha2 diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/doc.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/doc.go new file mode 100644 index 0000000..3b00159 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/doc.go @@ -0,0 +1,19 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_clusterpolicyreport.go new file mode 100644 index 0000000..e6a98ad --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_clusterpolicyreport.go @@ -0,0 +1,120 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" + v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2" +) + +// FakeClusterPolicyReports implements ClusterPolicyReportInterface +type FakeClusterPolicyReports struct { + Fake *FakeWgpolicyk8sV1alpha2 +} + +var clusterpolicyreportsResource = v1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports") + +var clusterpolicyreportsKind = v1alpha2.SchemeGroupVersion.WithKind("ClusterPolicyReport") + +// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any. +func (c *FakeClusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterpolicyreportsResource, name), &v1alpha2.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.ClusterPolicyReport), err +} + +// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors. +func (c *FakeClusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.ClusterPolicyReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterpolicyreportsResource, clusterpolicyreportsKind, opts), &v1alpha2.ClusterPolicyReportList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha2.ClusterPolicyReportList{ListMeta: obj.(*v1alpha2.ClusterPolicyReportList).ListMeta} + for _, item := range obj.(*v1alpha2.ClusterPolicyReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterPolicyReports. +func (c *FakeClusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterpolicyreportsResource, opts)) +} + +// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *FakeClusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha2.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha2.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.ClusterPolicyReport), err +} + +// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *FakeClusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha2.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha2.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.ClusterPolicyReport), err +} + +// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs. +func (c *FakeClusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterpolicyreportsResource, name, opts), &v1alpha2.ClusterPolicyReport{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterpolicyreportsResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha2.ClusterPolicyReportList{}) + return err +} + +// Patch applies the patch and returns the patched clusterPolicyReport. +func (c *FakeClusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyreportsResource, name, pt, data, subresources...), &v1alpha2.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.ClusterPolicyReport), err +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_policyreport.go new file mode 100644 index 0000000..da5a056 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_policyreport.go @@ -0,0 +1,128 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" + v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2" +) + +// FakePolicyReports implements PolicyReportInterface +type FakePolicyReports struct { + Fake *FakeWgpolicyk8sV1alpha2 + ns string +} + +var policyreportsResource = v1alpha2.SchemeGroupVersion.WithResource("policyreports") + +var policyreportsKind = v1alpha2.SchemeGroupVersion.WithKind("PolicyReport") + +// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any. +func (c *FakePolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(policyreportsResource, c.ns, name), &v1alpha2.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.PolicyReport), err +} + +// List takes label and field selectors, and returns the list of PolicyReports that match those selectors. +func (c *FakePolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.PolicyReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(policyreportsResource, policyreportsKind, c.ns, opts), &v1alpha2.PolicyReportList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha2.PolicyReportList{ListMeta: obj.(*v1alpha2.PolicyReportList).ListMeta} + for _, item := range obj.(*v1alpha2.PolicyReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested policyReports. +func (c *FakePolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(policyreportsResource, c.ns, opts)) + +} + +// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *FakePolicyReports) Create(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.CreateOptions) (result *v1alpha2.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(policyreportsResource, c.ns, policyReport), &v1alpha2.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.PolicyReport), err +} + +// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *FakePolicyReports) Update(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.UpdateOptions) (result *v1alpha2.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(policyreportsResource, c.ns, policyReport), &v1alpha2.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.PolicyReport), err +} + +// Delete takes name of the policyReport and deletes it. Returns an error if one occurs. +func (c *FakePolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(policyreportsResource, c.ns, name, opts), &v1alpha2.PolicyReport{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakePolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(policyreportsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha2.PolicyReportList{}) + return err +} + +// Patch applies the patch and returns the patched policyReport. +func (c *FakePolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(policyreportsResource, c.ns, name, pt, data, subresources...), &v1alpha2.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.PolicyReport), err +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_wgpolicyk8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_wgpolicyk8s.io_client.go new file mode 100644 index 0000000..9ace20b --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_wgpolicyk8s.io_client.go @@ -0,0 +1,43 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" + v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2" +) + +type FakeWgpolicyk8sV1alpha2 struct { + *testing.Fake +} + +func (c *FakeWgpolicyk8sV1alpha2) ClusterPolicyReports() v1alpha2.ClusterPolicyReportInterface { + return &FakeClusterPolicyReports{c} +} + +func (c *FakeWgpolicyk8sV1alpha2) PolicyReports(namespace string) v1alpha2.PolicyReportInterface { + return &FakePolicyReports{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeWgpolicyk8sV1alpha2) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/generated_expansion.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/generated_expansion.go new file mode 100644 index 0000000..edf637c --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/generated_expansion.go @@ -0,0 +1,22 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha2 + +type ClusterPolicyReportExpansion interface{} + +type PolicyReportExpansion interface{} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/policyreport.go new file mode 100644 index 0000000..57d4a97 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/policyreport.go @@ -0,0 +1,177 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + "context" + "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2" + scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +// PolicyReportsGetter has a method to return a PolicyReportInterface. +// A group's client should implement this interface. +type PolicyReportsGetter interface { + PolicyReports(namespace string) PolicyReportInterface +} + +// PolicyReportInterface has methods to work with PolicyReport resources. +type PolicyReportInterface interface { + Create(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.CreateOptions) (*v1alpha2.PolicyReport, error) + Update(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.UpdateOptions) (*v1alpha2.PolicyReport, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.PolicyReport, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.PolicyReportList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.PolicyReport, err error) + PolicyReportExpansion +} + +// policyReports implements PolicyReportInterface +type policyReports struct { + client rest.Interface + ns string +} + +// newPolicyReports returns a PolicyReports +func newPolicyReports(c *Wgpolicyk8sV1alpha2Client, namespace string) *policyReports { + return &policyReports{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any. +func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.PolicyReport, err error) { + result = &v1alpha2.PolicyReport{} + err = c.client.Get(). + Namespace(c.ns). + Resource("policyreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of PolicyReports that match those selectors. +func (c *policyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.PolicyReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha2.PolicyReportList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested policyReports. +func (c *policyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *policyReports) Create(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.CreateOptions) (result *v1alpha2.PolicyReport, err error) { + result = &v1alpha2.PolicyReport{} + err = c.client.Post(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(policyReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *policyReports) Update(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.UpdateOptions) (result *v1alpha2.PolicyReport, err error) { + result = &v1alpha2.PolicyReport{} + err = c.client.Put(). + Namespace(c.ns). + Resource("policyreports"). + Name(policyReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(policyReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the policyReport and deletes it. Returns an error if one occurs. +func (c *policyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("policyreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *policyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched policyReport. +func (c *policyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.PolicyReport, err error) { + result = &v1alpha2.PolicyReport{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("policyreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_client.go new file mode 100644 index 0000000..e15e504 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_client.go @@ -0,0 +1,111 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + "net/http" + + rest "k8s.io/client-go/rest" + v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2" + "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +type Wgpolicyk8sV1alpha2Interface interface { + RESTClient() rest.Interface + ClusterPolicyReportsGetter + PolicyReportsGetter +} + +// Wgpolicyk8sV1alpha2Client is used to interact with features provided by the wgpolicyk8s.io group. +type Wgpolicyk8sV1alpha2Client struct { + restClient rest.Interface +} + +func (c *Wgpolicyk8sV1alpha2Client) ClusterPolicyReports() ClusterPolicyReportInterface { + return newClusterPolicyReports(c) +} + +func (c *Wgpolicyk8sV1alpha2Client) PolicyReports(namespace string) PolicyReportInterface { + return newPolicyReports(c, namespace) +} + +// NewForConfig creates a new Wgpolicyk8sV1alpha2Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*Wgpolicyk8sV1alpha2Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new Wgpolicyk8sV1alpha2Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*Wgpolicyk8sV1alpha2Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) + if err != nil { + return nil, err + } + return &Wgpolicyk8sV1alpha2Client{client}, nil +} + +// NewForConfigOrDie creates a new Wgpolicyk8sV1alpha2Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *Wgpolicyk8sV1alpha2Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new Wgpolicyk8sV1alpha2Client for the given RESTClient. +func New(c rest.Interface) *Wgpolicyk8sV1alpha2Client { + return &Wgpolicyk8sV1alpha2Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha2.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *Wgpolicyk8sV1alpha2Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go new file mode 100644 index 0000000..3e201b2 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go @@ -0,0 +1,167 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "context" + "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1" + scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +// ClusterPolicyReportsGetter has a method to return a ClusterPolicyReportInterface. +// A group's client should implement this interface. +type ClusterPolicyReportsGetter interface { + ClusterPolicyReports() ClusterPolicyReportInterface +} + +// ClusterPolicyReportInterface has methods to work with ClusterPolicyReport resources. +type ClusterPolicyReportInterface interface { + Create(ctx context.Context, clusterPolicyReport *v1beta1.ClusterPolicyReport, opts v1.CreateOptions) (*v1beta1.ClusterPolicyReport, error) + Update(ctx context.Context, clusterPolicyReport *v1beta1.ClusterPolicyReport, opts v1.UpdateOptions) (*v1beta1.ClusterPolicyReport, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.ClusterPolicyReport, error) + List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ClusterPolicyReportList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ClusterPolicyReport, err error) + ClusterPolicyReportExpansion +} + +// clusterPolicyReports implements ClusterPolicyReportInterface +type clusterPolicyReports struct { + client rest.Interface +} + +// newClusterPolicyReports returns a ClusterPolicyReports +func newClusterPolicyReports(c *Wgpolicyk8sV1beta1Client) *clusterPolicyReports { + return &clusterPolicyReports{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any. +func (c *clusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ClusterPolicyReport, err error) { + result = &v1beta1.ClusterPolicyReport{} + err = c.client.Get(). + Resource("clusterpolicyreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors. +func (c *clusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ClusterPolicyReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1beta1.ClusterPolicyReportList{} + err = c.client.Get(). + Resource("clusterpolicyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterPolicyReports. +func (c *clusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterpolicyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *clusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1beta1.ClusterPolicyReport, opts v1.CreateOptions) (result *v1beta1.ClusterPolicyReport, err error) { + result = &v1beta1.ClusterPolicyReport{} + err = c.client.Post(). + Resource("clusterpolicyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterPolicyReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *clusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1beta1.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1beta1.ClusterPolicyReport, err error) { + result = &v1beta1.ClusterPolicyReport{} + err = c.client.Put(). + Resource("clusterpolicyreports"). + Name(clusterPolicyReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterPolicyReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs. +func (c *clusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterpolicyreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterpolicyreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterPolicyReport. +func (c *clusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ClusterPolicyReport, err error) { + result = &v1beta1.ClusterPolicyReport{} + err = c.client.Patch(pt). + Resource("clusterpolicyreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/doc.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/doc.go new file mode 100644 index 0000000..87e8d20 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/doc.go @@ -0,0 +1,19 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1beta1 diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/doc.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/doc.go new file mode 100644 index 0000000..3b00159 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/doc.go @@ -0,0 +1,19 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_clusterpolicyreport.go new file mode 100644 index 0000000..d4d6a78 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_clusterpolicyreport.go @@ -0,0 +1,120 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" + v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1" +) + +// FakeClusterPolicyReports implements ClusterPolicyReportInterface +type FakeClusterPolicyReports struct { + Fake *FakeWgpolicyk8sV1beta1 +} + +var clusterpolicyreportsResource = v1beta1.SchemeGroupVersion.WithResource("clusterpolicyreports") + +var clusterpolicyreportsKind = v1beta1.SchemeGroupVersion.WithKind("ClusterPolicyReport") + +// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any. +func (c *FakeClusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterpolicyreportsResource, name), &v1beta1.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta1.ClusterPolicyReport), err +} + +// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors. +func (c *FakeClusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ClusterPolicyReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterpolicyreportsResource, clusterpolicyreportsKind, opts), &v1beta1.ClusterPolicyReportList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1beta1.ClusterPolicyReportList{ListMeta: obj.(*v1beta1.ClusterPolicyReportList).ListMeta} + for _, item := range obj.(*v1beta1.ClusterPolicyReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterPolicyReports. +func (c *FakeClusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterpolicyreportsResource, opts)) +} + +// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *FakeClusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1beta1.ClusterPolicyReport, opts v1.CreateOptions) (result *v1beta1.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1beta1.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta1.ClusterPolicyReport), err +} + +// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. +func (c *FakeClusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1beta1.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1beta1.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1beta1.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta1.ClusterPolicyReport), err +} + +// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs. +func (c *FakeClusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterpolicyreportsResource, name, opts), &v1beta1.ClusterPolicyReport{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterpolicyreportsResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1beta1.ClusterPolicyReportList{}) + return err +} + +// Patch applies the patch and returns the patched clusterPolicyReport. +func (c *FakeClusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ClusterPolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyreportsResource, name, pt, data, subresources...), &v1beta1.ClusterPolicyReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta1.ClusterPolicyReport), err +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_policyreport.go new file mode 100644 index 0000000..aca1f53 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_policyreport.go @@ -0,0 +1,128 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" + v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1" +) + +// FakePolicyReports implements PolicyReportInterface +type FakePolicyReports struct { + Fake *FakeWgpolicyk8sV1beta1 + ns string +} + +var policyreportsResource = v1beta1.SchemeGroupVersion.WithResource("policyreports") + +var policyreportsKind = v1beta1.SchemeGroupVersion.WithKind("PolicyReport") + +// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any. +func (c *FakePolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(policyreportsResource, c.ns, name), &v1beta1.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta1.PolicyReport), err +} + +// List takes label and field selectors, and returns the list of PolicyReports that match those selectors. +func (c *FakePolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.PolicyReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(policyreportsResource, policyreportsKind, c.ns, opts), &v1beta1.PolicyReportList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1beta1.PolicyReportList{ListMeta: obj.(*v1beta1.PolicyReportList).ListMeta} + for _, item := range obj.(*v1beta1.PolicyReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested policyReports. +func (c *FakePolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(policyreportsResource, c.ns, opts)) + +} + +// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *FakePolicyReports) Create(ctx context.Context, policyReport *v1beta1.PolicyReport, opts v1.CreateOptions) (result *v1beta1.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(policyreportsResource, c.ns, policyReport), &v1beta1.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta1.PolicyReport), err +} + +// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *FakePolicyReports) Update(ctx context.Context, policyReport *v1beta1.PolicyReport, opts v1.UpdateOptions) (result *v1beta1.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(policyreportsResource, c.ns, policyReport), &v1beta1.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta1.PolicyReport), err +} + +// Delete takes name of the policyReport and deletes it. Returns an error if one occurs. +func (c *FakePolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(policyreportsResource, c.ns, name, opts), &v1beta1.PolicyReport{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakePolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(policyreportsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1beta1.PolicyReportList{}) + return err +} + +// Patch applies the patch and returns the patched policyReport. +func (c *FakePolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PolicyReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(policyreportsResource, c.ns, name, pt, data, subresources...), &v1beta1.PolicyReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta1.PolicyReport), err +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_wgpolicyk8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_wgpolicyk8s.io_client.go new file mode 100644 index 0000000..d9b0e3e --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_wgpolicyk8s.io_client.go @@ -0,0 +1,43 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" + v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1" +) + +type FakeWgpolicyk8sV1beta1 struct { + *testing.Fake +} + +func (c *FakeWgpolicyk8sV1beta1) ClusterPolicyReports() v1beta1.ClusterPolicyReportInterface { + return &FakeClusterPolicyReports{c} +} + +func (c *FakeWgpolicyk8sV1beta1) PolicyReports(namespace string) v1beta1.PolicyReportInterface { + return &FakePolicyReports{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeWgpolicyk8sV1beta1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/generated_expansion.