diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 65482a4257..1cd78a8cdb 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -70,7 +70,6 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
-
- uses: J12934/helm-gh-pages-action@master
name: Run Helm Publish
with:
diff --git a/Makefile b/Makefile
index 4052694924..4f312c7a8e 100644
--- a/Makefile
+++ b/Makefile
@@ -113,6 +113,8 @@ docker-publish-all: docker-publish-initContainer docker-publish-kyverno docker-p
docker-build-all: docker-build-initContainer docker-build-kyverno docker-build-cli
+docker-tag-all: docker-tag-repo-initContainer docker-tag-repo-kyverno docker-tag-repo-cli
+
##################################
# CI Testing
##################################
@@ -181,6 +183,29 @@ release:
kustomize build ./definitions > ./definitions/install.yaml
kustomize build ./definitions > ./definitions/release/install.yaml
+report-crd: controller-gen
+ $(CONTROLLER_GEN) crd:trivialVersions=true paths="./pkg/api/policyreport/v1alpha1" output:dir=./definitions/crds
+ $(CONTROLLER_GEN) object paths=./pkg/api/policyreport/v1alpha1
+ $(CONTROLLER_GEN) crd:trivialVersions=true paths="./pkg/api/kyverno/v1alpha1" output:dir=./definitions/crds
+ $(CONTROLLER_GEN) object paths=./pkg/api/kyverno/v1alpha1
+
+# find or download controller-gen
+# download controller-gen if necessary
+controller-gen:
+ifeq (, $(shell which controller-gen))
+ @{ \
+ set -e ;\
+ CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
+ cd $$CONTROLLER_GEN_TMP_DIR ;\
+ go mod init tmp ;\
+ go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.5 ;\
+ rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
+ }
+CONTROLLER_GEN=$(GOBIN)/controller-gen
+else
+CONTROLLER_GEN=$(shell which controller-gen)
+endif
+
# Run go fmt against code
fmt:
go fmt ./...
diff --git a/api/swaggerDoc.go b/api/swaggerDoc.go
index 3d0b380174..dd3c96fc19 100644
--- a/api/swaggerDoc.go
+++ b/api/swaggerDoc.go
@@ -26,7 +26,7 @@ const SwaggerDoc = `
"type": "string"
},
"name": {
- "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
+ "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.k8s.io/v1alpha1, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
"type": "string"
},
"namespaceSelector": {
@@ -223,7 +223,7 @@ const SwaggerDoc = `
"type": "string"
},
"name": {
- "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
+ "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.k8s.io/v1alpha1, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
"type": "string"
},
"namespaceSelector": {
@@ -370,7 +370,7 @@ const SwaggerDoc = `
"type": "string"
},
"name": {
- "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
+ "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.k8s.io/v1alpha1, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
"type": "string"
},
"namespaceSelector": {
@@ -565,7 +565,7 @@ const SwaggerDoc = `
"type": "string"
},
"name": {
- "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
+ "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.k8s.io/v1alpha1, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
"type": "string"
},
"namespaceSelector": {
diff --git a/charts/kyverno/crds/crds.yaml b/charts/kyverno/crds/crds.yaml
index 5b299aca9d..25447f44b5 100644
--- a/charts/kyverno/crds/crds.yaml
+++ b/charts/kyverno/crds/crds.yaml
@@ -285,74 +285,670 @@ spec:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
- name: clusterpolicyviolations.kyverno.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: clusterpolicyreports.policy.k8s.io
spec:
additionalPrinterColumns:
- - JSONPath: .spec.policy
- description: The policy that resulted in the violation
- name: Policy
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
type: string
- - JSONPath: .spec.resource.kind
- description: The resource kind that cause the violation
- name: ResourceKind
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
type: string
- - JSONPath: .spec.resource.name
- description: The resource name that caused the violation
- name: ResourceName
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ group: policy.k8s.io
+ names:
+ kind: ClusterPolicyReport
+ listKind: ClusterPolicyReportList
+ plural: clusterpolicyreports
+ shortNames:
+ - cpolr
+ singular: clusterpolicyreport
+ scope: Namespaced
+ subresources: {}
+ validation:
+ openAPIV3Schema:
+ description: ClusterPolicyReport is the Schema for the clusterpolicyreports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: clusterreportchangerequests.kyverno.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
type: string
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
+ type: string
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: kyverno.io
names:
- kind: ClusterPolicyViolation
- plural: clusterpolicyviolations
- shortNames:
- - cpolv
- singular: clusterpolicyviolation
- scope: Cluster
- subresources:
- status: {}
+ kind: ClusterReportChangeRequest
+ listKind: ClusterReportChangeRequestList
+ plural: clusterreportchangerequests
+ singular: clusterreportchangerequest
+ scope: Namespaced
+ subresources: {}
validation:
openAPIV3Schema:
+ description: ClusterReportChangeRequest is the Schema for the ClusterReportChangeRequests
+ API
properties:
- spec:
- properties:
- policy:
- type: string
- resource:
- properties:
- kind:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
type: string
- name:
- type: string
- required:
- - kind
- - name
- type: object
- rules:
- items:
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
properties:
- message:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
type: string
- name:
- type: string
- type:
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
required:
- - name
- - type
- - message
+ - key
+ - operator
type: object
type: array
- required:
- - policy
- - resource
- - rules
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
versions:
- - name: v1
+ - name: v1alpha1
served: true
storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
@@ -691,71 +1287,666 @@ spec:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
- name: policyviolations.kyverno.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: policyreports.policy.k8s.io
spec:
additionalPrinterColumns:
- - JSONPath: .spec.policy
- description: The policy that resulted in the violation
- name: Policy
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
type: string
- - JSONPath: .spec.resource.kind
- description: The resource kind that cause the violation
- name: ResourceKind
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
type: string
- - JSONPath: .spec.resource.name
- description: The resource name that caused the violation
- name: ResourceName
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ group: policy.k8s.io
+ names:
+ kind: PolicyReport
+ listKind: PolicyReportList
+ plural: policyreports
+ shortNames:
+ - polr
+ singular: policyreport
+ scope: Namespaced
+ subresources: {}
+ validation:
+ openAPIV3Schema:
+ description: PolicyReport is the Schema for the policyreports API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: reportchangerequests.kyverno.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
type: string
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
+ type: string
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: kyverno.io
names:
- kind: PolicyViolation
- plural: policyviolations
- shortNames:
- - polv
- singular: policyviolation
+ kind: ReportChangeRequest
+ listKind: ReportChangeRequestList
+ plural: reportchangerequests
+ singular: reportchangerequest
scope: Namespaced
- subresources:
- status: {}
+ subresources: {}
validation:
openAPIV3Schema:
+ description: ReportChangeRequest is the Schema for the ReportChangeRequests
+ API
properties:
- spec:
- properties:
- policy:
- type: string
- resource:
- properties:
- kind:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
type: string
- name:
- type: string
- required:
- - kind
- - name
- type: object
- rules:
- items:
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
properties:
- message:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
type: string
- name:
- type: string
- type:
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
required:
- - name
- - type
- - message
+ - key
+ - operator
type: object
type: array
- required:
- - policy
- - resource
- - rules
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
versions:
- - name: v1
+ - name: v1alpha1
served: true
storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/charts/kyverno/templates/clusterrole.yaml b/charts/kyverno/templates/clusterrole.yaml
index 2f27846027..b7f4781cf4 100644
--- a/charts/kyverno/templates/clusterrole.yaml
+++ b/charts/kyverno/templates/clusterrole.yaml
@@ -98,6 +98,12 @@ rules:
- patch
- update
- watch
+- apiGroups:
+ - 'apiextensions.k8s.io'
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index 9529431455..f0c5734f93 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -98,6 +98,10 @@ config:
- "[TokenReview,*,*]"
- "[SubjectAccessReview,*,*]"
- "[*,kyverno,*]"
+ - "[Binding,*,*]"
+ - "[ReplicaSet,*,*]"
+ - "[ReportChangeRequest,*,*]"
+ - "[ClusterReportChangeRequest,*,*]"
# Or give the name of an existing config map (ignores default/provided resourceFilters)
existingConfig: ''
excludeGroupRole:
@@ -128,3 +132,4 @@ service:
# 3) Let Helm generate a self signed cert, by setting createSelfSignedCert true
# If letting Kyverno create its own CA or providing your own, make createSelfSignedCert is false
createSelfSignedCert: false
+
diff --git a/cmd/initContainer/main.go b/cmd/initContainer/main.go
index 0a7d98efa2..829b933010 100644
--- a/cmd/initContainer/main.go
+++ b/cmd/initContainer/main.go
@@ -10,6 +10,7 @@ import (
"sync"
"time"
+ "github.com/gardener/controller-manager-library/pkg/logger"
"github.com/kyverno/kyverno/pkg/config"
client "github.com/kyverno/kyverno/pkg/dclient"
"github.com/kyverno/kyverno/pkg/signal"
@@ -30,6 +31,10 @@ var (
const (
mutatingWebhookConfigKind string = "MutatingWebhookConfiguration"
validatingWebhookConfigKind string = "ValidatingWebhookConfiguration"
+ policyReportKind string = "PolicyReport"
+ clusterPolicyReportKind string = "ClusterPolicyReport"
+ policyViolation string = "PolicyViolation"
+ clusterPolicyViolation string = "ClusterPolicyViolation"
)
func main() {
@@ -75,6 +80,12 @@ func main() {
{validatingWebhookConfigKind, config.PolicyValidatingWebhookConfigurationDebugName},
{mutatingWebhookConfigKind, config.PolicyMutatingWebhookConfigurationName},
{mutatingWebhookConfigKind, config.PolicyMutatingWebhookConfigurationDebugName},
+ // policy report
+ {policyReportKind, ""},
+ {clusterPolicyReportKind, ""},
+ // clean up policy violation
+ {policyViolation, ""},
+ {clusterPolicyViolation, ""},
}
done := make(chan struct{})
@@ -101,26 +112,17 @@ func main() {
}
}
-func removeWebhookIfExists(client *client.Client, kind string, name string) error {
- logger := log.Log.WithName("removeExistingWebhook").WithValues("kind", kind, "name", name)
- var err error
- // Get resource
- _, err = client.GetResource("", kind, "", name)
- if errors.IsNotFound(err) {
- logger.V(4).Info("resource not found")
- return nil
+func executeRequest(client *client.Client, req request) error {
+ switch req.kind {
+ case mutatingWebhookConfigKind, validatingWebhookConfigKind:
+ return removeWebhookIfExists(client, req.kind, req.name)
+ case policyReportKind:
+ return removePolicyReport(client, req.kind)
+ case clusterPolicyReportKind:
+ return removeClusterPolicyReport(client, req.kind)
+ case policyViolation, clusterPolicyViolation:
+ return removeViolationCRD(client)
}
- if err != nil {
- logger.Error(err, "failed to get resource")
- return err
- }
- // Delete resource
- err = client.DeleteResource("", kind, "", name, false)
- if err != nil {
- logger.Error(err, "failed to delete resource")
- return err
- }
- logger.Info("removed the resource")
return nil
}
@@ -175,7 +177,7 @@ func process(client *client.Client, done <-chan struct{}, stopCh <-chan struct{}
defer close(out)
for req := range requests {
select {
- case out <- removeWebhookIfExists(client, req.kind, req.name):
+ case out <- executeRequest(client, req):
case <-done:
logger.Info("done")
return
@@ -221,3 +223,80 @@ func merge(done <-chan struct{}, stopCh <-chan struct{}, processes ...<-chan err
}()
return out
}
+
+func removeWebhookIfExists(client *client.Client, kind string, name string) error {
+ logger := log.Log.WithName("removeExistingWebhook").WithValues("kind", kind, "name", name)
+ var err error
+ // Get resource
+ _, err = client.GetResource("", kind, "", name)
+ if errors.IsNotFound(err) {
+ logger.V(4).Info("resource not found")
+ return nil
+ }
+ if err != nil {
+ logger.Error(err, "failed to get resource")
+ return err
+ }
+ // Delete resource
+ err = client.DeleteResource("", kind, "", name, false)
+ if err != nil {
+ logger.Error(err, "failed to delete resource")
+ return err
+ }
+ logger.Info("removed the resource")
+ return nil
+}
+
+func removeClusterPolicyReport(client *client.Client, kind string) error {
+ logger := log.Log.WithName("removeClusterPolicyReport")
+
+ cpolrs, err := client.ListResource("", kind, "", nil)
+ if err != nil && !errors.IsNotFound(err) {
+ logger.Error(err, "failed to list clusterPolicyReport")
+ return err
+ }
+
+ for _, cpolr := range cpolrs.Items {
+ if err := client.DeleteResource(cpolr.GetAPIVersion(), cpolr.GetKind(), "", cpolr.GetName(), false); err != nil {
+ logger.Error(err, "failed to delete clusterPolicyReport", "name", cpolr.GetName())
+ }
+ }
+ return nil
+}
+
+func removePolicyReport(client *client.Client, kind string) error {
+ logger := log.Log.WithName("removePolicyReport")
+
+ namespaces, err := client.ListResource("", "Namespace", "", nil)
+ if err != nil {
+ logger.Error(err, "failed to list namespaces")
+ return err
+ }
+
+ // name of namespace policy report follows the name convention
+ // policyreport-ns-<namespace name>
+ for _, ns := range namespaces.Items {
+ reportName := fmt.Sprintf("policyreport-ns-%s", ns.GetName())
+ err := client.DeleteResource("", kind, ns.GetName(), reportName, false)
+ if err != nil && !errors.IsNotFound(err) {
+ logger.Error(err, "failed to delete policyReport", "name", reportName)
+ }
+ }
+
+ return nil
+}
+
+func removeViolationCRD(client *client.Client) error {
+ if err := client.DeleteResource("", "CustomResourceDefinition", "", "policyviolations.kyverno.io", false); err != nil {
+ if !errors.IsNotFound(err) {
+ logger.Error(err, "failed to delete CRD policyViolation")
+ }
+ }
+
+ if err := client.DeleteResource("", "CustomResourceDefinition", "", "clusterpolicyviolations.kyverno.io", false); err != nil {
+ if !errors.IsNotFound(err) {
+ logger.Error(err, "failed to delete CRD clusterPolicyViolation")
+ }
+ }
+ return nil
+}
diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go
old mode 100644
new mode 100755
index e977b82c48..f3c83cc1dd
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@@ -9,20 +9,20 @@ import (
"os"
"time"
- "github.com/kyverno/kyverno/pkg/openapi"
- "github.com/kyverno/kyverno/pkg/policycache"
-
"github.com/kyverno/kyverno/pkg/checker"
kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions"
+ "github.com/kyverno/kyverno/pkg/common"
"github.com/kyverno/kyverno/pkg/config"
dclient "github.com/kyverno/kyverno/pkg/dclient"
event "github.com/kyverno/kyverno/pkg/event"
"github.com/kyverno/kyverno/pkg/generate"
generatecleanup "github.com/kyverno/kyverno/pkg/generate/cleanup"
+ "github.com/kyverno/kyverno/pkg/openapi"
"github.com/kyverno/kyverno/pkg/policy"
+ "github.com/kyverno/kyverno/pkg/policycache"
+ "github.com/kyverno/kyverno/pkg/policyreport"
"github.com/kyverno/kyverno/pkg/policystatus"
- "github.com/kyverno/kyverno/pkg/policyviolation"
"github.com/kyverno/kyverno/pkg/resourcecache"
"github.com/kyverno/kyverno/pkg/signal"
"github.com/kyverno/kyverno/pkg/utils"
@@ -42,6 +42,7 @@ var (
kubeconfig string
serverIP string
webhookTimeout int
+ backgroundSync int
runValidationInMutatingWebhook string
profile bool
//TODO: this has been added to backward support command line arguments
@@ -51,8 +52,9 @@ var (
excludeGroupRole string
excludeUsername string
// User FQDN as CSR CN
- fqdncn bool
- setupLog = log.Log.WithName("setup")
+ fqdncn bool
+ policyReport bool
+ setupLog = log.Log.WithName("setup")
)
func main() {
@@ -79,6 +81,9 @@ func main() {
go http.ListenAndServe("localhost:6060", nil)
}
+ // Policy report is enabled by default in Kyverno 1.3.0+
+ os.Setenv("POLICY-TYPE", common.PolicyReport)
+
version.PrintVersionInfo(log.Log)
cleanUp := make(chan struct{})
stopCh := signal.SetupSignalHandler()
@@ -90,8 +95,9 @@ func main() {
// KYVERNO CRD CLIENT
// access CRD resources
- // - Policy
- // - PolicyViolation
+ // - ClusterPolicy, Policy
+ // - ClusterPolicyReport, PolicyReport
+ // - GenerateRequest
pclient, err := kyvernoclient.NewForConfig(clientConfig)
if err != nil {
setupLog.Error(err, "Failed to create client")
@@ -116,7 +122,7 @@ func main() {
// ===========================================================
// CRD CHECK
- // - verify if the CRD for Policy & PolicyViolation are available
+ // - verify if Kyverno CRDs are available
if !utils.CRDInstalled(client.DiscoveryClient, log.Log) {
setupLog.Error(fmt.Errorf("CRDs not installed"), "Failed to access Kyverno CRDs")
os.Exit(1)
@@ -128,9 +134,6 @@ func main() {
os.Exit(1)
}
- // TODO: To be removed for v1.2.0
- utils.CleanupOldCrd(client, log.Log)
-
kubeInformer := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, resyncPeriod)
kubedynamicInformer := client.NewDynamicSharedInformerFactory(resyncPeriod)
@@ -154,8 +157,10 @@ func main() {
// KYVERNO CRD INFORMER
// watches CRD resources:
- // - Policy
- // - PolicyViolation
+ // - ClusterPolicy, Policy
+ // - ClusterPolicyReport, PolicyReport
+ // - GenerateRequest
+ // - ClusterReportChangeRequest, ReportChangeRequest
pInformer := kyvernoinformer.NewSharedInformerFactoryWithOptions(pclient, resyncPeriod)
// Configuration Data
@@ -184,14 +189,27 @@ func main() {
pInformer.Kyverno().V1().ClusterPolicies().Lister(),
pInformer.Kyverno().V1().Policies().Lister())
- // POLICY VIOLATION GENERATOR
- // -- generate policy violation
- pvgen := policyviolation.NewPVGenerator(pclient,
+ // POLICY Report GENERATOR
+ // -- generate policy report
+ var reportReqGen *policyreport.Generator
+ var prgen *policyreport.ReportGenerator
+ reportReqGen = policyreport.NewReportChangeRequestGenerator(pclient,
client,
- pInformer.Kyverno().V1().ClusterPolicyViolations(),
- pInformer.Kyverno().V1().PolicyViolations(),
+ pInformer.Kyverno().V1alpha1().ReportChangeRequests(),
+ pInformer.Kyverno().V1alpha1().ClusterReportChangeRequests(),
+ pInformer.Kyverno().V1().ClusterPolicies(),
+ pInformer.Kyverno().V1().Policies(),
statusSync.Listener,
- log.Log.WithName("PolicyViolationGenerator"),
+ log.Log.WithName("ReportChangeRequestGenerator"),
+ )
+
+ prgen = policyreport.NewReportGenerator(client,
+ pInformer.Policy().V1alpha1().ClusterPolicyReports(),
+ pInformer.Policy().V1alpha1().PolicyReports(),
+ pInformer.Kyverno().V1alpha1().ReportChangeRequests(),
+ pInformer.Kyverno().V1alpha1().ClusterReportChangeRequests(),
+ kubeInformer.Core().V1().Namespaces(),
+ log.Log.WithName("PolicyReportGenerator"),
)
// POLICY CONTROLLER
@@ -202,12 +220,10 @@ func main() {
client,
pInformer.Kyverno().V1().ClusterPolicies(),
pInformer.Kyverno().V1().Policies(),
- pInformer.Kyverno().V1().ClusterPolicyViolations(),
- pInformer.Kyverno().V1().PolicyViolations(),
pInformer.Kyverno().V1().GenerateRequests(),
configData,
eventGenerator,
- pvgen,
+ reportReqGen,
rWebhookWatcher,
kubeInformer.Core().V1().Namespaces(),
log.Log.WithName("PolicyController"),
@@ -258,7 +274,7 @@ func main() {
pCacheController.Cache,
eventGenerator,
statusSync.Listener,
- pvgen,
+ reportReqGen,
kubeInformer.Rbac().V1().RoleBindings(),
kubeInformer.Rbac().V1().ClusterRoleBindings(),
log.Log.WithName("ValidateAuditHandler"),
@@ -314,7 +330,7 @@ func main() {
webhookRegistrationClient,
statusSync.Listener,
configData,
- pvgen,
+ reportReqGen,
grgen,
rWebhookWatcher,
auditHandler,
@@ -334,14 +350,16 @@ func main() {
pInformer.Start(stopCh)
kubeInformer.Start(stopCh)
kubedynamicInformer.Start(stopCh)
+
+ go reportReqGen.Run(2, stopCh)
+ go prgen.Run(1, stopCh)
go grgen.Run(1)
go rWebhookWatcher.Run(stopCh)
go configData.Run(stopCh)
- go policyCtrl.Run(3, stopCh)
+ go policyCtrl.Run(2, stopCh)
go eventGenerator.Run(3, stopCh)
go grc.Run(1, stopCh)
go grcc.Run(1, stopCh)
- go pvgen.Run(1, stopCh)
go statusSync.Run(1, stopCh)
go pCacheController.Run(1, stopCh)
go auditHandler.Run(10, stopCh)
diff --git a/definitions/crds/crds.yaml b/definitions/crds/crds.yaml
old mode 100644
new mode 100755
index e0ec1784c9..da947f8b35
--- a/definitions/crds/crds.yaml
+++ b/definitions/crds/crds.yaml
@@ -550,150 +550,6 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
-metadata:
- name: clusterpolicyviolations.kyverno.io
-spec:
- group: kyverno.io
- versions:
- - name: v1
- served: true
- storage: true
- scope: Cluster
- names:
- kind: ClusterPolicyViolation
- plural: clusterpolicyviolations
- singular: clusterpolicyviolation
- shortNames:
- - cpolv
- subresources:
- status: {}
- additionalPrinterColumns:
- - name: Policy
- type: string
- description: The policy that resulted in the violation
- JSONPath: .spec.policy
- - name: ResourceKind
- type: string
- description: The resource kind that cause the violation
- JSONPath: .spec.resource.kind
- - name: ResourceName
- type: string
- description: The resource name that caused the violation
- JSONPath: .spec.resource.name
- - name: Age
- type: date
- JSONPath: .metadata.creationTimestamp
- validation:
- openAPIV3Schema:
- properties:
- spec:
- required:
- - policy
- - resource
- - rules
- properties:
- policy:
- type: string
- resource:
- type: object
- required:
- - kind
- - name
- properties:
- kind:
- type: string
- name:
- type: string
- rules:
- type: array
- items:
- type: object
- required:
- - name
- - type
- - message
- properties:
- name:
- type: string
- type:
- type: string
- message:
- type: string
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
- name: policyviolations.kyverno.io
-spec:
- group: kyverno.io
- versions:
- - name: v1
- served: true
- storage: true
- scope: Namespaced
- names:
- kind: PolicyViolation
- plural: policyviolations
- singular: policyviolation
- shortNames:
- - polv
- subresources:
- status: {}
- additionalPrinterColumns:
- - name: Policy
- type: string
- description: The policy that resulted in the violation
- JSONPath: .spec.policy
- - name: ResourceKind
- type: string
- description: The resource kind that cause the violation
- JSONPath: .spec.resource.kind
- - name: ResourceName
- type: string
- description: The resource name that caused the violation
- JSONPath: .spec.resource.name
- - name: Age
- type: date
- JSONPath: .metadata.creationTimestamp
- validation:
- openAPIV3Schema:
- properties:
- spec:
- required:
- - policy
- - resource
- - rules
- properties:
- policy:
- type: string
- resource:
- type: object
- required:
- - kind
- - name
- properties:
- kind:
- type: string
- name:
- type: string
- rules:
- type: array
- items:
- type: object
- required:
- - name
- - type
- - message
- properties:
- name:
- type: string
- type:
- type: string
- message:
- type: string
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
metadata:
name: generaterequests.kyverno.io
spec:
diff --git a/definitions/crds/kustomization.yaml b/definitions/crds/kustomization.yaml
old mode 100644
new mode 100755
index 8adb7f06ef..178da48c3f
--- a/definitions/crds/kustomization.yaml
+++ b/definitions/crds/kustomization.yaml
@@ -2,4 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
-- ./crds.yaml
\ No newline at end of file
+- ./crds.yaml
+- ./policy.k8s.io_clusterpolicyreports.yaml
+- ./policy.k8s.io_policyreports.yaml
+- ./kyverno.io_reportchangerequests.yaml
+- ./kyverno.io_clusterreportchangerequests.yaml
\ No newline at end of file
diff --git a/definitions/crds/kyverno.io_clusterreportchangerequests.yaml b/definitions/crds/kyverno.io_clusterreportchangerequests.yaml
new file mode 100644
index 0000000000..19cbc74a5e
--- /dev/null
+++ b/definitions/crds/kyverno.io_clusterreportchangerequests.yaml
@@ -0,0 +1,334 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: clusterreportchangerequests.kyverno.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
+ type: string
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
+ type: string
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ group: kyverno.io
+ names:
+ kind: ClusterReportChangeRequest
+ listKind: ClusterReportChangeRequestList
+ plural: clusterreportchangerequests
+ singular: clusterreportchangerequest
+ scope: Namespaced
+ subresources: {}
+ validation:
+ openAPIV3Schema:
+ description: ClusterReportChangeRequest is the Schema for the ClusterReportChangeRequests
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/definitions/crds/kyverno.io_reportchangerequests.yaml b/definitions/crds/kyverno.io_reportchangerequests.yaml
new file mode 100644
index 0000000000..4e7d17d8e6
--- /dev/null
+++ b/definitions/crds/kyverno.io_reportchangerequests.yaml
@@ -0,0 +1,334 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: reportchangerequests.kyverno.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
+ type: string
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
+ type: string
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ group: kyverno.io
+ names:
+ kind: ReportChangeRequest
+ listKind: ReportChangeRequestList
+ plural: reportchangerequests
+ singular: reportchangerequest
+ scope: Namespaced
+ subresources: {}
+ validation:
+ openAPIV3Schema:
+ description: ReportChangeRequest is the Schema for the ReportChangeRequests
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/definitions/crds/policy.k8s.io_clusterpolicyreports.yaml b/definitions/crds/policy.k8s.io_clusterpolicyreports.yaml
new file mode 100644
index 0000000000..f137e08e7e
--- /dev/null
+++ b/definitions/crds/policy.k8s.io_clusterpolicyreports.yaml
@@ -0,0 +1,336 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: clusterpolicyreports.policy.k8s.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
+ type: string
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
+ type: string
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ group: policy.k8s.io
+ names:
+ kind: ClusterPolicyReport
+ listKind: ClusterPolicyReportList
+ plural: clusterpolicyreports
+ shortNames:
+ - cpolr
+ singular: clusterpolicyreport
+ scope: Namespaced
+ subresources: {}
+ validation:
+ openAPIV3Schema:
+ description: ClusterPolicyReport is the Schema for the clusterpolicyreports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/definitions/crds/policy.k8s.io_policyreports.yaml b/definitions/crds/policy.k8s.io_policyreports.yaml
new file mode 100644
index 0000000000..0405228516
--- /dev/null
+++ b/definitions/crds/policy.k8s.io_policyreports.yaml
@@ -0,0 +1,335 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: policyreports.policy.k8s.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
+ type: string
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
+ type: string
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ group: policy.k8s.io
+ names:
+ kind: PolicyReport
+ listKind: PolicyReportList
+ plural: policyreports
+ shortNames:
+ - polr
+ singular: policyreport
+ scope: Namespaced
+ subresources: {}
+ validation:
+ openAPIV3Schema:
+ description: PolicyReport is the Schema for the policyreports API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/definitions/debug/kustomization.yaml b/definitions/debug/kustomization.yaml
old mode 100644
new mode 100755
diff --git a/definitions/github/rbac.yaml b/definitions/github/rbac.yaml
old mode 100644
new mode 100755
diff --git a/definitions/install.yaml b/definitions/install.yaml
old mode 100644
new mode 100755
index 6a3dc252b9..a9be965f81
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@@ -290,74 +290,670 @@ spec:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
- name: clusterpolicyviolations.kyverno.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: clusterpolicyreports.policy.k8s.io
spec:
additionalPrinterColumns:
- - JSONPath: .spec.policy
- description: The policy that resulted in the violation
- name: Policy
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
type: string
- - JSONPath: .spec.resource.kind
- description: The resource kind that cause the violation
- name: ResourceKind
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
type: string
- - JSONPath: .spec.resource.name
- description: The resource name that caused the violation
- name: ResourceName
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ group: policy.k8s.io
+ names:
+ kind: ClusterPolicyReport
+ listKind: ClusterPolicyReportList
+ plural: clusterpolicyreports
+ shortNames:
+ - cpolr
+ singular: clusterpolicyreport
+ scope: Namespaced
+ subresources: {}
+ validation:
+ openAPIV3Schema:
+ description: ClusterPolicyReport is the Schema for the clusterpolicyreports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: clusterreportchangerequests.kyverno.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
type: string
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
+ type: string
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: kyverno.io
names:
- kind: ClusterPolicyViolation
- plural: clusterpolicyviolations
- shortNames:
- - cpolv
- singular: clusterpolicyviolation
- scope: Cluster
- subresources:
- status: {}
+ kind: ClusterReportChangeRequest
+ listKind: ClusterReportChangeRequestList
+ plural: clusterreportchangerequests
+ singular: clusterreportchangerequest
+ scope: Namespaced
+ subresources: {}
validation:
openAPIV3Schema:
+ description: ClusterReportChangeRequest is the Schema for the ClusterReportChangeRequests
+ API
properties:
- spec:
- properties:
- policy:
- type: string
- resource:
- properties:
- kind:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
type: string
- name:
- type: string
- required:
- - kind
- - name
- type: object
- rules:
- items:
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
properties:
- message:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
type: string
- name:
- type: string
- type:
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
required:
- - name
- - type
- - message
+ - key
+ - operator
type: object
type: array
- required:
- - policy
- - resource
- - rules
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
versions:
- - name: v1
+ - name: v1alpha1
served: true
storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
@@ -696,74 +1292,669 @@ spec:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
- name: policyviolations.kyverno.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: policyreports.policy.k8s.io
spec:
additionalPrinterColumns:
- - JSONPath: .spec.policy
- description: The policy that resulted in the violation
- name: Policy
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
type: string
- - JSONPath: .spec.resource.kind
- description: The resource kind that cause the violation
- name: ResourceKind
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
type: string
- - JSONPath: .spec.resource.name
- description: The resource name that caused the violation
- name: ResourceName
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ group: policy.k8s.io
+ names:
+ kind: PolicyReport
+ listKind: PolicyReportList
+ plural: policyreports
+ shortNames:
+ - polr
+ singular: policyreport
+ scope: Namespaced
+ subresources: {}
+ validation:
+ openAPIV3Schema:
+ description: PolicyReport is the Schema for the policyreports API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: reportchangerequests.kyverno.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
type: string
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
+ type: string
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: kyverno.io
names:
- kind: PolicyViolation
- plural: policyviolations
- shortNames:
- - polv
- singular: policyviolation
+ kind: ReportChangeRequest
+ listKind: ReportChangeRequestList
+ plural: reportchangerequests
+ singular: reportchangerequest
scope: Namespaced
- subresources:
- status: {}
+ subresources: {}
validation:
openAPIV3Schema:
+ description: ReportChangeRequest is the Schema for the ReportChangeRequests
+ API
properties:
- spec:
- properties:
- policy:
- type: string
- resource:
- properties:
- kind:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
type: string
- name:
- type: string
- required:
- - kind
- - name
- type: object
- rules:
- items:
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
properties:
- message:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
type: string
- name:
- type: string
- type:
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
required:
- - name
- - type
- - message
+ - key
+ - operator
type: object
type: array
- required:
- - policy
- - resource
- - rules
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
versions:
- - name: v1
+ - name: v1alpha1
served: true
storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
---
apiVersion: v1
kind: ServiceAccount
@@ -783,12 +1974,20 @@ rules:
- policies/status
- clusterpolicies
- clusterpolicies/status
+ - policyreports
+ - policyreports/status
+ - clusterpolicyreports
+ - clusterpolicyreports/status
- clusterpolicyviolations
- clusterpolicyviolations/status
- policyviolations
- policyviolations/status
- generaterequests
- generaterequests/status
+ - reportchangerequests
+ - reportchangerequests/status
+ - clusterreportchangerequests
+ - clusterreportchangerequests/status
verbs:
- create
- delete
@@ -797,6 +1996,12 @@ rules:
- patch
- update
- watch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -919,6 +2124,39 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ name: kyverno:admin-policyreport
+rules:
+- apiGroups:
+ - policy.k8s.io/v1alpha1
+ resources:
+ - policyreport
+ - clusterpolicyreport
+ verbs:
+ - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ name: kyverno:edit-policies-policyreport
+rules:
+- apiGroups:
+ - policy.k8s.io/v1alpha1
+ resources:
+ - policyreport
+ - clusterpolicyreport
+ - policies
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -928,7 +2166,6 @@ rules:
- kyverno.io
resources:
- policyviolations
- - policies
verbs:
- get
- list
@@ -936,6 +2173,23 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
+metadata:
+ name: kyverno:policyreport
+rules:
+- apiGroups:
+ - '*'
+ resources:
+ - policyreports
+ - clusterpolicyreports
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
metadata:
name: kyverno:policyviolations
rules:
@@ -950,6 +2204,22 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ name: kyverno:view-clusterpolicyreport
+rules:
+- apiGroups:
+ - policy.k8s.io/v1alpha1
+ resources:
+ - clusterpolicyreport
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -981,6 +2251,22 @@ rules:
- list
- watch
---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ name: kyverno:view-policyreport
+rules:
+- apiGroups:
+ - policy.k8s.io/v1alpha1
+ resources:
+ - policyreport
+ verbs:
+ - get
+ - list
+ - watch
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -1022,6 +2308,19 @@ subjects:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
+metadata:
+ name: kyverno:policyreport
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kyverno:policyreport
+subjects:
+- kind: ServiceAccount
+ name: kyverno-service-account
+ namespace: kyverno
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
metadata:
name: kyverno:userinfo
roleRef:
@@ -1049,7 +2348,7 @@ subjects:
apiVersion: v1
data:
excludeGroupRole: system:serviceaccounts:kube-system,system:nodes,system:kube-scheduler
- resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]'
+ resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]'
kind: ConfigMap
metadata:
name: init-config
@@ -1088,7 +2387,7 @@ spec:
spec:
containers:
- args:
- - --filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]
+ - --filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]
- -v=2
env:
- name: INIT_CONFIG
diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml
old mode 100644
new mode 100755
index 9bc0f5230e..f6f3f44056
--- a/definitions/install_debug.yaml
+++ b/definitions/install_debug.yaml
@@ -290,74 +290,670 @@ spec:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
- name: clusterpolicyviolations.kyverno.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: clusterpolicyreports.policy.k8s.io
spec:
additionalPrinterColumns:
- - JSONPath: .spec.policy
- description: The policy that resulted in the violation
- name: Policy
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
type: string
- - JSONPath: .spec.resource.kind
- description: The resource kind that cause the violation
- name: ResourceKind
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
type: string
- - JSONPath: .spec.resource.name
- description: The resource name that caused the violation
- name: ResourceName
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ group: policy.k8s.io
+ names:
+ kind: ClusterPolicyReport
+ listKind: ClusterPolicyReportList
+ plural: clusterpolicyreports
+ shortNames:
+ - cpolr
+ singular: clusterpolicyreport
+ scope: Namespaced
+ subresources: {}
+ validation:
+ openAPIV3Schema:
+ description: ClusterPolicyReport is the Schema for the clusterpolicyreports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: clusterreportchangerequests.kyverno.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
type: string
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
+ type: string
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: kyverno.io
names:
- kind: ClusterPolicyViolation
- plural: clusterpolicyviolations
- shortNames:
- - cpolv
- singular: clusterpolicyviolation
- scope: Cluster
- subresources:
- status: {}
+ kind: ClusterReportChangeRequest
+ listKind: ClusterReportChangeRequestList
+ plural: clusterreportchangerequests
+ singular: clusterreportchangerequest
+ scope: Namespaced
+ subresources: {}
validation:
openAPIV3Schema:
+ description: ClusterReportChangeRequest is the Schema for the ClusterReportChangeRequests
+ API
properties:
- spec:
- properties:
- policy:
- type: string
- resource:
- properties:
- kind:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
type: string
- name:
- type: string
- required:
- - kind
- - name
- type: object
- rules:
- items:
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
properties:
- message:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
type: string
- name:
- type: string
- type:
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
required:
- - name
- - type
- - message
+ - key
+ - operator
type: object
type: array
- required:
- - policy
- - resource
- - rules
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
versions:
- - name: v1
+ - name: v1alpha1
served: true
storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
@@ -696,74 +1292,669 @@ spec:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
- name: policyviolations.kyverno.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: policyreports.policy.k8s.io
spec:
additionalPrinterColumns:
- - JSONPath: .spec.policy
- description: The policy that resulted in the violation
- name: Policy
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
type: string
- - JSONPath: .spec.resource.kind
- description: The resource kind that cause the violation
- name: ResourceKind
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
type: string
- - JSONPath: .spec.resource.name
- description: The resource name that caused the violation
- name: ResourceName
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ group: policy.k8s.io
+ names:
+ kind: PolicyReport
+ listKind: PolicyReportList
+ plural: policyreports
+ shortNames:
+ - polr
+ singular: policyreport
+ scope: Namespaced
+ subresources: {}
+ validation:
+ openAPIV3Schema:
+ description: PolicyReport is the Schema for the policyreports API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: reportchangerequests.kyverno.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .scope.kind
+ name: Kind
+ priority: 1
type: string
+ - JSONPath: .scope.name
+ name: Name
+ priority: 1
+ type: string
+ - JSONPath: .summary.pass
+ name: Pass
+ type: integer
+ - JSONPath: .summary.fail
+ name: Fail
+ type: integer
+ - JSONPath: .summary.warn
+ name: Warn
+ type: integer
+ - JSONPath: .summary.error
+ name: Error
+ type: integer
+ - JSONPath: .summary.skip
+ name: Skip
+ type: integer
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: kyverno.io
names:
- kind: PolicyViolation
- plural: policyviolations
- shortNames:
- - polv
- singular: policyviolation
+ kind: ReportChangeRequest
+ listKind: ReportChangeRequestList
+ plural: reportchangerequests
+ singular: reportchangerequest
scope: Namespaced
- subresources:
- status: {}
+ subresources: {}
validation:
openAPIV3Schema:
+ description: ReportChangeRequest is the Schema for the ReportChangeRequests
+ API
properties:
- spec:
- properties:
- policy:
- type: string
- resource:
- properties:
- kind:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ data:
+ additionalProperties:
type: string
- name:
- type: string
- required:
- - kind
- - name
- type: object
- rules:
- items:
+ description: Data provides additional information for the policy rule
+ type: object
+ message:
+ description: Message is a short user friendly description of the policy
+ rule
+ type: string
+ policy:
+ description: Policy is the name of the policy
+ type: string
+ resourceSelector:
+ description: ResourceSelector is an optional selector for policy results
+ that apply to multiple resources. For example, a policy result may
+ apply to all pods that match a label. Either a Resource or a ResourceSelector
+ can be specified. If neither are provided, the result is assumed
+ to be for the policy report scope.
properties:
- message:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is an optional reference to the resource checked
+ by the policy and rule
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this type will
+ affect numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ rule:
+ description: Rule is the name of the policy rule
+ type: string
+ scored:
+ description: Scored indicates if this policy rule is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy severity
+ enum:
+ - high
+ - low
+ - medium
+ type: string
+ status:
+ description: Status indicates the result of the policy rule check
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ required:
+ - policy
+ type: object
+ type: array
+ scope:
+ description: Scope is an optional reference to the report scope (e.g. a
+ Deployment, Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of an entire
+ object, this string should contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For example, if the object
+ reference is to a container within a pod, this would take on a value
+ like: "spec.containers{name}" (where "name" refers to the name of
+ the container that triggered the event) or if no container name is
+ specified "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way of referencing
+ a part of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference is made,
+ if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ scopeSelector:
+ description: ScopeSelector is an optional selector for multiple scopes (e.g.
+ Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+ should be specified.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains
+ values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
type: string
- name:
- type: string
- type:
+ operator:
+ description: operator represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
+ values:
+ description: values is an array of string values. If the operator
+ is In or NotIn, the values array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
required:
- - name
- - type
- - message
+ - key
+ - operator
type: object
type: array
- required:
- - policy
- - resource
- - rules
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not be
+ evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not selected
+ for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of unscored policies whose requirements
+ were not met
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
versions:
- - name: v1
+ - name: v1alpha1
served: true
storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
---
apiVersion: v1
kind: ServiceAccount
@@ -783,12 +1974,20 @@ rules:
- policies/status
- clusterpolicies
- clusterpolicies/status
+ - policyreports
+ - policyreports/status
+ - clusterpolicyreports
+ - clusterpolicyreports/status
- clusterpolicyviolations
- clusterpolicyviolations/status
- policyviolations
- policyviolations/status
- generaterequests
- generaterequests/status
+ - reportchangerequests
+ - reportchangerequests/status
+ - clusterreportchangerequests
+ - clusterreportchangerequests/status
verbs:
- create
- delete
@@ -797,6 +1996,12 @@ rules:
- patch
- update
- watch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -919,6 +2124,39 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ name: kyverno:admin-policyreport
+rules:
+- apiGroups:
+ - policy.k8s.io/v1alpha1
+ resources:
+ - policyreport
+ - clusterpolicyreport
+ verbs:
+ - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ name: kyverno:edit-policies-policyreport
+rules:
+- apiGroups:
+ - policy.k8s.io/v1alpha1
+ resources:
+ - policyreport
+ - clusterpolicyreport
+ - policies
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -928,7 +2166,6 @@ rules:
- kyverno.io
resources:
- policyviolations
- - policies
verbs:
- get
- list
@@ -936,6 +2173,23 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
+metadata:
+ name: kyverno:policyreport
+rules:
+- apiGroups:
+ - '*'
+ resources:
+ - policyreports
+ - clusterpolicyreports
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
metadata:
name: kyverno:policyviolations
rules:
@@ -950,6 +2204,22 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ name: kyverno:view-clusterpolicyreport
+rules:
+- apiGroups:
+ - policy.k8s.io/v1alpha1
+ resources:
+ - clusterpolicyreport
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -981,6 +2251,22 @@ rules:
- list
- watch
---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ name: kyverno:view-policyreport
+rules:
+- apiGroups:
+ - policy.k8s.io/v1alpha1
+ resources:
+ - policyreport
+ verbs:
+ - get
+ - list
+ - watch
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -1022,6 +2308,19 @@ subjects:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
+metadata:
+ name: kyverno:policyreport
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kyverno:policyreport
+subjects:
+- kind: ServiceAccount
+ name: kyverno-service-account
+ namespace: kyverno
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
metadata:
name: kyverno:userinfo
roleRef:
@@ -1049,7 +2348,7 @@ subjects:
apiVersion: v1
data:
excludeGroupRole: system:serviceaccounts:kube-system,system:nodes,system:kube-scheduler
- resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]'
+ resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]'
kind: ConfigMap
metadata:
name: init-config
diff --git a/definitions/k8s-resource/configmap.yaml b/definitions/k8s-resource/configmap.yaml
old mode 100644
new mode 100755
index 61d2490aac..b932c13ca6
--- a/definitions/k8s-resource/configmap.yaml
+++ b/definitions/k8s-resource/configmap.yaml
@@ -1,8 +1,8 @@
apiVersion: v1
data:
- resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]'
+ resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]'
excludeGroupRole: 'system:serviceaccounts:kube-system,system:nodes,system:kube-scheduler'
kind: ConfigMap
metadata:
name: init-config
- namespace: kyverno
\ No newline at end of file
+ namespace: kyverno
diff --git a/definitions/k8s-resource/kustomization.yaml b/definitions/k8s-resource/kustomization.yaml
old mode 100644
new mode 100755
diff --git a/definitions/k8s-resource/rbac.yaml b/definitions/k8s-resource/rbac.yaml
old mode 100644
new mode 100755
index 439539ff84..8e57956d06
--- a/definitions/k8s-resource/rbac.yaml
+++ b/definitions/k8s-resource/rbac.yaml
@@ -1,7 +1,7 @@
---
kind: Namespace
apiVersion: v1
-metadata:
+metadata:
name: "kyverno"
---
apiVersion: v1
@@ -71,7 +71,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kyverno-service-account
- namespace: kyverno
+ namespace: kyverno
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@@ -84,8 +84,8 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kyverno-service-account
- namespace: kyverno
----
+ namespace: kyverno
+---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -97,7 +97,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kyverno-service-account
- namespace: kyverno
+ namespace: kyverno
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -116,7 +116,7 @@ rules:
verbs:
- create
- delete
- - get
+ - get
- list
- patch
- update
@@ -132,7 +132,7 @@ rules:
verbs:
- create
- delete
- - get
+ - get
- update
- watch
- apiGroups:
@@ -142,7 +142,7 @@ rules:
resourceNames:
- kubernetes.io/legacy-unknown
verbs:
- - approve
+ - approve
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -176,21 +176,35 @@ rules:
- policies/status
- clusterpolicies
- clusterpolicies/status
+ - policyreports
+ - policyreports/status
+ - clusterpolicyreports
+ - clusterpolicyreports/status
- clusterpolicyviolations
- clusterpolicyviolations/status
- policyviolations
- policyviolations/status
- generaterequests
- generaterequests/status
+ - reportchangerequests
+ - reportchangerequests/status
+ - clusterreportchangerequests
+ - clusterreportchangerequests/status
verbs:
- create
- delete
- - get
- - list
+ - get
+ - list
- patch
- update
- watch
----
+- apiGroups:
+ - 'apiextensions.k8s.io'
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - delete
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -279,17 +293,100 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
+metadata:
+ name: kyverno:policyreport
+rules:
+ - apiGroups: ["*"]
+ resources:
+ - policyreports
+ - clusterpolicyreports
+ - pods
+ verbs: ["get", "list", "watch", "delete"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: kyverno:policyreport
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kyverno:policyreport
+subjects:
+- kind: ServiceAccount
+ name: kyverno-service-account
+ namespace: kyverno
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ name: kyverno:view-policyreport
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+rules:
+ - apiGroups: [ "policy.k8s.io/v1alpha1" ]
+ resources:
+ - policyreport
+ verbs: [ "get", "list", "watch" ]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ name: kyverno:view-clusterpolicyreport
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+ - apiGroups: ["policy.k8s.io/v1alpha1"]
+ resources:
+ - clusterpolicyreport
+ verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ name: kyverno:edit-policies-policyreport
+rules:
+ - apiGroups:
+ - policy.k8s.io/v1alpha1
+ resources:
+ - policyreport
+ - clusterpolicyreport
+ - policies
+ verbs:
+ - get
+ - list
+ - watch
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ name: kyverno:admin-policyreport
+rules:
+ - apiGroups:
+ - policy.k8s.io/v1alpha1
+ resources:
+ - policyreport
+ - clusterpolicyreport
+ verbs:
+ - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyviolations
rules:
-- apiGroups:
+- apiGroups:
- kyverno.io
resources:
- policyviolations
- - policies
- verbs:
+ verbs:
- get
- list
- - watch
+ - watch
\ No newline at end of file
diff --git a/definitions/kustomization.yaml b/definitions/kustomization.yaml
old mode 100644
new mode 100755
diff --git a/definitions/manifest/deployment.yaml b/definitions/manifest/deployment.yaml
old mode 100644
new mode 100755
index 37b919a81e..25cf8dce9e
--- a/definitions/manifest/deployment.yaml
+++ b/definitions/manifest/deployment.yaml
@@ -37,7 +37,7 @@ spec:
image: nirmata/kyverno:latest
imagePullPolicy: Always
args:
- - "--filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]"
+ - "--filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]"
# customize webhook timeout
#- "--webhooktimeout=4"
# enable profiling
diff --git a/definitions/manifest/kustomization.yaml b/definitions/manifest/kustomization.yaml
old mode 100644
new mode 100755
diff --git a/definitions/release/install.yaml b/definitions/release/install.yaml
old mode 100644
new mode 100755
diff --git a/go.mod b/go.mod
index 8946865bbb..87eae231c5 100644
--- a/go.mod
+++ b/go.mod
@@ -3,11 +3,23 @@ module github.com/kyverno/kyverno
go 1.13
require (
- github.com/ahmetb/gen-crd-api-reference-docs v0.2.0 // indirect
- github.com/cameront/go-jsonpatch v0.0.0-20180223123257-a8710867776e
+ cloud.google.com/go v0.52.0 // indirect
+ github.com/Azure/azure-sdk-for-go v38.2.0+incompatible // indirect
+ github.com/Azure/go-autorest/autorest v0.9.4 // indirect
+ github.com/Azure/go-autorest/autorest/adal v0.8.1 // indirect
+ github.com/Azure/go-autorest/autorest/to v0.3.0 // indirect
+ github.com/aws/aws-sdk-go v1.28.9 // indirect
github.com/cenkalti/backoff v2.2.1+incompatible
+ github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b // indirect
+ github.com/cornelk/hashmap v1.0.1
+ github.com/docker/distribution v2.7.1+incompatible // indirect
+ github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0
+ github.com/docker/go-connections v0.4.0 // indirect
+ github.com/docker/go-metrics v0.0.1 // indirect
github.com/evanphx/json-patch v4.5.0+incompatible
github.com/evanphx/json-patch/v5 v5.0.0 // indirect
+ github.com/fatih/color v1.9.0 // indirect
+ github.com/fatih/structtag v1.2.0 // indirect
github.com/gardener/controller-manager-library v0.2.0
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
github.com/go-logr/logr v0.1.0
@@ -15,37 +27,42 @@ require (
github.com/go-openapi/strfmt v0.19.5
github.com/go-openapi/validate v0.19.8
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
- github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 // indirect
+ github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
github.com/googleapis/gnostic v0.3.1
- github.com/hashicorp/golang-lru v0.5.3 // indirect
+ github.com/graymeta/stow v0.2.4 // indirect
+ github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/imdario/mergo v0.3.8 // indirect
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af
github.com/json-iterator/go v1.1.9 // indirect
github.com/julienschmidt/httprouter v1.3.0
+ github.com/lyft/flytestdlib v0.2.31
github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a
+ github.com/mattn/go-isatty v0.0.12 // indirect
github.com/minio/minio v0.0.0-20200114012931-30922148fbb5
+ github.com/morikuni/aec v1.0.0 // indirect
github.com/onsi/ginkgo v1.11.0
github.com/onsi/gomega v1.8.1
- github.com/ory/go-acc v0.2.1 // indirect
+ github.com/opencontainers/go-digest v1.0.0 // indirect
+ github.com/opencontainers/image-spec v1.0.1 // indirect
+ github.com/pelletier/go-toml v1.6.0 // indirect
github.com/pkg/errors v0.9.1
github.com/pkg/profile v1.2.1
- github.com/prometheus/common v0.4.1
+ github.com/prometheus/common v0.7.0
github.com/rogpeppe/godef v1.1.2 // indirect
github.com/spf13/cobra v1.0.0
+ github.com/spf13/viper v1.6.2 // indirect
github.com/stretchr/testify v1.4.0
github.com/tevino/abool v0.0.0-20170917061928-9b9efcf221b5
- golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect
- golang.org/x/sys v0.0.0-20200113162924-86b910548bc1 // indirect
golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect
google.golang.org/appengine v1.6.5 // indirect
gopkg.in/yaml.v2 v2.3.0
gopkg.in/yaml.v3 v3.0.0-20200121175148-a6ecf24a6d71
gotest.tools v2.2.0+incompatible
- k8s.io/api v0.17.4
- k8s.io/apiextensions-apiserver v0.17.4
- k8s.io/apimachinery v0.17.4
- k8s.io/cli-runtime v0.17.4
- k8s.io/client-go v0.17.4
+ k8s.io/api v0.18.4
+ k8s.io/apiextensions-apiserver v0.18.4
+ k8s.io/apimachinery v0.18.4
+ k8s.io/cli-runtime v0.18.4
+ k8s.io/client-go v0.18.4
k8s.io/klog v1.0.0
k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6
sigs.k8s.io/controller-runtime v0.5.0
@@ -57,7 +74,6 @@ require (
// Added for go1.13 migration https://github.com/golang/go/issues/32805
replace (
github.com/gorilla/rpc v1.2.0+incompatible => github.com/gorilla/rpc v1.2.0
- k8s.io/client-go v0.17.4 => github.com/nirmata/client-go v0.17.5-0.20200625181911-7e81180b291e
k8s.io/code-generator => k8s.io/code-generator v0.0.0-20200306081859-6a048a382944
k8s.io/component-base => k8s.io/component-base v0.0.0-20190612130303-4062e14deebe
)
diff --git a/go.sum b/go.sum
index 7a7f47f0cf..d64f1044f7 100644
--- a/go.sum
+++ b/go.sum
@@ -3,37 +3,48 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts=
-cloud.google.com/go v0.41.0/go.mod h1:OauMR7DV8fzvZIl2qg6rkaIhD/vmgk4iwEw/h6ercmg=
cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.47.0/go.mod h1:5p3Ky/7f3N10VBkhuR5LFtddroTiMyjZV/Kj5qOQFxU=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
git.apache.org/thrift.git v0.12.0/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
