diff --git a/Makefile b/Makefile
index c2d99af004..f63219e557 100644
--- a/Makefile
+++ b/Makefile
@@ -396,7 +396,7 @@ image-build-all: $(BUILD_WITH)-build-all
GOPATH_SHIM := ${PWD}/.gopath
PACKAGE_SHIM := $(GOPATH_SHIM)/src/$(PACKAGE)
OUT_PACKAGE := $(PACKAGE)/pkg/client
-INPUT_DIRS := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v1alpha2,$(PACKAGE)/api/kyverno/v1beta1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/policyreport/v1alpha2
+INPUT_DIRS := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v1alpha2,$(PACKAGE)/api/kyverno/v1beta1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/kyverno/reports/v1,$(PACKAGE)/api/policyreport/v1alpha2
CLIENTSET_PACKAGE := $(OUT_PACKAGE)/clientset
LISTERS_PACKAGE := $(OUT_PACKAGE)/listers
INFORMERS_PACKAGE := $(OUT_PACKAGE)/informers
diff --git a/api/kyverno/reports/v1/admission_report_types.go b/api/kyverno/reports/v1/admission_report_types.go
new file mode 100644
index 0000000000..f7c086810d
--- /dev/null
+++ b/api/kyverno/reports/v1/admission_report_types.go
@@ -0,0 +1,124 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+ policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type AdmissionReportSpec struct {
+ // Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)
+ Owner metav1.OwnerReference `json:"owner"`
+
+ // PolicyReportSummary provides a summary of results
+ // +optional
+ Summary policyreportv1alpha2.PolicyReportSummary `json:"summary,omitempty"`
+
+ // PolicyReportResult provides result details
+ // +optional
+ Results []policyreportv1alpha2.PolicyReportResult `json:"results,omitempty"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:shortName=admr,categories=kyverno
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="PASS",type=integer,JSONPath=".spec.summary.pass"
+// +kubebuilder:printcolumn:name="FAIL",type=integer,JSONPath=".spec.summary.fail"
+// +kubebuilder:printcolumn:name="WARN",type=integer,JSONPath=".spec.summary.warn"
+// +kubebuilder:printcolumn:name="ERROR",type=integer,JSONPath=".spec.summary.error"
+// +kubebuilder:printcolumn:name="SKIP",type=integer,JSONPath=".spec.summary.skip"
+// +kubebuilder:printcolumn:name="GVR",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.gvr']"
+// +kubebuilder:printcolumn:name="REF",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.name']"
+// +kubebuilder:printcolumn:name="AGGREGATE",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/report\\.aggregate']",priority=1
+
+// AdmissionReport is the Schema for the AdmissionReports API
+type AdmissionReport struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+ Spec AdmissionReportSpec `json:"spec"`
+}
+
+func (r *AdmissionReport) GetResults() []policyreportv1alpha2.PolicyReportResult {
+ return r.Spec.Results
+}
+
+func (r *AdmissionReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) {
+ r.Spec.Results = results
+}
+
+func (r *AdmissionReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) {
+ r.Spec.Summary = summary
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:scope=Cluster,shortName=cadmr,categories=kyverno
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="PASS",type=integer,JSONPath=".spec.summary.pass"
+// +kubebuilder:printcolumn:name="FAIL",type=integer,JSONPath=".spec.summary.fail"
+// +kubebuilder:printcolumn:name="WARN",type=integer,JSONPath=".spec.summary.warn"
+// +kubebuilder:printcolumn:name="ERROR",type=integer,JSONPath=".spec.summary.error"
+// +kubebuilder:printcolumn:name="SKIP",type=integer,JSONPath=".spec.summary.skip"
+// +kubebuilder:printcolumn:name="GVR",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.gvr']"
+// +kubebuilder:printcolumn:name="REF",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.name']"
+// +kubebuilder:printcolumn:name="AGGREGATE",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/report\\.aggregate']",priority=1
+
+// ClusterAdmissionReport is the Schema for the ClusterAdmissionReports API
+type ClusterAdmissionReport struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+ Spec AdmissionReportSpec `json:"spec"`
+}
+
+func (r *ClusterAdmissionReport) GetResults() []policyreportv1alpha2.PolicyReportResult {
+ return r.Spec.Results
+}
+
+func (r *ClusterAdmissionReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) {
+ r.Spec.Results = results
+}
+
+func (r *ClusterAdmissionReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) {
+ r.Spec.Summary = summary
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// AdmissionReportList contains a list of AdmissionReport
+type AdmissionReportList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []AdmissionReport `json:"items"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ClusterAdmissionReportList contains a list of ClusterAdmissionReport
+type ClusterAdmissionReportList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []ClusterAdmissionReport `json:"items"`
+}
diff --git a/api/kyverno/reports/v1/background_scan_report_types.go b/api/kyverno/reports/v1/background_scan_report_types.go
new file mode 100644
index 0000000000..66fc05a767
--- /dev/null
+++ b/api/kyverno/reports/v1/background_scan_report_types.go
@@ -0,0 +1,123 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+ policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type BackgroundScanReportSpec struct {
+ // PolicyReportSummary provides a summary of results
+ // +optional
+ Summary policyreportv1alpha2.PolicyReportSummary `json:"summary,omitempty"`
+
+ // PolicyReportResult provides result details
+ // +optional
+ Results []policyreportv1alpha2.PolicyReportResult `json:"results,omitempty"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:shortName=bgscanr,categories=kyverno
+// +kubebuilder:printcolumn:name="ApiVersion",type=string,JSONPath=".metadata.ownerReferences[0].apiVersion"
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=".metadata.ownerReferences[0].kind"
+// +kubebuilder:printcolumn:name="Subject",type=string,JSONPath=".metadata.ownerReferences[0].name"
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=".spec.summary.pass"
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=".spec.summary.fail"
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=".spec.summary.warn"
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=".spec.summary.error"
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=".spec.summary.skip"
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="Hash",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.hash']",priority=1
+
+// BackgroundScanReport is the Schema for the BackgroundScanReports API
+type BackgroundScanReport struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+ Spec BackgroundScanReportSpec `json:"spec"`
+}
+
+func (r *BackgroundScanReport) GetResults() []policyreportv1alpha2.PolicyReportResult {
+ return r.Spec.Results
+}
+
+func (r *BackgroundScanReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) {
+ r.Spec.Results = results
+}
+
+func (r *BackgroundScanReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) {
+ r.Spec.Summary = summary
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:scope=Cluster,shortName=cbgscanr,categories=kyverno
+// +kubebuilder:printcolumn:name="ApiVersion",type=string,JSONPath=".metadata.ownerReferences[0].apiVersion"
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=".metadata.ownerReferences[0].kind"
+// +kubebuilder:printcolumn:name="Subject",type=string,JSONPath=".metadata.ownerReferences[0].name"
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=".spec.summary.pass"
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=".spec.summary.fail"
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=".spec.summary.warn"
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=".spec.summary.error"
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=".spec.summary.skip"
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="Hash",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.hash']",priority=1
+
+// ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports API
+type ClusterBackgroundScanReport struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+ Spec BackgroundScanReportSpec `json:"spec"`
+}
+
+func (r *ClusterBackgroundScanReport) GetResults() []policyreportv1alpha2.PolicyReportResult {
+ return r.Spec.Results
+}
+
+func (r *ClusterBackgroundScanReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) {
+ r.Spec.Results = results
+}
+
+func (r *ClusterBackgroundScanReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) {
+ r.Spec.Summary = summary
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// BackgroundScanReportList contains a list of BackgroundScanReport
+type BackgroundScanReportList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []BackgroundScanReport `json:"items"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ClusterBackgroundScanReportList contains a list of ClusterBackgroundScanReport
+type ClusterBackgroundScanReportList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []ClusterBackgroundScanReport `json:"items"`
+}
diff --git a/api/kyverno/reports/v1/doc.go b/api/kyverno/reports/v1/doc.go
new file mode 100644
index 0000000000..1e554afc16
--- /dev/null
+++ b/api/kyverno/reports/v1/doc.go
@@ -0,0 +1,21 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+// +kubebuilder:object:generate=true
+// +groupName=reports.kyverno.io
+package v1
diff --git a/api/kyverno/reports/v1/zz_generated.deepcopy.go b/api/kyverno/reports/v1/zz_generated.deepcopy.go
new file mode 100644
index 0000000000..5528f7e7a4
--- /dev/null
+++ b/api/kyverno/reports/v1/zz_generated.deepcopy.go
@@ -0,0 +1,316 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ v1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AdmissionReport) DeepCopyInto(out *AdmissionReport) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReport.