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/generated_expansion.go new file mode 100644 index 0000000..882554f --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/generated_expansion.go @@ -0,0 +1,22 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1beta1 + +type ClusterPolicyReportExpansion interface{} + +type PolicyReportExpansion interface{} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/policyreport.go new file mode 100644 index 0000000..e03a3a6 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/policyreport.go @@ -0,0 +1,177 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "context" + "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1" + scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +// PolicyReportsGetter has a method to return a PolicyReportInterface. +// A group's client should implement this interface. +type PolicyReportsGetter interface { + PolicyReports(namespace string) PolicyReportInterface +} + +// PolicyReportInterface has methods to work with PolicyReport resources. +type PolicyReportInterface interface { + Create(ctx context.Context, policyReport *v1beta1.PolicyReport, opts v1.CreateOptions) (*v1beta1.PolicyReport, error) + Update(ctx context.Context, policyReport *v1beta1.PolicyReport, opts v1.UpdateOptions) (*v1beta1.PolicyReport, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.PolicyReport, error) + List(ctx context.Context, opts v1.ListOptions) (*v1beta1.PolicyReportList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PolicyReport, err error) + PolicyReportExpansion +} + +// policyReports implements PolicyReportInterface +type policyReports struct { + client rest.Interface + ns string +} + +// newPolicyReports returns a PolicyReports +func newPolicyReports(c *Wgpolicyk8sV1beta1Client, namespace string) *policyReports { + return &policyReports{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any. +func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.PolicyReport, err error) { + result = &v1beta1.PolicyReport{} + err = c.client.Get(). + Namespace(c.ns). + Resource("policyreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of PolicyReports that match those selectors. +func (c *policyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.PolicyReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1beta1.PolicyReportList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested policyReports. +func (c *policyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *policyReports) Create(ctx context.Context, policyReport *v1beta1.PolicyReport, opts v1.CreateOptions) (result *v1beta1.PolicyReport, err error) { + result = &v1beta1.PolicyReport{} + err = c.client.Post(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(policyReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any. +func (c *policyReports) Update(ctx context.Context, policyReport *v1beta1.PolicyReport, opts v1.UpdateOptions) (result *v1beta1.PolicyReport, err error) { + result = &v1beta1.PolicyReport{} + err = c.client.Put(). + Namespace(c.ns). + Resource("policyreports"). + Name(policyReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(policyReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the policyReport and deletes it. Returns an error if one occurs. +func (c *policyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("policyreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *policyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("policyreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched policyReport. +func (c *policyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PolicyReport, err error) { + result = &v1beta1.PolicyReport{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("policyreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_client.go new file mode 100644 index 0000000..67d1479 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_client.go @@ -0,0 +1,111 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "net/http" + + rest "k8s.io/client-go/rest" + v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1" + "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +type Wgpolicyk8sV1beta1Interface interface { + RESTClient() rest.Interface + ClusterPolicyReportsGetter + PolicyReportsGetter +} + +// Wgpolicyk8sV1beta1Client is used to interact with features provided by the wgpolicyk8s.io group. +type Wgpolicyk8sV1beta1Client struct { + restClient rest.Interface +} + +func (c *Wgpolicyk8sV1beta1Client) ClusterPolicyReports() ClusterPolicyReportInterface { + return newClusterPolicyReports(c) +} + +func (c *Wgpolicyk8sV1beta1Client) PolicyReports(namespace string) PolicyReportInterface { + return newPolicyReports(c, namespace) +} + +// NewForConfig creates a new Wgpolicyk8sV1beta1Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*Wgpolicyk8sV1beta1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new Wgpolicyk8sV1beta1Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*Wgpolicyk8sV1beta1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) + if err != nil { + return nil, err + } + return &Wgpolicyk8sV1beta1Client{client}, nil +} + +// NewForConfigOrDie creates a new Wgpolicyk8sV1beta1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *Wgpolicyk8sV1beta1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new Wgpolicyk8sV1beta1Client for the given RESTClient. +func New(c rest.Interface) *Wgpolicyk8sV1beta1Client { + return &Wgpolicyk8sV1beta1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1beta1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *Wgpolicyk8sV1beta1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/policy-report/pkg/client/informers/externalversions/factory.go b/policy-report/pkg/client/informers/externalversions/factory.go new file mode 100644 index 0000000..bae0a62 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/factory.go @@ -0,0 +1,266 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package externalversions + +import ( + reflect "reflect" + sync "sync" + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + cache "k8s.io/client-go/tools/cache" + versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned" + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" + reportsxk8sio "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io" + wgpolicyk8sio "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io" +) + +// SharedInformerOption defines the functional option type for SharedInformerFactory. +type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory + +type sharedInformerFactory struct { + client versioned.Interface + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc + lock sync.Mutex + defaultResync time.Duration + customResync map[reflect.Type]time.Duration + transform cache.TransformFunc + + informers map[reflect.Type]cache.SharedIndexInformer + // startedInformers is used for tracking which informers have been started. + // This allows Start() to be called multiple times safely. + startedInformers map[reflect.Type]bool + // wg tracks how many goroutines were started. + wg sync.WaitGroup + // shuttingDown is true when Shutdown has been called. It may still be running + // because it needs to wait for goroutines. + shuttingDown bool +} + +// WithCustomResyncConfig sets a custom resync period for the specified informer types. +func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + for k, v := range resyncConfig { + factory.customResync[reflect.TypeOf(k)] = v + } + return factory + } +} + +// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory. +func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.tweakListOptions = tweakListOptions + return factory + } +} + +// WithNamespace limits the SharedInformerFactory to the specified namespace. +func WithNamespace(namespace string) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.namespace = namespace + return factory + } +} + +// WithTransform sets a transform on all informers. +func WithTransform(transform cache.TransformFunc) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.transform = transform + return factory + } +} + +// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces. +func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory { + return NewSharedInformerFactoryWithOptions(client, defaultResync) +} + +// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory. +// Listers obtained via this SharedInformerFactory will be subject to the same filters +// as specified here. +// Deprecated: Please use NewSharedInformerFactoryWithOptions instead +func NewFilteredSharedInformerFactory(client versioned.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory { + return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions)) +} + +// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options. +func NewSharedInformerFactoryWithOptions(client versioned.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory { + factory := &sharedInformerFactory{ + client: client, + namespace: v1.NamespaceAll, + defaultResync: defaultResync, + informers: make(map[reflect.Type]cache.SharedIndexInformer), + startedInformers: make(map[reflect.Type]bool), + customResync: make(map[reflect.Type]time.Duration), + } + + // Apply all options + for _, opt := range options { + factory = opt(factory) + } + + return factory +} + +func (f *sharedInformerFactory) Start(stopCh <-chan struct{}) { + f.lock.Lock() + defer f.lock.Unlock() + + if f.shuttingDown { + return + } + + for informerType, informer := range f.informers { + if !f.startedInformers[informerType] { + f.wg.Add(1) + // We need a new variable in each loop iteration, + // otherwise the goroutine would use the loop variable + // and that keeps changing. + informer := informer + go func() { + defer f.wg.Done() + informer.Run(stopCh) + }() + f.startedInformers[informerType] = true + } + } +} + +func (f *sharedInformerFactory) Shutdown() { + f.lock.Lock() + f.shuttingDown = true + f.lock.Unlock() + + // Will return immediately if there is nothing to wait for. + f.wg.Wait() +} + +func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool { + informers := func() map[reflect.Type]cache.SharedIndexInformer { + f.lock.Lock() + defer f.lock.Unlock() + + informers := map[reflect.Type]cache.SharedIndexInformer{} + for informerType, informer := range f.informers { + if f.startedInformers[informerType] { + informers[informerType] = informer + } + } + return informers + }() + + res := map[reflect.Type]bool{} + for informType, informer := range informers { + res[informType] = cache.WaitForCacheSync(stopCh, informer.HasSynced) + } + return res +} + +// InformerFor returns the SharedIndexInformer for obj using an internal +// client. +func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer { + f.lock.Lock() + defer f.lock.Unlock() + + informerType := reflect.TypeOf(obj) + informer, exists := f.informers[informerType] + if exists { + return informer + } + + resyncPeriod, exists := f.customResync[informerType] + if !exists { + resyncPeriod = f.defaultResync + } + + informer = newFunc(f.client, resyncPeriod) + informer.SetTransform(f.transform) + f.informers[informerType] = informer + + return informer +} + +// SharedInformerFactory provides shared informers for resources in all known +// API group versions. +// +// It is typically used like this: +// +// ctx, cancel := context.Background() +// defer cancel() +// factory := NewSharedInformerFactory(client, resyncPeriod) +// defer factory.WaitForStop() // Returns immediately if nothing was started. +// genericInformer := factory.ForResource(resource) +// typedInformer := factory.SomeAPIGroup().V1().SomeType() +// factory.Start(ctx.Done()) // Start processing these informers. +// synced := factory.WaitForCacheSync(ctx.Done()) +// for v, ok := range synced { +// if !ok { +// fmt.Fprintf(os.Stderr, "caches failed to sync: %v", v) +// return +// } +// } +// +// // Creating informers can also be created after Start, but then +// // Start must be called again: +// anotherGenericInformer := factory.ForResource(resource) +// factory.Start(ctx.Done()) +type SharedInformerFactory interface { + internalinterfaces.SharedInformerFactory + + // Start initializes all requested informers. They are handled in goroutines + // which run until the stop channel gets closed. + Start(stopCh <-chan struct{}) + + // Shutdown marks a factory as shutting down. At that point no new + // informers can be started anymore and Start will return without + // doing anything. + // + // In addition, Shutdown blocks until all goroutines have terminated. For that + // to happen, the close channel(s) that they were started with must be closed, + // either before Shutdown gets called or while it is waiting. + // + // Shutdown may be called multiple times, even concurrently. All such calls will + // block until all goroutines have terminated. + Shutdown() + + // WaitForCacheSync blocks until all started informers' caches were synced + // or the stop channel gets closed. + WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool + + // ForResource gives generic access to a shared informer of the matching type. + ForResource(resource schema.GroupVersionResource) (GenericInformer, error) + + // InformerFor returns the SharedIndexInformer for obj using an internal + // client. + InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer + + Reports() reportsxk8sio.Interface + Wgpolicyk8s() wgpolicyk8sio.Interface +} + +func (f *sharedInformerFactory) Reports() reportsxk8sio.Interface { + return reportsxk8sio.New(f, f.namespace, f.tweakListOptions) +} + +func (f *sharedInformerFactory) Wgpolicyk8s() wgpolicyk8sio.Interface { + return wgpolicyk8sio.New(f, f.namespace, f.tweakListOptions) +} diff --git a/policy-report/pkg/client/informers/externalversions/generic.go b/policy-report/pkg/client/informers/externalversions/generic.go new file mode 100644 index 0000000..250e2b9 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/generic.go @@ -0,0 +1,84 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package externalversions + +import ( + "fmt" + + schema "k8s.io/apimachinery/pkg/runtime/schema" + cache "k8s.io/client-go/tools/cache" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" + v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1" + v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2" + v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1" +) + +// GenericInformer is type of SharedIndexInformer which will locate and delegate to other +// sharedInformers based on type +type GenericInformer interface { + Informer() cache.SharedIndexInformer + Lister() cache.GenericLister +} + +type genericInformer struct { + informer cache.SharedIndexInformer + resource schema.GroupResource +} + +// Informer returns the SharedIndexInformer. +func (f *genericInformer) Informer() cache.SharedIndexInformer { + return f.informer +} + +// Lister returns the GenericLister. +func (f *genericInformer) Lister() cache.GenericLister { + return cache.NewGenericLister(f.Informer().GetIndexer(), f.resource) +} + +// ForResource gives generic access to a shared informer of the matching type +// TODO extend this to unknown resources with a client pool +func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { + switch resource { + // Group=reports.x-k8s.io, Version=v1beta2 + case v1beta2.SchemeGroupVersion.WithResource("clusterpolicyreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1beta2().ClusterPolicyReports().Informer()}, nil + case v1beta2.SchemeGroupVersion.WithResource("policyreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1beta2().PolicyReports().Informer()}, nil + + // Group=wgpolicyk8s.io, Version=v1alpha1 + case v1alpha1.SchemeGroupVersion.WithResource("clusterpolicyreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha1().ClusterPolicyReports().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("policyreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha1().PolicyReports().Informer()}, nil + + // Group=wgpolicyk8s.io, Version=v1alpha2 + case v1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha2().ClusterPolicyReports().Informer()}, nil + case v1alpha2.SchemeGroupVersion.WithResource("policyreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha2().PolicyReports().Informer()}, nil + + // Group=wgpolicyk8s.io, Version=v1beta1 + case v1beta1.SchemeGroupVersion.WithResource("clusterpolicyreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1beta1().ClusterPolicyReports().Informer()}, nil + case v1beta1.SchemeGroupVersion.WithResource("policyreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1beta1().PolicyReports().Informer()}, nil + + } + + return nil, fmt.Errorf("no informer found for %v", resource) +} diff --git a/policy-report/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go b/policy-report/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go new file mode 100644 index 0000000..10bdf24 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go @@ -0,0 +1,39 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package internalinterfaces + +import ( + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + cache "k8s.io/client-go/tools/cache" + versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned" +) + +// NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer. +type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer + +// SharedInformerFactory a small interface to allow for adding an informer without an import cycle +type SharedInformerFactory interface { + Start(stopCh <-chan struct{}) + InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer +} + +// TweakListOptionsFunc is a function that transforms a v1.ListOptions. +type TweakListOptionsFunc func(*v1.ListOptions) diff --git a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/interface.go b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/interface.go new file mode 100644 index 0000000..894afcb --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/interface.go @@ -0,0 +1,45 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package reports + +import ( + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1beta2 provides access to shared informers for resources in V1beta2. + V1beta2() v1beta2.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1beta2 returns a new v1beta2.Interface. +func (g *group) V1beta2() v1beta2.Interface { + return v1beta2.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterpolicyreport.go b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterpolicyreport.go new file mode 100644 index 0000000..4b340ed --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterpolicyreport.go @@ -0,0 +1,88 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "context" + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + reportsxk8siov1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" + versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned" + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2" +) + +// ClusterPolicyReportInformer provides access to a shared informer and lister for +// ClusterPolicyReports. +type ClusterPolicyReportInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1beta2.ClusterPolicyReportLister +} + +type clusterPolicyReportInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ReportsV1beta2().ClusterPolicyReports().List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ReportsV1beta2().ClusterPolicyReports().Watch(context.TODO(), options) + }, + }, + &reportsxk8siov1beta2.ClusterPolicyReport{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterPolicyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterPolicyReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&reportsxk8siov1beta2.ClusterPolicyReport{}, f.defaultInformer) +} + +func (f *clusterPolicyReportInformer) Lister() v1beta2.ClusterPolicyReportLister { + return v1beta2.NewClusterPolicyReportLister(f.Informer().GetIndexer()) +} diff --git a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/interface.go b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/interface.go new file mode 100644 index 0000000..b04cea1 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/interface.go @@ -0,0 +1,51 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1beta2 + +import ( + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // ClusterPolicyReports returns a ClusterPolicyReportInformer. + ClusterPolicyReports() ClusterPolicyReportInformer + // PolicyReports returns a PolicyReportInformer. + PolicyReports() PolicyReportInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// ClusterPolicyReports returns a ClusterPolicyReportInformer. +func (v *version) ClusterPolicyReports() ClusterPolicyReportInformer { + return &clusterPolicyReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + +// PolicyReports returns a PolicyReportInformer. +func (v *version) PolicyReports() PolicyReportInformer { + return &policyReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/policyreport.go b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/policyreport.go new file mode 100644 index 0000000..846ba00 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/policyreport.go @@ -0,0 +1,89 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "context" + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + reportsxk8siov1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" + versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned" + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2" +) + +// PolicyReportInformer provides access to a shared informer and lister for +// PolicyReports. +type PolicyReportInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1beta2.PolicyReportLister +} + +type policyReportInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewPolicyReportInformer constructs a new informer for PolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredPolicyReportInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredPolicyReportInformer constructs a new informer for PolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ReportsV1beta2().PolicyReports(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ReportsV1beta2().PolicyReports(namespace).Watch(context.TODO(), options) + }, + }, + &reportsxk8siov1beta2.PolicyReport{}, + resyncPeriod, + indexers, + ) +} + +func (f *policyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredPolicyReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *policyReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&reportsxk8siov1beta2.PolicyReport{}, f.defaultInformer) +} + +func (f *policyReportInformer) Lister() v1beta2.PolicyReportLister { + return v1beta2.NewPolicyReportLister(f.Informer().GetIndexer()) +} diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/interface.