github.com/360EntSecGroup-Skylar/excelize v1.4.1/go.mod h1:vnax29X2usfl7HHkBrX5EvSCJcmH3dT9luvxzu8iGAE=
github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4=
+github.com/Azure/azure-sdk-for-go v10.2.1-beta+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v32.5.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v38.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
github.com/Azure/go-autorest v11.7.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
+github.com/Azure/go-autorest/autorest v0.9.2/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
+github.com/Azure/go-autorest/autorest v0.9.4/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0=
github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
+github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc=
+github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
+github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
+github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
+github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/DATA-DOG/go-sqlmock v1.3.3/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc=
github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
github.com/Masterminds/sprig v2.16.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
-github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
github.com/PuerkitoBio/goquery v1.5.0/go.mod h1:qD2PgZ9lccMbQlc7eEOjaeRlFQON7xY8kdmcsrnKqMg=
@@ -47,16 +58,14 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdko
github.com/Shopify/sarama v1.24.1/go.mod h1:fGP8eQ6PugKEI0iUETYYtnP6d1pH/bdDMTel1X5ajsU=
github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
-github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d h1:G0m3OIz70MZUWq3EgK3CesDbo8upS2Vm9/P3FtgI+Jk=
github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM=
github.com/ahmetb/gen-crd-api-reference-docs v0.1.5/go.mod h1:P/XzJ+c2+khJKNKABcm2biRwk2QAuwbLf8DlXuaL7WM=
-github.com/ahmetb/gen-crd-api-reference-docs v0.2.0 h1:YI/cAcRdNAHArfhGKcmCY5qMa32k/UyCZagLgabC5JY=
-github.com/ahmetb/gen-crd-api-reference-docs v0.2.0/go.mod h1:P/XzJ+c2+khJKNKABcm2biRwk2QAuwbLf8DlXuaL7WM=
-github.com/ajg/form v0.0.0-20160822230020-523a5da1a92f/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
github.com/alecthomas/participle v0.2.1/go.mod h1:SW6HZGeZgSIpcUWX3fXpfZhuaWHnmoD5KCVaqSaNTkk=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190307165228-86c17b95fcd5/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
github.com/andybalholm/cascadia v1.0.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
@@ -70,43 +79,39 @@ github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:l
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/aws/aws-sdk-go v1.20.21/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-sdk-go v1.23.19/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-xray-sdk-go v0.9.4/go.mod h1:XtMKdBQfpVut+tJEwI7+dJFRxxRdxHDyVNp2tHXRq04=
+github.com/aws/aws-sdk-go v1.23.4/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.25.16/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.28.9/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
github.com/bcicen/jstream v0.0.0-20190220045926-16c1f8af81c2/go.mod h1:RDu/qcrnpEdJC/p8tx34+YBFqqX71lB7dOX9QE+ZC4M=
github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg=
+github.com/benlaurie/objecthash v0.0.0-20180202135721-d1e3d6079fc1/go.mod h1:jvdWlw8vowVGnZqSDC7yhPd7AifQeQbRDkZcQXV2nRg=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
github.com/blang/semver v3.5.0+incompatible h1:CGxCgetQ64DKk7rdZ++Vfnb1+ogGNnB17OJKJXD2Cfs=
github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
github.com/bombsimon/wsl v1.2.5/go.mod h1:43lEF/i0kpXbLCeDXL9LMT8c92HyBywXb0AsgMHYngM=
-github.com/cameront/go-jsonpatch v0.0.0-20180223123257-a8710867776e h1:6c3+GQuYUWljNcReOg4gxMUss9Gjll+5Y9vqDM+ILy8=
-github.com/cameront/go-jsonpatch v0.0.0-20180223123257-a8710867776e/go.mod h1:kdPJxKAfR3ZdD+MWYorN1oTdV9+qwJy9jO/0meJmcxU=
-github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cheekybits/is v0.0.0-20150225183255-68e9c0620927/go.mod h1:h/aW8ynjgkuj+NQRlZcDbAbM1ORAbXjXX77sX7T289U=
github.com/cheggaaa/pb v1.0.28/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575/go.mod h1:9d6lWj8KzO/fd/NrVaLscBKmPigpZpn5YawRPw+e3Yo=
github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
-github.com/cockroachdb/cockroach-go v0.0.0-20181001143604-e0a95dfd547c/go.mod h1:XGLbWH/ujMcbPbhZq52Nv6UrCghb1yGn//133kEsvDk=
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
-github.com/codegangsta/negroni v1.0.0/go.mod h1:v0y3T5G7Y1UlFfyxFn/QLRU4a2EuNau2iZY63YTKWo0=
-github.com/containerd/continuity v0.0.0-20181203112020-004b46473808/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
+github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
+github.com/coocood/freecache v1.1.0/go.mod h1:ePwxCDzOYvARfHdr1pByNct1at3CoKnsipOHwKlNbzI=
github.com/coredns/coredns v1.4.0/go.mod h1:zASH/MVDgR6XZTbxvOnsZfffS+31vg6Ackf/wo1+AM0=
github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
@@ -124,6 +129,8 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/cornelk/hashmap v1.0.1 h1:RXGcy29hEdLLV8T6aK4s+BAd4tq4+3Hq50N2GoG0uIg=
+github.com/cornelk/hashmap v1.0.1/go.mod h1:8wbysTUDnwJGrPZ1Iwsou3m+An6sldFrJItjRhfegCw=
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
@@ -131,18 +138,22 @@ github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dchest/siphash v1.1.0 h1:1Rs9eTUlZLPBEvV+2sTaM8O0NWn0ppbgqS7p11aWawI=
+github.com/dchest/siphash v1.1.0/go.mod h1:q+IRvb2gOSrUnYoPqHiyHXS0FOBBOdl6tONBlVnOnt4=
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/djherbis/atime v1.0.0/go.mod h1:5W+KBIuTwVGcqjIfaTwt+KSYX1o6uep8dtevevQP/f8=
+github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
+github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dustin/go-humanize v0.0.0-20180713052910-9f541cc9db5d/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/dustmop/soup v1.1.2-0.20190516214245-38228baa104e/go.mod h1:CgNC6SGbT+Xb8wGGvzilttZL1mc5sQ/5KkcxsZttMIk=
@@ -154,27 +165,29 @@ github.com/eclipse/paho.mqtt.golang v1.2.0/go.mod h1:H9keYFcgq3Qr5OUJm/JZI/i6U7j
github.com/elazarl/go-bindata-assetfs v1.0.0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/elazarl/goproxy v0.0.0-20181003060214-f58a169a71a5/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk=
github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/ernesto-jimenez/gogen v0.0.0-20180125220232-d7d4131e6607/go.mod h1:Cg4fM0vhYWOZdgM7RIOSTRNIc8/VT7CXClC3Ni86lu4=
github.com/evanphx/json-patch v0.0.0-20190203023257-5858425f7550/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v4.0.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M=
github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.0.0 h1:dKTrUeykyQwKb/kx7Z+4ukDs6l+4L41HqG1XHnhX7WE=
github.com/evanphx/json-patch/v5 v5.0.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
-github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/structs v1.0.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
+github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s=
+github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
+github.com/fatih/structtag v1.1.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
+github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
github.com/frankban/quicktest v1.4.1/go.mod h1:36zfPVQyHxymz4cH7wlDmVwDrJuljRB60qkgn7rorfQ=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.8-0.20191012010759-4bf2d1fec783/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/gardener/controller-manager-library v0.2.0 h1:MyxL0k10lwBf8TXkbnuN+oEOkHwCNhp3SKj+ad2w62s=
github.com/gardener/controller-manager-library v0.2.0/go.mod h1:oCK7fW2VpsMhmUh5c6cOhsN8p9Tth1OM3rRtogDF11k=
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
@@ -183,11 +196,13 @@ github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 h1:Mn26/9ZMNWSw9C9ER
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I=
github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
-github.com/go-bindata/go-bindata v3.1.1+incompatible/go.mod h1:xK8Dsgwmeed+BBsSy2XTopBn/8uK2HWuGSnA11C3Joo=
github.com/go-critic/go-critic v0.3.5-0.20190904082202-d79a9f0c64db/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA=
github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
@@ -196,7 +211,6 @@ github.com/go-logr/logr v0.1.0 h1:M1Tv3VzNlEHg6uyACnRdtrploV2P7wZqH8BoQMtz0cg=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk=
github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8=
-github.com/go-ole/go-ole v1.2.4 h1:nNBDSCOigTSiarFpYE9J/KtEA1IOW4CNeqT9TQDqCxI=
github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
@@ -234,14 +248,12 @@ github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nA
github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY=
-github.com/go-openapi/spec v0.19.3 h1:0XRyw8kguri6Yw4SxhsQA/atC88yqrk0+G4YhI2wabc=
github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
github.com/go-openapi/spec v0.19.5 h1:Xm0Ao53uqnk9QE/LlYV5DEU09UAgpliA85QoT9LzqPw=
github.com/go-openapi/spec v0.19.5/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk=
github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY=
-github.com/go-openapi/strfmt v0.19.3 h1:eRfyY5SkaNJCAwmmMcADjY31ow9+N7MCLW7oRkbsINA=
github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU=
github.com/go-openapi/strfmt v0.19.5 h1:0utjKrw+BAh8s57XE9Xz8DUBsVvPmRUB6styvl9wWIM=
github.com/go-openapi/strfmt v0.19.5/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk=
@@ -253,11 +265,9 @@ github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tF
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA=
-github.com/go-openapi/validate v0.19.5 h1:QhCBKRYqZR+SKo4gl1lPhPahope8/RLt6EVgY8X80w0=
github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4=
github.com/go-openapi/validate v0.19.8 h1:YFzsdWIDfVuLvIOF+ZmKjVg1MbPJ1QgY9PihMwei1ys=
github.com/go-openapi/validate v0.19.8/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4=
-github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -275,194 +285,24 @@ github.com/go-toolsmith/pkgload v0.0.0-20181119091011-e9e65178eee8/go.mod h1:WoM
github.com/go-toolsmith/pkgload v1.0.0/go.mod h1:5eFArkbO80v7Z0kdngIxsRXRMTaX4Ilcwuh3clNrQJc=
github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8=
github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU=
-github.com/gobuffalo/buffalo v0.12.8-0.20181004233540-fac9bb505aa8/go.mod h1:sLyT7/dceRXJUxSsE813JTQtA3Eb1vjxWfo/N//vXIY=
-github.com/gobuffalo/buffalo v0.13.0/go.mod h1:Mjn1Ba9wpIbpbrD+lIDMy99pQ0H0LiddMIIDGse7qT4=
-github.com/gobuffalo/buffalo-plugins v1.0.2/go.mod h1:pOp/uF7X3IShFHyobahTkTLZaeUXwb0GrUTb9ngJWTs=
-github.com/gobuffalo/buffalo-plugins v1.0.4/go.mod h1:pWS1vjtQ6uD17MVFWf7i3zfThrEKWlI5+PYLw/NaDB4=
-github.com/gobuffalo/buffalo-plugins v1.4.3/go.mod h1:uCzTY0woez4nDMdQjkcOYKanngeUVRO2HZi7ezmAjWY=
-github.com/gobuffalo/buffalo-plugins v1.5.1/go.mod h1:jbmwSZK5+PiAP9cC09VQOrGMZFCa/P0UMlIS3O12r5w=
-github.com/gobuffalo/buffalo-plugins v1.6.4/go.mod h1:/+N1aophkA2jZ1ifB2O3Y9yGwu6gKOVMtUmJnbg+OZI=
-github.com/gobuffalo/buffalo-plugins v1.6.5/go.mod h1:0HVkbgrVs/MnPZ/FOseDMVanCTm2RNcdM0PuXcL1NNI=
-github.com/gobuffalo/buffalo-plugins v1.6.7/go.mod h1:ZGZRkzz2PiKWHs0z7QsPBOTo2EpcGRArMEym6ghKYgk=
-github.com/gobuffalo/buffalo-plugins v1.6.9/go.mod h1:yYlYTrPdMCz+6/+UaXg5Jm4gN3xhsvsQ2ygVatZV5vw=
-github.com/gobuffalo/buffalo-plugins v1.6.11/go.mod h1:eAA6xJIL8OuynJZ8amXjRmHND6YiusVAaJdHDN1Lu8Q=
-github.com/gobuffalo/buffalo-plugins v1.8.2/go.mod h1:9te6/VjEQ7pKp7lXlDIMqzxgGpjlKoAcAANdCgoR960=
-github.com/gobuffalo/buffalo-plugins v1.8.3/go.mod h1:IAWq6vjZJVXebIq2qGTLOdlXzmpyTZ5iJG5b59fza5U=
-github.com/gobuffalo/buffalo-plugins v1.9.4/go.mod h1:grCV6DGsQlVzQwk6XdgcL3ZPgLm9BVxlBmXPMF8oBHI=
-github.com/gobuffalo/buffalo-plugins v1.10.0/go.mod h1:4osg8d9s60txLuGwXnqH+RCjPHj9K466cDFRl3PErHI=
-github.com/gobuffalo/buffalo-plugins v1.11.0/go.mod h1:rtIvAYRjYibgmWhnjKmo7OadtnxuMG5ZQLr25ozAzjg=
-github.com/gobuffalo/buffalo-pop v1.0.5/go.mod h1:Fw/LfFDnSmB/vvQXPvcXEjzP98Tc+AudyNWUBWKCwQ8=
-github.com/gobuffalo/envy v1.6.4/go.mod h1:Abh+Jfw475/NWtYMEt+hnJWRiC8INKWibIMyNt1w2Mc=
-github.com/gobuffalo/envy v1.6.5/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ=
-github.com/gobuffalo/envy v1.6.6/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ=
-github.com/gobuffalo/envy v1.6.7/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ=
-github.com/gobuffalo/envy v1.6.8/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ=
-github.com/gobuffalo/envy v1.6.9/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ=
-github.com/gobuffalo/envy v1.6.10/go.mod h1:X0CFllQjTV5ogsnUrg+Oks2yTI+PU2dGYBJOEI2D1Uo=
-github.com/gobuffalo/envy v1.6.11/go.mod h1:Fiq52W7nrHGDggFPhn2ZCcHw4u/rqXkqo+i7FB6EAcg=
-github.com/gobuffalo/envy v1.6.12/go.mod h1:qJNrJhKkZpEW0glh5xP2syQHH5kgdmgsKss2Kk8PTP0=
-github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
-github.com/gobuffalo/events v1.0.3/go.mod h1:Txo8WmqScapa7zimEQIwgiJBvMECMe9gJjsKNPN3uZw=
-github.com/gobuffalo/events v1.0.7/go.mod h1:z8txf6H9jWhQ5Scr7YPLWg/cgXBRj8Q4uYI+rsVCCSQ=
-github.com/gobuffalo/events v1.0.8/go.mod h1:A5KyqT1sA+3GJiBE4QKZibse9mtOcI9nw8gGrDdqYGs=
-github.com/gobuffalo/events v1.1.3/go.mod h1:9yPGWYv11GENtzrIRApwQRMYSbUgCsZ1w6R503fCfrk=
-github.com/gobuffalo/events v1.1.4/go.mod h1:09/YRRgZHEOts5Isov+g9X2xajxdvOAcUuAHIX/O//A=
-github.com/gobuffalo/events v1.1.5/go.mod h1:3YUSzgHfYctSjEjLCWbkXP6djH2M+MLaVRzb4ymbAK0=
-github.com/gobuffalo/events v1.1.7/go.mod h1:6fGqxH2ing5XMb3EYRq9LEkVlyPGs4oO/eLzh+S8CxY=
-github.com/gobuffalo/events v1.1.8/go.mod h1:UFy+W6X6VbCWS8k2iT81HYX65dMtiuVycMy04cplt/8=
-github.com/gobuffalo/events v1.1.9/go.mod h1:/0nf8lMtP5TkgNbzYxR6Bl4GzBy5s5TebgNTdRfRbPM=
-github.com/gobuffalo/fizz v1.0.12/go.mod h1:C0sltPxpYK8Ftvf64kbsQa2yiCZY4RZviurNxXdAKwc=
-github.com/gobuffalo/flect v0.0.0-20180907193754-dc14d8acaf9f/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
-github.com/gobuffalo/flect v0.0.0-20181002182613-4571df4b1daf/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
-github.com/gobuffalo/flect v0.0.0-20181007231023-ae7ed6bfe683/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
-github.com/gobuffalo/flect v0.0.0-20181018182602-fd24a256709f/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
-github.com/gobuffalo/flect v0.0.0-20181019110701-3d6f0b585514/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
-github.com/gobuffalo/flect v0.0.0-20181024204909-8f6be1a8c6c2/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
-github.com/gobuffalo/flect v0.0.0-20181104133451-1f6e9779237a/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA=
-github.com/gobuffalo/flect v0.0.0-20181114183036-47375f6d8328/go.mod h1:0HvNbHdfh+WOvDSIASqJOSxTOWSxCCUF++k/Y53v9rI=
-github.com/gobuffalo/flect v0.0.0-20181210151238-24a2b68e0316/go.mod h1:en58vff74S9b99Eg42Dr+/9yPu437QjlNsO/hBYPuOk=
-github.com/gobuffalo/flect v0.0.0-20190104192022-4af577e09bf2/go.mod h1:en58vff74S9b99Eg42Dr+/9yPu437QjlNsO/hBYPuOk=
-github.com/gobuffalo/flect v0.0.0-20190117212819-a62e61d96794/go.mod h1:397QT6v05LkZkn07oJXXT6y9FCfwC8Pug0WA2/2mE9k=
github.com/gobuffalo/flect v0.1.5/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80=
-github.com/gobuffalo/genny v0.0.0-20180924032338-7af3a40f2252/go.mod h1:tUTQOogrr7tAQnhajMSH6rv1BVev34H2sa1xNHMy94g=
-github.com/gobuffalo/genny v0.0.0-20181003150629-3786a0744c5d/go.mod h1:WAd8HmjMVrnkAZbmfgH5dLBUchsZfqzp/WS5sQz+uTM=
-github.com/gobuffalo/genny v0.0.0-20181005145118-318a41a134cc/go.mod h1:WAd8HmjMVrnkAZbmfgH5dLBUchsZfqzp/WS5sQz+uTM=
-github.com/gobuffalo/genny v0.0.0-20181007153042-b8de7d566757/go.mod h1:+oG5Ljrw04czAHbPXREwaFojJbpUvcIy4DiOnbEJFTA=
-github.com/gobuffalo/genny v0.0.0-20181012161047-33e5f43d83a6/go.mod h1:+oG5Ljrw04czAHbPXREwaFojJbpUvcIy4DiOnbEJFTA=
-github.com/gobuffalo/genny v0.0.0-20181017160347-90a774534246/go.mod h1:+oG5Ljrw04czAHbPXREwaFojJbpUvcIy4DiOnbEJFTA=
-github.com/gobuffalo/genny v0.0.0-20181024195656-51392254bf53/go.mod h1:o9GEH5gn5sCKLVB5rHFC4tq40rQ3VRUzmx6WwmaqISE=
-github.com/gobuffalo/genny v0.0.0-20181025145300-af3f81d526b8/go.mod h1:uZ1fFYvdcP8mu0B/Ynarf6dsGvp7QFIpk/QACUuFUVI=
-github.com/gobuffalo/genny v0.0.0-20181027191429-94d6cfb5c7fc/go.mod h1:x7SkrQQBx204Y+O9EwRXeszLJDTaWN0GnEasxgLrQTA=
-github.com/gobuffalo/genny v0.0.0-20181027195209-3887b7171c4f/go.mod h1:JbKx8HSWICu5zyqWOa0dVV1pbbXOHusrSzQUprW6g+w=
-github.com/gobuffalo/genny v0.0.0-20181106193839-7dcb0924caf1/go.mod h1:x61yHxvbDCgQ/7cOAbJCacZQuHgB0KMSzoYcw5debjU=
-github.com/gobuffalo/genny v0.0.0-20181107223128-f18346459dbe/go.mod h1:utQD3aKKEsdb03oR+Vi/6ztQb1j7pO10N3OBoowRcSU=
-github.com/gobuffalo/genny v0.0.0-20181114215459-0a4decd77f5d/go.mod h1:kN2KZ8VgXF9VIIOj/GM0Eo7YK+un4Q3tTreKOf0q1ng=
-github.com/gobuffalo/genny v0.0.0-20181119162812-e8ff4adce8bb/go.mod h1:BA9htSe4bZwBDJLe8CUkoqkypq3hn3+CkoHqVOW718E=
-github.com/gobuffalo/genny v0.0.0-20181127225641-2d959acc795b/go.mod h1:l54xLXNkteX/PdZ+HlgPk1qtcrgeOr3XUBBPDbH+7CQ=
-github.com/gobuffalo/genny v0.0.0-20181128191930-77e34f71ba2a/go.mod h1:FW/D9p7cEEOqxYA71/hnrkOWm62JZ5ZNxcNIVJEaWBU=
-github.com/gobuffalo/genny v0.0.0-20181203165245-fda8bcce96b1/go.mod h1:wpNSANu9UErftfiaAlz1pDZclrYzLtO5lALifODyjuM=
-github.com/gobuffalo/genny v0.0.0-20181203201232-849d2c9534ea/go.mod h1:wpNSANu9UErftfiaAlz1pDZclrYzLtO5lALifODyjuM=
-github.com/gobuffalo/genny v0.0.0-20181206121324-d6fb8a0dbe36/go.mod h1:wpNSANu9UErftfiaAlz1pDZclrYzLtO5lALifODyjuM=
-github.com/gobuffalo/genny v0.0.0-20181207164119-84844398a37d/go.mod h1:y0ysCHGGQf2T3vOhCrGHheYN54Y/REj0ayd0Suf4C/8=
-github.com/gobuffalo/genny v0.0.0-20181211165820-e26c8466f14d/go.mod h1:sHnK+ZSU4e2feXP3PA29ouij6PUEiN+RCwECjCTB3yM=
-github.com/gobuffalo/genny v0.0.0-20190104222617-a71664fc38e7/go.mod h1:QPsQ1FnhEsiU8f+O0qKWXz2RE4TiDqLVChWkBuh1WaY=
-github.com/gobuffalo/genny v0.0.0-20190112155932-f31a84fcacf5/go.mod h1:CIaHCrSIuJ4il6ka3Hub4DR4adDrGoXGEEt2FbBxoIo=
-github.com/gobuffalo/github_flavored_markdown v1.0.4/go.mod h1:uRowCdK+q8d/RF0Kt3/DSalaIXbb0De/dmTqMQdkQ4I=
-github.com/gobuffalo/github_flavored_markdown v1.0.5/go.mod h1:U0643QShPF+OF2tJvYNiYDLDGDuQmJZXsf/bHOJPsMY=
-github.com/gobuffalo/github_flavored_markdown v1.0.7/go.mod h1:w93Pd9Lz6LvyQXEG6DktTPHkOtCbr+arAD5mkwMzXLI=
-github.com/gobuffalo/httptest v1.0.2/go.mod h1:7T1IbSrg60ankme0aDLVnEY0h056g9M1/ZvpVThtB7E=
-github.com/gobuffalo/licenser v0.0.0-20180924033006-eae28e638a42/go.mod h1:Ubo90Np8gpsSZqNScZZkVXXAo5DGhTb+WYFIjlnog8w=
-github.com/gobuffalo/licenser v0.0.0-20181025145548-437d89de4f75/go.mod h1:x3lEpYxkRG/XtGCUNkio+6RZ/dlOvLzTI9M1auIwFcw=
-github.com/gobuffalo/licenser v0.0.0-20181027200154-58051a75da95/go.mod h1:BzhaaxGd1tq1+OLKObzgdCV9kqVhbTulxOpYbvMQWS0=
-github.com/gobuffalo/licenser v0.0.0-20181109171355-91a2a7aac9a7/go.mod h1:m+Ygox92pi9bdg+gVaycvqE8RVSjZp7mWw75+K5NPHk=
-github.com/gobuffalo/licenser v0.0.0-20181128165715-cc7305f8abed/go.mod h1:oU9F9UCE+AzI/MueCKZamsezGOOHfSirltllOVeRTAE=
-github.com/gobuffalo/licenser v0.0.0-20181203160806-fe900bbede07/go.mod h1:ph6VDNvOzt1CdfaWC+9XwcBnlSTBz2j49PBwum6RFaU=
-github.com/gobuffalo/licenser v0.0.0-20181211173111-f8a311c51159/go.mod h1:ve/Ue99DRuvnTaLq2zKa6F4KtHiYf7W046tDjuGYPfM=
-github.com/gobuffalo/logger v0.0.0-20181022175615-46cfb361fc27/go.mod h1:8sQkgyhWipz1mIctHF4jTxmJh1Vxhp7mP8IqbljgJZo=
-github.com/gobuffalo/logger v0.0.0-20181027144941-73d08d2bb969/go.mod h1:7uGg2duHKpWnN4+YmyKBdLXfhopkAdVM6H3nKbyFbz8=
-github.com/gobuffalo/logger v0.0.0-20181027193913-9cf4dd0efe46/go.mod h1:7uGg2duHKpWnN4+YmyKBdLXfhopkAdVM6H3nKbyFbz8=
-github.com/gobuffalo/logger v0.0.0-20181109185836-3feeab578c17/go.mod h1:oNErH0xLe+utO+OW8ptXMSA5DkiSEDW1u3zGIt8F9Ew=
-github.com/gobuffalo/logger v0.0.0-20181117211126-8e9b89b7c264/go.mod h1:5etB91IE0uBlw9k756fVKZJdS+7M7ejVhmpXXiSFj0I=
-github.com/gobuffalo/logger v0.0.0-20181127160119-5b956e21995c/go.mod h1:+HxKANrR9VGw9yN3aOAppJKvhO05ctDi63w4mDnKv2U=
-github.com/gobuffalo/makr v1.1.5/go.mod h1:Y+o0btAH1kYAMDJW/TX3+oAXEu0bmSLLoC9mIFxtzOw=
-github.com/gobuffalo/mapi v1.0.0/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
-github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
-github.com/gobuffalo/meta v0.0.0-20181018155829-df62557efcd3/go.mod h1:XTTOhwMNryif3x9LkTTBO/Llrveezd71u3quLd0u7CM=
-github.com/gobuffalo/meta v0.0.0-20181018192820-8c6cef77dab3/go.mod h1:E94EPzx9NERGCY69UWlcj6Hipf2uK/vnfrF4QD0plVE=
-github.com/gobuffalo/meta v0.0.0-20181025145500-3a985a084b0a/go.mod h1:YDAKBud2FP7NZdruCSlmTmDOZbVSa6bpK7LJ/A/nlKg=
-github.com/gobuffalo/meta v0.0.0-20181114191255-b130ebedd2f7/go.mod h1:K6cRZ29ozr4Btvsqkjvg5nDFTLOgTqf03KA70Ks0ypE=
-github.com/gobuffalo/meta v0.0.0-20181127070345-0d7e59dd540b/go.mod h1:RLO7tMvE0IAKAM8wny1aN12pvEKn7EtkBLkUZR00Qf8=
-github.com/gobuffalo/meta v0.0.0-20190120163247-50bbb1fa260d/go.mod h1:KKsH44nIK2gA8p0PJmRT9GvWJUdphkDUA8AJEvFWiqM=
-github.com/gobuffalo/mw-basicauth v1.0.3/go.mod h1:dg7+ilMZOKnQFHDefUzUHufNyTswVUviCBgF244C1+0=
-github.com/gobuffalo/mw-contenttype v0.0.0-20180802152300-74f5a47f4d56/go.mod h1:7EvcmzBbeCvFtQm5GqF9ys6QnCxz2UM1x0moiWLq1No=
-github.com/gobuffalo/mw-csrf v0.0.0-20180802151833-446ff26e108b/go.mod h1:sbGtb8DmDZuDUQoxjr8hG1ZbLtZboD9xsn6p77ppcHo=
-github.com/gobuffalo/mw-forcessl v0.0.0-20180802152810-73921ae7a130/go.mod h1:JvNHRj7bYNAMUr/5XMkZaDcw3jZhUZpsmzhd//FFWmQ=
-github.com/gobuffalo/mw-i18n v0.0.0-20180802152014-e3060b7e13d6/go.mod h1:91AQfukc52A6hdfIfkxzyr+kpVYDodgAeT5cjX1UIj4=
-github.com/gobuffalo/mw-paramlogger v0.0.0-20181005191442-d6ee392ec72e/go.mod h1:6OJr6VwSzgJMqWMj7TYmRUqzNe2LXu/W1rRW4MAz/ME=
-github.com/gobuffalo/mw-tokenauth v0.0.0-20181001105134-8545f626c189/go.mod h1:UqBF00IfKvd39ni5+yI5MLMjAf4gX7cDKN/26zDOD6c=
-github.com/gobuffalo/packd v0.0.0-20181027182251-01ad393492c8/go.mod h1:SmdBdhj6uhOsg1Ui4SFAyrhuc7U4VCildosO5IDJ3lc=
-github.com/gobuffalo/packd v0.0.0-20181027190505-aafc0d02c411/go.mod h1:SmdBdhj6uhOsg1Ui4SFAyrhuc7U4VCildosO5IDJ3lc=
-github.com/gobuffalo/packd v0.0.0-20181027194105-7ae579e6d213/go.mod h1:SmdBdhj6uhOsg1Ui4SFAyrhuc7U4VCildosO5IDJ3lc=
-github.com/gobuffalo/packd v0.0.0-20181031195726-c82734870264/go.mod h1:Yf2toFaISlyQrr5TfO3h6DB9pl9mZRmyvBGQb/aQ/pI=
-github.com/gobuffalo/packd v0.0.0-20181104210303-d376b15f8e96/go.mod h1:Yf2toFaISlyQrr5TfO3h6DB9pl9mZRmyvBGQb/aQ/pI=
-github.com/gobuffalo/packd v0.0.0-20181111195323-b2e760a5f0ff/go.mod h1:Yf2toFaISlyQrr5TfO3h6DB9pl9mZRmyvBGQb/aQ/pI=
-github.com/gobuffalo/packd v0.0.0-20181114190715-f25c5d2471d7/go.mod h1:Yf2toFaISlyQrr5TfO3h6DB9pl9mZRmyvBGQb/aQ/pI=
-github.com/gobuffalo/packd v0.0.0-20181124090624-311c6248e5fb/go.mod h1:Foenia9ZvITEvG05ab6XpiD5EfBHPL8A6hush8SJ0o8=
-github.com/gobuffalo/packd v0.0.0-20181207120301-c49825f8f6f4/go.mod h1:LYc0TGKFBBFTRC9dg2pcRcMqGCTMD7T2BIMP7OBuQAA=
-github.com/gobuffalo/packd v0.0.0-20181212173646-eca3b8fd6687/go.mod h1:LYc0TGKFBBFTRC9dg2pcRcMqGCTMD7T2BIMP7OBuQAA=
-github.com/gobuffalo/packr v1.13.7/go.mod h1:KkinLIn/n6+3tVXMwg6KkNvWwVsrRAz4ph+jgpk3Z24=
-github.com/gobuffalo/packr v1.15.0/go.mod h1:t5gXzEhIviQwVlNx/+3SfS07GS+cZ2hn76WLzPp6MGI=
-github.com/gobuffalo/packr v1.15.1/go.mod h1:IeqicJ7jm8182yrVmNbM6PR4g79SjN9tZLH8KduZZwE=
-github.com/gobuffalo/packr v1.19.0/go.mod h1:MstrNkfCQhd5o+Ct4IJ0skWlxN8emOq8DsoT1G98VIU=
-github.com/gobuffalo/packr v1.20.0/go.mod h1:JDytk1t2gP+my1ig7iI4NcVaXr886+N0ecUga6884zw=
-github.com/gobuffalo/packr v1.21.0/go.mod h1:H00jGfj1qFKxscFJSw8wcL4hpQtPe1PfU2wa6sg/SR0=
-github.com/gobuffalo/packr v1.22.0/go.mod h1:Qr3Wtxr3+HuQEwWqlLnNW4t1oTvK+7Gc/Rnoi/lDFvA=
-github.com/gobuffalo/packr/v2 v2.0.0-rc.8/go.mod h1:y60QCdzwuMwO2R49fdQhsjCPv7tLQFR0ayzxxla9zes=
-github.com/gobuffalo/packr/v2 v2.0.0-rc.9/go.mod h1:fQqADRfZpEsgkc7c/K7aMew3n4aF1Kji7+lIZeR98Fc=
-github.com/gobuffalo/packr/v2 v2.0.0-rc.10/go.mod h1:4CWWn4I5T3v4c1OsJ55HbHlUEKNWMITG5iIkdr4Px4w=
-github.com/gobuffalo/packr/v2 v2.0.0-rc.11/go.mod h1:JoieH/3h3U4UmatmV93QmqyPUdf4wVM9HELaHEu+3fk=
-github.com/gobuffalo/packr/v2 v2.0.0-rc.12/go.mod h1:FV1zZTsVFi1DSCboO36Xgs4pzCZBjB/tDV9Cz/lSaR8=
-github.com/gobuffalo/packr/v2 v2.0.0-rc.13/go.mod h1:2Mp7GhBFMdJlOK8vGfl7SYtfMP3+5roE39ejlfjw0rA=
-github.com/gobuffalo/packr/v2 v2.0.0-rc.14/go.mod h1:06otbrNvDKO1eNQ3b8hst+1010UooI2MFg+B2Ze4MV8=
-github.com/gobuffalo/packr/v2 v2.0.0-rc.15/go.mod h1:IMe7H2nJvcKXSF90y4X1rjYIRlNMJYCxEhssBXNZwWs=
-github.com/gobuffalo/plush v3.7.16+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
-github.com/gobuffalo/plush v3.7.20+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
-github.com/gobuffalo/plush v3.7.21+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
-github.com/gobuffalo/plush v3.7.22+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
-github.com/gobuffalo/plush v3.7.23+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
-github.com/gobuffalo/plush v3.7.30+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
-github.com/gobuffalo/plush v3.7.31+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
-github.com/gobuffalo/plush v3.7.32+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI=
-github.com/gobuffalo/plushgen v0.0.0-20181128164830-d29dcb966cb2/go.mod h1:r9QwptTFnuvSaSRjpSp4S2/4e2D3tJhARYbvEBcKSb4=
-github.com/gobuffalo/plushgen v0.0.0-20181203163832-9fc4964505c2/go.mod h1:opEdT33AA2HdrIwK1aibqnTJDVVKXC02Bar/GT1YRVs=
-github.com/gobuffalo/plushgen v0.0.0-20181207152837-eedb135bd51b/go.mod h1:Lcw7HQbEVm09sAQrCLzIxuhFbB3nAgp4c55E+UlynR0=
-github.com/gobuffalo/plushgen v0.0.0-20190104222512-177cd2b872b3/go.mod h1:tYxCozi8X62bpZyKXYHw1ncx2ZtT2nFvG42kuLwYjoc=
-github.com/gobuffalo/pop v4.8.2+incompatible/go.mod h1:DwBz3SD5SsHpTZiTubcsFWcVDpJWGsxjVjMPnkiThWg=
-github.com/gobuffalo/pop v4.8.3+incompatible/go.mod h1:DwBz3SD5SsHpTZiTubcsFWcVDpJWGsxjVjMPnkiThWg=
-github.com/gobuffalo/pop v4.8.4+incompatible/go.mod h1:DwBz3SD5SsHpTZiTubcsFWcVDpJWGsxjVjMPnkiThWg=
-github.com/gobuffalo/release v1.0.35/go.mod h1:VtHFAKs61vO3wboCec5xr9JPTjYyWYcvaM3lclkc4x4=
-github.com/gobuffalo/release v1.0.38/go.mod h1:VtHFAKs61vO3wboCec5xr9JPTjYyWYcvaM3lclkc4x4=
-github.com/gobuffalo/release v1.0.42/go.mod h1:RPs7EtafH4oylgetOJpGP0yCZZUiO4vqHfTHJjSdpug=
-github.com/gobuffalo/release v1.0.52/go.mod h1:RPs7EtafH4oylgetOJpGP0yCZZUiO4vqHfTHJjSdpug=
-github.com/gobuffalo/release v1.0.53/go.mod h1:FdF257nd8rqhNaqtDWFGhxdJ/Ig4J7VcS3KL7n/a+aA=
-github.com/gobuffalo/release v1.0.54/go.mod h1:Pe5/RxRa/BE8whDpGfRqSI7D1a0evGK1T4JDm339tJc=
-github.com/gobuffalo/release v1.0.61/go.mod h1:mfIO38ujUNVDlBziIYqXquYfBF+8FDHUjKZgYC1Hj24=
-github.com/gobuffalo/release v1.0.72/go.mod h1:NP5NXgg/IX3M5XmHmWR99D687/3Dt9qZtTK/Lbwc1hU=
-github.com/gobuffalo/release v1.1.1/go.mod h1:Sluak1Xd6kcp6snkluR1jeXAogdJZpFFRzTYRs/2uwg=
-github.com/gobuffalo/release v1.1.3/go.mod h1:CuXc5/m+4zuq8idoDt1l4va0AXAn/OSs08uHOfMVr8E=
-github.com/gobuffalo/release v1.1.6/go.mod h1:18naWa3kBsqO0cItXZNJuefCKOENpbbUIqRL1g+p6z0=
-github.com/gobuffalo/shoulders v1.0.1/go.mod h1:V33CcVmaQ4gRUmHKwq1fiTXuf8Gp/qjQBUL5tHPmvbA=
-github.com/gobuffalo/syncx v0.0.0-20181120191700-98333ab04150/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
-github.com/gobuffalo/syncx v0.0.0-20181120194010-558ac7de985f/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
-github.com/gobuffalo/tags v2.0.11+incompatible/go.mod h1:9XmhOkyaB7UzvuY4UoZO4s67q8/xRMVJEaakauVQYeY=
-github.com/gobuffalo/tags v2.0.14+incompatible/go.mod h1:9XmhOkyaB7UzvuY4UoZO4s67q8/xRMVJEaakauVQYeY=
-github.com/gobuffalo/tags v2.0.15+incompatible/go.mod h1:9XmhOkyaB7UzvuY4UoZO4s67q8/xRMVJEaakauVQYeY=
-github.com/gobuffalo/uuid v2.0.3+incompatible/go.mod h1:ErhIzkRhm0FtRuiE/PeORqcw4cVi1RtSpnwYrxuvkfE=
-github.com/gobuffalo/uuid v2.0.4+incompatible/go.mod h1:ErhIzkRhm0FtRuiE/PeORqcw4cVi1RtSpnwYrxuvkfE=
-github.com/gobuffalo/uuid v2.0.5+incompatible/go.mod h1:ErhIzkRhm0FtRuiE/PeORqcw4cVi1RtSpnwYrxuvkfE=
-github.com/gobuffalo/validate v2.0.3+incompatible/go.mod h1:N+EtDe0J8252BgfzQUChBgfd6L93m9weay53EWFVsMM=
-github.com/gobuffalo/x v0.0.0-20181003152136-452098b06085/go.mod h1:WevpGD+5YOreDJznWevcn8NTmQEW5STSBgIkpkjzqXc=
-github.com/gobuffalo/x v0.0.0-20181007152206-913e47c59ca7/go.mod h1:9rDPXaB3kXdKWzMc4odGQQdG2e2DIEmANy5aSJ9yesY=
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
-github.com/gofrs/uuid v3.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/golang/gddo v0.0.0-20180828051604-96d2a289f41e/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4=
-github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 h1:5ZkaAPbicIKTF2I64qf5Fh8Aa83Q/dnOafMYV0OMwjA=
+github.com/golang/groupcache v0.0.0-20191002201903-404acd9df4cc/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
@@ -494,22 +334,22 @@ github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/readahead v0.0.0-20161222183148-eaceba169032/go.mod h1:qYysrqQXuV4tzsizt4oOQ6mrBZQ0xnQXP3ylXX8Jk5Y=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
@@ -519,24 +359,18 @@ github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTV
github.com/googleapis/gnostic v0.3.1 h1:WeAefnSUHlBb0iJKwxFDZdbfGwkd7xRNuV+IpXMJhYk=
github.com/googleapis/gnostic v0.3.1/go.mod h1:on+2t9HRStVgn95RSsFWFz+6Q0Snyqv1awfrALZdbtU=
github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
-github.com/gopherjs/gopherjs v0.0.0-20181004151105-1babbf986f6f/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gopherjs/gopherjs v0.0.0-20190328170749-bb2674552d8f/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
github.com/gorilla/handlers v1.4.0/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
-github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/gorilla/mux v1.7.0 h1:tOSd0UKHQd6urX6ApfOn4XdBMY6Sh1MfxV3kmaazO+U=
github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/pat v0.0.0-20180118222023-199c85a7f6d1/go.mod h1:YeAe0gNeiNT5hoiZRI4yiOky6jVdNvfO2N6Kav/HmxY=
github.com/gorilla/rpc v1.2.0/go.mod h1:V4h9r+4sF5HnzqbwIez0fKSpANP0zlYd3qR7p36jkTQ=
-github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
-github.com/gorilla/sessions v1.1.2/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
-github.com/gorilla/sessions v1.1.3/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
-github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY=
+github.com/graymeta/stow v0.0.0-20190522170649-903027f87de7/go.mod h1:B24dekNjtWVeREK+dyMHtI22d85VzCT+sX5bVWDtjoA=
+github.com/graymeta/stow v0.2.4/go.mod h1:+0vRL9oMECKjPMP7OeVWl8EIqRCpFwDlth3mrAeV2Kw=
github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
@@ -550,7 +384,6 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t
github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
@@ -570,8 +403,9 @@ github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b
github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.3 h1:YPkqC67at8FYaadspW/6uE0COsBxS2656RLEr8Bppgk=
github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
+github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hashicorp/raft v1.1.1-0.20190703171940-f639636d18e0/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8=
github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk=
@@ -582,23 +416,17 @@ github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKe
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ=
github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf/go.mod h1:hyb9oH7vZsitZCiBt0ZvifOrB+qc8PS5IiilCIb87rg=
-github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ=
-github.com/jackc/pgx v3.2.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I=
github.com/jcmturner/gofork v0.0.0-20190328161633-dc7c13fece03/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmoiron/sqlx v0.0.0-20180614180643-0dae4fefe7c0/go.mod h1:IiEW3SEiiErVyFdH8NTuWjSifiEQKUoyK3LNqr2kCHU=
-github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
-github.com/joho/godotenv v1.2.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
-github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
@@ -608,15 +436,11 @@ github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u
github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns=
github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/karrick/godirwalk v1.7.5/go.mod h1:2c9FRhkDxdIbgkOnCEvnSWs71Bhugbl46shStcFDJ34=
-github.com/karrick/godirwalk v1.7.7/go.mod h1:2c9FRhkDxdIbgkOnCEvnSWs71Bhugbl46shStcFDJ34=
-github.com/karrick/godirwalk v1.7.8/go.mod h1:2c9FRhkDxdIbgkOnCEvnSWs71Bhugbl46shStcFDJ34=
-github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
@@ -631,24 +455,24 @@ github.com/klauspost/cpuid v1.2.2/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgo
github.com/klauspost/pgzip v1.2.1/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
github.com/klauspost/readahead v1.3.1/go.mod h1:AH9juHzNH7xqdqFHrMRSHeH2Ps+vFf+kblDqzPFiLJg=
github.com/klauspost/reedsolomon v1.9.3/go.mod h1:CwCi+NUr9pqSVktrkN+Ondf06rkhYZ/pcNv7fu+8Un4=
-github.com/konsorten/go-windows-terminal-sequences v0.0.0-20180402223658-b729f2633dfe/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kurin/blazer v0.5.4-0.20190613185654-cf2f27cc0be3/go.mod h1:4FCXMUWo9DllR2Do4TtBd377ezyAJ51vB5uTBjt0pGU=
-github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/kyverno/client-go v0.17.5-0.20200625181911-7e81180b291e h1:EZ4Yi82Z8uK7OgebBoAQvQaEYoQy0OV4KdYFXoXdDgU=
+github.com/kyverno/client-go v0.17.5-0.20200625181911-7e81180b291e/go.mod h1:ouF6o5pz3is8qU0/qYL2RnoxOPqgfuidYLowytyLJmc=
github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
-github.com/luna-duclos/instrumentedsql v1.1.2/go.mod h1:4LGbEqDnopzNAiyxPPDXhLspyunZxgPTMJBKtC6U0BQ=
+github.com/lyft/flytestdlib v0.2.31/go.mod h1:/fqNXKCGChEvMzcRapVq6vDM69Vlusl+bCj7foToaUQ=
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
@@ -659,29 +483,10 @@ github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM=
github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
-github.com/markbates/deplist v1.0.4/go.mod h1:gRRbPbbuA8TmMiRvaOzUlRfzfjeCCBqX2A6arxN01MM=
-github.com/markbates/deplist v1.0.5/go.mod h1:gRRbPbbuA8TmMiRvaOzUlRfzfjeCCBqX2A6arxN01MM=
-github.com/markbates/going v1.0.2/go.mod h1:UWCk3zm0UKefHZ7l8BNqi26UyiEMniznk8naLdTcy6c=
-github.com/markbates/grift v1.0.4/go.mod h1:wbmtW74veyx+cgfwFhlnnMWqhoz55rnHR47oMXzsyVs=
-github.com/markbates/hmax v1.0.0/go.mod h1:cOkR9dktiESxIMu+65oc/r/bdY4bE8zZw3OLhLx0X2c=
-github.com/markbates/inflect v1.0.0/go.mod h1:oTeZL2KHA7CUX6X+fovmK9OvIOFuqu0TwdQrZjLTh88=
-github.com/markbates/inflect v1.0.1/go.mod h1:uv3UVNBe5qBIfCm8O8Q+DW+S1EopeyINj+Ikhc7rnCk=
-github.com/markbates/inflect v1.0.3/go.mod h1:1fR9+pO2KHEO9ZRtto13gDwwZaAKstQzferVeWqbgNs=
-github.com/markbates/inflect v1.0.4/go.mod h1:1fR9+pO2KHEO9ZRtto13gDwwZaAKstQzferVeWqbgNs=
-github.com/markbates/oncer v0.0.0-20180924031910-e862a676800b/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
-github.com/markbates/oncer v0.0.0-20180924034138-723ad0170a46/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
-github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
-github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
-github.com/markbates/refresh v1.4.10/go.mod h1:NDPHvotuZmTmesXxr95C9bjlw1/0frJwtME2dzcVKhc=
-github.com/markbates/safe v1.0.0/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
-github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
-github.com/markbates/sigtx v1.0.0/go.mod h1:QF1Hv6Ic6Ca6W+T+DL0Y/ypborFKyvUY9HmuCD4VeTc=
-github.com/markbates/willie v1.0.9/go.mod h1:fsrFVWl91+gXpx/6dv715j7i11fYPfZ9ZGfH0DQzY7w=
github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s=
github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a h1:+J2gw7Bw77w/fbK7wnNJJDKmw1IbWft2Ul5BzrG1Qm8=
github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a/go.mod h1:M1qoD/MqPgTZIk0EWKB38wE28ACRfVcn+cU08jyArI0=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-colorable v0.1.1 h1:G1f5SKeVxmagw/IyvzvtZE4Gybcc4Tr1tf7I8z0XgOg=
github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
@@ -691,20 +496,17 @@ github.com/mattn/go-ieproxy v0.0.0-20190805055040-f9202b1cfdeb/go.mod h1:31jz6HN
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.7 h1:UvyT9uN+3r7yLEYSlJsbQGdsaB/a0DlgWP3pql6iwOc=
github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE=
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
+github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
-github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
github.com/miekg/dns v1.1.8/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/minio/cli v1.22.0/go.mod h1:bYxnK0uS629N3Bq+AOZZ+6lwF77Sodk4+UL9vNuXhOY=
github.com/minio/gokrb5/v7 v7.2.5/go.mod h1:z6fE6twrvMN004M+KRTHnmtfpxsBIztP0PVsak0/4f8=
@@ -728,7 +530,6 @@ github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzO
github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/mapstructure v1.0.0/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
@@ -740,8 +541,7 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN
github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
-github.com/monoculum/formam v0.0.0-20180901015400-4e68be1d79ba/go.mod h1:RKgILGEJq24YyJ2ban8EO0RUVSJlF1pGsEvoLEACr/Q=
-github.com/moul/http2curl v0.0.0-20170919181001-9ac6cf4d929b/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
+github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk=
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
@@ -763,54 +563,33 @@ github.com/nats-io/stan.go v0.4.5/go.mod h1:Ji7mK6gRZJSH1nc3ZJH6vi7zn/QnZhpR9Arm
github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
github.com/ncw/directio v1.0.5 h1:JSUBhdjEvVaJvOoyPAbcW0fnd0tvRXD76wEfZ1KcQz4=
github.com/ncw/directio v1.0.5/go.mod h1:rX/pKEYkOXBGOggmcyJeJGloCkleSvphPx2eV3t6ROk=
-github.com/nicksnyder/go-i18n v1.10.0/go.mod h1:HrK7VCrbOvQoUAQ7Vpy7i87N7JZZZ7R2xBGjv0j365Q=
-github.com/nirmata/client-go v0.17.5-0.20200625181911-7e81180b291e h1:EZ4Yi82Z8uK7OgebBoAQvQaEYoQy0OV4KdYFXoXdDgU=
-github.com/nirmata/client-go v0.17.5-0.20200625181911-7e81180b291e/go.mod h1:ouF6o5pz3is8qU0/qYL2RnoxOPqgfuidYLowytyLJmc=
-github.com/nirmata/client-go v1.5.1 h1:yBfS5sTI18MbRYagdc0Fl8qIl/F9dlYt73WNbEUDfA4=
-github.com/nirmata/client-go v11.0.0+incompatible h1:BMHYEFCsTSicG2qImOMox+ophXWdNNcq250eCO2ZDio=
+github.com/ncw/swift v1.0.49-0.20190728102658-a24ef33bc9b7/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
+github.com/ncw/swift v1.0.49/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
github.com/nsqio/go-nsq v1.0.7/go.mod h1:XP5zaUs3pqf+Q71EqUJs3HYfBIqfK6G83WQMdNN+Ito=
github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/oleiade/reflections v1.0.0/go.mod h1:RbATFBbKYkVdqmSFtx13Bb/tVhR0lgOBXunWTZKeL4w=
github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw=
github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.4.1/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.8.1 h1:C5Dqfs/LeauYDX0jJXIe2SWmwCbGzx9yF8C8xy3Lh34=
github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
-github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/ory/dockertest v3.3.5+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs=
-github.com/ory/fosite v0.29.0/go.mod h1:0atSZmXO7CAcs6NPMI/Qtot8tmZYj04Nddoold4S2h0=
-github.com/ory/go-acc v0.0.0-20181118080137-ddc355013f90/go.mod h1:sxnvPCxChFuSmTJGj8FdMupeq1BezCiEpDjTUXQ4hf4=
-github.com/ory/go-acc v0.2.1/go.mod h1:0omgy2aa3nDBJ45VAKeLHH8ccPBudxLeic4xiDRtug0=
-github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8TWB0yn9KNs=
-github.com/ory/gojsonreference v0.0.0-20190720135523-6b606c2d8ee8/go.mod h1:wsH1C4nIeeQClDtD5AH7kF1uTS6zWyqfjVDTmB0Em7A=
-github.com/ory/gojsonschema v1.1.1-0.20190919112458-f254ca73d5e9/go.mod h1:BNZpdJgB74KOLSsWFvzw6roXg1I6O51WO8roMmW+T7Y=
-github.com/ory/herodot v0.6.2/go.mod h1:3BOneqcyBsVybCPAJoi92KN2BpJHcmDqAMcAAaJiJow=
-github.com/ory/viper v1.5.6/go.mod h1:TYmpFpKLxjQwvT4f0QPpkOn4sDXU1kDgAwJpgLYiQ28=
-github.com/ory/x v0.0.85/go.mod h1:s44V8t3xyjWZREcU+mWlp4h302rTuM4aLXcW+y5FbQ8=
-github.com/parnurzeal/gorequest v0.2.15/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/paulmach/orb v0.1.3/go.mod h1:VFlX/8C+IQ1p6FTRRKzKoOPJnvEtA5G0Veuqwbu//Vk=
github.com/pborman/getopt v0.0.0-20180729010549-6fdd0a2c7117/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo=
+github.com/pelletier/go-toml v1.5.0/go.mod h1:5N711Q9dKgbdkxHL+MEfF31hpT7l0S0s/t2kKREewys=
+github.com/pelletier/go-toml v1.6.0/go.mod h1:5N711Q9dKgbdkxHL+MEfF31hpT7l0S0s/t2kKREewys=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
@@ -821,33 +600,42 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/profile v1.2.1 h1:F++O52m40owAmADcojzM+9gyjmMOY/T4oYJkgFDH8RE=
github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
+github.com/pkg/sftp v1.10.0/go.mod h1:NxmoDg/QLVWluQDUYG7XBZTLUpKeFa8e3aMf1BfjyHk=
github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
+github.com/pquerna/ffjson v0.0.0-20190813045741-dac163c6c0a9/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
-github.com/prometheus/client_golang v1.0.0 h1:vrDKnkGzuGvhNAL56c7DBz29ZL+KxnoR0x7enabFceM=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
+github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.1 h1:K0MGApIoQvMw27RTdJkPbr3JZ7DNbtxQNyi5STVM6Kw=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
+github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
+github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.2 h1:6LJUbpNm42llc4HRCuvApCSWB/WfhuNo9K98Q9sNGfs=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
+github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
+github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d/go.mod h1:7DPO4domFU579Ga6E61sB9VFNaniPVwJP5C4bBCu3wA=
github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
@@ -856,63 +644,44 @@ github.com/rcrowley/go-metrics v0.0.0-20190704165056-9c2d0518ed81/go.mod h1:bCqn
github.com/rjeczalik/notify v0.9.2 h1:MiTWrPj55mNDHEiIX5YUSKefw/+lCQVoAFmD6oQm5w8=
github.com/rjeczalik/notify v0.9.2/go.mod h1:aErll2f0sUX9PXZnVNyeiObbmTlk5jnMoCa4QEjJeqM=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/go-internal v1.0.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/godef v1.1.2/go.mod h1:WtY9A/ovuQ+UakAJ1/CEqwwulX/WJjb2kgkokCHi/GY=
github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
-github.com/rubenv/sql-migrate v0.0.0-20190212093014-1007f53448d7/go.mod h1:WS0rl9eEliYI8DPnr3TOwz4439pay+qNgzJoVya/DmY=
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
-github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4=
-github.com/santhosh-tekuri/jsonschema/v2 v2.1.0/go.mod h1:yzJzKUGV4RbWqWIBBP4wSOBqavX5saE02yirLS0OTyg=
github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/satori/uuid v1.2.0/go.mod h1:B8HLsPLik/YNn6KKWVMDJ8nzCL8RP5WyfsnmvnAEwIU=
github.com/secure-io/sio-go v0.3.0 h1:QKGb6rGJeiExac9wSWxnWPYo8O8OFN7lxXQvHshX6vo=
github.com/secure-io/sio-go v0.3.0/go.mod h1:D3KmXgKETffyYxBdFRN+Hpd2WzhzqS0EQwT3XWsAcBU=
github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do=
-github.com/segmentio/analytics-go v3.0.1+incompatible/go.mod h1:C7CYBtQWk4vRk2RyLu0qOcbHJ18E3F1HV2C/8JvKN48=
-github.com/segmentio/backo-go v0.0.0-20160424052352-204274ad699c/go.mod h1:kJ9mm9YmoWSkk+oQ+5Cj8DEoRCX2JT6As4kEtIIOp1M=
-github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516/go.mod h1:Yow6lPLSAXx2ifx470yD/nUe22Dv5vBvxK/UK9UUTVs=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lzhCH5h/3YBfyVA3VbLYjlMZZAQcW9ojMexNc=
github.com/shirou/gopsutil v2.18.12+incompatible h1:1eaJvGomDnH74/5cF4CTmTbLHAriGFsTZppLXDX93OM=
github.com/shirou/gopsutil v2.18.12+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
-github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
-github.com/shurcooL/highlight_diff v0.0.0-20170515013008-09bb4053de1b/go.mod h1:ZpfEhSmds4ytuByIcDnOLkTHGUI6KNqRNPDLHDk+mUU=
-github.com/shurcooL/highlight_go v0.0.0-20170515013102-78fb10f4a5f8/go.mod h1:UDKB5a1T23gOMUJrI+uSuH0VRDStOiUVSjBTRDVBVag=
-github.com/shurcooL/octicon v0.0.0-20180602230221-c42b0e3b24d9/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ=
-github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.1.0/go.mod h1:zrgwTnHtNr00buQ1vSptGe8m1f/BbgsPukg8qsT7A+A=
-github.com/sirupsen/logrus v1.1.1/go.mod h1:zrgwTnHtNr00buQ1vSptGe8m1f/BbgsPukg8qsT7A+A=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/skyrings/skyring-common v0.0.0-20160929130248-d1c0bb1cbd5e/go.mod h1:d8hQseuYt4rJoOo21lFzYJdhMjmDqLY++ayArbgYjWI=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/assertions v0.0.0-20190401211740-f487f9de1cd3/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM=
-github.com/smartystreets/goconvey v0.0.0-20180222194500-ef6db91d284a/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s=
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/soheilhy/cmux v0.1.3/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE=
-github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.2.0/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg=
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
github.com/spf13/cobra v1.0.0 h1:6m/oheQuQ13N9ks4hubMG6BnvwOeaJrqSPLahSnczz8=
@@ -921,18 +690,15 @@ github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb6
github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.2.1/go.mod h1:P4AexN0a+C9tGAnUFNwDMYYZv3pjFuvmeiMyKRaNVlI=
-github.com/spf13/viper v1.3.1/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
+github.com/spf13/viper v1.6.2/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k=
github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
@@ -940,10 +706,9 @@ github.com/stretchr/testify v1.2.3-0.20181224173747-660f15d67dbb/go.mod h1:a8OnR
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/subosito/gotenv v1.1.1/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
+github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/tevino/abool v0.0.0-20170917061928-9b9efcf221b5 h1:hNna6Fi0eP1f2sMBe/rJicDmaHmoXGe1Ta84FPYHLuE=
github.com/tevino/abool v0.0.0-20170917061928-9b9efcf221b5/go.mod h1:f1SCnEOt6sc3fOJfPQDRDzHOtSXuTtnz0ImG9kPRDV0=
-github.com/tidwall/gjson v1.3.2/go.mod h1:P256ACg0Mn+j1RXIDXoss50DeIABTYK1PULOJHhxOls=
github.com/tidwall/gjson v1.3.5/go.mod h1:P256ACg0Mn+j1RXIDXoss50DeIABTYK1PULOJHhxOls=
github.com/tidwall/match v1.0.1/go.mod h1:LujAq0jyVjBy028G1WhWfIzbpQfMO8bBZ6Tyb0+pL9E=
github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
@@ -952,9 +717,6 @@ github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiff
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
-github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g=
-github.com/uber/jaeger-client-go v2.15.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
-github.com/uber/jaeger-lib v1.5.0/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
github.com/ugorji/go v1.1.5-pre/go.mod h1:FwP/aQVg39TXzItUBMwnWp9T9gPQnXw4Poh4/oBQZ/0=
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
@@ -962,10 +724,7 @@ github.com/ugorji/go/codec v1.1.5-pre/go.mod h1:tULtS6Gy1AE1yCENaw4Vb//HLH5njI2t
github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA=
-github.com/unrolled/secure v0.0.0-20180918153822-f340ee86eb8b/go.mod h1:mnPT77IAdsi/kV7+Es7y+pXALeV3h7G6dQF6mNYjcLA=
-github.com/unrolled/secure v0.0.0-20181005190816-ff9db2ff917f/go.mod h1:mnPT77IAdsi/kV7+Es7y+pXALeV3h7G6dQF6mNYjcLA=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
github.com/uudashr/gocognit v0.0.0-20190926065955-1655d0de0517/go.mod h1:j44Ayx2KW4+oB6SWMv8KsmHzZrOInQav7D3cQMJ5JUM=
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s=
@@ -975,15 +734,13 @@ github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV
github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw=
github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I=
github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xiang90/probing v0.0.0-20160813154853-07dd2e8dfe18/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca h1:1CFlNzQhALwjS9mBAUkycX616GzgsuYUOCHA5+HSlXI=
github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yujunz/go-getter v1.4.1-lite/go.mod h1:sbmqxXjyLunH1PkF3n7zSlnVeMvmYUuIl9ZVs/7NyCc=
-github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
@@ -994,6 +751,7 @@ go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qL
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.1/go.mod h1:Ap50jQcDJrx6rB6VgeeFPtuPIf3wMRvRfrfYDO6+BmA=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.starlark.net v0.0.0-20190528202925-30ae18b8564f/go.mod h1:c1/X6cHgvdXj6pUlmWKMkuqRnW4K8x2vwt6JAaaircg=
go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o=
go.uber.org/atomic v0.0.0-20181018215023-8dc6146f7569/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
@@ -1003,21 +761,9 @@ go.uber.org/multierr v0.0.0-20180122172545-ddea229ff1df/go.mod h1:wR5kodmAFQ0UK8
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
go.uber.org/zap v0.0.0-20180814183419-67bc79d13d15/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-golang.org/x/crypto v0.0.0-20180830192347-182538f80094/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20180910181607-0e37d006457b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181015023909-0c41d7ab0a0e/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181024171144-74cb1d3d52f4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181025113841-85e1b3f9139a/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181106171534-e4dc69e5b2fd/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190102171810-8d7daa0c54b3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -1033,37 +779,42 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180816102801-aaf60122140d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180921000356-2f5d2388922f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181017193950-04a2e542c03f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181102091132-c10e9556a7bc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181207154023-610586996380/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1078,17 +829,18 @@ golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190812203447-cdfb69ac37fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI=
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191021144547-ec77196f6094/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b h1:0mm1VjtFUOIlE1SbDlwjYaDxZVDP2S5ou6y0gSgXHu8=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20181003184128-c57b0facaced/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1099,31 +851,17 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180816055513-1c9583448a9c/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180831094639-fa5fdf94c789/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180906133057-8cf3aee42992/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180921163948-d47a0f339242/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180926160741-c2ed4eda69e7/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180927150500-dad3d9fb7b6e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181005133103-4497e2df6f9e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181011152604-fa43e7bc11ba/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181022134430-8a28ead16f52/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181024145615-5cd93ef61a7c/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181025063200-d989b31c8746/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181026064943-731415f00dce/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181106135930-3a76605856fd/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181206074257-70b957f3b65e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190102155601-82a175fd1598/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190116161447-11f53e031339/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190130150945-aca44879d564/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1141,12 +879,23 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191105231009-c1f44814a5cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1 h1:gZpLHxUX5BdYLA08Lj4YCJNN/jk7KtquiArPoeX0WvA=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191020212454-3e7259c5e7c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42 h1:vEOn+mP2zCOVzKckCZy6YsCtDblrpj/w7B9nxGNELpg=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1156,38 +905,17 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190921001708-c4c64cad1fd0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181003024731-2f84ea8ef872/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181006002542-f60d9635b16a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181008205924-a2b3f7f249e9/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181013182035-5e66757b835f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181017214349-06f26fdaaa28/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181024171208-a2dc47679d30/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181026183834-f60e5f99f081/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181105230042-78dc5bac0cac/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181107215632-34b416bd17b3/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181114190951-94339b83286c/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181117154741-2ddaf7f79a09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181119130350-139d099f6620/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181127195227-b4e97c0ed882/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181127232545-e782529d0ddd/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181203210056-e5f3ab76ea4b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181205224935-3576414c54a4/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181206194817-bcd4e47d0288/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181207183836-8bc39b988060/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181212172921-837e80568c09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190102213336-ca9055ed7d04/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190104182027-498d95493402/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190110163146-51295c7ec13a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190111214448-fc1d57b08d7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190118193359-16909d206f00/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190213192042-740235f6c0d8/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -1205,27 +933,36 @@ golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgw
golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190624190245-7f2218787638/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190711191110-9a621aea19f8/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
golang.org/x/tools v0.0.0-20190719005602-e377ae9d6386/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190930201159-7c411dea38b0/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191010171213-8abd42400456/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191204011308-9611592c72f6/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200226224502-204d844ad48d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200823205832-c024452afbcd/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gomodules.xyz/jsonpatch/v2 v2.0.1 h1:xyiBuvkD2g5n7cYzx6u2sxQvsAy4QJsZFCzGVdzOXZ0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.11.1-0.20191020000718-bf72a15fd9e9/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.6.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1239,10 +976,13 @@ google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRn
google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190513181449-d00d292a067c/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
-google.golang.org/genproto v0.0.0-20190626174449-989357319d63/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
-google.golang.org/genproto v0.0.0-20190708153700-3bdd9d9f5532/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191009194640-548a555dbc03/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba h1:pRj9OXZbwNtbtZtOB4dLwfK4u+EVRMvP+e9zKkg2grM=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1251,9 +991,9 @@ google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ij
google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
+google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1263,25 +1003,23 @@ gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
-gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw=
-gopkg.in/gorp.v1 v1.7.2/go.mod h1:Wo3h+DBQZIxATwftsglhdD/62zRFPhGhTiu5jUJmCaw=
gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.48.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/jcmturner/aescts.v1 v1.0.1/go.mod h1:nsR8qBOg+OucoIW+WMhB3GspUQXq9XorLnQb9XtvcOo=
gopkg.in/jcmturner/dnsutils.v1 v1.0.1/go.mod h1:m3v+5svpVOhtFAP/wSz+yzh4Mc0Fg7eRhxkJMWSIz9Q=
gopkg.in/jcmturner/goidentity.v3 v3.0.0/go.mod h1:oG2kH0IvSYNIu80dVAyu/yoefjq1mNfM5bm88whjWx4=
gopkg.in/jcmturner/gokrb5.v7 v7.2.3/go.mod h1:l8VISx+WGYp+Fp7KRbsiUuXTTOnxIc3Tuvyavf11/WM=
gopkg.in/jcmturner/rpc.v1 v1.1.0/go.mod h1:YIdkC4XfD6GXbzje11McwsDuOlZQSb9W4vfLvuNnlv8=
+gopkg.in/kothar/go-backblaze.v0 v0.0.0-20190520213052-702d4e7eb465/go.mod h1:zJ2QpyDCYo1KvLXlmdnFlQAyF/Qfth0fB8239Qg7BIE=
gopkg.in/ldap.v3 v3.0.3/go.mod h1:oxD7NyBuxchC+SgJDE1Q5Od05eGt29SDQVBmV+HYbzw=
-gopkg.in/mail.v2 v2.0.0-20180731213649-a0242b2233b4/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