+func (in *AdmissionReport) DeepCopy() *AdmissionReport {
+ if in == nil {
+ return nil
+ }
+ out := new(AdmissionReport)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *AdmissionReport) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AdmissionReportList) DeepCopyInto(out *AdmissionReportList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]AdmissionReport, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReportList.
+func (in *AdmissionReportList) DeepCopy() *AdmissionReportList {
+ if in == nil {
+ return nil
+ }
+ out := new(AdmissionReportList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *AdmissionReportList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AdmissionReportSpec) DeepCopyInto(out *AdmissionReportSpec) {
+ *out = *in
+ in.Owner.DeepCopyInto(&out.Owner)
+ out.Summary = in.Summary
+ if in.Results != nil {
+ in, out := &in.Results, &out.Results
+ *out = make([]v1alpha2.PolicyReportResult, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReportSpec.
+func (in *AdmissionReportSpec) DeepCopy() *AdmissionReportSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(AdmissionReportSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BackgroundScanReport) DeepCopyInto(out *BackgroundScanReport) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackgroundScanReport.
+func (in *BackgroundScanReport) DeepCopy() *BackgroundScanReport {
+ if in == nil {
+ return nil
+ }
+ out := new(BackgroundScanReport)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *BackgroundScanReport) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BackgroundScanReportList) DeepCopyInto(out *BackgroundScanReportList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]BackgroundScanReport, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackgroundScanReportList.
+func (in *BackgroundScanReportList) DeepCopy() *BackgroundScanReportList {
+ if in == nil {
+ return nil
+ }
+ out := new(BackgroundScanReportList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *BackgroundScanReportList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BackgroundScanReportSpec) DeepCopyInto(out *BackgroundScanReportSpec) {
+ *out = *in
+ out.Summary = in.Summary
+ if in.Results != nil {
+ in, out := &in.Results, &out.Results
+ *out = make([]v1alpha2.PolicyReportResult, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackgroundScanReportSpec.
+func (in *BackgroundScanReportSpec) DeepCopy() *BackgroundScanReportSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(BackgroundScanReportSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterAdmissionReport) DeepCopyInto(out *ClusterAdmissionReport) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionReport.
+func (in *ClusterAdmissionReport) DeepCopy() *ClusterAdmissionReport {
+ if in == nil {
+ return nil
+ }
+ out := new(ClusterAdmissionReport)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterAdmissionReport) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterAdmissionReportList) DeepCopyInto(out *ClusterAdmissionReportList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]ClusterAdmissionReport, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionReportList.
+func (in *ClusterAdmissionReportList) DeepCopy() *ClusterAdmissionReportList {
+ if in == nil {
+ return nil
+ }
+ out := new(ClusterAdmissionReportList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterAdmissionReportList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterBackgroundScanReport) DeepCopyInto(out *ClusterBackgroundScanReport) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterBackgroundScanReport.
+func (in *ClusterBackgroundScanReport) DeepCopy() *ClusterBackgroundScanReport {
+ if in == nil {
+ return nil
+ }
+ out := new(ClusterBackgroundScanReport)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterBackgroundScanReport) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterBackgroundScanReportList) DeepCopyInto(out *ClusterBackgroundScanReportList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]ClusterBackgroundScanReport, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterBackgroundScanReportList.
+func (in *ClusterBackgroundScanReportList) DeepCopy() *ClusterBackgroundScanReportList {
+ if in == nil {
+ return nil
+ }
+ out := new(ClusterBackgroundScanReportList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterBackgroundScanReportList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
diff --git a/api/kyverno/reports/v1/zz_generated.defaults.go b/api/kyverno/reports/v1/zz_generated.defaults.go
new file mode 100644
index 0000000000..dac177e93b
--- /dev/null
+++ b/api/kyverno/reports/v1/zz_generated.defaults.go
@@ -0,0 +1,33 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by defaulter-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// RegisterDefaults adds defaulters functions to the given scheme.
+// Public to allow building arbitrary schemes.
+// All generated defaulters are covering - they call all nested defaulters.
+func RegisterDefaults(scheme *runtime.Scheme) error {
+ return nil
+}
diff --git a/api/kyverno/reports/v1/zz_generated.register.go b/api/kyverno/reports/v1/zz_generated.register.go
new file mode 100644
index 0000000000..85d90fd0a7
--- /dev/null
+++ b/api/kyverno/reports/v1/zz_generated.register.go
@@ -0,0 +1,73 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by register-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// GroupName specifies the group name used to register the objects.
+const GroupName = "reports.kyverno.io"
+
+// GroupVersion specifies the group and the version used to register the objects.
+var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1"}
+
+// SchemeGroupVersion is group version used to register these objects
+// Deprecated: use GroupVersion instead.
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+ return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+ // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
+ SchemeBuilder runtime.SchemeBuilder
+ localSchemeBuilder = &SchemeBuilder
+ // Depreciated: use Install instead
+ AddToScheme = localSchemeBuilder.AddToScheme
+ Install = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+ // We only register manually written functions here. The registration of the
+ // generated functions takes place in the generated files. The separation
+ // makes the code compile even when the generated files are missing.
+ localSchemeBuilder.Register(addKnownTypes)
+}
+
+// Adds the list of known types to Scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+ scheme.AddKnownTypes(SchemeGroupVersion,
+ &AdmissionReport{},
+ &AdmissionReportList{},
+ &BackgroundScanReport{},
+ &BackgroundScanReportList{},
+ &ClusterAdmissionReport{},
+ &ClusterAdmissionReportList{},
+ &ClusterBackgroundScanReport{},
+ &ClusterBackgroundScanReportList{},
+ )
+ // AddToGroupVersion allows the serialization of client types like ListOptions.