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/interface.go new file mode 100644 index 0000000..2cafcf7 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/interface.go @@ -0,0 +1,61 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package wgpolicyk8s + +import ( + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" + v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1" + v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2" + v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1alpha1 provides access to shared informers for resources in V1alpha1. + V1alpha1() v1alpha1.Interface + // V1alpha2 provides access to shared informers for resources in V1alpha2. + V1alpha2() v1alpha2.Interface + // V1beta1 provides access to shared informers for resources in V1beta1. + V1beta1() v1beta1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1alpha1 returns a new v1alpha1.Interface. +func (g *group) V1alpha1() v1alpha1.Interface { + return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) +} + +// V1alpha2 returns a new v1alpha2.Interface. +func (g *group) V1alpha2() v1alpha2.Interface { + return v1alpha2.New(g.factory, g.namespace, g.tweakListOptions) +} + +// V1beta1 returns a new v1beta1.Interface. +func (g *group) V1beta1() v1beta1.Interface { + return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go new file mode 100644 index 0000000..7eb1b40 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go @@ -0,0 +1,88 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + wgpolicyk8siov1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1" + versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned" + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" + v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1" +) + +// ClusterPolicyReportInformer provides access to a shared informer and lister for +// ClusterPolicyReports. +type ClusterPolicyReportInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.ClusterPolicyReportLister +} + +type clusterPolicyReportInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.Wgpolicyk8sV1alpha1().ClusterPolicyReports().List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.Wgpolicyk8sV1alpha1().ClusterPolicyReports().Watch(context.TODO(), options) + }, + }, + &wgpolicyk8siov1alpha1.ClusterPolicyReport{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterPolicyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterPolicyReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&wgpolicyk8siov1alpha1.ClusterPolicyReport{}, f.defaultInformer) +} + +func (f *clusterPolicyReportInformer) Lister() v1alpha1.ClusterPolicyReportLister { + return v1alpha1.NewClusterPolicyReportLister(f.Informer().GetIndexer()) +} diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/interface.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/interface.go new file mode 100644 index 0000000..12f4355 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/interface.go @@ -0,0 +1,51 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // ClusterPolicyReports returns a ClusterPolicyReportInformer. + ClusterPolicyReports() ClusterPolicyReportInformer + // PolicyReports returns a PolicyReportInformer. + PolicyReports() PolicyReportInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// ClusterPolicyReports returns a ClusterPolicyReportInformer. +func (v *version) ClusterPolicyReports() ClusterPolicyReportInformer { + return &clusterPolicyReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + +// PolicyReports returns a PolicyReportInformer. +func (v *version) PolicyReports() PolicyReportInformer { + return &policyReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/policyreport.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/policyreport.go new file mode 100644 index 0000000..1f4fc40 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/policyreport.go @@ -0,0 +1,89 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + wgpolicyk8siov1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1" + versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned" + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" + v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1" +) + +// PolicyReportInformer provides access to a shared informer and lister for +// PolicyReports. +type PolicyReportInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.PolicyReportLister +} + +type policyReportInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewPolicyReportInformer constructs a new informer for PolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredPolicyReportInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredPolicyReportInformer constructs a new informer for PolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.Wgpolicyk8sV1alpha1().PolicyReports(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.Wgpolicyk8sV1alpha1().PolicyReports(namespace).Watch(context.TODO(), options) + }, + }, + &wgpolicyk8siov1alpha1.PolicyReport{}, + resyncPeriod, + indexers, + ) +} + +func (f *policyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredPolicyReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *policyReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&wgpolicyk8siov1alpha1.PolicyReport{}, f.defaultInformer) +} + +func (f *policyReportInformer) Lister() v1alpha1.PolicyReportLister { + return v1alpha1.NewPolicyReportLister(f.Informer().GetIndexer()) +} diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go new file mode 100644 index 0000000..9b40ce9 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go @@ -0,0 +1,88 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + "context" + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + wgpolicyk8siov1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2" + versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned" + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" + v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2" +) + +// ClusterPolicyReportInformer provides access to a shared informer and lister for +// ClusterPolicyReports. +type ClusterPolicyReportInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha2.ClusterPolicyReportLister +} + +type clusterPolicyReportInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Watch(context.TODO(), options) + }, + }, + &wgpolicyk8siov1alpha2.ClusterPolicyReport{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterPolicyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterPolicyReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&wgpolicyk8siov1alpha2.ClusterPolicyReport{}, f.defaultInformer) +} + +func (f *clusterPolicyReportInformer) Lister() v1alpha2.ClusterPolicyReportLister { + return v1alpha2.NewClusterPolicyReportLister(f.Informer().GetIndexer()) +} diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/interface.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/interface.go new file mode 100644 index 0000000..7a9ee6b --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/interface.go @@ -0,0 +1,51 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // ClusterPolicyReports returns a ClusterPolicyReportInformer. + ClusterPolicyReports() ClusterPolicyReportInformer + // PolicyReports returns a PolicyReportInformer. + PolicyReports() PolicyReportInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// ClusterPolicyReports returns a ClusterPolicyReportInformer. +func (v *version) ClusterPolicyReports() ClusterPolicyReportInformer { + return &clusterPolicyReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + +// PolicyReports returns a PolicyReportInformer. +func (v *version) PolicyReports() PolicyReportInformer { + return &policyReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/policyreport.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/policyreport.go new file mode 100644 index 0000000..b725803 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/policyreport.go @@ -0,0 +1,89 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + "context" + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + wgpolicyk8siov1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2" + versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned" + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" + v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2" +) + +// PolicyReportInformer provides access to a shared informer and lister for +// PolicyReports. +type PolicyReportInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha2.PolicyReportLister +} + +type policyReportInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewPolicyReportInformer constructs a new informer for PolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredPolicyReportInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredPolicyReportInformer constructs a new informer for PolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.Wgpolicyk8sV1alpha2().PolicyReports(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.Wgpolicyk8sV1alpha2().PolicyReports(namespace).Watch(context.TODO(), options) + }, + }, + &wgpolicyk8siov1alpha2.PolicyReport{}, + resyncPeriod, + indexers, + ) +} + +func (f *policyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredPolicyReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *policyReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&wgpolicyk8siov1alpha2.PolicyReport{}, f.defaultInformer) +} + +func (f *policyReportInformer) Lister() v1alpha2.PolicyReportLister { + return v1alpha2.NewPolicyReportLister(f.Informer().GetIndexer()) +} diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go new file mode 100644 index 0000000..6866832 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go @@ -0,0 +1,88 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "context" + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + wgpolicyk8siov1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1" + versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned" + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" + v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1" +) + +// ClusterPolicyReportInformer provides access to a shared informer and lister for +// ClusterPolicyReports. +type ClusterPolicyReportInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1beta1.ClusterPolicyReportLister +} + +type clusterPolicyReportInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.Wgpolicyk8sV1beta1().ClusterPolicyReports().List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.Wgpolicyk8sV1beta1().ClusterPolicyReports().Watch(context.TODO(), options) + }, + }, + &wgpolicyk8siov1beta1.ClusterPolicyReport{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterPolicyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterPolicyReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&wgpolicyk8siov1beta1.ClusterPolicyReport{}, f.defaultInformer) +} + +func (f *clusterPolicyReportInformer) Lister() v1beta1.ClusterPolicyReportLister { + return v1beta1.NewClusterPolicyReportLister(f.Informer().GetIndexer()) +} diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/interface.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/interface.go new file mode 100644 index 0000000..854118e --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/interface.go @@ -0,0 +1,51 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1beta1 + +import ( + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // ClusterPolicyReports returns a ClusterPolicyReportInformer. + ClusterPolicyReports() ClusterPolicyReportInformer + // PolicyReports returns a PolicyReportInformer. + PolicyReports() PolicyReportInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// ClusterPolicyReports returns a ClusterPolicyReportInformer. +func (v *version) ClusterPolicyReports() ClusterPolicyReportInformer { + return &clusterPolicyReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + +// PolicyReports returns a PolicyReportInformer. +func (v *version) PolicyReports() PolicyReportInformer { + return &policyReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/policyreport.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/policyreport.go new file mode 100644 index 0000000..884d835 --- /dev/null +++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/policyreport.go @@ -0,0 +1,89 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "context" + time "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" + wgpolicyk8siov1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1" + versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned" + internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces" + v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1" +) + +// PolicyReportInformer provides access to a shared informer and lister for +// PolicyReports. +type PolicyReportInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1beta1.PolicyReportLister +} + +type policyReportInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewPolicyReportInformer constructs a new informer for PolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredPolicyReportInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredPolicyReportInformer constructs a new informer for PolicyReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.Wgpolicyk8sV1beta1().PolicyReports(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.Wgpolicyk8sV1beta1().PolicyReports(namespace).Watch(context.TODO(), options) + }, + }, + &wgpolicyk8siov1beta1.PolicyReport{}, + resyncPeriod, + indexers, + ) +} + +func (f *policyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredPolicyReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *policyReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&wgpolicyk8siov1beta1.PolicyReport{}, f.defaultInformer) +} + +func (f *policyReportInformer) Lister() v1beta1.PolicyReportLister { + return v1beta1.NewPolicyReportLister(f.Informer().GetIndexer()) +} diff --git a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterpolicyreport.go b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterpolicyreport.go new file mode 100644 index 0000000..382775b --- /dev/null +++ b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterpolicyreport.go @@ -0,0 +1,67 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" +) + +// ClusterPolicyReportLister helps list ClusterPolicyReports. +// All objects returned here must be treated as read-only. +type ClusterPolicyReportLister interface { + // List lists all ClusterPolicyReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta2.ClusterPolicyReport, err error) + // Get retrieves the ClusterPolicyReport from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1beta2.ClusterPolicyReport, error) + ClusterPolicyReportListerExpansion +} + +// clusterPolicyReportLister implements the ClusterPolicyReportLister interface. +type clusterPolicyReportLister struct { + indexer cache.Indexer +} + +// NewClusterPolicyReportLister returns a new ClusterPolicyReportLister. +func NewClusterPolicyReportLister(indexer cache.Indexer) ClusterPolicyReportLister { + return &clusterPolicyReportLister{indexer: indexer} +} + +// List lists all ClusterPolicyReports in the indexer. +func (s *clusterPolicyReportLister) List(selector labels.Selector) (ret []*v1beta2.ClusterPolicyReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1beta2.ClusterPolicyReport)) + }) + return ret, err +} + +// Get retrieves the ClusterPolicyReport from the index for a given name. +func (s *clusterPolicyReportLister) Get(name string) (*v1beta2.ClusterPolicyReport, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1beta2.Resource("clusterpolicyreport"), name) + } + return obj.(*v1beta2.ClusterPolicyReport), nil +} diff --git a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/expansion_generated.go b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/expansion_generated.go new file mode 100644 index 0000000..dd08a0f --- /dev/null +++ b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/expansion_generated.go @@ -0,0 +1,30 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1beta2 + +// ClusterPolicyReportListerExpansion allows custom methods to be added to +// ClusterPolicyReportLister. +type ClusterPolicyReportListerExpansion interface{} + +// PolicyReportListerExpansion allows custom methods to be added to +// PolicyReportLister. +type PolicyReportListerExpansion interface{} + +// PolicyReportNamespaceListerExpansion allows custom methods to be added to +// PolicyReportNamespaceLister. +type PolicyReportNamespaceListerExpansion interface{} diff --git a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/policyreport.go b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/policyreport.go new file mode 100644 index 0000000..508fd4e --- /dev/null +++ b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/policyreport.go @@ -0,0 +1,98 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" +) + +// PolicyReportLister helps list PolicyReports. +// All objects returned here must be treated as read-only. +type PolicyReportLister interface { + // List lists all PolicyReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta2.PolicyReport, err error) + // PolicyReports returns an object that can list and get PolicyReports. + PolicyReports(namespace string) PolicyReportNamespaceLister + PolicyReportListerExpansion +} + +// policyReportLister implements the PolicyReportLister interface. +type policyReportLister struct { + indexer cache.Indexer +} + +// NewPolicyReportLister returns a new PolicyReportLister. +func NewPolicyReportLister(indexer cache.Indexer) PolicyReportLister { + return &policyReportLister{indexer: indexer} +} + +// List lists all PolicyReports in the indexer. +func (s *policyReportLister) List(selector labels.Selector) (ret []*v1beta2.PolicyReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1beta2.PolicyReport)) + }) + return ret, err +} + +// PolicyReports returns an object that can list and get PolicyReports. +func (s *policyReportLister) PolicyReports(namespace string) PolicyReportNamespaceLister { + return policyReportNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// PolicyReportNamespaceLister helps list and get PolicyReports. +// All objects returned here must be treated as read-only. +type PolicyReportNamespaceLister interface { + // List lists all PolicyReports in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta2.PolicyReport, err error) + // Get retrieves the PolicyReport from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1beta2.PolicyReport, error) + PolicyReportNamespaceListerExpansion +} + +// policyReportNamespaceLister implements the PolicyReportNamespaceLister +// interface. +type policyReportNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all PolicyReports in the indexer for a given namespace. +func (s policyReportNamespaceLister) List(selector labels.Selector) (ret []*v1beta2.PolicyReport, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1beta2.PolicyReport)) + }) + return ret, err +} + +// Get retrieves the PolicyReport from the indexer for a given namespace and name. +func (s policyReportNamespaceLister) Get(name string) (*v1beta2.PolicyReport, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1beta2.Resource("policyreport"), name) + } + return obj.(*v1beta2.PolicyReport), nil +} diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go new file mode 100644 index 0000000..24f720a --- /dev/null +++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go @@ -0,0 +1,67 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" + v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1" +) + +// ClusterPolicyReportLister helps list ClusterPolicyReports. +// All objects returned here must be treated as read-only. +type ClusterPolicyReportLister interface { + // List lists all ClusterPolicyReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicyReport, err error) + // Get retrieves the ClusterPolicyReport from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.ClusterPolicyReport, error) + ClusterPolicyReportListerExpansion +} + +// clusterPolicyReportLister implements the ClusterPolicyReportLister interface. +type clusterPolicyReportLister struct { + indexer cache.Indexer +} + +// NewClusterPolicyReportLister returns a new ClusterPolicyReportLister. +func NewClusterPolicyReportLister(indexer cache.Indexer) ClusterPolicyReportLister { + return &clusterPolicyReportLister{indexer: indexer} +} + +// List lists all ClusterPolicyReports in the indexer. +func (s *clusterPolicyReportLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicyReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.ClusterPolicyReport)) + }) + return ret, err +} + +// Get retrieves the ClusterPolicyReport from the index for a given name. +func (s *clusterPolicyReportLister) Get(name string) (*v1alpha1.ClusterPolicyReport, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("clusterpolicyreport"), name) + } + return obj.(*v1alpha1.ClusterPolicyReport), nil +} diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/expansion_generated.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/expansion_generated.go new file mode 100644 index 0000000..4febc20 --- /dev/null +++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/expansion_generated.go @@ -0,0 +1,30 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +// ClusterPolicyReportListerExpansion allows custom methods to be added to +// ClusterPolicyReportLister. +type ClusterPolicyReportListerExpansion interface{} + +// PolicyReportListerExpansion allows custom methods to be added to +// PolicyReportLister. +type PolicyReportListerExpansion interface{} + +// PolicyReportNamespaceListerExpansion allows custom methods to be added to +// PolicyReportNamespaceLister. +type PolicyReportNamespaceListerExpansion interface{} diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/policyreport.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/policyreport.go new file mode 100644 index 0000000..630052b --- /dev/null +++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/policyreport.go @@ -0,0 +1,98 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" + v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1" +) + +// PolicyReportLister helps list PolicyReports. +// All objects returned here must be treated as read-only. +type PolicyReportLister interface { + // List lists all PolicyReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error) + // PolicyReports returns an object that can list and get PolicyReports. + PolicyReports(namespace string) PolicyReportNamespaceLister + PolicyReportListerExpansion +} + +// policyReportLister implements the PolicyReportLister interface. +type policyReportLister struct { + indexer cache.Indexer +} + +// NewPolicyReportLister returns a new PolicyReportLister. +func NewPolicyReportLister(indexer cache.Indexer) PolicyReportLister { + return &policyReportLister{indexer: indexer} +} + +// List lists all PolicyReports in the indexer. +func (s *policyReportLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.PolicyReport)) + }) + return ret, err +} + +// PolicyReports returns an object that can list and get PolicyReports. +func (s *policyReportLister) PolicyReports(namespace string) PolicyReportNamespaceLister { + return policyReportNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// PolicyReportNamespaceLister helps list and get PolicyReports. +// All objects returned here must be treated as read-only. +type PolicyReportNamespaceLister interface { + // List lists all PolicyReports in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error) + // Get retrieves the PolicyReport from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.PolicyReport, error) + PolicyReportNamespaceListerExpansion +} + +// policyReportNamespaceLister implements the PolicyReportNamespaceLister +// interface. +type policyReportNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all PolicyReports in the indexer for a given namespace. +func (s policyReportNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.PolicyReport)) + }) + return ret, err +} + +// Get retrieves the PolicyReport from the indexer for a given namespace and name. +func (s policyReportNamespaceLister) Get(name string) (*v1alpha1.PolicyReport, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("policyreport"), name) + } + return obj.