gopkg.in/olivere/elastic.v5 v5.0.80/go.mod h1:uhHoB4o3bvX5sorxBU29rPcmBQdV2Qfg0FBrx5D6pV0=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.1.9/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
@@ -1295,7 +1033,6 @@ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20190905181640-827449938966/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20191120175047-4206685974f2 h1:XZx7nhd5GMaZpmDaEHFVafUZC7ya0fuo7cSJ3UCKYmM=
gopkg.in/yaml.v3 v3.0.0-20191120175047-4206685974f2/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200121175148-a6ecf24a6d71 h1:Xe2gvTZUJpsvOWUnvmL/tmhVBZUmHSvLbMjRj6NUUKo=
gopkg.in/yaml.v3 v3.0.0-20200121175148-a6ecf24a6d71/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -1312,11 +1049,16 @@ k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI=
k8s.io/api v0.17.2/go.mod h1:BS9fjjLc4CMuqfSO8vgbHPKMt5+SF0ET6u/RVDihTo4=
k8s.io/api v0.17.4 h1:HbwOhDapkguO8lTAE8OX3hdF2qp8GtpC9CW/MQATXXo=
k8s.io/api v0.17.4/go.mod h1:5qxx6vjmwUVG2nHQTKGlLts8Tbok8PzHl4vHtVFuZCA=
+k8s.io/api v0.18.4 h1:8x49nBRxuXGUlDlwlWd3RMY1SayZrzFfxea3UZSkFw4=
+k8s.io/api v0.18.4/go.mod h1:lOIQAKYgai1+vz9J7YcDZwC26Z0zQewYOGWdyIPUUQ4=
k8s.io/apiextensions-apiserver v0.0.0-20190918161926-8f644eb6e783/go.mod h1:xvae1SZB3E17UpV59AWc271W/Ph25N+bjPyR63X6tPY=
k8s.io/apiextensions-apiserver v0.16.4/go.mod h1:HYQwjujEkXmQNhap2C9YDdIVOSskGZ3et0Mvjcyjbto=
k8s.io/apiextensions-apiserver v0.17.2/go.mod h1:4KdMpjkEjjDI2pPfBA15OscyNldHWdBCfsWMDWAmSTs=
k8s.io/apiextensions-apiserver v0.17.4 h1:ZKFnw3cJrGZ/9s6y+DerTF4FL+dmK0a04A++7JkmMho=
k8s.io/apiextensions-apiserver v0.17.4/go.mod h1:rCbbbaFS/s3Qau3/1HbPlHblrWpFivoaLYccCffvQGI=
+k8s.io/apiextensions-apiserver v0.18.4 h1:Y3HGERmS8t9u12YNUFoOISqefaoGRuTc43AYCLzWmWE=
+k8s.io/apiextensions-apiserver v0.18.4/go.mod h1:NYeyeYq4SIpFlPxSAB6jHPIdvu3hL0pc36wuRChybio=
+k8s.io/apimachinery v0.0.0-20181127025237-2b1284ed4c93/go.mod h1:ccL7Eh7zubPUSh9A3USN90/OzHNSVN6zxzde07TDCL0=
k8s.io/apimachinery v0.0.0-20190612125636-6a5db36e93ad/go.mod h1:I4A+glKBHiTgiEjQiCCQfCAIcIMFGt291SmsvcrFzJA=
k8s.io/apimachinery v0.0.0-20190913080033-27d36303b655/go.mod h1:nL6pwRT8NgfF8TT68DBI8uEePRt89cSvoXUVqbkWHq4=
k8s.io/apimachinery v0.16.4/go.mod h1:llRdnznGEAqC3DcNm6yEj472xaFVfLM7hnYofMb12tQ=
@@ -1324,6 +1066,8 @@ k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZ
k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
k8s.io/apimachinery v0.17.4 h1:UzM+38cPUJnzqSQ+E1PY4YxMHIzQyCg29LOoGfo79Zw=
k8s.io/apimachinery v0.17.4/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g=
+k8s.io/apimachinery v0.18.4 h1:ST2beySjhqwJoIFk6p7Hp5v5O0hYY6Gngq/gUYXTPIA=
+k8s.io/apimachinery v0.18.4/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko=
k8s.io/apimachinery v0.18.6 h1:RtFHnfGNfd1N0LeSrKCUznz5xtUP1elRGvHJbL3Ntag=
k8s.io/apimachinery v0.19.0 h1:gjKnAda/HZp5k4xQYjL0K/Yb66IvNqjthCb03QlKpaQ=
k8s.io/apimachinery v0.19.1 h1:cwsxZazM/LA9aUsBaL4bRS5ygoM6bYp8dFk22DSYQa4=
@@ -1332,12 +1076,20 @@ k8s.io/apiserver v0.16.4/go.mod h1:kbLJOak655g6W7C+muqu1F76u9wnEycfKMqbVaXIdAc=
k8s.io/apiserver v0.17.2/go.mod h1:lBmw/TtQdtxvrTk0e2cgtOxHizXI+d0mmGQURIHQZlo=
k8s.io/apiserver v0.17.4 h1:bYc9LvDPEF9xAL3fhbDzqNOQOAnNF2ZYCrMW8v52/mE=
k8s.io/apiserver v0.17.4/go.mod h1:5ZDQ6Xr5MNBxyi3iUZXS84QOhZl+W7Oq2us/29c0j9I=
+k8s.io/apiserver v0.18.4 h1:pn1jSQkfboPSirZopkVpEdLW4FcQLnYMaIY8LFxxj30=
+k8s.io/apiserver v0.18.4/go.mod h1:q+zoFct5ABNnYkGIaGQ3bcbUNdmPyOCoEBcg51LChY8=
k8s.io/cli-runtime v0.17.4 h1:ZIJdxpBEszZqUhydrCoiI5rLXS2J/1AF5xFok2QJ9bc=
k8s.io/cli-runtime v0.17.4/go.mod h1:IVW4zrKKx/8gBgNNkhiUIc7nZbVVNhc1+HcQh+PiNHc=
+k8s.io/cli-runtime v0.18.4 h1:IUx7quIOb4gbQ4M+B1ksF/PTBovQuL5tXWzplX3t+FM=
+k8s.io/cli-runtime v0.18.4/go.mod h1:9/hS/Cuf7NVzWR5F/5tyS6xsnclxoPLVtwhnkJG1Y4g=
+k8s.io/client-go v0.0.0-20181213151034-8d9ed539ba31/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s=
k8s.io/client-go v0.0.0-20190918160344-1fbdaa4c8d90/go.mod h1:J69/JveO6XESwVgG53q3Uz5OSfgsv4uxpScmmyYOOlk=
k8s.io/client-go v0.16.4/go.mod h1:ZgxhFDxSnoKY0J0U2/Y1C8obKDdlhGPZwA7oHH863Ok=
k8s.io/client-go v0.17.0/go.mod h1:TYgR6EUHs6k45hb6KWjVD6jFZvJV4gHDikv/It0xz+k=
k8s.io/client-go v0.17.2/go.mod h1:QAzRgsa0C2xl4/eVpeVAZMvikCn8Nm81yqVx3Kk9XYI=
+k8s.io/client-go v0.17.4/go.mod h1:ouF6o5pz3is8qU0/qYL2RnoxOPqgfuidYLowytyLJmc=
+k8s.io/client-go v0.18.4 h1:un55V1Q/B3JO3A76eS0kUSywgGK/WR3BQ8fHQjNa6Zc=
+k8s.io/client-go v0.18.4/go.mod h1:f5sXwL4yAZRkAtzOxRWUhA/N8XzGCb+nPZI8PfobZ9g=
k8s.io/code-generator v0.0.0-20200306081859-6a048a382944/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc=
k8s.io/component-base v0.0.0-20190612130303-4062e14deebe h1:GHRdxwv4/80MA+Yy/YVyfc9n6VyOhEGzyM09mEXsIAU=
k8s.io/component-base v0.0.0-20190612130303-4062e14deebe/go.mod h1:MmIDXnint3qMN0cqXHKrSiJ2XQKo3J1BPIz7in7NvO0=
@@ -1362,27 +1114,30 @@ k8s.io/utils v0.0.0-20190221042446-c2654d5206da/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3
k8s.io/utils v0.0.0-20190801114015-581e00157fb1/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo=
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
+k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7 h1:uuHDyjllyzRyCIvvn0OBjiRB0SgBZGqHNYAmjR7fO50=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0=
sigs.k8s.io/controller-runtime v0.5.0 h1:CbqIy5fbUX+4E9bpnBFd204YAzRYlM9SWW77BbrcDQo=
sigs.k8s.io/controller-runtime v0.5.0/go.mod h1:REiJzC7Y00U+2YkMbT8wxgrsX5USpXKGhb2sCtAXiT8=
sigs.k8s.io/controller-tools v0.2.4/go.mod h1:m/ztfQNocGYBgTTCmFdnK94uVvgxeZeE3LtJvd/jIzA=
-sigs.k8s.io/kustomize v1.0.11 h1:Yb+6DDt9+aR2AvQApvUaKS/ugteeG4MPyoFeUHiPOjk=
sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0=
sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU=
sigs.k8s.io/kustomize/api v0.5.1 h1:iHGTs5LcnJGqHstUSxWD/kX6XZgmd82x79LLlZwDU0I=
sigs.k8s.io/kustomize/api v0.5.1/go.mod h1:LGqJ9ZWOnWDqlECqrFgNUyEqSJc6ooA9ZiWZ4KFZv+I=
-sigs.k8s.io/kustomize/kyaml v0.4.1 h1:NEqA/35upoAjb+I5vh1ODUqxoX4DOrezeQa9BhhG5Co=
sigs.k8s.io/kustomize/kyaml v0.4.1/go.mod h1:XJL84E6sOFeNrQ7CADiemc1B0EjIxHo3OhW4o1aJYNw=
sigs.k8s.io/kustomize/kyaml v0.6.1 h1:mwffj5vt3MPdbWV3fZnnwol8SO7sUoGdgejBlvseyak=
sigs.k8s.io/kustomize/kyaml v0.6.1/go.mod h1:bEzbO5pN9OvlEeCLvFHo8Pu7SA26Herc2m60UeWZBdI=
sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
sigs.k8s.io/structured-merge-diff v0.0.0-20190817042607-6149e4549fca/go.mod h1:IIgPezJWb76P0hotTxzDbWsMYB8APh18qZnxkomBpxA=
sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18=
+sigs.k8s.io/structured-merge-diff v1.0.1 h1:LOs1LZWMsz1xs77Phr/pkB4LFaavH7IVq/3+WTN9XTA=
sigs.k8s.io/structured-merge-diff v1.0.1/go.mod h1:IIgPezJWb76P0hotTxzDbWsMYB8APh18qZnxkomBpxA=
sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
+sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
diff --git a/pkg/api/kyverno/register.go b/pkg/api/kyverno/register.go
old mode 100644
new mode 100755
diff --git a/pkg/api/kyverno/v1/doc.go b/pkg/api/kyverno/v1/doc.go
old mode 100644
new mode 100755
diff --git a/pkg/api/kyverno/v1/register.go b/pkg/api/kyverno/v1/register.go
old mode 100644
new mode 100755
index ea9d34b598..a68c2c41e9
--- a/pkg/api/kyverno/v1/register.go
+++ b/pkg/api/kyverno/v1/register.go
@@ -1,11 +1,10 @@
package v1
import (
+ "github.com/kyverno/kyverno/pkg/api/kyverno"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
-
- "github.com/kyverno/kyverno/pkg/api/kyverno"
)
// SchemeGroupVersion is group version used to register these objects
diff --git a/pkg/api/kyverno/v1/types.go b/pkg/api/kyverno/v1/types.go
old mode 100644
new mode 100755
index 2c029568c7..ff3e893d4b
--- a/pkg/api/kyverno/v1/types.go
+++ b/pkg/api/kyverno/v1/types.go
@@ -415,6 +415,8 @@ type ViolatedRule struct {
Type string `json:"type" yaml:"type"`
// Specifies violation message
Message string `json:"message" yaml:"message"`
+ // +optional
+ Check string `json:"check" yaml:"check"`
}
//PolicyViolationStatus provides information regarding policyviolation status
diff --git a/pkg/api/kyverno/v1/utils.go b/pkg/api/kyverno/v1/utils.go
old mode 100644
new mode 100755
diff --git a/pkg/api/kyverno/v1/zz_generated.deepcopy.go b/pkg/api/kyverno/v1/zz_generated.deepcopy.go
old mode 100644
new mode 100755
index 17d4f37930..d798b88bcc
--- a/pkg/api/kyverno/v1/zz_generated.deepcopy.go
+++ b/pkg/api/kyverno/v1/zz_generated.deepcopy.go
@@ -193,7 +193,11 @@ func (in *ConfigMapReference) DeepCopy() *ConfigMapReference {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ContextEntry) DeepCopyInto(out *ContextEntry) {
*out = *in
- out.ConfigMap = in.ConfigMap
+ if in.ConfigMap != nil {
+ in, out := &in.ConfigMap, &out.ConfigMap
+ *out = new(ConfigMapReference)
+ **out = **in
+ }
return
}
@@ -689,6 +693,13 @@ func (in *ResourceSpec) DeepCopy() *ResourceSpec {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Rule) DeepCopyInto(out *Rule) {
*out = *in
+ if in.Context != nil {
+ in, out := &in.Context, &out.Context
+ *out = make([]ContextEntry, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
in.MatchResources.DeepCopyInto(&out.MatchResources)
in.ExcludeResources.DeepCopyInto(&out.ExcludeResources)
if in.Conditions != nil {
@@ -701,11 +712,6 @@ func (in *Rule) DeepCopyInto(out *Rule) {
in.Mutation.DeepCopyInto(&out.Mutation)
in.Validation.DeepCopyInto(&out.Validation)
in.Generation.DeepCopyInto(&out.Generation)
- if in.Context != nil {
- in, out := &in.Context, &out.Context
- *out = make([]ContextEntry, len(*in))
- copy(*out, *in)
- }
return
}
diff --git a/pkg/api/kyverno/v1alpha1/clusterreportchangerequest_types.go b/pkg/api/kyverno/v1alpha1/clusterreportchangerequest_types.go
new file mode 100644
index 0000000000..04be3a0b59
--- /dev/null
+++ b/pkg/api/kyverno/v1alpha1/clusterreportchangerequest_types.go
@@ -0,0 +1,75 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +genclient:nonNamespaced
+// +kubebuilder:object:root=true
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
+// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+
+// ClusterReportChangeRequest is the Schema for the ClusterReportChangeRequests API
+type ClusterReportChangeRequest struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
+ // +optional
+ Scope *corev1.ObjectReference `json:"scope,omitempty"`
+
+ // ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+ // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+ // +optional
+ ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`
+
+ // PolicyReportSummary provides a summary of results
+ // +optional
+ Summary report.PolicyReportSummary `json:"summary,omitempty"`
+
+ // PolicyReportResult provides result details
+ // +optional
+ Results []*report.PolicyReportResult `json:"results,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// ClusterReportChangeRequestList contains a list of ClusterReportChangeRequest
+type ClusterReportChangeRequestList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []ClusterReportChangeRequest `json:"items"`
+}
+
+func init() {
+ SchemeBuilder.Register(&ClusterReportChangeRequest{}, &ClusterReportChangeRequestList{})
+}
diff --git a/pkg/api/kyverno/v1alpha1/doc.go b/pkg/api/kyverno/v1alpha1/doc.go
new file mode 100644
index 0000000000..1d745e779c
--- /dev/null
+++ b/pkg/api/kyverno/v1alpha1/doc.go
@@ -0,0 +1,21 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// +k8s:deepcopy-gen=package
+// +kubebuilder:object:generate=true
+// +groupName=kyverno.io
+package v1alpha1
diff --git a/pkg/api/kyverno/v1alpha1/groupversion_info.go b/pkg/api/kyverno/v1alpha1/groupversion_info.go
new file mode 100755
index 0000000000..4ac1cbf0e8
--- /dev/null
+++ b/pkg/api/kyverno/v1alpha1/groupversion_info.go
@@ -0,0 +1,49 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=kyverno.io
+package v1alpha1
+
+import (
+ "k8s.io/apimachinery/pkg/runtime/schema"
+ "sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=kyverno.io
+var (
+ // SchemeGroupVersion is group version used to register these objects
+ SchemeGroupVersion = schema.GroupVersion{Group: "kyverno.io", Version: "v1alpha1"}
+
+ // SchemeBuilder is used to add go types to the GroupVersionKind scheme
+ SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
+
+ // AddToScheme adds the types in this group-version to the given scheme.
+ AddToScheme = SchemeBuilder.AddToScheme
+)
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+ return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+ return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
diff --git a/pkg/api/kyverno/v1alpha1/reportchangerequest_types.go b/pkg/api/kyverno/v1alpha1/reportchangerequest_types.go
new file mode 100644
index 0000000000..a8a5906493
--- /dev/null
+++ b/pkg/api/kyverno/v1alpha1/reportchangerequest_types.go
@@ -0,0 +1,74 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
+// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+
+// ReportChangeRequest is the Schema for the ReportChangeRequests API
+type ReportChangeRequest struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
+ // +optional
+ Scope *corev1.ObjectReference `json:"scope,omitempty"`
+
+ // ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+ // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+ // +optional
+ ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`
+
+ // PolicyReportSummary provides a summary of results
+ // +optional
+ Summary report.PolicyReportSummary `json:"summary,omitempty"`
+
+ // PolicyReportResult provides result details
+ // +optional
+ Results []*report.PolicyReportResult `json:"results,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// ReportChangeRequestList contains a list of ReportChangeRequest
+type ReportChangeRequestList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []ReportChangeRequest `json:"items"`
+}
+
+func init() {
+ SchemeBuilder.Register(&ReportChangeRequest{}, &ReportChangeRequestList{})
+}
diff --git a/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go b/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go
new file mode 100644
index 0000000000..aac25f551a
--- /dev/null
+++ b/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go
@@ -0,0 +1,170 @@
+// +build !ignore_autogenerated
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ policyreportv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterReportChangeRequest) DeepCopyInto(out *ClusterReportChangeRequest) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ if in.Scope != nil {
+ in, out := &in.Scope, &out.Scope
+ *out = new(v1.ObjectReference)
+ **out = **in
+ }
+ if in.ScopeSelector != nil {
+ in, out := &in.ScopeSelector, &out.ScopeSelector
+ *out = new(metav1.LabelSelector)
+ (*in).DeepCopyInto(*out)
+ }
+ out.Summary = in.Summary
+ if in.Results != nil {
+ in, out := &in.Results, &out.Results
+ *out = make([]*policyreportv1alpha1.PolicyReportResult, len(*in))
+ for i := range *in {
+ if (*in)[i] != nil {
+ in, out := &(*in)[i], &(*out)[i]
+ *out = new(policyreportv1alpha1.PolicyReportResult)
+ (*in).DeepCopyInto(*out)
+ }
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterReportChangeRequest.
+func (in *ClusterReportChangeRequest) DeepCopy() *ClusterReportChangeRequest {
+ if in == nil {
+ return nil
+ }
+ out := new(ClusterReportChangeRequest)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterReportChangeRequest) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterReportChangeRequestList) DeepCopyInto(out *ClusterReportChangeRequestList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]ClusterReportChangeRequest, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterReportChangeRequestList.
+func (in *ClusterReportChangeRequestList) DeepCopy() *ClusterReportChangeRequestList {
+ if in == nil {
+ return nil
+ }
+ out := new(ClusterReportChangeRequestList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterReportChangeRequestList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ReportChangeRequest) DeepCopyInto(out *ReportChangeRequest) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ if in.Scope != nil {
+ in, out := &in.Scope, &out.Scope
+ *out = new(v1.ObjectReference)
+ **out = **in
+ }
+ if in.ScopeSelector != nil {
+ in, out := &in.ScopeSelector, &out.ScopeSelector
+ *out = new(metav1.LabelSelector)
+ (*in).DeepCopyInto(*out)
+ }
+ out.Summary = in.Summary
+ if in.Results != nil {
+ in, out := &in.Results, &out.Results
+ *out = make([]*policyreportv1alpha1.PolicyReportResult, len(*in))
+ for i := range *in {
+ if (*in)[i] != nil {
+ in, out := &(*in)[i], &(*out)[i]
+ *out = new(policyreportv1alpha1.PolicyReportResult)
+ (*in).DeepCopyInto(*out)
+ }
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportChangeRequest.
+func (in *ReportChangeRequest) DeepCopy() *ReportChangeRequest {
+ if in == nil {
+ return nil
+ }
+ out := new(ReportChangeRequest)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ReportChangeRequest) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ReportChangeRequestList) DeepCopyInto(out *ReportChangeRequestList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]ReportChangeRequest, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportChangeRequestList.
+func (in *ReportChangeRequestList) DeepCopy() *ReportChangeRequestList {
+ if in == nil {
+ return nil
+ }
+ out := new(ReportChangeRequestList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ReportChangeRequestList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
diff --git a/pkg/api/policyreport/v1alpha1/clusterpolicyreport_types.go b/pkg/api/policyreport/v1alpha1/clusterpolicyreport_types.go
new file mode 100755
index 0000000000..d4633568af
--- /dev/null
+++ b/pkg/api/policyreport/v1alpha1/clusterpolicyreport_types.go
@@ -0,0 +1,75 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +genclient:nonNamespaced
+// +kubebuilder:object:root=true
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
+// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:resource:shortName=cpolr
+
+// ClusterPolicyReport is the Schema for the clusterpolicyreports API
+type ClusterPolicyReport struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
+ // +optional
+ Scope *corev1.ObjectReference `json:"scope,omitempty"`
+
+ // ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+ // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+ // +optional
+ ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`
+
+ // PolicyReportSummary provides a summary of results
+ // +optional
+ Summary PolicyReportSummary `json:"summary,omitempty"`
+
+ // PolicyReportResult provides result details
+ // +optional
+ Results []*PolicyReportResult `json:"results,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// ClusterPolicyReportList contains a list of ClusterPolicyReport
+type ClusterPolicyReportList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []ClusterPolicyReport `json:"items"`
+}
+
+func init() {
+ SchemeBuilder.Register(&ClusterPolicyReport{}, &ClusterPolicyReportList{})
+}
diff --git a/pkg/api/policyreport/v1alpha1/doc.go b/pkg/api/policyreport/v1alpha1/doc.go
new file mode 100755
index 0000000000..366c165158
--- /dev/null
+++ b/pkg/api/policyreport/v1alpha1/doc.go
@@ -0,0 +1,21 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// +k8s:deepcopy-gen=package
+// +kubebuilder:object:generate=true
+// +groupName=policy.k8s.io
+package v1alpha1
diff --git a/pkg/api/policyreport/v1alpha1/groupversion_info.go b/pkg/api/policyreport/v1alpha1/groupversion_info.go
new file mode 100755
index 0000000000..296fe28b91
--- /dev/null
+++ b/pkg/api/policyreport/v1alpha1/groupversion_info.go
@@ -0,0 +1,49 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=policy.k8s.io
+package v1alpha1
+
+import (
+ "k8s.io/apimachinery/pkg/runtime/schema"
+ "sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=policy.k8s.io
+var (
+ // SchemeGroupVersion is group version used to register these objects
+ SchemeGroupVersion = schema.GroupVersion{Group: "policy.k8s.io", Version: "v1alpha1"}
+
+ // SchemeBuilder is used to add go types to the GroupVersionKind scheme
+ SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
+
+ // AddToScheme adds the types in this group-version to the given scheme.
+ AddToScheme = SchemeBuilder.AddToScheme
+)
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+ return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+ return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
diff --git a/pkg/api/policyreport/v1alpha1/policyreport_types.go b/pkg/api/policyreport/v1alpha1/policyreport_types.go
new file mode 100755
index 0000000000..0ca7a28362
--- /dev/null
+++ b/pkg/api/policyreport/v1alpha1/policyreport_types.go
@@ -0,0 +1,162 @@
+/*
+Copyright 2020 The Kubernetes authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
+
+const (
+ StatusPass = "pass"
+ StatusFail = "fail"
+ StatusWarn = "warn"
+ StatusError = "error"
+ StatusSkip = "skip"
+)
+
+// PolicyReportSummary provides a status count summary
+type PolicyReportSummary struct {
+
+ // Pass provides the count of policies whose requirements were met
+ // +optional
+ Pass int `json:"pass"`
+
+ // Fail provides the count of policies whose requirements were not met
+ // +optional
+ Fail int `json:"fail"`
+
+ // Warn provides the count of unscored policies whose requirements were not met
+ // +optional
+ Warn int `json:"warn"`
+
+ // Error provides the count of policies that could not be evaluated
+ // +optional
+ Error int `json:"error"`
+
+ // Skip indicates the count of policies that were not selected for evaluation
+ // +optional
+ Skip int `json:"skip"`
+}
+
+// PolicyStatus has one of the following values:
+// - pass: indicates that the policy requirements are met
+// - fail: indicates that the policy requirements are not met
+// - warn: indicates that the policy requirements and not met, and the policy is not scored
+// - error: indicates that the policy could not be evaluated
+// - skip: indicates that the policy was not selected based on user inputs or applicability
+//
+// +kubebuilder:validation:Enum=pass;fail;warn;error;skip
+type PolicyStatus string
+
+// PolicySeverity has one of the following values:
+// - high
+// - low
+// - medium
+// +kubebuilder:validation:Enum=high;low;medium
+type PolicySeverity string
+
+// PolicyReportResult provides the result for an individual policy
+type PolicyReportResult struct {
+
+ // Policy is the name of the policy
+ Policy string `json:"policy"`
+
+ // Rule is the name of the policy rule
+ // +optional
+ Rule string `json:"rule,omitempty"`
+
+ // Resources is an optional reference to the resource checked by the policy and rule
+ // +optional
+ Resources []*corev1.ObjectReference `json:"resources,omitempty"`
+
+ // ResourceSelector is an optional selector for policy results that apply to multiple resources.
+ // For example, a policy result may apply to all pods that match a label.
+ // Either a Resource or a ResourceSelector can be specified. If neither are provided, the
+ // result is assumed to be for the policy report scope.
+ // +optional
+ ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"`
+
+ // Message is a short user friendly description of the policy rule
+ Message string `json:"message,omitempty"`
+
+ // Status indicates the result of the policy rule check
+ Status PolicyStatus `json:"status,omitempty"`
+
+ // Scored indicates if this policy rule is scored
+ Scored bool `json:"scored,omitempty"`
+
+ // Data provides additional information for the policy rule
+ Data map[string]string `json:"data,omitempty"`
+
+ // Category indicates policy category
+ // +optional
+ Category string `json:"category,omitempty"`
+
+ // Severity indicates policy severity
+ // +optional
+ Severity PolicySeverity `json:"severity,omitempty"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
+// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:resource:shortName=polr
+
+// PolicyReport is the Schema for the policyreports API
+type PolicyReport struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
+ // +optional
+ Scope *corev1.ObjectReference `json:"scope,omitempty"`
+
+ // ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+ // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+ // +optional
+ ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`
+
+ // PolicyReportSummary provides a summary of results
+ // +optional
+ Summary PolicyReportSummary `json:"summary,omitempty"`
+
+ // PolicyReportResult provides result details
+ // +optional
+ Results []*PolicyReportResult `json:"results,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// PolicyReportList contains a list of PolicyReport
+type PolicyReportList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []PolicyReport `json:"items"`
+}
+
+func init() {
+ SchemeBuilder.Register(&PolicyReport{}, &PolicyReportList{})
+}
diff --git a/pkg/api/policyreport/v1alpha1/zz_generated.deepcopy.go b/pkg/api/policyreport/v1alpha1/zz_generated.deepcopy.go
new file mode 100644
index 0000000000..3b0dae552b
--- /dev/null
+++ b/pkg/api/policyreport/v1alpha1/zz_generated.deepcopy.go
@@ -0,0 +1,222 @@
+// +build !ignore_autogenerated
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ if in.Scope != nil {
+ in, out := &in.Scope, &out.Scope
+ *out = new(v1.ObjectReference)
+ **out = **in
+ }
+ if in.ScopeSelector != nil {
+ in, out := &in.ScopeSelector, &out.ScopeSelector
+ *out = new(metav1.LabelSelector)
+ (*in).DeepCopyInto(*out)
+ }
+ out.Summary = in.Summary
+ if in.Results != nil {
+ in, out := &in.Results, &out.Results
+ *out = make([]*PolicyReportResult, len(*in))
+ for i := range *in {
+ if (*in)[i] != nil {
+ in, out := &(*in)[i], &(*out)[i]
+ *out = new(PolicyReportResult)
+ (*in).DeepCopyInto(*out)
+ }
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport.
+func (in *ClusterPolicyReport) DeepCopy() *ClusterPolicyReport {
+ if in == nil {
+ return nil
+ }
+ out := new(ClusterPolicyReport)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]ClusterPolicyReport, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList.
+func (in *ClusterPolicyReportList) DeepCopy() *ClusterPolicyReportList {
+ if in == nil {
+ return nil
+ }
+ out := new(ClusterPolicyReportList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterPolicyReportList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReport) DeepCopyInto(out *PolicyReport) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ if in.Scope != nil {
+ in, out := &in.Scope, &out.Scope
+ *out = new(v1.ObjectReference)
+ **out = **in
+ }
+ if in.ScopeSelector != nil {
+ in, out := &in.ScopeSelector, &out.ScopeSelector
+ *out = new(metav1.LabelSelector)
+ (*in).DeepCopyInto(*out)
+ }
+ out.Summary = in.Summary
+ if in.Results != nil {
+ in, out := &in.Results, &out.Results
+ *out = make([]*PolicyReportResult, len(*in))
+ for i := range *in {
+ if (*in)[i] != nil {
+ in, out := &(*in)[i], &(*out)[i]
+ *out = new(PolicyReportResult)
+ (*in).DeepCopyInto(*out)
+ }
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport.
+func (in *PolicyReport) DeepCopy() *PolicyReport {
+ if in == nil {
+ return nil
+ }
+ out := new(PolicyReport)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PolicyReport) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]PolicyReport, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList.
+func (in *PolicyReportList) DeepCopy() *PolicyReportList {
+ if in == nil {
+ return nil
+ }
+ out := new(PolicyReportList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PolicyReportList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult) {
+ *out = *in
+ if in.Resources != nil {
+ in, out := &in.Resources, &out.Resources
+ *out = make([]*v1.ObjectReference, len(*in))
+ for i := range *in {
+ if (*in)[i] != nil {
+ in, out := &(*in)[i], &(*out)[i]
+ *out = new(v1.ObjectReference)
+ **out = **in
+ }
+ }
+ }
+ if in.ResourceSelector != nil {
+ in, out := &in.ResourceSelector, &out.ResourceSelector
+ *out = new(metav1.LabelSelector)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.Data != nil {
+ in, out := &in.Data, &out.Data
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult.
+func (in *PolicyReportResult) DeepCopy() *PolicyReportResult {
+ if in == nil {
+ return nil
+ }
+ out := new(PolicyReportResult)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary.
+func (in *PolicyReportSummary) DeepCopy() *PolicyReportSummary {
+ if in == nil {
+ return nil
+ }
+ out := new(PolicyReportSummary)
+ in.DeepCopyInto(out)
+ return out
+}
diff --git a/pkg/client/clientset/versioned/clientset.go b/pkg/client/clientset/versioned/clientset.go
old mode 100644
new mode 100755
index f03faa0f58..4866204eb0
--- a/pkg/client/clientset/versioned/clientset.go
+++ b/pkg/client/clientset/versioned/clientset.go
@@ -22,6 +22,8 @@ import (
"fmt"
kyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
+ kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
+ policyv1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha1"
discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest"
flowcontrol "k8s.io/client-go/util/flowcontrol"
@@ -30,13 +32,17 @@ import (
type Interface interface {
Discovery() discovery.DiscoveryInterface
KyvernoV1() kyvernov1.KyvernoV1Interface
+ KyvernoV1alpha1() kyvernov1alpha1.KyvernoV1alpha1Interface
+ PolicyV1alpha1() policyv1alpha1.PolicyV1alpha1Interface
}
// Clientset contains the clients for groups. Each group has exactly one
// version included in a Clientset.
type Clientset struct {
*discovery.DiscoveryClient
- kyvernoV1 *kyvernov1.KyvernoV1Client
+ kyvernoV1 *kyvernov1.KyvernoV1Client
+ kyvernoV1alpha1 *kyvernov1alpha1.KyvernoV1alpha1Client
+ policyV1alpha1 *policyv1alpha1.PolicyV1alpha1Client
}
// KyvernoV1 retrieves the KyvernoV1Client
@@ -44,6 +50,16 @@ func (c *Clientset) KyvernoV1() kyvernov1.KyvernoV1Interface {
return c.kyvernoV1
}
+// KyvernoV1alpha1 retrieves the KyvernoV1alpha1Client
+func (c *Clientset) KyvernoV1alpha1() kyvernov1alpha1.KyvernoV1alpha1Interface {
+ return c.kyvernoV1alpha1
+}
+
+// PolicyV1alpha1 retrieves the PolicyV1alpha1Client
+func (c *Clientset) PolicyV1alpha1() policyv1alpha1.PolicyV1alpha1Interface {
+ return c.policyV1alpha1
+}
+
// Discovery retrieves the DiscoveryClient
func (c *Clientset) Discovery() discovery.DiscoveryInterface {
if c == nil {
@@ -59,7 +75,7 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
configShallowCopy := *c
if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 {
if configShallowCopy.Burst <= 0 {
- return nil, fmt.Errorf("Burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0")
+ return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0")
}
configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst)
}
@@ -69,6 +85,14 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
if err != nil {
return nil, err
}
+ cs.kyvernoV1alpha1, err = kyvernov1alpha1.NewForConfig(&configShallowCopy)
+ if err != nil {
+ return nil, err
+ }
+ cs.policyV1alpha1, err = policyv1alpha1.NewForConfig(&configShallowCopy)
+ if err != nil {
+ return nil, err
+ }
cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
if err != nil {
@@ -82,6 +106,8 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
func NewForConfigOrDie(c *rest.Config) *Clientset {
var cs Clientset
cs.kyvernoV1 = kyvernov1.NewForConfigOrDie(c)
+ cs.kyvernoV1alpha1 = kyvernov1alpha1.NewForConfigOrDie(c)
+ cs.policyV1alpha1 = policyv1alpha1.NewForConfigOrDie(c)
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
return &cs
@@ -91,6 +117,8 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
func New(c rest.Interface) *Clientset {
var cs Clientset
cs.kyvernoV1 = kyvernov1.New(c)
+ cs.kyvernoV1alpha1 = kyvernov1alpha1.New(c)
+ cs.policyV1alpha1 = policyv1alpha1.New(c)
cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
return &cs
diff --git a/pkg/client/clientset/versioned/doc.go b/pkg/client/clientset/versioned/doc.go
old mode 100644
new mode 100755
diff --git a/pkg/client/clientset/versioned/fake/clientset_generated.go b/pkg/client/clientset/versioned/fake/clientset_generated.go
old mode 100644
new mode 100755
index f3ba286234..e37d01e7e6
--- a/pkg/client/clientset/versioned/fake/clientset_generated.go
+++ b/pkg/client/clientset/versioned/fake/clientset_generated.go
@@ -22,6 +22,10 @@ import (
clientset "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
fakekyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1/fake"
+ kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
+ fakekyvernov1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake"
+ policyv1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha1"
+ fakepolicyv1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/discovery"
@@ -80,3 +84,13 @@ var _ clientset.Interface = &Clientset{}
func (c *Clientset) KyvernoV1() kyvernov1.KyvernoV1Interface {
return &fakekyvernov1.FakeKyvernoV1{Fake: &c.Fake}
}
+
+// KyvernoV1alpha1 retrieves the KyvernoV1alpha1Client
+func (c *Clientset) KyvernoV1alpha1() kyvernov1alpha1.KyvernoV1alpha1Interface {
+ return &fakekyvernov1alpha1.FakeKyvernoV1alpha1{Fake: &c.Fake}
+}
+
+// PolicyV1alpha1 retrieves the PolicyV1alpha1Client
+func (c *Clientset) PolicyV1alpha1() policyv1alpha1.PolicyV1alpha1Interface {
+ return &fakepolicyv1alpha1.FakePolicyV1alpha1{Fake: &c.Fake}
+}
diff --git a/pkg/client/clientset/versioned/fake/doc.go b/pkg/client/clientset/versioned/fake/doc.go
old mode 100644
new mode 100755
diff --git a/pkg/client/clientset/versioned/fake/register.go b/pkg/client/clientset/versioned/fake/register.go
old mode 100644
new mode 100755
index f750c85a2e..a38afc9efa
--- a/pkg/client/clientset/versioned/fake/register.go
+++ b/pkg/client/clientset/versioned/fake/register.go
@@ -20,6 +20,8 @@ package fake
import (
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
+ kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ policyv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -32,6 +34,8 @@ var codecs = serializer.NewCodecFactory(scheme)
var parameterCodec = runtime.NewParameterCodec(scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
kyvernov1.AddToScheme,
+ kyvernov1alpha1.AddToScheme,
+ policyv1alpha1.AddToScheme,
}
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
diff --git a/pkg/client/clientset/versioned/scheme/doc.go b/pkg/client/clientset/versioned/scheme/doc.go
old mode 100644
new mode 100755
diff --git a/pkg/client/clientset/versioned/scheme/register.go b/pkg/client/clientset/versioned/scheme/register.go
old mode 100644
new mode 100755
index 6c12b8b1bf..98f83df725
--- a/pkg/client/clientset/versioned/scheme/register.go
+++ b/pkg/client/clientset/versioned/scheme/register.go
@@ -20,6 +20,8 @@ package scheme
import (
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
+ kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ policyv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -32,6 +34,8 @@ var Codecs = serializer.NewCodecFactory(Scheme)
var ParameterCodec = runtime.NewParameterCodec(Scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
kyvernov1.AddToScheme,
+ kyvernov1alpha1.AddToScheme,
+ policyv1alpha1.AddToScheme,
}
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicy.go b/pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicy.go
old mode 100644
new mode 100755
index 1eba4b16b7..8415e67722
--- a/pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicy.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicy.go
@@ -19,6 +19,7 @@ limitations under the License.
package v1
import (
+ "context"
"time"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@@ -37,15 +38,15 @@ type ClusterPoliciesGetter interface {
// ClusterPolicyInterface has methods to work with ClusterPolicy resources.
type ClusterPolicyInterface interface {
- Create(*v1.ClusterPolicy) (*v1.ClusterPolicy, error)
- Update(*v1.ClusterPolicy) (*v1.ClusterPolicy, error)
- UpdateStatus(*v1.ClusterPolicy) (*v1.ClusterPolicy, error)
- Delete(name string, options *metav1.DeleteOptions) error
- DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error
- Get(name string, options metav1.GetOptions) (*v1.ClusterPolicy, error)
- List(opts metav1.ListOptions) (*v1.ClusterPolicyList, error)
- Watch(opts metav1.ListOptions) (watch.Interface, error)
- Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.ClusterPolicy, err error)
+ Create(ctx context.Context, clusterPolicy *v1.ClusterPolicy, opts metav1.CreateOptions) (*v1.ClusterPolicy, error)
+ Update(ctx context.Context, clusterPolicy *v1.ClusterPolicy, opts metav1.UpdateOptions) (*v1.ClusterPolicy, error)
+ UpdateStatus(ctx context.Context, clusterPolicy *v1.ClusterPolicy, opts metav1.UpdateOptions) (*v1.ClusterPolicy, error)
+ Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+ Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterPolicy, error)
+ List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterPolicyList, error)
+ Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterPolicy, err error)
ClusterPolicyExpansion
}
@@ -62,19 +63,19 @@ func newClusterPolicies(c *KyvernoV1Client) *clusterPolicies {
}
// Get takes name of the clusterPolicy, and returns the corresponding clusterPolicy object, and an error if there is any.
-func (c *clusterPolicies) Get(name string, options metav1.GetOptions) (result *v1.ClusterPolicy, err error) {
+func (c *clusterPolicies) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterPolicy, err error) {
result = &v1.ClusterPolicy{}
err = c.client.Get().
Resource("clusterpolicies").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
- Do().
+ Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of ClusterPolicies that match those selectors.
-func (c *clusterPolicies) List(opts metav1.ListOptions) (result *v1.ClusterPolicyList, err error) {
+func (c *clusterPolicies) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterPolicyList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
@@ -84,13 +85,13 @@ func (c *clusterPolicies) List(opts metav1.ListOptions) (result *v1.ClusterPolic
Resource("clusterpolicies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
- Do().
+ Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested clusterPolicies.
-func (c *clusterPolicies) Watch(opts metav1.ListOptions) (watch.Interface, error) {
+func (c *clusterPolicies) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
@@ -100,81 +101,84 @@ func (c *clusterPolicies) Watch(opts metav1.ListOptions) (watch.Interface, error
Resource("clusterpolicies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
- Watch()
+ Watch(ctx)
}
// Create takes the representation of a clusterPolicy and creates it. Returns the server's representation of the clusterPolicy, and an error, if there is any.
-func (c *clusterPolicies) Create(clusterPolicy *v1.ClusterPolicy) (result *v1.ClusterPolicy, err error) {
+func (c *clusterPolicies) Create(ctx context.Context, clusterPolicy *v1.ClusterPolicy, opts metav1.CreateOptions) (result *v1.ClusterPolicy, err error) {
result = &v1.ClusterPolicy{}
err = c.client.Post().
Resource("clusterpolicies").
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(clusterPolicy).
- Do().
+ Do(ctx).
Into(result)
return
}
// Update takes the representation of a clusterPolicy and updates it. Returns the server's representation of the clusterPolicy, and an error, if there is any.
-func (c *clusterPolicies) Update(clusterPolicy *v1.ClusterPolicy) (result *v1.ClusterPolicy, err error) {
+func (c *clusterPolicies) Update(ctx context.Context, clusterPolicy *v1.ClusterPolicy, opts metav1.UpdateOptions) (result *v1.ClusterPolicy, err error) {
result = &v1.ClusterPolicy{}
err = c.client.Put().
Resource("clusterpolicies").
Name(clusterPolicy.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(clusterPolicy).
- Do().
+ Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-
-func (c *clusterPolicies) UpdateStatus(clusterPolicy *v1.ClusterPolicy) (result *v1.ClusterPolicy, err error) {
+func (c *clusterPolicies) UpdateStatus(ctx context.Context, clusterPolicy *v1.ClusterPolicy, opts metav1.UpdateOptions) (result *v1.ClusterPolicy, err error) {
result = &v1.ClusterPolicy{}
err = c.client.Put().
Resource("clusterpolicies").
Name(clusterPolicy.Name).
SubResource("status").
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(clusterPolicy).
- Do().
+ Do(ctx).
Into(result)
return
}
// Delete takes name of the clusterPolicy and deletes it. Returns an error if one occurs.
-func (c *clusterPolicies) Delete(name string, options *metav1.DeleteOptions) error {
+func (c *clusterPolicies) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
return c.client.Delete().
Resource("clusterpolicies").
Name(name).
- Body(options).
- Do().
+ Body(&opts).
+ Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
-func (c *clusterPolicies) DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error {
+func (c *clusterPolicies) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
var timeout time.Duration
- if listOptions.TimeoutSeconds != nil {
- timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Resource("clusterpolicies").
- VersionedParams(&listOptions, scheme.ParameterCodec).
+ VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
- Body(options).
- Do().
+ Body(&opts).
+ Do(ctx).
Error()
}
// Patch applies the patch and returns the patched clusterPolicy.
-func (c *clusterPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.ClusterPolicy, err error) {
+func (c *clusterPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterPolicy, err error) {
result = &v1.ClusterPolicy{}
err = c.client.Patch(pt).
Resource("clusterpolicies").
- SubResource(subresources...).
Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
- Do().
+ Do(ctx).
Into(result)
return
}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicyviolation.go b/pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicyviolation.go
old mode 100644
new mode 100755
index 27246c30d9..30fda07fca
--- a/pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicyviolation.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1/clusterpolicyviolation.go
@@ -19,6 +19,7 @@ limitations under the License.
package v1
import (
+ "context"
"time"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@@ -37,15 +38,15 @@ type ClusterPolicyViolationsGetter interface {
// ClusterPolicyViolationInterface has methods to work with ClusterPolicyViolation resources.
type ClusterPolicyViolationInterface interface {
- Create(*v1.ClusterPolicyViolation) (*v1.ClusterPolicyViolation, error)
- Update(*v1.ClusterPolicyViolation) (*v1.ClusterPolicyViolation, error)
- UpdateStatus(*v1.ClusterPolicyViolation) (*v1.ClusterPolicyViolation, error)
- Delete(name string, options *metav1.DeleteOptions) error
- DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error
- Get(name string, options metav1.GetOptions) (*v1.ClusterPolicyViolation, error)
- List(opts metav1.ListOptions) (*v1.ClusterPolicyViolationList, error)
- Watch(opts metav1.ListOptions) (watch.Interface, error)
- Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.ClusterPolicyViolation, err error)
+ Create(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.CreateOptions) (*v1.ClusterPolicyViolation, error)
+ Update(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.UpdateOptions) (*v1.ClusterPolicyViolation, error)
+ UpdateStatus(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.UpdateOptions) (*v1.ClusterPolicyViolation, error)
+ Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+ Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterPolicyViolation, error)
+ List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterPolicyViolationList, error)
+ Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterPolicyViolation, err error)
ClusterPolicyViolationExpansion
}
@@ -62,19 +63,19 @@ func newClusterPolicyViolations(c *KyvernoV1Client) *clusterPolicyViolations {
}
// Get takes name of the clusterPolicyViolation, and returns the corresponding clusterPolicyViolation object, and an error if there is any.
-func (c *clusterPolicyViolations) Get(name string, options metav1.GetOptions) (result *v1.ClusterPolicyViolation, err error) {
+func (c *clusterPolicyViolations) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Get().
Resource("clusterpolicyviolations").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
- Do().
+ Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of ClusterPolicyViolations that match those selectors.
-func (c *clusterPolicyViolations) List(opts metav1.ListOptions) (result *v1.ClusterPolicyViolationList, err error) {
+func (c *clusterPolicyViolations) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterPolicyViolationList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
@@ -84,13 +85,13 @@ func (c *clusterPolicyViolations) List(opts metav1.ListOptions) (result *v1.Clus
Resource("clusterpolicyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
- Do().
+ Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested clusterPolicyViolations.
-func (c *clusterPolicyViolations) Watch(opts metav1.ListOptions) (watch.Interface, error) {
+func (c *clusterPolicyViolations) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
@@ -100,81 +101,84 @@ func (c *clusterPolicyViolations) Watch(opts metav1.ListOptions) (watch.Interfac
Resource("clusterpolicyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
- Watch()
+ Watch(ctx)
}
// Create takes the representation of a clusterPolicyViolation and creates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
-func (c *clusterPolicyViolations) Create(clusterPolicyViolation *v1.ClusterPolicyViolation) (result *v1.ClusterPolicyViolation, err error) {
+func (c *clusterPolicyViolations) Create(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.CreateOptions) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Post().
Resource("clusterpolicyviolations").
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(clusterPolicyViolation).
- Do().
+ Do(ctx).
Into(result)
return
}
// Update takes the representation of a clusterPolicyViolation and updates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
-func (c *clusterPolicyViolations) Update(clusterPolicyViolation *v1.ClusterPolicyViolation) (result *v1.ClusterPolicyViolation, err error) {
+func (c *clusterPolicyViolations) Update(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.UpdateOptions) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Put().
Resource("clusterpolicyviolations").
Name(clusterPolicyViolation.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(clusterPolicyViolation).
- Do().
+ Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-
-func (c *clusterPolicyViolations) UpdateStatus(clusterPolicyViolation *v1.ClusterPolicyViolation) (result *v1.ClusterPolicyViolation, err error) {
+func (c *clusterPolicyViolations) UpdateStatus(ctx context.Context, clusterPolicyViolation *v1.ClusterPolicyViolation, opts metav1.UpdateOptions) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Put().
Resource("clusterpolicyviolations").
Name(clusterPolicyViolation.Name).
SubResource("status").
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(clusterPolicyViolation).
- Do().
+ Do(ctx).
Into(result)
return
}
// Delete takes name of the clusterPolicyViolation and deletes it. Returns an error if one occurs.
-func (c *clusterPolicyViolations) Delete(name string, options *metav1.DeleteOptions) error {
+func (c *clusterPolicyViolations) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
return c.client.Delete().
Resource("clusterpolicyviolations").
Name(name).
- Body(options).
- Do().
+ Body(&opts).
+ Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
-func (c *clusterPolicyViolations) DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error {
+func (c *clusterPolicyViolations) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
var timeout time.Duration
- if listOptions.TimeoutSeconds != nil {
- timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Resource("clusterpolicyviolations").
- VersionedParams(&listOptions, scheme.ParameterCodec).
+ VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
- Body(options).
- Do().
+ Body(&opts).
+ Do(ctx).
Error()
}
// Patch applies the patch and returns the patched clusterPolicyViolation.
-func (c *clusterPolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.ClusterPolicyViolation, err error) {
+func (c *clusterPolicyViolations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterPolicyViolation, err error) {
result = &v1.ClusterPolicyViolation{}
err = c.client.Patch(pt).
Resource("clusterpolicyviolations").
- SubResource(subresources...).
Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
- Do().
+ Do(ctx).
Into(result)
return
}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/doc.go b/pkg/client/clientset/versioned/typed/kyverno/v1/doc.go
old mode 100644
new mode 100755
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/doc.go b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/doc.go
old mode 100644
new mode 100755
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicy.go b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicy.go
old mode 100644
new mode 100755
index dcca705f1f..3da3f1588d
--- a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicy.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicy.go
@@ -19,6 +19,8 @@ limitations under the License.
package fake
import (
+ "context"
+
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
@@ -38,7 +40,7 @@ var clusterpoliciesResource = schema.GroupVersionResource{Group: "kyverno.io", V
var clusterpoliciesKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "ClusterPolicy"}
// Get takes name of the clusterPolicy, and returns the corresponding clusterPolicy object, and an error if there is any.
-func (c *FakeClusterPolicies) Get(name string, options v1.GetOptions) (result *kyvernov1.ClusterPolicy, err error) {
+func (c *FakeClusterPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *kyvernov1.ClusterPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(clusterpoliciesResource, name), &kyvernov1.ClusterPolicy{})
if obj == nil {
@@ -48,7 +50,7 @@ func (c *FakeClusterPolicies) Get(name string, options v1.GetOptions) (result *k
}
// List takes label and field selectors, and returns the list of ClusterPolicies that match those selectors.
-func (c *FakeClusterPolicies) List(opts v1.ListOptions) (result *kyvernov1.ClusterPolicyList, err error) {
+func (c *FakeClusterPolicies) List(ctx context.Context, opts v1.ListOptions) (result *kyvernov1.ClusterPolicyList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(clusterpoliciesResource, clusterpoliciesKind, opts), &kyvernov1.ClusterPolicyList{})
if obj == nil {
@@ -69,13 +71,13 @@ func (c *FakeClusterPolicies) List(opts v1.ListOptions) (result *kyvernov1.Clust
}
// Watch returns a watch.Interface that watches the requested clusterPolicies.
-func (c *FakeClusterPolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
+func (c *FakeClusterPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(clusterpoliciesResource, opts))
}
// Create takes the representation of a clusterPolicy and creates it. Returns the server's representation of the clusterPolicy, and an error, if there is any.
-func (c *FakeClusterPolicies) Create(clusterPolicy *kyvernov1.ClusterPolicy) (result *kyvernov1.ClusterPolicy, err error) {
+func (c *FakeClusterPolicies) Create(ctx context.Context, clusterPolicy *kyvernov1.ClusterPolicy, opts v1.CreateOptions) (result *kyvernov1.ClusterPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(clusterpoliciesResource, clusterPolicy), &kyvernov1.ClusterPolicy{})
if obj == nil {
@@ -85,7 +87,7 @@ func (c *FakeClusterPolicies) Create(clusterPolicy *kyvernov1.ClusterPolicy) (re
}
// Update takes the representation of a clusterPolicy and updates it. Returns the server's representation of the clusterPolicy, and an error, if there is any.
-func (c *FakeClusterPolicies) Update(clusterPolicy *kyvernov1.ClusterPolicy) (result *kyvernov1.ClusterPolicy, err error) {
+func (c *FakeClusterPolicies) Update(ctx context.Context, clusterPolicy *kyvernov1.ClusterPolicy, opts v1.UpdateOptions) (result *kyvernov1.ClusterPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(clusterpoliciesResource, clusterPolicy), &kyvernov1.ClusterPolicy{})
if obj == nil {
@@ -96,7 +98,7 @@ func (c *FakeClusterPolicies) Update(clusterPolicy *kyvernov1.ClusterPolicy) (re
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *FakeClusterPolicies) UpdateStatus(clusterPolicy *kyvernov1.ClusterPolicy) (*kyvernov1.ClusterPolicy, error) {
+func (c *FakeClusterPolicies) UpdateStatus(ctx context.Context, clusterPolicy *kyvernov1.ClusterPolicy, opts v1.UpdateOptions) (*kyvernov1.ClusterPolicy, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(clusterpoliciesResource, "status", clusterPolicy), &kyvernov1.ClusterPolicy{})
if obj == nil {
@@ -106,22 +108,22 @@ func (c *FakeClusterPolicies) UpdateStatus(clusterPolicy *kyvernov1.ClusterPolic
}
// Delete takes name of the clusterPolicy and deletes it. Returns an error if one occurs.
-func (c *FakeClusterPolicies) Delete(name string, options *v1.DeleteOptions) error {
+func (c *FakeClusterPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(clusterpoliciesResource, name), &kyvernov1.ClusterPolicy{})
return err
}
// DeleteCollection deletes a collection of objects.
-func (c *FakeClusterPolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
- action := testing.NewRootDeleteCollectionAction(clusterpoliciesResource, listOptions)
+func (c *FakeClusterPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ action := testing.NewRootDeleteCollectionAction(clusterpoliciesResource, listOpts)
_, err := c.Fake.Invokes(action, &kyvernov1.ClusterPolicyList{})
return err
}
// Patch applies the patch and returns the patched clusterPolicy.
-func (c *FakeClusterPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kyvernov1.ClusterPolicy, err error) {
+func (c *FakeClusterPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *kyvernov1.ClusterPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(clusterpoliciesResource, name, pt, data, subresources...), &kyvernov1.ClusterPolicy{})
if obj == nil {
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicyviolation.go b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicyviolation.go
old mode 100644
new mode 100755
index bf5f2f6f66..4cc4ca4d73
--- a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicyviolation.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_clusterpolicyviolation.go
@@ -19,6 +19,8 @@ limitations under the License.
package fake
import (
+ "context"
+
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
@@ -38,7 +40,7 @@ var clusterpolicyviolationsResource = schema.GroupVersionResource{Group: "kyvern
var clusterpolicyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "ClusterPolicyViolation"}
// Get takes name of the clusterPolicyViolation, and returns the corresponding clusterPolicyViolation object, and an error if there is any.
-func (c *FakeClusterPolicyViolations) Get(name string, options v1.GetOptions) (result *kyvernov1.ClusterPolicyViolation, err error) {
+func (c *FakeClusterPolicyViolations) Get(ctx context.Context, name string, options v1.GetOptions) (result *kyvernov1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(clusterpolicyviolationsResource, name), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
@@ -48,7 +50,7 @@ func (c *FakeClusterPolicyViolations) Get(name string, options v1.GetOptions) (r
}
// List takes label and field selectors, and returns the list of ClusterPolicyViolations that match those selectors.
-func (c *FakeClusterPolicyViolations) List(opts v1.ListOptions) (result *kyvernov1.ClusterPolicyViolationList, err error) {
+func (c *FakeClusterPolicyViolations) List(ctx context.Context, opts v1.ListOptions) (result *kyvernov1.ClusterPolicyViolationList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(clusterpolicyviolationsResource, clusterpolicyviolationsKind, opts), &kyvernov1.ClusterPolicyViolationList{})
if obj == nil {
@@ -69,13 +71,13 @@ func (c *FakeClusterPolicyViolations) List(opts v1.ListOptions) (result *kyverno
}
// Watch returns a watch.Interface that watches the requested clusterPolicyViolations.
-func (c *FakeClusterPolicyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
+func (c *FakeClusterPolicyViolations) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(clusterpolicyviolationsResource, opts))
}
// Create takes the representation of a clusterPolicyViolation and creates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
-func (c *FakeClusterPolicyViolations) Create(clusterPolicyViolation *kyvernov1.ClusterPolicyViolation) (result *kyvernov1.ClusterPolicyViolation, err error) {
+func (c *FakeClusterPolicyViolations) Create(ctx context.Context, clusterPolicyViolation *kyvernov1.ClusterPolicyViolation, opts v1.CreateOptions) (result *kyvernov1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(clusterpolicyviolationsResource, clusterPolicyViolation), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
@@ -85,7 +87,7 @@ func (c *FakeClusterPolicyViolations) Create(clusterPolicyViolation *kyvernov1.C
}
// Update takes the representation of a clusterPolicyViolation and updates it. Returns the server's representation of the clusterPolicyViolation, and an error, if there is any.
