mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

added one line comment to types and added API docs link to README.md

Browse source
This commit is contained in:
Mohan BE 2020-07-20 22:29:20 +05:30
parent 9451f79ee5
commit 2525ce3423
4 changed files with 179 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -112,6 +112,7 @@ See [docs](https://github.com/nirmata/kyverno/#documentation) for complete detai
- [Policy Violations](documentation/policy-violations.md)
- [Kyverno CLI](documentation/kyverno-cli.md)
- [Sample Policies](/samples/README.md)
- [API Documentation](https://htmlpreview.github.io/?https://github.com/nirmata/kyverno/blob/master/documentation/index.html)
## License

28
documentation/config.json
View file

@ -1,28 +0,0 @@
{
"hideMemberFields": [
"TypeMeta"
],
"hideTypePatterns": [
"ParseError$",
"List$"
],
"externalPackages": [
{
"typeMatchPrefix": "^k8s\\.io/apimachinery/pkg/apis/meta/v1\\.Duration$",
"docsURLTemplate": "https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"
},
{
"typeMatchPrefix": "^k8s\\.io/(api|apimachinery/pkg/apis)/",
"docsURLTemplate": "https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#{{lower .TypeIdentifier}}-{{arrIndex .PackageSegments -1}}-{{arrIndex .PackageSegments -2}}"
},
{
"typeMatchPrefix": "^github\\.com/knative/pkg/apis/duck/",
"docsURLTemplate": "https://godoc.org/github.com/knative/pkg/apis/duck/{{arrIndex .PackageSegments -1}}#{{.TypeIdentifier}}"
}
],
"typeDisplayNamePrefixOverrides": {
"k8s.io/api/": "Kubernetes ",
"k8s.io/apimachinery/pkg/apis/": "Kubernetes "
},
"markdownDisabled": false
}

77
documentation/index.html
View file

@ -88,6 +88,7 @@ Spec
</em>
</td>
<td>
<p>Spec is the information to identify the policy</p>
<br/>
<br/>
<table class="table table-striped">
@ -101,6 +102,7 @@ Spec
</em>
</td>
<td>
<p>Rules contains the list of rules to be applied to resources</p>
</td>
</tr>
<tr>
@ -111,6 +113,7 @@ string
</em>
</td>
<td>
<p>ValidationFailureAction provides choice to enforce rules to resources during policy violations</p>
</td>
</tr>
<tr>
@ -121,6 +124,7 @@ bool
</em>
</td>
<td>
<p>Background provides choice for applying rules to existing resources</p>
</td>
</tr>
</table>
@ -136,6 +140,7 @@ PolicyStatus
</em>
</td>
<td>
<p>Status contains statistics related to policy</p>
</td>
</tr>
</tbody>
@ -206,6 +211,7 @@ string
</em>
</td>
<td>
<p>Policy is the name of the policy</p>
</td>
</tr>
<tr>
@ -230,6 +236,7 @@ ResourceSpec
</em>
</td>
<td>
<p>ViolatedRules contains list of violated rule</p>
</td>
</tr>
</table>
@ -304,6 +311,7 @@ GenerateRequestSpec
</em>
</td>
<td>
<p>Spec is the information to identify the generate request</p>
<br/>
<br/>
<table class="table table-striped">
@ -315,6 +323,7 @@ string
</em>
</td>
<td>
<p>Policy is the name of the policy</p>
</td>
</tr>
<tr>
@ -327,6 +336,7 @@ ResourceSpec
</em>
</td>
<td>
<p>ResourceSpec is the information to identify the generate request</p>
</td>
</tr>
<tr>
@ -339,6 +349,7 @@ GenerateRequestContext
</em>
</td>
<td>