+ v1.AddToGroupVersion(scheme, SchemeGroupVersion)
+ return nil
+}
diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index 68f7b63d05..5c18893f40 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -313,6 +313,7 @@ The chart values are organised per component.
|-----|------|---------|-------------|
| features.admissionReports.enabled | bool | `true` | Enables the feature |
| features.aggregateReports.enabled | bool | `true` | Enables the feature |
+| features.alternateReportStorage.enabled | bool | `false` | Enables the feature |
| features.policyReports.enabled | bool | `true` | Enables the feature |
| features.validatingAdmissionPolicyReports.enabled | bool | `false` | Enables the feature |
| features.autoUpdateWebhooks.enabled | bool | `true` | Enables the feature |
diff --git a/charts/kyverno/charts/crds/templates/crds.yaml b/charts/kyverno/charts/crds/templates/crds.yaml
index a019949f73..155454b441 100644
--- a/charts/kyverno/charts/crds/templates/crds.yaml
+++ b/charts/kyverno/charts/crds/templates/crds.yaml
@@ -48246,6 +48246,1281 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
+metadata:
+ labels:
+ {{- include "kyverno.crds.labels" . | nindent 4 }}
+ annotations:
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: admissionreports.reports.kyverno.io
+spec:
+ group: reports.kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: AdmissionReport
+ listKind: AdmissionReportList
+ plural: admissionreports
+ shortNames:
+ - admr
+ singular: admissionreport
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.summary.pass
+ name: PASS
+ type: integer
+ - jsonPath: .spec.summary.fail
+ name: FAIL
+ type: integer
+ - jsonPath: .spec.summary.warn
+ name: WARN
+ type: integer
+ - jsonPath: .spec.summary.error
+ name: ERROR
+ type: integer
+ - jsonPath: .spec.summary.skip
+ name: SKIP
+ type: integer
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr']
+ name: GVR
+ type: string
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name']
+ name: REF
+ type: string
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate']
+ name: AGGREGATE
+ priority: 1
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: AdmissionReport is the Schema for the AdmissionReports API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ owner:
+ description: Owner is a reference to the report owner (e.g. a Deployment,
+ Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ blockOwnerDeletion:
+ description: If true, AND if the owner has the "foregroundDeletion"
+ finalizer, then the owner cannot be deleted from the key-value
+ store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+ for how the garbage collector interacts with this field and
+ enforces the foreground deletion. Defaults to false. To set
+ this field, a user needs "delete" permission of the owner, otherwise
+ 422 (Unprocessable Entity) will be returned.
+ type: boolean
+ controller:
+ description: If true, this reference points to the managing controller.
+ type: boolean
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids'
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ - uid
+ type: object
+ x-kubernetes-map-type: atomic
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ message:
+ description: Description is a short user friendly message for
+ the policy rule
+ type: string
+ policy:
+ description: Policy is the name or identifier of the policy
+ type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for
+ the policy rule
+ type: object
+ resourceSelector:
+ description: SubjectSelector is an optional label selector for
+ checked Kubernetes resources. For example, a policy result
+ may apply to all pods that match a label. Either a Subject
+ or a SubjectSelector can be specified. If neither are provided,
+ the result is assumed to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: Subjects is an optional reference to the checked
+ Kubernetes resources
+ items:
+ description: "ObjectReference contains enough information
+ to let you inspect or modify the referred object. --- New
+ uses of this type are discouraged because of difficulty
+ describing its usage when embedded in APIs. 1. Ignored fields.
+ \ It includes many fields which are not generally honored.
+ \ For instance, ResourceVersion and FieldPath are both very
+ rarely valid in actual usage. 2. Invalid usage help. It
+ is impossible to add specific help for individual usage.
+ \ In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not
+ honored\" or \"name must be restricted\". Those cannot be
+ well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules
+ are different by usage, which makes it hard for users to
+ predict what will happen. 4. The fields are both imprecise
+ and overly precise. Kind is not a precise mapping to a
+ URL. This can produce ambiguity during interpretation and
+ require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this
+ type will affect numerous schemas. Don't make new APIs
+ embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and
+ used type that is well-focused on your reference. For example,
+ ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ result:
+ description: Result indicates the outcome of the policy rule
+ execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ rule:
+ description: Rule is the name or identifier of the rule within
+ the policy
+ type: string
+ scored:
+ description: Scored indicates if this result is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy check result criticality
+ enum:
+ - critical
+ - high
+ - low
+ - medium
+ - info
+ type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must
+ still have non-negative nanos values that count forward
+ in time. Must be from 0 to 999,999,999 inclusive. This
+ field may be limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+ to 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
+ required:
+ - policy
+ type: object
+ type: array
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not
+ be evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not
+ selected for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of non-scored policies whose
+ requirements were not met
+ type: integer
+ type: object
+ required:
+ - owner
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ {{- include "kyverno.crds.labels" . | nindent 4 }}
+ annotations:
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: backgroundscanreports.reports.kyverno.io
+spec:
+ group: reports.kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: BackgroundScanReport
+ listKind: BackgroundScanReportList
+ plural: backgroundscanreports
+ shortNames:
+ - bgscanr
+ singular: backgroundscanreport
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.ownerReferences[0].apiVersion
+ name: ApiVersion
+ type: string
+ - jsonPath: .metadata.ownerReferences[0].kind
+ name: Kind
+ type: string
+ - jsonPath: .metadata.ownerReferences[0].name
+ name: Subject
+ type: string
+ - jsonPath: .spec.summary.pass
+ name: Pass
+ type: integer
+ - jsonPath: .spec.summary.fail
+ name: Fail
+ type: integer
+ - jsonPath: .spec.summary.warn
+ name: Warn
+ type: integer
+ - jsonPath: .spec.summary.error
+ name: Error
+ type: integer
+ - jsonPath: .spec.summary.skip
+ name: Skip
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash']
+ name: Hash
+ priority: 1
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: BackgroundScanReport is the Schema for the BackgroundScanReports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ message:
+ description: Description is a short user friendly message for
+ the policy rule
+ type: string
+ policy:
+ description: Policy is the name or identifier of the policy
+ type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for
+ the policy rule
+ type: object
+ resourceSelector:
+ description: SubjectSelector is an optional label selector for
+ checked Kubernetes resources. For example, a policy result
+ may apply to all pods that match a label. Either a Subject
+ or a SubjectSelector can be specified. If neither are provided,
+ the result is assumed to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: Subjects is an optional reference to the checked
+ Kubernetes resources
+ items:
+ description: "ObjectReference contains enough information
+ to let you inspect or modify the referred object. --- New
+ uses of this type are discouraged because of difficulty
+ describing its usage when embedded in APIs. 1. Ignored fields.
+ \ It includes many fields which are not generally honored.
+ \ For instance, ResourceVersion and FieldPath are both very
+ rarely valid in actual usage. 2. Invalid usage help. It
+ is impossible to add specific help for individual usage.