-func (c *FakeClusterPolicyViolations) Update(clusterPolicyViolation *kyvernov1.ClusterPolicyViolation) (result *kyvernov1.ClusterPolicyViolation, err error) {
+func (c *FakeClusterPolicyViolations) Update(ctx context.Context, clusterPolicyViolation *kyvernov1.ClusterPolicyViolation, opts v1.UpdateOptions) (result *kyvernov1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(clusterpolicyviolationsResource, clusterPolicyViolation), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
@@ -96,7 +98,7 @@ func (c *FakeClusterPolicyViolations) Update(clusterPolicyViolation *kyvernov1.C
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *FakeClusterPolicyViolations) UpdateStatus(clusterPolicyViolation *kyvernov1.ClusterPolicyViolation) (*kyvernov1.ClusterPolicyViolation, error) {
+func (c *FakeClusterPolicyViolations) UpdateStatus(ctx context.Context, clusterPolicyViolation *kyvernov1.ClusterPolicyViolation, opts v1.UpdateOptions) (*kyvernov1.ClusterPolicyViolation, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(clusterpolicyviolationsResource, "status", clusterPolicyViolation), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
@@ -106,22 +108,22 @@ func (c *FakeClusterPolicyViolations) UpdateStatus(clusterPolicyViolation *kyver
}
// Delete takes name of the clusterPolicyViolation and deletes it. Returns an error if one occurs.
-func (c *FakeClusterPolicyViolations) Delete(name string, options *v1.DeleteOptions) error {
+func (c *FakeClusterPolicyViolations) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(clusterpolicyviolationsResource, name), &kyvernov1.ClusterPolicyViolation{})
return err
}
// DeleteCollection deletes a collection of objects.
-func (c *FakeClusterPolicyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
- action := testing.NewRootDeleteCollectionAction(clusterpolicyviolationsResource, listOptions)
+func (c *FakeClusterPolicyViolations) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ action := testing.NewRootDeleteCollectionAction(clusterpolicyviolationsResource, listOpts)
_, err := c.Fake.Invokes(action, &kyvernov1.ClusterPolicyViolationList{})
return err
}
// Patch applies the patch and returns the patched clusterPolicyViolation.
-func (c *FakeClusterPolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kyvernov1.ClusterPolicyViolation, err error) {
+func (c *FakeClusterPolicyViolations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *kyvernov1.ClusterPolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyviolationsResource, name, pt, data, subresources...), &kyvernov1.ClusterPolicyViolation{})
if obj == nil {
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_generaterequest.go b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_generaterequest.go
old mode 100644
new mode 100755
index 8a5bec7485..67790c6097
--- a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_generaterequest.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_generaterequest.go
@@ -19,6 +19,8 @@ limitations under the License.
package fake
import (
+ "context"
+
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
@@ -39,7 +41,7 @@ var generaterequestsResource = schema.GroupVersionResource{Group: "kyverno.io",
var generaterequestsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "GenerateRequest"}
// Get takes name of the generateRequest, and returns the corresponding generateRequest object, and an error if there is any.
-func (c *FakeGenerateRequests) Get(name string, options v1.GetOptions) (result *kyvernov1.GenerateRequest, err error) {
+func (c *FakeGenerateRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *kyvernov1.GenerateRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(generaterequestsResource, c.ns, name), &kyvernov1.GenerateRequest{})
@@ -50,7 +52,7 @@ func (c *FakeGenerateRequests) Get(name string, options v1.GetOptions) (result *
}
// List takes label and field selectors, and returns the list of GenerateRequests that match those selectors.
-func (c *FakeGenerateRequests) List(opts v1.ListOptions) (result *kyvernov1.GenerateRequestList, err error) {
+func (c *FakeGenerateRequests) List(ctx context.Context, opts v1.ListOptions) (result *kyvernov1.GenerateRequestList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(generaterequestsResource, generaterequestsKind, c.ns, opts), &kyvernov1.GenerateRequestList{})
@@ -72,14 +74,14 @@ func (c *FakeGenerateRequests) List(opts v1.ListOptions) (result *kyvernov1.Gene
}
// Watch returns a watch.Interface that watches the requested generateRequests.
-func (c *FakeGenerateRequests) Watch(opts v1.ListOptions) (watch.Interface, error) {
+func (c *FakeGenerateRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(generaterequestsResource, c.ns, opts))
}
// Create takes the representation of a generateRequest and creates it. Returns the server's representation of the generateRequest, and an error, if there is any.
-func (c *FakeGenerateRequests) Create(generateRequest *kyvernov1.GenerateRequest) (result *kyvernov1.GenerateRequest, err error) {
+func (c *FakeGenerateRequests) Create(ctx context.Context, generateRequest *kyvernov1.GenerateRequest, opts v1.CreateOptions) (result *kyvernov1.GenerateRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(generaterequestsResource, c.ns, generateRequest), &kyvernov1.GenerateRequest{})
@@ -90,7 +92,7 @@ func (c *FakeGenerateRequests) Create(generateRequest *kyvernov1.GenerateRequest
}
// Update takes the representation of a generateRequest and updates it. Returns the server's representation of the generateRequest, and an error, if there is any.
-func (c *FakeGenerateRequests) Update(generateRequest *kyvernov1.GenerateRequest) (result *kyvernov1.GenerateRequest, err error) {
+func (c *FakeGenerateRequests) Update(ctx context.Context, generateRequest *kyvernov1.GenerateRequest, opts v1.UpdateOptions) (result *kyvernov1.GenerateRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(generaterequestsResource, c.ns, generateRequest), &kyvernov1.GenerateRequest{})
@@ -102,7 +104,7 @@ func (c *FakeGenerateRequests) Update(generateRequest *kyvernov1.GenerateRequest
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *FakeGenerateRequests) UpdateStatus(generateRequest *kyvernov1.GenerateRequest) (*kyvernov1.GenerateRequest, error) {
+func (c *FakeGenerateRequests) UpdateStatus(ctx context.Context, generateRequest *kyvernov1.GenerateRequest, opts v1.UpdateOptions) (*kyvernov1.GenerateRequest, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(generaterequestsResource, "status", c.ns, generateRequest), &kyvernov1.GenerateRequest{})
@@ -113,7 +115,7 @@ func (c *FakeGenerateRequests) UpdateStatus(generateRequest *kyvernov1.GenerateR
}
// Delete takes name of the generateRequest and deletes it. Returns an error if one occurs.
-func (c *FakeGenerateRequests) Delete(name string, options *v1.DeleteOptions) error {
+func (c *FakeGenerateRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(generaterequestsResource, c.ns, name), &kyvernov1.GenerateRequest{})
@@ -121,15 +123,15 @@ func (c *FakeGenerateRequests) Delete(name string, options *v1.DeleteOptions) er
}
// DeleteCollection deletes a collection of objects.
-func (c *FakeGenerateRequests) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
- action := testing.NewDeleteCollectionAction(generaterequestsResource, c.ns, listOptions)
+func (c *FakeGenerateRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ action := testing.NewDeleteCollectionAction(generaterequestsResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &kyvernov1.GenerateRequestList{})
return err
}
// Patch applies the patch and returns the patched generateRequest.
-func (c *FakeGenerateRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kyvernov1.GenerateRequest, err error) {
+func (c *FakeGenerateRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *kyvernov1.GenerateRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(generaterequestsResource, c.ns, name, pt, data, subresources...), &kyvernov1.GenerateRequest{})
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_kyverno_client.go b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_kyverno_client.go
old mode 100644
new mode 100755
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policy.go b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policy.go
old mode 100644
new mode 100755
index ef12ef858a..ee544b69d0
--- a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policy.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policy.go
@@ -19,6 +19,8 @@ limitations under the License.
package fake
import (
+ "context"
+
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
@@ -39,7 +41,7 @@ var policiesResource = schema.GroupVersionResource{Group: "kyverno.io", Version:
var policiesKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "Policy"}
// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any.
-func (c *FakePolicies) Get(name string, options v1.GetOptions) (result *kyvernov1.Policy, err error) {
+func (c *FakePolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *kyvernov1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(policiesResource, c.ns, name), &kyvernov1.Policy{})
@@ -50,7 +52,7 @@ func (c *FakePolicies) Get(name string, options v1.GetOptions) (result *kyvernov
}
// List takes label and field selectors, and returns the list of Policies that match those selectors.
-func (c *FakePolicies) List(opts v1.ListOptions) (result *kyvernov1.PolicyList, err error) {
+func (c *FakePolicies) List(ctx context.Context, opts v1.ListOptions) (result *kyvernov1.PolicyList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(policiesResource, policiesKind, c.ns, opts), &kyvernov1.PolicyList{})
@@ -72,14 +74,14 @@ func (c *FakePolicies) List(opts v1.ListOptions) (result *kyvernov1.PolicyList,
}
// Watch returns a watch.Interface that watches the requested policies.
-func (c *FakePolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
+func (c *FakePolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(policiesResource, c.ns, opts))
}
// Create takes the representation of a policy and creates it. Returns the server's representation of the policy, and an error, if there is any.
-func (c *FakePolicies) Create(policy *kyvernov1.Policy) (result *kyvernov1.Policy, err error) {
+func (c *FakePolicies) Create(ctx context.Context, policy *kyvernov1.Policy, opts v1.CreateOptions) (result *kyvernov1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(policiesResource, c.ns, policy), &kyvernov1.Policy{})
@@ -90,7 +92,7 @@ func (c *FakePolicies) Create(policy *kyvernov1.Policy) (result *kyvernov1.Polic
}
// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any.
-func (c *FakePolicies) Update(policy *kyvernov1.Policy) (result *kyvernov1.Policy, err error) {
+func (c *FakePolicies) Update(ctx context.Context, policy *kyvernov1.Policy, opts v1.UpdateOptions) (result *kyvernov1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(policiesResource, c.ns, policy), &kyvernov1.Policy{})
@@ -102,7 +104,7 @@ func (c *FakePolicies) Update(policy *kyvernov1.Policy) (result *kyvernov1.Polic
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *FakePolicies) UpdateStatus(policy *kyvernov1.Policy) (*kyvernov1.Policy, error) {
+func (c *FakePolicies) UpdateStatus(ctx context.Context, policy *kyvernov1.Policy, opts v1.UpdateOptions) (*kyvernov1.Policy, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(policiesResource, "status", c.ns, policy), &kyvernov1.Policy{})
@@ -113,7 +115,7 @@ func (c *FakePolicies) UpdateStatus(policy *kyvernov1.Policy) (*kyvernov1.Policy
}
// Delete takes name of the policy and deletes it. Returns an error if one occurs.
-func (c *FakePolicies) Delete(name string, options *v1.DeleteOptions) error {
+func (c *FakePolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(policiesResource, c.ns, name), &kyvernov1.Policy{})
@@ -121,15 +123,15 @@ func (c *FakePolicies) Delete(name string, options *v1.DeleteOptions) error {
}
// DeleteCollection deletes a collection of objects.
-func (c *FakePolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
- action := testing.NewDeleteCollectionAction(policiesResource, c.ns, listOptions)
+func (c *FakePolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ action := testing.NewDeleteCollectionAction(policiesResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &kyvernov1.PolicyList{})
return err
}
// Patch applies the patch and returns the patched policy.
-func (c *FakePolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kyvernov1.Policy, err error) {
+func (c *FakePolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *kyvernov1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(policiesResource, c.ns, name, pt, data, subresources...), &kyvernov1.Policy{})
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policyviolation.go b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policyviolation.go
old mode 100644
new mode 100755
index a815bc045f..37d85a2b16
--- a/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policyviolation.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1/fake/fake_policyviolation.go
@@ -19,6 +19,8 @@ limitations under the License.
package fake
import (
+ "context"
+
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
@@ -39,7 +41,7 @@ var policyviolationsResource = schema.GroupVersionResource{Group: "kyverno.io",
var policyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1", Kind: "PolicyViolation"}
// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any.
-func (c *FakePolicyViolations) Get(name string, options v1.GetOptions) (result *kyvernov1.PolicyViolation, err error) {
+func (c *FakePolicyViolations) Get(ctx context.Context, name string, options v1.GetOptions) (result *kyvernov1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(policyviolationsResource, c.ns, name), &kyvernov1.PolicyViolation{})
@@ -50,7 +52,7 @@ func (c *FakePolicyViolations) Get(name string, options v1.GetOptions) (result *
}
// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors.
-func (c *FakePolicyViolations) List(opts v1.ListOptions) (result *kyvernov1.PolicyViolationList, err error) {
+func (c *FakePolicyViolations) List(ctx context.Context, opts v1.ListOptions) (result *kyvernov1.PolicyViolationList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(policyviolationsResource, policyviolationsKind, c.ns, opts), &kyvernov1.PolicyViolationList{})
@@ -72,14 +74,14 @@ func (c *FakePolicyViolations) List(opts v1.ListOptions) (result *kyvernov1.Poli
}
// Watch returns a watch.Interface that watches the requested policyViolations.
-func (c *FakePolicyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
+func (c *FakePolicyViolations) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(policyviolationsResource, c.ns, opts))
}
// Create takes the representation of a policyViolation and creates it. Returns the server's representation of the policyViolation, and an error, if there is any.
-func (c *FakePolicyViolations) Create(policyViolation *kyvernov1.PolicyViolation) (result *kyvernov1.PolicyViolation, err error) {
+func (c *FakePolicyViolations) Create(ctx context.Context, policyViolation *kyvernov1.PolicyViolation, opts v1.CreateOptions) (result *kyvernov1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(policyviolationsResource, c.ns, policyViolation), &kyvernov1.PolicyViolation{})
@@ -90,7 +92,7 @@ func (c *FakePolicyViolations) Create(policyViolation *kyvernov1.PolicyViolation
}
// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any.
-func (c *FakePolicyViolations) Update(policyViolation *kyvernov1.PolicyViolation) (result *kyvernov1.PolicyViolation, err error) {
+func (c *FakePolicyViolations) Update(ctx context.Context, policyViolation *kyvernov1.PolicyViolation, opts v1.UpdateOptions) (result *kyvernov1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(policyviolationsResource, c.ns, policyViolation), &kyvernov1.PolicyViolation{})
@@ -102,7 +104,7 @@ func (c *FakePolicyViolations) Update(policyViolation *kyvernov1.PolicyViolation
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *FakePolicyViolations) UpdateStatus(policyViolation *kyvernov1.PolicyViolation) (*kyvernov1.PolicyViolation, error) {
+func (c *FakePolicyViolations) UpdateStatus(ctx context.Context, policyViolation *kyvernov1.PolicyViolation, opts v1.UpdateOptions) (*kyvernov1.PolicyViolation, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(policyviolationsResource, "status", c.ns, policyViolation), &kyvernov1.PolicyViolation{})
@@ -113,7 +115,7 @@ func (c *FakePolicyViolations) UpdateStatus(policyViolation *kyvernov1.PolicyVio
}
// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs.
-func (c *FakePolicyViolations) Delete(name string, options *v1.DeleteOptions) error {
+func (c *FakePolicyViolations) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(policyviolationsResource, c.ns, name), &kyvernov1.PolicyViolation{})
@@ -121,15 +123,15 @@ func (c *FakePolicyViolations) Delete(name string, options *v1.DeleteOptions) er
}
// DeleteCollection deletes a collection of objects.
-func (c *FakePolicyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
- action := testing.NewDeleteCollectionAction(policyviolationsResource, c.ns, listOptions)
+func (c *FakePolicyViolations) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ action := testing.NewDeleteCollectionAction(policyviolationsResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &kyvernov1.PolicyViolationList{})
return err
}
// Patch applies the patch and returns the patched policyViolation.
-func (c *FakePolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kyvernov1.PolicyViolation, err error) {
+func (c *FakePolicyViolations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *kyvernov1.PolicyViolation, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(policyviolationsResource, c.ns, name, pt, data, subresources...), &kyvernov1.PolicyViolation{})
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/kyverno/v1/generated_expansion.go
old mode 100644
new mode 100755
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/generaterequest.go b/pkg/client/clientset/versioned/typed/kyverno/v1/generaterequest.go
old mode 100644
new mode 100755
index dded57c9aa..13913e8474
--- a/pkg/client/clientset/versioned/typed/kyverno/v1/generaterequest.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1/generaterequest.go
@@ -19,6 +19,7 @@ limitations under the License.
package v1
import (
+ "context"
"time"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@@ -37,15 +38,15 @@ type GenerateRequestsGetter interface {
// GenerateRequestInterface has methods to work with GenerateRequest resources.
type GenerateRequestInterface interface {
- Create(*v1.GenerateRequest) (*v1.GenerateRequest, error)
- Update(*v1.GenerateRequest) (*v1.GenerateRequest, error)
- UpdateStatus(*v1.GenerateRequest) (*v1.GenerateRequest, error)
- Delete(name string, options *metav1.DeleteOptions) error
- DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error
- Get(name string, options metav1.GetOptions) (*v1.GenerateRequest, error)
- List(opts metav1.ListOptions) (*v1.GenerateRequestList, error)
- Watch(opts metav1.ListOptions) (watch.Interface, error)
- Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.GenerateRequest, err error)
+ Create(ctx context.Context, generateRequest *v1.GenerateRequest, opts metav1.CreateOptions) (*v1.GenerateRequest, error)
+ Update(ctx context.Context, generateRequest *v1.GenerateRequest, opts metav1.UpdateOptions) (*v1.GenerateRequest, error)
+ UpdateStatus(ctx context.Context, generateRequest *v1.GenerateRequest, opts metav1.UpdateOptions) (*v1.GenerateRequest, error)
+ Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+ Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.GenerateRequest, error)
+ List(ctx context.Context, opts metav1.ListOptions) (*v1.GenerateRequestList, error)
+ Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.GenerateRequest, err error)
GenerateRequestExpansion
}
@@ -64,20 +65,20 @@ func newGenerateRequests(c *KyvernoV1Client, namespace string) *generateRequests
}
// Get takes name of the generateRequest, and returns the corresponding generateRequest object, and an error if there is any.
-func (c *generateRequests) Get(name string, options metav1.GetOptions) (result *v1.GenerateRequest, err error) {
+func (c *generateRequests) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.GenerateRequest, err error) {
result = &v1.GenerateRequest{}
err = c.client.Get().
Namespace(c.ns).
Resource("generaterequests").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
- Do().
+ Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of GenerateRequests that match those selectors.
-func (c *generateRequests) List(opts metav1.ListOptions) (result *v1.GenerateRequestList, err error) {
+func (c *generateRequests) List(ctx context.Context, opts metav1.ListOptions) (result *v1.GenerateRequestList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
@@ -88,13 +89,13 @@ func (c *generateRequests) List(opts metav1.ListOptions) (result *v1.GenerateReq
Resource("generaterequests").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
- Do().
+ Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested generateRequests.
-func (c *generateRequests) Watch(opts metav1.ListOptions) (watch.Interface, error) {
+func (c *generateRequests) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
@@ -105,87 +106,90 @@ func (c *generateRequests) Watch(opts metav1.ListOptions) (watch.Interface, erro
Resource("generaterequests").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
- Watch()
+ Watch(ctx)
}
// Create takes the representation of a generateRequest and creates it. Returns the server's representation of the generateRequest, and an error, if there is any.
-func (c *generateRequests) Create(generateRequest *v1.GenerateRequest) (result *v1.GenerateRequest, err error) {
+func (c *generateRequests) Create(ctx context.Context, generateRequest *v1.GenerateRequest, opts metav1.CreateOptions) (result *v1.GenerateRequest, err error) {
result = &v1.GenerateRequest{}
err = c.client.Post().
Namespace(c.ns).
Resource("generaterequests").
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(generateRequest).
- Do().
+ Do(ctx).
Into(result)
return
}
// Update takes the representation of a generateRequest and updates it. Returns the server's representation of the generateRequest, and an error, if there is any.
-func (c *generateRequests) Update(generateRequest *v1.GenerateRequest) (result *v1.GenerateRequest, err error) {
+func (c *generateRequests) Update(ctx context.Context, generateRequest *v1.GenerateRequest, opts metav1.UpdateOptions) (result *v1.GenerateRequest, err error) {
result = &v1.GenerateRequest{}
err = c.client.Put().
Namespace(c.ns).
Resource("generaterequests").
Name(generateRequest.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(generateRequest).
- Do().
+ Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-
-func (c *generateRequests) UpdateStatus(generateRequest *v1.GenerateRequest) (result *v1.GenerateRequest, err error) {
+func (c *generateRequests) UpdateStatus(ctx context.Context, generateRequest *v1.GenerateRequest, opts metav1.UpdateOptions) (result *v1.GenerateRequest, err error) {
result = &v1.GenerateRequest{}
err = c.client.Put().
Namespace(c.ns).
Resource("generaterequests").
Name(generateRequest.Name).
SubResource("status").
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(generateRequest).
- Do().
+ Do(ctx).
Into(result)
return
}
// Delete takes name of the generateRequest and deletes it. Returns an error if one occurs.
-func (c *generateRequests) Delete(name string, options *metav1.DeleteOptions) error {
+func (c *generateRequests) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("generaterequests").
Name(name).
- Body(options).
- Do().
+ Body(&opts).
+ Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
-func (c *generateRequests) DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error {
+func (c *generateRequests) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
var timeout time.Duration
- if listOptions.TimeoutSeconds != nil {
- timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("generaterequests").
- VersionedParams(&listOptions, scheme.ParameterCodec).
+ VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
- Body(options).
- Do().
+ Body(&opts).
+ Do(ctx).
Error()
}
// Patch applies the patch and returns the patched generateRequest.
-func (c *generateRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.GenerateRequest, err error) {
+func (c *generateRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.GenerateRequest, err error) {
result = &v1.GenerateRequest{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("generaterequests").
- SubResource(subresources...).
Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
- Do().
+ Do(ctx).
Into(result)
return
}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/kyverno_client.go b/pkg/client/clientset/versioned/typed/kyverno/v1/kyverno_client.go
old mode 100644
new mode 100755
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/policy.go b/pkg/client/clientset/versioned/typed/kyverno/v1/policy.go
old mode 100644
new mode 100755
index 2a68572f53..d00e1d9b93
--- a/pkg/client/clientset/versioned/typed/kyverno/v1/policy.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1/policy.go
@@ -19,6 +19,7 @@ limitations under the License.
package v1
import (
+ "context"
"time"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@@ -37,15 +38,15 @@ type PoliciesGetter interface {
// PolicyInterface has methods to work with Policy resources.
type PolicyInterface interface {
- Create(*v1.Policy) (*v1.Policy, error)
- Update(*v1.Policy) (*v1.Policy, error)
- UpdateStatus(*v1.Policy) (*v1.Policy, error)
- Delete(name string, options *metav1.DeleteOptions) error
- DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error
- Get(name string, options metav1.GetOptions) (*v1.Policy, error)
- List(opts metav1.ListOptions) (*v1.PolicyList, error)
- Watch(opts metav1.ListOptions) (watch.Interface, error)
- Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.Policy, err error)
+ Create(ctx context.Context, policy *v1.Policy, opts metav1.CreateOptions) (*v1.Policy, error)
+ Update(ctx context.Context, policy *v1.Policy, opts metav1.UpdateOptions) (*v1.Policy, error)
+ UpdateStatus(ctx context.Context, policy *v1.Policy, opts metav1.UpdateOptions) (*v1.Policy, error)
+ Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+ Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Policy, error)
+ List(ctx context.Context, opts metav1.ListOptions) (*v1.PolicyList, error)
+ Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Policy, err error)
PolicyExpansion
}
@@ -64,20 +65,20 @@ func newPolicies(c *KyvernoV1Client, namespace string) *policies {
}
// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any.
-func (c *policies) Get(name string, options metav1.GetOptions) (result *v1.Policy, err error) {
+func (c *policies) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Policy, err error) {
result = &v1.Policy{}
err = c.client.Get().
Namespace(c.ns).
Resource("policies").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
- Do().
+ Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of Policies that match those selectors.
-func (c *policies) List(opts metav1.ListOptions) (result *v1.PolicyList, err error) {
+func (c *policies) List(ctx context.Context, opts metav1.ListOptions) (result *v1.PolicyList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
@@ -88,13 +89,13 @@ func (c *policies) List(opts metav1.ListOptions) (result *v1.PolicyList, err err
Resource("policies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
- Do().
+ Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested policies.
-func (c *policies) Watch(opts metav1.ListOptions) (watch.Interface, error) {
+func (c *policies) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
@@ -105,87 +106,90 @@ func (c *policies) Watch(opts metav1.ListOptions) (watch.Interface, error) {
Resource("policies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
- Watch()
+ Watch(ctx)
}
// Create takes the representation of a policy and creates it. Returns the server's representation of the policy, and an error, if there is any.
-func (c *policies) Create(policy *v1.Policy) (result *v1.Policy, err error) {
+func (c *policies) Create(ctx context.Context, policy *v1.Policy, opts metav1.CreateOptions) (result *v1.Policy, err error) {
result = &v1.Policy{}
err = c.client.Post().
Namespace(c.ns).
Resource("policies").
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(policy).
- Do().
+ Do(ctx).
Into(result)
return
}
// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any.
-func (c *policies) Update(policy *v1.Policy) (result *v1.Policy, err error) {
+func (c *policies) Update(ctx context.Context, policy *v1.Policy, opts metav1.UpdateOptions) (result *v1.Policy, err error) {
result = &v1.Policy{}
err = c.client.Put().
Namespace(c.ns).
Resource("policies").
Name(policy.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(policy).
- Do().
+ Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-
-func (c *policies) UpdateStatus(policy *v1.Policy) (result *v1.Policy, err error) {
+func (c *policies) UpdateStatus(ctx context.Context, policy *v1.Policy, opts metav1.UpdateOptions) (result *v1.Policy, err error) {
result = &v1.Policy{}
err = c.client.Put().
Namespace(c.ns).
Resource("policies").
Name(policy.Name).
SubResource("status").
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(policy).
- Do().
+ Do(ctx).
Into(result)
return
}
// Delete takes name of the policy and deletes it. Returns an error if one occurs.
-func (c *policies) Delete(name string, options *metav1.DeleteOptions) error {
+func (c *policies) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("policies").
Name(name).
- Body(options).
- Do().
+ Body(&opts).
+ Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
-func (c *policies) DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error {
+func (c *policies) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
var timeout time.Duration
- if listOptions.TimeoutSeconds != nil {
- timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("policies").
- VersionedParams(&listOptions, scheme.ParameterCodec).
+ VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
- Body(options).
- Do().
+ Body(&opts).
+ Do(ctx).
Error()
}
// Patch applies the patch and returns the patched policy.
-func (c *policies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.Policy, err error) {
+func (c *policies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Policy, err error) {
result = &v1.Policy{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("policies").
- SubResource(subresources...).
Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
- Do().
+ Do(ctx).
Into(result)
return
}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1/policyviolation.go b/pkg/client/clientset/versioned/typed/kyverno/v1/policyviolation.go
old mode 100644
new mode 100755
index 6fe7536aeb..cc5659f1f1
--- a/pkg/client/clientset/versioned/typed/kyverno/v1/policyviolation.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1/policyviolation.go
@@ -19,6 +19,7 @@ limitations under the License.
package v1
import (
+ "context"
"time"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@@ -37,15 +38,15 @@ type PolicyViolationsGetter interface {
// PolicyViolationInterface has methods to work with PolicyViolation resources.
type PolicyViolationInterface interface {
- Create(*v1.PolicyViolation) (*v1.PolicyViolation, error)
- Update(*v1.PolicyViolation) (*v1.PolicyViolation, error)
- UpdateStatus(*v1.PolicyViolation) (*v1.PolicyViolation, error)
- Delete(name string, options *metav1.DeleteOptions) error
- DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error
- Get(name string, options metav1.GetOptions) (*v1.PolicyViolation, error)
- List(opts metav1.ListOptions) (*v1.PolicyViolationList, error)
- Watch(opts metav1.ListOptions) (watch.Interface, error)
- Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.PolicyViolation, err error)
+ Create(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.CreateOptions) (*v1.PolicyViolation, error)
+ Update(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.UpdateOptions) (*v1.PolicyViolation, error)
+ UpdateStatus(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.UpdateOptions) (*v1.PolicyViolation, error)
+ Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+ Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.PolicyViolation, error)
+ List(ctx context.Context, opts metav1.ListOptions) (*v1.PolicyViolationList, error)
+ Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.PolicyViolation, err error)
PolicyViolationExpansion
}
@@ -64,20 +65,20 @@ func newPolicyViolations(c *KyvernoV1Client, namespace string) *policyViolations
}
// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any.
-func (c *policyViolations) Get(name string, options metav1.GetOptions) (result *v1.PolicyViolation, err error) {
+func (c *policyViolations) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.PolicyViolation, err error) {
result = &v1.PolicyViolation{}
err = c.client.Get().
Namespace(c.ns).
Resource("policyviolations").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
- Do().
+ Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors.
-func (c *policyViolations) List(opts metav1.ListOptions) (result *v1.PolicyViolationList, err error) {
+func (c *policyViolations) List(ctx context.Context, opts metav1.ListOptions) (result *v1.PolicyViolationList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
@@ -88,13 +89,13 @@ func (c *policyViolations) List(opts metav1.ListOptions) (result *v1.PolicyViola
Resource("policyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
- Do().
+ Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested policyViolations.
-func (c *policyViolations) Watch(opts metav1.ListOptions) (watch.Interface, error) {
+func (c *policyViolations) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
@@ -105,87 +106,90 @@ func (c *policyViolations) Watch(opts metav1.ListOptions) (watch.Interface, erro
Resource("policyviolations").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
- Watch()
+ Watch(ctx)
}
// Create takes the representation of a policyViolation and creates it. Returns the server's representation of the policyViolation, and an error, if there is any.
-func (c *policyViolations) Create(policyViolation *v1.PolicyViolation) (result *v1.PolicyViolation, err error) {
+func (c *policyViolations) Create(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.CreateOptions) (result *v1.PolicyViolation, err error) {
result = &v1.PolicyViolation{}
err = c.client.Post().
Namespace(c.ns).
Resource("policyviolations").
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(policyViolation).
- Do().
+ Do(ctx).
Into(result)
return
}
// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any.
-func (c *policyViolations) Update(policyViolation *v1.PolicyViolation) (result *v1.PolicyViolation, err error) {
+func (c *policyViolations) Update(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.UpdateOptions) (result *v1.PolicyViolation, err error) {
result = &v1.PolicyViolation{}
err = c.client.Put().
Namespace(c.ns).
Resource("policyviolations").
Name(policyViolation.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(policyViolation).
- Do().
+ Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-
-func (c *policyViolations) UpdateStatus(policyViolation *v1.PolicyViolation) (result *v1.PolicyViolation, err error) {
+func (c *policyViolations) UpdateStatus(ctx context.Context, policyViolation *v1.PolicyViolation, opts metav1.UpdateOptions) (result *v1.PolicyViolation, err error) {
result = &v1.PolicyViolation{}
err = c.client.Put().
Namespace(c.ns).
Resource("policyviolations").
Name(policyViolation.Name).
SubResource("status").
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(policyViolation).
- Do().
+ Do(ctx).
Into(result)
return
}
// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs.
-func (c *policyViolations) Delete(name string, options *metav1.DeleteOptions) error {
+func (c *policyViolations) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("policyviolations").
Name(name).
- Body(options).
- Do().
+ Body(&opts).
+ Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
-func (c *policyViolations) DeleteCollection(options *metav1.DeleteOptions, listOptions metav1.ListOptions) error {
+func (c *policyViolations) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
var timeout time.Duration
- if listOptions.TimeoutSeconds != nil {
- timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("policyviolations").
- VersionedParams(&listOptions, scheme.ParameterCodec).
+ VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
- Body(options).
- Do().
+ Body(&opts).
+ Do(ctx).
Error()
}
// Patch applies the patch and returns the patched policyViolation.
-func (c *policyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1.PolicyViolation, err error) {
+func (c *policyViolations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.PolicyViolation, err error) {
result = &v1.PolicyViolation{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("policyviolations").
- SubResource(subresources...).
Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
- Do().
+ Do(ctx).
Into(result)
return
}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/clusterreportchangerequest.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/clusterreportchangerequest.go
new file mode 100644
index 0000000000..1f9973a1ce
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/clusterreportchangerequest.go
@@ -0,0 +1,168 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "context"
+ "time"
+
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ rest "k8s.io/client-go/rest"
+)
+
+// ClusterReportChangeRequestsGetter has a method to return a ClusterReportChangeRequestInterface.
+// A group's client should implement this interface.
+type ClusterReportChangeRequestsGetter interface {
+ ClusterReportChangeRequests() ClusterReportChangeRequestInterface
+}
+
+// ClusterReportChangeRequestInterface has methods to work with ClusterReportChangeRequest resources.
+type ClusterReportChangeRequestInterface interface {
+ Create(ctx context.Context, clusterReportChangeRequest *v1alpha1.ClusterReportChangeRequest, opts v1.CreateOptions) (*v1alpha1.ClusterReportChangeRequest, error)
+ Update(ctx context.Context, clusterReportChangeRequest *v1alpha1.ClusterReportChangeRequest, opts v1.UpdateOptions) (*v1alpha1.ClusterReportChangeRequest, error)
+ Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+ Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ClusterReportChangeRequest, error)
+ List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ClusterReportChangeRequestList, error)
+ Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterReportChangeRequest, err error)
+ ClusterReportChangeRequestExpansion
+}
+
+// clusterReportChangeRequests implements ClusterReportChangeRequestInterface
+type clusterReportChangeRequests struct {
+ client rest.Interface
+}
+
+// newClusterReportChangeRequests returns a ClusterReportChangeRequests
+func newClusterReportChangeRequests(c *KyvernoV1alpha1Client) *clusterReportChangeRequests {
+ return &clusterReportChangeRequests{
+ client: c.RESTClient(),
+ }
+}
+
+// Get takes name of the clusterReportChangeRequest, and returns the corresponding clusterReportChangeRequest object, and an error if there is any.
+func (c *clusterReportChangeRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterReportChangeRequest, err error) {
+ result = &v1alpha1.ClusterReportChangeRequest{}
+ err = c.client.Get().
+ Resource("clusterreportchangerequests").
+ Name(name).
+ VersionedParams(&options, scheme.ParameterCodec).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// List takes label and field selectors, and returns the list of ClusterReportChangeRequests that match those selectors.
+func (c *clusterReportChangeRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterReportChangeRequestList, err error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ result = &v1alpha1.ClusterReportChangeRequestList{}
+ err = c.client.Get().
+ Resource("clusterreportchangerequests").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Watch returns a watch.Interface that watches the requested clusterReportChangeRequests.
+func (c *clusterReportChangeRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ opts.Watch = true
+ return c.client.Get().
+ Resource("clusterreportchangerequests").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Watch(ctx)
+}
+
+// Create takes the representation of a clusterReportChangeRequest and creates it. Returns the server's representation of the clusterReportChangeRequest, and an error, if there is any.
+func (c *clusterReportChangeRequests) Create(ctx context.Context, clusterReportChangeRequest *v1alpha1.ClusterReportChangeRequest, opts v1.CreateOptions) (result *v1alpha1.ClusterReportChangeRequest, err error) {
+ result = &v1alpha1.ClusterReportChangeRequest{}
+ err = c.client.Post().
+ Resource("clusterreportchangerequests").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(clusterReportChangeRequest).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Update takes the representation of a clusterReportChangeRequest and updates it. Returns the server's representation of the clusterReportChangeRequest, and an error, if there is any.
+func (c *clusterReportChangeRequests) Update(ctx context.Context, clusterReportChangeRequest *v1alpha1.ClusterReportChangeRequest, opts v1.UpdateOptions) (result *v1alpha1.ClusterReportChangeRequest, err error) {
+ result = &v1alpha1.ClusterReportChangeRequest{}
+ err = c.client.Put().
+ Resource("clusterreportchangerequests").
+ Name(clusterReportChangeRequest.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(clusterReportChangeRequest).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Delete takes name of the clusterReportChangeRequest and deletes it. Returns an error if one occurs.
+func (c *clusterReportChangeRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ return c.client.Delete().
+ Resource("clusterreportchangerequests").
+ Name(name).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *clusterReportChangeRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ var timeout time.Duration
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+ }
+ return c.client.Delete().
+ Resource("clusterreportchangerequests").
+ VersionedParams(&listOpts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// Patch applies the patch and returns the patched clusterReportChangeRequest.
+func (c *clusterReportChangeRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterReportChangeRequest, err error) {
+ result = &v1alpha1.ClusterReportChangeRequest{}
+ err = c.client.Patch(pt).
+ Resource("clusterreportchangerequests").
+ Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(data).
+ Do(ctx).
+ Into(result)
+ return
+}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/doc.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/doc.go
new file mode 100644
index 0000000000..df51baa4d4
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/doc.go
@@ -0,0 +1,20 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated typed clients.
+package v1alpha1
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/doc.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/doc.go
new file mode 100644
index 0000000000..16f4439906
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/doc.go
@@ -0,0 +1,20 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// Package fake has the automatically generated clients.
+package fake
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_clusterreportchangerequest.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_clusterreportchangerequest.go
new file mode 100644
index 0000000000..0f709a4e39
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_clusterreportchangerequest.go
@@ -0,0 +1,122 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ "context"
+
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ schema "k8s.io/apimachinery/pkg/runtime/schema"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ testing "k8s.io/client-go/testing"
+)
+
+// FakeClusterReportChangeRequests implements ClusterReportChangeRequestInterface
+type FakeClusterReportChangeRequests struct {
+ Fake *FakeKyvernoV1alpha1
+}
+
+var clusterreportchangerequestsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "clusterreportchangerequests"}
+
+var clusterreportchangerequestsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "ClusterReportChangeRequest"}
+
+// Get takes name of the clusterReportChangeRequest, and returns the corresponding clusterReportChangeRequest object, and an error if there is any.
+func (c *FakeClusterReportChangeRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterReportChangeRequest, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootGetAction(clusterreportchangerequestsResource, name), &v1alpha1.ClusterReportChangeRequest{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ClusterReportChangeRequest), err
+}
+
+// List takes label and field selectors, and returns the list of ClusterReportChangeRequests that match those selectors.
+func (c *FakeClusterReportChangeRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterReportChangeRequestList, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootListAction(clusterreportchangerequestsResource, clusterreportchangerequestsKind, opts), &v1alpha1.ClusterReportChangeRequestList{})
+ if obj == nil {
+ return nil, err
+ }
+
+ label, _, _ := testing.ExtractFromListOptions(opts)
+ if label == nil {
+ label = labels.Everything()
+ }
+ list := &v1alpha1.ClusterReportChangeRequestList{ListMeta: obj.(*v1alpha1.ClusterReportChangeRequestList).ListMeta}
+ for _, item := range obj.(*v1alpha1.ClusterReportChangeRequestList).Items {
+ if label.Matches(labels.Set(item.Labels)) {
+ list.Items = append(list.Items, item)
+ }
+ }
+ return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested clusterReportChangeRequests.
+func (c *FakeClusterReportChangeRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ return c.Fake.
+ InvokesWatch(testing.NewRootWatchAction(clusterreportchangerequestsResource, opts))
+}
+
+// Create takes the representation of a clusterReportChangeRequest and creates it. Returns the server's representation of the clusterReportChangeRequest, and an error, if there is any.
+func (c *FakeClusterReportChangeRequests) Create(ctx context.Context, clusterReportChangeRequest *v1alpha1.ClusterReportChangeRequest, opts v1.CreateOptions) (result *v1alpha1.ClusterReportChangeRequest, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootCreateAction(clusterreportchangerequestsResource, clusterReportChangeRequest), &v1alpha1.ClusterReportChangeRequest{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ClusterReportChangeRequest), err
+}
+
+// Update takes the representation of a clusterReportChangeRequest and updates it. Returns the server's representation of the clusterReportChangeRequest, and an error, if there is any.
+func (c *FakeClusterReportChangeRequests) Update(ctx context.Context, clusterReportChangeRequest *v1alpha1.ClusterReportChangeRequest, opts v1.UpdateOptions) (result *v1alpha1.ClusterReportChangeRequest, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootUpdateAction(clusterreportchangerequestsResource, clusterReportChangeRequest), &v1alpha1.ClusterReportChangeRequest{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ClusterReportChangeRequest), err
+}
+
+// Delete takes name of the clusterReportChangeRequest and deletes it. Returns an error if one occurs.
+func (c *FakeClusterReportChangeRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ _, err := c.Fake.
+ Invokes(testing.NewRootDeleteAction(clusterreportchangerequestsResource, name), &v1alpha1.ClusterReportChangeRequest{})
+ return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeClusterReportChangeRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ action := testing.NewRootDeleteCollectionAction(clusterreportchangerequestsResource, listOpts)
+
+ _, err := c.Fake.Invokes(action, &v1alpha1.ClusterReportChangeRequestList{})
+ return err
+}
+
+// Patch applies the patch and returns the patched clusterReportChangeRequest.
+func (c *FakeClusterReportChangeRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterReportChangeRequest, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootPatchSubresourceAction(clusterreportchangerequestsResource, name, pt, data, subresources...), &v1alpha1.ClusterReportChangeRequest{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ClusterReportChangeRequest), err
+}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_kyverno_client.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_kyverno_client.go
new file mode 100644
index 0000000000..aa7cae6481
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_kyverno_client.go
@@ -0,0 +1,44 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ v1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
+ rest "k8s.io/client-go/rest"
+ testing "k8s.io/client-go/testing"
+)
+
+type FakeKyvernoV1alpha1 struct {
+ *testing.Fake
+}
+
+func (c *FakeKyvernoV1alpha1) ClusterReportChangeRequests() v1alpha1.ClusterReportChangeRequestInterface {
+ return &FakeClusterReportChangeRequests{c}
+}
+
+func (c *FakeKyvernoV1alpha1) ReportChangeRequests(namespace string) v1alpha1.ReportChangeRequestInterface {
+ return &FakeReportChangeRequests{c, namespace}
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *FakeKyvernoV1alpha1) RESTClient() rest.Interface {
+ var ret *rest.RESTClient
+ return ret
+}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_reportchangerequest.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_reportchangerequest.go
new file mode 100644
index 0000000000..5126b2c435
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_reportchangerequest.go
@@ -0,0 +1,130 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ "context"
+
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ schema "k8s.io/apimachinery/pkg/runtime/schema"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ testing "k8s.io/client-go/testing"
+)
+
+// FakeReportChangeRequests implements ReportChangeRequestInterface
+type FakeReportChangeRequests struct {
+ Fake *FakeKyvernoV1alpha1
+ ns string
+}
+
+var reportchangerequestsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "reportchangerequests"}
+
+var reportchangerequestsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "ReportChangeRequest"}
+
+// Get takes name of the reportChangeRequest, and returns the corresponding reportChangeRequest object, and an error if there is any.
+func (c *FakeReportChangeRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ReportChangeRequest, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewGetAction(reportchangerequestsResource, c.ns, name), &v1alpha1.ReportChangeRequest{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ReportChangeRequest), err
+}
+
+// List takes label and field selectors, and returns the list of ReportChangeRequests that match those selectors.
+func (c *FakeReportChangeRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ReportChangeRequestList, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewListAction(reportchangerequestsResource, reportchangerequestsKind, c.ns, opts), &v1alpha1.ReportChangeRequestList{})
+
+ if obj == nil {
+ return nil, err
+ }
+
+ label, _, _ := testing.ExtractFromListOptions(opts)
+ if label == nil {
+ label = labels.Everything()
+ }
+ list := &v1alpha1.ReportChangeRequestList{ListMeta: obj.(*v1alpha1.ReportChangeRequestList).ListMeta}
+ for _, item := range obj.(*v1alpha1.ReportChangeRequestList).Items {
+ if label.Matches(labels.Set(item.Labels)) {
+ list.Items = append(list.Items, item)
+ }
+ }
+ return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested reportChangeRequests.
+func (c *FakeReportChangeRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ return c.Fake.
+ InvokesWatch(testing.NewWatchAction(reportchangerequestsResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a reportChangeRequest and creates it. Returns the server's representation of the reportChangeRequest, and an error, if there is any.
+func (c *FakeReportChangeRequests) Create(ctx context.Context, reportChangeRequest *v1alpha1.ReportChangeRequest, opts v1.CreateOptions) (result *v1alpha1.ReportChangeRequest, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewCreateAction(reportchangerequestsResource, c.ns, reportChangeRequest), &v1alpha1.ReportChangeRequest{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ReportChangeRequest), err
+}
+
+// Update takes the representation of a reportChangeRequest and updates it. Returns the server's representation of the reportChangeRequest, and an error, if there is any.
+func (c *FakeReportChangeRequests) Update(ctx context.Context, reportChangeRequest *v1alpha1.ReportChangeRequest, opts v1.UpdateOptions) (result *v1alpha1.ReportChangeRequest, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewUpdateAction(reportchangerequestsResource, c.ns, reportChangeRequest), &v1alpha1.ReportChangeRequest{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ReportChangeRequest), err
+}
+
+// Delete takes name of the reportChangeRequest and deletes it. Returns an error if one occurs.
+func (c *FakeReportChangeRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ _, err := c.Fake.
+ Invokes(testing.NewDeleteAction(reportchangerequestsResource, c.ns, name), &v1alpha1.ReportChangeRequest{})
+
+ return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeReportChangeRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ action := testing.NewDeleteCollectionAction(reportchangerequestsResource, c.ns, listOpts)
+
+ _, err := c.Fake.Invokes(action, &v1alpha1.ReportChangeRequestList{})
+ return err
+}
+
+// Patch applies the patch and returns the patched reportChangeRequest.
+func (c *FakeReportChangeRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ReportChangeRequest, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewPatchSubresourceAction(reportchangerequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.ReportChangeRequest{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ReportChangeRequest), err
+}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/generated_expansion.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/generated_expansion.go
new file mode 100644
index 0000000000..9fd0ca8807
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/generated_expansion.go
@@ -0,0 +1,23 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+type ClusterReportChangeRequestExpansion interface{}
+
+type ReportChangeRequestExpansion interface{}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/kyverno_client.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/kyverno_client.go
new file mode 100644
index 0000000000..febdd8ffcd
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/kyverno_client.go
@@ -0,0 +1,94 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+ rest "k8s.io/client-go/rest"
+)
+
+type KyvernoV1alpha1Interface interface {
+ RESTClient() rest.Interface
+ ClusterReportChangeRequestsGetter
+ ReportChangeRequestsGetter
+}
+
+// KyvernoV1alpha1Client is used to interact with features provided by the kyverno.io group.
+type KyvernoV1alpha1Client struct {
+ restClient rest.Interface
+}
+
+func (c *KyvernoV1alpha1Client) ClusterReportChangeRequests() ClusterReportChangeRequestInterface {
+ return newClusterReportChangeRequests(c)
+}
+
+func (c *KyvernoV1alpha1Client) ReportChangeRequests(namespace string) ReportChangeRequestInterface {
+ return newReportChangeRequests(c, namespace)
+}
+
+// NewForConfig creates a new KyvernoV1alpha1Client for the given config.
+func NewForConfig(c *rest.Config) (*KyvernoV1alpha1Client, error) {
+ config := *c
+ if err := setConfigDefaults(&config); err != nil {
+ return nil, err
+ }
+ client, err := rest.RESTClientFor(&config)
+ if err != nil {
+ return nil, err
+ }
+ return &KyvernoV1alpha1Client{client}, nil
+}
+
+// NewForConfigOrDie creates a new KyvernoV1alpha1Client for the given config and
+// panics if there is an error in the config.
+func NewForConfigOrDie(c *rest.Config) *KyvernoV1alpha1Client {
+ client, err := NewForConfig(c)
+ if err != nil {
+ panic(err)
+ }
+ return client
+}
+
+// New creates a new KyvernoV1alpha1Client for the given RESTClient.
+func New(c rest.Interface) *KyvernoV1alpha1Client {
+ return &KyvernoV1alpha1Client{c}
+}
+
+func setConfigDefaults(config *rest.Config) error {
+ gv := v1alpha1.SchemeGroupVersion
+ config.GroupVersion = &gv
+ config.APIPath = "/apis"
+ config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
+
+ if config.UserAgent == "" {
+ config.UserAgent = rest.DefaultKubernetesUserAgent()
+ }
+
+ return nil
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *KyvernoV1alpha1Client) RESTClient() rest.Interface {
+ if c == nil {
+ return nil
+ }
+ return c.restClient
+}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/reportchangerequest.go b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/reportchangerequest.go
new file mode 100644
index 0000000000..95e22f3507
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v1alpha1/reportchangerequest.go
@@ -0,0 +1,178 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "context"
+ "time"
+
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ rest "k8s.io/client-go/rest"
+)
+
+// ReportChangeRequestsGetter has a method to return a ReportChangeRequestInterface.
+// A group's client should implement this interface.
+type ReportChangeRequestsGetter interface {
+ ReportChangeRequests(namespace string) ReportChangeRequestInterface
+}
+
+// ReportChangeRequestInterface has methods to work with ReportChangeRequest resources.
+type ReportChangeRequestInterface interface {
+ Create(ctx context.Context, reportChangeRequest *v1alpha1.ReportChangeRequest, opts v1.CreateOptions) (*v1alpha1.ReportChangeRequest, error)
+ Update(ctx context.Context, reportChangeRequest *v1alpha1.ReportChangeRequest, opts v1.UpdateOptions) (*v1alpha1.ReportChangeRequest, error)
+ Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+ Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ReportChangeRequest, error)
+ List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ReportChangeRequestList, error)
+ Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ReportChangeRequest, err error)
+ ReportChangeRequestExpansion
+}
+
+// reportChangeRequests implements ReportChangeRequestInterface
+type reportChangeRequests struct {
+ client rest.Interface
+ ns string
+}
+
+// newReportChangeRequests returns a ReportChangeRequests
+func newReportChangeRequests(c *KyvernoV1alpha1Client, namespace string) *reportChangeRequests {
+ return &reportChangeRequests{
+ client: c.RESTClient(),
+ ns: namespace,
+ }
+}
+
+// Get takes name of the reportChangeRequest, and returns the corresponding reportChangeRequest object, and an error if there is any.
+func (c *reportChangeRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ReportChangeRequest, err error) {
+ result = &v1alpha1.ReportChangeRequest{}
+ err = c.client.Get().
+ Namespace(c.ns).
+ Resource("reportchangerequests").
+ Name(name).
+ VersionedParams(&options, scheme.ParameterCodec).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// List takes label and field selectors, and returns the list of ReportChangeRequests that match those selectors.
+func (c *reportChangeRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ReportChangeRequestList, err error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ result = &v1alpha1.ReportChangeRequestList{}
+ err = c.client.Get().
+ Namespace(c.ns).
+ Resource("reportchangerequests").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Watch returns a watch.Interface that watches the requested reportChangeRequests.
+func (c *reportChangeRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ opts.Watch = true
+ return c.client.Get().
+ Namespace(c.ns).
+ Resource("reportchangerequests").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Watch(ctx)
+}
+
+// Create takes the representation of a reportChangeRequest and creates it. Returns the server's representation of the reportChangeRequest, and an error, if there is any.
+func (c *reportChangeRequests) Create(ctx context.Context, reportChangeRequest *v1alpha1.ReportChangeRequest, opts v1.CreateOptions) (result *v1alpha1.ReportChangeRequest, err error) {
+ result = &v1alpha1.ReportChangeRequest{}
+ err = c.client.Post().
+ Namespace(c.ns).
+ Resource("reportchangerequests").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(reportChangeRequest).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Update takes the representation of a reportChangeRequest and updates it. Returns the server's representation of the reportChangeRequest, and an error, if there is any.
+func (c *reportChangeRequests) Update(ctx context.Context, reportChangeRequest *v1alpha1.ReportChangeRequest, opts v1.UpdateOptions) (result *v1alpha1.ReportChangeRequest, err error) {
+ result = &v1alpha1.ReportChangeRequest{}
+ err = c.client.Put().
+ Namespace(c.ns).
+ Resource("reportchangerequests").
+ Name(reportChangeRequest.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(reportChangeRequest).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Delete takes name of the reportChangeRequest and deletes it. Returns an error if one occurs.
+func (c *reportChangeRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ return c.client.Delete().
+ Namespace(c.ns).
+ Resource("reportchangerequests").
+ Name(name).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *reportChangeRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ var timeout time.Duration
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+ }
+ return c.client.Delete().
+ Namespace(c.ns).
+ Resource("reportchangerequests").
+ VersionedParams(&listOpts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// Patch applies the patch and returns the patched reportChangeRequest.
+func (c *reportChangeRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ReportChangeRequest, err error) {
+ result = &v1alpha1.ReportChangeRequest{}
+ err = c.client.Patch(pt).
+ Namespace(c.ns).
+ Resource("reportchangerequests").
+ Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(data).
+ Do(ctx).
+ Into(result)
+ return
+}
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/clusterpolicyreport.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/clusterpolicyreport.go
new file mode 100755
index 0000000000..5d2a8ee338
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/clusterpolicyreport.go
@@ -0,0 +1,168 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "context"
+ "time"
+
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ rest "k8s.io/client-go/rest"
+)
+
+// ClusterPolicyReportsGetter has a method to return a ClusterPolicyReportInterface.
+// A group's client should implement this interface.
+type ClusterPolicyReportsGetter interface {
+ ClusterPolicyReports() ClusterPolicyReportInterface
+}
+
+// ClusterPolicyReportInterface has methods to work with ClusterPolicyReport resources.
+type ClusterPolicyReportInterface interface {
+ Create(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.CreateOptions) (*v1alpha1.ClusterPolicyReport, error)
+ Update(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.UpdateOptions) (*v1alpha1.ClusterPolicyReport, error)
+ Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+ Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ClusterPolicyReport, error)
+ List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ClusterPolicyReportList, error)
+ Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterPolicyReport, err error)
+ ClusterPolicyReportExpansion
+}
+
+// clusterPolicyReports implements ClusterPolicyReportInterface
+type clusterPolicyReports struct {
+ client rest.Interface
+}
+
+// newClusterPolicyReports returns a ClusterPolicyReports
+func newClusterPolicyReports(c *PolicyV1alpha1Client) *clusterPolicyReports {
+ return &clusterPolicyReports{
+ client: c.RESTClient(),
+ }
+}
+
+// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any.
+func (c *clusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+ result = &v1alpha1.ClusterPolicyReport{}
+ err = c.client.Get().
+ Resource("clusterpolicyreports").
+ Name(name).
+ VersionedParams(&options, scheme.ParameterCodec).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors.
+func (c *clusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterPolicyReportList, err error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ result = &v1alpha1.ClusterPolicyReportList{}
+ err = c.client.Get().
+ Resource("clusterpolicyreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Watch returns a watch.Interface that watches the requested clusterPolicyReports.
+func (c *clusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ opts.Watch = true
+ return c.client.Get().
+ Resource("clusterpolicyreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Watch(ctx)
+}
+
+// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *clusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+ result = &v1alpha1.ClusterPolicyReport{}
+ err = c.client.Post().
+ Resource("clusterpolicyreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(clusterPolicyReport).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *clusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+ result = &v1alpha1.ClusterPolicyReport{}
+ err = c.client.Put().
+ Resource("clusterpolicyreports").
+ Name(clusterPolicyReport.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(clusterPolicyReport).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs.
+func (c *clusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ return c.client.Delete().
+ Resource("clusterpolicyreports").
+ Name(name).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *clusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ var timeout time.Duration
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+ }
+ return c.client.Delete().
+ Resource("clusterpolicyreports").
+ VersionedParams(&listOpts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// Patch applies the patch and returns the patched clusterPolicyReport.
+func (c *clusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterPolicyReport, err error) {
+ result = &v1alpha1.ClusterPolicyReport{}
+ err = c.client.Patch(pt).
+ Resource("clusterpolicyreports").
+ Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(data).
+ Do(ctx).
+ Into(result)
+ return
+}
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/doc.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/doc.go
new file mode 100755
index 0000000000..df51baa4d4
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/doc.go
@@ -0,0 +1,20 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated typed clients.
+package v1alpha1
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/doc.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/doc.go
new file mode 100755
index 0000000000..16f4439906
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/doc.go
@@ -0,0 +1,20 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// Package fake has the automatically generated clients.
+package fake
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_clusterpolicyreport.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_clusterpolicyreport.go
new file mode 100755
index 0000000000..17f455a342
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_clusterpolicyreport.go
@@ -0,0 +1,122 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ "context"
+
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ schema "k8s.io/apimachinery/pkg/runtime/schema"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ testing "k8s.io/client-go/testing"
+)
+
+// FakeClusterPolicyReports implements ClusterPolicyReportInterface
+type FakeClusterPolicyReports struct {
+ Fake *FakePolicyV1alpha1
+}
+
+var clusterpolicyreportsResource = schema.GroupVersionResource{Group: "policy.k8s.io", Version: "v1alpha1", Resource: "clusterpolicyreports"}
+
+var clusterpolicyreportsKind = schema.GroupVersionKind{Group: "policy.k8s.io", Version: "v1alpha1", Kind: "ClusterPolicyReport"}
+
+// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any.
+func (c *FakeClusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootGetAction(clusterpolicyreportsResource, name), &v1alpha1.ClusterPolicyReport{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ClusterPolicyReport), err
+}
+
+// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors.
+func (c *FakeClusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterPolicyReportList, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootListAction(clusterpolicyreportsResource, clusterpolicyreportsKind, opts), &v1alpha1.ClusterPolicyReportList{})
+ if obj == nil {
+ return nil, err
+ }
+
+ label, _, _ := testing.ExtractFromListOptions(opts)
+ if label == nil {
+ label = labels.Everything()
+ }
+ list := &v1alpha1.ClusterPolicyReportList{ListMeta: obj.(*v1alpha1.ClusterPolicyReportList).ListMeta}
+ for _, item := range obj.(*v1alpha1.ClusterPolicyReportList).Items {
+ if label.Matches(labels.Set(item.Labels)) {
+ list.Items = append(list.Items, item)
+ }
+ }
+ return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested clusterPolicyReports.
+func (c *FakeClusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ return c.Fake.
+ InvokesWatch(testing.NewRootWatchAction(clusterpolicyreportsResource, opts))
+}
+
+// Create takes the representation of a clusterPolicyReport and creates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *FakeClusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootCreateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha1.ClusterPolicyReport{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ClusterPolicyReport), err
+}
+
+// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *FakeClusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootUpdateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha1.ClusterPolicyReport{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ClusterPolicyReport), err
+}
+
+// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs.
+func (c *FakeClusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ _, err := c.Fake.
+ Invokes(testing.NewRootDeleteAction(clusterpolicyreportsResource, name), &v1alpha1.ClusterPolicyReport{})
+ return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeClusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ action := testing.NewRootDeleteCollectionAction(clusterpolicyreportsResource, listOpts)
+
+ _, err := c.Fake.Invokes(action, &v1alpha1.ClusterPolicyReportList{})
+ return err
+}
+
+// Patch applies the patch and returns the patched clusterPolicyReport.