<p>Context &hellip;</p>
</td>
</tr>
</table>
@ -354,6 +365,7 @@ GenerateRequestStatus
</em>
</td>
<td>
<p>Status contains statistics related to generate request</p>
</td>
</tr>
</tbody>
@ -424,6 +436,7 @@ string
</em>
</td>
<td>
<p>Policy is the name of the policy</p>
</td>
</tr>
<tr>
@ -448,6 +461,7 @@ ResourceSpec
</em>
</td>
<td>
<p>ViolatedRules contains list of violated rule</p>
</td>
</tr>
</table>
@ -494,6 +508,7 @@ string
</em>
</td>
<td>
<p>Namespace is the resource namespace</p>
</td>
</tr>
<tr>
@ -504,6 +519,7 @@ string
</em>
</td>
<td>
<p>Name is the name of the resource</p>
</td>
</tr>
</tbody>
@ -535,6 +551,7 @@ interface{}
</em>
</td>
<td>
<p>Key contains key to compare</p>
</td>
</tr>
<tr>
@ -547,6 +564,7 @@ ConditionOperator
</em>
</td>
<td>
<p>Operator to compare against value</p>
</td>
</tr>
<tr>
@ -557,6 +575,7 @@ interface{}
</em>
</td>
<td>
<p>Value to be compared</p>
</td>
</tr>
</tbody>
@ -597,6 +616,7 @@ interface{}
</em>
</td>
<td>
<p>Conditions contains set of condition to deny validation</p>
</td>
</tr>
</tbody>
@ -629,6 +649,7 @@ UserInfo
</em>
</td>
<td>
<p>UserInfo contains user information</p>
</td>
</tr>
<tr>
@ -641,6 +662,7 @@ ResourceDescription
</em>
</td>
<td>
<p>ResourceDescription contains resources to which rule is excluded</p>
</td>
</tr>
</tbody>
@ -673,6 +695,7 @@ RequestInfo
</em>
</td>
<td>
<p>UserRequestInfo &hellip;</p>
</td>
</tr>
</tbody>
@ -703,6 +726,7 @@ string
</em>
</td>
<td>
<p>Policy is the name of the policy</p>
</td>
</tr>
<tr>
@ -715,6 +739,7 @@ ResourceSpec
</em>
</td>
<td>
<p>ResourceSpec is the information to identify the generate request</p>
</td>
</tr>
<tr>
@ -727,6 +752,7 @@ GenerateRequestContext
</em>
</td>
<td>
<p>Context &hellip;</p>
</td>
</tr>
</tbody>
@ -768,6 +794,7 @@ GenerateRequestState
</em>
</td>
<td>
<p>State represents state of the generate request</p>
</td>
</tr>
<tr>
@ -778,6 +805,7 @@ string
</em>
</td>
<td>
<p>Message is the request status message</p>
</td>
</tr>
<tr>
@ -834,6 +862,7 @@ bool
</em>
</td>
<td>
<p>To keep resources synchronized with source resource</p>
</td>
</tr>
<tr>
@ -844,6 +873,7 @@ interface{}
</em>
</td>
<td>
<p>Data &hellip;</p>
</td>
</tr>
<tr>
@ -856,6 +886,7 @@ CloneFrom
</em>
</td>
<td>
<p>To clone resource from other resource</p>
</td>
</tr>
</tbody>
@ -888,6 +919,7 @@ UserInfo
</em>
</td>
<td>
<p>UserInfo contains user information</p>
</td>
</tr>
<tr>
@ -900,6 +932,7 @@ ResourceDescription
</em>
</td>
<td>
<p>ResourceDescription contains resources to which rule is applied</p>
</td>
</tr>
</tbody>
@ -930,6 +963,7 @@ interface{}
</em>
</td>
<td>
<p>Overlay contains overlay patterns</p>
</td>
</tr>
<tr>
@ -942,6 +976,7 @@ interface{}
</em>
</td>
<td>
<p>Patches contains JSON Patch</p>
</td>
</tr>
</tbody>
@ -972,6 +1007,7 @@ string
</em>
</td>
<td>
<p>Path represents path of the resource</p>
</td>
</tr>
<tr>
@ -982,6 +1018,7 @@ string
</em>
</td>
<td>
<p>Operation contains operations supported by JSON Patch. i.e: add, replace and delete</p>
</td>