(*v1alpha1.PolicyReport), nil +} diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go new file mode 100644 index 0000000..ecf0817 --- /dev/null +++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go @@ -0,0 +1,67 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" + v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2" +) + +// ClusterPolicyReportLister helps list ClusterPolicyReports. +// All objects returned here must be treated as read-only. +type ClusterPolicyReportLister interface { + // List lists all ClusterPolicyReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha2.ClusterPolicyReport, err error) + // Get retrieves the ClusterPolicyReport from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha2.ClusterPolicyReport, error) + ClusterPolicyReportListerExpansion +} + +// clusterPolicyReportLister implements the ClusterPolicyReportLister interface. +type clusterPolicyReportLister struct { + indexer cache.Indexer +} + +// NewClusterPolicyReportLister returns a new ClusterPolicyReportLister. +func NewClusterPolicyReportLister(indexer cache.Indexer) ClusterPolicyReportLister { + return &clusterPolicyReportLister{indexer: indexer} +} + +// List lists all ClusterPolicyReports in the indexer. +func (s *clusterPolicyReportLister) List(selector labels.Selector) (ret []*v1alpha2.ClusterPolicyReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha2.ClusterPolicyReport)) + }) + return ret, err +} + +// Get retrieves the ClusterPolicyReport from the index for a given name. +func (s *clusterPolicyReportLister) Get(name string) (*v1alpha2.ClusterPolicyReport, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha2.Resource("clusterpolicyreport"), name) + } + return obj.(*v1alpha2.ClusterPolicyReport), nil +} diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/expansion_generated.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/expansion_generated.go new file mode 100644 index 0000000..697c49c --- /dev/null +++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/expansion_generated.go @@ -0,0 +1,30 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha2 + +// ClusterPolicyReportListerExpansion allows custom methods to be added to +// ClusterPolicyReportLister. +type ClusterPolicyReportListerExpansion interface{} + +// PolicyReportListerExpansion allows custom methods to be added to +// PolicyReportLister. +type PolicyReportListerExpansion interface{} + +// PolicyReportNamespaceListerExpansion allows custom methods to be added to +// PolicyReportNamespaceLister. +type PolicyReportNamespaceListerExpansion interface{} diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/policyreport.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/policyreport.go new file mode 100644 index 0000000..cf145de --- /dev/null +++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/policyreport.go @@ -0,0 +1,98 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" + v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2" +) + +// PolicyReportLister helps list PolicyReports. +// All objects returned here must be treated as read-only. +type PolicyReportLister interface { + // List lists all PolicyReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha2.PolicyReport, err error) + // PolicyReports returns an object that can list and get PolicyReports. + PolicyReports(namespace string) PolicyReportNamespaceLister + PolicyReportListerExpansion +} + +// policyReportLister implements the PolicyReportLister interface. +type policyReportLister struct { + indexer cache.Indexer +} + +// NewPolicyReportLister returns a new PolicyReportLister. +func NewPolicyReportLister(indexer cache.Indexer) PolicyReportLister { + return &policyReportLister{indexer: indexer} +} + +// List lists all PolicyReports in the indexer. +func (s *policyReportLister) List(selector labels.Selector) (ret []*v1alpha2.PolicyReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha2.PolicyReport)) + }) + return ret, err +} + +// PolicyReports returns an object that can list and get PolicyReports. +func (s *policyReportLister) PolicyReports(namespace string) PolicyReportNamespaceLister { + return policyReportNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// PolicyReportNamespaceLister helps list and get PolicyReports. +// All objects returned here must be treated as read-only. +type PolicyReportNamespaceLister interface { + // List lists all PolicyReports in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha2.PolicyReport, err error) + // Get retrieves the PolicyReport from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha2.PolicyReport, error) + PolicyReportNamespaceListerExpansion +} + +// policyReportNamespaceLister implements the PolicyReportNamespaceLister +// interface. +type policyReportNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all PolicyReports in the indexer for a given namespace. +func (s policyReportNamespaceLister) List(selector labels.Selector) (ret []*v1alpha2.PolicyReport, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha2.PolicyReport)) + }) + return ret, err +} + +// Get retrieves the PolicyReport from the indexer for a given namespace and name. +func (s policyReportNamespaceLister) Get(name string) (*v1alpha2.PolicyReport, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha2.Resource("policyreport"), name) + } + return obj.(*v1alpha2.PolicyReport), nil +} diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go new file mode 100644 index 0000000..535a54c --- /dev/null +++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go @@ -0,0 +1,67 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" + v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1" +) + +// ClusterPolicyReportLister helps list ClusterPolicyReports. +// All objects returned here must be treated as read-only. +type ClusterPolicyReportLister interface { + // List lists all ClusterPolicyReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta1.ClusterPolicyReport, err error) + // Get retrieves the ClusterPolicyReport from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1beta1.ClusterPolicyReport, error) + ClusterPolicyReportListerExpansion +} + +// clusterPolicyReportLister implements the ClusterPolicyReportLister interface. +type clusterPolicyReportLister struct { + indexer cache.Indexer +} + +// NewClusterPolicyReportLister returns a new ClusterPolicyReportLister. +func NewClusterPolicyReportLister(indexer cache.Indexer) ClusterPolicyReportLister { + return &clusterPolicyReportLister{indexer: indexer} +} + +// List lists all ClusterPolicyReports in the indexer. +func (s *clusterPolicyReportLister) List(selector labels.Selector) (ret []*v1beta1.ClusterPolicyReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1beta1.ClusterPolicyReport)) + }) + return ret, err +} + +// Get retrieves the ClusterPolicyReport from the index for a given name. +func (s *clusterPolicyReportLister) Get(name string) (*v1beta1.ClusterPolicyReport, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1beta1.Resource("clusterpolicyreport"), name) + } + return obj.(*v1beta1.ClusterPolicyReport), nil +} diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/expansion_generated.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/expansion_generated.go new file mode 100644 index 0000000..a1ac28d --- /dev/null +++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/expansion_generated.go @@ -0,0 +1,30 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1beta1 + +// ClusterPolicyReportListerExpansion allows custom methods to be added to +// ClusterPolicyReportLister. +type ClusterPolicyReportListerExpansion interface{} + +// PolicyReportListerExpansion allows custom methods to be added to +// PolicyReportLister. +type PolicyReportListerExpansion interface{} + +// PolicyReportNamespaceListerExpansion allows custom methods to be added to +// PolicyReportNamespaceLister. +type PolicyReportNamespaceListerExpansion interface{} diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/policyreport.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/policyreport.go new file mode 100644 index 0000000..043aba0 --- /dev/null +++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/policyreport.go @@ -0,0 +1,98 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" + v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1" +) + +// PolicyReportLister helps list PolicyReports. +// All objects returned here must be treated as read-only. +type PolicyReportLister interface { + // List lists all PolicyReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta1.PolicyReport, err error) + // PolicyReports returns an object that can list and get PolicyReports. + PolicyReports(namespace string) PolicyReportNamespaceLister + PolicyReportListerExpansion +} + +// policyReportLister implements the PolicyReportLister interface. +type policyReportLister struct { + indexer cache.Indexer +} + +// NewPolicyReportLister returns a new PolicyReportLister. +func NewPolicyReportLister(indexer cache.Indexer) PolicyReportLister { + return &policyReportLister{indexer: indexer} +} + +// List lists all PolicyReports in the indexer. +func (s *policyReportLister) List(selector labels.Selector) (ret []*v1beta1.PolicyReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1beta1.PolicyReport)) + }) + return ret, err +} + +// PolicyReports returns an object that can list and get PolicyReports. +func (s *policyReportLister) PolicyReports(namespace string) PolicyReportNamespaceLister { + return policyReportNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// PolicyReportNamespaceLister helps list and get PolicyReports. +// All objects returned here must be treated as read-only. +type PolicyReportNamespaceLister interface { + // List lists all PolicyReports in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta1.PolicyReport, err error) + // Get retrieves the PolicyReport from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1beta1.PolicyReport, error) + PolicyReportNamespaceListerExpansion +} + +// policyReportNamespaceLister implements the PolicyReportNamespaceLister +// interface. +type policyReportNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all PolicyReports in the indexer for a given namespace. +func (s policyReportNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.PolicyReport, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1beta1.PolicyReport)) + }) + return ret, err +} + +// Get retrieves the PolicyReport from the indexer for a given namespace and name. +func (s policyReportNamespaceLister) Get(name string) (*v1beta1.PolicyReport, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1beta1.Resource("policyreport"), name) + } + return obj.(*v1beta1.PolicyReport), nil +} From b566d3edf6ec8540cf1fabc24b27c9e5d239f7f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Guilherme=20Vanz?= Date: Fri, 14 Mar 2025 14:35:46 -0300 Subject: [PATCH 2/2] fix: rename the PolicyReport type to Report MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In order to allow a more broard usage of the Reports CRDs rename from from (Cluster)PolicyReport to (Cluster)Report. Signed-off-by: José Guilherme Vanz --- policy-report/README.md | 25 ++- .../v1beta2/clusterpolicyreport_types.go | 28 +-- .../v1beta2/policyreport_types.go | 56 +++--- .../v1beta2/zz_generated.deepcopy.go | 76 ++++---- ...l => reports.x-k8s.io_clusterreports.yaml} | 37 ++-- ...rts.yaml => reports.x-k8s.io_reports.yaml} | 36 ++-- policy-report/docs/api-docs.md | 102 +++++------ .../v1beta2/clusterpolicyreport.go | 167 ------------------ .../reports.x-k8s.io/v1beta2/clusterreport.go | 167 ++++++++++++++++++ .../v1beta2/fake/fake_clusterpolicyreport.go | 120 ------------- .../v1beta2/fake/fake_clusterreport.go | 120 +++++++++++++ .../v1beta2/fake/fake_policyreport.go | 128 -------------- .../v1beta2/fake/fake_report.go | 128 ++++++++++++++ .../fake/fake_reports.x-k8s.io_client.go | 8 +- .../v1beta2/generated_expansion.go | 4 +- .../v1beta2/{policyreport.go => report.go} | 94 +++++----- .../v1beta2/reports.x-k8s.io_client.go | 12 +- .../informers/externalversions/generic.go | 8 +- .../{policyreport.go => clusterreport.go} | 39 ++-- .../reports.x-k8s.io/v1beta2/interface.go | 20 +-- .../{clusterpolicyreport.go => report.go} | 39 ++-- .../v1beta2/clusterpolicyreport.go | 67 ------- .../reports.x-k8s.io/v1beta2/clusterreport.go | 67 +++++++ .../v1beta2/expansion_generated.go | 18 +- .../reports.x-k8s.io/v1beta2/policyreport.go | 98 ---------- .../reports.x-k8s.io/v1beta2/report.go | 98 ++++++++++ policy-report/samples/sample-cis-k8s.yaml | 37 ++++ policy-report/samples/sample-co.yaml | 39 ++++ .../samples/sample-falco-policy.yaml | 47 +++++ .../samples/sample-rhacm-policy.yaml | 30 ++++ .../samples/sample-v1beta1-kyverno.yaml | 38 ++++ .../samples/sample-v1beta2-kyverno.yaml | 38 ++++ 32 files changed, 1106 insertions(+), 885 deletions(-) rename policy-report/crd/reports.x-k8s.io/v1beta2/{reports.x-k8s.io_clusterpolicyreports.yaml => reports.x-k8s.io_clusterreports.yaml} (94%) rename policy-report/crd/reports.x-k8s.io/v1beta2/{reports.x-k8s.io_policyreports.yaml => reports.x-k8s.io_reports.yaml} (95%) delete mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterreport.go delete mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterpolicyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterreport.go delete mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_policyreport.go create mode 100644 policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_report.go rename policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/{policyreport.go => report.go} (50%) rename policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/{policyreport.go => clusterreport.go} (56%) rename policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/{clusterpolicyreport.go => report.go} (58%) delete mode 100644 policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterpolicyreport.go create mode 100644 policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterreport.go delete mode 100644 policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/policyreport.go create mode 100644 policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/report.go create mode 100644 policy-report/samples/sample-cis-k8s.yaml create mode 100644 policy-report/samples/sample-co.yaml create mode 100644 policy-report/samples/sample-falco-policy.yaml create mode 100644 policy-report/samples/sample-rhacm-policy.yaml create mode 100644 policy-report/samples/sample-v1beta1-kyverno.yaml create mode 100644 policy-report/samples/sample-v1beta2-kyverno.yaml diff --git a/policy-report/README.md b/policy-report/README.md index e73ff56..866293c 100644 --- a/policy-report/README.md +++ b/policy-report/README.md @@ -1,16 +1,14 @@ -# Kubernetes Policy Report API +# Report API -**NOTE: The Policy Report API specification is currently in review. See [KEP 4447](https://github.com/kubernetes/enhancements/pull/4448)** - -The Kubernetes Policy Report API enables uniform reporting of results and findings from policy engines, scanners, or other tooling. +The Report API enables uniform reporting of results and findings from policy engines, scanners, or other tooling. This repository contains the API specification and Custom Resource Definitions (CRDs). ## Concepts -The API provides a `ClusterPolicyReport` and its namespaced variant `PolicyReport`. +The API provides a `ClusterReport` and its namespaced variant `Report`. -Each `PolicyReport` contains a set of `results` and a `summary`. Each `result` contains attributes such as the source policy and rule name, severity, timestamp, and the resource. +Each `Report` contains a set of `results` and a `summary`. Each `result` contains attributes such as the source policy and rule name, severity, timestamp, and the resource. ## Reference @@ -18,12 +16,12 @@ Each `PolicyReport` contains a set of `results` and a `summary`. Each `result` c ## Demonstration -Typically the Policy Report API is installed and managed by a [producer](#producers). However, to try out the API in a test cluster you can follow the steps below: +Typically the Report API is installed and managed by a [producer](#producers). However, to try out the API in a test cluster you can follow the steps below: -1. Add Policy Report API CRDs to your cluster (v1beta2): +1. Add Report API CRDs to your cluster (v1beta2): ```sh -kubectl create -f crd/v1beta2/ +kubectl create -f crd/reports.x-k8s.io/v1beta2/ ``` 2. Create a sample policy report resource: @@ -33,7 +31,7 @@ kubectl create -f samples/sample-cis-k8s.yaml 3. View policy report resources: ```sh -kubectl get policyreports +kubectl get reports ``` ## Implementations @@ -51,6 +49,7 @@ The following is a list of projects that produce or consume policy reports: * [Netchecks](https://docs.netchecks.io/) * [Tracee Adapter](https://github.com/fjogeleit/tracee-polr-adapter) * [Trivy Operator](https://aquasecurity.github.io/trivy-operator/v0.15.1/tutorials/integrations/policy-reporter/) +* [Kubewarden](https://docs.kubewarden.io/explanations/audit-scanner/policy-reports) ### Consumers @@ -66,8 +65,6 @@ make all ## Community, discussion, contribution, and support -Learn how to engage with the Kubernetes community on the [community page](http://kubernetes.io/community/). - You can reach the maintainers of this project at: - [Slack](https://kubernetes.slack.com/messages/wg-policy) @@ -76,12 +73,12 @@ You can reach the maintainers of this project at: ### Code of conduct -Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md). +Participation in the OpenReport community is governed by the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). [owners]: https://git.k8s.io/community/contributors/guide/owners.md [Creative Commons 4.0]: https://git.k8s.io/website/LICENSE # Historical References -See the [proposal](https://docs.google.com/document/d/1nICYLkYS1RE3gJzuHOfHeAC25QIkFZfgymFjgOzMDVw/edit#) for background and details. +See the [Kubernetes policy working group](https://github.com/kubernetes-sigs/wg-policy-prototypes/tree/master) and the [proposal](https://docs.google.com/document/d/1nICYLkYS1RE3gJzuHOfHeAC25QIkFZfgymFjgOzMDVw/edit#) for background and details. diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/clusterpolicyreport_types.go b/policy-report/apis/reports.x-k8s.io/v1beta2/clusterpolicyreport_types.go index 6422cb9..faf9e4d 100644 --- a/policy-report/apis/reports.x-k8s.io/v1beta2/clusterpolicyreport_types.go +++ b/policy-report/apis/reports.x-k8s.io/v1beta2/clusterpolicyreport_types.go @@ -29,7 +29,7 @@ import ( // +genclient:nonNamespaced // +kubebuilder:storageversion // +kubebuilder:object:root=true -// +kubebuilder:resource:path=clusterpolicyreports,scope="Cluster",shortName=cpolr +// +kubebuilder:resource:path=clusterreports,scope="Cluster",shortName=creps // +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1 // +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1 // +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass` @@ -39,15 +39,15 @@ import ( // +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip` // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" -// ClusterPolicyReport is the Schema for the clusterpolicyreports API -type ClusterPolicyReport struct { +// ClusterReport is the Schema for the clusterpolicyreports API +type ClusterReport struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Source is an identifier for the source e.g. a policy engine that manages this report. // Use this field if all the results are produced by a single policy engine. // If the results are produced by multiple sources e.g. different engines or scanners, - // then use the Source field at the PolicyReportResult level. + // then use the Source field at the ReportResult level. // +optional Source string `json:"source"` @@ -61,28 +61,28 @@ type ClusterPolicyReport struct { ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` // Configuration is an optional field which can be used to specify - // a contract between PolicyReport generators and consumers + // a contract between Report generators and consumers // +optional - Configuration *PolicyReportConfiguration `json:"configuration,omitempty"` + Configuration *ReportConfiguration `json:"configuration,omitempty"` - // PolicyReportSummary provides a summary of results + // ReportSummary provides a summary of results // +optional - Summary PolicyReportSummary `json:"summary,omitempty"` + Summary ReportSummary `json:"summary,omitempty"` - // PolicyReportResult provides result details + // ReportResult provides result details // +optional - Results []PolicyReportResult `json:"results,omitempty"` + Results []ReportResult `json:"results,omitempty"` } -// ClusterPolicyReportList contains a list of ClusterPolicyReport +// ClusterReportList contains a list of ClusterReport // +kubebuilder:object:root=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type ClusterPolicyReportList struct { +type ClusterReportList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []ClusterPolicyReport `json:"items"` + Items []ClusterReport `json:"items"` } func init() { - SchemeBuilder.Register(&ClusterPolicyReport{}, &ClusterPolicyReportList{}) + SchemeBuilder.Register(&ClusterReport{}, &ClusterReportList{}) } diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/policyreport_types.go b/policy-report/apis/reports.x-k8s.io/v1beta2/policyreport_types.go index bb61a69..8d8020a 100644 --- a/policy-report/apis/reports.x-k8s.io/v1beta2/policyreport_types.go +++ b/policy-report/apis/reports.x-k8s.io/v1beta2/policyreport_types.go @@ -21,7 +21,7 @@ import ( // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! // NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. -// StatusFilter is used by PolicyReport generators to write only those reports whose status is specified by the filters +// StatusFilter is used by Report generators to write only those reports whose status is specified by the filters // +kubebuilder:validation:Enum=pass;fail;warn;error;skip type StatusFilter string @@ -30,17 +30,17 @@ type Limits struct { // +optional MaxResults int `json:"maxResults"` - // StatusFilter indicates that the PolicyReport contains only those reports with statuses specified in this list + // StatusFilter indicates that