+ \ In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not
+ honored\" or \"name must be restricted\". Those cannot be
+ well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules
+ are different by usage, which makes it hard for users to
+ predict what will happen. 4. The fields are both imprecise
+ and overly precise. Kind is not a precise mapping to a
+ URL. This can produce ambiguity during interpretation and
+ require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this
+ type will affect numerous schemas. Don't make new APIs
+ embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and
+ used type that is well-focused on your reference. For example,
+ ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ result:
+ description: Result indicates the outcome of the policy rule
+ execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ rule:
+ description: Rule is the name or identifier of the rule within
+ the policy
+ type: string
+ scored:
+ description: Scored indicates if this result is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy check result criticality
+ enum:
+ - critical
+ - high
+ - low
+ - medium
+ - info
+ type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must
+ still have non-negative nanos values that count forward
+ in time. Must be from 0 to 999,999,999 inclusive. This
+ field may be limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+ to 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
+ required:
+ - policy
+ type: object
+ type: array
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not
+ be evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not
+ selected for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of non-scored policies whose
+ requirements were not met
+ type: integer
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ {{- include "kyverno.crds.labels" . | nindent 4 }}
+ annotations:
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: clusteradmissionreports.reports.kyverno.io
+spec:
+ group: reports.kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: ClusterAdmissionReport
+ listKind: ClusterAdmissionReportList
+ plural: clusteradmissionreports
+ shortNames:
+ - cadmr
+ singular: clusteradmissionreport
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.summary.pass
+ name: PASS
+ type: integer
+ - jsonPath: .spec.summary.fail
+ name: FAIL
+ type: integer
+ - jsonPath: .spec.summary.warn
+ name: WARN
+ type: integer
+ - jsonPath: .spec.summary.error
+ name: ERROR
+ type: integer
+ - jsonPath: .spec.summary.skip
+ name: SKIP
+ type: integer
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr']
+ name: GVR
+ type: string
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name']
+ name: REF
+ type: string
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate']
+ name: AGGREGATE
+ priority: 1
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: ClusterAdmissionReport is the Schema for the ClusterAdmissionReports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ owner:
+ description: Owner is a reference to the report owner (e.g. a Deployment,
+ Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ blockOwnerDeletion:
+ description: If true, AND if the owner has the "foregroundDeletion"
+ finalizer, then the owner cannot be deleted from the key-value
+ store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+ for how the garbage collector interacts with this field and
+ enforces the foreground deletion. Defaults to false. To set
+ this field, a user needs "delete" permission of the owner, otherwise
+ 422 (Unprocessable Entity) will be returned.
+ type: boolean
+ controller:
+ description: If true, this reference points to the managing controller.
+ type: boolean
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids'
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ - uid
+ type: object
+ x-kubernetes-map-type: atomic
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ message:
+ description: Description is a short user friendly message for
+ the policy rule
+ type: string
+ policy:
+ description: Policy is the name or identifier of the policy
+ type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for
+ the policy rule
+ type: object
+ resourceSelector:
+ description: SubjectSelector is an optional label selector for
+ checked Kubernetes resources. For example, a policy result
+ may apply to all pods that match a label. Either a Subject
+ or a SubjectSelector can be specified. If neither are provided,
+ the result is assumed to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: Subjects is an optional reference to the checked
+ Kubernetes resources
+ items:
+ description: "ObjectReference contains enough information
+ to let you inspect or modify the referred object. --- New
+ uses of this type are discouraged because of difficulty
+ describing its usage when embedded in APIs. 1. Ignored fields.
+ \ It includes many fields which are not generally honored.
+ \ For instance, ResourceVersion and FieldPath are both very
+ rarely valid in actual usage. 2. Invalid usage help. It
+ is impossible to add specific help for individual usage.
+ \ In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not
+ honored\" or \"name must be restricted\". Those cannot be
+ well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules
+ are different by usage, which makes it hard for users to
+ predict what will happen. 4. The fields are both imprecise
+ and overly precise. Kind is not a precise mapping to a
+ URL. This can produce ambiguity during interpretation and
+ require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this
+ type will affect numerous schemas. Don't make new APIs
+ embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and
+ used type that is well-focused on your reference. For example,
+ ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ result:
+ description: Result indicates the outcome of the policy rule
+ execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ rule:
+ description: Rule is the name or identifier of the rule within
+ the policy
+ type: string
+ scored:
+ description: Scored indicates if this result is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy check result criticality
+ enum:
+ - critical
+ - high
+ - low
+ - medium
+ - info
+ type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must
+ still have non-negative nanos values that count forward
+ in time. Must be from 0 to 999,999,999 inclusive. This
+ field may be limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+ to 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
+ required:
+ - policy
+ type: object
+ type: array
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not
+ be evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not
+ selected for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of non-scored policies whose
+ requirements were not met
+ type: integer
+ type: object
+ required:
+ - owner
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ {{- include "kyverno.crds.labels" . | nindent 4 }}
+ annotations:
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: clusterbackgroundscanreports.reports.kyverno.io
+spec:
+ group: reports.kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: ClusterBackgroundScanReport
+ listKind: ClusterBackgroundScanReportList
+ plural: clusterbackgroundscanreports
+ shortNames:
+ - cbgscanr
+ singular: clusterbackgroundscanreport
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.ownerReferences[0].apiVersion
+ name: ApiVersion
+ type: string
+ - jsonPath: .metadata.ownerReferences[0].kind
+ name: Kind
+ type: string
+ - jsonPath: .metadata.ownerReferences[0].name
+ name: Subject
+ type: string
+ - jsonPath: .spec.summary.pass
+ name: Pass
+ type: integer
+ - jsonPath: .spec.summary.fail
+ name: Fail
+ type: integer
+ - jsonPath: .spec.summary.warn
+ name: Warn
+ type: integer
+ - jsonPath: .spec.summary.error
+ name: Error
+ type: integer
+ - jsonPath: .spec.summary.skip
+ name: Skip
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash']
+ name: Hash
+ priority: 1
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ message:
+ description: Description is a short user friendly message for
+ the policy rule
+ type: string
+ policy:
+ description: Policy is the name or identifier of the policy
+ type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for
+ the policy rule
+ type: object
+ resourceSelector:
+ description: SubjectSelector is an optional label selector for
+ checked Kubernetes resources. For example, a policy result
+ may apply to all pods that match a label. Either a Subject
+ or a SubjectSelector can be specified. If neither are provided,
+ the result is assumed to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: Subjects is an optional reference to the checked
+ Kubernetes resources
+ items:
+ description: "ObjectReference contains enough information
+ to let you inspect or modify the referred object. --- New
+ uses of this type are discouraged because of difficulty
+ describing its usage when embedded in APIs. 1. Ignored fields.
+ \ It includes many fields which are not generally honored.
+ \ For instance, ResourceVersion and FieldPath are both very
+ rarely valid in actual usage. 2. Invalid usage help. It
+ is impossible to add specific help for individual usage.