</tr>
<tr>
@ -992,6 +1029,7 @@ interface{}
</em>
</td>
<td>
<p>Value is the value to be applied</p>
</td>
</tr>
</tbody>
@ -1034,6 +1072,7 @@ Spec
</em>
</td>
<td>
<p>Spec is the information to identify the policy</p>
<br/>
<br/>
<table class="table table-striped">
@ -1047,6 +1086,7 @@ Spec
</em>
</td>
<td>
<p>Rules contains the list of rules to be applied to resources</p>
</td>
</tr>
<tr>
@ -1057,6 +1097,7 @@ string
</em>
</td>
<td>
<p>ValidationFailureAction provides choice to enforce rules to resources during policy violations</p>
</td>
</tr>
<tr>
@ -1067,6 +1108,7 @@ bool
</em>
</td>
<td>
<p>Background provides choice for applying rules to existing resources</p>
</td>
</tr>
</table>
@ -1082,6 +1124,7 @@ PolicyStatus
</em>
</td>
<td>
<p>Status contains statistics related to policy</p>
</td>
</tr>
</tbody>
@ -1224,6 +1267,7 @@ string
</em>
</td>
<td>
<p>Policy is the name of the policy</p>
</td>
</tr>
<tr>
@ -1248,6 +1292,7 @@ ResourceSpec
</em>
</td>
<td>
<p>ViolatedRules contains list of violated rule</p>
</td>
</tr>
</tbody>
@ -1264,7 +1309,7 @@ ResourceSpec
<p>
<p>PolicyViolationStatus provides information regarding policyviolation status
status:
LastUpdateTime : the time the polivy violation was updated</p>
LastUpdateTime : the time the policy violation was updated</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
@ -1284,6 +1329,7 @@ Kubernetes meta/v1.Time
</em>
</td>
<td>
<p>LastUpdateTime : the time the policy violation was updated</p>
</td>
</tr>
</tbody>
@ -1337,6 +1383,7 @@ string
</em>
</td>
<td>
<p>Policy is the name of the policy</p>
</td>
</tr>
<tr>
@ -1361,6 +1408,7 @@ ResourceSpec
</em>
</td>
<td>
<p>ViolatedRules contains list of violated rule</p>
</td>
</tr>
</table>
@ -1462,6 +1510,7 @@ Kubernetes authentication/v1.UserInfo
</em>
</td>
<td>
<p>Kinds contains list of resource kind</p>
</td>
</tr>
<tr>
@ -1472,6 +1521,7 @@ string
</em>
</td>
<td>
<p>Name is the name of the resource</p>
</td>
</tr>
<tr>
@ -1482,6 +1532,7 @@ string
</em>
</td>
<td>
<p>Namespaces contains the list of namespaces</p>
</td>
</tr>
<tr>
@ -1494,6 +1545,7 @@ Kubernetes meta/v1.LabelSelector
</em>
</td>
<td>
<p>Selector is the set of selectors</p>
</td>
</tr>
</tbody>
@ -1527,6 +1579,7 @@ string
</em>
</td>
<td>
<p>Kind represents resource kind</p>
</td>
</tr>
<tr>
@ -1537,6 +1590,7 @@ string
</em>
</td>
<td>
<p>Namespace represents resource namespace</p>
</td>
</tr>
<tr>
@ -1547,6 +1601,7 @@ string
</em>
</td>
<td>
<p>Name represents resource name</p>
</td>
</tr>
</tbody>
@ -1578,6 +1633,7 @@ string
</em>
</td>
<td>
<p>Name represents rule name</p>
</td>
</tr>
<tr>
@ -1590,6 +1646,7 @@ MatchResources
</em>
</td>
<td>
<p>MatchResources contains resources for which the rule has to be applied</p>
</td>
</tr>
<tr>
@ -1602,6 +1659,7 @@ ExcludeResources
</em>
</td>
<td>
<p>ExcludeResources contains resources for which rule can be excluded</p>
</td>
</tr>
<tr>
@ -1614,6 +1672,7 @@ ExcludeResources
</em>
</td>
<td>
<p>Conditions allow controlling policy rule execution</p>