+func (c *FakeClusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterPolicyReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyreportsResource, name, pt, data, subresources...), &v1alpha1.ClusterPolicyReport{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ClusterPolicyReport), err
+}
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_policyreport.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_policyreport.go
new file mode 100755
index 0000000000..9f4054b25e
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_policyreport.go
@@ -0,0 +1,130 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ "context"
+
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ schema "k8s.io/apimachinery/pkg/runtime/schema"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ testing "k8s.io/client-go/testing"
+)
+
+// FakePolicyReports implements PolicyReportInterface
+type FakePolicyReports struct {
+ Fake *FakePolicyV1alpha1
+ ns string
+}
+
+var policyreportsResource = schema.GroupVersionResource{Group: "policy.k8s.io", Version: "v1alpha1", Resource: "policyreports"}
+
+var policyreportsKind = schema.GroupVersionKind{Group: "policy.k8s.io", Version: "v1alpha1", Kind: "PolicyReport"}
+
+// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any.
+func (c *FakePolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PolicyReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewGetAction(policyreportsResource, c.ns, name), &v1alpha1.PolicyReport{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.PolicyReport), err
+}
+
+// List takes label and field selectors, and returns the list of PolicyReports that match those selectors.
+func (c *FakePolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PolicyReportList, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewListAction(policyreportsResource, policyreportsKind, c.ns, opts), &v1alpha1.PolicyReportList{})
+
+ if obj == nil {
+ return nil, err
+ }
+
+ label, _, _ := testing.ExtractFromListOptions(opts)
+ if label == nil {
+ label = labels.Everything()
+ }
+ list := &v1alpha1.PolicyReportList{ListMeta: obj.(*v1alpha1.PolicyReportList).ListMeta}
+ for _, item := range obj.(*v1alpha1.PolicyReportList).Items {
+ if label.Matches(labels.Set(item.Labels)) {
+ list.Items = append(list.Items, item)
+ }
+ }
+ return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested policyReports.
+func (c *FakePolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ return c.Fake.
+ InvokesWatch(testing.NewWatchAction(policyreportsResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *FakePolicyReports) Create(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.CreateOptions) (result *v1alpha1.PolicyReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewCreateAction(policyreportsResource, c.ns, policyReport), &v1alpha1.PolicyReport{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.PolicyReport), err
+}
+
+// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *FakePolicyReports) Update(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.UpdateOptions) (result *v1alpha1.PolicyReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewUpdateAction(policyreportsResource, c.ns, policyReport), &v1alpha1.PolicyReport{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.PolicyReport), err
+}
+
+// Delete takes name of the policyReport and deletes it. Returns an error if one occurs.
+func (c *FakePolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ _, err := c.Fake.
+ Invokes(testing.NewDeleteAction(policyreportsResource, c.ns, name), &v1alpha1.PolicyReport{})
+
+ return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakePolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ action := testing.NewDeleteCollectionAction(policyreportsResource, c.ns, listOpts)
+
+ _, err := c.Fake.Invokes(action, &v1alpha1.PolicyReportList{})
+ return err
+}
+
+// Patch applies the patch and returns the patched policyReport.
+func (c *FakePolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewPatchSubresourceAction(policyreportsResource, c.ns, name, pt, data, subresources...), &v1alpha1.PolicyReport{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.PolicyReport), err
+}
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_policyreport_client.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_policyreport_client.go
new file mode 100755
index 0000000000..f6c00696db
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/fake/fake_policyreport_client.go
@@ -0,0 +1,44 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ v1alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha1"
+ rest "k8s.io/client-go/rest"
+ testing "k8s.io/client-go/testing"
+)
+
+type FakePolicyV1alpha1 struct {
+ *testing.Fake
+}
+
+func (c *FakePolicyV1alpha1) ClusterPolicyReports() v1alpha1.ClusterPolicyReportInterface {
+ return &FakeClusterPolicyReports{c}
+}
+
+func (c *FakePolicyV1alpha1) PolicyReports(namespace string) v1alpha1.PolicyReportInterface {
+ return &FakePolicyReports{c, namespace}
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *FakePolicyV1alpha1) RESTClient() rest.Interface {
+ var ret *rest.RESTClient
+ return ret
+}
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/generated_expansion.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/generated_expansion.go
new file mode 100755
index 0000000000..c649bc0a20
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/generated_expansion.go
@@ -0,0 +1,23 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+type ClusterPolicyReportExpansion interface{}
+
+type PolicyReportExpansion interface{}
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/policyreport.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/policyreport.go
new file mode 100755
index 0000000000..c377e99208
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/policyreport.go
@@ -0,0 +1,178 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "context"
+ "time"
+
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ rest "k8s.io/client-go/rest"
+)
+
+// PolicyReportsGetter has a method to return a PolicyReportInterface.
+// A group's client should implement this interface.
+type PolicyReportsGetter interface {
+ PolicyReports(namespace string) PolicyReportInterface
+}
+
+// PolicyReportInterface has methods to work with PolicyReport resources.
+type PolicyReportInterface interface {
+ Create(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.CreateOptions) (*v1alpha1.PolicyReport, error)
+ Update(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.UpdateOptions) (*v1alpha1.PolicyReport, error)
+ Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+ Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.PolicyReport, error)
+ List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.PolicyReportList, error)
+ Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyReport, err error)
+ PolicyReportExpansion
+}
+
+// policyReports implements PolicyReportInterface
+type policyReports struct {
+ client rest.Interface
+ ns string
+}
+
+// newPolicyReports returns a PolicyReports
+func newPolicyReports(c *PolicyV1alpha1Client, namespace string) *policyReports {
+ return &policyReports{
+ client: c.RESTClient(),
+ ns: namespace,
+ }
+}
+
+// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any.
+func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PolicyReport, err error) {
+ result = &v1alpha1.PolicyReport{}
+ err = c.client.Get().
+ Namespace(c.ns).
+ Resource("policyreports").
+ Name(name).
+ VersionedParams(&options, scheme.ParameterCodec).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// List takes label and field selectors, and returns the list of PolicyReports that match those selectors.
+func (c *policyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PolicyReportList, err error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ result = &v1alpha1.PolicyReportList{}
+ err = c.client.Get().
+ Namespace(c.ns).
+ Resource("policyreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Watch returns a watch.Interface that watches the requested policyReports.
+func (c *policyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ opts.Watch = true
+ return c.client.Get().
+ Namespace(c.ns).
+ Resource("policyreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Watch(ctx)
+}
+
+// Create takes the representation of a policyReport and creates it. Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *policyReports) Create(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.CreateOptions) (result *v1alpha1.PolicyReport, err error) {
+ result = &v1alpha1.PolicyReport{}
+ err = c.client.Post().
+ Namespace(c.ns).
+ Resource("policyreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(policyReport).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *policyReports) Update(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.UpdateOptions) (result *v1alpha1.PolicyReport, err error) {
+ result = &v1alpha1.PolicyReport{}
+ err = c.client.Put().
+ Namespace(c.ns).
+ Resource("policyreports").
+ Name(policyReport.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(policyReport).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Delete takes name of the policyReport and deletes it. Returns an error if one occurs.
+func (c *policyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ return c.client.Delete().
+ Namespace(c.ns).
+ Resource("policyreports").
+ Name(name).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *policyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ var timeout time.Duration
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+ }
+ return c.client.Delete().
+ Namespace(c.ns).
+ Resource("policyreports").
+ VersionedParams(&listOpts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// Patch applies the patch and returns the patched policyReport.
+func (c *policyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyReport, err error) {
+ result = &v1alpha1.PolicyReport{}
+ err = c.client.Patch(pt).
+ Namespace(c.ns).
+ Resource("policyreports").
+ Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(data).
+ Do(ctx).
+ Into(result)
+ return
+}
diff --git a/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/policyreport_client.go b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/policyreport_client.go
new file mode 100755
index 0000000000..5308b783ef
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policyreport/v1alpha1/policyreport_client.go
@@ -0,0 +1,94 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+ rest "k8s.io/client-go/rest"
+)
+
+type PolicyV1alpha1Interface interface {
+ RESTClient() rest.Interface
+ ClusterPolicyReportsGetter
+ PolicyReportsGetter
+}
+
+// PolicyV1alpha1Client is used to interact with features provided by the policy.k8s.io group.
+type PolicyV1alpha1Client struct {
+ restClient rest.Interface
+}
+
+func (c *PolicyV1alpha1Client) ClusterPolicyReports() ClusterPolicyReportInterface {
+ return newClusterPolicyReports(c)
+}
+
+func (c *PolicyV1alpha1Client) PolicyReports(namespace string) PolicyReportInterface {
+ return newPolicyReports(c, namespace)
+}
+
+// NewForConfig creates a new PolicyV1alpha1Client for the given config.
+func NewForConfig(c *rest.Config) (*PolicyV1alpha1Client, error) {
+ config := *c
+ if err := setConfigDefaults(&config); err != nil {
+ return nil, err
+ }
+ client, err := rest.RESTClientFor(&config)
+ if err != nil {
+ return nil, err
+ }
+ return &PolicyV1alpha1Client{client}, nil
+}
+
+// NewForConfigOrDie creates a new PolicyV1alpha1Client for the given config and
+// panics if there is an error in the config.
+func NewForConfigOrDie(c *rest.Config) *PolicyV1alpha1Client {
+ client, err := NewForConfig(c)
+ if err != nil {
+ panic(err)
+ }
+ return client
+}
+
+// New creates a new PolicyV1alpha1Client for the given RESTClient.
+func New(c rest.Interface) *PolicyV1alpha1Client {
+ return &PolicyV1alpha1Client{c}
+}
+
+func setConfigDefaults(config *rest.Config) error {
+ gv := v1alpha1.SchemeGroupVersion
+ config.GroupVersion = &gv
+ config.APIPath = "/apis"
+ config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
+
+ if config.UserAgent == "" {
+ config.UserAgent = rest.DefaultKubernetesUserAgent()
+ }
+
+ return nil
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *PolicyV1alpha1Client) RESTClient() rest.Interface {
+ if c == nil {
+ return nil
+ }
+ return c.restClient
+}
diff --git a/pkg/client/informers/externalversions/factory.go b/pkg/client/informers/externalversions/factory.go
old mode 100644
new mode 100755
index da28b4b6ad..c76df3cf08
--- a/pkg/client/informers/externalversions/factory.go
+++ b/pkg/client/informers/externalversions/factory.go
@@ -26,6 +26,7 @@ import (
versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
kyverno "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno"
+ policyreport "github.com/kyverno/kyverno/pkg/client/informers/externalversions/policyreport"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -173,8 +174,13 @@ type SharedInformerFactory interface {
WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool
Kyverno() kyverno.Interface
+ Policy() policyreport.Interface
}
func (f *sharedInformerFactory) Kyverno() kyverno.Interface {
return kyverno.New(f, f.namespace, f.tweakListOptions)
}
+
+func (f *sharedInformerFactory) Policy() policyreport.Interface {
+ return policyreport.New(f, f.namespace, f.tweakListOptions)
+}
diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go
old mode 100644
new mode 100755
index 3eaa55bf80..1004bea562
--- a/pkg/client/informers/externalversions/generic.go
+++ b/pkg/client/informers/externalversions/generic.go
@@ -22,6 +22,8 @@ import (
"fmt"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ policyreportv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
schema "k8s.io/apimachinery/pkg/runtime/schema"
cache "k8s.io/client-go/tools/cache"
)
@@ -64,6 +66,18 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
case v1.SchemeGroupVersion.WithResource("policyviolations"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1().PolicyViolations().Informer()}, nil
+ // Group=kyverno.io, Version=v1alpha1
+ case v1alpha1.SchemeGroupVersion.WithResource("clusterreportchangerequests"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha1().ClusterReportChangeRequests().Informer()}, nil
+ case v1alpha1.SchemeGroupVersion.WithResource("reportchangerequests"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V1alpha1().ReportChangeRequests().Informer()}, nil
+
+ // Group=policy.k8s.io, Version=v1alpha1
+ case policyreportv1alpha1.SchemeGroupVersion.WithResource("clusterpolicyreports"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1alpha1().ClusterPolicyReports().Informer()}, nil
+ case policyreportv1alpha1.SchemeGroupVersion.WithResource("policyreports"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1alpha1().PolicyReports().Informer()}, nil
+
}
return nil, fmt.Errorf("no informer found for %v", resource)
diff --git a/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go b/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go
old mode 100644
new mode 100755
diff --git a/pkg/client/informers/externalversions/kyverno/interface.go b/pkg/client/informers/externalversions/kyverno/interface.go
old mode 100644
new mode 100755
index ad3090ecb1..1323fe1439
--- a/pkg/client/informers/externalversions/kyverno/interface.go
+++ b/pkg/client/informers/externalversions/kyverno/interface.go
@@ -21,12 +21,15 @@ package kyverno
import (
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
v1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
+ v1alpha1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
)
// Interface provides access to each of this group's versions.
type Interface interface {
// V1 provides access to shared informers for resources in V1.
V1() v1.Interface
+ // V1alpha1 provides access to shared informers for resources in V1alpha1.
+ V1alpha1() v1alpha1.Interface
}
type group struct {
@@ -44,3 +47,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
func (g *group) V1() v1.Interface {
return v1.New(g.factory, g.namespace, g.tweakListOptions)
}
+
+// V1alpha1 returns a new v1alpha1.Interface.
+func (g *group) V1alpha1() v1alpha1.Interface {
+ return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
+}
diff --git a/pkg/client/informers/externalversions/kyverno/v1/clusterpolicy.go b/pkg/client/informers/externalversions/kyverno/v1/clusterpolicy.go
old mode 100644
new mode 100755
index 3e9353bc0a..4dec56ff88
--- a/pkg/client/informers/externalversions/kyverno/v1/clusterpolicy.go
+++ b/pkg/client/informers/externalversions/kyverno/v1/clusterpolicy.go
@@ -19,6 +19,7 @@ limitations under the License.
package v1
import (
+ "context"
time "time"
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@@ -60,13 +61,13 @@ func NewFilteredClusterPolicyInformer(client versioned.Interface, resyncPeriod t
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1().ClusterPolicies().List(options)
+ return client.KyvernoV1().ClusterPolicies().List(context.TODO(), options)
},
WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1().ClusterPolicies().Watch(options)
+ return client.KyvernoV1().ClusterPolicies().Watch(context.TODO(), options)
},
},
&kyvernov1.ClusterPolicy{},
diff --git a/pkg/client/informers/externalversions/kyverno/v1/clusterpolicyviolation.go b/pkg/client/informers/externalversions/kyverno/v1/clusterpolicyviolation.go
old mode 100644
new mode 100755
index 26e67f4f7e..510fdf538b
--- a/pkg/client/informers/externalversions/kyverno/v1/clusterpolicyviolation.go
+++ b/pkg/client/informers/externalversions/kyverno/v1/clusterpolicyviolation.go
@@ -19,6 +19,7 @@ limitations under the License.
package v1
import (
+ "context"
time "time"
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@@ -60,13 +61,13 @@ func NewFilteredClusterPolicyViolationInformer(client versioned.Interface, resyn
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1().ClusterPolicyViolations().List(options)
+ return client.KyvernoV1().ClusterPolicyViolations().List(context.TODO(), options)
},
WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1().ClusterPolicyViolations().Watch(options)
+ return client.KyvernoV1().ClusterPolicyViolations().Watch(context.TODO(), options)
},
},
&kyvernov1.ClusterPolicyViolation{},
diff --git a/pkg/client/informers/externalversions/kyverno/v1/generaterequest.go b/pkg/client/informers/externalversions/kyverno/v1/generaterequest.go
old mode 100644
new mode 100755
index ac079fa0d8..472e926641
--- a/pkg/client/informers/externalversions/kyverno/v1/generaterequest.go
+++ b/pkg/client/informers/externalversions/kyverno/v1/generaterequest.go
@@ -19,6 +19,7 @@ limitations under the License.
package v1
import (
+ "context"
time "time"
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@@ -61,13 +62,13 @@ func NewFilteredGenerateRequestInformer(client versioned.Interface, namespace st
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1().GenerateRequests(namespace).List(options)
+ return client.KyvernoV1().GenerateRequests(namespace).List(context.TODO(), options)
},
WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1().GenerateRequests(namespace).Watch(options)
+ return client.KyvernoV1().GenerateRequests(namespace).Watch(context.TODO(), options)
},
},
&kyvernov1.GenerateRequest{},
diff --git a/pkg/client/informers/externalversions/kyverno/v1/interface.go b/pkg/client/informers/externalversions/kyverno/v1/interface.go
old mode 100644
new mode 100755
diff --git a/pkg/client/informers/externalversions/kyverno/v1/policy.go b/pkg/client/informers/externalversions/kyverno/v1/policy.go
old mode 100644
new mode 100755
index eff6368b13..d1a12464ef
--- a/pkg/client/informers/externalversions/kyverno/v1/policy.go
+++ b/pkg/client/informers/externalversions/kyverno/v1/policy.go
@@ -19,6 +19,7 @@ limitations under the License.
package v1
import (
+ "context"
time "time"
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@@ -61,13 +62,13 @@ func NewFilteredPolicyInformer(client versioned.Interface, namespace string, res
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1().Policies(namespace).List(options)
+ return client.KyvernoV1().Policies(namespace).List(context.TODO(), options)
},
WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1().Policies(namespace).Watch(options)
+ return client.KyvernoV1().Policies(namespace).Watch(context.TODO(), options)
},
},
&kyvernov1.Policy{},
diff --git a/pkg/client/informers/externalversions/kyverno/v1/policyviolation.go b/pkg/client/informers/externalversions/kyverno/v1/policyviolation.go
old mode 100644
new mode 100755
index 1d27785247..d7b61bd1ae
--- a/pkg/client/informers/externalversions/kyverno/v1/policyviolation.go
+++ b/pkg/client/informers/externalversions/kyverno/v1/policyviolation.go
@@ -19,6 +19,7 @@ limitations under the License.
package v1
import (
+ "context"
time "time"
kyvernov1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@@ -61,13 +62,13 @@ func NewFilteredPolicyViolationInformer(client versioned.Interface, namespace st
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1().PolicyViolations(namespace).List(options)
+ return client.KyvernoV1().PolicyViolations(namespace).List(context.TODO(), options)
},
WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
- return client.KyvernoV1().PolicyViolations(namespace).Watch(options)
+ return client.KyvernoV1().PolicyViolations(namespace).Watch(context.TODO(), options)
},
},
&kyvernov1.PolicyViolation{},
diff --git a/pkg/client/informers/externalversions/kyverno/v1alpha1/clusterreportchangerequest.go b/pkg/client/informers/externalversions/kyverno/v1alpha1/clusterreportchangerequest.go
new file mode 100644
index 0000000000..a8a3c6fc33
--- /dev/null
+++ b/pkg/client/informers/externalversions/kyverno/v1alpha1/clusterreportchangerequest.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "context"
+ time "time"
+
+ kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+ v1alpha1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// ClusterReportChangeRequestInformer provides access to a shared informer and lister for
+// ClusterReportChangeRequests.
+type ClusterReportChangeRequestInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() v1alpha1.ClusterReportChangeRequestLister
+}
+
+type clusterReportChangeRequestInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewClusterReportChangeRequestInformer constructs a new informer for ClusterReportChangeRequest type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewClusterReportChangeRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredClusterReportChangeRequestInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredClusterReportChangeRequestInformer constructs a new informer for ClusterReportChangeRequest type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredClusterReportChangeRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ &cache.ListWatch{
+ ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.KyvernoV1alpha1().ClusterReportChangeRequests().List(context.TODO(), options)
+ },
+ WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.KyvernoV1alpha1().ClusterReportChangeRequests().Watch(context.TODO(), options)
+ },
+ },
+ &kyvernov1alpha1.ClusterReportChangeRequest{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *clusterReportChangeRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredClusterReportChangeRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *clusterReportChangeRequestInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&kyvernov1alpha1.ClusterReportChangeRequest{}, f.defaultInformer)
+}
+
+func (f *clusterReportChangeRequestInformer) Lister() v1alpha1.ClusterReportChangeRequestLister {
+ return v1alpha1.NewClusterReportChangeRequestLister(f.Informer().GetIndexer())
+}
diff --git a/pkg/client/informers/externalversions/kyverno/v1alpha1/interface.go b/pkg/client/informers/externalversions/kyverno/v1alpha1/interface.go
new file mode 100644
index 0000000000..8ed636622d
--- /dev/null
+++ b/pkg/client/informers/externalversions/kyverno/v1alpha1/interface.go
@@ -0,0 +1,52 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+)
+
+// Interface provides access to all the informers in this group version.
+type Interface interface {
+ // ClusterReportChangeRequests returns a ClusterReportChangeRequestInformer.
+ ClusterReportChangeRequests() ClusterReportChangeRequestInformer
+ // ReportChangeRequests returns a ReportChangeRequestInformer.
+ ReportChangeRequests() ReportChangeRequestInformer
+}
+
+type version struct {
+ factory internalinterfaces.SharedInformerFactory
+ namespace string
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+ return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// ClusterReportChangeRequests returns a ClusterReportChangeRequestInformer.
+func (v *version) ClusterReportChangeRequests() ClusterReportChangeRequestInformer {
+ return &clusterReportChangeRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
+// ReportChangeRequests returns a ReportChangeRequestInformer.
+func (v *version) ReportChangeRequests() ReportChangeRequestInformer {
+ return &reportChangeRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
diff --git a/pkg/client/informers/externalversions/kyverno/v1alpha1/reportchangerequest.go b/pkg/client/informers/externalversions/kyverno/v1alpha1/reportchangerequest.go
new file mode 100644
index 0000000000..5e21fd4bd5
--- /dev/null
+++ b/pkg/client/informers/externalversions/kyverno/v1alpha1/reportchangerequest.go
@@ -0,0 +1,90 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "context"
+ time "time"
+
+ kyvernov1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+ v1alpha1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// ReportChangeRequestInformer provides access to a shared informer and lister for
+// ReportChangeRequests.
+type ReportChangeRequestInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() v1alpha1.ReportChangeRequestLister
+}
+
+type reportChangeRequestInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+ namespace string
+}
+
+// NewReportChangeRequestInformer constructs a new informer for ReportChangeRequest type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewReportChangeRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredReportChangeRequestInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredReportChangeRequestInformer constructs a new informer for ReportChangeRequest type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredReportChangeRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ &cache.ListWatch{
+ ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.KyvernoV1alpha1().ReportChangeRequests(namespace).List(context.TODO(), options)
+ },
+ WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.KyvernoV1alpha1().ReportChangeRequests(namespace).Watch(context.TODO(), options)
+ },
+ },
+ &kyvernov1alpha1.ReportChangeRequest{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *reportChangeRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredReportChangeRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *reportChangeRequestInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&kyvernov1alpha1.ReportChangeRequest{}, f.defaultInformer)
+}
+
+func (f *reportChangeRequestInformer) Lister() v1alpha1.ReportChangeRequestLister {
+ return v1alpha1.NewReportChangeRequestLister(f.Informer().GetIndexer())
+}
diff --git a/pkg/client/informers/externalversions/policyreport/interface.go b/pkg/client/informers/externalversions/policyreport/interface.go
new file mode 100755
index 0000000000..c077590130
--- /dev/null
+++ b/pkg/client/informers/externalversions/policyreport/interface.go
@@ -0,0 +1,46 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package policyreport
+
+import (
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+ v1alpha1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/policyreport/v1alpha1"
+)
+
+// Interface provides access to each of this group's versions.
+type Interface interface {
+ // V1alpha1 provides access to shared informers for resources in V1alpha1.
+ V1alpha1() v1alpha1.Interface
+}
+
+type group struct {
+ factory internalinterfaces.SharedInformerFactory
+ namespace string
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+ return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// V1alpha1 returns a new v1alpha1.Interface.
+func (g *group) V1alpha1() v1alpha1.Interface {
+ return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
+}
diff --git a/pkg/client/informers/externalversions/policyreport/v1alpha1/clusterpolicyreport.go b/pkg/client/informers/externalversions/policyreport/v1alpha1/clusterpolicyreport.go
new file mode 100755
index 0000000000..24c7320ffc
--- /dev/null
+++ b/pkg/client/informers/externalversions/policyreport/v1alpha1/clusterpolicyreport.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "context"
+ time "time"
+
+ policyreportv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+ v1alpha1 "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// ClusterPolicyReportInformer provides access to a shared informer and lister for
+// ClusterPolicyReports.
+type ClusterPolicyReportInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() v1alpha1.ClusterPolicyReportLister
+}
+
+type clusterPolicyReportInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ &cache.ListWatch{
+ ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.PolicyV1alpha1().ClusterPolicyReports().List(context.TODO(), options)
+ },
+ WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.PolicyV1alpha1().ClusterPolicyReports().Watch(context.TODO(), options)
+ },
+ },
+ &policyreportv1alpha1.ClusterPolicyReport{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *clusterPolicyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *clusterPolicyReportInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&policyreportv1alpha1.ClusterPolicyReport{}, f.defaultInformer)
+}
+
+func (f *clusterPolicyReportInformer) Lister() v1alpha1.ClusterPolicyReportLister {
+ return v1alpha1.NewClusterPolicyReportLister(f.Informer().GetIndexer())
+}
diff --git a/pkg/client/informers/externalversions/policyreport/v1alpha1/interface.go b/pkg/client/informers/externalversions/policyreport/v1alpha1/interface.go
new file mode 100755
index 0000000000..a5f300ee2a
--- /dev/null
+++ b/pkg/client/informers/externalversions/policyreport/v1alpha1/interface.go
@@ -0,0 +1,52 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+)
+
+// Interface provides access to all the informers in this group version.
+type Interface interface {
+ // ClusterPolicyReports returns a ClusterPolicyReportInformer.
+ ClusterPolicyReports() ClusterPolicyReportInformer
+ // PolicyReports returns a PolicyReportInformer.
+ PolicyReports() PolicyReportInformer
+}
+
+type version struct {
+ factory internalinterfaces.SharedInformerFactory
+ namespace string
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+ return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// ClusterPolicyReports returns a ClusterPolicyReportInformer.
+func (v *version) ClusterPolicyReports() ClusterPolicyReportInformer {
+ return &clusterPolicyReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
+// PolicyReports returns a PolicyReportInformer.
+func (v *version) PolicyReports() PolicyReportInformer {
+ return &policyReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
diff --git a/pkg/client/informers/externalversions/policyreport/v1alpha1/policyreport.go b/pkg/client/informers/externalversions/policyreport/v1alpha1/policyreport.go
new file mode 100755
index 0000000000..e8b8a3ec4f
--- /dev/null
+++ b/pkg/client/informers/externalversions/policyreport/v1alpha1/policyreport.go
@@ -0,0 +1,90 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "context"
+ time "time"
+
+ policyreportv1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+ v1alpha1 "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// PolicyReportInformer provides access to a shared informer and lister for
+// PolicyReports.
+type PolicyReportInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() v1alpha1.PolicyReportLister
+}
+
+type policyReportInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+ namespace string
+}
+
+// NewPolicyReportInformer constructs a new informer for PolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredPolicyReportInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredPolicyReportInformer constructs a new informer for PolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ &cache.ListWatch{
+ ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.PolicyV1alpha1().PolicyReports(namespace).List(context.TODO(), options)
+ },
+ WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.PolicyV1alpha1().PolicyReports(namespace).Watch(context.TODO(), options)
+ },
+ },
+ &policyreportv1alpha1.PolicyReport{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *policyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredPolicyReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *policyReportInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&policyreportv1alpha1.PolicyReport{}, f.defaultInformer)
+}
+
+func (f *policyReportInformer) Lister() v1alpha1.PolicyReportLister {
+ return v1alpha1.NewPolicyReportLister(f.Informer().GetIndexer())
+}
diff --git a/pkg/client/listers/kyverno/v1/clusterpolicy.go b/pkg/client/listers/kyverno/v1/clusterpolicy.go
old mode 100644
new mode 100755
diff --git a/pkg/client/listers/kyverno/v1/clusterpolicyviolation.go b/pkg/client/listers/kyverno/v1/clusterpolicyviolation.go
old mode 100644
new mode 100755
diff --git a/pkg/client/listers/kyverno/v1/expansion_generated.go b/pkg/client/listers/kyverno/v1/expansion_generated.go
old mode 100644
new mode 100755
index 07befe1b0d..591dd4b849
--- a/pkg/client/listers/kyverno/v1/expansion_generated.go
+++ b/pkg/client/listers/kyverno/v1/expansion_generated.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
-http://www.apache.org/licenses/LICENSE-2.0
+ http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
@@ -26,6 +26,8 @@ import (
"k8s.io/apimachinery/pkg/labels"
)
+type PolicyNamespaceListerExpansion interface{}
+
// ClusterPolicyListerExpansion allows custom methods to be added to
// ClusterPolicyLister.
type ClusterPolicyListerExpansion interface {
diff --git a/pkg/client/listers/kyverno/v1/generaterequest.go b/pkg/client/listers/kyverno/v1/generaterequest.go
old mode 100644
new mode 100755
diff --git a/pkg/client/listers/kyverno/v1/policy.go b/pkg/client/listers/kyverno/v1/policy.go
old mode 100644
new mode 100755
index f01389a2b5..ba536f6765
--- a/pkg/client/listers/kyverno/v1/policy.go
+++ b/pkg/client/listers/kyverno/v1/policy.go
@@ -63,6 +63,7 @@ type PolicyNamespaceLister interface {
List(selector labels.Selector) (ret []*v1.Policy, err error)
// Get retrieves the Policy from the indexer for a given namespace and name.
Get(name string) (*v1.Policy, error)
+ PolicyNamespaceListerExpansion
}
// policyNamespaceLister implements the PolicyNamespaceLister
diff --git a/pkg/client/listers/kyverno/v1/policyviolation.go b/pkg/client/listers/kyverno/v1/policyviolation.go
old mode 100644
new mode 100755
diff --git a/pkg/client/listers/kyverno/v1alpha1/clusterreportchangerequest.go b/pkg/client/listers/kyverno/v1alpha1/clusterreportchangerequest.go
new file mode 100644
index 0000000000..12289bcdef
--- /dev/null
+++ b/pkg/client/listers/kyverno/v1alpha1/clusterreportchangerequest.go
@@ -0,0 +1,65 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/client-go/tools/cache"
+)
+
+// ClusterReportChangeRequestLister helps list ClusterReportChangeRequests.
+type ClusterReportChangeRequestLister interface {
+ // List lists all ClusterReportChangeRequests in the indexer.
+ List(selector labels.Selector) (ret []*v1alpha1.ClusterReportChangeRequest, err error)
+ // Get retrieves the ClusterReportChangeRequest from the index for a given name.
+ Get(name string) (*v1alpha1.ClusterReportChangeRequest, error)
+ ClusterReportChangeRequestListerExpansion
+}
+
+// clusterReportChangeRequestLister implements the ClusterReportChangeRequestLister interface.
+type clusterReportChangeRequestLister struct {
+ indexer cache.Indexer
+}
+
+// NewClusterReportChangeRequestLister returns a new ClusterReportChangeRequestLister.
+func NewClusterReportChangeRequestLister(indexer cache.Indexer) ClusterReportChangeRequestLister {
+ return &clusterReportChangeRequestLister{indexer: indexer}
+}
+
+// List lists all ClusterReportChangeRequests in the indexer.
+func (s *clusterReportChangeRequestLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterReportChangeRequest, err error) {
+ err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1alpha1.ClusterReportChangeRequest))
+ })
+ return ret, err
+}
+
+// Get retrieves the ClusterReportChangeRequest from the index for a given name.
+func (s *clusterReportChangeRequestLister) Get(name string) (*v1alpha1.ClusterReportChangeRequest, error) {
+ obj, exists, err := s.indexer.GetByKey(name)
+ if err != nil {
+ return nil, err
+ }
+ if !exists {
+ return nil, errors.NewNotFound(v1alpha1.Resource("clusterreportchangerequest"), name)
+ }
+ return obj.(*v1alpha1.ClusterReportChangeRequest), nil
+}
diff --git a/pkg/client/listers/kyverno/v1alpha1/expansion_generated.go b/pkg/client/listers/kyverno/v1alpha1/expansion_generated.go
new file mode 100644
index 0000000000..427df586e0
--- /dev/null
+++ b/pkg/client/listers/kyverno/v1alpha1/expansion_generated.go
@@ -0,0 +1,31 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+// ClusterReportChangeRequestListerExpansion allows custom methods to be added to
+// ClusterReportChangeRequestLister.
+type ClusterReportChangeRequestListerExpansion interface{}
+
+// ReportChangeRequestListerExpansion allows custom methods to be added to
+// ReportChangeRequestLister.
+type ReportChangeRequestListerExpansion interface{}
+
+// ReportChangeRequestNamespaceListerExpansion allows custom methods to be added to
+// ReportChangeRequestNamespaceLister.
+type ReportChangeRequestNamespaceListerExpansion interface{}
diff --git a/pkg/client/listers/kyverno/v1alpha1/reportchangerequest.go b/pkg/client/listers/kyverno/v1alpha1/reportchangerequest.go
new file mode 100644
index 0000000000..7f67ab0f83
--- /dev/null
+++ b/pkg/client/listers/kyverno/v1alpha1/reportchangerequest.go
@@ -0,0 +1,94 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/client-go/tools/cache"
+)
+
+// ReportChangeRequestLister helps list ReportChangeRequests.
+type ReportChangeRequestLister interface {
+ // List lists all ReportChangeRequests in the indexer.
+ List(selector labels.Selector) (ret []*v1alpha1.ReportChangeRequest, err error)
+ // ReportChangeRequests returns an object that can list and get ReportChangeRequests.
+ ReportChangeRequests(namespace string) ReportChangeRequestNamespaceLister
+ ReportChangeRequestListerExpansion
+}
+
+// reportChangeRequestLister implements the ReportChangeRequestLister interface.
+type reportChangeRequestLister struct {
+ indexer cache.Indexer
+}
+
+// NewReportChangeRequestLister returns a new ReportChangeRequestLister.
+func NewReportChangeRequestLister(indexer cache.Indexer) ReportChangeRequestLister {
+ return &reportChangeRequestLister{indexer: indexer}
+}
+
+// List lists all ReportChangeRequests in the indexer.
+func (s *reportChangeRequestLister) List(selector labels.Selector) (ret []*v1alpha1.ReportChangeRequest, err error) {
+ err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1alpha1.ReportChangeRequest))
+ })
+ return ret, err
+}
+
+// ReportChangeRequests returns an object that can list and get ReportChangeRequests.
+func (s *reportChangeRequestLister) ReportChangeRequests(namespace string) ReportChangeRequestNamespaceLister {
+ return reportChangeRequestNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// ReportChangeRequestNamespaceLister helps list and get ReportChangeRequests.
+type ReportChangeRequestNamespaceLister interface {
+ // List lists all ReportChangeRequests in the indexer for a given namespace.
+ List(selector labels.Selector) (ret []*v1alpha1.ReportChangeRequest, err error)
+ // Get retrieves the ReportChangeRequest from the indexer for a given namespace and name.
+ Get(name string) (*v1alpha1.ReportChangeRequest, error)
+ ReportChangeRequestNamespaceListerExpansion
+}
+
+// reportChangeRequestNamespaceLister implements the ReportChangeRequestNamespaceLister
+// interface.
+type reportChangeRequestNamespaceLister struct {
+ indexer cache.Indexer
+ namespace string
+}
+
+// List lists all ReportChangeRequests in the indexer for a given namespace.
+func (s reportChangeRequestNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.ReportChangeRequest, err error) {
+ err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1alpha1.ReportChangeRequest))
+ })
+ return ret, err
+}
+
+// Get retrieves the ReportChangeRequest from the indexer for a given namespace and name.
+func (s reportChangeRequestNamespaceLister) Get(name string) (*v1alpha1.ReportChangeRequest, error) {
+ obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+ if err != nil {
+ return nil, err
+ }
+ if !exists {
+ return nil, errors.NewNotFound(v1alpha1.Resource("reportchangerequest"), name)
+ }
+ return obj.(*v1alpha1.ReportChangeRequest), nil
+}
diff --git a/pkg/client/listers/policyreport/v1alpha1/clusterpolicyreport.go b/pkg/client/listers/policyreport/v1alpha1/clusterpolicyreport.go
new file mode 100755
index 0000000000..ccd62a4ba6
--- /dev/null
+++ b/pkg/client/listers/policyreport/v1alpha1/clusterpolicyreport.go
@@ -0,0 +1,65 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/client-go/tools/cache"
+)
+
+// ClusterPolicyReportLister helps list ClusterPolicyReports.
+type ClusterPolicyReportLister interface {
+ // List lists all ClusterPolicyReports in the indexer.
+ List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicyReport, err error)
+ // Get retrieves the ClusterPolicyReport from the index for a given name.
+ Get(name string) (*v1alpha1.ClusterPolicyReport, error)
+ ClusterPolicyReportListerExpansion
+}
+
+// clusterPolicyReportLister implements the ClusterPolicyReportLister interface.
+type clusterPolicyReportLister struct {
+ indexer cache.Indexer
+}
+
+// NewClusterPolicyReportLister returns a new ClusterPolicyReportLister.
+func NewClusterPolicyReportLister(indexer cache.Indexer) ClusterPolicyReportLister {
+ return &clusterPolicyReportLister{indexer: indexer}
+}
+
+// List lists all ClusterPolicyReports in the indexer.
+func (s *clusterPolicyReportLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicyReport, err error) {
+ err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1alpha1.ClusterPolicyReport))
+ })
+ return ret, err
+}
+
+// Get retrieves the ClusterPolicyReport from the index for a given name.
+func (s *clusterPolicyReportLister) Get(name string) (*v1alpha1.ClusterPolicyReport, error) {
+ obj, exists, err := s.indexer.GetByKey(name)
+ if err != nil {
+ return nil, err
+ }
+ if !exists {
+ return nil, errors.NewNotFound(v1alpha1.Resource("clusterpolicyreport"), name)
+ }
+ return obj.(*v1alpha1.ClusterPolicyReport), nil
+}
diff --git a/pkg/client/listers/policyreport/v1alpha1/expansion_generated.go b/pkg/client/listers/policyreport/v1alpha1/expansion_generated.go
new file mode 100755
index 0000000000..d0f6e8a96b
--- /dev/null
+++ b/pkg/client/listers/policyreport/v1alpha1/expansion_generated.go
@@ -0,0 +1,31 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+// ClusterPolicyReportListerExpansion allows custom methods to be added to
+// ClusterPolicyReportLister.
+type ClusterPolicyReportListerExpansion interface{}
+
+// PolicyReportListerExpansion allows custom methods to be added to
+// PolicyReportLister.
+type PolicyReportListerExpansion interface{}
+
+// PolicyReportNamespaceListerExpansion allows custom methods to be added to
+// PolicyReportNamespaceLister.
+type PolicyReportNamespaceListerExpansion interface{}
diff --git a/pkg/client/listers/policyreport/v1alpha1/policyreport.go b/pkg/client/listers/policyreport/v1alpha1/policyreport.go
new file mode 100755
index 0000000000..abb5fddc3d
--- /dev/null
+++ b/pkg/client/listers/policyreport/v1alpha1/policyreport.go
@@ -0,0 +1,94 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ v1alpha1 "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/client-go/tools/cache"
+)
+
+// PolicyReportLister helps list PolicyReports.
+type PolicyReportLister interface {
+ // List lists all PolicyReports in the indexer.
+ List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error)
+ // PolicyReports returns an object that can list and get PolicyReports.
+ PolicyReports(namespace string) PolicyReportNamespaceLister
+ PolicyReportListerExpansion
+}
+
+// policyReportLister implements the PolicyReportLister interface.
+type policyReportLister struct {
+ indexer cache.Indexer
+}
+
+// NewPolicyReportLister returns a new PolicyReportLister.
+func NewPolicyReportLister(indexer cache.Indexer) PolicyReportLister {
+ return &policyReportLister{indexer: indexer}
+}
+
+// List lists all PolicyReports in the indexer.
+func (s *policyReportLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error) {
+ err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1alpha1.PolicyReport))
+ })
+ return ret, err
+}
+
+// PolicyReports returns an object that can list and get PolicyReports.
+func (s *policyReportLister) PolicyReports(namespace string) PolicyReportNamespaceLister {
+ return policyReportNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// PolicyReportNamespaceLister helps list and get PolicyReports.
+type PolicyReportNamespaceLister interface {
+ // List lists all PolicyReports in the indexer for a given namespace.
+ List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error)
+ // Get retrieves the PolicyReport from the indexer for a given namespace and name.
+ Get(name string) (*v1alpha1.PolicyReport, error)
+ PolicyReportNamespaceListerExpansion
+}
+
+// policyReportNamespaceLister implements the PolicyReportNamespaceLister
+// interface.
+type policyReportNamespaceLister struct {
+ indexer cache.Indexer
+ namespace string
+}
+
+// List lists all PolicyReports in the indexer for a given namespace.
+func (s policyReportNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error) {
+ err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1alpha1.PolicyReport))
+ })
+ return ret, err
+}
+
+// Get retrieves the PolicyReport from the indexer for a given namespace and name.
+func (s policyReportNamespaceLister) Get(name string) (*v1alpha1.PolicyReport, error) {
+ obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+ if err != nil {
+ return nil, err
+ }
+ if !exists {
+ return nil, errors.NewNotFound(v1alpha1.Resource("policyreport"), name)
+ }
+ return obj.(*v1alpha1.PolicyReport), nil
+}
diff --git a/pkg/common/common.go b/pkg/common/common.go
index 0c59b26f75..e3ec0ae832 100644
--- a/pkg/common/common.go
+++ b/pkg/common/common.go
@@ -5,3 +5,9 @@ const (
Enforce = "enforce" // blocks the request on failure
Audit = "audit" // dont block the request on failure, but report failiures as policy violations
)
+
+// Policy Reporting Types
+const (
+ PolicyViolation = "POLICYVIOLATION"
+ PolicyReport = "POLICYREPORT"
+)
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 35985d064e..ce2264c28f 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -58,6 +58,9 @@ var (
KubePolicyNamespace = getKyvernoNameSpace()
// KubePolicyDeploymentName define the default deployment namespace
KubePolicyDeploymentName = "kyverno"
+ // Kyverno CLI Image
+ KyvernoCliImage = "nirmata/kyverno-cli:latest"
+
//WebhookServiceName default kyverno webhook service name
WebhookServiceName = getWebhookServiceName()
diff --git a/pkg/config/dynamicconfig.go b/pkg/config/dynamicconfig.go
index 678a1f08ce..9c754f5c4d 100644
--- a/pkg/config/dynamicconfig.go
+++ b/pkg/config/dynamicconfig.go
@@ -41,7 +41,8 @@ type ConfigData struct {
restrictDevelopmentUsername []string
// hasynced
cmSycned cache.InformerSynced
- log logr.Logger
+
+ log logr.Logger
}
// ToFilter checks if the given resource is set to be filtered in the configuration
diff --git a/pkg/constant/constant.go b/pkg/constant/constant.go
index c8ae0dc50a..3181c3d28e 100644
--- a/pkg/constant/constant.go
+++ b/pkg/constant/constant.go
@@ -9,4 +9,19 @@ const (
EventControllerResync = 15 * time.Minute
GenerateControllerResync = 15 * time.Minute
GenerateRequestControllerResync = 15 * time.Minute
+
+ PolicyReportPolicyChangeResync = 60 * time.Second
+ PolicyReportResourceChangeResync = 60 * time.Second
+)
+
+const (
+ Namespace string = "Namespace"
+ Cluster string = "Cluster"
+ All string = "All"
+)
+
+const (
+ ConfigmapMode string = "CONFIGMAP"
+ BackgroundPolicySync string = "POLICYSYNC"
+ BackgroundSync string = "SYNC"
)
diff --git a/pkg/dclient/client.go b/pkg/dclient/client.go
index 88a88cf87d..bc82403d7e 100644
--- a/pkg/dclient/client.go
+++ b/pkg/dclient/client.go
@@ -1,6 +1,7 @@
package client
import (
+ "context"
"fmt"
"strings"
"time"
@@ -125,12 +126,12 @@ func (c *Client) getGroupVersionMapper(apiVersion string, kind string) schema.Gr
// GetResource returns the resource in unstructured/json format
func (c *Client) GetResource(apiVersion string, kind string, namespace string, name string, subresources ...string) (*unstructured.Unstructured, error) {
- return c.getResourceInterface(apiVersion, kind, namespace).Get(name, meta.GetOptions{}, subresources...)
+ return c.getResourceInterface(apiVersion, kind, namespace).Get(context.TODO(), name, meta.GetOptions{}, subresources...)
}
//PatchResource patches the resource
func (c *Client) PatchResource(apiVersion string, kind string, namespace string, name string, patch []byte) (*unstructured.Unstructured, error) {
- return c.getResourceInterface(apiVersion, kind, namespace).Patch(name, patchTypes.JSONPatchType, patch, meta.PatchOptions{})
+ return c.getResourceInterface(apiVersion, kind, namespace).Patch(context.TODO(), name, patchTypes.JSONPatchType, patch, meta.PatchOptions{})
}
// GetDynamicInterface fetches underlying dynamic interface
@@ -145,7 +146,7 @@ func (c *Client) ListResource(apiVersion string, kind string, namespace string,
if lselector != nil {
options = meta.ListOptions{LabelSelector: helperv1.FormatLabelSelector(lselector)}
}
- return c.getResourceInterface(apiVersion, kind, namespace).List(options)
+ return c.getResourceInterface(apiVersion, kind, namespace).List(context.TODO(), options)
}
// DeleteResource deletes the specified resource
@@ -154,7 +155,7 @@ func (c *Client) DeleteResource(apiVersion string, kind string, namespace string
if dryRun {
options = meta.DeleteOptions{DryRun: []string{meta.DryRunAll}}
}
- return c.getResourceInterface(apiVersion, kind, namespace).Delete(name, &options)
+ return c.getResourceInterface(apiVersion, kind, namespace).Delete(context.TODO(), name, options)
}
@@ -166,7 +167,7 @@ func (c *Client) CreateResource(apiVersion string, kind string, namespace string
}
// convert typed to unstructured obj
if unstructuredObj := convertToUnstructured(obj); unstructuredObj != nil {
- return c.getResourceInterface(apiVersion, kind, namespace).Create(unstructuredObj, options)
+ return c.getResourceInterface(apiVersion, kind, namespace).Create(context.TODO(), unstructuredObj, options)
}
return nil, fmt.Errorf("Unable to create resource ")
}
@@ -179,7 +180,7 @@ func (c *Client) UpdateResource(apiVersion string, kind string, namespace string
}
// convert typed to unstructured obj
if unstructuredObj := convertToUnstructured(obj); unstructuredObj != nil {
- return c.getResourceInterface(apiVersion, kind, namespace).Update(unstructuredObj, options)
+ return c.getResourceInterface(apiVersion, kind, namespace).Update(context.TODO(), unstructuredObj, options)
}
return nil, fmt.Errorf("Unable to update resource ")
}
@@ -192,7 +193,7 @@ func (c *Client) UpdateStatusResource(apiVersion string, kind string, namespace
}
// convert typed to unstructured obj
if unstructuredObj := convertToUnstructured(obj); unstructuredObj != nil {
- return c.getResourceInterface(apiVersion, kind, namespace).UpdateStatus(unstructuredObj, options)
+ return c.getResourceInterface(apiVersion, kind, namespace).UpdateStatus(context.TODO(), unstructuredObj, options)
}
return nil, fmt.Errorf("Unable to update resource ")
}
diff --git a/pkg/dclient/client_test.go b/pkg/dclient/client_test.go
index 4294117c66..34247c70de 100644
--- a/pkg/dclient/client_test.go
+++ b/pkg/dclient/client_test.go
@@ -1,6 +1,7 @@
package client
import (
+ "context"
"testing"
"github.com/kyverno/kyverno/pkg/config"
@@ -100,7 +101,7 @@ func TestEventInterface(t *testing.T) {
if err != nil {
t.Errorf("GetEventsInterface not working: %s", err)
}
- _, err = iEvent.List(meta.ListOptions{})
+ _, err = iEvent.List(context.TODO(), meta.ListOptions{})
if err != nil {
t.Errorf("Testing Event interface not working: %s", err)
}
@@ -111,7 +112,7 @@ func TestCSRInterface(t *testing.T) {
if err != nil {
t.Errorf("GetCSRInterface not working: %s", err)
}
- _, err = iCSR.List(meta.ListOptions{})
+ _, err = iCSR.List(context.TODO(), meta.ListOptions{})
if err != nil {
t.Errorf("Testing CSR interface not working: %s", err)
}
diff --git a/pkg/engine/mutation.go b/pkg/engine/mutation.go
index e98fa1963b..547cece742 100644
--- a/pkg/engine/mutation.go
+++ b/pkg/engine/mutation.go
@@ -63,8 +63,6 @@ func Mutate(policyContext PolicyContext) (resp response.EngineResponse) {
continue
}
-
-
// add configmap json data to context
if err := AddResourceToContext(logger, rule.Context, resCache, jsonContext); err != nil {
logger.V(4).Info("cannot add configmaps to context", "reason", err.Error())
diff --git a/pkg/generate/cleanup/resource.go b/pkg/generate/cleanup/resource.go
index ca97dae341..1ca2d01f48 100644
--- a/pkg/generate/cleanup/resource.go
+++ b/pkg/generate/cleanup/resource.go
@@ -1,6 +1,8 @@
package cleanup
import (
+ "context"
+
kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
"github.com/kyverno/kyverno/pkg/config"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -18,5 +20,5 @@ type Control struct {
//Delete deletes the specified resource
func (c Control) Delete(gr string) error {
- return c.client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(gr, &metav1.DeleteOptions{})
+ return c.client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(context.TODO(), gr, metav1.DeleteOptions{})
}
diff --git a/pkg/generate/controller.go b/pkg/generate/controller.go
index 432ff83531..7353cfd188 100644
--- a/pkg/generate/controller.go
+++ b/pkg/generate/controller.go
@@ -156,6 +156,18 @@ func (c *Controller) updatePolicy(old, cur interface{}) {
// Two different versions of the same replica set will always have different RVs.
return
}
+
+ var policyHasGenerate bool
+ for _, rule := range curP.Spec.Rules {
+ if rule.HasGenerate() {
+ policyHasGenerate = true
+ }
+ }
+
+ if !policyHasGenerate {
+ return
+ }
+
logger.V(4).Info("updating policy", "name", oldP.Name)
// get the list of GR for the current Policy version
grs, err := c.grLister.GetGenerateRequestsForClusterPolicy(curP.Name)
diff --git a/pkg/generate/generate.go b/pkg/generate/generate.go
index 935489e7ea..cfd7d15462 100644
--- a/pkg/generate/generate.go
+++ b/pkg/generate/generate.go
@@ -1,6 +1,7 @@
package generate
import (
+ contextdefault "context"
"encoding/json"
"fmt"
"reflect"
@@ -114,13 +115,13 @@ func (c *Controller) applyGenerate(resource unstructured.Unstructured, gr kyvern
// Removing GR if rule is failed. Used when the generate condition failed but gr exist
for _, r := range engineResponse.PolicyResponse.Rules {
if !r.Success {
- grList, err := c.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).List(metav1.ListOptions{})
+ grList, err := c.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).List(contextdefault.TODO(), metav1.ListOptions{})
if err != nil {
continue
}
for _, v := range grList.Items {
if engineResponse.PolicyResponse.Policy == v.Spec.Policy && engineResponse.PolicyResponse.Resource.Name == v.Spec.Resource.Name && engineResponse.PolicyResponse.Resource.Kind == v.Spec.Resource.Kind && engineResponse.PolicyResponse.Resource.Namespace == v.Spec.Resource.Namespace {
- err := c.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(v.GetName(), &metav1.DeleteOptions{})
+ err := c.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(contextdefault.TODO(), v.GetName(), metav1.DeleteOptions{})
if err != nil {
logger.Error(err, " failed to delete generate request")
}
@@ -367,12 +368,10 @@ func applyRule(log logr.Logger, client *dclient.Client, rule kyverno.Rule, resou
}
if isUpdate {
logger.V(4).Info("updating existing resource")
- // Update the resource
newResource.SetLabels(label)
_, err := client.UpdateResource(genAPIVersion, genKind, genNamespace, newResource, false)
if err != nil {
logger.Error(err, "updating existing resource")
- // Failed to update resource
return noGenResource, err
}
logger.V(4).Info("updated new resource")
@@ -383,13 +382,12 @@ func applyRule(log logr.Logger, client *dclient.Client, rule kyverno.Rule, resou
_, err := client.UpdateResource(genAPIVersion, genKind, genNamespace, resource, false)
if err != nil {
logger.Error(err, "updating existing resource")
- // Failed to update resource
return noGenResource, err
}
logger.V(4).Info("updated new resource")
}
- logger.V(4).Info("Synchronize resource is disabled")
+ logger.V(4).Info("Synchronize resource is disabled")
}
return newGenResource, nil
}
diff --git a/pkg/generate/status.go b/pkg/generate/status.go
index 99681c8c95..28c1a3c138 100644
--- a/pkg/generate/status.go
+++ b/pkg/generate/status.go
@@ -1,9 +1,12 @@
package generate
import (
+ "context"
+
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
"github.com/kyverno/kyverno/pkg/config"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/log"
)
@@ -24,7 +27,7 @@ func (sc StatusControl) Failed(gr kyverno.GenerateRequest, message string, genRe
gr.Status.Message = message
// Update Generated Resources
gr.Status.GeneratedResources = genResources
- _, err := sc.client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).UpdateStatus(&gr)
+ _, err := sc.client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).UpdateStatus(context.TODO(), &gr, v1.UpdateOptions{})
if err != nil {
log.Log.Error(err, "failed to update generate request status", "name", gr.Name)
return err
@@ -40,7 +43,7 @@ func (sc StatusControl) Success(gr kyverno.GenerateRequest, genResources []kyver
// Update Generated Resources
gr.Status.GeneratedResources = genResources
- _, err := sc.client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).UpdateStatus(&gr)
+ _, err := sc.client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).UpdateStatus(context.TODO(), &gr, v1.UpdateOptions{})
if err != nil {
log.Log.Error(err, "failed to update generate request status", "name", gr.Name)
return err
diff --git a/pkg/kyverno/apply/command.go b/pkg/kyverno/apply/command.go
index f2ee639ae9..0cba8c7b4c 100644
--- a/pkg/kyverno/apply/command.go
+++ b/pkg/kyverno/apply/command.go
@@ -3,45 +3,28 @@ package apply
import (
"bufio"
"encoding/json"
- "errors"
"fmt"
"io/ioutil"
- "reflect"
-
- "github.com/kyverno/kyverno/pkg/engine/context"
- "github.com/kyverno/kyverno/pkg/openapi"
- "k8s.io/apimachinery/pkg/util/yaml"
-
"os"
"path/filepath"
-
+ "reflect"
"strings"
"time"
+ v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
client "github.com/kyverno/kyverno/pkg/dclient"
-
- "github.com/kyverno/kyverno/pkg/utils"
-
+ "github.com/kyverno/kyverno/pkg/engine"
+ "github.com/kyverno/kyverno/pkg/engine/context"
"github.com/kyverno/kyverno/pkg/kyverno/common"
"github.com/kyverno/kyverno/pkg/kyverno/sanitizedError"
-
+ "github.com/kyverno/kyverno/pkg/openapi"
policy2 "github.com/kyverno/kyverno/pkg/policy"
-
- "k8s.io/apimachinery/pkg/runtime/schema"
-
- "github.com/kyverno/kyverno/pkg/engine"
-
- engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
-
- "k8s.io/apimachinery/pkg/runtime"
-
- "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
- v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
+ "github.com/kyverno/kyverno/pkg/utils"
"github.com/spf13/cobra"
yamlv2 "gopkg.in/yaml.v2"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ "k8s.io/apimachinery/pkg/util/yaml"
"k8s.io/cli-runtime/pkg/genericclioptions"
- "k8s.io/client-go/kubernetes/scheme"
log "sigs.k8s.io/controller-runtime/pkg/log"
)
@@ -187,13 +170,13 @@ func Command() *cobra.Command {
}
yamlBytes := []byte(resourceStr)
- resources, err = getResource(yamlBytes)
+ resources, err = common.GetResource(yamlBytes)
if err != nil {
return sanitizedError.NewWithError("failed to extract the resources", err)
}
}
} else {
- resources, err = getResources(policies, resourcePaths, dClient)
+ resources, err = common.GetResources(policies, resourcePaths, dClient)
if err != nil {
return sanitizedError.NewWithError("failed to load resources", err)
}
@@ -277,135 +260,6 @@ func Command() *cobra.Command {
return cmd
}
-func getResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient *client.Client) ([]*unstructured.Unstructured, error) {
- var resources []*unstructured.Unstructured
- var err error
-
- if dClient != nil {
- var resourceTypesMap = make(map[string]bool)
- var resourceTypes []string
- for _, policy := range policies {
- for _, rule := range policy.Spec.Rules {
- for _, kind := range rule.MatchResources.Kinds {
- resourceTypesMap[kind] = true
- }
- }
- }
-
- for kind := range resourceTypesMap {
- resourceTypes = append(resourceTypes, kind)
- }
-
- resources, err = getResourcesOfTypeFromCluster(resourceTypes, dClient)
- if err != nil {
- return nil, err
- }
- }
-
- for _, resourcePath := range resourcePaths {
- resourceBytes, err := getFileBytes(resourcePath)
- if err != nil {
- return nil, err
- }
- getResources, err := getResource(resourceBytes)
- if err != nil {
- return nil, err
- }
-
- for _, resource := range getResources {
- resources = append(resources, resource)
- }
- }
-
- return resources, nil
-}
-
-func getResourcesOfTypeFromCluster(resourceTypes []string, dClient *client.Client) ([]*unstructured.Unstructured, error) {
- var resources []*unstructured.Unstructured
-
- for _, kind := range resourceTypes {
- resourceList, err := dClient.ListResource("", kind, "", nil)
- if err != nil {
- return nil, err
- }
-
- version := resourceList.GetAPIVersion()
- for _, resource := range resourceList.Items {
- resource.SetGroupVersionKind(schema.GroupVersionKind{
- Group: "",
- Version: version,
- Kind: kind,
- })
- resources = append(resources, resource.DeepCopy())
- }
- }
-
- return resources, nil
-}
-
-func getFileBytes(path string) ([]byte, error) {
- file, err := ioutil.ReadFile(path)
- if err != nil {
- return nil, err
- }
- return file, err
-}
-
-func getResource(resourceBytes []byte) ([]*unstructured.Unstructured, error) {
- resources := make([]*unstructured.Unstructured, 0)
- var getErrString string
-
- files, splitDocError := utils.SplitYAMLDocuments(resourceBytes)
- if splitDocError != nil {
- return nil, splitDocError
- }
-
- for _, resourceYaml := range files {
- resource, err := convertResourceToUnstructured(resourceYaml)
- if err != nil {
- getErrString = getErrString + err.Error() + "\n"
- }
-
- resources = append(resources, resource)
- }
-
- if getErrString != "" {
- return nil, errors.New(getErrString)
- }
-
- return resources, nil
-}
-
-func convertResourceToUnstructured(resourceYaml []byte) (*unstructured.Unstructured, error) {
- decode := scheme.Codecs.UniversalDeserializer().Decode
- resourceObject, metaData, err := decode(resourceYaml, nil, nil)
- if err != nil {
- return nil, err
- }
-
- resourceUnstructured, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&resourceObject)
- if err != nil {
- return nil, err
- }
-
- resourceJSON, err := json.Marshal(resourceUnstructured)
- if err != nil {
- return nil, err
- }
-
- resource, err := engineutils.ConvertToUnstructured(resourceJSON)
- if err != nil {
- return nil, err
- }
-
- resource.SetGroupVersionKind(*metaData)
-
- if resource.GetNamespace() == "" {
- resource.SetNamespace("default")
- }
- return resource, nil
-}
-
// applyPolicyOnResource - function to apply policy on resource
func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, rc *resultCounts) error {
responseError := false
diff --git a/pkg/kyverno/apply/generate.go b/pkg/kyverno/apply/generate.go
new file mode 100644
index 0000000000..85e5a49ec9
--- /dev/null
+++ b/pkg/kyverno/apply/generate.go
@@ -0,0 +1,160 @@
+package apply
+
+import (
+ "reflect"
+
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ client "github.com/kyverno/kyverno/pkg/dclient"
+ "github.com/kyverno/kyverno/pkg/kyverno/sanitizedError"
+ apierrors "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ "sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+// generateCLIraw merges all policy reports to a singe cluster policy report
+func generateCLIraw(reports []*unstructured.Unstructured) (*unstructured.Unstructured, error) {
+ for _, report := range reports {
+ if report.GetNamespace() != "" {
+ report.SetNamespace("")
+ }
+ }
+
+ return mergeClusterReport(reports)
+}
+
+// generateToCluster updates the existing policy reports in the cluster
+// creates new report if not exist
+func generateToCluster(dClient *client.Client, reports []*unstructured.Unstructured) {
+ var clusterReports, namespaceReports []*unstructured.Unstructured
+ for _, report := range reports {
+ if report.GetNamespace() == "" {
+ clusterReports = append(clusterReports, report)
+ } else {
+ namespaceReports = append(namespaceReports, report)
+ }
+ }
+
+ if clusterReport, err := mergeClusterReport(clusterReports); err != nil {
+ log.Log.Error(err, "failed to merge cluster report")
+ } else {
+ if err := updateReport(dClient, clusterReport); err != nil {
+ log.Log.Error(err, "failed to update policy report", "report", clusterReport.GetName())
+ }
+ }
+
+ for _, report := range namespaceReports {
+ if err := updateReport(dClient, report); err != nil {
+ log.Log.Error(err, "failed to update policy report", "report", report.GetName())
+ }
+ }
+}
+
+func updateReport(dClient *client.Client, new *unstructured.Unstructured) error {
+ old, err := dClient.GetResource(new.GetAPIVersion(), new.GetKind(), new.GetNamespace(), new.GetName())
+ if err != nil {
+ if apierrors.IsNotFound(err) {
+ if _, err := dClient.CreateResource(new.GetAPIVersion(), new.GetKind(), new.GetNamespace(), new, false); err != nil {
+ return err
+ }
+ }
+ return err
+ }
+
+ oldResults, _, err := unstructured.NestedSlice(old.UnstructuredContent(), "results")
+ if err != nil {
+ log.Log.Error(err, "failed to get results entry")
+ }
+
+ newResults, _, err := unstructured.NestedSlice(new.UnstructuredContent(), "results")
+ if err != nil {
+ log.Log.Error(err, "failed to get results entry")
+ }
+
+ if reflect.DeepEqual(oldResults, newResults) {
+ log.Log.V(3).Info("policy report unchanged", "name", new.GetName())
+ return nil
+ }
+
+ _, err = dClient.UpdateResource(new.GetAPIVersion(), new.GetKind(), new.GetNamespace(), new, false)
+ return err
+}
+
+func mergeClusterReport(reports []*unstructured.Unstructured) (*unstructured.Unstructured, error) {
+ var resultsEntry []interface{}
+ res := &unstructured.Unstructured{}
+ res.SetName(clusterpolicyreport)
+ res.SetKind("ClusterPolicyReport")
+ res.SetAPIVersion("policy.k8s.io/v1alpha1")
+
+ for _, report := range reports {
+ if report.GetNamespace() != "" {
+ // skip namespace report
+ continue
+ }
+
+ mergeResults(report, &resultsEntry)
+ }
+
+ if err := unstructured.SetNestedSlice(res.Object, resultsEntry, "results"); err != nil {
+ return nil, sanitizedError.NewWithError("failed to set results entry", err)
+ }
+
+ summary := updateSummary(resultsEntry)
+ if err := unstructured.SetNestedField(res.Object, summary, "summary"); err != nil {
+ return nil, sanitizedError.NewWithError("failed to set summary", err)
+ }
+
+ return res, nil
+}
+
+func mergeResults(report *unstructured.Unstructured, results *[]interface{}) {
+ entries, ok, err := unstructured.NestedSlice(report.UnstructuredContent(), "results")
+ if err != nil {
+ log.Log.Error(err, "failed to get results entry", "report", report.GetName())
+ }
+
+ if ok {
+ *results = append(*results, entries...)