+ \ In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not
+ honored\" or \"name must be restricted\". Those cannot be
+ well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules
+ are different by usage, which makes it hard for users to
+ predict what will happen. 4. The fields are both imprecise
+ and overly precise. Kind is not a precise mapping to a
+ URL. This can produce ambiguity during interpretation and
+ require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this
+ type will affect numerous schemas. Don't make new APIs
+ embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and
+ used type that is well-focused on your reference. For example,
+ ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ result:
+ description: Result indicates the outcome of the policy rule
+ execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ rule:
+ description: Rule is the name or identifier of the rule within
+ the policy
+ type: string
+ scored:
+ description: Scored indicates if this result is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy check result criticality
+ enum:
+ - critical
+ - high
+ - low
+ - medium
+ - info
+ type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must
+ still have non-negative nanos values that count forward
+ in time. Must be from 0 to 999,999,999 inclusive. This
+ field may be limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+ to 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
+ required:
+ - policy
+ type: object
+ type: array
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not
+ be evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not
+ selected for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of non-scored policies whose
+ requirements were not met
+ type: integer
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
metadata:
labels:
{{- include "kyverno.crds.labels" . | nindent 4 }}
diff --git a/charts/kyverno/templates/_helpers.tpl b/charts/kyverno/templates/_helpers.tpl
index 7eb2456ab9..82b142f96f 100644
--- a/charts/kyverno/templates/_helpers.tpl
+++ b/charts/kyverno/templates/_helpers.tpl
@@ -16,6 +16,9 @@
{{- with .aggregateReports -}}
{{- $flags = append $flags (print "--aggregateReports=" .enabled) -}}
{{- end -}}
+{{- with .alternateReportStorage -}}
+ {{- $flags = append $flags (print "--alternateReportStorage=" .enabled) -}}
+{{- end -}}
{{- with .policyReports -}}
{{- $flags = append $flags (print "--policyReports=" .enabled) -}}
{{- end -}}
diff --git a/charts/kyverno/templates/admission-controller/clusterrole.yaml b/charts/kyverno/templates/admission-controller/clusterrole.yaml
index d0eeb5ff9c..9d54b09828 100644
--- a/charts/kyverno/templates/admission-controller/clusterrole.yaml
+++ b/charts/kyverno/templates/admission-controller/clusterrole.yaml
@@ -68,6 +68,22 @@ rules:
- update
- watch
- deletecollection
+ - apiGroups:
+ - reports.kyverno.io
+ resources:
+ - admissionreports
+ - clusteradmissionreports
+ - backgroundscanreports
+ - clusterbackgroundscanreports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - deletecollection
- apiGroups:
- wgpolicyk8s.io
resources:
@@ -146,4 +162,4 @@ metadata:
rules:
{{- toYaml . | nindent 2 }}
{{- end }}
-{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kyverno/templates/admission-controller/deployment.yaml b/charts/kyverno/templates/admission-controller/deployment.yaml
index a086e0b87d..f2978c0994 100644
--- a/charts/kyverno/templates/admission-controller/deployment.yaml
+++ b/charts/kyverno/templates/admission-controller/deployment.yaml
@@ -168,6 +168,7 @@ spec:
"policyExceptions"
"protectManagedResources"
"registryClient"
+ "alternateReportStorage"
"tuf"
) | nindent 12 }}
{{- range $key, $value := .Values.admissionController.container.extraArgs }}
diff --git a/charts/kyverno/templates/admission-controller/flowschema.yaml b/charts/kyverno/templates/admission-controller/flowschema.yaml
index e1a9e4e11e..adfbf05752 100644
--- a/charts/kyverno/templates/admission-controller/flowschema.yaml
+++ b/charts/kyverno/templates/admission-controller/flowschema.yaml
@@ -81,6 +81,37 @@ spec:
- update
- watch
- deletecollection
+ - apiGroups:
+ - reports.kyverno.io
+ clusterScope: true
+ resources:
+ - clusteradmissionreports
+ - clusterbackgroundscanreports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - deletecollection
+ - apiGroups:
+ - reports.kyverno.io
+ namespaces:
+ - '*'
+ resources:
+ - admissionreports
+ - backgroundscanreports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - deletecollection
- apiGroups:
- wgpolicyk8s.io
clusterScope: true
@@ -192,4 +223,4 @@ spec:
serviceAccount:
name: {{ template "kyverno.admission-controller.serviceAccountName" . }}
namespace: {{ template "kyverno.namespace" . }}
-{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kyverno/templates/background-controller/deployment.yaml b/charts/kyverno/templates/background-controller/deployment.yaml
index 655da0711e..d073fd2d3d 100644
--- a/charts/kyverno/templates/background-controller/deployment.yaml
+++ b/charts/kyverno/templates/background-controller/deployment.yaml
@@ -120,6 +120,7 @@ spec:
"logging"
"omitEvents"
"policyExceptions"
+ "alternateReportStorage"
) | nindent 12 }}
{{- range $key, $value := .Values.backgroundController.extraArgs }}
{{- if $value }}
diff --git a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
index 40c9548421..1b9d51c237 100644
--- a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
@@ -40,10 +40,10 @@ spec:
- /bin/sh
- -c
- |
- COUNT=$(kubectl get admissionreports.kyverno.io -A | wc -l)
+ COUNT=$(kubectl get admissionreports.reports.kyverno.io -A | wc -l)
if [ "$COUNT" -gt {{ .Values.cleanupJobs.admissionReports.threshold }} ]; then
echo "too many reports found ($COUNT), cleaning up..."
- kubectl delete admissionreports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
+ kubectl delete admissionreports.reports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
else
echo "($COUNT) reports found, no clean up needed"
fi
@@ -83,4 +83,4 @@ spec:
{{- tpl (toYaml .) $ | nindent 14 }}
{{- end }}
{{- end }}
-{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
index b0b31a6ac4..388e9a5222 100644
--- a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
@@ -40,10 +40,10 @@ spec:
- /bin/sh
- -c
- |
- COUNT=$(kubectl get clusteradmissionreports.kyverno.io -A | wc -l)
+ COUNT=$(kubectl get clusteradmissionreports.reports.kyverno.io -A | wc -l)
if [ "$COUNT" -gt {{ .Values.cleanupJobs.clusterAdmissionReports.threshold }} ]; then
echo "too many reports found ($COUNT), cleaning up..."
- kubectl delete clusteradmissionreports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
+ kubectl delete clusteradmissionreports.reports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
else
echo "($COUNT) reports found, no clean up needed"
fi
@@ -83,4 +83,4 @@ spec:
{{- tpl (toYaml .) $ | nindent 14 }}
{{- end }}
{{- end }}
-{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/kyverno/templates/cleanup/clusterrole.yaml b/charts/kyverno/templates/cleanup/clusterrole.yaml
index 1c570fcb24..1fa0727cf0 100644
--- a/charts/kyverno/templates/cleanup/clusterrole.yaml
+++ b/charts/kyverno/templates/cleanup/clusterrole.yaml
@@ -14,3 +14,12 @@ rules:
- list
- deletecollection
- delete