</td>
</tr>
<tr>
@ -1626,6 +1685,7 @@ Mutation
</em>
</td>
<td>
<p>Mutation contains patterns to mutate resources</p>
</td>
</tr>
<tr>
@ -1638,6 +1698,7 @@ Validation
</em>
</td>
<td>
<p>Validation contains patterns to validate resources</p>
</td>
</tr>
<tr>
@ -1650,6 +1711,7 @@ Generation
</em>
</td>
<td>
<p>Generation contains patterns to create additional resources</p>
</td>
</tr>
</tbody>
@ -1791,6 +1853,7 @@ int
</em>
</td>
<td>
<p>Rules contains the list of rules to be applied to resources</p>
</td>
</tr>
<tr>
@ -1801,6 +1864,7 @@ string
</em>
</td>
<td>
<p>ValidationFailureAction provides choice to enforce rules to resources during policy violations</p>
</td>
</tr>
<tr>
@ -1811,6 +1875,7 @@ bool
</em>
</td>
<td>
<p>Background provides choice for applying rules to existing resources</p>
</td>
</tr>
</tbody>
@ -1842,6 +1907,7 @@ bool
</em>
</td>
<td>
<p>Roles contains list of namespaced role names</p>
</td>
</tr>
<tr>
@ -1852,6 +1918,7 @@ bool
</em>
</td>
<td>
<p>ClusterRoles contains list of cluster wide role names</p>
</td>
</tr>
<tr>
@ -1864,6 +1931,7 @@ bool
</em>
</td>
<td>
<p>Subjects contains list of subject names like users, user groups, and service accounts</p>
</td>
</tr>
</tbody>
@ -1894,6 +1962,7 @@ string
</em>
</td>
<td>
<p>Message is the message to be displayed on validation policy violation</p>
</td>
</tr>
<tr>
@ -1904,6 +1973,7 @@ interface{}
</em>
</td>
<td>
<p>Pattern is the validation pattern</p>
</td>
</tr>
<tr>
@ -1914,6 +1984,7 @@ interface{}
</em>
</td>
<td>
<p>AnyPattern is the list of validation patterns</p>
</td>
</tr>
<tr>
@ -1926,6 +1997,7 @@ Deny
</em>
</td>
<td>
<p>Deny contains conditions to deny validation</p>
</td>
</tr>
</tbody>
@ -1956,6 +2028,7 @@ string
</em>
</td>
<td>
<p>Name is the violated rule name</p>
</td>
</tr>
<tr>
@ -1966,6 +2039,7 @@ string
</em>
</td>
<td>
<p>Type is the violated rule type</p>
</td>
</tr>
<tr>
@ -1976,6 +2050,7 @@ string
</em>
</td>
<td>
<p>Message is the violation message</p>
</td>
</tr>
</tbody>

146
pkg/api/kyverno/v1/types.go
View file

@ -13,19 +13,25 @@ import (
type GenerateRequest struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec GenerateRequestSpec `json:"spec"`
Status GenerateRequestStatus `json:"status"`
// Spec is the information to identify the generate request
Spec GenerateRequestSpec `json:"spec"`
// Status contains statistics related to generate request
Status GenerateRequestStatus `json:"status"`
}
//GenerateRequestSpec stores the request specification
type GenerateRequestSpec struct {
Policy string `json:"policy"`
Resource ResourceSpec `json:"resource"`
Context GenerateRequestContext `json:"context"`
// Policy is the name of the policy
Policy string `json:"policy"`
// ResourceSpec is the information to identify the generate request
Resource ResourceSpec `json:"resource"`
// Context ...
Context GenerateRequestContext `json:"context"`
}
//GenerateRequestContext stores the context to be shared
type GenerateRequestContext struct {
// UserRequestInfo ...