+ }
+}
+
+func updateSummary(results []interface{}) map[string]interface{} {
+ summary := make(map[string]interface{})
+
+ for _, result := range results {
+ typedResult, ok := result.(map[string]interface{})
+ if !ok {
+ continue
+ }
+
+ switch typedResult["status"].(string) {
+ case report.StatusPass:
+ resources, ok := typedResult["resources"].([]interface{})
+ if !ok {
+ continue
+ }
+
+ pass, _ := summary[report.StatusPass].(int64)
+ pass += int64(len(resources))
+ summary[report.StatusPass] = pass
+ case report.StatusFail:
+ fail, _ := summary[report.StatusFail].(int64)
+ fail++
+ summary[report.StatusFail] = fail
+ case report.StatusWarn:
+ warn, _ := summary[report.StatusWarn].(int64)
+ warn++
+ summary[report.StatusWarn] = warn
+ case report.StatusError:
+ e, _ := summary[report.StatusError].(int64)
+ e++
+ summary[report.StatusError] = e
+ case report.StatusSkip:
+ skip, _ := summary[report.StatusSkip].(int64)
+ skip++
+ summary[report.StatusSkip] = skip
+ }
+ }
+
+ return summary
+}
diff --git a/pkg/kyverno/apply/generate_test.go b/pkg/kyverno/apply/generate_test.go
new file mode 100644
index 0000000000..ec5650dca5
--- /dev/null
+++ b/pkg/kyverno/apply/generate_test.go
@@ -0,0 +1,151 @@
+package apply
+
+import (
+ "reflect"
+ "testing"
+
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ "gotest.tools/assert"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+func Test_mergeClusterReport(t *testing.T) {
+ reports := []*unstructured.Unstructured{
+ {
+ Object: map[string]interface{}{
+ "apiVersion": "policy.k8s.io/v1alpha1",
+ "kind": "PolicyReport",
+ "metadata": map[string]interface{}{
+ "name": "ns-polr-1",
+ "namespace": "ns-polr",
+ },
+ "results": []interface{}{
+ map[string]interface{}{
+ "policy": "ns-polr-1",
+ "status": report.StatusPass,
+ "resources": make([]interface{}, 10),
+ },
+ },
+ },
+ },
+ {
+ Object: map[string]interface{}{
+ "apiVersion": "policy.k8s.io/v1alpha1",
+ "kind": "PolicyReport",
+ "metadata": map[string]interface{}{
+ "name": "ns-polr-2",
+ },
+ "results": []interface{}{
+ map[string]interface{}{
+ "policy": "ns-polr-2",
+ "status": report.StatusPass,
+ "resources": make([]interface{}, 5),
+ },
+ },
+ },
+ },
+ {
+ Object: map[string]interface{}{
+ "metadata": map[string]interface{}{
+ "name": "polr-3",
+ },
+ "results": []interface{}{
+ map[string]interface{}{
+ "policy": "polr-3",
+ "status": report.StatusPass,
+ "resources": make([]interface{}, 1),
+ },
+ },
+ },
+ },
+ {
+ Object: map[string]interface{}{
+ "apiVersion": "policy.k8s.io/v1alpha1",
+ "kind": "ClusterPolicyReport",
+ "metadata": map[string]interface{}{
+ "name": "cpolr-4",
+ },
+ "results": []interface{}{
+ map[string]interface{}{
+ "policy": "cpolr-4",
+ "status": report.StatusFail,
+ },
+ },
+ },
+ },
+ {
+ Object: map[string]interface{}{
+ "apiVersion": "policy.k8s.io/v1alpha1",
+ "kind": "ClusterPolicyReport",
+ "metadata": map[string]interface{}{
+ "name": "cpolr-5",
+ },
+ "results": []interface{}{
+ map[string]interface{}{
+ "policy": "cpolr-5",
+ "status": report.StatusFail,
+ },
+ },
+ },
+ },
+ }
+
+ expectedResults := []interface{}{
+ map[string]interface{}{
+ "policy": "ns-polr-2",
+ "status": report.StatusPass,
+ "resources": make([]interface{}, 5),
+ },
+ map[string]interface{}{
+ "policy": "polr-3",
+ "status": report.StatusPass,
+ "resources": make([]interface{}, 1),
+ },
+ map[string]interface{}{
+ "policy": "cpolr-4",
+ "status": report.StatusFail,
+ },
+ map[string]interface{}{
+ "policy": "cpolr-5",
+ "status": report.StatusFail,
+ },
+ }
+
+ cpolr, err := mergeClusterReport(reports)
+ assert.NilError(t, err)
+
+ assert.Assert(t, cpolr.GetAPIVersion() == "policy.k8s.io/v1alpha1", cpolr.GetAPIVersion())
+ assert.Assert(t, cpolr.GetKind() == "ClusterPolicyReport", cpolr.GetKind())
+
+ entries, _, err := unstructured.NestedSlice(cpolr.UnstructuredContent(), "results")
+ assert.NilError(t, err)
+
+ assert.Assert(t, reflect.DeepEqual(entries, expectedResults), entries...)
+
+ summary, _, err := unstructured.NestedMap(cpolr.UnstructuredContent(), "summary")
+ assert.NilError(t, err)
+ assert.Assert(t, summary[report.StatusPass].(int64) == 6, summary[report.StatusPass])
+ assert.Assert(t, summary[report.StatusFail].(int64) == 2, summary[report.StatusFail])
+}
+
+func Test_updateSummary(t *testing.T) {
+ results := []interface{}{
+ map[string]interface{}{
+ "status": report.StatusPass,
+ "resources": make([]interface{}, 5),
+ },
+ map[string]interface{}{
+ "status": report.StatusFail,
+ },
+ map[string]interface{}{
+ "status": report.StatusFail,
+ },
+ map[string]interface{}{
+ "status": report.StatusFail,
+ },
+ }
+
+ summary := updateSummary(results)
+ assert.Assert(t, summary[report.StatusPass].(int64) == 5, summary[report.StatusPass])
+ assert.Assert(t, summary[report.StatusFail].(int64) == 3, summary[report.StatusFail])
+}
diff --git a/pkg/kyverno/apply/report.go b/pkg/kyverno/apply/report.go
new file mode 100644
index 0000000000..a0a3840d65
--- /dev/null
+++ b/pkg/kyverno/apply/report.go
@@ -0,0 +1,170 @@
+package apply
+
+import (
+ "encoding/json"
+ "fmt"
+ "strings"
+
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ "github.com/kyverno/kyverno/pkg/engine/response"
+ engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
+ "github.com/kyverno/kyverno/pkg/policyreport"
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ log "sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+const clusterpolicyreport = "clusterpolicyreport"
+
+// resps is the engine reponses generated for a single policy
+func buildPolicyReports(resps []response.EngineResponse) (res []*unstructured.Unstructured) {
+ var raw []byte
+ var err error
+
+ resultsMap := buildPolicyResults(resps)
+ for scope, result := range resultsMap {
+ if scope == clusterpolicyreport {
+ report := &report.ClusterPolicyReport{
+ TypeMeta: metav1.TypeMeta{
+ APIVersion: "policy.k8s.io/v1alpha1",
+ Kind: "ClusterPolicyReport",
+ },
+ Results: result,
+ Summary: calculateSummary(result),
+ }
+
+ report.SetName(scope)
+ if raw, err = json.Marshal(report); err != nil {
+ log.Log.Error(err, "failed to serilize policy report", "name", report.Name, "scope", scope)
+ }
+ } else {
+ report := &report.PolicyReport{
+ TypeMeta: metav1.TypeMeta{
+ APIVersion: "policy.k8s.io/v1alpha1",
+ Kind: "PolicyReport",
+ },
+ Results: result,
+ Summary: calculateSummary(result),
+ }
+
+ ns := strings.ReplaceAll(scope, "policyreport-ns-", "")
+ report.SetName(scope)
+ report.SetNamespace(ns)
+
+ if raw, err = json.Marshal(report); err != nil {
+ log.Log.Error(err, "failed to serilize policy report", "name", report.Name, "scope", scope)
+ }
+ }
+
+ reportUnstructured, err := engineutils.ConvertToUnstructured(raw)
+ if err != nil {
+ log.Log.Error(err, "failed to convert policy report", "scope", scope)
+ continue
+ }
+
+ res = append(res, reportUnstructured)
+ }
+
+ return
+}
+
+// buildPolicyResults returns a string-PolicyReportResult map
+// the key of the map is one of "clusterpolicyreport", "policyreport-ns-<namespace>"
+func buildPolicyResults(resps []response.EngineResponse) map[string][]*report.PolicyReportResult {
+ results := make(map[string][]*report.PolicyReportResult)
+ infos := policyreport.GeneratePRsFromEngineResponse(resps, log.Log)
+
+ for _, info := range infos {
+ var appname string
+
+ ns := info.Resource.GetNamespace()
+ if ns != "" {
+ appname = fmt.Sprintf("policyreport-ns-%s", ns)
+ } else {
+ appname = fmt.Sprintf(clusterpolicyreport)
+ }
+
+ for _, rule := range info.Rules {
+ result := report.PolicyReportResult{
+ Policy: info.PolicyName,
+ Resources: []*corev1.ObjectReference{
+ {
+ Kind: info.Resource.GetKind(),
+ Namespace: info.Resource.GetNamespace(),
+ APIVersion: info.Resource.GetAPIVersion(),
+ Name: info.Resource.GetName(),
+ UID: info.Resource.GetUID(),
+ },
+ },
+ Scored: true,
+ }
+
+ result.Rule = rule.Name
+ result.Message = rule.Message
+ result.Status = report.PolicyStatus(rule.Check)
+ results[appname] = append(results[appname], &result)
+ }
+ }
+
+ return mergeSucceededResults(results)
+}
+
+func mergeSucceededResults(results map[string][]*report.PolicyReportResult) map[string][]*report.PolicyReportResult {
+ resultsNew := make(map[string][]*report.PolicyReportResult)
+
+ for scope, scopedResults := range results {
+
+ resourcesMap := make(map[string]*report.PolicyReportResult)
+ for _, result := range scopedResults {
+ if result.Status != report.PolicyStatus("pass") {
+ resultsNew[scope] = append(resultsNew[scope], result)
+ continue
+ }
+
+ key := fmt.Sprintf("%s/%s", result.Policy, result.Rule)
+ if r, ok := resourcesMap[key]; !ok {
+ resourcesMap[key] = &report.PolicyReportResult{}
+ resourcesMap[key] = result
+ } else {
+ r.Resources = append(r.Resources, result.Resources...)
+ resourcesMap[key] = r
+ }
+ }
+
+ for k, v := range resourcesMap {
+ names := strings.Split(k, "/")
+ if len(names) != 2 {
+ continue
+ }
+
+ r := &report.PolicyReportResult{
+ Policy: names[0],
+ Rule: names[1],
+ Resources: v.Resources,
+ Status: report.PolicyStatus(v.Status),
+ }
+
+ resultsNew[scope] = append(resultsNew[scope], r)
+ }
+ }
+ return resultsNew
+}
+
+func calculateSummary(results []*report.PolicyReportResult) (summary report.PolicyReportSummary) {
+ for _, res := range results {
+ switch string(res.Status) {
+ case report.StatusPass:
+ summary.Pass += len(res.Resources)
+ case report.StatusFail:
+ summary.Fail++
+ case "warn":
+ summary.Warn++
+ case "error":
+ summary.Error++
+ case "skip":
+ summary.Skip++
+ }
+ }
+ return
+}
diff --git a/pkg/kyverno/apply/report_test.go b/pkg/kyverno/apply/report_test.go
new file mode 100644
index 0000000000..82ddea4e61
--- /dev/null
+++ b/pkg/kyverno/apply/report_test.go
@@ -0,0 +1,133 @@
+package apply
+
+import (
+ "os"
+ "testing"
+
+ preport "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ "github.com/kyverno/kyverno/pkg/common"
+ "github.com/kyverno/kyverno/pkg/engine/response"
+ "gotest.tools/assert"
+ v1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+var engineResponses = []response.EngineResponse{
+ {
+ PatchedResource: unstructured.Unstructured{
+ Object: map[string]interface{}{
+ "kind": "Pod",
+ "metadata": map[string]interface{}{
+ "name": "policy1-pod",
+ "namespace": "policy1-namespace",
+ },
+ },
+ },
+ PolicyResponse: response.PolicyResponse{
+ Policy: "policy1",
+ Resource: response.ResourceSpec{Name: "policy1-pod"},
+ Rules: []response.RuleResponse{
+ {
+ Name: "policy1-rule1",
+ Success: true,
+ },
+ {
+ Name: "policy1-rule2",
+ Success: false,
+ },
+ },
+ },
+ },
+ {
+ PatchedResource: unstructured.Unstructured{
+ Object: map[string]interface{}{
+ "kind": "ClusterRole",
+ "metadata": map[string]interface{}{
+ "name": "policy2-clusterrole",
+ },
+ },
+ },
+ PolicyResponse: response.PolicyResponse{
+ Policy: "clusterpolicy2",
+ Resource: response.ResourceSpec{Name: "policy2-clusterrole"},
+ Rules: []response.RuleResponse{
+ {
+ Name: "clusterpolicy2-rule1",
+ Success: true,
+ },
+ {
+ Name: "clusterpolicy2-rule2",
+ Success: false,
+ },
+ },
+ },
+ },
+}
+
+func Test_buildPolicyReports(t *testing.T) {
+ os.Setenv("POLICY-TYPE", common.PolicyReport)
+ reports := buildPolicyReports(engineResponses)
+ assert.Assert(t, len(reports) == 2, len(reports))
+
+ for _, report := range reports {
+ if report.GetNamespace() == "" {
+ assert.Assert(t, report.GetName() == clusterpolicyreport)
+ assert.Assert(t, report.GetKind() == "ClusterPolicyReport")
+ assert.Assert(t, len(report.UnstructuredContent()["results"].([]interface{})) == 2)
+ assert.Assert(t,
+ report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64) == 1,
+ report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64))
+ } else {
+ assert.Assert(t, report.GetName() == "policyreport-ns-policy1-namespace")
+ assert.Assert(t, report.GetKind() == "PolicyReport")
+ assert.Assert(t, len(report.UnstructuredContent()["results"].([]interface{})) == 2)
+ assert.Assert(t,
+ report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64) == 1,
+ report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64))
+ }
+ }
+}
+
+func Test_buildPolicyResults(t *testing.T) {
+ os.Setenv("POLICY-TYPE", common.PolicyReport)
+
+ results := buildPolicyResults(engineResponses)
+ assert.Assert(t, len(results[clusterpolicyreport]) == 2, len(results[clusterpolicyreport]))
+ assert.Assert(t, len(results["policyreport-ns-policy1-namespace"]) == 2, len(results["policyreport-ns-policy1-namespace"]))
+
+ for _, result := range results {
+ assert.Assert(t, len(result) == 2, len(result))
+ for _, r := range result {
+ switch r.Rule {
+ case "policy1-rule1", "clusterpolicy2-rule1":
+ assert.Assert(t, r.Status == report.PolicyStatus(preport.StatusPass))
+ case "policy1-rule2", "clusterpolicy2-rule2":
+ assert.Assert(t, r.Status == report.PolicyStatus(preport.StatusFail))
+ }
+ }
+ }
+}
+
+func Test_calculateSummary(t *testing.T) {
+ results := []*report.PolicyReportResult{
+ {
+ Resources: make([]*v1.ObjectReference, 5),
+ Status: report.PolicyStatus(preport.StatusPass),
+ },
+ {Status: report.PolicyStatus(preport.StatusFail)},
+ {Status: report.PolicyStatus(preport.StatusFail)},
+ {Status: report.PolicyStatus(preport.StatusFail)},
+ {
+ Resources: make([]*v1.ObjectReference, 1),
+ Status: report.PolicyStatus(preport.StatusPass)},
+ {
+ Resources: make([]*v1.ObjectReference, 4),
+ Status: report.PolicyStatus(preport.StatusPass),
+ },
+ }
+
+ summary := calculateSummary(results)
+ assert.Assert(t, summary.Pass == 10)
+ assert.Assert(t, summary.Fail == 3)
+}
diff --git a/pkg/kyverno/common/fetch.go b/pkg/kyverno/common/fetch.go
new file mode 100644
index 0000000000..837b36f0b3
--- /dev/null
+++ b/pkg/kyverno/common/fetch.go
@@ -0,0 +1,150 @@
+package common
+
+import (
+ "encoding/json"
+ "errors"
+ "io/ioutil"
+
+ v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
+ client "github.com/kyverno/kyverno/pkg/dclient"
+ engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
+ "github.com/kyverno/kyverno/pkg/utils"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/runtime/schema"
+ "k8s.io/client-go/kubernetes/scheme"
+)
+
+// GetResources gets matched resources by the given policies
+// the resources are fetched from
+// - local paths to resources, if given
+// - the k8s cluster, if given
+func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient *client.Client) ([]*unstructured.Unstructured, error) {
+ var resources []*unstructured.Unstructured
+ var err error
+
+ if dClient != nil {
+ var resourceTypesMap = make(map[string]bool)
+ var resourceTypes []string
+ for _, policy := range policies {
+ for _, rule := range policy.Spec.Rules {
+ for _, kind := range rule.MatchResources.Kinds {
+ resourceTypesMap[kind] = true
+ }
+ }
+ }
+
+ for kind := range resourceTypesMap {
+ resourceTypes = append(resourceTypes, kind)
+ }
+
+ resources, err = getResourcesOfTypeFromCluster(resourceTypes, dClient)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ for _, resourcePath := range resourcePaths {
+ resourceBytes, err := getFileBytes(resourcePath)
+ if err != nil {
+ return nil, err
+ }
+ getResources, err := GetResource(resourceBytes)
+ if err != nil {
+ return nil, err
+ }
+
+ for _, resource := range getResources {
+ resources = append(resources, resource)
+ }
+ }
+
+ return resources, nil
+}
+
+// GetResource converts raw bytes to unstructured object
+func GetResource(resourceBytes []byte) ([]*unstructured.Unstructured, error) {
+ resources := make([]*unstructured.Unstructured, 0)
+ var getErrString string
+
+ files, splitDocError := utils.SplitYAMLDocuments(resourceBytes)
+ if splitDocError != nil {
+ return nil, splitDocError
+ }
+
+ for _, resourceYaml := range files {
+ resource, err := convertResourceToUnstructured(resourceYaml)
+ if err != nil {
+ getErrString = getErrString + err.Error() + "\n"
+ }
+
+ resources = append(resources, resource)
+ }
+
+ if getErrString != "" {
+ return nil, errors.New(getErrString)
+ }
+
+ return resources, nil
+}
+
+func getResourcesOfTypeFromCluster(resourceTypes []string, dClient *client.Client) ([]*unstructured.Unstructured, error) {
+ var resources []*unstructured.Unstructured
+
+ for _, kind := range resourceTypes {
+ resourceList, err := dClient.ListResource("", kind, "", nil)
+ if err != nil {
+ return nil, err
+ }
+
+ version := resourceList.GetAPIVersion()
+ for _, resource := range resourceList.Items {
+ resource.SetGroupVersionKind(schema.GroupVersionKind{
+ Group: "",
+ Version: version,
+ Kind: kind,
+ })
+ resources = append(resources, resource.DeepCopy())
+ }
+ }
+
+ return resources, nil
+}
+
+func getFileBytes(path string) ([]byte, error) {
+ file, err := ioutil.ReadFile(path)
+ if err != nil {
+ return nil, err
+ }
+ return file, err
+}
+
+func convertResourceToUnstructured(resourceYaml []byte) (*unstructured.Unstructured, error) {
+ decode := scheme.Codecs.UniversalDeserializer().Decode
+ resourceObject, metaData, err := decode(resourceYaml, nil, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ resourceUnstructured, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&resourceObject)
+ if err != nil {
+ return nil, err
+ }
+
+ resourceJSON, err := json.Marshal(resourceUnstructured)
+ if err != nil {
+ return nil, err
+ }
+
+ resource, err := engineutils.ConvertToUnstructured(resourceJSON)
+ if err != nil {
+ return nil, err
+ }
+
+ resource.SetGroupVersionKind(*metaData)
+
+ if resource.GetNamespace() == "" {
+ resource.SetNamespace("default")
+ }
+ return resource, nil
+}
diff --git a/pkg/kyverno/common/regex.go b/pkg/kyverno/common/regex.go
index e1cbefebc7..f4a87e1827 100644
--- a/pkg/kyverno/common/regex.go
+++ b/pkg/kyverno/common/regex.go
@@ -5,4 +5,4 @@ import (
)
var REGEX_VARIABLES = regexp.MustCompile(`\{\{[^{}]*\}\}`)
-var ALLOWED_VARIABLES = regexp.MustCompile(`\{\{\s*[request\.|serviceAccountName|serviceAccountNamespace][^{}]*\}\}`)
\ No newline at end of file
+var ALLOWED_VARIABLES = regexp.MustCompile(`\{\{\s*[request\.|serviceAccountName|serviceAccountNamespace][^{}]*\}\}`)
diff --git a/pkg/kyverno/main.go b/pkg/kyverno/main.go
index fa7ddccf00..4af3465edf 100644
--- a/pkg/kyverno/main.go
+++ b/pkg/kyverno/main.go
@@ -4,16 +4,13 @@ import (
"flag"
"os"
- "github.com/kyverno/kyverno/pkg/kyverno/validate"
-
"github.com/kyverno/kyverno/pkg/kyverno/apply"
-
+ "github.com/kyverno/kyverno/pkg/kyverno/validate"
"github.com/kyverno/kyverno/pkg/kyverno/version"
+ "github.com/spf13/cobra"
"k8s.io/klog"
"k8s.io/klog/klogr"
log "sigs.k8s.io/controller-runtime/pkg/log"
-
- "github.com/spf13/cobra"
)
func CLI() {
diff --git a/pkg/openapi/crdSync.go b/pkg/openapi/crdSync.go
index f425f625d3..62ef675dd7 100644
--- a/pkg/openapi/crdSync.go
+++ b/pkg/openapi/crdSync.go
@@ -1,27 +1,22 @@
package openapi
import (
+ "context"
"encoding/json"
"errors"
"fmt"
"strings"
- v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
- runtimeSchema "k8s.io/apimachinery/pkg/runtime/schema"
-
- "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
- "gopkg.in/yaml.v2"
-
- "sigs.k8s.io/controller-runtime/pkg/log"
-
- "github.com/googleapis/gnostic/compiler"
-
openapi_v2 "github.com/googleapis/gnostic/OpenAPIv2"
+ "github.com/googleapis/gnostic/compiler"
"github.com/kyverno/kyverno/pkg/constant"
client "github.com/kyverno/kyverno/pkg/dclient"
+ "gopkg.in/yaml.v2"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ runtimeSchema "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/wait"
+ "sigs.k8s.io/controller-runtime/pkg/log"
)
type crdSync struct {
@@ -91,7 +86,7 @@ func (c *crdSync) sync() {
Group: "apiextensions.k8s.io",
Version: "v1beta1",
Resource: "customresourcedefinitions",
- }).List(v1.ListOptions{})
+ }).List(context.TODO(), v1.ListOptions{})
if err != nil {
log.Log.Error(err, "could not fetch crd's from server")
return
diff --git a/pkg/policy/cleanup.go b/pkg/policy/cleanup.go
deleted file mode 100644
index efb906c1a0..0000000000
--- a/pkg/policy/cleanup.go
+++ /dev/null
@@ -1,103 +0,0 @@
-package policy
-
-import (
- "fmt"
- "reflect"
-
- "github.com/go-logr/logr"
- kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
- "github.com/kyverno/kyverno/pkg/engine/response"
- "k8s.io/apimachinery/pkg/labels"
-)
-
-func (pc *PolicyController) cleanUp(ers []response.EngineResponse) {
- for _, er := range ers {
- if !er.IsSuccessful() {
- continue
- }
- if len(er.PolicyResponse.Rules) == 0 {
- continue
- }
- // clean up after the policy has been corrected
- pc.cleanUpPolicyViolation(er.PolicyResponse)
- }
-}
-
-func (pc *PolicyController) cleanUpPolicyViolation(pResponse response.PolicyResponse) {
- logger := pc.log
- // - check if there is violation on resource (label:Selector)
- if pResponse.Resource.Namespace == "" {
- pv, err := getClusterPV(pc.cpvLister, pResponse.Policy, pResponse.Resource.Kind, pResponse.Resource.Name, logger)
- if err != nil {
- logger.Error(err, "failed to get cluster policy violation on policy and resource", "policy", pResponse.Policy, "kind", pResponse.Resource.Kind, "name", pResponse.Resource.Name)
- return
- }
-
- if reflect.DeepEqual(pv, kyverno.ClusterPolicyViolation{}) {
- return
- }
- if err := pc.pvControl.DeleteClusterPolicyViolation(pv.Name); err != nil {
- logger.Error(err, "failed to delete cluster policy violation", "name", pv.Name)
- } else {
- logger.Info("deleted cluster policy violation", "name", pv.Name)
- }
- return
- }
-
- // namespace policy violation
- nspv, err := getNamespacedPV(pc.nspvLister, pResponse.Policy, pResponse.Resource.Kind, pResponse.Resource.Namespace, pResponse.Resource.Name, logger)
- if err != nil {
- logger.Error(err, "failed to get namespaced policy violation on policy and resource", "policy", pResponse.Policy, "kind", pResponse.Resource.Kind, "namespace", pResponse.Resource.Namespace, "name", pResponse.Resource.Name)
- return
- }
-
- if reflect.DeepEqual(nspv, kyverno.PolicyViolation{}) {
- return
- }
- if err := pc.pvControl.DeleteNamespacedPolicyViolation(nspv.Namespace, nspv.Name); err != nil {
- logger.Error(err, "failed to delete cluster policy violation", "name", nspv.Name, "namespace", nspv.Namespace)
- } else {
- logger.Info("deleted namespaced policy violation", "name", nspv.Name, "namespace", nspv.Namespace)
- }
-}
-
-// Wont do the claiming of objects, just lookup based on selectors
-func getClusterPV(pvLister kyvernolister.ClusterPolicyViolationLister, policyName, rkind, rname string, log logr.Logger) (kyverno.ClusterPolicyViolation, error) {
- var err error
- // Check Violation on resource
- pvs, err := pvLister.List(labels.Everything())
- if err != nil {
- log.Error(err, "failed to list cluster policy violations")
- return kyverno.ClusterPolicyViolation{}, fmt.Errorf("failed to list cluster pv: %v", err)
- }
-
- for _, pv := range pvs {
- // find a policy on same resource and policy combination
- if pv.Spec.Policy == policyName &&
- pv.Spec.ResourceSpec.Kind == rkind &&
- pv.Spec.ResourceSpec.Name == rname {
- return *pv, nil
- }
- }
- return kyverno.ClusterPolicyViolation{}, nil
-}
-
-func getNamespacedPV(nspvLister kyvernolister.PolicyViolationLister, policyName, rkind, rnamespace, rname string, log logr.Logger) (kyverno.PolicyViolation, error) {
- nspvs, err := nspvLister.PolicyViolations(rnamespace).List(labels.Everything())
- if err != nil {
- log.Error(err, "failed to list namespaced policy violation")
- return kyverno.PolicyViolation{}, fmt.Errorf("failed to list namespaced pv: %v", err)
- }
-
- for _, nspv := range nspvs {
- // find a policy on same resource and policy combination
- if nspv.Spec.Policy == policyName &&
- nspv.Spec.ResourceSpec.Kind == rkind &&
- nspv.Spec.ResourceSpec.Name == rname {
- return *nspv, nil
- }
- }
-
- return kyverno.PolicyViolation{}, nil
-}
diff --git a/pkg/policy/clusterpv.go b/pkg/policy/clusterpv.go
deleted file mode 100644
index 473266effc..0000000000
--- a/pkg/policy/clusterpv.go
+++ /dev/null
@@ -1,132 +0,0 @@
-package policy
-
-import (
- kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- "k8s.io/client-go/tools/cache"
-)
-
-func (pc *PolicyController) addClusterPolicyViolation(obj interface{}) {
- pv := obj.(*kyverno.ClusterPolicyViolation)
- logger := pc.log.WithValues("kind", pv.Kind, "namespace", pv.Namespace, "name", pv.Name)
-
- if pv.DeletionTimestamp != nil {
- // On a restart of the controller manager, it's possible for an object to
- // show up in a state that is already pending deletion.
- pc.deleteClusterPolicyViolation(pv)
- return
- }
-
- ps := pc.getPolicyForClusterPolicyViolation(pv)
- if len(ps) == 0 {
- // there is no cluster policy for this violation, so we can delete this cluster policy violation
- logger.V(4).Info("Cluster Policy Violation does not belong to an active policy, will be cleaned up")
- if err := pc.pvControl.DeleteClusterPolicyViolation(pv.Name); err != nil {
- logger.Error(err, "failed to delete resource")
- return
- }
- logger.V(4).Info("resource deleted")
- return
- }
- logger.V(4).Info("resource added")
- for _, p := range ps {
- pc.enqueuePolicy(p)
- }
-}
-
-func (pc *PolicyController) updateClusterPolicyViolation(old, cur interface{}) {
- curPV := cur.(*kyverno.ClusterPolicyViolation)
- oldPV := old.(*kyverno.ClusterPolicyViolation)
- if curPV.ResourceVersion == oldPV.ResourceVersion {
- // Periodic resync will send update events for all known Policy Violation.
- // Two different versions of the same replica set will always have different RVs.
- return
- }
- logger := pc.log.WithValues("kind", curPV.Kind, "namespace", curPV.Namespace, "name", curPV.Name)
-
- ps := pc.getPolicyForClusterPolicyViolation(curPV)
- if len(ps) == 0 {
- // there is no cluster policy for this violation, so we can delete this cluster policy violation
- logger.V(4).Info("Cluster Policy Violation does not belong to an active policy, will be cleanedup")
- if err := pc.pvControl.DeleteClusterPolicyViolation(curPV.Name); err != nil {
- logger.Error(err, "failed to delete resource")
- return
- }
- logger.V(4).Info("resource deleted")
- return
- }
- logger.V(4).Info("resource updated")
- for _, p := range ps {
- pc.enqueuePolicy(p)
- }
-}
-
-// deletePolicyViolation enqueues the Policy that manages a PolicyViolation when
-// the PolicyViolation is deleted. obj could be an *kyverno.CusterPolicyViolation, or
-// a DeletionFinalStateUnknown marker item.
-
-func (pc *PolicyController) deleteClusterPolicyViolation(obj interface{}) {
- logger := pc.log
- pv, ok := obj.(*kyverno.ClusterPolicyViolation)
- // When a delete is dropped, the relist will notice a PolicyViolation in the store not
- // in the list, leading to the insertion of a tombstone object which contains
- // the deleted key/value. Note that this value might be stale. If the PolicyViolation
- // changed labels the new Policy will not be woken up till the periodic resync.
- if !ok {
- tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
- if !ok {
- logger.Info("Couldn't get object from tombstone", "obj", obj)
- return
- }
- pv, ok = tombstone.Obj.(*kyverno.ClusterPolicyViolation)
- if !ok {
- logger.Info("Couldn't get object from tombstone", "obj", obj)
- return
- }
- }
- logger = logger.WithValues("kind", pv.Kind, "namespace", pv.Namespace, "name", pv.Name)
- ps := pc.getPolicyForClusterPolicyViolation(pv)
- if len(ps) == 0 {
- // there is no cluster policy for this violation, so we can delete this cluster policy violation
- logger.V(4).Info("Cluster Policy Violation does not belong to an active policy, will be cleanedup")
- if err := pc.pvControl.DeleteClusterPolicyViolation(pv.Name); err != nil {
- logger.Error(err, "failed to delete resource")
- return
- }
- logger.V(4).Info("resource deleted")
- return
- }
- logger.V(4).Info("resource updated")
- for _, p := range ps {
- pc.enqueuePolicy(p)
- }
-}
-
-func (pc *PolicyController) getPolicyForClusterPolicyViolation(pv *kyverno.ClusterPolicyViolation) []*kyverno.ClusterPolicy {
- logger := pc.log.WithValues("kind", pv.Kind, "namespace", pv.Namespace, "name", pv.Name)
- policies, err := pc.pLister.GetPolicyForPolicyViolation(pv)
- if err != nil || len(policies) == 0 {
- return nil
- }
- // Because all PolicyViolations's belonging to a Policy should have a unique label key,
- // there should never be more than one Policy returned by the above method.
- // If that happens we should probably dynamically repair the situation by ultimately
- // trying to clean up one of the controllers, for now we just return the older one
- if len(policies) > 1 {
- // ControllerRef will ensure we don't do anything crazy, but more than one
- // item in this list nevertheless constitutes user error.
- logger.V(4).Info("user error! more than one policy is selecting policy violation", "labels", pv.Labels, "policy", policies[0].Name)
- }
- return policies
-}
-func (pc *PolicyController) getClusterPolicyViolationForPolicy(policy string) ([]*kyverno.ClusterPolicyViolation, error) {
- policySelector, err := buildPolicyLabel(policy)
- if err != nil {
- return nil, err
- }
- // Get List of cluster policy violation
- cpvList, err := pc.cpvLister.List(policySelector)
- if err != nil {
- return nil, err
- }
- return cpvList, nil
-}
diff --git a/pkg/policy/common.go b/pkg/policy/common.go
index 2029e7cd5f..f564963901 100644
--- a/pkg/policy/common.go
+++ b/pkg/policy/common.go
@@ -2,12 +2,19 @@ package policy
import (
"fmt"
+ "reflect"
"strings"
+ "github.com/go-logr/logr"
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
+ "github.com/kyverno/kyverno/pkg/config"
+ client "github.com/kyverno/kyverno/pkg/dclient"
+ "github.com/kyverno/kyverno/pkg/utils"
+ "github.com/minio/minio/pkg/wildcard"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/labels"
+ listerv1 "k8s.io/client-go/listers/core/v1"
"sigs.k8s.io/controller-runtime/pkg/log"
)
@@ -45,13 +52,13 @@ func convertPoliciesToClusterPolicies(nsPolicies []*kyverno.Policy) []*kyverno.C
return cpols
}
-// convertPolicyToClusterPolicy - convert Policy to ClusterPolicy
-func convertPolicyToClusterPolicy(nsPolicies *kyverno.Policy) *kyverno.ClusterPolicy {
+// ConvertPolicyToClusterPolicy - convert Policy to ClusterPolicy
+func ConvertPolicyToClusterPolicy(nsPolicies *kyverno.Policy) *kyverno.ClusterPolicy {
cpol := kyverno.ClusterPolicy(*nsPolicies)
return &cpol
}
-func getIsNamespacedPolicy(key string) (string, string, bool) {
+func parseNamespacedPolicy(key string) (string, string, bool) {
namespace := ""
index := strings.Index(key, "/")
if index != -1 {
@@ -61,3 +68,235 @@ func getIsNamespacedPolicy(key string) (string, string, bool) {
}
return namespace, key, false
}
+
+// merge b into a map
+func MergeResources(a, b map[string]unstructured.Unstructured) {
+ for k, v := range b {
+ a[k] = v
+ }
+}
+
+// excludePod filter out the pods with ownerReference
+func ExcludePod(resourceMap map[string]unstructured.Unstructured, log logr.Logger) map[string]unstructured.Unstructured {
+ for uid, r := range resourceMap {
+ if r.GetKind() != "Pod" {
+ continue
+ }
+
+ if len(r.GetOwnerReferences()) > 0 {
+ log.V(4).Info("exclude Pod", "namespace", r.GetNamespace(), "name", r.GetName())
+ delete(resourceMap, uid)
+ }
+ }
+
+ return resourceMap
+}
+
+func GetNamespacesForRule(rule *kyverno.Rule, nslister listerv1.NamespaceLister, log logr.Logger) []string {
+ if len(rule.MatchResources.Namespaces) == 0 {
+ return GetAllNamespaces(nslister, log)
+ }
+
+ var wildcards []string
+ var results []string
+ for _, nsName := range rule.MatchResources.Namespaces {
+ if HasWildcard(nsName) {
+ wildcards = append(wildcards, nsName)
+ }
+
+ results = append(results, nsName)
+ }
+
+ if len(wildcards) > 0 {
+ wildcardMatches := GetMatchingNamespaces(wildcards, nslister, log)
+ results = append(results, wildcardMatches...)
+ }
+
+ return results
+}
+
+func HasWildcard(s string) bool {
+ if s == "" {
+ return false
+ }
+
+ return strings.Contains(s, "*") || strings.Contains(s, "?")
+}
+
+func GetMatchingNamespaces(wildcards []string, nslister listerv1.NamespaceLister, log logr.Logger) []string {
+ all := GetAllNamespaces(nslister, log)
+ if len(all) == 0 {
+ return all
+ }
+
+ var results []string
+ for _, wc := range wildcards {
+ for _, ns := range all {
+ if wildcard.Match(wc, ns) {
+ results = append(results, ns)
+ }
+ }
+ }
+
+ return results
+}
+
+func GetAllNamespaces(nslister listerv1.NamespaceLister, log logr.Logger) []string {
+ var results []string
+ namespaces, err := nslister.List(labels.NewSelector())
+ if err != nil {
+ log.Error(err, "Failed to list namespaces")
+ }
+ for _, n := range namespaces {
+ name := n.GetName()
+ results = append(results, name)
+ }
+
+ return results
+}
+
+func GetResourcesPerNamespace(kind string, client *client.Client, namespace string, rule kyverno.Rule, configHandler config.Interface, log logr.Logger) map[string]unstructured.Unstructured {
+ resourceMap := map[string]unstructured.Unstructured{}
+ ls := rule.MatchResources.Selector
+
+ if kind == "Namespace" {
+ namespace = ""
+ }
+
+ list, err := client.ListResource("", kind, namespace, ls)
+ if err != nil {
+ log.Error(err, "failed to list resources", "kind", kind, "namespace", namespace)
+ return nil
+ }
+ // filter based on name
+ for _, r := range list.Items {
+ if r.GetDeletionTimestamp() != nil {
+ continue
+ }
+
+ if r.GetKind() == "Pod" {
+ if !isRunningPod(r) {
+ continue
+ }
+ }
+
+ // match name
+ if rule.MatchResources.Name != "" {
+ if !wildcard.Match(rule.MatchResources.Name, r.GetName()) {
+ continue
+ }
+ }
+ // Skip the filtered resources
+ if configHandler.ToFilter(r.GetKind(), r.GetNamespace(), r.GetName()) {
+ continue
+ }
+
+ //TODO check if the group version kind is present or not
+ resourceMap[string(r.GetUID())] = r
+ }
+
+ // exclude the resources
+ // skip resources to be filtered
+ ExcludeResources(resourceMap, rule.ExcludeResources.ResourceDescription, configHandler, log)
+ return resourceMap
+}
+
+func ExcludeResources(included map[string]unstructured.Unstructured, exclude kyverno.ResourceDescription, configHandler config.Interface, log logr.Logger) {
+ if reflect.DeepEqual(exclude, (kyverno.ResourceDescription{})) {
+ return
+ }
+ excludeName := func(name string) Condition {
+ if exclude.Name == "" {
+ return NotEvaluate
+ }
+ if wildcard.Match(exclude.Name, name) {
+ return Skip
+ }
+ return Process
+ }
+
+ excludeNamespace := func(namespace string) Condition {
+ if len(exclude.Namespaces) == 0 {
+ return NotEvaluate
+ }
+ if utils.ContainsNamepace(exclude.Namespaces, namespace) {
+ return Skip
+ }
+ return Process
+ }
+
+ excludeSelector := func(labelsMap map[string]string) Condition {
+ if exclude.Selector == nil {
+ return NotEvaluate
+ }
+ selector, err := metav1.LabelSelectorAsSelector(exclude.Selector)
+ // if the label selector is incorrect, should be fail or
+ if err != nil {
+ log.Error(err, "failed to build label selector")
+ return Skip
+ }
+ if selector.Matches(labels.Set(labelsMap)) {
+ return Skip
+ }
+ return Process
+ }
+
+ findKind := func(kind string, kinds []string) bool {
+ for _, k := range kinds {
+ if k == kind {
+ return true
+ }
+ }
+ return false
+ }
+
+ excludeKind := func(kind string) Condition {
+ if len(exclude.Kinds) == 0 {
+ return NotEvaluate
+ }
+
+ if findKind(kind, exclude.Kinds) {
+ return Skip
+ }
+
+ return Process
+ }
+
+ // check exclude condition for each resource
+ for uid, resource := range included {
+ // 0 -> dont check
+ // 1 -> is not to be exclude
+ // 2 -> to be exclude
+ excludeEval := []Condition{}
+
+ if ret := excludeName(resource.GetName()); ret != NotEvaluate {
+ excludeEval = append(excludeEval, ret)
+ }
+ if ret := excludeNamespace(resource.GetNamespace()); ret != NotEvaluate {
+ excludeEval = append(excludeEval, ret)
+ }
+ if ret := excludeSelector(resource.GetLabels()); ret != NotEvaluate {
+ excludeEval = append(excludeEval, ret)
+ }
+ if ret := excludeKind(resource.GetKind()); ret != NotEvaluate {
+ excludeEval = append(excludeEval, ret)
+ }
+ // exclude the filtered resources
+ if configHandler.ToFilter(resource.GetKind(), resource.GetNamespace(), resource.GetName()) {
+ delete(included, uid)
+ continue
+ }
+
+ func() bool {
+ for _, ret := range excludeEval {
+ if ret == Process {
+ // Process the resources
+ continue
+ }
+ }
+ // Skip the resource from processing
+ delete(included, uid)
+ return false
+ }()
+ }
+}
diff --git a/pkg/policy/controller.go b/pkg/policy/controller.go
index e334965cd1..2394086a35 100644
--- a/pkg/policy/controller.go
+++ b/pkg/policy/controller.go
@@ -1,32 +1,34 @@
package policy
import (
+ "context"
"fmt"
"math/rand"
+ "os"
+ "reflect"
"time"
- "k8s.io/apimachinery/pkg/labels"
-
- informers "k8s.io/client-go/informers/core/v1"
-
"github.com/go-logr/logr"
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
+ "github.com/kyverno/kyverno/pkg/common"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/constant"
client "github.com/kyverno/kyverno/pkg/dclient"
"github.com/kyverno/kyverno/pkg/event"
- "github.com/kyverno/kyverno/pkg/policyviolation"
+ "github.com/kyverno/kyverno/pkg/policyreport"
"github.com/kyverno/kyverno/pkg/resourcecache"
"github.com/kyverno/kyverno/pkg/webhookconfig"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/labels"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/wait"
+ informers "k8s.io/client-go/informers/core/v1"
typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
listerv1 "k8s.io/client-go/listers/core/v1"
"k8s.io/client-go/tools/cache"
@@ -51,9 +53,6 @@ type PolicyController struct {
eventGen event.Interface
eventRecorder record.EventRecorder
- //pvControl is used for adoptin/releasing policy violation
- pvControl PVControlInterface
-
// Policys that need to be synced
queue workqueue.RateLimitingInterface
@@ -66,25 +65,19 @@ type PolicyController struct {
// grLister can list/get generate request from the shared informer's store
grLister kyvernolister.GenerateRequestLister
- // pvLister can list/get policy violation from the shared informer's store
- cpvLister kyvernolister.ClusterPolicyViolationLister
-
- // nspvLister can list/get namespaced policy violation from the shared informer's store
- nspvLister kyvernolister.PolicyViolationLister
-
// nsLister can list/get namespacecs from the shared informer's store
nsLister listerv1.NamespaceLister
- // pListerSynced returns true if the Policy store has been synced at least once
+ // pListerSynced returns true if the cluster policy store has been synced at least once
pListerSynced cache.InformerSynced
- // npListerSynced returns true if the Policy store has been synced at least once
+ // npListerSynced returns true if the namespace policy store has been synced at least once
npListerSynced cache.InformerSynced
- // pvListerSynced returns true if the Policy store has been synced at least once
+ // pvListerSynced returns true if the cluster policy violation store has been synced at least once
cpvListerSynced cache.InformerSynced
- // pvListerSynced returns true if the Policy Violation store has been synced at least once
+ // pvListerSynced returns true if the policy violation store has been synced at least once
nspvListerSynced cache.InformerSynced
// nsListerSynced returns true if the namespace store has been synced at least once
@@ -98,16 +91,16 @@ type PolicyController struct {
// helpers to validate against current loaded configuration
configHandler config.Interface
- // policy violation generator
- pvGenerator policyviolation.GeneratorInterface
+ // policy report generator
+ prGenerator policyreport.GeneratorInterface
// resourceWebhookWatcher queues the webhook creation request, creates the webhook
resourceWebhookWatcher *webhookconfig.ResourceWebhookRegister
- log logr.Logger
-
// resCache - controls creation and fetching of resource informer cache
resCache resourcecache.ResourceCacheIface
+
+ log logr.Logger
}
// NewPolicyController create a new PolicyController
@@ -115,16 +108,14 @@ func NewPolicyController(kyvernoClient *kyvernoclient.Clientset,
client *client.Client,
pInformer kyvernoinformer.ClusterPolicyInformer,
npInformer kyvernoinformer.PolicyInformer,
- cpvInformer kyvernoinformer.ClusterPolicyViolationInformer,
- nspvInformer kyvernoinformer.PolicyViolationInformer,
grInformer kyvernoinformer.GenerateRequestInformer,
- configHandler config.Interface, eventGen event.Interface,
- pvGenerator policyviolation.GeneratorInterface,
+ configHandler config.Interface,
+ eventGen event.Interface,
+ prGenerator policyreport.GeneratorInterface,
resourceWebhookWatcher *webhookconfig.ResourceWebhookRegister,
namespaces informers.NamespaceInformer,
log logr.Logger,
- resCache resourcecache.ResourceCacheIface,
-) (*PolicyController, error) {
+ resCache resourcecache.ResourceCacheIface) (*PolicyController, error) {
// Event broad caster
eventBroadcaster := record.NewBroadcaster()
@@ -142,48 +133,32 @@ func NewPolicyController(kyvernoClient *kyvernoclient.Clientset,
eventRecorder: eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: "policy_controller"}),
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "policy"),
configHandler: configHandler,
- pvGenerator: pvGenerator,
+ prGenerator: prGenerator,
resourceWebhookWatcher: resourceWebhookWatcher,
log: log,
resCache: resCache,
}
- pc.pvControl = RealPVControl{Client: kyvernoClient, Recorder: pc.eventRecorder}
-
pInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
AddFunc: pc.addPolicy,
UpdateFunc: pc.updatePolicy,
DeleteFunc: pc.deletePolicy,
})
- // Policy informer event handler
+
npInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
AddFunc: pc.addNsPolicy,
UpdateFunc: pc.updateNsPolicy,
DeleteFunc: pc.deleteNsPolicy,
})
- cpvInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
- AddFunc: pc.addClusterPolicyViolation,
- UpdateFunc: pc.updateClusterPolicyViolation,
- DeleteFunc: pc.deleteClusterPolicyViolation,
- })
-
- nspvInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
- AddFunc: pc.addNamespacedPolicyViolation,
- UpdateFunc: pc.updateNamespacedPolicyViolation,
- DeleteFunc: pc.deleteNamespacedPolicyViolation,
- })
-
pc.pLister = pInformer.Lister()
pc.npLister = npInformer.Lister()
- pc.cpvLister = cpvInformer.Lister()
- pc.nspvLister = nspvInformer.Lister()
+
pc.nsLister = namespaces.Lister()
pc.grLister = grInformer.Lister()
pc.pListerSynced = pInformer.Informer().HasSynced
pc.npListerSynced = npInformer.Informer().HasSynced
- pc.cpvListerSynced = cpvInformer.Informer().HasSynced
- pc.nspvListerSynced = nspvInformer.Informer().HasSynced
+
pc.nsListerSynced = namespaces.Informer().HasSynced
pc.grListerSynced = grInformer.Informer().HasSynced
@@ -230,7 +205,14 @@ func (pc *PolicyController) updatePolicy(old, cur interface{}) {
return
}
+ if reflect.DeepEqual(oldP.Spec, curP.Spec) {
+ return
+ }
+
logger.V(4).Info("updating policy", "name", oldP.Name)
+ if os.Getenv("POLICY-TYPE") == common.PolicyReport {
+ pc.enqueueDeletedRule(oldP, curP)
+ }
pc.enqueuePolicy(curP)
}
@@ -261,7 +243,7 @@ func (pc *PolicyController) deletePolicy(obj interface{}) {
func (pc *PolicyController) addNsPolicy(obj interface{}) {
logger := pc.log
p := obj.(*kyverno.Policy)
- pol := convertPolicyToClusterPolicy(p)
+ pol := ConvertPolicyToClusterPolicy(p)
if !pc.canBackgroundProcess(pol) {
return
}
@@ -273,12 +255,19 @@ func (pc *PolicyController) updateNsPolicy(old, cur interface{}) {
logger := pc.log
oldP := old.(*kyverno.Policy)
curP := cur.(*kyverno.Policy)
- ncurP := convertPolicyToClusterPolicy(curP)
+ ncurP := ConvertPolicyToClusterPolicy(curP)
if !pc.canBackgroundProcess(ncurP) {
return
}
+ if reflect.DeepEqual(oldP.Spec, curP.Spec) {
+ return
+ }
+
logger.V(4).Info("updating namespace policy", "namespace", oldP.Namespace, "name", oldP.Name)
+ if os.Getenv("POLICY-TYPE") == common.PolicyReport {
+ pc.enqueueDeletedRule(ConvertPolicyToClusterPolicy(oldP), ncurP)
+ }
pc.enqueuePolicy(ncurP)
}
@@ -298,7 +287,7 @@ func (pc *PolicyController) deleteNsPolicy(obj interface{}) {
return
}
}
- pol := convertPolicyToClusterPolicy(p)
+ pol := ConvertPolicyToClusterPolicy(p)
logger.V(4).Info("deleting namespace policy", "namespace", pol.Namespace, "name", pol.Name)
// we process policies that are not set of background processing as we need to perform policy violation
@@ -306,6 +295,24 @@ func (pc *PolicyController) deleteNsPolicy(obj interface{}) {
pc.enqueuePolicy(pol)
}
+func (pc *PolicyController) enqueueDeletedRule(old, cur *kyverno.ClusterPolicy) {
+ curRule := make(map[string]bool)
+ for _, rule := range cur.Spec.Rules {
+ curRule[rule.Name] = true
+ }
+
+ for _, rule := range old.Spec.Rules {
+ if !curRule[rule.Name] {
+ pc.prGenerator.Add(policyreport.Info{
+ PolicyName: cur.GetName(),
+ Rules: []kyverno.ViolatedRule{
+ {Name: rule.Name},
+ },
+ })
+ }
+ }
+}
+
func (pc *PolicyController) enqueuePolicy(policy *kyverno.ClusterPolicy) {
logger := pc.log
key, err := cache.MetaNamespaceKeyFunc(policy)
@@ -326,7 +333,7 @@ func (pc *PolicyController) Run(workers int, stopCh <-chan struct{}) {
logger.Info("starting")
defer logger.Info("shutting down")
- if !cache.WaitForCacheSync(stopCh, pc.pListerSynced, pc.cpvListerSynced, pc.nspvListerSynced, pc.nsListerSynced, pc.grListerSynced) {
+ if !cache.WaitForCacheSync(stopCh, pc.pListerSynced, pc.npListerSynced, pc.nsListerSynced, pc.grListerSynced) {
logger.Info("failed to sync informer cache")
return
}
@@ -334,7 +341,6 @@ func (pc *PolicyController) Run(workers int, stopCh <-chan struct{}) {
for i := 0; i < workers; i++ {
go wait.Until(pc.worker, constant.PolicyControllerResync, stopCh)
}
-
<-stopCh
}
@@ -388,141 +394,63 @@ func (pc *PolicyController) syncPolicy(key string) error {
logger.V(4).Info("finished syncing policy", "key", key, "processingTime", time.Since(startTime).String())
}()
- namespace, key, isNamespacedPolicy := getIsNamespacedPolicy(key)
- var policy *kyverno.ClusterPolicy
- var err error
grList, err := pc.grLister.List(labels.Everything())
if err != nil {
logger.Error(err, "failed to list generate request")
}
+ var policy *kyverno.ClusterPolicy
+ namespace, key, isNamespacedPolicy := parseNamespacedPolicy(key)
if !isNamespacedPolicy {
policy, err = pc.pLister.Get(key)
} else {
var nspolicy *kyverno.Policy
nspolicy, err = pc.npLister.Policies(namespace).Get(key)
- policy = convertPolicyToClusterPolicy(nspolicy)
+ policy = ConvertPolicyToClusterPolicy(nspolicy)
}
- if errors.IsNotFound(err) {
- for _, v := range grList {
- if key == v.Spec.Policy {
- err := pc.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(v.GetName(), &metav1.DeleteOptions{})
- if err != nil {
- logger.Error(err, "failed to delete gr")
- }
- }
- }
- go pc.deletePolicyViolations(key)
+ if err != nil {
// remove webhook configurations if there are no policies
if err := pc.removeResourceWebhookConfiguration(); err != nil {
logger.Error(err, "failed to remove resource webhook configurations")
}
- return nil
+ if errors.IsNotFound(err) {
+ for _, v := range grList {
+ if key == v.Spec.Policy {
+ err := pc.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(context.TODO(), v.GetName(), metav1.DeleteOptions{})
+ if err != nil {
+ logger.Error(err, "failed to delete gr")
+ }
+ }
+ }
+
+ go pc.removeResultsEntryFromPolicyReport(key)
+ return nil
+ }
+ return err
}
+
for _, v := range grList {
if policy.Name == v.Spec.Policy {
v.SetLabels(map[string]string{
"policy-update": fmt.Sprintf("revision-count-%d", rand.Intn(100000)),
})
- _, err := pc.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Update(v)
+ _, err := pc.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Update(context.TODO(), v, metav1.UpdateOptions{})
if err != nil {
- logger.Error(err, "failed to update gr")
- return err
+ logger.Error(err, "failed to update gr", "policy", policy.GetName(), "gr", v.GetName())
}
}
}
pc.resourceWebhookWatcher.RegisterResourceWebhook()
-
engineResponses := pc.processExistingResources(policy)
pc.cleanupAndReport(engineResponses)
return nil
}
-func (pc *PolicyController) deletePolicyViolations(key string) {
- cpv, err := pc.deleteClusterPolicyViolations(key)
- if err != nil {
- pc.log.Error(err, "failed to delete policy violations", "policy", key)
- }
-
- npv, err := pc.deleteNamespacedPolicyViolations(key)
- if err != nil {
- pc.log.Error(err, "failed to delete policy violations", "policy", key)
- }
-
- pc.log.Info("deleted policy violations", "policy", key, "count", cpv+npv)
-}
-
-func (pc *PolicyController) deleteClusterPolicyViolations(policy string) (int, error) {
- cpvList, err := pc.getClusterPolicyViolationForPolicy(policy)
- if err != nil {
- return 0, err
- }
-
- count := 0
- for _, cpv := range cpvList {
- if err := pc.pvControl.DeleteClusterPolicyViolation(cpv.Name); err != nil {
- pc.log.Error(err, "failed to delete policy violation", "name", cpv.Name)
- } else {
- count++
- }
- }
-
- return count, nil
-}
-
-func (pc *PolicyController) deleteNamespacedPolicyViolations(policy string) (int, error) {
- nspvList, err := pc.getNamespacedPolicyViolationForPolicy(policy)
- if err != nil {
- return 0, err
- }
-
- count := 0
- for _, nspv := range nspvList {
- if err := pc.pvControl.DeleteNamespacedPolicyViolation(nspv.Namespace, nspv.Name); err != nil {
- pc.log.Error(err, "failed to delete policy violation", "name", nspv.Name)
- } else {
- count++
- }
- }
-
- return count, nil
-}
-
-func (pc *PolicyController) getNamespacedPolicyViolationForPolicy(policy string) ([]*kyverno.PolicyViolation, error) {
- policySelector, err := buildPolicyLabel(policy)
- if err != nil {
- return nil, err
- }
- // Get List of cluster policy violation
- nspvList, err := pc.nspvLister.List(policySelector)
- if err != nil {
- return nil, err
- }
- return nspvList, nil
-
-}
-
-//PVControlInterface provides interface to operate on policy violation resource
-type PVControlInterface interface {
- DeleteClusterPolicyViolation(name string) error
- DeleteNamespacedPolicyViolation(ns, name string) error
-}
-
-// RealPVControl is the default implementation of PVControlInterface.