the Report contains only those reports with statuses specified in this list // +optional StatusFilter []StatusFilter `json:"statusFilter,omitempty"` } -type PolicyReportConfiguration struct { +type ReportConfiguration struct { Limits Limits `json:"limits"` } -// PolicyReportSummary provides a status count summary -type PolicyReportSummary struct { +// ReportSummary provides a status count summary +type ReportSummary struct { // Pass provides the count of policies whose requirements were met // +optional @@ -63,7 +63,7 @@ type PolicyReportSummary struct { Skip int `json:"skip"` } -// PolicyResult has one of the following values: +// Result has one of the following values: // - pass: the policy requirements are met // - fail: the policy requirements are not met // - warn: the policy requirements are not met and the policy is not scored @@ -71,9 +71,9 @@ type PolicyReportSummary struct { // - skip: the policy was not selected based on user inputs or applicability // // +kubebuilder:validation:Enum=pass;fail;warn;error;skip -type PolicyResult string +type Result string -// PolicyResultSeverity has one of the following values: +// ResultSeverity has one of the following values: // - critical // - high // - low @@ -81,14 +81,14 @@ type PolicyResult string // - info // // +kubebuilder:validation:Enum=critical;high;low;medium;info -type PolicyResultSeverity string +type ResultSeverity string -// PolicyReportResult provides the result for an individual policy -type PolicyReportResult struct { +// ReportResult provides the result for an individual policy +type ReportResult struct { // Source is an identifier for the policy engine that manages this report // If the Source is specified at this level, it will override the Source - // field set at the PolicyReport level + // field set at the Report level // +optional Source string `json:"source"` @@ -105,13 +105,13 @@ type PolicyReportResult struct { // Severity indicates policy check result criticality // +optional - Severity PolicyResultSeverity `json:"severity,omitempty"` + Severity ResultSeverity `json:"severity,omitempty"` // Timestamp indicates the time the result was found Timestamp metav1.Timestamp `json:"timestamp,omitempty"` // Result indicates the outcome of the policy rule execution - Result PolicyResult `json:"result,omitempty"` + Result Result `json:"result,omitempty"` // Scored indicates if this result is scored Scored bool `json:"scored,omitempty"` @@ -146,17 +146,17 @@ type PolicyReportResult struct { // +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error` // +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip` // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:resource:shortName=polr +// +kubebuilder:resource:shortName=reps -// PolicyReport is the Schema for the policyreports API -type PolicyReport struct { +// Report is the Schema for the reports API +type Report struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Source is an identifier for the source e.g. a policy engine that manages this report. // Use this field if all the results are produced by a single policy engine. // If the results are produced by multiple sources e.g. different engines or scanners, - // then use the Source field at the PolicyReportResult level. + // then use the Source field at the ReportResult level. // +optional Source string `json:"source"` @@ -170,28 +170,28 @@ type PolicyReport struct { ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` // Configuration is an optional field which can be used to specify - // a contract between PolicyReport generators and consumers + // a contract between Report generators and consumers // +optional - Configuration *PolicyReportConfiguration `json:"configuration,omitempty"` + Configuration *ReportConfiguration `json:"configuration,omitempty"` - // PolicyReportSummary provides a summary of results + // ReportSummary provides a summary of results // +optional - Summary PolicyReportSummary `json:"summary,omitempty"` + Summary ReportSummary `json:"summary,omitempty"` - // PolicyReportResult provides result details + // ReportResult provides result details // +optional - Results []PolicyReportResult `json:"results,omitempty"` + Results []ReportResult `json:"results,omitempty"` } -// PolicyReportList contains a list of PolicyReport +// ReportList contains a list of Report // +kubebuilder:object:root=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type PolicyReportList struct { +type ReportList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []PolicyReport `json:"items"` + Items []Report `json:"items"` } func init() { - SchemeBuilder.Register(&PolicyReport{}, &PolicyReportList{}) + SchemeBuilder.Register(&Report{}, &ReportList{}) } diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/zz_generated.deepcopy.go b/policy-report/apis/reports.x-k8s.io/v1beta2/zz_generated.deepcopy.go index 28bc262..176847c 100644 --- a/policy-report/apis/reports.x-k8s.io/v1beta2/zz_generated.deepcopy.go +++ b/policy-report/apis/reports.x-k8s.io/v1beta2/zz_generated.deepcopy.go @@ -27,7 +27,7 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport) { +func (in *ClusterReport) DeepCopyInto(out *ClusterReport) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -43,13 +43,13 @@ func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport) { } if in.Configuration != nil { in, out := &in.Configuration, &out.Configuration - *out = new(PolicyReportConfiguration) + *out = new(ReportConfiguration) (*in).DeepCopyInto(*out) } out.Summary = in.Summary if in.Results != nil { in, out := &in.Results, &out.Results - *out = make([]PolicyReportResult, len(*in)) + *out = make([]ReportResult, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -57,18 +57,18 @@ func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport. -func (in *ClusterPolicyReport) DeepCopy() *ClusterPolicyReport { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterReport. +func (in *ClusterReport) DeepCopy() *ClusterReport { if in == nil { return nil } - out := new(ClusterPolicyReport) + out := new(ClusterReport) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object { +func (in *ClusterReport) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -76,13 +76,13 @@ func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList) { +func (in *ClusterReportList) DeepCopyInto(out *ClusterReportList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]ClusterPolicyReport, len(*in)) + *out = make([]ClusterReport, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -90,18 +90,18 @@ func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList. -func (in *ClusterPolicyReportList) DeepCopy() *ClusterPolicyReportList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterReportList. +func (in *ClusterReportList) DeepCopy() *ClusterReportList { if in == nil { return nil } - out := new(ClusterPolicyReportList) + out := new(ClusterReportList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterPolicyReportList) DeepCopyObject() runtime.Object { +func (in *ClusterReportList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -130,7 +130,7 @@ func (in *Limits) DeepCopy() *Limits { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyReport) DeepCopyInto(out *PolicyReport) { +func (in *Report) DeepCopyInto(out *Report) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -146,13 +146,13 @@ func (in *PolicyReport) DeepCopyInto(out *PolicyReport) { } if in.Configuration != nil { in, out := &in.Configuration, &out.Configuration - *out = new(PolicyReportConfiguration) + *out = new(ReportConfiguration) (*in).DeepCopyInto(*out) } out.Summary = in.Summary if in.Results != nil { in, out := &in.Results, &out.Results - *out = make([]PolicyReportResult, len(*in)) + *out = make([]ReportResult, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -160,18 +160,18 @@ func (in *PolicyReport) DeepCopyInto(out *PolicyReport) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport. -func (in *PolicyReport) DeepCopy() *PolicyReport { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Report. +func (in *Report) DeepCopy() *Report { if in == nil { return nil } - out := new(PolicyReport) + out := new(Report) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PolicyReport) DeepCopyObject() runtime.Object { +func (in *Report) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -179,30 +179,30 @@ func (in *PolicyReport) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyReportConfiguration) DeepCopyInto(out *PolicyReportConfiguration) { +func (in *ReportConfiguration) DeepCopyInto(out *ReportConfiguration) { *out = *in in.Limits.DeepCopyInto(&out.Limits) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportConfiguration. -func (in *PolicyReportConfiguration) DeepCopy() *PolicyReportConfiguration { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportConfiguration. +func (in *ReportConfiguration) DeepCopy() *ReportConfiguration { if in == nil { return nil } - out := new(PolicyReportConfiguration) + out := new(ReportConfiguration) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList) { +func (in *ReportList) DeepCopyInto(out *ReportList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]PolicyReport, len(*in)) + *out = make([]Report, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -210,18 +210,18 @@ func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList. -func (in *PolicyReportList) DeepCopy() *PolicyReportList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportList. +func (in *ReportList) DeepCopy() *ReportList { if in == nil { return nil } - out := new(PolicyReportList) + out := new(ReportList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PolicyReportList) DeepCopyObject() runtime.Object { +func (in *ReportList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -229,7 +229,7 @@ func (in *PolicyReportList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult) { +func (in *ReportResult) DeepCopyInto(out *ReportResult) { *out = *in out.Timestamp = in.Timestamp if in.Subjects != nil { @@ -252,28 +252,28 @@ func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult. -func (in *PolicyReportResult) DeepCopy() *PolicyReportResult { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportResult. +func (in *ReportResult) DeepCopy() *ReportResult { if in == nil { return nil } - out := new(PolicyReportResult) + out := new(ReportResult) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary) { +func (in *ReportSummary) DeepCopyInto(out *ReportSummary) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary. -func (in *PolicyReportSummary) DeepCopy() *PolicyReportSummary { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportSummary. +func (in *ReportSummary) DeepCopy() *ReportSummary { if in == nil { return nil } - out := new(PolicyReportSummary) + out := new(ReportSummary) in.DeepCopyInto(out) return out } diff --git a/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterpolicyreports.yaml b/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterreports.yaml similarity index 94% rename from policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterpolicyreports.yaml rename to policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterreports.yaml index 93b0fe9..e291349 100644 --- a/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterpolicyreports.yaml +++ b/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterreports.yaml @@ -4,16 +4,16 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 - name: clusterpolicyreports.reports.x-k8s.io + name: clusterreports.reports.x-k8s.io spec: group: reports.x-k8s.io names: - kind: ClusterPolicyReport - listKind: ClusterPolicyReportList - plural: clusterpolicyreports + kind: ClusterReport + listKind: ClusterReportList + plural: clusterreports shortNames: - - cpolr - singular: clusterpolicyreport + - creps + singular: clusterreport scope: Cluster versions: - additionalPrinterColumns: @@ -46,8 +46,7 @@ spec: name: v1beta2 schema: openAPIV3Schema: - description: ClusterPolicyReport is the Schema for the clusterpolicyreports - API + description: ClusterReport is the Schema for the clusterpolicyreports API properties: apiVersion: description: |- @@ -59,7 +58,7 @@ spec: configuration: description: |- Configuration is an optional field which can be used to specify - a contract between PolicyReport generators and consumers + a contract between Report generators and consumers properties: limits: properties: @@ -68,12 +67,11 @@ spec: in the report type: integer statusFilter: - description: StatusFilter indicates that the PolicyReport contains - only those reports with statuses specified in this list + description: StatusFilter indicates that the Report contains only + those reports with statuses specified in this list items: - description: StatusFilter is used by PolicyReport generators - to write only those reports whose status is specified by the - filters + description: StatusFilter is used by Report generators to write + only those reports whose status is specified by the filters enum: - pass - fail @@ -97,10 +95,9 @@ spec: metadata: type: object results: - description: PolicyReportResult provides result details + description: ReportResult provides result details items: - description: PolicyReportResult provides the result for an individual - policy + description: ReportResult provides the result for an individual policy properties: category: description: Category indicates policy category @@ -262,7 +259,7 @@ spec: description: |- Source is an identifier for the policy engine that manages this report If the Source is specified at this level, it will override the Source - field set at the PolicyReport level + field set at the Report level type: string timestamp: description: Timestamp indicates the time the result was found @@ -388,10 +385,10 @@ spec: Source is an identifier for the source e.g. a policy engine that manages this report. Use this field if all the results are produced by a single policy engine. If the results are produced by multiple sources e.g. different engines or scanners, - then use the Source field at the PolicyReportResult level. + then use the Source field at the ReportResult level. type: string summary: - description: PolicyReportSummary provides a summary of results + description: ReportSummary provides a summary of results properties: error: description: Error provides the count of policies that could not be diff --git a/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_policyreports.yaml b/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_reports.yaml similarity index 95% rename from policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_policyreports.yaml rename to policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_reports.yaml index f07f051..9c58145 100644 --- a/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_policyreports.yaml +++ b/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_reports.yaml @@ -4,16 +4,16 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 - name: policyreports.reports.x-k8s.io + name: reports.reports.x-k8s.io spec: group: reports.x-k8s.io names: - kind: PolicyReport - listKind: PolicyReportList - plural: policyreports + kind: Report + listKind: ReportList + plural: reports shortNames: - - polr - singular: policyreport + - reps + singular: report scope: Namespaced versions: - additionalPrinterColumns: @@ -46,7 +46,7 @@ spec: name: v1beta2 schema: openAPIV3Schema: - description: PolicyReport is the Schema for the policyreports API + description: Report is the Schema for the reports API properties: apiVersion: description: |- @@ -58,7 +58,7 @@ spec: configuration: description: |- Configuration is an optional field which can be used to specify - a contract between PolicyReport generators and consumers + a contract between Report generators and consumers properties: limits: properties: @@ -67,12 +67,11 @@ spec: in the report type: integer statusFilter: - description: StatusFilter indicates that the PolicyReport contains - only those reports with statuses specified in this list + description: StatusFilter indicates that the Report contains only + those reports with statuses specified in this list items: - description: StatusFilter is used by PolicyReport generators - to write only those reports whose status is specified by the - filters + description: StatusFilter is used by Report generators to write + only those reports whose status is specified by the filters enum: - pass - fail @@ -96,10 +95,9 @@ spec: metadata: type: object results: - description: PolicyReportResult provides result details + description: ReportResult provides result details items: - description: PolicyReportResult provides the result for an individual - policy + description: ReportResult provides the result for an individual policy properties: category: description: Category indicates policy category @@ -261,7 +259,7 @@ spec: description: |- Source is an identifier for the policy engine that manages this report If the Source is specified at this level, it will override the Source - field set at the PolicyReport level + field set at the Report level type: string timestamp: description: Timestamp indicates the time the result was found @@ -387,10 +385,10 @@ spec: Source is an identifier for the source e.g. a policy engine that manages this report. Use this field if all the results are produced by a single policy engine. If the results are produced by multiple sources e.g. different engines or scanners, - then use the Source field at the PolicyReportResult level. + then use the Source field at the ReportResult level. type: string summary: - description: PolicyReportSummary provides a summary of results + description: ReportSummary provides a summary of results properties: error: description: Error provides the count of policies that could not be diff --git a/policy-report/docs/api-docs.md b/policy-report/docs/api-docs.md index c604357..cf434e2 100644 --- a/policy-report/docs/api-docs.md +++ b/policy-report/docs/api-docs.md @@ -11,42 +11,42 @@ Package v1beta2 contains API Schema definitions for the policy v1beta2 API group Package v1beta2 contains API Schema definitions for the policy v1beta2 API group ### Resource Types -- [ClusterPolicyReport](#clusterpolicyreport) -- [ClusterPolicyReportList](#clusterpolicyreportlist) -- [PolicyReport](#policyreport) -- [PolicyReportList](#policyreportlist) +- [ClusterReport](#clusterreport) +- [ClusterReportList](#clusterreportlist) +- [Report](#report) +- [ReportList](#reportlist) -#### ClusterPolicyReport +#### ClusterReport -ClusterPolicyReport is the Schema for the clusterpolicyreports API +ClusterReport is the Schema for the clusterpolicyreports API _Appears in:_ -- [ClusterPolicyReportList](#clusterpolicyreportlist) +- [ClusterReportList](#clusterreportlist) | Field | Description | Default | Validation | | --- | --- | --- | --- | | `apiVersion` _string_ | `reports.x-k8s.io/v1beta2` | | | -| `kind` _string_ | `ClusterPolicyReport` | | | +| `kind` _string_ | `ClusterReport` | | | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `source` _string_ | Source is an identifier for the source e.g. a policy engine that manages this report.
Use this field if all the results are produced by a single policy engine.
If the results are produced by multiple sources e.g. different engines or scanners,
then use the Source field at the PolicyReportResult level. | | | +| `source` _string_ | Source is an identifier for the source e.g. a policy engine that manages this report.
Use this field if all the results are produced by a single policy engine.
If the results are produced by multiple sources e.g. different engines or scanners,
then use the Source field at the ReportResult level. | | | | `scope` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectreference-v1-core)_ | Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) | | | | `scopeSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta)_ | ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. | | | -| `configuration` _[PolicyReportConfiguration](#policyreportconfiguration)_ | Configuration is an optional field which can be used to specify
a contract between PolicyReport generators and consumers | | | -| `summary` _[PolicyReportSummary](#policyreportsummary)_ | PolicyReportSummary provides a summary of results | | | -| `results` _[PolicyReportResult](#policyreportresult) array_ | PolicyReportResult provides result details | | | +| `configuration` _[ReportConfiguration](#reportconfiguration)_ | Configuration is an optional field which can be used to specify
a contract between Report generators and consumers | | | +| `summary` _[ReportSummary](#reportsummary)_ | ReportSummary provides a summary of results | | | +| `results` _[ReportResult](#reportresult) array_ | ReportResult provides result details | | | -#### ClusterPolicyReportList +#### ClusterReportList -ClusterPolicyReportList contains a list of ClusterPolicyReport +ClusterReportList contains a list of ClusterReport @@ -55,9 +55,9 @@ ClusterPolicyReportList contains a list of ClusterPolicyReport | Field | Description | Default | Validation | | --- | --- | --- | --- | | `apiVersion` _string_ | `reports.x-k8s.io/v1beta2` | | | -| `kind` _string_ | `ClusterPolicyReportList` | | | +| `kind` _string_ | `ClusterReportList` | | | | `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `items` _[ClusterPolicyReport](#clusterpolicyreport) array_ | | | | +| `items` _[ClusterReport](#clusterreport) array_ | | | | #### Limits @@ -69,39 +69,39 @@ ClusterPolicyReportList contains a list of ClusterPolicyReport _Appears in:_ -- [PolicyReportConfiguration](#policyreportconfiguration) +- [ReportConfiguration](#reportconfiguration) | Field | Description | Default | Validation | | --- | --- | --- | --- | | `maxResults` _integer_ | MaxResults is the maximum number of results contained in the report | | | -| `statusFilter` _[StatusFilter](#statusfilter) array_ | StatusFilter indicates that the PolicyReport contains only those reports with statuses specified in this list | | Enum: [pass fail warn error skip]
| +| `statusFilter` _[StatusFilter](#statusfilter) array_ | StatusFilter indicates that the Report contains only those reports with statuses specified in this list | | Enum: [pass fail warn error skip]
| -#### PolicyReport +#### Report -PolicyReport is the Schema for the policyreports API +Report is the Schema for the reports API _Appears in:_ -- [PolicyReportList](#policyreportlist) +- [ReportList](#reportlist) | Field | Description | Default | Validation | | --- | --- | --- | --- | | `apiVersion` _string_ | `reports.x-k8s.io/v1beta2` | | | -| `kind` _string_ | `PolicyReport` | | | +| `kind` _string_ | `Report` | | | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `source` _string_ | Source is an identifier for the source e.g. a policy engine that manages this report.
Use this field if all the results are produced by a single policy engine.
If the results are produced by multiple sources e.g. different engines or scanners,
then use the Source field at the PolicyReportResult level. | | | +| `source` _string_ | Source is an identifier for the source e.g. a policy engine that manages this report.