UserRequestInfo RequestInfo `json:"userInfo,omitempty"`
}
@ -41,8 +47,10 @@ type RequestInfo struct {
//GenerateRequestStatus stores the status of generated request
type GenerateRequestStatus struct {
State GenerateRequestState `json:"state"`
Message string `json:"message,omitempty"`
// State represents state of the generate request
State GenerateRequestState `json:"state"`
// Message is the request status message
Message string `json:"message,omitempty"`
// This will track the resources that are generated by the generate Policy
// Will be used during clean up resources
GeneratedResources []ResourceSpec `json:"generatedResources,omitempty"`
@ -120,34 +128,49 @@ type PolicyViolationList struct {
type Policy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec Spec `json:"spec"`
Status PolicyStatus `json:"status,omitempty"`
// Spec is the information to identify the policy
Spec Spec `json:"spec"`
// Status contains statistics related to policy
Status PolicyStatus `json:"status,omitempty"`
}
// Spec describes policy behavior by its rules
type Spec struct {
Rules []Rule `json:"rules"`
// Rules contains the list of rules to be applied to resources
Rules []Rule `json:"rules"`
// ValidationFailureAction provides choice to enforce rules to resources during policy violations
ValidationFailureAction string `json:"validationFailureAction"`
Background *bool `json:"background"`
// Background provides choice for applying rules to existing resources
Background *bool `json:"background"`
}
// Rule is set of mutation, validation and generation actions
// for the single resource description
type Rule struct {
Name string `json:"name"`
MatchResources MatchResources `json:"match"`
// Name represents rule name
Name string `json:"name"`
// MatchResources contains resources for which the rule has to be applied
MatchResources MatchResources `json:"match"`
// ExcludeResources contains resources for which rule can be excluded
ExcludeResources ExcludeResources `json:"exclude,omitempty"`
Conditions []Condition `json:"preconditions,omitempty"`
Mutation Mutation `json:"mutate,omitempty"`
Validation Validation `json:"validate,omitempty"`
Generation Generation `json:"generate,omitempty"`
// Conditions allow controlling policy rule execution
Conditions []Condition `json:"preconditions,omitempty"`
// Mutation contains patterns to mutate resources
Mutation Mutation `json:"mutate,omitempty"`
// Validation contains patterns to validate resources
Validation Validation `json:"validate,omitempty"`
// Generation contains patterns to create additional resources
Generation Generation `json:"generate,omitempty"`
}
//Condition defines the evaluation condition
type Condition struct {
Key interface{} `json:"key"`
// Key contains key to compare
Key interface{} `json:"key"`
// Operator to compare against value
Operator ConditionOperator `json:"operator"`
Value interface{} `json:"value"`
// Value to be compared
Value interface{} `json:"value"`
}
// ConditionOperator defines the type for condition operator
@ -168,71 +191,97 @@ const (
//MatchResources contains resource description of the resources that the rule is to apply on
type MatchResources struct {
// UserInfo contains user information
UserInfo
// ResourceDescription contains resources to which rule is applied
ResourceDescription `json:"resources"`
}
//ExcludeResources container resource description of the resources that are to be excluded from the applying the policy rule
type ExcludeResources struct {
// UserInfo contains user information
UserInfo
// ResourceDescription contains resources to which rule is excluded
ResourceDescription `json:"resources"`
}
// UserInfo filter based on users
type UserInfo struct {
Roles []string `json:"roles,omitempty"`
ClusterRoles []string `json:"clusterRoles,omitempty"`
Subjects []rbacv1.Subject `json:"subjects,omitempty"`
// Roles contains list of namespaced role names
Roles []string `json:"roles,omitempty"`
// ClusterRoles contains list of cluster wide role names
ClusterRoles []string `json:"clusterRoles,omitempty"`
// Subjects contains list of subject names like users, user groups, and service accounts
Subjects []rbacv1.Subject `json:"subjects,omitempty"`
}
// ResourceDescription describes the resource to which the PolicyRule will be applied.