-type RealPVControl struct {
- Client kyvernoclient.Interface
- Recorder record.EventRecorder
-}
-
-//DeleteClusterPolicyViolation deletes the policy violation
-func (r RealPVControl) DeleteClusterPolicyViolation(name string) error {
- return r.Client.KyvernoV1().ClusterPolicyViolations().Delete(name, &metav1.DeleteOptions{})
-}
-
-//DeleteNamespacedPolicyViolation deletes the namespaced policy violation
-func (r RealPVControl) DeleteNamespacedPolicyViolation(ns, name string) error {
- return r.Client.KyvernoV1().PolicyViolations(ns).Delete(name, &metav1.DeleteOptions{})
+func (pc *PolicyController) removeResultsEntryFromPolicyReport(policyName string) {
+ pc.prGenerator.Add(policyreport.Info{
+ PolicyName: policyName,
+ })
}
diff --git a/pkg/policy/existing.go b/pkg/policy/existing.go
index d94e4e17ab..a4aab74fd1 100644
--- a/pkg/policy/existing.go
+++ b/pkg/policy/existing.go
@@ -1,24 +1,14 @@
package policy
import (
- "reflect"
- "strings"
"sync"
"time"
- listerv1 "k8s.io/client-go/listers/core/v1"
-
"github.com/go-logr/logr"
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- "github.com/kyverno/kyverno/pkg/config"
- client "github.com/kyverno/kyverno/pkg/dclient"
"github.com/kyverno/kyverno/pkg/engine"
"github.com/kyverno/kyverno/pkg/engine/response"
- "github.com/kyverno/kyverno/pkg/utils"
- "github.com/minio/minio/pkg/wildcard"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
- "k8s.io/apimachinery/pkg/labels"
)
func (pc *PolicyController) processExistingResources(policy *kyverno.ClusterPolicy) []response.EngineResponse {
@@ -62,13 +52,13 @@ func (pc *PolicyController) listResources(policy *kyverno.ClusterPolicy) map[str
}
if !resourceSchema.Namespaced {
- rMap := getResourcesPerNamespace(k, pc.client, "", rule, pc.configHandler, pc.log)
- mergeResources(resourceMap, rMap)
+ rMap := GetResourcesPerNamespace(k, pc.client, "", rule, pc.configHandler, pc.log)
+ MergeResources(resourceMap, rMap)
} else {
- namespaces := getNamespacesForRule(&rule, pc.nsLister, pc.log)
+ namespaces := GetNamespacesForRule(&rule, pc.nsLister, pc.log)
for _, ns := range namespaces {
- rMap := getResourcesPerNamespace(k, pc.client, ns, rule, pc.configHandler, pc.log)
- mergeResources(resourceMap, rMap)
+ rMap := GetResourcesPerNamespace(k, pc.client, ns, rule, pc.configHandler, pc.log)
+ MergeResources(resourceMap, rMap)
}
}
}
@@ -89,216 +79,6 @@ func excludeAutoGenResources(policy kyverno.ClusterPolicy, resourceMap map[strin
return resourceMap
}
-func getNamespacesForRule(rule *kyverno.Rule, nslister listerv1.NamespaceLister, log logr.Logger) []string {
- if len(rule.MatchResources.Namespaces) == 0 {
- return getAllNamespaces(nslister, log)
- }
-
- var wildcards []string
- var results []string
- for _, nsName := range rule.MatchResources.Namespaces {
- if hasWildcard(nsName) {
- wildcards = append(wildcards, nsName)
- }
-
- results = append(results, nsName)
- }
-
- if len(wildcards) > 0 {
- wildcardMatches := getMatchingNamespaces(wildcards, nslister, log)
- results = append(results, wildcardMatches...)
- }
-
- return results
-}
-
-func hasWildcard(s string) bool {
- if s == "" {
- return false
- }
-
- return strings.Contains(s, "*") || strings.Contains(s, "?")
-}
-
-func getMatchingNamespaces(wildcards []string, nslister listerv1.NamespaceLister, log logr.Logger) []string {
- all := getAllNamespaces(nslister, log)
- if len(all) == 0 {
- return all
- }
-
- var results []string
- for _, wc := range wildcards {
- for _, ns := range all {
- if wildcard.Match(wc, ns) {
- results = append(results, ns)
- }
- }
- }
-
- return results
-}
-
-func getAllNamespaces(nslister listerv1.NamespaceLister, log logr.Logger) []string {
- var results []string
- namespaces, err := nslister.List(labels.NewSelector())
- if err != nil {
- log.Error(err, "Failed to list namespaces")
- }
-
- for _, n := range namespaces {
- name := n.GetName()
- results = append(results, name)
- }
-
- return results
-}
-
-func getResourcesPerNamespace(kind string, client *client.Client, namespace string, rule kyverno.Rule, configHandler config.Interface, log logr.Logger) map[string]unstructured.Unstructured {
- resourceMap := map[string]unstructured.Unstructured{}
- ls := rule.MatchResources.Selector
-
- if kind == "Namespace" {
- namespace = ""
- }
-
- list, err := client.ListResource("", kind, namespace, ls)
- if err != nil {
- log.Error(err, "failed to list resources", "kind", kind, "namespace", namespace)
- return nil
- }
- // filter based on name
- for _, r := range list.Items {
- if r.GetDeletionTimestamp() != nil {
- continue
- }
-
- if r.GetKind() == "Pod" {
- if !isRunningPod(r) {
- continue
- }
- }
-
- // match name
- if rule.MatchResources.Name != "" {
- if !wildcard.Match(rule.MatchResources.Name, r.GetName()) {
- continue
- }
- }
- // Skip the filtered resources
- if configHandler.ToFilter(r.GetKind(), r.GetNamespace(), r.GetName()) {
- continue
- }
-
- //TODO check if the group version kind is present or not
- resourceMap[string(r.GetUID())] = r
- }
-
- // exclude the resources
- // skip resources to be filtered
- excludeResources(resourceMap, rule.ExcludeResources.ResourceDescription, configHandler, log)
- return resourceMap
-}
-
-func excludeResources(included map[string]unstructured.Unstructured, exclude kyverno.ResourceDescription, configHandler config.Interface, log logr.Logger) {
- if reflect.DeepEqual(exclude, (kyverno.ResourceDescription{})) {
- return
- }
- excludeName := func(name string) Condition {
- if exclude.Name == "" {
- return NotEvaluate
- }
- if wildcard.Match(exclude.Name, name) {
- return Skip
- }
- return Process
- }
-
- excludeNamespace := func(namespace string) Condition {
- if len(exclude.Namespaces) == 0 {
- return NotEvaluate
- }
- if utils.ContainsNamepace(exclude.Namespaces, namespace) {
- return Skip
- }
- return Process
- }
-
- excludeSelector := func(labelsMap map[string]string) Condition {
- if exclude.Selector == nil {
- return NotEvaluate
- }
- selector, err := metav1.LabelSelectorAsSelector(exclude.Selector)
- // if the label selector is incorrect, should be fail or
- if err != nil {
- log.Error(err, "failed to build label selector")
- return Skip
- }
- if selector.Matches(labels.Set(labelsMap)) {
- return Skip
- }
- return Process
- }
-
- findKind := func(kind string, kinds []string) bool {
- for _, k := range kinds {
- if k == kind {
- return true
- }
- }
- return false
- }
-
- excludeKind := func(kind string) Condition {
- if len(exclude.Kinds) == 0 {
- return NotEvaluate
- }
-
- if findKind(kind, exclude.Kinds) {
- return Skip
- }
-
- return Process
- }
-
- // check exclude condition for each resource
- for uid, resource := range included {
- // 0 -> dont check
- // 1 -> is not to be exclude
- // 2 -> to be exclude
- excludeEval := []Condition{}
-
- if ret := excludeName(resource.GetName()); ret != NotEvaluate {
- excludeEval = append(excludeEval, ret)
- }
- if ret := excludeNamespace(resource.GetNamespace()); ret != NotEvaluate {
- excludeEval = append(excludeEval, ret)
- }
- if ret := excludeSelector(resource.GetLabels()); ret != NotEvaluate {
- excludeEval = append(excludeEval, ret)
- }
- if ret := excludeKind(resource.GetKind()); ret != NotEvaluate {
- excludeEval = append(excludeEval, ret)
- }
- // exclude the filtered resources
- if configHandler.ToFilter(resource.GetKind(), resource.GetNamespace(), resource.GetName()) {
- delete(included, uid)
- continue
- }
-
- func() bool {
- for _, ret := range excludeEval {
- if ret == Process {
- // Process the resources
- continue
- }
- }
- // Skip the resource from processing
- delete(included, uid)
- return false
- }()
- }
-}
-
//Condition defines condition type
type Condition int
diff --git a/pkg/policy/namespacedpv.go b/pkg/policy/namespacedpv.go
deleted file mode 100644
index 6c35fefd65..0000000000
--- a/pkg/policy/namespacedpv.go
+++ /dev/null
@@ -1,137 +0,0 @@
-package policy
-
-import (
- kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- "k8s.io/apimachinery/pkg/api/errors"
- cache "k8s.io/client-go/tools/cache"
-)
-
-func (pc *PolicyController) addNamespacedPolicyViolation(obj interface{}) {
- pv := obj.(*kyverno.PolicyViolation)
- logger := pc.log.WithValues("kind", pv.GetObjectKind(), "namespace", pv.Namespace, "name", pv.Name)
-
- if pv.DeletionTimestamp != nil {
- // On a restart of the controller manager, it's possible for an object to
- // show up in a state that is already pending deletion.
- pc.deleteNamespacedPolicyViolation(pv)
- return
- }
-
- ps := pc.getPolicyForNamespacedPolicyViolation(pv)
-
- if len(ps) == 0 {
- // there is no cluster policy for this violation, so we can delete this cluster policy violation
- logger.V(4).Info("namespaced policy violation does not belong to an active policy, will be cleaned up")
- if err := pc.pvControl.DeleteNamespacedPolicyViolation(pv.Namespace, pv.Name); err != nil {
- logger.Error(err, "failed to delete resource")
- return
- }
- logger.V(4).Info("resource deleted")
- return
- }
-
- logger.V(4).Info("resource added")
- for _, p := range ps {
- pc.enqueuePolicy(p)
- }
-}
-
-func (pc *PolicyController) updateNamespacedPolicyViolation(old, cur interface{}) {
- curPV := cur.(*kyverno.PolicyViolation)
- oldPV := old.(*kyverno.PolicyViolation)
- if curPV.ResourceVersion == oldPV.ResourceVersion {
- // Periodic resync will send update events for all known Policy Violation.
- // Two different versions of the same replica set will always have different RVs.
- return
- }
- logger := pc.log.WithValues("kind", curPV.Kind, "namespace", curPV.Namespace, "name", curPV.Name)
-
- ps := pc.getPolicyForNamespacedPolicyViolation(curPV)
-
- if len(ps) == 0 {
- // there is no namespaced policy for this violation, so we can delete this cluster policy violation
- logger.V(4).Info("nameapced policy violation does not belong to an active policy, will be cleanedup")
- if err := pc.pvControl.DeleteNamespacedPolicyViolation(curPV.Namespace, curPV.Name); err != nil {
- logger.Error(err, "failed to delete resource")
- return
- }
- logger.V(4).Info("resource deleted")
- return
- }
- logger.V(4).Info("resource updated")
- for _, p := range ps {
- pc.enqueuePolicy(p)
- }
-
-}
-
-func (pc *PolicyController) deleteNamespacedPolicyViolation(obj interface{}) {
- logger := pc.log
- pv, ok := obj.(*kyverno.PolicyViolation)
- // When a delete is dropped, the relist will notice a PolicyViolation in the store not
- // in the list, leading to the insertion of a tombstone object which contains
- // the deleted key/value. Note that this value might be stale. If the PolicyViolation
- // changed labels the new Policy will not be woken up till the periodic resync.
- if !ok {
- tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
- if !ok {
- logger.Info("Couldn't get object from tombstone", "obj", obj)
- return
- }
- pv, ok = tombstone.Obj.(*kyverno.PolicyViolation)
- if !ok {
- logger.Info("Couldn't get object from tombstone", "obj", obj)
- return
- }
- }
-
- logger = logger.WithValues("kind", pv.GetObjectKind(), "namespace", pv.Namespace, "name", pv.Name)
- ps := pc.getPolicyForNamespacedPolicyViolation(pv)
- if len(ps) == 0 {
- // there is no cluster policy for this violation, so we can delete this cluster policy violation
- logger.V(4).Info("namespaced policy violation does not belong to an active policy, will be cleaned up")
- if err := pc.pvControl.DeleteNamespacedPolicyViolation(pv.Namespace, pv.Name); err != nil {
- if !errors.IsNotFound(err) {
- logger.Error(err, "failed to delete resource")
- return
- }
- }
-
- logger.V(4).Info("resource deleted")
- return
- }
-
- logger.V(4).Info("resource updated")
- for _, p := range ps {
- pc.enqueuePolicy(p)
- }
-}
-
-func (pc *PolicyController) getPolicyForNamespacedPolicyViolation(pv *kyverno.PolicyViolation) []*kyverno.ClusterPolicy {
- logger := pc.log.WithValues("kind", pv.Kind, "namespace", pv.Namespace, "name", pv.Name)
- // Check for NamespacePolicies
- nspol, err := pc.npLister.GetPolicyForPolicyViolation(pv)
- if err != nil {
- logger.V(4).Info("missing namespace policy for namespaced policy violation", "reason", err.Error())
- return nil
- }
- if len(nspol) > 0 {
- return convertPoliciesToClusterPolicies(nspol)
- }
- policies, err := pc.pLister.GetPolicyForNamespacedPolicyViolation(pv)
-
- if err != nil || len(policies) == 0 {
- logger.V(4).Info("missing policy for namespaced policy violation", "reason", err.Error())
- return nil
- }
- // Because all PolicyViolations's belonging to a Policy should have a unique label key,
- // there should never be more than one Policy returned by the above method.
- // If that happens we should probably dynamically repair the situation by ultimately
- // trying to clean up one of the controllers, for now we just return the older one
- if len(policies) > 1 {
- // ControllerRef will ensure we don't do anything crazy, but more than one
- // item in this list nevertheless constitutes user error.
- logger.V(4).Info("user error! more than one policy is selecting policy violation", "labels", pv.Labels, "policy", policies[0].Name)
- }
- return policies
-}
diff --git a/pkg/policy/report.go b/pkg/policy/report.go
index 300989c3ca..ed5ef74ba6 100644
--- a/pkg/policy/report.go
+++ b/pkg/policy/report.go
@@ -6,7 +6,7 @@ import (
"github.com/go-logr/logr"
"github.com/kyverno/kyverno/pkg/engine/response"
"github.com/kyverno/kyverno/pkg/event"
- "github.com/kyverno/kyverno/pkg/policyviolation"
+ "github.com/kyverno/kyverno/pkg/policyreport"
)
// for each policy-resource response
@@ -18,16 +18,12 @@ func (pc *PolicyController) cleanupAndReport(engineResponses []response.EngineRe
eventInfos := generateEvents(pc.log, engineResponses)
pc.eventGen.Add(eventInfos...)
// create policy violation
- pvInfos := policyviolation.GeneratePVsFromEngineResponse(engineResponses, logger)
+ pvInfos := policyreport.GeneratePRsFromEngineResponse(engineResponses, logger)
for i := range pvInfos {
pvInfos[i].FromSync = true
}
- pc.pvGenerator.Add(pvInfos...)
- // cleanup existing violations if any
- // if there is any error in clean up, we dont re-queue the resource
- // it will be re-tried in the next controller cache resync
- pc.cleanUp(engineResponses)
+ pc.prGenerator.Add(pvInfos...)
}
func generateEvents(log logr.Logger, ers []response.EngineResponse) []event.Info {
diff --git a/pkg/policy/validate.go b/pkg/policy/validate.go
index d580c09678..f56a567645 100644
--- a/pkg/policy/validate.go
+++ b/pkg/policy/validate.go
@@ -66,14 +66,13 @@ func Validate(policyRaw []byte, client *dclient.Client, mock bool, openAPIContro
return fmt.Errorf("path: spec.rules[%d]: %v", i, err)
}
-
-
// validate Cluster Resources in namespaced cluster policy
// For namespaced cluster policy, ClusterResource type field and values are not allowed in match and exclude
if !mock && p.ObjectMeta.Namespace != "" {
var Empty struct{}
clusterResourcesMap := make(map[string]*struct{})
// Get all the cluster type kind supported by cluster
+
res, err := client.GetDiscoveryCache().ServerPreferredResources()
if err != nil {
return err
@@ -449,13 +448,13 @@ func validateRuleType(r kyverno.Rule) error {
return nil
}
-func validateRuleContext(rule kyverno.Rule) (error) {
+func validateRuleContext(rule kyverno.Rule) error {
if rule.Context == nil || len(rule.Context) == 0 {
return nil
}
for _, entry := range rule.Context {
- if entry.Name == ""{
+ if entry.Name == "" {
return fmt.Errorf("a name is required for context entries")
}
diff --git a/pkg/policyreport/builder.go b/pkg/policyreport/builder.go
new file mode 100755
index 0000000000..28a0d535f2
--- /dev/null
+++ b/pkg/policyreport/builder.go
@@ -0,0 +1,253 @@
+package policyreport
+
+import (
+ "fmt"
+ "os"
+ "reflect"
+
+ "github.com/go-logr/logr"
+ kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
+ request "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
+ "github.com/kyverno/kyverno/pkg/common"
+ "github.com/kyverno/kyverno/pkg/config"
+ "github.com/kyverno/kyverno/pkg/engine/response"
+ "github.com/kyverno/kyverno/pkg/engine/utils"
+ v1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ "k8s.io/apimachinery/pkg/runtime"
+)
+
+const (
+ clusterreportchangerequest string = "clusterreportchangerequest"
+ deletedLabelResource string = "kyverno.io/delete.resource"
+ deletedLabelResourceKind string = "kyverno.io/delete.resource.kind"
+ deletedLabelPolicy string = "kyverno.io/delete.policy"
+ deletedLabelRule string = "kyverno.io/delete.rule"
+)
+
+func generatePolicyReportName(ns string) string {
+ if ns == "" {
+ return clusterpolicyreport
+ }
+ return fmt.Sprintf("policyreport-ns-%s", ns)
+}
+
+//GeneratePRsFromEngineResponse generate Violations from engine responses
+func GeneratePRsFromEngineResponse(ers []response.EngineResponse, log logr.Logger) (pvInfos []Info) {
+ for _, er := range ers {
+ // ignore creation of PV for resources that are yet to be assigned a name
+ if er.PolicyResponse.Resource.Name == "" {
+ log.V(4).Info("resource does no have a name assigned yet, not creating a policy violation", "resource", er.PolicyResponse.Resource)
+ continue
+ }
+ // skip when response succeed
+ if os.Getenv("POLICY-TYPE") != common.PolicyReport {
+ if er.IsSuccessful() {
+ continue
+ }
+ }
+ // build policy violation info
+ pvInfos = append(pvInfos, buildPVInfo(er))
+ }
+
+ return pvInfos
+}
+
+// Builder builds report change request struct
+// this is base type of namespaced and cluster policy report
+type Builder interface {
+ build(info Info) (*unstructured.Unstructured, error)
+}
+
+type requestBuilder struct {
+ cpolLister kyvernolister.ClusterPolicyLister
+ polLister kyvernolister.PolicyLister
+}
+
+func NewBuilder(cpolLister kyvernolister.ClusterPolicyLister, polLister kyvernolister.PolicyLister) *requestBuilder {
+ return &requestBuilder{cpolLister: cpolLister, polLister: polLister}
+}
+
+func (builder *requestBuilder) build(info Info) (req *unstructured.Unstructured, err error) {
+ results := []*report.PolicyReportResult{}
+ for _, rule := range info.Rules {
+ if rule.Type != utils.Validation.String() {
+ continue
+ }
+
+ result := &report.PolicyReportResult{
+ Policy: info.PolicyName,
+ Resources: []*v1.ObjectReference{
+ {
+ Kind: info.Resource.GetKind(),
+ Namespace: info.Resource.GetNamespace(),
+ APIVersion: info.Resource.GetAPIVersion(),
+ Name: info.Resource.GetName(),
+ UID: info.Resource.GetUID(),
+ },
+ },
+ Scored: true,
+ Category: builder.fetchCategory(info.PolicyName, info.Resource.GetNamespace()),
+ }
+
+ result.Rule = rule.Name
+ result.Message = rule.Message
+ result.Status = report.PolicyStatus(rule.Check)
+ results = append(results, result)
+ }
+
+ if info.Resource.GetNamespace() != "" {
+ rr := &request.ReportChangeRequest{
+ Summary: calculateSummary(results),
+ Results: results,
+ }
+
+ obj, err := runtime.DefaultUnstructuredConverter.ToUnstructured(rr)
+ if err != nil {
+ return nil, err
+ }
+
+ req = &unstructured.Unstructured{Object: obj}
+ set(req, fmt.Sprintf("reportchangerequest-%s-%s-%s", info.PolicyName, info.Resource.GetNamespace(), info.Resource.GetName()), info)
+ } else {
+ rr := &request.ClusterReportChangeRequest{
+ Summary: calculateSummary(results),
+ Results: results,
+ }
+
+ obj, err := runtime.DefaultUnstructuredConverter.ToUnstructured(rr)
+ if err != nil {
+ return nil, err
+ }
+ req = &unstructured.Unstructured{Object: obj}
+ set(req, fmt.Sprintf("%s-%s", clusterreportchangerequest, info.Resource.GetName()), info)
+ }
+
+ // deletion of a result entry
+ // - on resource deleteion:
+ // - info.Rules == 0 && info.PolicyName == ""
+ // - set label delete.resource=resourceKind-resourceNamespace-resourceName
+ // - on policy deleteion:
+ // - info.PolicyName != "" && info.Resource == {}
+ // - set label delete.policy=policyName
+ if len(info.Rules) == 0 && info.PolicyName == "" {
+ req.SetLabels(map[string]string{
+ "namespace": info.Resource.GetNamespace(),
+ deletedLabelResource: info.Resource.GetName(),
+ deletedLabelResourceKind: info.Resource.GetKind()})
+ } else if info.PolicyName != "" && reflect.DeepEqual(info.Resource, unstructured.Unstructured{}) {
+ req.SetKind("ReportChangeRequest")
+
+ if len(info.Rules) == 0 {
+ req.SetLabels(map[string]string{
+ deletedLabelPolicy: info.PolicyName})
+
+ req.SetName(fmt.Sprintf("reportchangerequest-%s", info.PolicyName))
+ } else {
+ req.SetLabels(map[string]string{
+ deletedLabelPolicy: info.PolicyName,
+ deletedLabelRule: info.Rules[0].Name})
+ req.SetName(fmt.Sprintf("reportchangerequest-%s-%s", info.PolicyName, info.Rules[0].Name))
+ }
+ } else if len(results) == 0 {
+ // return nil on empty result without a deletion
+ return nil, nil
+ }
+
+ return req, nil
+}
+
+func set(obj *unstructured.Unstructured, name string, info Info) {
+ resource := info.Resource
+ obj.SetName(name)
+ obj.SetNamespace(config.KubePolicyNamespace)
+ obj.SetAPIVersion(request.SchemeGroupVersion.Group + "/" + request.SchemeGroupVersion.Version)
+ if resource.GetNamespace() == "" {
+ obj.SetKind("ClusterReportChangeRequest")
+ } else {
+ obj.SetKind("ReportChangeRequest")
+ }
+
+ obj.SetLabels(map[string]string{
+ "namespace": resource.GetNamespace(),
+ "policy": info.PolicyName,
+ "resource": resource.GetKind() + "-" + resource.GetNamespace() + "-" + resource.GetName(),
+ })
+
+ if info.FromSync {
+ obj.SetAnnotations(map[string]string{
+ "fromSync": "true",
+ })
+ }
+}
+
+func calculateSummary(results []*report.PolicyReportResult) (summary report.PolicyReportSummary) {
+ for _, res := range results {
+ switch string(res.Status) {
+ case report.StatusPass:
+ summary.Pass++
+ case report.StatusFail:
+ summary.Fail++
+ case report.StatusWarn:
+ summary.Warn++
+ case report.StatusError:
+ summary.Error++
+ case report.StatusSkip:
+ summary.Skip++
+ }
+ }
+ return
+}
+
+func buildPVInfo(er response.EngineResponse) Info {
+ info := Info{
+ PolicyName: er.PolicyResponse.Policy,
+ Resource: er.PatchedResource,
+ Rules: buildViolatedRules(er),
+ }
+ return info
+}
+
+func buildViolatedRules(er response.EngineResponse) []kyverno.ViolatedRule {
+ var violatedRules []kyverno.ViolatedRule
+ for _, rule := range er.PolicyResponse.Rules {
+ if os.Getenv("POLICY-TYPE") != common.PolicyReport {
+ if rule.Success {
+ continue
+ }
+ }
+ vrule := kyverno.ViolatedRule{
+ Name: rule.Name,
+ Type: rule.Type,
+ Message: rule.Message,
+ }
+ vrule.Check = report.StatusFail
+ if rule.Success {
+ vrule.Check = report.StatusPass
+ }
+ violatedRules = append(violatedRules, vrule)
+ }
+ return violatedRules
+}
+
+const categoryLabel string = "policies.kyverno.io/category"
+
+func (builder *requestBuilder) fetchCategory(policy, ns string) string {
+ cpol, err := builder.cpolLister.Get(policy)
+ if err == nil {
+ if ann := cpol.GetAnnotations(); ann != nil {
+ return ann[categoryLabel]
+ }
+ }
+
+ pol, err := builder.polLister.Policies("").Get(policy)
+ if err == nil {
+ if ann := pol.GetAnnotations(); ann != nil {
+ return ann[categoryLabel]
+ }
+ }
+
+ return ""
+}
diff --git a/pkg/policyviolation/common.go b/pkg/policyreport/common.go
old mode 100644
new mode 100755
similarity index 64%
rename from pkg/policyviolation/common.go
rename to pkg/policyreport/common.go
index 6fb203b019..4980a3eaf2
--- a/pkg/policyviolation/common.go
+++ b/pkg/policyreport/common.go
@@ -1,8 +1,7 @@
-package policyviolation
+package policyreport
import (
"fmt"
- "reflect"
"time"
backoff "github.com/cenkalti/backoff"
@@ -15,30 +14,6 @@ import (
"sigs.k8s.io/controller-runtime/pkg/log"
)
-func createOwnerReference(resource *unstructured.Unstructured) (metav1.OwnerReference, bool) {
- controllerFlag := true
- blockOwnerDeletionFlag := true
-
- apiversion := resource.GetAPIVersion()
- kind := resource.GetKind()
- name := resource.GetName()
- uid := resource.GetUID()
-
- if apiversion == "" || kind == "" || name == "" || uid == "" {
- return metav1.OwnerReference{}, false
- }
-
- ownerRef := metav1.OwnerReference{
- APIVersion: resource.GetAPIVersion(),
- Kind: resource.GetKind(),
- Name: resource.GetName(),
- UID: resource.GetUID(),
- Controller: &controllerFlag,
- BlockOwnerDeletion: &blockOwnerDeletionFlag,
- }
- return ownerRef, true
-}
-
func retryGetResource(client *client.Client, rspec kyverno.ResourceSpec) (*unstructured.Unstructured, error) {
var i int
var obj *unstructured.Unstructured
@@ -106,25 +81,3 @@ func (vc violationCount) UpdateStatus(status kyverno.PolicyStatus) kyverno.Polic
return status
}
-
-// hasViolationSpecChanged returns true if oldSpec & newSpec
-// are identical, exclude message in violated rules
-func hasViolationSpecChanged(new, old *kyverno.PolicyViolationSpec) bool {
- if new.Policy != old.Policy {
- return true
- }
-
- if new.ResourceSpec.ToKey() != old.ResourceSpec.ToKey() {
- return true
- }
-
- for i := range new.ViolatedRules {
- new.ViolatedRules[i].Message = ""
- }
-
- for i := range old.ViolatedRules {
- old.ViolatedRules[i].Message = ""
- }
-
- return !reflect.DeepEqual(*new, *old)
-}
diff --git a/pkg/policyreport/policyreport.go b/pkg/policyreport/policyreport.go
new file mode 100644
index 0000000000..39cce580bc
--- /dev/null
+++ b/pkg/policyreport/policyreport.go
@@ -0,0 +1,184 @@
+package policyreport
+
+import (
+ "fmt"
+ "reflect"
+ "strings"
+
+ "github.com/cornelk/hashmap"
+ changerequest "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+type deletedResource struct {
+ kind, ns, name string
+}
+
+func getDeletedResources(aggregatedRequests interface{}) (resources []deletedResource) {
+ if requests, ok := aggregatedRequests.([]*changerequest.ClusterReportChangeRequest); ok {
+ for _, request := range requests {
+ labels := request.GetLabels()
+ dr := deletedResource{
+ kind: labels[deletedLabelResourceKind],
+ name: labels[deletedLabelResource],
+ ns: labels["namespace"],
+ }
+
+ resources = append(resources, dr)
+ }
+ } else if requests, ok := aggregatedRequests.([]*changerequest.ReportChangeRequest); ok {
+ for _, request := range requests {
+ labels := request.GetLabels()
+ dr := deletedResource{
+ kind: labels[deletedLabelResourceKind],
+ name: labels[deletedLabelResource],
+ ns: labels["namespace"],
+ }
+ resources = append(resources, dr)
+ }
+ }
+ return
+}
+
+func updateResults(oldReport, newReport map[string]interface{}, aggregatedRequests interface{}) (map[string]interface{}, error) {
+ deleteResources := getDeletedResources(aggregatedRequests)
+ oldResults := hashResults(oldReport, deleteResources)
+
+ if newresults, ok := newReport["results"].([]interface{}); ok {
+ for _, res := range newresults {
+ resMap, ok := res.(map[string]interface{})
+ if !ok {
+ continue
+ }
+ if key, ok := generateHashKey(resMap, deletedResource{}); ok {
+ oldResults.Set(key, res)
+ }
+ }
+ }
+
+ results := getResultsFromHash(oldResults)
+ if err := unstructured.SetNestedSlice(newReport, results, "results"); err != nil {
+ return nil, err
+ }
+
+ summary := updateSummary(results)
+ if err := unstructured.SetNestedMap(newReport, summary, "summary"); err != nil {
+ return nil, err
+ }
+ return newReport, nil
+}
+
+func hashResults(policyReport map[string]interface{}, deleteResources []deletedResource) *hashmap.HashMap {
+ resultsHash := &hashmap.HashMap{}
+
+ results, ok := policyReport["results"]
+ if !ok {
+ return resultsHash
+ }
+
+ for _, result := range results.([]interface{}) {
+ if len(deleteResources) != 0 {
+ for _, dr := range deleteResources {
+ if key, ok := generateHashKey(result.(map[string]interface{}), dr); ok {
+ resultsHash.Set(key, result)
+ }
+ }
+ } else {
+ if key, ok := generateHashKey(result.(map[string]interface{}), deletedResource{}); ok {
+ resultsHash.Set(key, result)
+ }
+ }
+ }
+ return resultsHash
+}
+
+func getResultsFromHash(resHash *hashmap.HashMap) []interface{} {
+ results := make([]interface{}, 0)
+
+ for result := range resHash.Iter() {
+ if reflect.DeepEqual(result, hashmap.KeyValue{}) {
+ continue
+ }
+
+ results = append(results, result.Value.(map[string]interface{}))
+
+ }
+ return results
+}
+
+func generateHashKey(result map[string]interface{}, dr deletedResource) (string, bool) {
+ resources := result["resources"].([]interface{})
+ if len(resources) < 1 {
+ return "", false
+ }
+
+ resource := resources[0].(map[string]interface{})
+ if !reflect.DeepEqual(dr, deletedResource{}) {
+ if resource["kind"] == dr.kind && resource["name"] == dr.name && resource["namespace"] == dr.ns {
+ return "", false
+ }
+ }
+
+ return fmt.Sprintf(
+ "%s-%s-%s-%s-%s",
+ result["policy"],
+ result["rule"],
+ resource["name"],
+ resource["namespace"],
+ resource["name"]), true
+}
+
+func updateSummary(results []interface{}) map[string]interface{} {
+ summary := make(map[string]interface{}, 5)
+
+ for _, result := range results {
+ typedResult, ok := result.(map[string]interface{})
+ if !ok {
+ continue
+ }
+
+ switch typedResult["status"].(string) {
+ case report.StatusPass:
+ pass, _ := summary[report.StatusPass].(int64)
+ summary[report.StatusPass] = pass + 1
+ case report.StatusFail:
+ fail, _ := summary[report.StatusFail].(int64)
+ summary[report.StatusFail] = fail + 1
+ case report.StatusWarn:
+ warn, _ := summary[report.StatusWarn].(int64)
+ summary[report.StatusWarn] = warn + 1
+ case report.StatusError:
+ e, _ := summary[report.StatusError].(int64)
+ summary[report.StatusError] = e + 1
+ case report.StatusSkip:
+ skip, _ := summary[report.StatusSkip].(int64)
+ summary[report.StatusSkip] = skip + 1
+ }
+ }
+
+ status := []string{report.StatusPass, report.StatusFail, report.StatusError, report.StatusSkip, report.StatusWarn}
+ for i := 0; i < 5; i++ {
+ if _, ok := summary[status[i]].(int64); !ok {
+ summary[status[i]] = int64(0)
+ }
+ }
+ return summary
+}
+
+func isDeletedPolicyKey(key string) (policyName, ruleName string, isDelete bool) {
+ policy := strings.Split(key, "/")
+
+ if policy[0] == deletedPolicyKey {
+ // deletedPolicyKey/policyName/ruleName
+ if len(policy) == 3 {
+ return policy[1], policy[2], true
+ }
+ // deletedPolicyKey/policyName
+ if len(policy) == 2 {
+ return policy[1], "", true
+ }
+ }
+
+ return "", "", false
+}
diff --git a/pkg/policyreport/reportcontroller.go b/pkg/policyreport/reportcontroller.go
new file mode 100644
index 0000000000..af5048c5e8
--- /dev/null
+++ b/pkg/policyreport/reportcontroller.go
@@ -0,0 +1,566 @@
+package policyreport
+
+import (
+ "fmt"
+ "reflect"
+ "strings"
+
+ "github.com/go-logr/logr"
+ changerequest "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
+ requestinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
+ policyreportinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/policyreport/v1alpha1"
+ requestlister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha1"
+ policyreport "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha1"
+ "github.com/kyverno/kyverno/pkg/config"
+ "github.com/kyverno/kyverno/pkg/constant"
+ dclient "github.com/kyverno/kyverno/pkg/dclient"
+ v1 "k8s.io/api/core/v1"
+ apierrors "k8s.io/apimachinery/pkg/api/errors"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ labels "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/runtime/schema"
+ utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+ "k8s.io/apimachinery/pkg/util/wait"
+ informers "k8s.io/client-go/informers/core/v1"
+ listerv1 "k8s.io/client-go/listers/core/v1"
+ "k8s.io/client-go/tools/cache"
+ "k8s.io/client-go/util/workqueue"
+)
+
+const (
+ prWorkQueueName = "policy-report-controller"
+ clusterpolicyreport = "clusterpolicyreport"
+)
+
+// ReportGenerator creates policy report
+type ReportGenerator struct {
+ dclient *dclient.Client
+
+ reportLister policyreport.PolicyReportLister
+ reportSynced cache.InformerSynced
+
+ clusterReportLister policyreport.ClusterPolicyReportLister
+ clusterReportSynced cache.InformerSynced
+
+ reportChangeRequestLister requestlister.ReportChangeRequestLister
+ reportReqSynced cache.InformerSynced
+
+ clusterReportChangeRequestLister requestlister.ClusterReportChangeRequestLister
+ clusterReportReqSynced cache.InformerSynced
+
+ nsLister listerv1.NamespaceLister
+ nsListerSynced cache.InformerSynced
+
+ queue workqueue.RateLimitingInterface
+
+ log logr.Logger
+}
+
+// NewReportGenerator returns a new instance of policy report generator
+func NewReportGenerator(
+ dclient *dclient.Client,
+ clusterReportInformer policyreportinformer.ClusterPolicyReportInformer,
+ reportInformer policyreportinformer.PolicyReportInformer,
+ reportReqInformer requestinformer.ReportChangeRequestInformer,
+ clusterReportReqInformer requestinformer.ClusterReportChangeRequestInformer,
+ namespace informers.NamespaceInformer,
+ log logr.Logger) *ReportGenerator {
+
+ gen := &ReportGenerator{
+ dclient: dclient,
+ queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), prWorkQueueName),
+ log: log,
+ }
+
+ reportReqInformer.Informer().AddEventHandler(
+ cache.ResourceEventHandlerFuncs{
+ AddFunc: gen.addReportChangeRequest,
+ UpdateFunc: gen.updateReportChangeRequest,
+ })
+
+ clusterReportReqInformer.Informer().AddEventHandler(
+ cache.ResourceEventHandlerFuncs{
+ AddFunc: gen.addClusterReportChangeRequest,
+ UpdateFunc: gen.updateClusterReportChangeRequest,
+ })
+
+ gen.clusterReportLister = clusterReportInformer.Lister()
+ gen.clusterReportSynced = clusterReportInformer.Informer().HasSynced
+ gen.reportLister = reportInformer.Lister()
+ gen.reportSynced = reportInformer.Informer().HasSynced
+ gen.clusterReportChangeRequestLister = clusterReportReqInformer.Lister()
+ gen.clusterReportReqSynced = clusterReportReqInformer.Informer().HasSynced
+ gen.reportChangeRequestLister = reportReqInformer.Lister()
+ gen.reportReqSynced = reportReqInformer.Informer().HasSynced
+ gen.nsLister = namespace.Lister()
+ gen.nsListerSynced = namespace.Informer().HasSynced
+
+ return gen
+}
+
+const deletedPolicyKey string = "deletedpolicy"
+
+// the key of queue can be
+// - <namespace name> for the resource
+// - "" for cluster wide resource
+// - "deletedpolicy/policyName/ruleName(optional)" for a deleted policy or rule
+func generateCacheKey(changeRequest interface{}) string {
+ if request, ok := changeRequest.(*changerequest.ReportChangeRequest); ok {
+ label := request.GetLabels()
+ policy := label[deletedLabelPolicy]
+ rule := label[deletedLabelRule]
+ if rule != "" || policy != "" {
+ return strings.Join([]string{deletedPolicyKey, policy, rule}, "/")
+ }
+
+ ns := label["namespace"]
+ if ns == "" {
+ ns = "default"
+ }
+ return ns
+ } else if request, ok := changeRequest.(*changerequest.ClusterReportChangeRequest); ok {
+ label := request.GetLabels()
+ policy := label[deletedLabelPolicy]
+ rule := label[deletedLabelRule]
+ if rule != "" || policy != "" {
+ return strings.Join([]string{deletedPolicyKey, policy, rule}, "/")
+ }
+ return ""
+ }
+
+ return ""
+}
+
+func (g *ReportGenerator) addReportChangeRequest(obj interface{}) {
+ key := generateCacheKey(obj)
+ g.queue.Add(key)
+}
+
+func (g *ReportGenerator) updateReportChangeRequest(old interface{}, cur interface{}) {
+ oldReq := old.(*changerequest.ReportChangeRequest)
+ curReq := cur.(*changerequest.ReportChangeRequest)
+ if reflect.DeepEqual(oldReq.Results, curReq.Results) {
+ return
+ }
+
+ key := generateCacheKey(cur)
+ g.queue.Add(key)
+}
+
+func (g *ReportGenerator) addClusterReportChangeRequest(obj interface{}) {
+ key := generateCacheKey(obj)
+ g.queue.Add(key)
+}
+
+func (g *ReportGenerator) updateClusterReportChangeRequest(old interface{}, cur interface{}) {
+ oldReq := old.(*changerequest.ClusterReportChangeRequest)
+ curReq := cur.(*changerequest.ClusterReportChangeRequest)
+
+ if reflect.DeepEqual(oldReq.Results, curReq.Results) {
+ return
+ }
+
+ g.queue.Add("")
+}
+
+// Run starts the workers
+func (g *ReportGenerator) Run(workers int, stopCh <-chan struct{}) {
+ logger := g.log
+ defer utilruntime.HandleCrash()
+ defer g.queue.ShutDown()
+
+ logger.Info("start")
+ defer logger.Info("shutting down")
+
+ if !cache.WaitForCacheSync(stopCh, g.reportReqSynced, g.clusterReportReqSynced, g.reportSynced, g.clusterReportSynced, g.nsListerSynced) {
+ logger.Info("failed to sync informer cache")
+ }
+
+ for i := 0; i < workers; i++ {
+ go wait.Until(g.runWorker, constant.PolicyViolationControllerResync, stopCh)
+ }
+
+ <-stopCh
+}
+
+func (g *ReportGenerator) runWorker() {
+ for g.processNextWorkItem() {
+ }
+}
+
+func (g *ReportGenerator) processNextWorkItem() bool {
+ key, shutdown := g.queue.Get()
+ if shutdown {
+ return false
+ }
+
+ defer g.queue.Done(key)
+ keyStr, ok := key.(string)
+ if !ok {
+ g.queue.Forget(key)
+ g.log.Info("incorrect type; expecting type 'string'", "obj", key)
+ return true
+ }
+
+ err := g.syncHandler(keyStr)
+ g.handleErr(err, key)
+
+ return true
+}
+
+func (g *ReportGenerator) handleErr(err error, key interface{}) {
+ logger := g.log
+ if err == nil {
+ g.queue.Forget(key)
+ return
+ }
+
+ // retires requests if there is error
+ if g.queue.NumRequeues(key) < workQueueRetryLimit {
+ logger.Error(err, "failed to sync policy report", "key", key)
+ // Re-enqueue the key rate limited. Based on the rate limiter on the
+ // queue and the re-enqueue history, the key will be processed later again.
+ g.queue.AddRateLimited(key)
+ return
+ }
+ g.queue.Forget(key)
+ logger.Error(err, "dropping key out of the queue", "key", key)
+}
+
+// syncHandler reconciles clusterPolicyReport if namespace == ""
+// otherwise it updates policyrReport
+func (g *ReportGenerator) syncHandler(key string) error {
+ if policy, rule, ok := isDeletedPolicyKey(key); ok {
+ return g.removePolicyEntryFromReport(policy, rule)
+ }
+
+ namespace := key
+ new, aggregatedRequests, err := g.aggregateReports(namespace)
+ if err != nil {
+ return fmt.Errorf("failed to aggregate reportChangeRequest results %v", err)
+ }
+
+ var old interface{}
+ if old, err = g.createReportIfNotPresent(namespace, new, aggregatedRequests); err != nil || old == nil {
+ return err
+ }
+
+ if err := g.updateReport(old, new, aggregatedRequests); err != nil {
+ return err
+ }
+
+ g.cleanupReportRequets(aggregatedRequests)
+ return nil
+}
+
+// createReportIfNotPresent creates cluster / policyReport if not present
+// return the existing report if exist
+func (g *ReportGenerator) createReportIfNotPresent(namespace string, new *unstructured.Unstructured, aggregatedRequests interface{}) (report interface{}, err error) {
+ log := g.log.WithName("createReportIfNotPresent")
+ if namespace != "" {
+ report, err = g.reportLister.PolicyReports(namespace).Get(generatePolicyReportName((namespace)))
+ if err != nil {
+ if apierrors.IsNotFound(err) && new != nil {
+ if _, err := g.dclient.CreateResource(new.GetAPIVersion(), new.GetKind(), new.GetNamespace(), new, false); err != nil {
+ return nil, fmt.Errorf("failed to create policyReport: %v", err)
+ }
+
+ log.V(2).Info("successfully created policyReport", "namespace", new.GetNamespace(), "name", new.GetName())
+ g.cleanupReportRequets(aggregatedRequests)
+ return nil, nil
+ }
+
+ return nil, fmt.Errorf("unable to get policyReport: %v", err)
+ }
+ } else {
+ report, err = g.clusterReportLister.Get(generatePolicyReportName((namespace)))
+ if err != nil {
+ if apierrors.IsNotFound(err) {
+ if new != nil {
+ if _, err := g.dclient.CreateResource(new.GetAPIVersion(), new.GetKind(), new.GetNamespace(), new, false); err != nil {
+ return nil, fmt.Errorf("failed to create ClusterPolicyReport: %v", err)
+ }
+
+ log.V(2).Info("successfully created ClusterPolicyReport")
+ g.cleanupReportRequets(aggregatedRequests)
+ return nil, nil
+ }
+ return nil, nil
+ }
+ return nil, fmt.Errorf("unable to get ClusterPolicyReport: %v", err)
+ }
+ }
+ return report, nil
+}
+
+func (g *ReportGenerator) removePolicyEntryFromReport(policyName, ruleName string) error {
+ cpolrs, err := g.clusterReportLister.List(labels.Everything())
+ if err != nil {
+ return fmt.Errorf("failed to list clusterPolicyReport %v", err)
+ }
+
+ for _, cpolr := range cpolrs {
+ newRes := []*report.PolicyReportResult{}
+ for _, result := range cpolr.Results {
+ if ruleName != "" && result.Rule == ruleName && result.Policy == policyName {
+ continue
+ } else if ruleName == "" && result.Policy == policyName {
+ continue
+ }
+ newRes = append(newRes, result)
+ }
+ cpolr.Results = newRes
+ cpolr.Summary = calculateSummary(newRes)
+ gv := report.SchemeGroupVersion
+ cpolr.SetGroupVersionKind(schema.GroupVersionKind{Group: gv.Group, Version: gv.Version, Kind: "ClusterPolicyReport"})
+ if _, err := g.dclient.UpdateResource("", "ClusterPolicyReport", "", cpolr, false); err != nil {
+ return fmt.Errorf("failed to update clusterPolicyReport %s %v", cpolr.Name, err)
+ }
+ }
+
+ namespaces, err := g.dclient.ListResource("", "Namespace", "", nil)
+ if err != nil {
+ return fmt.Errorf("unable to list namespace %v", err)
+ }
+
+ policyReports := []*report.PolicyReport{}
+ for _, ns := range namespaces.Items {
+ reports, err := g.reportLister.PolicyReports(ns.GetName()).List(labels.Everything())
+ if err != nil {
+ return fmt.Errorf("unable to list policyReport for namespace %s %v", ns.GetName(), err)
+ }
+ policyReports = append(policyReports, reports...)
+ }
+
+ for _, r := range policyReports {
+ newRes := []*report.PolicyReportResult{}
+ for _, result := range r.Results {
+ if ruleName != "" && result.Rule == ruleName && result.Policy == policyName {
+ continue
+ } else if ruleName == "" && result.Policy == policyName {
+ continue
+ }
+ newRes = append(newRes, result)
+ }
+
+ r.Results = newRes
+ r.Summary = calculateSummary(newRes)
+ gv := report.SchemeGroupVersion
+ gvk := schema.GroupVersionKind{Group: gv.Group, Version: gv.Version, Kind: "PolicyReport"}
+ r.SetGroupVersionKind(gvk)
+ if _, err := g.dclient.UpdateResource("", "PolicyReport", r.GetNamespace(), r, false); err != nil {
+ return fmt.Errorf("failed to update PolicyReport %s %v", r.GetName(), err)
+ }
+ }
+
+ labelset := labels.Set(map[string]string{deletedLabelPolicy: policyName})
+ if ruleName != "" {
+ labelset = labels.Set(map[string]string{
+ deletedLabelPolicy: policyName,
+ deletedLabelRule: ruleName,
+ })
+ }
+ aggregatedRequests, err := g.reportChangeRequestLister.ReportChangeRequests(config.KubePolicyNamespace).List(labels.SelectorFromSet(labelset))
+ if err != nil {
+ return err
+ }
+
+ g.cleanupReportRequets(aggregatedRequests)
+ return nil
+}
+
+func (g *ReportGenerator) aggregateReports(namespace string) (
+ report *unstructured.Unstructured, aggregatedRequests interface{}, err error) {
+
+ if namespace == "" {
+ requests, err := g.clusterReportLister.List(labels.Everything())
+ if err != nil {
+ return nil, nil, fmt.Errorf("unable to list ClusterReportChangeRequests within: %v", err)
+ }
+
+ if report, aggregatedRequests, err = mergeRequests(nil, requests); err != nil {
+ return nil, nil, fmt.Errorf("unable to merge ClusterReportChangeRequests results: %v", err)
+ }
+ } else {
+ ns, err := g.nsLister.Get(namespace)
+ if err != nil {
+ return nil, nil, fmt.Errorf("unable to get namespace %s: %v", ns.GetName(), err)
+ }
+
+ selector := labels.SelectorFromSet(labels.Set(map[string]string{"namespace": namespace}))
+ requests, err := g.reportChangeRequestLister.ReportChangeRequests(config.KubePolicyNamespace).List(selector)
+ if err != nil {
+ return nil, nil, fmt.Errorf("unable to list reportChangeRequests within namespace %s: %v", ns, err)
+ }
+
+ if report, aggregatedRequests, err = mergeRequests(ns, requests); err != nil {
+ return nil, nil, fmt.Errorf("unable to merge results: %v", err)
+ }
+ }
+
+ return report, aggregatedRequests, nil
+}
+
+func mergeRequests(ns *v1.Namespace, requestsGeneral interface{}) (*unstructured.Unstructured, interface{}, error) {
+ results := []*report.PolicyReportResult{}
+
+ if requests, ok := requestsGeneral.([]*changerequest.ClusterReportChangeRequest); ok {
+ aggregatedRequests := []*changerequest.ClusterReportChangeRequest{}
+ for _, request := range requests {
+ if request.GetDeletionTimestamp() != nil {
+ continue
+ }
+ if len(request.Results) != 0 {
+ results = append(results, request.Results...)
+ }
+ aggregatedRequests = append(aggregatedRequests, request)
+ }
+
+ report := &report.ClusterPolicyReport{
+ Results: results,
+ Summary: calculateSummary(results),
+ }
+
+ obj, err := runtime.DefaultUnstructuredConverter.ToUnstructured(report)
+ if err != nil {
+ return nil, aggregatedRequests, err
+ }
+
+ req := &unstructured.Unstructured{Object: obj}
+ setReport(req, nil)
+ return req, aggregatedRequests, nil
+ }
+
+ if requests, ok := requestsGeneral.([]*changerequest.ReportChangeRequest); ok {
+ aggregatedRequests := []*changerequest.ReportChangeRequest{}
+ for _, request := range requests {
+ if request.GetDeletionTimestamp() != nil {
+ continue
+ }
+ if len(request.Results) != 0 {
+ results = append(results, request.Results...)
+ }
+ aggregatedRequests = append(aggregatedRequests, request)
+ }
+
+ report := &report.PolicyReport{
+ Results: results,
+ Summary: calculateSummary(results),
+ }
+
+ obj, err := runtime.DefaultUnstructuredConverter.ToUnstructured(report)
+ if err != nil {
+ return nil, aggregatedRequests, err
+ }
+
+ req := &unstructured.Unstructured{Object: obj}
+ setReport(req, ns)
+ return req, aggregatedRequests, nil
+ }
+
+ return nil, nil, nil
+}
+
+func setReport(report *unstructured.Unstructured, ns *v1.Namespace) {
+ report.SetAPIVersion("policy.k8s.io/v1alpha1")
+
+ if ns == nil {
+ report.SetName(generatePolicyReportName(""))
+ report.SetKind("ClusterPolicyReport")
+ return
+ }
+
+ report.SetName(generatePolicyReportName(ns.GetName()))
+ report.SetNamespace(ns.GetName())
+ report.SetKind("PolicyReport")
+
+ controllerFlag := true
+ blockOwnerDeletionFlag := true
+
+ report.SetOwnerReferences([]metav1.OwnerReference{
+ {
+ APIVersion: "v1",
+ Kind: "Namespace",
+ Name: ns.GetName(),
+ UID: ns.GetUID(),
+ Controller: &controllerFlag,
+ BlockOwnerDeletion: &blockOwnerDeletionFlag,
+ },
+ })
+}
+
+func (g *ReportGenerator) updateReport(old interface{}, new *unstructured.Unstructured, aggregatedRequests interface{}) (err error) {
+ if new == nil {
+ g.log.V(4).Info("empty report to update")
+ return nil
+ }
+
+ oldUnstructed := make(map[string]interface{})
+
+ if oldTyped, ok := old.(*report.ClusterPolicyReport); ok {
+ if oldTyped.GetDeletionTimestamp() != nil {
+ return g.dclient.DeleteResource(oldTyped.APIVersion, "ClusterPolicyReport", oldTyped.Namespace, oldTyped.Name, false)
+ }
+
+ if oldUnstructed, err = runtime.DefaultUnstructuredConverter.ToUnstructured(oldTyped); err != nil {
+ return fmt.Errorf("unable to convert clusterPolicyReport: %v", err)
+ }
+ new.SetUID(oldTyped.GetUID())
+ new.SetResourceVersion(oldTyped.GetResourceVersion())
+ } else if oldTyped, ok := old.(*report.PolicyReport); ok {
+ if oldTyped.GetDeletionTimestamp() != nil {
+ return g.dclient.DeleteResource(oldTyped.APIVersion, "PolicyReport", oldTyped.Namespace, oldTyped.Name, false)
+ }
+
+ if oldUnstructed, err = runtime.DefaultUnstructuredConverter.ToUnstructured(oldTyped); err != nil {
+ return fmt.Errorf("unable to convert policyReport: %v", err)
+ }
+
+ new.SetUID(oldTyped.GetUID())
+ new.SetResourceVersion(oldTyped.GetResourceVersion())
+ }
+
+ obj, err := updateResults(oldUnstructed, new.UnstructuredContent(), aggregatedRequests)
+ if err != nil {
+ return fmt.Errorf("failed to update results entry: %v", err)
+ }
+ new.Object = obj
+
+ if !hasResultsChanged(oldUnstructed, new.UnstructuredContent()) {
+ g.log.V(4).Info("unchanged policy report", "namespace", new.GetNamespace(), "name", new.GetName())
+ return nil
+ }
+
+ if _, err = g.dclient.UpdateResource(new.GetAPIVersion(), new.GetKind(), new.GetNamespace(), new, false); err != nil {
+ return fmt.Errorf("failed to update policy report: %v", err)
+ }
+
+ g.log.V(3).Info("successfully updated policy report", "kind", new.GetKind(), "namespace", new.GetNamespace(), "name", new.GetName())
+ return
+}
+
+func (g *ReportGenerator) cleanupReportRequets(requestsGeneral interface{}) {
+ defer g.log.V(5).Info("successfully cleaned up report requests")
+ if requests, ok := requestsGeneral.([]*changerequest.ReportChangeRequest); ok {
+ for _, request := range requests {
+ if err := g.dclient.DeleteResource(request.APIVersion, "ReportChangeRequest", config.KubePolicyNamespace, request.Name, false); err != nil {
+ if !apierrors.IsNotFound(err) {
+ g.log.Error(err, "failed to delete report request")
+ }
+ }
+ }
+ }
+
+ if requests, ok := requestsGeneral.([]*changerequest.ClusterReportChangeRequest); ok {
+ for _, request := range requests {
+ if err := g.dclient.DeleteResource(request.APIVersion, "ClusterReportChangeRequest", "", request.Name, false); err != nil {
+ if !apierrors.IsNotFound(err) {
+ g.log.Error(err, "failed to delete clusterReportChangeRequest")
+ }
+ }
+ }
+ }
+}
diff --git a/pkg/policyreport/reportrequest.go b/pkg/policyreport/reportrequest.go
new file mode 100755
index 0000000000..1651215bae
--- /dev/null
+++ b/pkg/policyreport/reportrequest.go
@@ -0,0 +1,357 @@
+package policyreport
+
+import (
+ "fmt"
+ "reflect"
+ "strconv"
+ "strings"
+ "sync"
+
+ "github.com/go-logr/logr"
+ kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
+ changerequest "github.com/kyverno/kyverno/pkg/api/kyverno/v1alpha1"
+ policyreportclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
+ requestinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
+ kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
+ requestlister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1alpha1"
+ "github.com/kyverno/kyverno/pkg/config"
+ "github.com/kyverno/kyverno/pkg/constant"
+ client "github.com/kyverno/kyverno/pkg/dclient"
+ dclient "github.com/kyverno/kyverno/pkg/dclient"
+ "github.com/kyverno/kyverno/pkg/policystatus"
+ apierrors "k8s.io/apimachinery/pkg/api/errors"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ unstructured "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ "k8s.io/apimachinery/pkg/runtime"
+ utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+ "k8s.io/apimachinery/pkg/util/wait"
+ "k8s.io/client-go/tools/cache"
+ "k8s.io/client-go/util/workqueue"
+)
+
+const workQueueName = "report-request-controller"
+const workQueueRetryLimit = 3
+
+// Generator creates report request
+type Generator struct {
+ dclient *dclient.Client
+
+ reportChangeRequestLister requestlister.ReportChangeRequestLister
+
+ clusterReportChangeRequestLister requestlister.ClusterReportChangeRequestLister
+
+ // cpolLister can list/get policy from the shared informer's store
+ cpolLister kyvernolister.ClusterPolicyLister
+
+ // polLister can list/get namespace policy from the shared informer's store
+ polLister kyvernolister.PolicyLister
+
+ // returns true if the cluster report request store has been synced at least once
+ reportReqSynced cache.InformerSynced
+
+ // returns true if the namespaced report request store has been synced at at least once
+ clusterReportReqSynced cache.InformerSynced
+
+ // cpolListerSynced returns true if the cluster policy store has been synced at least once
+ cpolListerSynced cache.InformerSynced
+
+ // polListerSynced returns true if the namespace policy store has been synced at least once
+ polListerSynced cache.InformerSynced
+
+ queue workqueue.RateLimitingInterface
+ dataStore *dataStore
+
+ // update policy status with violationCount
+ policyStatusListener policystatus.Listener
+
+ log logr.Logger
+}
+
+// NewReportChangeRequestGenerator returns a new instance of report request generator
+func NewReportChangeRequestGenerator(client *policyreportclient.Clientset,
+ dclient *dclient.Client,
+ reportReqInformer requestinformer.ReportChangeRequestInformer,
+ clusterReportReqInformer requestinformer.ClusterReportChangeRequestInformer,
+ cpolInformer kyvernoinformer.ClusterPolicyInformer,
+ polInformer kyvernoinformer.PolicyInformer,
+ policyStatus policystatus.Listener,
+ log logr.Logger) *Generator {
+ gen := Generator{
+ dclient: dclient,
+ clusterReportChangeRequestLister: clusterReportReqInformer.Lister(),
+ clusterReportReqSynced: clusterReportReqInformer.Informer().HasSynced,
+ reportChangeRequestLister: reportReqInformer.Lister(),
+ reportReqSynced: reportReqInformer.Informer().HasSynced,
+ cpolLister: cpolInformer.Lister(),
+ cpolListerSynced: cpolInformer.Informer().HasSynced,
+ polLister: polInformer.Lister(),
+ polListerSynced: polInformer.Informer().HasSynced,
+ queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), workQueueName),
+ dataStore: newDataStore(),
+ policyStatusListener: policyStatus,
+ log: log,
+ }
+
+ return &gen
+}
+
+// NewDataStore returns an instance of data store
+func newDataStore() *dataStore {
+ ds := dataStore{
+ data: make(map[string]Info),
+ }
+ return &ds
+}
+
+type dataStore struct {
+ data map[string]Info
+ mu sync.RWMutex
+}
+
+func (ds *dataStore) add(keyHash string, info Info) {
+ ds.mu.Lock()
+ defer ds.mu.Unlock()
+ // queue the key hash
+ ds.data[keyHash] = info
+}
+
+func (ds *dataStore) lookup(keyHash string) Info {
+ ds.mu.RLock()
+ defer ds.mu.RUnlock()
+ return ds.data[keyHash]
+}
+
+func (ds *dataStore) delete(keyHash string) {
+ ds.mu.Lock()
+ defer ds.mu.Unlock()
+ delete(ds.data, keyHash)
+}
+
+//Info is a request to create PV
+type Info struct {
+ PolicyName string
+ Resource unstructured.Unstructured
+ Rules []kyverno.ViolatedRule
+ FromSync bool
+}
+
+func (i Info) toKey() string {
+ keys := []string{
+ i.PolicyName,
+ i.Resource.GetKind(),
+ i.Resource.GetNamespace(),
+ i.Resource.GetName(),
+ strconv.Itoa(len(i.Rules)),
+ }
+ return strings.Join(keys, "/")
+}
+
+// GeneratorInterface provides API to create PVs
+type GeneratorInterface interface {
+ Add(infos ...Info)
+}
+
+func (gen *Generator) enqueue(info Info) {
+ keyHash := info.toKey()
+ gen.dataStore.add(keyHash, info)
+ gen.queue.Add(keyHash)
+}
+
+// Add queues a policy violation create request
+func (gen *Generator) Add(infos ...Info) {
+ for _, info := range infos {
+ gen.enqueue(info)
+ }
+}
+
+// Run starts the workers
+func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
+ logger := gen.log
+ defer utilruntime.HandleCrash()
+ logger.Info("start")
+ defer logger.Info("shutting down")
+
+ if !cache.WaitForCacheSync(stopCh, gen.reportReqSynced, gen.clusterReportReqSynced, gen.cpolListerSynced, gen.polListerSynced) {
+ logger.Info("failed to sync informer cache")
+ }
+
+ for i := 0; i < workers; i++ {
+ go wait.Until(gen.runWorker, constant.PolicyViolationControllerResync, stopCh)
+ }
+
+ <-stopCh
+}
+
+func (gen *Generator) runWorker() {
+ for gen.processNextWorkItem() {
+ }
+}
+
+func (gen *Generator) handleErr(err error, key interface{}) {
+ logger := gen.log
+ if err == nil {
+ gen.queue.Forget(key)
+ return
+ }
+
+ // retires requests if there is error
+ if gen.queue.NumRequeues(key) < workQueueRetryLimit {
+ logger.Error(err, "failed to sync report request", "key", key)
+ // Re-enqueue the key rate limited. Based on the rate limiter on the
+ // queue and the re-enqueue history, the key will be processed later again.