Use this field if all the results are produced by a single policy engine.
If the results are produced by multiple sources e.g. different engines or scanners,
then use the Source field at the ReportResult level. | | | | `scope` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectreference-v1-core)_ | Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) | | | | `scopeSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta)_ | ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. | | | -| `configuration` _[PolicyReportConfiguration](#policyreportconfiguration)_ | Configuration is an optional field which can be used to specify
a contract between PolicyReport generators and consumers | | | -| `summary` _[PolicyReportSummary](#policyreportsummary)_ | PolicyReportSummary provides a summary of results | | | -| `results` _[PolicyReportResult](#policyreportresult) array_ | PolicyReportResult provides result details | | | +| `configuration` _[ReportConfiguration](#reportconfiguration)_ | Configuration is an optional field which can be used to specify
a contract between Report generators and consumers | | | +| `summary` _[ReportSummary](#reportsummary)_ | ReportSummary provides a summary of results | | | +| `results` _[ReportResult](#reportresult) array_ | ReportResult provides result details | | | -#### PolicyReportConfiguration +#### ReportConfiguration @@ -110,19 +110,19 @@ _Appears in:_ _Appears in:_ -- [ClusterPolicyReport](#clusterpolicyreport) -- [PolicyReport](#policyreport) +- [ClusterReport](#clusterreport) +- [Report](#report) | Field | Description | Default | Validation | | --- | --- | --- | --- | | `limits` _[Limits](#limits)_ | | | | -#### PolicyReportList +#### ReportList -PolicyReportList contains a list of PolicyReport +ReportList contains a list of Report @@ -131,32 +131,32 @@ PolicyReportList contains a list of PolicyReport | Field | Description | Default | Validation | | --- | --- | --- | --- | | `apiVersion` _string_ | `reports.x-k8s.io/v1beta2` | | | -| `kind` _string_ | `PolicyReportList` | | | +| `kind` _string_ | `ReportList` | | | | `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `items` _[PolicyReport](#policyreport) array_ | | | | +| `items` _[Report](#report) array_ | | | | -#### PolicyReportResult +#### ReportResult -PolicyReportResult provides the result for an individual policy +ReportResult provides the result for an individual policy _Appears in:_ -- [ClusterPolicyReport](#clusterpolicyreport) -- [PolicyReport](#policyreport) +- [ClusterReport](#clusterreport) +- [Report](#report) | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `source` _string_ | Source is an identifier for the policy engine that manages this report
If the Source is specified at this level, it will override the Source
field set at the PolicyReport level | | | +| `source` _string_ | Source is an identifier for the policy engine that manages this report
If the Source is specified at this level, it will override the Source
field set at the Report level | | | | `policy` _string_ | Policy is the name or identifier of the policy | | | | `rule` _string_ | Rule is the name or identifier of the rule within the policy | | | | `category` _string_ | Category indicates policy category | | | -| `severity` _[PolicyResultSeverity](#policyresultseverity)_ | Severity indicates policy check result criticality | | Enum: [critical high low medium info]
| +| `severity` _[ResultSeverity](#resultseverity)_ | Severity indicates policy check result criticality | | Enum: [critical high low medium info]
| | `timestamp` _[Timestamp](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#timestamp-v1-meta)_ | Timestamp indicates the time the result was found | | | -| `result` _[PolicyResult](#policyresult)_ | Result indicates the outcome of the policy rule execution | | Enum: [pass fail warn error skip]
| +| `result` _[Result](#result)_ | Result indicates the outcome of the policy rule execution | | Enum: [pass fail warn error skip]
| | `scored` _boolean_ | Scored indicates if this result is scored | | | | `resources` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectreference-v1-core) array_ | Subjects is an optional reference to the checked Kubernetes resources | | | | `resourceSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta)_ | ResourceSelector is an optional label selector for checked Kubernetes resources.
For example, a policy result may apply to all pods that match a label.
Either a Subject or a ResourceSelector can be specified. If neither are provided, the
result is assumed to be for the policy report scope. | | | @@ -164,17 +164,17 @@ _Appears in:_ | `properties` _object (keys:string, values:string)_ | Properties provides additional information for the policy rule | | | -#### PolicyReportSummary +#### ReportSummary -PolicyReportSummary provides a status count summary +ReportSummary provides a status count summary _Appears in:_ -- [ClusterPolicyReport](#clusterpolicyreport) -- [PolicyReport](#policyreport) +- [ClusterReport](#clusterreport) +- [Report](#report) | Field | Description | Default | Validation | | --- | --- | --- | --- | @@ -185,11 +185,11 @@ _Appears in:_ | `skip` _integer_ | Skip indicates the count of policies that were not selected for evaluation | | | -#### PolicyResult +#### Result _Underlying type:_ _string_ -PolicyResult has one of the following values: +Result has one of the following values: - pass: the policy requirements are met - fail: the policy requirements are not met - warn: the policy requirements are not met and the policy is not scored @@ -200,15 +200,15 @@ _Validation:_ - Enum: [pass fail warn error skip] _Appears in:_ -- [PolicyReportResult](#policyreportresult) +- [ReportResult](#reportresult) -#### PolicyResultSeverity +#### ResultSeverity _Underlying type:_ _string_ -PolicyResultSeverity has one of the following values: +ResultSeverity has one of the following values: - critical - high - low @@ -219,7 +219,7 @@ _Validation:_ - Enum: [critical high low medium info] _Appears in:_ -- [PolicyReportResult](#policyreportresult) +- [ReportResult](#reportresult) @@ -227,7 +227,7 @@ _Appears in:_ _Underlying type:_ _string_ -StatusFilter is used by PolicyReport generators to write only those reports whose status is specified by the filters +StatusFilter is used by Report generators to write only those reports whose status is specified by the filters _Validation:_ - Enum: [pass fail warn error skip] diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterpolicyreport.go deleted file mode 100644 index ca341e5..0000000 --- a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterpolicyreport.go +++ /dev/null @@ -1,167 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -// Code generated by client-gen. DO NOT EDIT. - -package v1beta2 - -import ( - "context" - "time" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" - v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" - scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" -) - -// ClusterPolicyReportsGetter has a method to return a ClusterPolicyReportInterface. -// A group's client should implement this interface. -type ClusterPolicyReportsGetter interface { - ClusterPolicyReports() ClusterPolicyReportInterface -} - -// ClusterPolicyReportInterface has methods to work with ClusterPolicyReport resources. -type ClusterPolicyReportInterface interface { - Create(ctx context.Context, clusterPolicyReport *v1beta2.ClusterPolicyReport, opts v1.CreateOptions) (*v1beta2.ClusterPolicyReport, error) - Update(ctx context.Context, clusterPolicyReport *v1beta2.ClusterPolicyReport, opts v1.UpdateOptions) (*v1beta2.ClusterPolicyReport, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta2.ClusterPolicyReport, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta2.ClusterPolicyReportList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.ClusterPolicyReport, err error) - ClusterPolicyReportExpansion -} - -// clusterPolicyReports implements ClusterPolicyReportInterface -type clusterPolicyReports struct { - client rest.Interface -} - -// newClusterPolicyReports returns a ClusterPolicyReports -func newClusterPolicyReports(c *ReportsV1beta2Client) *clusterPolicyReports { - return &clusterPolicyReports{ - client: c.RESTClient(), - } -} - -// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any. -func (c *clusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.ClusterPolicyReport, err error) { - result = &v1beta2.ClusterPolicyReport{} - err = c.client.Get(). - Resource("clusterpolicyreports"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors. -func (c *clusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.ClusterPolicyReportList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta2.ClusterPolicyReportList{} - err = c.client.Get(). - Resource("clusterpolicyreports"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested clusterPolicyReports. -func (c *clusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("clusterpolicyreports"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. -func (c *clusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1beta2.ClusterPolicyReport, opts v1.CreateOptions) (result *v1beta2.ClusterPolicyReport, err error) { - result = &v1beta2.ClusterPolicyReport{} - err = c.client.Post(). - Resource("clusterpolicyreports"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(clusterPolicyReport). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. -func (c *clusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1beta2.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1beta2.ClusterPolicyReport, err error) { - result = &v1beta2.ClusterPolicyReport{} - err = c.client.Put(). - Resource("clusterpolicyreports"). - Name(clusterPolicyReport.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(clusterPolicyReport). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs. -func (c *clusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("clusterpolicyreports"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *clusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("clusterpolicyreports"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched clusterPolicyReport. -func (c *clusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.ClusterPolicyReport, err error) { - result = &v1beta2.ClusterPolicyReport{} - err = c.client.Patch(pt). - Resource("clusterpolicyreports"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterreport.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterreport.go new file mode 100644 index 0000000..9dcb945 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterreport.go @@ -0,0 +1,167 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "context" + "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" + scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" +) + +// ClusterReportsGetter has a method to return a ClusterReportInterface. +// A group's client should implement this interface. +type ClusterReportsGetter interface { + ClusterReports() ClusterReportInterface +} + +// ClusterReportInterface has methods to work with ClusterReport resources. +type ClusterReportInterface interface { + Create(ctx context.Context, clusterReport *v1beta2.ClusterReport, opts v1.CreateOptions) (*v1beta2.ClusterReport, error) + Update(ctx context.Context, clusterReport *v1beta2.ClusterReport, opts v1.UpdateOptions) (*v1beta2.ClusterReport, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta2.ClusterReport, error) + List(ctx context.Context, opts v1.ListOptions) (*v1beta2.ClusterReportList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.ClusterReport, err error) + ClusterReportExpansion +} + +// clusterReports implements ClusterReportInterface +type clusterReports struct { + client rest.Interface +} + +// newClusterReports returns a ClusterReports +func newClusterReports(c *ReportsV1beta2Client) *clusterReports { + return &clusterReports{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterReport, and returns the corresponding clusterReport object, and an error if there is any. +func (c *clusterReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.ClusterReport, err error) { + result = &v1beta2.ClusterReport{} + err = c.client.Get(). + Resource("clusterreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterReports that match those selectors. +func (c *clusterReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.ClusterReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1beta2.ClusterReportList{} + err = c.client.Get(). + Resource("clusterreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterReports. +func (c *clusterReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterReport and creates it. Returns the server's representation of the clusterReport, and an error, if there is any. +func (c *clusterReports) Create(ctx context.Context, clusterReport *v1beta2.ClusterReport, opts v1.CreateOptions) (result *v1beta2.ClusterReport, err error) { + result = &v1beta2.ClusterReport{} + err = c.client.Post(). + Resource("clusterreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterReport and updates it. Returns the server's representation of the clusterReport, and an error, if there is any. +func (c *clusterReports) Update(ctx context.Context, clusterReport *v1beta2.ClusterReport, opts v1.UpdateOptions) (result *v1beta2.ClusterReport, err error) { + result = &v1beta2.ClusterReport{} + err = c.client.Put(). + Resource("clusterreports"). + Name(clusterReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterReport and deletes it. Returns an error if one occurs. +func (c *clusterReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterReport. +func (c *clusterReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.ClusterReport, err error) { + result = &v1beta2.ClusterReport{} + err = c.client.Patch(pt). + Resource("clusterreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterpolicyreport.go deleted file mode 100644 index 119c43c..0000000 --- a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterpolicyreport.go +++ /dev/null @@ -1,120 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" - v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" -) - -// FakeClusterPolicyReports implements ClusterPolicyReportInterface -type FakeClusterPolicyReports struct { - Fake *FakeReportsV1beta2 -} - -var clusterpolicyreportsResource = v1beta2.SchemeGroupVersion.WithResource("clusterpolicyreports") - -var clusterpolicyreportsKind = v1beta2.SchemeGroupVersion.WithKind("ClusterPolicyReport") - -// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any. -func (c *FakeClusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.ClusterPolicyReport, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootGetAction(clusterpolicyreportsResource, name), &v1beta2.ClusterPolicyReport{}) - if obj == nil { - return nil, err - } - return obj.(*v1beta2.ClusterPolicyReport), err -} - -// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors. -func (c *FakeClusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.ClusterPolicyReportList, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootListAction(clusterpolicyreportsResource, clusterpolicyreportsKind, opts), &v1beta2.ClusterPolicyReportList{}) - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1beta2.ClusterPolicyReportList{ListMeta: obj.(*v1beta2.ClusterPolicyReportList).ListMeta} - for _, item := range obj.(*v1beta2.ClusterPolicyReportList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested clusterPolicyReports. -func (c *FakeClusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewRootWatchAction(clusterpolicyreportsResource, opts)) -} - -// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. -func (c *FakeClusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1beta2.ClusterPolicyReport, opts v1.CreateOptions) (result *v1beta2.ClusterPolicyReport, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootCreateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1beta2.ClusterPolicyReport{}) - if obj == nil { - return nil, err - } - return obj.(*v1beta2.ClusterPolicyReport), err -} - -// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any. -func (c *FakeClusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1beta2.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1beta2.ClusterPolicyReport, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1beta2.ClusterPolicyReport{}) - if obj == nil { - return nil, err - } - return obj.(*v1beta2.ClusterPolicyReport), err -} - -// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs. -func (c *FakeClusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewRootDeleteActionWithOptions(clusterpolicyreportsResource, name, opts), &v1beta2.ClusterPolicyReport{}) - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeClusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewRootDeleteCollectionAction(clusterpolicyreportsResource, listOpts) - - _, err := c.Fake.Invokes(action, &v1beta2.ClusterPolicyReportList{}) - return err -} - -// Patch applies the patch and returns the patched clusterPolicyReport. -func (c *FakeClusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.ClusterPolicyReport, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyreportsResource, name, pt, data, subresources...), &v1beta2.ClusterPolicyReport{}) - if obj == nil { - return nil, err - } - return obj.(*v1beta2.ClusterPolicyReport), err -} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterreport.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterreport.go new file mode 100644 index 0000000..5eb93e6 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterreport.go @@ -0,0 +1,120 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" +) + +// FakeClusterReports implements ClusterReportInterface +type FakeClusterReports struct { + Fake *FakeReportsV1beta2 +} + +var clusterreportsResource = v1beta2.SchemeGroupVersion.WithResource("clusterreports") + +var clusterreportsKind = v1beta2.SchemeGroupVersion.WithKind("ClusterReport") + +// Get takes name of the clusterReport, and returns the corresponding clusterReport object, and an error if there is any. +func (c *FakeClusterReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.ClusterReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterreportsResource, name), &v1beta2.ClusterReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta2.ClusterReport), err +} + +// List takes label and field selectors, and returns the list of ClusterReports that match those selectors. +func (c *FakeClusterReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.ClusterReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterreportsResource, clusterreportsKind, opts), &v1beta2.ClusterReportList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1beta2.ClusterReportList{ListMeta: obj.(*v1beta2.ClusterReportList).ListMeta} + for _, item := range obj.(*v1beta2.ClusterReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterReports. +func (c *FakeClusterReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterreportsResource, opts)) +} + +// Create takes the representation of a clusterReport and creates it. Returns the server's representation of the clusterReport, and an error, if there is any. +func (c *FakeClusterReports) Create(ctx context.Context, clusterReport *v1beta2.ClusterReport, opts v1.CreateOptions) (result *v1beta2.ClusterReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterreportsResource, clusterReport), &v1beta2.ClusterReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta2.ClusterReport), err +} + +// Update takes the representation of a clusterReport and updates it. Returns the server's representation of the clusterReport, and an error, if there is any. +func (c *FakeClusterReports) Update(ctx context.Context, clusterReport *v1beta2.ClusterReport, opts v1.UpdateOptions) (result *v1beta2.ClusterReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterreportsResource, clusterReport), &v1beta2.ClusterReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta2.ClusterReport), err +} + +// Delete takes name of the clusterReport and deletes it. Returns an error if one occurs. +func (c *FakeClusterReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterreportsResource, name, opts), &v1beta2.ClusterReport{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterreportsResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1beta2.ClusterReportList{}) + return err +} + +// Patch applies the patch and returns the patched clusterReport. +func (c *FakeClusterReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.ClusterReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterreportsResource, name, pt, data, subresources...), &v1beta2.ClusterReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta2.ClusterReport), err +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_policyreport.go deleted file mode 100644 index 4ab6f2d..0000000 --- a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_policyreport.go +++ /dev/null @@ -1,128 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" - v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" -) - -// FakePolicyReports implements PolicyReportInterface -type FakePolicyReports struct { - Fake *FakeReportsV1beta2 - ns string -} - -var policyreportsResource = v1beta2.SchemeGroupVersion.WithResource("policyreports") - -var policyreportsKind = v1beta2.SchemeGroupVersion.WithKind("PolicyReport") - -// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any. -func (c *FakePolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.PolicyReport, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(policyreportsResource, c.ns, name), &v1beta2.PolicyReport{}) - - if obj == nil { - return nil, err - } - return obj.