+ - apiGroups:
+ - reports.kyverno.io
+ resources:
+ - admissionreports
+ - clusteradmissionreports
+ verbs:
+ - list
+ - deletecollection
+ - delete
\ No newline at end of file
diff --git a/charts/kyverno/templates/rbac/reports.yaml b/charts/kyverno/templates/rbac/reports.yaml
index d14529bfb4..65a93ae483 100644
--- a/charts/kyverno/templates/rbac/reports.yaml
+++ b/charts/kyverno/templates/rbac/reports.yaml
@@ -21,6 +21,21 @@ rules:
- patch
- update
- watch
+ - apiGroups:
+ - reports.kyverno.io
+ resources:
+ - admissionreports
+ - clusteradmissionreports
+ - backgroundscanreports
+ - clusterbackgroundscanreports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -40,4 +55,15 @@ rules:
- get
- list
- watch
-{{- end -}}
+ - apiGroups:
+ - reports.kyverno.io
+ resources:
+ - admissionreports
+ - clusteradmissionreports
+ - backgroundscanreports
+ - clusterbackgroundscanreports
+ verbs:
+ - get
+ - list
+ - watch
+{{- end -}}
\ No newline at end of file
diff --git a/charts/kyverno/templates/reports-controller/clusterrole.yaml b/charts/kyverno/templates/reports-controller/clusterrole.yaml
index bab437fdba..29378b8cbb 100644
--- a/charts/kyverno/templates/reports-controller/clusterrole.yaml
+++ b/charts/kyverno/templates/reports-controller/clusterrole.yaml
@@ -55,6 +55,22 @@ rules:
- update
- watch
- deletecollection
+ - apiGroups:
+ - reports.kyverno.io
+ resources:
+ - admissionreports
+ - clusteradmissionreports
+ - backgroundscanreports
+ - clusterbackgroundscanreports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - deletecollection
- apiGroups:
- wgpolicyk8s.io
resources:
@@ -100,4 +116,4 @@ rules:
{{- end }}
{{- end }}
{{- end }}
-{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kyverno/templates/reports-controller/deployment.yaml b/charts/kyverno/templates/reports-controller/deployment.yaml
index a7b55b1ea9..e04afee95b 100644
--- a/charts/kyverno/templates/reports-controller/deployment.yaml
+++ b/charts/kyverno/templates/reports-controller/deployment.yaml
@@ -127,6 +127,7 @@ spec:
"policyExceptions"
"reports"
"registryClient"
+ "alternateReportStorage"
"tuf"
) | nindent 12 }}
{{- range $key, $value := .Values.reportsController.extraArgs }}
diff --git a/charts/kyverno/templates/reports-controller/flowschema.yaml b/charts/kyverno/templates/reports-controller/flowschema.yaml
index fa2e9d1986..8f68f00882 100644
--- a/charts/kyverno/templates/reports-controller/flowschema.yaml
+++ b/charts/kyverno/templates/reports-controller/flowschema.yaml
@@ -51,6 +51,37 @@ spec:
- update
- watch
- deletecollection
+ - apiGroups:
+ - reports.kyverno.io
+ clusterScope: true
+ resources:
+ - clusteradmissionreports
+ - clusterbackgroundscanreports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - deletecollection
+ - apiGroups:
+ - reports.kyverno.io
+ namespaces:
+ - '*'
+ resources:
+ - admissionreports
+ - backgroundscanreports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - deletecollection
- apiGroups:
- wgpolicyk8s.io
clusterScope: true
@@ -119,4 +150,4 @@ spec:
serviceAccount:
name: {{ template "kyverno.reports-controller.serviceAccountName" . }}
namespace: {{ template "kyverno.namespace" . }}
-{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index 2f6cd4b687..bb320092d4 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -561,6 +561,9 @@ features:
aggregateReports:
# -- Enables the feature
enabled: true
+ alternateReportStorage:
+ # -- Enables the feature
+ enabled: false
policyReports:
# -- Enables the feature
enabled: true
diff --git a/cmd/background-controller/main.go b/cmd/background-controller/main.go
index c57796200e..ad4dd15062 100644
--- a/cmd/background-controller/main.go
+++ b/cmd/background-controller/main.go
@@ -106,6 +106,7 @@ func main() {
internal.WithRegistryClient(),
internal.WithLeaderElection(),
internal.WithKyvernoClient(),
+ internal.WithAlternateReportStore(),
internal.WithDynamicClient(),
internal.WithKyvernoDynamicClient(),
internal.WithEventsClient(),
diff --git a/cmd/internal/config.go b/cmd/internal/config.go
index be92d66aee..de257a4a1b 100644
--- a/cmd/internal/config.go
+++ b/cmd/internal/config.go
@@ -17,6 +17,7 @@ type Configuration interface {
UsesImageVerifyCache() bool
UsesLeaderElection() bool
UsesKyvernoClient() bool
+ UsesAlternateReportStore() bool
UsesDynamicClient() bool
UsesApiServerClient() bool
UsesMetadataClient() bool
@@ -107,6 +108,12 @@ func WithKyvernoClient() ConfigurationOption {
}
}
+func WithAlternateReportStore() ConfigurationOption {
+ return func(c *configuration) {
+ c.usesAlternateReportStore = true
+ }
+}
+
func WithDynamicClient() ConfigurationOption {
return func(c *configuration) {
c.usesDynamicClient = true
@@ -158,6 +165,7 @@ type configuration struct {
usesImageVerifyCache bool
usesLeaderElection bool
usesKyvernoClient bool
+ usesAlternateReportStore bool
usesDynamicClient bool
usesApiServerClient bool
usesMetadataClient bool
@@ -214,6 +222,10 @@ func (c *configuration) UsesKyvernoClient() bool {
return c.usesKyvernoClient
}
+func (c *configuration) UsesAlternateReportStore() bool {
+ return c.usesAlternateReportStore
+}
+
func (c *configuration) UsesDynamicClient() bool {
return c.usesDynamicClient
}
diff --git a/cmd/internal/flag.go b/cmd/internal/flag.go
index f00fac4865..b2eb694f96 100644
--- a/cmd/internal/flag.go
+++ b/cmd/internal/flag.go
@@ -56,6 +56,8 @@ var (
imageVerifyCacheEnabled bool
imageVerifyCacheTTLDuration time.Duration
imageVerifyCacheMaxSize int64
+ // alternate report storage
+ alternateReportStorage bool
)
func initLoggingFlags() {
@@ -133,6 +135,10 @@ func initCleanupFlags() {
flag.StringVar(&cleanupServerPort, "cleanupServerPort", "9443", "kyverno cleanup server port, defaults to '9443'.")
}
+func initAltReportStoreFlag() {
+ flag.BoolVar(&alternateReportStorage, "alternateReportStorage", false, "Store kyverno intermediate reports in a separate api group reports.kyverno.io. defaults to false.")
+}
+
type options struct {
clientRateLimitQPS float64
clientRateLimitBurst int
@@ -216,6 +222,10 @@ func initFlags(config Configuration, opts ...Option) {
if config.UsesLeaderElection() {
initLeaderElectionFlags()
}
+ // alternate report storage
+ if config.UsesAlternateReportStore() {
+ initAltReportStoreFlag()
+ }
initCleanupFlags()
diff --git a/cmd/internal/setup.go b/cmd/internal/setup.go
index b30a443ffd..f013d93996 100644
--- a/cmd/internal/setup.go
+++ b/cmd/internal/setup.go
@@ -16,6 +16,7 @@ import (
"github.com/kyverno/kyverno/pkg/imageverifycache"
"github.com/kyverno/kyverno/pkg/metrics"
"github.com/kyverno/kyverno/pkg/registryclient"
+ "github.com/kyverno/kyverno/pkg/report"
eventsv1 "k8s.io/client-go/kubernetes/typed/events/v1"
corev1listers "k8s.io/client-go/listers/core/v1"
)
@@ -48,6 +49,7 @@ type SetupResult struct {
MetadataClient metadataclient.UpstreamInterface
KyvernoDynamicClient dclient.Interface
EventsClient eventsv1.EventsV1Interface
+ ReportManager report.Interface
}
func Setup(config Configuration, name string, skipResourceFilters bool) (context.Context, SetupResult, context.CancelFunc) {
@@ -82,8 +84,13 @@ func Setup(config Configuration, name string, skipResourceFilters bool) (context
leaderElectionClient = createKubernetesClient(logger, clientRateLimitQPS, clientRateLimitBurst, kubeclient.WithMetrics(metricsManager, metrics.KubeClient), kubeclient.WithTracing())