type ResourceDescription struct {
Kinds []string `json:"kinds,omitempty"`
Name string `json:"name,omitempty"`
Namespaces []string `json:"namespaces,omitempty"`
Selector *metav1.LabelSelector `json:"selector,omitempty"`
// Kinds contains list of resource kind
Kinds []string `json:"kinds,omitempty"`
// Name is the name of the resource
Name string `json:"name,omitempty"`
// Namespaces contains the list of namespaces
Namespaces []string `json:"namespaces,omitempty"`
// Selector is the set of selectors
Selector *metav1.LabelSelector `json:"selector,omitempty"`
}
// Mutation describes the way how Mutating Webhook will react on resource creation
type Mutation struct {
// Overlay contains overlay patterns
Overlay interface{} `json:"overlay,omitempty"`
Patches []Patch `json:"patches,omitempty"`
// Patches contains JSON Patch
Patches []Patch `json:"patches,omitempty"`
}
// +k8s:deepcopy-gen=false
// Patch declares patch operation for created object according to RFC 6902
type Patch struct {
Path string `json:"path"`
Operation string `json:"op"`
Value interface{} `json:"value"`
// Path represents path of the resource
Path string `json:"path"`
// Operation contains operations supported by JSON Patch. i.e: add, replace and delete
Operation string `json:"op"`
// Value is the value to be applied
Value interface{} `json:"value"`
}
// Validation describes the way how Validating Webhook will check the resource on creation
type Validation struct {
Message string `json:"message,omitempty"`
Pattern interface{} `json:"pattern,omitempty"`
// Message is the message to be displayed on validation policy violation
Message string `json:"message,omitempty"`
// Pattern is the validation pattern
Pattern interface{} `json:"pattern,omitempty"`
// AnyPattern is the list of validation patterns
AnyPattern []interface{} `json:"anyPattern,omitempty"`
Deny *Deny `json:"deny,omitempty"`
// Deny contains conditions to deny validation
Deny *Deny `json:"deny,omitempty"`
}
type Deny struct {
// Conditions contains set of condition to deny validation
Conditions []Condition `json:"conditions,omitempty"`
}
// Generation describes which resources will be created when other resource is created
type Generation struct {
ResourceSpec
Synchronize bool `json:"synchronize,omitempty"`
Data interface{} `json:"data,omitempty"`
Clone CloneFrom `json:"clone,omitempty"`
// To keep resources synchronized with source resource
Synchronize bool `json:"synchronize,omitempty"`
// Data ...
Data interface{} `json:"data,omitempty"`
// To clone resource from other resource
Clone CloneFrom `json:"clone,omitempty"`
}
// CloneFrom - location of the resource
// which will be used as source when applying 'generate'
type CloneFrom struct {
// Namespace is the resource namespace
Namespace string `json:"namespace,omitempty"`
Name string `json:"name,omitempty"`
// Name is the name of the resource
Name string `json:"name,omitempty"`
}
// PolicyStatus mostly contains statistics related to policy
@ -287,28 +336,37 @@ type PolicyViolationTemplate struct {
// PolicyViolationSpec describes policy behavior by its rules
type PolicyViolationSpec struct {
Policy string `json:"policy"`
ResourceSpec `json:"resource"`
// Policy is the name of the policy
Policy string `json:"policy"`
ResourceSpec `json:"resource"`
// ViolatedRules contains list of violated rule
ViolatedRules []ViolatedRule `json:"rules"`
}
// ResourceSpec information to identify the resource
type ResourceSpec struct {
Kind string `json:"kind"`
// Kind represents resource kind
Kind string `json:"kind"`
// Namespace represents resource namespace
Namespace string `json:"namespace,omitempty"`
Name string `json:"name"`
// Name represents resource name
Name string `json:"name"`
}
// ViolatedRule stores the information regarding the rule
type ViolatedRule struct {
Name string `json:"name"`
Type string `json:"type"`
// Name is the violated rule name
Name string `json:"name"`
// Type is the violated rule type
Type string `json:"type"`
// Message is the violation message
Message string `json:"message"`
}
//PolicyViolationStatus provides information regarding policyviolation status
// status:
// LastUpdateTime : the time the polivy violation was updated
// LastUpdateTime : the time the policy violation was updated
type PolicyViolationStatus struct {
// LastUpdateTime : the time the policy violation was updated
LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"`
}