(*v1beta2.PolicyReport), err -} - -// List takes label and field selectors, and returns the list of PolicyReports that match those selectors. -func (c *FakePolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.PolicyReportList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(policyreportsResource, policyreportsKind, c.ns, opts), &v1beta2.PolicyReportList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1beta2.PolicyReportList{ListMeta: obj.(*v1beta2.PolicyReportList).ListMeta} - for _, item := range obj.(*v1beta2.PolicyReportList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested policyReports. -func (c *FakePolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(policyreportsResource, c.ns, opts)) - -} - -// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any. -func (c *FakePolicyReports) Create(ctx context.Context, policyReport *v1beta2.PolicyReport, opts v1.CreateOptions) (result *v1beta2.PolicyReport, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(policyreportsResource, c.ns, policyReport), &v1beta2.PolicyReport{}) - - if obj == nil { - return nil, err - } - return obj.(*v1beta2.PolicyReport), err -} - -// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any. -func (c *FakePolicyReports) Update(ctx context.Context, policyReport *v1beta2.PolicyReport, opts v1.UpdateOptions) (result *v1beta2.PolicyReport, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(policyreportsResource, c.ns, policyReport), &v1beta2.PolicyReport{}) - - if obj == nil { - return nil, err - } - return obj.(*v1beta2.PolicyReport), err -} - -// Delete takes name of the policyReport and deletes it. Returns an error if one occurs. -func (c *FakePolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteActionWithOptions(policyreportsResource, c.ns, name, opts), &v1beta2.PolicyReport{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakePolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(policyreportsResource, c.ns, listOpts) - - _, err := c.Fake.Invokes(action, &v1beta2.PolicyReportList{}) - return err -} - -// Patch applies the patch and returns the patched policyReport. -func (c *FakePolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.PolicyReport, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(policyreportsResource, c.ns, name, pt, data, subresources...), &v1beta2.PolicyReport{}) - - if obj == nil { - return nil, err - } - return obj.(*v1beta2.PolicyReport), err -} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_report.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_report.go new file mode 100644 index 0000000..a49c196 --- /dev/null +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_report.go @@ -0,0 +1,128 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" +) + +// FakeReports implements ReportInterface +type FakeReports struct { + Fake *FakeReportsV1beta2 + ns string +} + +var reportsResource = v1beta2.SchemeGroupVersion.WithResource("reports") + +var reportsKind = v1beta2.SchemeGroupVersion.WithKind("Report") + +// Get takes name of the report, and returns the corresponding report object, and an error if there is any. +func (c *FakeReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.Report, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(reportsResource, c.ns, name), &v1beta2.Report{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta2.Report), err +} + +// List takes label and field selectors, and returns the list of Reports that match those selectors. +func (c *FakeReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.ReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(reportsResource, reportsKind, c.ns, opts), &v1beta2.ReportList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1beta2.ReportList{ListMeta: obj.(*v1beta2.ReportList).ListMeta} + for _, item := range obj.(*v1beta2.ReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested reports. +func (c *FakeReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(reportsResource, c.ns, opts)) + +} + +// Create takes the representation of a report and creates it. Returns the server's representation of the report, and an error, if there is any. +func (c *FakeReports) Create(ctx context.Context, report *v1beta2.Report, opts v1.CreateOptions) (result *v1beta2.Report, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(reportsResource, c.ns, report), &v1beta2.Report{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta2.Report), err +} + +// Update takes the representation of a report and updates it. Returns the server's representation of the report, and an error, if there is any. +func (c *FakeReports) Update(ctx context.Context, report *v1beta2.Report, opts v1.UpdateOptions) (result *v1beta2.Report, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(reportsResource, c.ns, report), &v1beta2.Report{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta2.Report), err +} + +// Delete takes name of the report and deletes it. Returns an error if one occurs. +func (c *FakeReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(reportsResource, c.ns, name, opts), &v1beta2.Report{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(reportsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1beta2.ReportList{}) + return err +} + +// Patch applies the patch and returns the patched report. +func (c *FakeReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.Report, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(reportsResource, c.ns, name, pt, data, subresources...), &v1beta2.Report{}) + + if obj == nil { + return nil, err + } + return obj.(*v1beta2.Report), err +} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_reports.x-k8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_reports.x-k8s.io_client.go index f0613f2..3431db8 100644 --- a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_reports.x-k8s.io_client.go +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_reports.x-k8s.io_client.go @@ -27,12 +27,12 @@ type FakeReportsV1beta2 struct { *testing.Fake } -func (c *FakeReportsV1beta2) ClusterPolicyReports() v1beta2.ClusterPolicyReportInterface { - return &FakeClusterPolicyReports{c} +func (c *FakeReportsV1beta2) ClusterReports() v1beta2.ClusterReportInterface { + return &FakeClusterReports{c} } -func (c *FakeReportsV1beta2) PolicyReports(namespace string) v1beta2.PolicyReportInterface { - return &FakePolicyReports{c, namespace} +func (c *FakeReportsV1beta2) Reports(namespace string) v1beta2.ReportInterface { + return &FakeReports{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/generated_expansion.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/generated_expansion.go index a878c0e..dde8e6c 100644 --- a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/generated_expansion.go +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/generated_expansion.go @@ -17,6 +17,6 @@ limitations under the License. package v1beta2 -type ClusterPolicyReportExpansion interface{} +type ClusterReportExpansion interface{} -type PolicyReportExpansion interface{} +type ReportExpansion interface{} diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/report.go similarity index 50% rename from policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/policyreport.go rename to policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/report.go index 502ea60..3763543 100644 --- a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/policyreport.go +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/report.go @@ -29,45 +29,45 @@ import ( scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme" ) -// PolicyReportsGetter has a method to return a PolicyReportInterface. +// ReportsGetter has a method to return a ReportInterface. // A group's client should implement this interface. -type PolicyReportsGetter interface { - PolicyReports(namespace string) PolicyReportInterface +type ReportsGetter interface { + Reports(namespace string) ReportInterface } -// PolicyReportInterface has methods to work with PolicyReport resources. -type PolicyReportInterface interface { - Create(ctx context.Context, policyReport *v1beta2.PolicyReport, opts v1.CreateOptions) (*v1beta2.PolicyReport, error) - Update(ctx context.Context, policyReport *v1beta2.PolicyReport, opts v1.UpdateOptions) (*v1beta2.PolicyReport, error) +// ReportInterface has methods to work with Report resources. +type ReportInterface interface { + Create(ctx context.Context, report *v1beta2.Report, opts v1.CreateOptions) (*v1beta2.Report, error) + Update(ctx context.Context, report *v1beta2.Report, opts v1.UpdateOptions) (*v1beta2.Report, error) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta2.PolicyReport, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta2.PolicyReportList, error) + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta2.Report, error) + List(ctx context.Context, opts v1.ListOptions) (*v1beta2.ReportList, error) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.PolicyReport, err error) - PolicyReportExpansion + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.Report, err error) + ReportExpansion } -// policyReports implements PolicyReportInterface -type policyReports struct { +// reports implements ReportInterface +type reports struct { client rest.Interface ns string } -// newPolicyReports returns a PolicyReports -func newPolicyReports(c *ReportsV1beta2Client, namespace string) *policyReports { - return &policyReports{ +// newReports returns a Reports +func newReports(c *ReportsV1beta2Client, namespace string) *reports { + return &reports{ client: c.RESTClient(), ns: namespace, } } -// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any. -func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.PolicyReport, err error) { - result = &v1beta2.PolicyReport{} +// Get takes name of the report, and returns the corresponding report object, and an error if there is any. +func (c *reports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.Report, err error) { + result = &v1beta2.Report{} err = c.client.Get(). Namespace(c.ns). - Resource("policyreports"). + Resource("reports"). Name(name). VersionedParams(&options, scheme.ParameterCodec). Do(ctx). @@ -75,16 +75,16 @@ func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOpti return } -// List takes label and field selectors, and returns the list of PolicyReports that match those selectors. -func (c *policyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.PolicyReportList, err error) { +// List takes label and field selectors, and returns the list of Reports that match those selectors. +func (c *reports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.ReportList, err error) { var timeout time.Duration if opts.TimeoutSeconds != nil { timeout = time.Duration(*opts.TimeoutSeconds) * time.Second } - result = &v1beta2.PolicyReportList{} + result = &v1beta2.ReportList{} err = c.client.Get(). Namespace(c.ns). - Resource("policyreports"). + Resource("reports"). VersionedParams(&opts, scheme.ParameterCodec). Timeout(timeout). Do(ctx). @@ -92,8 +92,8 @@ func (c *policyReports) List(ctx context.Context, opts v1.ListOptions) (result * return } -// Watch returns a watch.Interface that watches the requested policyReports. -func (c *policyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { +// Watch returns a watch.Interface that watches the requested reports. +func (c *reports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { var timeout time.Duration if opts.TimeoutSeconds != nil { timeout = time.Duration(*opts.TimeoutSeconds) * time.Second @@ -101,44 +101,44 @@ func (c *policyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.I opts.Watch = true return c.client.Get(). Namespace(c.ns). - Resource("policyreports"). + Resource("reports"). VersionedParams(&opts, scheme.ParameterCodec). Timeout(timeout). Watch(ctx) } -// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any. -func (c *policyReports) Create(ctx context.Context, policyReport *v1beta2.PolicyReport, opts v1.CreateOptions) (result *v1beta2.PolicyReport, err error) { - result = &v1beta2.PolicyReport{} +// Create takes the representation of a report and creates it. Returns the server's representation of the report, and an error, if there is any. +func (c *reports) Create(ctx context.Context, report *v1beta2.Report, opts v1.CreateOptions) (result *v1beta2.Report, err error) { + result = &v1beta2.Report{} err = c.client.Post(). Namespace(c.ns). - Resource("policyreports"). + Resource("reports"). VersionedParams(&opts, scheme.ParameterCodec). - Body(policyReport). + Body(report). Do(ctx). Into(result) return } -// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any. -func (c *policyReports) Update(ctx context.Context, policyReport *v1beta2.PolicyReport, opts v1.UpdateOptions) (result *v1beta2.PolicyReport, err error) { - result = &v1beta2.PolicyReport{} +// Update takes the representation of a report and updates it. Returns the server's representation of the report, and an error, if there is any. +func (c *reports) Update(ctx context.Context, report *v1beta2.Report, opts v1.UpdateOptions) (result *v1beta2.Report, err error) { + result = &v1beta2.Report{} err = c.client.Put(). Namespace(c.ns). - Resource("policyreports"). - Name(policyReport.Name). + Resource("reports"). + Name(report.Name). VersionedParams(&opts, scheme.ParameterCodec). - Body(policyReport). + Body(report). Do(ctx). Into(result) return } -// Delete takes name of the policyReport and deletes it. Returns an error if one occurs. -func (c *policyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { +// Delete takes name of the report and deletes it. Returns an error if one occurs. +func (c *reports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { return c.client.Delete(). Namespace(c.ns). - Resource("policyreports"). + Resource("reports"). Name(name). Body(&opts). Do(ctx). @@ -146,14 +146,14 @@ func (c *policyReports) Delete(ctx context.Context, name string, opts v1.DeleteO } // DeleteCollection deletes a collection of objects. -func (c *policyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { +func (c *reports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { var timeout time.Duration if listOpts.TimeoutSeconds != nil { timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second } return c.client.Delete(). Namespace(c.ns). - Resource("policyreports"). + Resource("reports"). VersionedParams(&listOpts, scheme.ParameterCodec). Timeout(timeout). Body(&opts). @@ -161,12 +161,12 @@ func (c *policyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOpti Error() } -// Patch applies the patch and returns the patched policyReport. -func (c *policyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.PolicyReport, err error) { - result = &v1beta2.PolicyReport{} +// Patch applies the patch and returns the patched report. +func (c *reports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.Report, err error) { + result = &v1beta2.Report{} err = c.client.Patch(pt). Namespace(c.ns). - Resource("policyreports"). + Resource("reports"). Name(name). SubResource(subresources...). VersionedParams(&opts, scheme.ParameterCodec). diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/reports.x-k8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/reports.x-k8s.io_client.go index 2729914..998c9c9 100644 --- a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/reports.x-k8s.io_client.go +++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/reports.x-k8s.io_client.go @@ -27,8 +27,8 @@ import ( type ReportsV1beta2Interface interface { RESTClient() rest.Interface - ClusterPolicyReportsGetter - PolicyReportsGetter + ClusterReportsGetter + ReportsGetter } // ReportsV1beta2Client is used to interact with features provided by the reports.x-k8s.io group. @@ -36,12 +36,12 @@ type ReportsV1beta2Client struct { restClient rest.Interface } -func (c *ReportsV1beta2Client) ClusterPolicyReports() ClusterPolicyReportInterface { - return newClusterPolicyReports(c) +func (c *ReportsV1beta2Client) ClusterReports() ClusterReportInterface { + return newClusterReports(c) } -func (c *ReportsV1beta2Client) PolicyReports(namespace string) PolicyReportInterface { - return newPolicyReports(c, namespace) +func (c *ReportsV1beta2Client) Reports(namespace string) ReportInterface { + return newReports(c, namespace) } // NewForConfig creates a new ReportsV1beta2Client for the given config. diff --git a/policy-report/pkg/client/informers/externalversions/generic.go b/policy-report/pkg/client/informers/externalversions/generic.go index 250e2b9..7279c92 100644 --- a/policy-report/pkg/client/informers/externalversions/generic.go +++ b/policy-report/pkg/client/informers/externalversions/generic.go @@ -55,10 +55,10 @@ func (f *genericInformer) Lister() cache.GenericLister { func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { switch resource { // Group=reports.x-k8s.io, Version=v1beta2 - case v1beta2.SchemeGroupVersion.WithResource("clusterpolicyreports"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1beta2().ClusterPolicyReports().Informer()}, nil - case v1beta2.SchemeGroupVersion.WithResource("policyreports"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1beta2().PolicyReports().Informer()}, nil + case v1beta2.SchemeGroupVersion.WithResource("clusterreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1beta2().ClusterReports().Informer()}, nil + case v1beta2.SchemeGroupVersion.WithResource("reports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1beta2().Reports().Informer()}, nil // Group=wgpolicyk8s.io, Version=v1alpha1 case v1alpha1.SchemeGroupVersion.WithResource("clusterpolicyreports"): diff --git a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/policyreport.go b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterreport.go similarity index 56% rename from policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/policyreport.go rename to policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterreport.go index 846ba00..eed303d 100644 --- a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/policyreport.go +++ b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterreport.go @@ -31,59 +31,58 @@ import ( v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2" ) -// PolicyReportInformer provides access to a shared informer and lister for -// PolicyReports. -type PolicyReportInformer interface { +// ClusterReportInformer provides access to a shared informer and lister for +// ClusterReports. +type ClusterReportInformer interface { Informer() cache.SharedIndexInformer - Lister() v1beta2.PolicyReportLister + Lister() v1beta2.ClusterReportLister } -type policyReportInformer struct { +type clusterReportInformer struct { factory internalinterfaces.SharedInformerFactory tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string } -// NewPolicyReportInformer constructs a new informer for PolicyReport type. +// NewClusterReportInformer constructs a new informer for ClusterReport type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPolicyReportInformer(client, namespace, resyncPeriod, indexers, nil) +func NewClusterReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterReportInformer(client, resyncPeriod, indexers, nil) } -// NewFilteredPolicyReportInformer constructs a new informer for PolicyReport type. +// NewFilteredClusterReportInformer constructs a new informer for ClusterReport type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewFilteredPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { +func NewFilteredClusterReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( &cache.ListWatch{ ListFunc: func(options v1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.ReportsV1beta2().PolicyReports(namespace).List(context.TODO(), options) + return client.ReportsV1beta2().ClusterReports().List(context.TODO(), options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.ReportsV1beta2().PolicyReports(namespace).Watch(context.TODO(), options) + return client.ReportsV1beta2().ClusterReports().Watch(context.TODO(), options) }, }, - &reportsxk8siov1beta2.PolicyReport{}, + &reportsxk8siov1beta2.ClusterReport{}, resyncPeriod, indexers, ) } -func (f *policyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPolicyReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +func (f *clusterReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) } -func (f *policyReportInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&reportsxk8siov1beta2.PolicyReport{}, f.defaultInformer) +func (f *clusterReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&reportsxk8siov1beta2.ClusterReport{}, f.defaultInformer) } -func (f *policyReportInformer) Lister() v1beta2.PolicyReportLister { - return v1beta2.NewPolicyReportLister(f.Informer().GetIndexer()) +func (f *clusterReportInformer) Lister() v1beta2.ClusterReportLister { + return v1beta2.NewClusterReportLister(f.Informer().GetIndexer()) } diff --git a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/interface.go b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/interface.go index b04cea1..3069237 100644 --- a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/interface.go +++ b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/interface.go @@ -23,10 +23,10 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // ClusterPolicyReports returns a