}
var kyvernoClient kyvernoclient.UpstreamInterface
+ var reportManager report.Interface
if config.UsesKyvernoClient() {
kyvernoClient = createKyvernoClient(logger, kyvernoclient.WithMetrics(metricsManager, metrics.KyvernoClient), kyvernoclient.WithTracing())
+
+ if config.UsesAlternateReportStore() {
+ reportManager = report.NewReportManager(alternateReportStorage, kyvernoClient)
+ }
}
var dynamicClient dynamicclient.UpstreamInterface
if config.UsesDynamicClient() {
@@ -123,6 +130,7 @@ func Setup(config Configuration, name string, skipResourceFilters bool) (context
MetadataClient: metadataClient,
KyvernoDynamicClient: dClient,
EventsClient: eventsClient,
+ ReportManager: reportManager,
},
shutdown(logger.WithName("shutdown"), sdownMaxProcs, sdownMetrics, sdownTracing, sdownSignals)
}
diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go
index 8af7959c9d..bd5c1a4db2 100644
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@@ -254,6 +254,7 @@ func main() {
internal.WithImageVerifyCache(),
internal.WithLeaderElection(),
internal.WithKyvernoClient(),
+ internal.WithAlternateReportStore(),
internal.WithDynamicClient(),
internal.WithKyvernoDynamicClient(),
internal.WithEventsClient(),
@@ -482,6 +483,7 @@ func main() {
engine,
setup.KyvernoDynamicClient,
setup.KyvernoClient,
+ setup.ReportManager,
setup.Configuration,
setup.MetricsManager,
policyCache,
diff --git a/cmd/reports-controller/main.go b/cmd/reports-controller/main.go
index 5bdf92f9b0..768661d7dd 100644
--- a/cmd/reports-controller/main.go
+++ b/cmd/reports-controller/main.go
@@ -24,6 +24,7 @@ import (
"github.com/kyverno/kyverno/pkg/event"
"github.com/kyverno/kyverno/pkg/leaderelection"
"github.com/kyverno/kyverno/pkg/logging"
+ "github.com/kyverno/kyverno/pkg/report"
"k8s.io/apimachinery/pkg/runtime/schema"
kubeinformers "k8s.io/client-go/informers"
admissionregistrationv1alpha1informers "k8s.io/client-go/informers/admissionregistration/v1alpha1"
@@ -46,6 +47,7 @@ func createReportControllers(
backgroundScanWorkers int,
client dclient.Interface,
kyvernoClient versioned.Interface,
+ reportManager report.Interface,
metadataFactory metadatainformers.SharedInformerFactory,
kubeInformer kubeinformers.SharedInformerFactory,
kyvernoInformer kyvernoinformer.SharedInformerFactory,
@@ -85,6 +87,7 @@ func createReportControllers(
aggregatereportcontroller.NewController(
kyvernoClient,
metadataFactory,
+ reportManager,
kyvernoV1.Policies(),
kyvernoV1.ClusterPolicies(),
vapInformer,
@@ -101,6 +104,7 @@ func createReportControllers(
kyvernoClient,
client,
metadataFactory,
+ reportManager,
),
admissionreportcontroller.Workers,
))
@@ -109,6 +113,7 @@ func createReportControllers(
backgroundScanController := backgroundscancontroller.NewController(
client,
kyvernoClient,
+ reportManager,
eng,
metadataFactory,
kyvernoV1.Policies(),
@@ -153,6 +158,7 @@ func createrLeaderControllers(
kyvernoInformer kyvernoinformer.SharedInformerFactory,
metadataInformer metadatainformers.SharedInformerFactory,
kyvernoClient versioned.Interface,
+ reportManager report.Interface,
dynamicClient dclient.Interface,
configuration config.Configuration,
jp jmespath.Interface,
@@ -170,6 +176,7 @@ func createrLeaderControllers(
backgroundScanWorkers,
dynamicClient,
kyvernoClient,
+ reportManager,
metadataInformer,
kubeInformer,
kyvernoInformer,
@@ -223,6 +230,7 @@ func main() {
internal.WithImageVerifyCache(),
internal.WithLeaderElection(),
internal.WithKyvernoClient(),
+ internal.WithAlternateReportStore(),
internal.WithDynamicClient(),
internal.WithMetadataClient(),
internal.WithKyvernoDynamicClient(),
@@ -313,6 +321,7 @@ func main() {
kyvernoInformer,
metadataInformer,
setup.KyvernoClient,
+ setup.ReportManager,
setup.KyvernoDynamicClient,
setup.Configuration,
setup.Jp,
diff --git a/config/crds/reports.kyverno.io_admissionreports.yaml b/config/crds/reports.kyverno.io_admissionreports.yaml
new file mode 100644
index 0000000000..b057e8eb75
--- /dev/null
+++ b/config/crds/reports.kyverno.io_admissionreports.yaml
@@ -0,0 +1,330 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: admissionreports.reports.kyverno.io
+spec:
+ group: reports.kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: AdmissionReport
+ listKind: AdmissionReportList
+ plural: admissionreports
+ shortNames:
+ - admr
+ singular: admissionreport
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.summary.pass
+ name: PASS
+ type: integer
+ - jsonPath: .spec.summary.fail
+ name: FAIL
+ type: integer
+ - jsonPath: .spec.summary.warn
+ name: WARN
+ type: integer
+ - jsonPath: .spec.summary.error
+ name: ERROR
+ type: integer
+ - jsonPath: .spec.summary.skip
+ name: SKIP
+ type: integer
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr']
+ name: GVR
+ type: string
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name']
+ name: REF
+ type: string
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate']
+ name: AGGREGATE
+ priority: 1
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: AdmissionReport is the Schema for the AdmissionReports API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ owner:
+ description: Owner is a reference to the report owner (e.g. a Deployment,
+ Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ blockOwnerDeletion:
+ description: If true, AND if the owner has the "foregroundDeletion"
+ finalizer, then the owner cannot be deleted from the key-value
+ store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+ for how the garbage collector interacts with this field and
+ enforces the foreground deletion. Defaults to false. To set
+ this field, a user needs "delete" permission of the owner, otherwise
+ 422 (Unprocessable Entity) will be returned.
+ type: boolean
+ controller:
+ description: If true, this reference points to the managing controller.
+ type: boolean
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids'
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ - uid
+ type: object
+ x-kubernetes-map-type: atomic
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ message:
+ description: Description is a short user friendly message for
+ the policy rule
+ type: string
+ policy:
+ description: Policy is the name or identifier of the policy
+ type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for
+ the policy rule
+ type: object
+ resourceSelector:
+ description: SubjectSelector is an optional label selector for
+ checked Kubernetes resources. For example, a policy result
+ may apply to all pods that match a label. Either a Subject
+ or a SubjectSelector can be specified. If neither are provided,
+ the result is assumed to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: Subjects is an optional reference to the checked
+ Kubernetes resources
+ items:
+ description: "ObjectReference contains enough information
+ to let you inspect or modify the referred object. --- New
+ uses of this type are discouraged because of difficulty
+ describing its usage when embedded in APIs. 1. Ignored fields.
+ \ It includes many fields which are not generally honored.
+ \ For instance, ResourceVersion and FieldPath are both very
+ rarely valid in actual usage. 2. Invalid usage help. It
+ is impossible to add specific help for individual usage.