+ gen.queue.AddRateLimited(key)
+ return
+ }
+ gen.queue.Forget(key)
+ // remove from data store
+ if keyHash, ok := key.(string); ok {
+ gen.dataStore.delete(keyHash)
+ }
+ logger.Error(err, "dropping key out of the queue", "key", key)
+}
+
+func (gen *Generator) processNextWorkItem() bool {
+ logger := gen.log
+ obj, shutdown := gen.queue.Get()
+ if shutdown {
+ return false
+ }
+
+ err := func(obj interface{}) error {
+ defer gen.queue.Done(obj)
+ var keyHash string
+ var ok bool
+
+ if keyHash, ok = obj.(string); !ok {
+ gen.queue.Forget(obj)
+ logger.Info("incorrect type; expecting type 'string'", "obj", obj)
+ return nil
+ }
+
+ // lookup data store
+ info := gen.dataStore.lookup(keyHash)
+ if reflect.DeepEqual(info, Info{}) {
+ gen.queue.Forget(obj)
+ logger.V(3).Info("empty key")
+ return nil
+ }
+
+ err := gen.syncHandler(info)
+ gen.handleErr(err, obj)
+ return nil
+ }(obj)
+
+ if err != nil {
+ logger.Error(err, "failed to process item")
+ }
+
+ return true
+}
+
+func (gen *Generator) syncHandler(info Info) error {
+ gen.log.V(3).Info("generating report change request")
+ builder := NewBuilder(gen.cpolLister, gen.polLister)
+ reportChangeRequestUnstructured, err := builder.build(info)
+ if err != nil {
+ return fmt.Errorf("unable to build reportChangeRequest: %v", err)
+ }
+
+ if reportChangeRequestUnstructured == nil {
+ return nil
+ }
+
+ return gen.sync(reportChangeRequestUnstructured, info)
+}
+
+func (gen *Generator) sync(reportReq *unstructured.Unstructured, info Info) error {
+ defer func() {
+ if val := reportReq.GetAnnotations()["fromSync"]; val == "true" {
+ gen.policyStatusListener.Send(violationCount{
+ policyName: info.PolicyName,
+ violatedRules: info.Rules,
+ })
+ }
+ }()
+
+ logger := gen.log.WithName("sync")
+ reportReq.SetCreationTimestamp(v1.Now())
+ if reportReq.GetNamespace() == "" {
+ old, err := gen.clusterReportChangeRequestLister.Get(reportReq.GetName())
+ if err != nil {
+ if apierrors.IsNotFound(err) {
+ if _, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), "", reportReq, false); err != nil {
+ return fmt.Errorf("failed to create clusterReportChangeRequest: %v", err)
+ }
+
+ logger.V(3).Info("successfully created clusterReportChangeRequest", "name", reportReq.GetName())
+ return nil
+ }
+ return fmt.Errorf("unable to get %s: %v", reportReq.GetKind(), err)
+ }
+
+ return updateReportChangeRequest(gen.dclient, old, reportReq, logger)
+ }
+
+ old, err := gen.reportChangeRequestLister.ReportChangeRequests(config.KubePolicyNamespace).Get(reportReq.GetName())
+ if err != nil {
+ if apierrors.IsNotFound(err) {
+ if _, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), config.KubePolicyNamespace, reportReq, false); err != nil {
+ return fmt.Errorf("failed to create ReportChangeRequest: %v", err)
+ }
+
+ logger.V(3).Info("successfully created reportChangeRequest", "name", reportReq.GetName())
+ return nil
+ }
+ return fmt.Errorf("unable to get existing reportChangeRequest %v", err)
+ }
+
+ return updateReportChangeRequest(gen.dclient, old, reportReq, logger)
+}
+
+func updateReportChangeRequest(dClient *client.Client, old interface{}, new *unstructured.Unstructured, log logr.Logger) (err error) {
+ oldUnstructed := make(map[string]interface{})
+ if oldTyped, ok := old.(*changerequest.ReportChangeRequest); ok {
+ if oldUnstructed, err = runtime.DefaultUnstructuredConverter.ToUnstructured(oldTyped); err != nil {
+ return fmt.Errorf("unable to convert reportChangeRequest: %v", err)
+ }
+ new.SetResourceVersion(oldTyped.GetResourceVersion())
+ new.SetUID(oldTyped.GetUID())
+ } else {
+ oldTyped := old.(*changerequest.ClusterReportChangeRequest)
+ if oldUnstructed, err = runtime.DefaultUnstructuredConverter.ToUnstructured(oldTyped); err != nil {
+ return fmt.Errorf("unable to convert clusterReportChangeRequest: %v", err)
+ }
+ new.SetUID(oldTyped.GetUID())
+ new.SetResourceVersion(oldTyped.GetResourceVersion())
+ }
+
+ if !hasResultsChanged(oldUnstructed, new.UnstructuredContent()) {
+ log.V(4).Info("unchanged report request", "name", new.GetName())
+ return nil
+ }
+ // TODO(shuting): set annotation / label
+ if _, err = dClient.UpdateResource(new.GetAPIVersion(), new.GetKind(), config.KubePolicyNamespace, new, false); err != nil {
+ return fmt.Errorf("failed to update report request: %v", err)
+ }
+
+ log.V(4).Info("successfully updated report request", "kind", new.GetKind(), "name", new.GetName())
+ return
+}
+
+func hasResultsChanged(old, new map[string]interface{}) bool {
+ var oldRes, newRes []interface{}
+ if val, ok := old["results"]; ok {
+ oldRes = val.([]interface{})
+ }
+
+ if val, ok := new["results"]; ok {
+ newRes = val.([]interface{})
+ }
+
+ if len(oldRes) != len(newRes) {
+ return true
+ }
+
+ return !reflect.DeepEqual(oldRes, newRes)
+}
diff --git a/pkg/policystatus/main.go b/pkg/policystatus/main.go
index 71a8975b38..f0f224e83a 100644
--- a/pkg/policystatus/main.go
+++ b/pkg/policystatus/main.go
@@ -1,6 +1,7 @@
package policystatus
import (
+ "context"
"encoding/json"
"fmt"
"strings"
@@ -10,6 +11,7 @@ import (
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/wait"
log "sigs.k8s.io/controller-runtime/pkg/log"
)
@@ -145,7 +147,7 @@ func (s *Sync) updatePolicyStatus() {
}
policy.Status = status
- _, err = s.client.KyvernoV1().ClusterPolicies().UpdateStatus(policy)
+ _, err = s.client.KyvernoV1().ClusterPolicies().UpdateStatus(context.TODO(), policy, metav1.UpdateOptions{})
if err != nil {
s.cache.dataMu.Lock()
delete(s.cache.data, policyName)
@@ -161,7 +163,7 @@ func (s *Sync) updatePolicyStatus() {
continue
}
policy.Status = status
- _, err = s.client.KyvernoV1().Policies(namespace).UpdateStatus(policy)
+ _, err = s.client.KyvernoV1().Policies(namespace).UpdateStatus(context.TODO(), policy, metav1.UpdateOptions{})
if err != nil {
s.cache.dataMu.Lock()
delete(s.cache.data, key)
diff --git a/pkg/policyviolation/builder.go b/pkg/policyviolation/builder.go
deleted file mode 100644
index c2b4e6ce05..0000000000
--- a/pkg/policyviolation/builder.go
+++ /dev/null
@@ -1,95 +0,0 @@
-package policyviolation
-
-import (
- "fmt"
-
- "github.com/go-logr/logr"
- kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- "github.com/kyverno/kyverno/pkg/engine/response"
-)
-
-//GeneratePVsFromEngineResponse generate Violations from engine responses
-func GeneratePVsFromEngineResponse(ers []response.EngineResponse, log logr.Logger) (pvInfos []Info) {
- for _, er := range ers {
- // ignore creation of PV for resources that are yet to be assigned a name
- if er.PolicyResponse.Resource.Name == "" {
- log.V(4).Info("resource does no have a name assigned yet, not creating a policy violation", "resource", er.PolicyResponse.Resource)
- continue
- }
- // skip when response succeed
- if er.IsSuccessful() {
- continue
- }
- // build policy violation info
- pvInfos = append(pvInfos, buildPVInfo(er))
- }
-
- return pvInfos
-}
-
-// Builder builds Policy Violation struct
-// this is base type of namespaced and cluster policy violation
-type Builder interface {
- generate(info Info) kyverno.PolicyViolationTemplate
- build(policy, kind, namespace, name string, rules []kyverno.ViolatedRule) *kyverno.PolicyViolationTemplate
-}
-
-type pvBuilder struct{}
-
-func newPvBuilder() *pvBuilder {
- return &pvBuilder{}
-}
-
-func (pvb *pvBuilder) generate(info Info) kyverno.PolicyViolationTemplate {
- pv := pvb.build(info.PolicyName, info.Resource.GetKind(), info.Resource.GetNamespace(), info.Resource.GetName(), info.Rules)
- return *pv
-}
-
-func (pvb *pvBuilder) build(policy, kind, namespace, name string, rules []kyverno.ViolatedRule) *kyverno.PolicyViolationTemplate {
- pv := &kyverno.PolicyViolationTemplate{
- Spec: kyverno.PolicyViolationSpec{
- Policy: policy,
- ResourceSpec: kyverno.ResourceSpec{
- Kind: kind,
- Name: name,
- Namespace: namespace,
- },
- ViolatedRules: rules,
- },
- }
- labelMap := map[string]string{
- "policy": pv.Spec.Policy,
- "resource": pv.Spec.ToKey(),
- }
- pv.SetLabels(labelMap)
- if namespace != "" {
- pv.SetNamespace(namespace)
- }
- pv.SetGenerateName(fmt.Sprintf("%s-", policy))
- return pv
-}
-
-func buildPVInfo(er response.EngineResponse) Info {
- info := Info{
- PolicyName: er.PolicyResponse.Policy,
- Resource: er.PatchedResource,
- Rules: buildViolatedRules(er),
- }
- return info
-}
-
-func buildViolatedRules(er response.EngineResponse) []kyverno.ViolatedRule {
- var violatedRules []kyverno.ViolatedRule
- for _, rule := range er.PolicyResponse.Rules {
- if rule.Success {
- continue
- }
- vrule := kyverno.ViolatedRule{
- Name: rule.Name,
- Type: rule.Type,
- Message: rule.Message,
- }
- violatedRules = append(violatedRules, vrule)
- }
- return violatedRules
-}
diff --git a/pkg/policyviolation/builder_test.go b/pkg/policyviolation/builder_test.go
deleted file mode 100644
index 4a7bc056ad..0000000000
--- a/pkg/policyviolation/builder_test.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package policyviolation
-
-import (
- "testing"
-
- "github.com/kyverno/kyverno/pkg/engine/response"
- "gotest.tools/assert"
- "sigs.k8s.io/controller-runtime/pkg/log"
-)
-
-func Test_GeneratePVsFromEngineResponse_PathNotExist(t *testing.T) {
- ers := []response.EngineResponse{
- {
- PolicyResponse: response.PolicyResponse{
- Policy: "test-substitute-variable",
- Resource: response.ResourceSpec{
- Kind: "Pod",
- Name: "test",
- Namespace: "test",
- },
- Rules: []response.RuleResponse{
- {
- Name: "test-path-not-exist",
- Type: "Mutation",
- Message: "referenced paths are not present: request.object.metadata.name1",
- Success: false,
- },
- {
- Name: "test-path-exist",
- Type: "Mutation",
- Success: true,
- },
- },
- },
- },
- {
- PolicyResponse: response.PolicyResponse{
- Policy: "test-substitute-variable2",
- Resource: response.ResourceSpec{
- Kind: "Pod",
- Name: "test",
- Namespace: "test",
- },
- Rules: []response.RuleResponse{
- {
- Name: "test-path-not-exist-across-policy",
- Type: "Mutation",
- Message: "referenced paths are not present: request.object.metadata.name1",
- Success: true,
- },
- },
- },
- },
- }
-
- pvInfos := GeneratePVsFromEngineResponse(ers, log.Log)
- assert.Assert(t, len(pvInfos) == 1)
-}
diff --git a/pkg/policyviolation/clusterpv.go b/pkg/policyviolation/clusterpv.go
deleted file mode 100644
index 984842c906..0000000000
--- a/pkg/policyviolation/clusterpv.go
+++ /dev/null
@@ -1,147 +0,0 @@
-package policyviolation
-
-import (
- "fmt"
-
- "github.com/go-logr/logr"
- kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- kyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
- kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
- client "github.com/kyverno/kyverno/pkg/dclient"
- "github.com/kyverno/kyverno/pkg/policystatus"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-//ClusterPV ...
-type clusterPV struct {
- // dynamic client
- dclient *client.Client
- // get/list cluster policy violation
- cpvLister kyvernolister.ClusterPolicyViolationLister
- // policy violation interface
- kyvernoInterface kyvernov1.KyvernoV1Interface
- // logger
- log logr.Logger
- // update policy stats with violationCount
- policyStatusListener policystatus.Listener
-}
-
-func newClusterPV(log logr.Logger, dclient *client.Client,
- cpvLister kyvernolister.ClusterPolicyViolationLister,
- kyvernoInterface kyvernov1.KyvernoV1Interface,
- policyStatus policystatus.Listener,
-) *clusterPV {
- cpv := clusterPV{
- dclient: dclient,
- cpvLister: cpvLister,
- kyvernoInterface: kyvernoInterface,
- log: log,
- policyStatusListener: policyStatus,
- }
- return &cpv
-}
-
-func (cpv *clusterPV) create(pv kyverno.PolicyViolationTemplate) error {
- newPv := kyverno.ClusterPolicyViolation(pv)
- // PV already exists
- oldPv, err := cpv.getExisting(newPv)
- if err != nil {
- return err
- }
- if oldPv == nil {
- // create a new policy violation
- return cpv.createPV(&newPv)
- }
- // policy violation exists
- // skip if there is not change, else update the violation
- return cpv.updatePV(&newPv, oldPv)
-}
-
-func (cpv *clusterPV) getExisting(newPv kyverno.ClusterPolicyViolation) (*kyverno.ClusterPolicyViolation, error) {
- logger := cpv.log.WithValues("namespace", newPv.Namespace, "name", newPv.Name)
- var err error
- // use labels
- policyLabelmap := map[string]string{"policy": newPv.Spec.Policy, "resource": newPv.Spec.ResourceSpec.ToKey()}
- ls, err := converLabelToSelector(policyLabelmap)
- if err != nil {
- return nil, err
- }
-
- pvs, err := cpv.cpvLister.List(ls)
- if err != nil {
- logger.Error(err, "failed to list cluster policy violations")
- return nil, err
- }
-
- for _, pv := range pvs {
- // find a policy on same resource and policy combination
- if pv.Spec.Policy == newPv.Spec.Policy &&
- pv.Spec.ResourceSpec.Kind == newPv.Spec.ResourceSpec.Kind &&
- pv.Spec.ResourceSpec.Name == newPv.Spec.ResourceSpec.Name {
- return pv, nil
- }
- }
- return nil, nil
-}
-
-func (cpv *clusterPV) createPV(newPv *kyverno.ClusterPolicyViolation) error {
- var err error
- logger := cpv.log.WithValues("policy", newPv.Spec.Policy, "kind", newPv.Spec.ResourceSpec.Kind, "namespace", newPv.Spec.ResourceSpec.Namespace, "name", newPv.Spec.ResourceSpec.Name)
- logger.V(4).Info("creating new policy violation")
- obj, err := retryGetResource(cpv.dclient, newPv.Spec.ResourceSpec)
- if err != nil {
- return fmt.Errorf("failed to retry getting resource for policy violation %s/%s: %v", newPv.Name, newPv.Spec.Policy, err)
- }
-
- if obj.GetDeletionTimestamp() != nil {
- return nil
- }
-
- // set owner reference to resource
- ownerRef, ok := createOwnerReference(obj)
- if !ok {
- return nil
- }
-
- newPv.SetOwnerReferences([]metav1.OwnerReference{ownerRef})
-
- // create resource
- _, err = cpv.kyvernoInterface.ClusterPolicyViolations().Create(newPv)
- if err != nil {
- logger.Error(err, "failed to create cluster policy violation")
- return err
- }
-
- if newPv.Annotations["fromSync"] != "true" {
- cpv.policyStatusListener.Send(violationCount{policyName: newPv.Spec.Policy, violatedRules: newPv.Spec.ViolatedRules})
- }
-
- logger.Info("cluster policy violation created")
- return nil
-}
-
-func (cpv *clusterPV) updatePV(newPv, oldPv *kyverno.ClusterPolicyViolation) error {
- logger := cpv.log.WithValues("policy", newPv.Spec.Policy, "kind", newPv.Spec.ResourceSpec.Kind, "namespace", newPv.Spec.ResourceSpec.Namespace, "name", newPv.Spec.ResourceSpec.Name)
- var err error
- // check if there is any update
- if !hasViolationSpecChanged(newPv.Spec.DeepCopy(), oldPv.Spec.DeepCopy()) {
- logger.V(4).Info("policy violation spec did not change, not upadating the resource")
- return nil
- }
- // set name
- newPv.SetName(oldPv.Name)
- newPv.SetResourceVersion(oldPv.ResourceVersion)
- newPv.SetOwnerReferences(oldPv.GetOwnerReferences())
-
- // update resource
- _, err = cpv.kyvernoInterface.ClusterPolicyViolations().Update(newPv)
- if err != nil {
- return fmt.Errorf("failed to update cluster policy violation: %v", err)
- }
- logger.Info("cluster policy violation updated")
-
- if newPv.Annotations["fromSync"] != "true" {
- cpv.policyStatusListener.Send(violationCount{policyName: newPv.Spec.Policy, violatedRules: newPv.Spec.ViolatedRules})
- }
- return nil
-}
diff --git a/pkg/policyviolation/generator.go b/pkg/policyviolation/generator.go
deleted file mode 100644
index 0463da52e9..0000000000
--- a/pkg/policyviolation/generator.go
+++ /dev/null
@@ -1,268 +0,0 @@
-package policyviolation
-
-import (
- "errors"
- "reflect"
- "strconv"
- "strings"
- "sync"
-
- "github.com/go-logr/logr"
- kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
- kyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
- kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
- kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
- "github.com/kyverno/kyverno/pkg/constant"
- "github.com/kyverno/kyverno/pkg/policystatus"
-
- dclient "github.com/kyverno/kyverno/pkg/dclient"
- unstructured "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
- utilruntime "k8s.io/apimachinery/pkg/util/runtime"
- "k8s.io/apimachinery/pkg/util/wait"
- "k8s.io/client-go/tools/cache"
- "k8s.io/client-go/util/workqueue"
-)
-
-const workQueueName = "policy-violation-controller"
-const workQueueRetryLimit = 3
-
-//Generator creates PV
-type Generator struct {
- dclient *dclient.Client
- kyvernoInterface kyvernov1.KyvernoV1Interface
- // get/list cluster policy violation
- cpvLister kyvernolister.ClusterPolicyViolationLister
- // get/ist namespaced policy violation
- nspvLister kyvernolister.PolicyViolationLister
- // returns true if the cluster policy store has been synced at least once
- pvSynced cache.InformerSynced
- // returns true if the namespaced cluster policy store has been synced at at least once
- log logr.Logger
- nspvSynced cache.InformerSynced
- queue workqueue.RateLimitingInterface
- dataStore *dataStore
- policyStatusListener policystatus.Listener
-}
-
-//NewDataStore returns an instance of data store
-func newDataStore() *dataStore {
- ds := dataStore{
- data: make(map[string]Info),
- }
- return &ds
-}
-
-type dataStore struct {
- data map[string]Info
- mu sync.RWMutex
-}
-
-func (ds *dataStore) add(keyHash string, info Info) {
- ds.mu.Lock()
- defer ds.mu.Unlock()
- // queue the key hash
- ds.data[keyHash] = info
-}
-
-func (ds *dataStore) lookup(keyHash string) Info {
- ds.mu.RLock()
- defer ds.mu.RUnlock()
- return ds.data[keyHash]
-}
-
-func (ds *dataStore) delete(keyHash string) {
- ds.mu.Lock()
- defer ds.mu.Unlock()
- delete(ds.data, keyHash)
-}
-
-//Info is a request to create PV
-type Info struct {
- PolicyName string
- Resource unstructured.Unstructured
- Rules []kyverno.ViolatedRule
- FromSync bool
-}
-
-func (i Info) toKey() string {
- keys := []string{
- i.PolicyName,
- i.Resource.GetKind(),
- i.Resource.GetNamespace(),
- i.Resource.GetName(),
- strconv.Itoa(len(i.Rules)),
- }
- return strings.Join(keys, "/")
-}
-
-// make the struct hashable
-
-//GeneratorInterface provides API to create PVs
-type GeneratorInterface interface {
- Add(infos ...Info)
-}
-
-// NewPVGenerator returns a new instance of policy violation generator
-func NewPVGenerator(client *kyvernoclient.Clientset,
- dclient *dclient.Client,
- pvInformer kyvernoinformer.ClusterPolicyViolationInformer,
- nspvInformer kyvernoinformer.PolicyViolationInformer,
- policyStatus policystatus.Listener,
- log logr.Logger) *Generator {
- gen := Generator{
- kyvernoInterface: client.KyvernoV1(),
- dclient: dclient,
- cpvLister: pvInformer.Lister(),
- pvSynced: pvInformer.Informer().HasSynced,
- nspvLister: nspvInformer.Lister(),
- nspvSynced: nspvInformer.Informer().HasSynced,
- queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), workQueueName),
- dataStore: newDataStore(),
- log: log,
- policyStatusListener: policyStatus,
- }
- return &gen
-}
-
-func (gen *Generator) enqueue(info Info) {
- // add to data map
- keyHash := info.toKey()
- // add to
- // queue the key hash
- gen.dataStore.add(keyHash, info)
- gen.queue.Add(keyHash)
-}
-
-//Add queues a policy violation create request
-func (gen *Generator) Add(infos ...Info) {
- for _, info := range infos {
- gen.enqueue(info)
- }
-}
-
-// Run starts the workers
-func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
- logger := gen.log
- defer utilruntime.HandleCrash()
- logger.Info("start")
- defer logger.Info("shutting down")
-
- if !cache.WaitForCacheSync(stopCh, gen.pvSynced, gen.nspvSynced) {
- logger.Info("failed to sync informer cache")
- }
-
- for i := 0; i < workers; i++ {
- go wait.Until(gen.runWorker, constant.PolicyViolationControllerResync, stopCh)
- }
- <-stopCh
-}
-
-func (gen *Generator) runWorker() {
- for gen.processNextWorkItem() {
- }
-}
-
-func (gen *Generator) handleErr(err error, key interface{}) {
- logger := gen.log
- if err == nil {
- gen.queue.Forget(key)
- return
- }
-
- // retires requests if there is error
- if gen.queue.NumRequeues(key) < workQueueRetryLimit {
- logger.Error(err, "failed to sync policy violation", "key", key)
- // Re-enqueue the key rate limited. Based on the rate limiter on the
- // queue and the re-enqueue history, the key will be processed later again.
- gen.queue.AddRateLimited(key)
- return
- }
- gen.queue.Forget(key)
- // remove from data store
- if keyHash, ok := key.(string); ok {
- gen.dataStore.delete(keyHash)
- }
- logger.Error(err, "dropping key out of the queue", "key", key)
-}
-
-func (gen *Generator) processNextWorkItem() bool {
- logger := gen.log
- obj, shutdown := gen.queue.Get()
- if shutdown {
- return false
- }
-
- err := func(obj interface{}) error {
- defer gen.queue.Done(obj)
- var keyHash string
- var ok bool
-
- if keyHash, ok = obj.(string); !ok {
- gen.queue.Forget(obj)
- logger.Info("incorrect type; expecting type 'string'", "obj", obj)
- return nil
- }
-
- // lookup data store
- info := gen.dataStore.lookup(keyHash)
- if reflect.DeepEqual(info, Info{}) {
- // empty key
- gen.queue.Forget(obj)
- logger.Info("empty key")
- return nil
- }
-
- err := gen.syncHandler(info)
- gen.handleErr(err, obj)
- return nil
- }(obj)
-
- if err != nil {
- logger.Error(err, "failed to process item")
- return true
- }
-
- return true
-}
-
-func (gen *Generator) syncHandler(info Info) error {
- logger := gen.log
- var handler pvGenerator
- builder := newPvBuilder()
- if info.Resource.GetNamespace() == "" {
- // cluster scope resource generate a clusterpolicy violation
- handler = newClusterPV(gen.log.WithName("ClusterPV"), gen.dclient, gen.cpvLister, gen.kyvernoInterface, gen.policyStatusListener)
- } else {
- // namespaced resources generated a namespaced policy violation in the namespace of the resource
- handler = newNamespacedPV(gen.log.WithName("NamespacedPV"), gen.dclient, gen.nspvLister, gen.kyvernoInterface, gen.policyStatusListener)
- }
-
- failure := false
- pv := builder.generate(info)
-
- if info.FromSync {
- pv.Annotations = map[string]string{
- "fromSync": "true",
- }
- }
-
- // Create Policy Violations
- logger.V(4).Info("creating policy violation", "key", info.toKey())
- if err := handler.create(pv); err != nil {
- failure = true
- logger.Error(err, "failed to create policy violation")
- }
-
- if failure {
- // even if there is a single failure we requeue the request
- return errors.New("Failed to process some policy violations, re-queuing")
- }
- return nil
-}
-
-// Provides an interface to generate policy violations
-// implementations for namespaced and cluster PV
-type pvGenerator interface {
- create(policyViolation kyverno.PolicyViolationTemplate) error
-}
diff --git a/pkg/policyviolation/namespacedpv.go b/pkg/policyviolation/namespacedpv.go
deleted file mode 100644
index f4112960c7..0000000000
--- a/pkg/policyviolation/namespacedpv.go
+++ /dev/null
@@ -1,144 +0,0 @@
-package policyviolation
-
-import (
- "fmt"
-
- "github.com/go-logr/logr"
- kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
- kyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
- kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
- client "github.com/kyverno/kyverno/pkg/dclient"
- "github.com/kyverno/kyverno/pkg/policystatus"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-//NamespacedPV ...
-type namespacedPV struct {
- // dynamic client
- dclient *client.Client
- // get/list namespaced policy violation
- nspvLister kyvernolister.PolicyViolationLister
- // policy violation interface
- kyvernoInterface kyvernov1.KyvernoV1Interface
- // logger
- log logr.Logger
- // update policy status with violationCount
- policyStatusListener policystatus.Listener
-}
-
-func newNamespacedPV(log logr.Logger, dclient *client.Client,
- nspvLister kyvernolister.PolicyViolationLister,
- kyvernoInterface kyvernov1.KyvernoV1Interface,
- policyStatus policystatus.Listener,
-) *namespacedPV {
- nspv := namespacedPV{
- dclient: dclient,
- nspvLister: nspvLister,
- kyvernoInterface: kyvernoInterface,
- log: log,
- policyStatusListener: policyStatus,
- }
- return &nspv
-}
-
-func (nspv *namespacedPV) create(pv kyverno.PolicyViolationTemplate) error {
- newPv := kyverno.PolicyViolation(pv)
- // PV already exists
- oldPv, err := nspv.getExisting(newPv)
- if err != nil {
- return err
- }
- if oldPv == nil {
- // create a new policy violation
- return nspv.createPV(&newPv)
- }
- // policy violation exists
- // skip if there is not change, else update the violation
- return nspv.updatePV(&newPv, oldPv)
-}
-
-func (nspv *namespacedPV) getExisting(newPv kyverno.PolicyViolation) (*kyverno.PolicyViolation, error) {
- logger := nspv.log.WithValues("namespace", newPv.Namespace, "name", newPv.Name)
- var err error
- // use labels
- policyLabelmap := map[string]string{"policy": newPv.Spec.Policy, "resource": newPv.Spec.ResourceSpec.ToKey()}
- ls, err := converLabelToSelector(policyLabelmap)
- if err != nil {
- return nil, err
- }
- pvs, err := nspv.nspvLister.PolicyViolations(newPv.GetNamespace()).List(ls)
- if err != nil {
- logger.Error(err, "failed to list namespaced policy violations")
- return nil, err
- }
-
- for _, pv := range pvs {
- // find a policy on same resource and policy combination
- if pv.Spec.Policy == newPv.Spec.Policy &&
- pv.Spec.ResourceSpec.Kind == newPv.Spec.ResourceSpec.Kind &&
- pv.Spec.ResourceSpec.Name == newPv.Spec.ResourceSpec.Name {
- return pv, nil
- }
- }
- return nil, nil
-}
-
-func (nspv *namespacedPV) createPV(newPv *kyverno.PolicyViolation) error {
- var err error
- logger := nspv.log.WithValues("policy", newPv.Spec.Policy, "kind", newPv.Spec.ResourceSpec.Kind, "namespace", newPv.Spec.ResourceSpec.Namespace, "name", newPv.Spec.ResourceSpec.Name)
- logger.V(4).Info("creating new policy violation")
- obj, err := retryGetResource(nspv.dclient, newPv.Spec.ResourceSpec)
- if err != nil {
- return fmt.Errorf("failed to retry getting resource for policy violation %s/%s: %v", newPv.Name, newPv.Spec.Policy, err)
- }
-
- if obj.GetDeletionTimestamp() != nil {
- return nil
- }
-
- // set owner reference to resource
- ownerRef, ok := createOwnerReference(obj)
- if !ok {
- return nil
- }
-
- newPv.SetOwnerReferences([]metav1.OwnerReference{ownerRef})
-
- // create resource
- _, err = nspv.kyvernoInterface.PolicyViolations(newPv.GetNamespace()).Create(newPv)
- if err != nil {
- logger.Error(err, "failed to create namespaced policy violation")
- return err
- }
-
- if newPv.Annotations["fromSync"] != "true" {
- nspv.policyStatusListener.Send(violationCount{policyName: newPv.Spec.Policy, violatedRules: newPv.Spec.ViolatedRules})
- }
- logger.Info("namespaced policy violation created")
- return nil
-}
-
-func (nspv *namespacedPV) updatePV(newPv, oldPv *kyverno.PolicyViolation) error {
- logger := nspv.log.WithValues("policy", newPv.Spec.Policy, "kind", newPv.Spec.ResourceSpec.Kind, "namespace", newPv.Spec.ResourceSpec.Namespace, "name", newPv.Spec.ResourceSpec.Name)
- var err error
- // check if there is any update
- if !hasViolationSpecChanged(newPv.Spec.DeepCopy(), oldPv.Spec.DeepCopy()) {
- logger.V(4).Info("policy violation spec did not change, not upadating the resource")
- return nil
- }
- // set name
- newPv.SetName(oldPv.Name)
- newPv.SetResourceVersion(oldPv.ResourceVersion)
- newPv.SetOwnerReferences(oldPv.GetOwnerReferences())
- // update resource
- _, err = nspv.kyvernoInterface.PolicyViolations(newPv.GetNamespace()).Update(newPv)
- if err != nil {
- return fmt.Errorf("failed to update namespaced policy violation: %v", err)
- }
-
- if newPv.Annotations["fromSync"] != "true" {
- nspv.policyStatusListener.Send(violationCount{policyName: newPv.Spec.Policy, violatedRules: newPv.Spec.ViolatedRules})
- }
- logger.Info("namespaced policy violation updated")
- return nil
-}
diff --git a/pkg/policyviolation/policyStatus_test.go b/pkg/policyviolation/policyStatus_test.go
deleted file mode 100644
index e0777bc46f..0000000000
--- a/pkg/policyviolation/policyStatus_test.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package policyviolation
-
-import (
- "encoding/json"
- "reflect"
- "testing"
-
- v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
-)
-
-func Test_Stats(t *testing.T) {
- testCase := struct {
- violationCountStats []struct {
- policyName string
- violatedRules []v1.ViolatedRule
- }
- expectedOutput []byte
- existingCache map[string]v1.PolicyStatus
- }{
- existingCache: map[string]v1.PolicyStatus{
- "policy1": {
- Rules: []v1.RuleStats{
- {
- Name: "rule4",
- },
- },
- },
- "policy2": {
- Rules: []v1.RuleStats{
- {
- Name: "rule4",
- },
- },
- },
- },
- expectedOutput: []byte(`{"policy1":{"violationCount":1,"ruleStatus":[{"ruleName":"rule4","violationCount":1}]},"policy2":{"violationCount":1,"ruleStatus":[{"ruleName":"rule4","violationCount":1}]}}`),
- violationCountStats: []struct {
- policyName string
- violatedRules []v1.ViolatedRule
- }{
- {
- policyName: "policy1",
- violatedRules: []v1.ViolatedRule{
- {
- Name: "rule4",
- },
- },
- },
- {
- policyName: "policy2",
- violatedRules: []v1.ViolatedRule{
- {
- Name: "rule4",
- },
- },
- },
- },
- }
-
- policyNameToStatus := testCase.existingCache
-
- for _, violationCountStat := range testCase.violationCountStats {
- receiver := &violationCount{
- policyName: violationCountStat.policyName,
- violatedRules: violationCountStat.violatedRules,
- }
- policyNameToStatus[receiver.PolicyName()] = receiver.UpdateStatus(policyNameToStatus[receiver.PolicyName()])
- }
-
- output, _ := json.Marshal(policyNameToStatus)
- if !reflect.DeepEqual(output, testCase.expectedOutput) {
- t.Errorf("\n\nTestcase has failed\nExpected:\n%v\nGot:\n%v\n\n", string(testCase.expectedOutput), string(output))
- }
-}
diff --git a/pkg/utils/util.go b/pkg/utils/util.go
index aff0d30e1e..d7c7b6064c 100644
--- a/pkg/utils/util.go
+++ b/pkg/utils/util.go
@@ -12,7 +12,6 @@ import (
"github.com/go-logr/logr"
client "github.com/kyverno/kyverno/pkg/dclient"
- dclient "github.com/kyverno/kyverno/pkg/dclient"
"github.com/minio/minio/pkg/wildcard"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/client-go/kubernetes"
@@ -21,7 +20,6 @@ import (
var regexVersion = regexp.MustCompile(`v(\d+).(\d+).(\d+)\.*`)
-
//Contains Check if strint is contained in a list of string
func contains(list []string, element string, fn func(string, string) bool) bool {
for _, e := range list {
@@ -71,22 +69,14 @@ func CRDInstalled(discovery client.IDiscovery, log logr.Logger) bool {
logger.Info("CRD found", "kind", kind)
return true
}
- if !check("ClusterPolicy") || !check("ClusterPolicyViolation") || !check("PolicyViolation") {
- return false
- }
- return true
-}
-//CleanupOldCrd deletes any existing NamespacedPolicyViolation resources in cluster
-// If resource violates policy, new Violations will be generated
-func CleanupOldCrd(client *dclient.Client, log logr.Logger) {
- logger := log.WithName("CleanupOldCrd")
- gvr := client.DiscoveryClient.GetGVRFromKind("NamespacedPolicyViolation")
- if !reflect.DeepEqual(gvr, schema.GroupVersionResource{}) {
- if err := client.DeleteResource("", "CustomResourceDefinition", "", "namespacedpolicyviolations.kyverno.io", false); err != nil {
- logger.Error(err, "Failed to remove prevous CRD", "kind", "namespacedpolicyviolation")
+ kyvernoCRDs := []string{"ClusterPolicy", "ClusterPolicyReport", "PolicyReport", "ClusterReportChangeRequest", "ReportChangeRequest"}
+ for _, crd := range kyvernoCRDs {
+ if !check(crd) {
+ return false
}
}
+ return true
}
// extracts the new and old resource as unstructured
diff --git a/pkg/webhooks/generate/generate.go b/pkg/webhooks/generate/generate.go
index 8aef22a864..0e2195c4da 100644
--- a/pkg/webhooks/generate/generate.go
+++ b/pkg/webhooks/generate/generate.go
@@ -1,6 +1,7 @@
package generate
import (
+ "context"
"fmt"
"time"
@@ -120,7 +121,7 @@ func retryApplyResource(client *kyvernoclient.Clientset,
// generate requests created in kyverno namespace
isExist := false
if action == v1beta1.Create || action == v1beta1.Update {
- grList, err := client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).List(metav1.ListOptions{})
+ grList, err := client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).List(context.TODO(), metav1.ListOptions{})
if err != nil {
return err
}
@@ -133,7 +134,7 @@ func retryApplyResource(client *kyvernoclient.Clientset,
v.Spec.Context = gr.Spec.Context
v.Spec.Policy = gr.Spec.Policy
v.Spec.Resource = gr.Spec.Resource
- _, err = client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Update(&grList.Items[i])
+ _, err = client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Update(context.TODO(), &grList.Items[i], metav1.UpdateOptions{})
if err != nil {
return err
}
@@ -142,7 +143,7 @@ func retryApplyResource(client *kyvernoclient.Clientset,
}
if !isExist {
gr.SetGenerateName("gr-")
- _, err = client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Create(&gr)
+ _, err = client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Create(context.TODO(), &gr, metav1.CreateOptions{})
if err != nil {
return err
}
diff --git a/pkg/webhooks/generation.go b/pkg/webhooks/generation.go
index 81a8d346e1..250c35adf4 100644
--- a/pkg/webhooks/generation.go
+++ b/pkg/webhooks/generation.go
@@ -1,6 +1,7 @@
package webhooks
import (
+ contextdefault "context"
"fmt"
"reflect"
"sort"
@@ -37,7 +38,6 @@ func (ws *WebhookServer) HandleGenerate(request *v1beta1.AdmissionRequest, polic
logger.Error(err, "failed to convert RAR resource to unstructured format")
return
}
-
// CREATE resources, do not have name, assigned in admission-request
policyContext := engine.PolicyContext{
@@ -56,13 +56,13 @@ func (ws *WebhookServer) HandleGenerate(request *v1beta1.AdmissionRequest, polic
engineResponse := engine.Generate(policyContext)
for _, rule := range engineResponse.PolicyResponse.Rules {
if !rule.Success {
- grList, err := ws.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).List(metav1.ListOptions{})
+ grList, err := ws.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).List(contextdefault.TODO(), metav1.ListOptions{})
if err != nil {
logger.Error(err, "failed to list generate request")
}
for _, v := range grList.Items {
if engineResponse.PolicyResponse.Policy == v.Spec.Policy && engineResponse.PolicyResponse.Resource.Name == v.Spec.Resource.Name && engineResponse.PolicyResponse.Resource.Kind == v.Spec.Resource.Kind && engineResponse.PolicyResponse.Resource.Namespace == v.Spec.Resource.Namespace {
- err := ws.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(v.GetName(), &metav1.DeleteOptions{})
+ err := ws.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(contextdefault.TODO(), v.GetName(), metav1.DeleteOptions{})
if err != nil {
logger.Error(err, "failed to update gr")
}
diff --git a/pkg/webhooks/mutation.go b/pkg/webhooks/mutation.go
index 49c972b68c..4048b88e12 100644
--- a/pkg/webhooks/mutation.go
+++ b/pkg/webhooks/mutation.go
@@ -11,7 +11,6 @@ import (
"github.com/kyverno/kyverno/pkg/engine/context"
"github.com/kyverno/kyverno/pkg/engine/response"
engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
- "github.com/kyverno/kyverno/pkg/policyviolation"
v1beta1 "k8s.io/api/admission/v1beta1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
@@ -87,11 +86,6 @@ func (ws *WebhookServer) HandleMutation(
patches = append(patches, annPatches)
}
- // AUDIT
- // generate violation when response fails
- pvInfos := policyviolation.GeneratePVsFromEngineResponse(engineResponses, logger)
- ws.pvGenerator.Add(pvInfos...)
-
// REPORTING EVENTS
// Scenario 1:
// some/all policies failed to apply on the resource. a policy violation is generated.
diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go
index 8b17d3736e..afc7ed2d0a 100644
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@@ -14,8 +14,6 @@ import (
"github.com/julienschmidt/httprouter"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
"github.com/kyverno/kyverno/pkg/checker"
- "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
@@ -26,8 +24,9 @@ import (
"github.com/kyverno/kyverno/pkg/event"
"github.com/kyverno/kyverno/pkg/openapi"
"github.com/kyverno/kyverno/pkg/policycache"
+ "github.com/kyverno/kyverno/pkg/policyreport"
"github.com/kyverno/kyverno/pkg/policystatus"
- "github.com/kyverno/kyverno/pkg/policyviolation"
+ "github.com/kyverno/kyverno/pkg/resourcecache"
tlsutils "github.com/kyverno/kyverno/pkg/tls"
userinfo "github.com/kyverno/kyverno/pkg/userinfo"
"github.com/kyverno/kyverno/pkg/utils"
@@ -35,11 +34,10 @@ import (
"github.com/kyverno/kyverno/pkg/webhooks/generate"
v1beta1 "k8s.io/api/admission/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
rbacinformer "k8s.io/client-go/informers/rbac/v1"
rbaclister "k8s.io/client-go/listers/rbac/v1"
"k8s.io/client-go/tools/cache"
-
- "github.com/kyverno/kyverno/pkg/resourcecache"
)
// WebhookServer contains configured TLS server with MutationWebhook.
@@ -99,8 +97,8 @@ type WebhookServer struct {
// last request time
lastReqTime *checker.LastReqTime
- // policy violation generator
- pvGenerator policyviolation.GeneratorInterface
+ // policy report generator
+ prGenerator policyreport.GeneratorInterface
// generate request generator
grGenerator *generate.Generator
@@ -134,7 +132,7 @@ func NewWebhookServer(
webhookRegistrationClient *webhookconfig.WebhookRegistrationClient,
statusSync policystatus.Listener,
configHandler config.Interface,
- pvGenerator policyviolation.GeneratorInterface,
+ prGenerator policyreport.GeneratorInterface,
grGenerator *generate.Generator,
resourceWebhookWatcher *webhookconfig.ResourceWebhookRegister,
auditHandler AuditHandler,
@@ -177,7 +175,7 @@ func NewWebhookServer(
configHandler: configHandler,
cleanUp: cleanUp,
lastReqTime: resourceWebhookWatcher.LastReqTime,
- pvGenerator: pvGenerator,
+ prGenerator: prGenerator,
grGenerator: grGenerator,
resourceWebhookWatcher: resourceWebhookWatcher,
auditHandler: auditHandler,
@@ -354,7 +352,7 @@ func (ws *WebhookServer) ResourceMutation(request *v1beta1.AdmissionRequest) *v1
ws.auditHandler.Add(request.DeepCopy())
// VALIDATION
- ok, msg := HandleValidation(request, validatePolicies, nil, ctx, userRequestInfo, ws.statusListener, ws.eventGen, ws.pvGenerator, ws.log, ws.configHandler, ws.resCache)
+ ok, msg := HandleValidation(request, validatePolicies, nil, ctx, userRequestInfo, ws.statusListener, ws.eventGen, ws.prGenerator, ws.log, ws.configHandler, ws.resCache)
if !ok {
logger.Info("admission request denied")
return &v1beta1.AdmissionResponse{
@@ -480,7 +478,7 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
logger.Error(err, "failed to load service account in context")
}
- ok, msg := HandleValidation(request, policies, nil, ctx, userRequestInfo, ws.statusListener, ws.eventGen, ws.pvGenerator, ws.log, ws.configHandler, ws.resCache)
+ ok, msg := HandleValidation(request, policies, nil, ctx, userRequestInfo, ws.statusListener, ws.eventGen, ws.prGenerator, ws.log, ws.configHandler, ws.resCache)
if !ok {
logger.Info("admission request denied")
return &v1beta1.AdmissionResponse{
@@ -507,7 +505,7 @@ func (ws *WebhookServer) RunAsync(stopCh <-chan struct{}) {
logger.Info("failed to sync informer cache")
}
- go func () {
+ go func() {
logger.V(3).Info("started serving requests", "addr", ws.server.Addr)
if err := ws.server.ListenAndServeTLS("", ""); err != http.ErrServerClosed {
logger.Error(err, "failed to listen to requests")
diff --git a/pkg/webhooks/validate_audit.go b/pkg/webhooks/validate_audit.go
index a019c22e49..cf73efd0be 100644
--- a/pkg/webhooks/validate_audit.go
+++ b/pkg/webhooks/validate_audit.go
@@ -9,8 +9,8 @@ import (
enginectx "github.com/kyverno/kyverno/pkg/engine/context"
"github.com/kyverno/kyverno/pkg/event"
"github.com/kyverno/kyverno/pkg/policycache"
+ "github.com/kyverno/kyverno/pkg/policyreport"
"github.com/kyverno/kyverno/pkg/policystatus"
- "github.com/kyverno/kyverno/pkg/policyviolation"
"github.com/kyverno/kyverno/pkg/resourcecache"
"github.com/kyverno/kyverno/pkg/userinfo"
"github.com/minio/minio/cmd/logger"
@@ -44,7 +44,7 @@ type auditHandler struct {
pCache policycache.Interface
eventGen event.Interface
statusListener policystatus.Listener
- pvGenerator policyviolation.GeneratorInterface
+ prGenerator policyreport.GeneratorInterface
rbLister rbaclister.RoleBindingLister
rbSynced cache.InformerSynced
@@ -60,7 +60,7 @@ type auditHandler struct {
func NewValidateAuditHandler(pCache policycache.Interface,
eventGen event.Interface,
statusListener policystatus.Listener,
- pvGenerator policyviolation.GeneratorInterface,
+ prGenerator policyreport.GeneratorInterface,
rbInformer rbacinformer.RoleBindingInformer,
crbInformer rbacinformer.ClusterRoleBindingInformer,
log logr.Logger,
@@ -72,12 +72,12 @@ func NewValidateAuditHandler(pCache policycache.Interface,
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), workQueueName),
eventGen: eventGen,
statusListener: statusListener,
- pvGenerator: pvGenerator,
rbLister: rbInformer.Lister(),
rbSynced: rbInformer.Informer().HasSynced,
crbLister: crbInformer.Lister(),
crbSynced: crbInformer.Informer().HasSynced,
log: log,
+ prGenerator: prGenerator,
configHandler: dynamicConfig,
resCache: resCache,
}
@@ -171,7 +171,7 @@ func (h *auditHandler) process(request *v1beta1.AdmissionRequest) error {
return errors.Wrap(err, "failed to load service account in context")
}
- HandleValidation(request, policies, nil, ctx, userRequestInfo, h.statusListener, h.eventGen, h.pvGenerator, logger, h.configHandler, h.resCache)
+ HandleValidation(request, policies, nil, ctx, userRequestInfo, h.statusListener, h.eventGen, h.prGenerator, logger, h.configHandler, h.resCache)
return nil
}
diff --git a/pkg/webhooks/validation.go b/pkg/webhooks/validation.go
index 1d37ef7972..41dc22b4fb 100644
--- a/pkg/webhooks/validation.go
+++ b/pkg/webhooks/validation.go
@@ -1,28 +1,27 @@
package webhooks
import (
+ "os"
"reflect"
"sort"
"time"
- "github.com/kyverno/kyverno/pkg/config"
-
"github.com/go-logr/logr"
- "github.com/kyverno/kyverno/pkg/event"
- "github.com/kyverno/kyverno/pkg/policystatus"
- "github.com/kyverno/kyverno/pkg/utils"
-
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
+ "github.com/kyverno/kyverno/pkg/common"
+ "github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/engine"
"github.com/kyverno/kyverno/pkg/engine/context"
"github.com/kyverno/kyverno/pkg/engine/response"
- "github.com/kyverno/kyverno/pkg/policyviolation"
+ "github.com/kyverno/kyverno/pkg/event"
+ "github.com/kyverno/kyverno/pkg/policyreport"
+ "github.com/kyverno/kyverno/pkg/policystatus"
+ "github.com/kyverno/kyverno/pkg/resourcecache"
+ "github.com/kyverno/kyverno/pkg/utils"
v1beta1 "k8s.io/api/admission/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
- "github.com/kyverno/kyverno/pkg/resourcecache"
)
// HandleValidation handles validating webhook admission request
@@ -36,7 +35,7 @@ func HandleValidation(
userRequestInfo kyverno.RequestInfo,
statusListener policystatus.Listener,
eventGen event.Interface,
- pvGenerator policyviolation.GeneratorInterface,
+ prGenerator policyreport.GeneratorInterface,
log logr.Logger,
dynamicConfig config.Interface,
resCache resourcecache.ResourceCacheIface) (bool, string) {
@@ -124,11 +123,24 @@ func HandleValidation(
return false, getEnforceFailureErrorMsg(engineResponses)
}
- // ADD POLICY VIOLATIONS
- // violations are created with resource on "audit"
- pvInfos := policyviolation.GeneratePVsFromEngineResponse(engineResponses, logger)
- pvGenerator.Add(pvInfos...)
+ prInfos := policyreport.GeneratePRsFromEngineResponse(engineResponses, logger)
+ prGenerator.Add(prInfos...)
+ if os.Getenv("POLICY-TYPE") == common.PolicyReport {
+ if request.Operation == v1beta1.Delete {
+ prGenerator.Add(policyreport.Info{
+ Resource: unstructured.Unstructured{
+ Object: map[string]interface{}{
+ "kind": oldR.GetKind(),
+ "metadata": map[string]interface{}{
+ "name": oldR.GetName(),
+ "namespace": oldR.GetNamespace(),
+ },
+ },
+ },
+ })
+ }
+ }
return true, ""
}
diff --git a/scripts/update-codegen.sh b/scripts/update-codegen.sh
index e35e8a9931..d5166860c5 100755
--- a/scripts/update-codegen.sh
+++ b/scripts/update-codegen.sh
@@ -26,4 +26,4 @@ ${CODEGEN_PKG}/generate-groups.sh \
"deepcopy,client,informer,lister" \
${NIRMATA_PKG}/pkg/client \
${NIRMATA_PKG}/pkg/api \
- kyverno:v1
+ "kyverno:v1 policyreport:v1alpha1 kyverno:v1alpha1"
diff --git a/test/e2e/generate/utils.go b/test/e2e/generate/utils.go
index ddc9e69b8c..ed113d2854 100644
--- a/test/e2e/generate/utils.go
+++ b/test/e2e/generate/utils.go
@@ -1,6 +1,7 @@
package generate
import (
+ "context"
"os"
"time"
@@ -54,12 +55,12 @@ func (e2e *E2EClient) CleanClusterPolicies(gvr schema.GroupVersionResource) erro
// GetNamespacedResource ...
func (e2e *E2EClient) GetNamespacedResource(gvr schema.GroupVersionResource, namespace, name string) (*unstructured.Unstructured, error) {
- return e2e.Client.Resource(gvr).Namespace(namespace).Get(name, metav1.GetOptions{})
+ return e2e.Client.Resource(gvr).Namespace(namespace).Get(context.TODO(), name, metav1.GetOptions{})
}
// GetClusterResource ...
func (e2e *E2EClient) GetClusteredResource(gvr schema.GroupVersionResource, name string) (*unstructured.Unstructured, error) {
- return e2e.Client.Resource(gvr).Get(name, metav1.GetOptions{})
+ return e2e.Client.Resource(gvr).Get(context.TODO(), name, metav1.GetOptions{})
}
// GetWithRetry :- Retry Operation till the end of retry or until it is Passed, retryCount is the Wait duration after each retry,
@@ -77,27 +78,27 @@ func GetWithRetry(sleepInterval time.Duration, retryCount int, retryFunc func()
// DeleteNamespacedResource ...
func (e2e *E2EClient) DeleteNamespacedResource(gvr schema.GroupVersionResource, namespace, name string) error {
- return e2e.Client.Resource(gvr).Namespace(namespace).Delete(name, &metav1.DeleteOptions{})
+ return e2e.Client.Resource(gvr).Namespace(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
}
// DeleteClusterResource ...
func (e2e *E2EClient) DeleteClusteredResource(gvr schema.GroupVersionResource, name string) error {
- return e2e.Client.Resource(gvr).Delete(name, &metav1.DeleteOptions{})
+ return e2e.Client.Resource(gvr).Delete(context.TODO(), name, metav1.DeleteOptions{})
}
// CreateNamespacedResource ...
func (e2e *E2EClient) CreateNamespacedResource(gvr schema.GroupVersionResource, namespace string, resourceData *unstructured.Unstructured) (*unstructured.Unstructured, error) {
- return e2e.Client.Resource(gvr).Namespace(namespace).Create(resourceData, metav1.CreateOptions{})
+ return e2e.Client.Resource(gvr).Namespace(namespace).Create(context.TODO(), resourceData, metav1.CreateOptions{})
}
// CreateClusteredResource ...
func (e2e *E2EClient) CreateClusteredResource(gvr schema.GroupVersionResource, resourceData *unstructured.Unstructured) (*unstructured.Unstructured, error) {
- return e2e.Client.Resource(gvr).Create(resourceData, metav1.CreateOptions{})
+ return e2e.Client.Resource(gvr).Create(context.TODO(), resourceData, metav1.CreateOptions{})
}
// ListNamespacedResources ...
func (e2e *E2EClient) ListNamespacedResources(gvr schema.GroupVersionResource, namespace string) (*unstructured.UnstructuredList, error) {
- return e2e.Client.Resource(gvr).Namespace(namespace).List(metav1.ListOptions{})
+ return e2e.Client.Resource(gvr).Namespace(namespace).List(context.TODO(), metav1.ListOptions{})
}
// CreateNamespacedResource creates namespaced resources like Pods, Services, Deployments etc
@@ -107,7 +108,7 @@ func (e2e *E2EClient) CreateNamespacedResourceYaml(gvr schema.GroupVersionResour
if err != nil {
return nil, err
}
- result, err := e2e.Client.Resource(gvr).Namespace(namespace).Create(&resource, metav1.CreateOptions{})
+ result, err := e2e.Client.Resource(gvr).Namespace(namespace).Create(context.TODO(), &resource, metav1.CreateOptions{})
return result, err
}