ClusterPolicyReportInformer. - ClusterPolicyReports() ClusterPolicyReportInformer - // PolicyReports returns a PolicyReportInformer. - PolicyReports() PolicyReportInformer + // ClusterReports returns a ClusterReportInformer. + ClusterReports() ClusterReportInformer + // Reports returns a ReportInformer. + Reports() ReportInformer } type version struct { @@ -40,12 +40,12 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// ClusterPolicyReports returns a ClusterPolicyReportInformer. -func (v *version) ClusterPolicyReports() ClusterPolicyReportInformer { - return &clusterPolicyReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +// ClusterReports returns a ClusterReportInformer. +func (v *version) ClusterReports() ClusterReportInformer { + return &clusterReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } -// PolicyReports returns a PolicyReportInformer. -func (v *version) PolicyReports() PolicyReportInformer { - return &policyReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// Reports returns a ReportInformer. +func (v *version) Reports() ReportInformer { + return &reportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterpolicyreport.go b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/report.go similarity index 58% rename from policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterpolicyreport.go rename to policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/report.go index 4b340ed..7a229d9 100644 --- a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterpolicyreport.go +++ b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/report.go @@ -31,58 +31,59 @@ import ( v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2" ) -// ClusterPolicyReportInformer provides access to a shared informer and lister for -// ClusterPolicyReports. -type ClusterPolicyReportInformer interface { +// ReportInformer provides access to a shared informer and lister for +// Reports. +type ReportInformer interface { Informer() cache.SharedIndexInformer - Lister() v1beta2.ClusterPolicyReportLister + Lister() v1beta2.ReportLister } -type clusterPolicyReportInformer struct { +type reportInformer struct { factory internalinterfaces.SharedInformerFactory tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string } -// NewClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type. +// NewReportInformer constructs a new informer for Report type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, indexers, nil) +func NewReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredReportInformer(client, namespace, resyncPeriod, indexers, nil) } -// NewFilteredClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type. +// NewFilteredReportInformer constructs a new informer for Report type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { +func NewFilteredReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( &cache.ListWatch{ ListFunc: func(options v1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.ReportsV1beta2().ClusterPolicyReports().List(context.TODO(), options) + return client.ReportsV1beta2().Reports(namespace).List(context.TODO(), options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.ReportsV1beta2().ClusterPolicyReports().Watch(context.TODO(), options) + return client.ReportsV1beta2().Reports(namespace).Watch(context.TODO(), options) }, }, - &reportsxk8siov1beta2.ClusterPolicyReport{}, + &reportsxk8siov1beta2.Report{}, resyncPeriod, indexers, ) } -func (f *clusterPolicyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +func (f *reportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) } -func (f *clusterPolicyReportInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&reportsxk8siov1beta2.ClusterPolicyReport{}, f.defaultInformer) +func (f *reportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&reportsxk8siov1beta2.Report{}, f.defaultInformer) } -func (f *clusterPolicyReportInformer) Lister() v1beta2.ClusterPolicyReportLister { - return v1beta2.NewClusterPolicyReportLister(f.Informer().GetIndexer()) +func (f *reportInformer) Lister() v1beta2.ReportLister { + return v1beta2.NewReportLister(f.Informer().GetIndexer()) } diff --git a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterpolicyreport.go b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterpolicyreport.go deleted file mode 100644 index 382775b..0000000 --- a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterpolicyreport.go +++ /dev/null @@ -1,67 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta2 - -import ( - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" - v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" -) - -// ClusterPolicyReportLister helps list ClusterPolicyReports. -// All objects returned here must be treated as read-only. -type ClusterPolicyReportLister interface { - // List lists all ClusterPolicyReports in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.ClusterPolicyReport, err error) - // Get retrieves the ClusterPolicyReport from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta2.ClusterPolicyReport, error) - ClusterPolicyReportListerExpansion -} - -// clusterPolicyReportLister implements the ClusterPolicyReportLister interface. -type clusterPolicyReportLister struct { - indexer cache.Indexer -} - -// NewClusterPolicyReportLister returns a new ClusterPolicyReportLister. -func NewClusterPolicyReportLister(indexer cache.Indexer) ClusterPolicyReportLister { - return &clusterPolicyReportLister{indexer: indexer} -} - -// List lists all ClusterPolicyReports in the indexer. -func (s *clusterPolicyReportLister) List(selector labels.Selector) (ret []*v1beta2.ClusterPolicyReport, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.ClusterPolicyReport)) - }) - return ret, err -} - -// Get retrieves the ClusterPolicyReport from the index for a given name. -func (s *clusterPolicyReportLister) Get(name string) (*v1beta2.ClusterPolicyReport, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta2.Resource("clusterpolicyreport"), name) - } - return obj.(*v1beta2.ClusterPolicyReport), nil -} diff --git a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterreport.go b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterreport.go new file mode 100644 index 0000000..38eb371 --- /dev/null +++ b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterreport.go @@ -0,0 +1,67 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" +) + +// ClusterReportLister helps list ClusterReports. +// All objects returned here must be treated as read-only. +type ClusterReportLister interface { + // List lists all ClusterReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta2.ClusterReport, err error) + // Get retrieves the ClusterReport from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1beta2.ClusterReport, error) + ClusterReportListerExpansion +} + +// clusterReportLister implements the ClusterReportLister interface. +type clusterReportLister struct { + indexer cache.Indexer +} + +// NewClusterReportLister returns a new ClusterReportLister. +func NewClusterReportLister(indexer cache.Indexer) ClusterReportLister { + return &clusterReportLister{indexer: indexer} +} + +// List lists all ClusterReports in the indexer. +func (s *clusterReportLister) List(selector labels.Selector) (ret []*v1beta2.ClusterReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1beta2.ClusterReport)) + }) + return ret, err +} + +// Get retrieves the ClusterReport from the index for a given name. +func (s *clusterReportLister) Get(name string) (*v1beta2.ClusterReport, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1beta2.Resource("clusterreport"), name) + } + return obj.(*v1beta2.ClusterReport), nil +} diff --git a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/expansion_generated.go b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/expansion_generated.go index dd08a0f..3dfd739 100644 --- a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/expansion_generated.go +++ b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/expansion_generated.go @@ -17,14 +17,14 @@ limitations under the License. package v1beta2 -// ClusterPolicyReportListerExpansion allows custom methods to be added to -// ClusterPolicyReportLister. -type ClusterPolicyReportListerExpansion interface{} +// ClusterReportListerExpansion allows custom methods to be added to +// ClusterReportLister. +type ClusterReportListerExpansion interface{} -// PolicyReportListerExpansion allows custom methods to be added to -// PolicyReportLister. -type PolicyReportListerExpansion interface{} +// ReportListerExpansion allows custom methods to be added to +// ReportLister. +type ReportListerExpansion interface{} -// PolicyReportNamespaceListerExpansion allows custom methods to be added to -// PolicyReportNamespaceLister. -type PolicyReportNamespaceListerExpansion interface{} +// ReportNamespaceListerExpansion allows custom methods to be added to +// ReportNamespaceLister. +type ReportNamespaceListerExpansion interface{} diff --git a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/policyreport.go b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/policyreport.go deleted file mode 100644 index 508fd4e..0000000 --- a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/policyreport.go +++ /dev/null @@ -1,98 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta2 - -import ( - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" - v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" -) - -// PolicyReportLister helps list PolicyReports. -// All objects returned here must be treated as read-only. -type PolicyReportLister interface { - // List lists all PolicyReports in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.PolicyReport, err error) - // PolicyReports returns an object that can list and get PolicyReports. - PolicyReports(namespace string) PolicyReportNamespaceLister - PolicyReportListerExpansion -} - -// policyReportLister implements the PolicyReportLister interface. -type policyReportLister struct { - indexer cache.Indexer -} - -// NewPolicyReportLister returns a new PolicyReportLister. -func NewPolicyReportLister(indexer cache.Indexer) PolicyReportLister { - return &policyReportLister{indexer: indexer} -} - -// List lists all PolicyReports in the indexer. -func (s *policyReportLister) List(selector labels.Selector) (ret []*v1beta2.PolicyReport, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.PolicyReport)) - }) - return ret, err -} - -// PolicyReports returns an object that can list and get PolicyReports. -func (s *policyReportLister) PolicyReports(namespace string) PolicyReportNamespaceLister { - return policyReportNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// PolicyReportNamespaceLister helps list and get PolicyReports. -// All objects returned here must be treated as read-only. -type PolicyReportNamespaceLister interface { - // List lists all PolicyReports in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.PolicyReport, err error) - // Get retrieves the PolicyReport from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta2.PolicyReport, error) - PolicyReportNamespaceListerExpansion -} - -// policyReportNamespaceLister implements the PolicyReportNamespaceLister -// interface. -type policyReportNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PolicyReports in the indexer for a given namespace. -func (s policyReportNamespaceLister) List(selector labels.Selector) (ret []*v1beta2.PolicyReport, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.PolicyReport)) - }) - return ret, err -} - -// Get retrieves the PolicyReport from the indexer for a given namespace and name. -func (s policyReportNamespaceLister) Get(name string) (*v1beta2.PolicyReport, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta2.Resource("policyreport"), name) - } - return obj.(*v1beta2.PolicyReport), nil -} diff --git a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/report.go b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/report.go new file mode 100644 index 0000000..630f81b --- /dev/null +++ b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/report.go @@ -0,0 +1,98 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" + v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2" +) + +// ReportLister helps list Reports. +// All objects returned here must be treated as read-only. +type ReportLister interface { + // List lists all Reports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta2.Report, err error) + // Reports returns an object that can list and get Reports. + Reports(namespace string) ReportNamespaceLister + ReportListerExpansion +} + +// reportLister implements the ReportLister interface. +type reportLister struct { + indexer cache.Indexer +} + +// NewReportLister returns a new ReportLister. +func NewReportLister(indexer cache.Indexer) ReportLister { + return &reportLister{indexer: indexer} +} + +// List lists all Reports in the indexer. +func (s *reportLister) List(selector labels.Selector) (ret []*v1beta2.Report, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1beta2.Report)) + }) + return ret, err +} + +// Reports returns an object that can list and get Reports. +func (s *reportLister) Reports(namespace string) ReportNamespaceLister { + return reportNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// ReportNamespaceLister helps list and get Reports. +// All objects returned here must be treated as read-only. +type ReportNamespaceLister interface { + // List lists all Reports in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta2.Report, err error) + // Get retrieves the Report from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1beta2.Report, error) + ReportNamespaceListerExpansion +} + +// reportNamespaceLister implements the ReportNamespaceLister +// interface. +type reportNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all Reports in the indexer for a given namespace. +func (s reportNamespaceLister) List(selector labels.Selector) (ret []*v1beta2.Report, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1beta2.Report)) + }) + return ret, err +} + +// Get retrieves the Report from the indexer for a given namespace and name. +func (s reportNamespaceLister) Get(name string) (*v1beta2.Report, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1beta2.Resource("report"), name) + } + return obj.(*v1beta2.Report), nil +} diff --git a/policy-report/samples/sample-cis-k8s.yaml b/policy-report/samples/sample-cis-k8s.yaml new file mode 100644 index 0000000..0c5e4ba --- /dev/null +++ b/policy-report/samples/sample-cis-k8s.yaml @@ -0,0 +1,37 @@ +apiVersion: reports.x-k8s.io/v1beta2 +kind: Report +metadata: + name: sample-cis-bench-api-server + annotations: + name: CIS Kubernetes Benchmarks + category: API Server + version: v1.5.1 - 02-14-2020 +source: kube-bench-adapter +summary: + pass: 8 + fail: 2 + warn: 0 + error: 0 + skip: 0 +results: + - policy: api-server:anonymous-auth + message: ensure that --anonymous-auth argument is set to false + result: warn + scored: true + properties: + category: API Server + index: 1.2.2 + - policy: api-server:basic-auth-file + message: ensure that --basic-auth-file argument is not set + result: fail + scored: true + properties: + category: API Server + index: 1.2.2 + - policy: api-server:token-auth-file + message: ensure that --token-auth-file argument is not set + result: warn + scored: false + properties: + category: API Server + index: 1.2.2 diff --git a/policy-report/samples/sample-co.yaml b/policy-report/samples/sample-co.yaml new file mode 100644 index 0000000..725e054 --- /dev/null +++ b/policy-report/samples/sample-co.yaml @@ -0,0 +1,39 @@ +apiVersion: wgpolicyk8s.io/v1alpha2 +kind: PolicyReport +metadata: + name: sample-fedramp-compliance-operator + labels: + policy.kubernetes.io/engine: openshift-compliance-operator + annotations: + name: FedRAMP Moderate Benchmarks + category: OCP4 CoreOS + file: ssg-ocp4-ds.xml + version: v1.5.1 - 02-14-2020 +summary: + pass: 8 + fail: 1 + warn: 1 + error: 0 + skip: 0 +results: + - policy: xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open + message: |- + Record Events that Modify User/Group Information via open syscall - /etc/group + Creation of groups through direct edition of /etc/group could be an indicator of malicious activity on a system. + Auditing these events could serve as evidence of potential system compromise. + result: fail + scored: true + severity: medium + properties: + suite: fedramp-moderate + scan: workers-scan + - policy: xccdf_org.ssgproject.content_rule_sshd_limit_user_access + message: |- + Limit Users' SSH Access + Specifying which accounts are allowed SSH access into the system reduces the + possibility of unauthorized access to the system. + result: warn + scored: false + properties: + suite: fedramp-moderate + scan: workers-scan diff --git a/policy-report/samples/sample-falco-policy.yaml b/policy-report/samples/sample-falco-policy.yaml new file mode 100644 index 0000000..3992906 --- /dev/null +++ b/policy-report/samples/sample-falco-policy.yaml @@ -0,0 +1,47 @@ +apiVersion: wgpolicyk8s.io/v1alpha2 +kind: PolicyReport +metadata: + name: falco-alerts-policy + namespace: my-namespace + labels: + policy.kubernetes.io/engine: falco-agent +summary: + fail: 1 +results: +- policy: "Change thread namespace" + message: "Falco alert created due to the Change thread namespace rule" + result: fail + scored: false + resources: + - apiVersion: v1 + kind: Pod + name: a-pod + namespace: my-namespace + properties: + details: '12:57:37.086240437: Notice Namespace change (setns) by unexpected program (user=root user_loginuid=-1 command=ovnkube --init-node ...' + container.id: "0f8d7e2a3296" + evt.arg.path: "/bin/directory-created-by-event-generator" + proc.cmdline: "event-generator run --loop ^syscall" + severity: low +--- +apiVersion: wgpolicyk8s.io/v1alpha2 +kind: ClusterPolicyReport +metadata: + name: falco-alerts-policy + labels: + policy.kubernetes.io/engine: falco-agent +summary: + fail: 1 +results: +- policy: audit + message: "audit rule violation from the kubernetes api server" + result: fail + scored: false + properties: + details: 'Warning K8s Operation performed by user not in allowed list of users' + severity: medium + user: username + target: kubernetes/endpoints + verb: create + uri: '/api/v1/namespaces/default/endpoints/kubernetes' + resp: '200' diff --git a/policy-report/samples/sample-rhacm-policy.yaml b/policy-report/samples/sample-rhacm-policy.yaml new file mode 100644 index 0000000..2db9d0e --- /dev/null +++ b/policy-report/samples/sample-rhacm-policy.yaml @@ -0,0 +1,30 @@ +apiVersion: wgpolicyk8s.io/v1alpha2 +kind: PolicyReport +metadata: + name: sample-rhacm-policy + labels: + policy.kubernetes.io/engine: rhacm-configuration-policy +scope: + apiVersion: policy.open-cluster-management.io/v1 + kind: Policy + name: policy-imagemanifestvuln + namespace: cluster1 +summary: + pass: 1 + fail: 11 +results: +- policy: mustnothaveimagevuln + message: must not have imagemanifestvulns + result: fail + scored: false + resources: + - apiVersion: secscan.quay.redhat.com/v1alpha1 + kind: ImageManifestVuln + name: sha256.8d104847fc2371a983f7cb01c7c0a3ab35b7381d6bf7ce355d9b32a08c0031f0 + namespace: openshift-cluster-version + properties: + details: 'NonCompliant; violation - imagemanifestvulns exist and should be deleted: [sha256.8d104847fc2371a983f7cb01c7c0a3ab35b7381d6bf7ce355d9b32a08c0031f0] in namespace openshift-cluster-version' + standards: NIST-CSF + categories: 'DE.CM Security Continuous Monitoring' + controls: 'DE.CM-8 Vulnerability scans' + severity: high \ No newline at end of file diff --git a/policy-report/samples/sample-v1beta1-kyverno.yaml b/policy-report/samples/sample-v1beta1-kyverno.yaml new file mode 100644 index 0000000..c48681f --- /dev/null +++ b/policy-report/samples/sample-v1beta1-kyverno.yaml @@ -0,0 +1,38 @@ +apiVersion: wgpolicyk8s.io/v1beta1 +kind: PolicyReport +metadata: + name: sample-v1beta1-cr + annotations: + name: Sample CR +configuration: + limits: + maxResults: 100 + statusFilter: + - pass + - fail + - skip +source: kyverno +summary: + pass: 1 + fail: 0 + warn: 0 + error: 0 + skip: 0 +results: + - category: Pod Security Standards (Baseline) + message: validation rule 'adding-capabilities' passed. + policy: disallow-capabilities + resources: + - apiVersion: v1 + kind: Pod + name: kyverno-6d88f6dcdd-k6bc5 + namespace: nirmata + uid: 3407b31a-b0bb-4716-a443-f4aa15662ef2 + result: pass + rule: adding-capabilities + scored: true + severity: medium + source: kyverno + timestamp: + nanos: 0 + seconds: 1679565894 diff --git a/policy-report/samples/sample-v1beta2-kyverno.yaml b/policy-report/samples/sample-v1beta2-kyverno.yaml new file mode 100644 index 0000000..2cc3783 --- /dev/null +++ b/policy-report/samples/sample-v1beta2-kyverno.yaml @@ -0,0 +1,38 @@ +apiVersion: reports.x-k8s.io/v1beta1 +kind: PolicyReport +metadata: + name: sample-v1beta2-cr + annotations: + name: Sample CR +configuration: + limits: + maxResults: 100 + statusFilter: + - pass + - fail + - skip +source: kyverno +summary: + pass: 1 + fail: 0 + warn: 0 + error: 0 + skip: 0 +results: + - category: Pod Security Standards (Baseline) + message: validation rule 'adding-capabilities' passed. + policy: disallow-capabilities + resources: + - apiVersion: v1 + kind: Pod + name: kyverno-6d88f6dcdd-k6bc5 + namespace: nirmata + uid: 3407b31a-b0bb-4716-a443-f4aa15662ef2 + result: pass + rule: adding-capabilities + scored: true + severity: medium + source: kyverno + timestamp: + nanos: 0 + seconds: 1679565894