+ \ In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not
+ honored\" or \"name must be restricted\". Those cannot be
+ well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules
+ are different by usage, which makes it hard for users to
+ predict what will happen. 4. The fields are both imprecise
+ and overly precise. Kind is not a precise mapping to a
+ URL. This can produce ambiguity during interpretation and
+ require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this
+ type will affect numerous schemas. Don't make new APIs
+ embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and
+ used type that is well-focused on your reference. For example,
+ ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ result:
+ description: Result indicates the outcome of the policy rule
+ execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ rule:
+ description: Rule is the name or identifier of the rule within
+ the policy
+ type: string
+ scored:
+ description: Scored indicates if this result is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy check result criticality
+ enum:
+ - critical
+ - high
+ - low
+ - medium
+ - info
+ type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must
+ still have non-negative nanos values that count forward
+ in time. Must be from 0 to 999,999,999 inclusive. This
+ field may be limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+ to 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
+ required:
+ - policy
+ type: object
+ type: array
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not
+ be evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not
+ selected for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of non-scored policies whose
+ requirements were not met
+ type: integer
+ type: object
+ required:
+ - owner
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
diff --git a/config/crds/reports.kyverno.io_backgroundscanreports.yaml b/config/crds/reports.kyverno.io_backgroundscanreports.yaml
new file mode 100644
index 0000000000..e6c76d5f4d
--- /dev/null
+++ b/config/crds/reports.kyverno.io_backgroundscanreports.yaml
@@ -0,0 +1,297 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: backgroundscanreports.reports.kyverno.io
+spec:
+ group: reports.kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: BackgroundScanReport
+ listKind: BackgroundScanReportList
+ plural: backgroundscanreports
+ shortNames:
+ - bgscanr
+ singular: backgroundscanreport
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.ownerReferences[0].apiVersion
+ name: ApiVersion
+ type: string
+ - jsonPath: .metadata.ownerReferences[0].kind
+ name: Kind
+ type: string
+ - jsonPath: .metadata.ownerReferences[0].name
+ name: Subject
+ type: string
+ - jsonPath: .spec.summary.pass
+ name: Pass
+ type: integer
+ - jsonPath: .spec.summary.fail
+ name: Fail
+ type: integer
+ - jsonPath: .spec.summary.warn
+ name: Warn
+ type: integer
+ - jsonPath: .spec.summary.error
+ name: Error
+ type: integer
+ - jsonPath: .spec.summary.skip
+ name: Skip
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash']
+ name: Hash
+ priority: 1
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: BackgroundScanReport is the Schema for the BackgroundScanReports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ message:
+ description: Description is a short user friendly message for
+ the policy rule
+ type: string
+ policy:
+ description: Policy is the name or identifier of the policy
+ type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for
+ the policy rule
+ type: object
+ resourceSelector:
+ description: SubjectSelector is an optional label selector for
+ checked Kubernetes resources. For example, a policy result
+ may apply to all pods that match a label. Either a Subject
+ or a SubjectSelector can be specified. If neither are provided,
+ the result is assumed to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: Subjects is an optional reference to the checked
+ Kubernetes resources
+ items:
+ description: "ObjectReference contains enough information
+ to let you inspect or modify the referred object. --- New
+ uses of this type are discouraged because of difficulty
+ describing its usage when embedded in APIs. 1. Ignored fields.
+ \ It includes many fields which are not generally honored.
+ \ For instance, ResourceVersion and FieldPath are both very
+ rarely valid in actual usage. 2. Invalid usage help. It
+ is impossible to add specific help for individual usage.
+ \ In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not
+ honored\" or \"name must be restricted\". Those cannot be
+ well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules
+ are different by usage, which makes it hard for users to
+ predict what will happen. 4. The fields are both imprecise
+ and overly precise. Kind is not a precise mapping to a
+ URL. This can produce ambiguity during interpretation and
+ require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this
+ type will affect numerous schemas. Don't make new APIs
+ embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and
+ used type that is well-focused on your reference. For example,
+ ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ result:
+ description: Result indicates the outcome of the policy rule
+ execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ rule:
+ description: Rule is the name or identifier of the rule within
+ the policy
+ type: string
+ scored:
+ description: Scored indicates if this result is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy check result criticality
+ enum:
+ - critical
+ - high
+ - low
+ - medium
+ - info
+ type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must
+ still have non-negative nanos values that count forward
+ in time. Must be from 0 to 999,999,999 inclusive. This
+ field may be limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+ to 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
+ required:
+ - policy
+ type: object
+ type: array
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not
+ be evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not
+ selected for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of non-scored policies whose
+ requirements were not met
+ type: integer
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
diff --git a/config/crds/reports.kyverno.io_clusteradmissionreports.yaml b/config/crds/reports.kyverno.io_clusteradmissionreports.yaml
new file mode 100644
index 0000000000..5719dc5e06
--- /dev/null
+++ b/config/crds/reports.kyverno.io_clusteradmissionreports.yaml
@@ -0,0 +1,331 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: clusteradmissionreports.reports.kyverno.io
+spec:
+ group: reports.kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: ClusterAdmissionReport
+ listKind: ClusterAdmissionReportList
+ plural: clusteradmissionreports
+ shortNames:
+ - cadmr
+ singular: clusteradmissionreport
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.summary.pass
+ name: PASS
+ type: integer
+ - jsonPath: .spec.summary.fail
+ name: FAIL
+ type: integer
+ - jsonPath: .spec.summary.warn
+ name: WARN
+ type: integer
+ - jsonPath: .spec.summary.error
+ name: ERROR
+ type: integer
+ - jsonPath: .spec.summary.skip
+ name: SKIP
+ type: integer
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr']
+ name: GVR
+ type: string
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name']
+ name: REF
+ type: string
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate']
+ name: AGGREGATE
+ priority: 1
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: ClusterAdmissionReport is the Schema for the ClusterAdmissionReports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ owner:
+ description: Owner is a reference to the report owner (e.g. a Deployment,
+ Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ blockOwnerDeletion:
+ description: If true, AND if the owner has the "foregroundDeletion"
+ finalizer, then the owner cannot be deleted from the key-value
+ store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+ for how the garbage collector interacts with this field and
+ enforces the foreground deletion. Defaults to false. To set
+ this field, a user needs "delete" permission of the owner, otherwise
+ 422 (Unprocessable Entity) will be returned.
+ type: boolean
+ controller:
+ description: If true, this reference points to the managing controller.
+ type: boolean
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids'
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ - uid
+ type: object
+ x-kubernetes-map-type: atomic
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ message:
+ description: Description is a short user friendly message for
+ the policy rule
+ type: string
+ policy:
+ description: Policy is the name or identifier of the policy
+ type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for
+ the policy rule
+ type: object
+ resourceSelector:
+ description: SubjectSelector is an optional label selector for
+ checked Kubernetes resources. For example, a policy result
+ may apply to all pods that match a label. Either a Subject
+ or a SubjectSelector can be specified. If neither are provided,
+ the result is assumed to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: Subjects is an optional reference to the checked
+ Kubernetes resources
+ items:
+ description: "ObjectReference contains enough information
+ to let you inspect or modify the referred object. --- New
+ uses of this type are discouraged because of difficulty
+ describing its usage when embedded in APIs. 1. Ignored fields.
+ \ It includes many fields which are not generally honored.
+ \ For instance, ResourceVersion and FieldPath are both very
+ rarely valid in actual usage. 2. Invalid usage help. It
+ is impossible to add specific help for individual usage.
+ \ In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not
+ honored\" or \"name must be restricted\". Those cannot be
+ well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules
+ are different by usage, which makes it hard for users to
+ predict what will happen. 4. The fields are both imprecise
+ and overly precise. Kind is not a precise mapping to a
+ URL. This can produce ambiguity during interpretation and
+ require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this
+ type will affect numerous schemas. Don't make new APIs
+ embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and
+ used type that is well-focused on your reference. For example,
+ ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ result:
+ description: Result indicates the outcome of the policy rule
+ execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ rule:
+ description: Rule is the name or identifier of the rule within
+ the policy
+ type: string
+ scored:
+ description: Scored indicates if this result is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy check result criticality
+ enum:
+ - critical
+ - high
+ - low
+ - medium
+ - info
+ type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must
+ still have non-negative nanos values that count forward
+ in time. Must be from 0 to 999,999,999 inclusive. This
+ field may be limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+ to 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
+ required:
+ - policy
+ type: object
+ type: array
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not
+ be evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not
+ selected for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of non-scored policies whose
+ requirements were not met
+ type: integer
+ type: object
+ required:
+ - owner
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
diff --git a/config/crds/reports.kyverno.io_clusterbackgroundscanreports.yaml b/config/crds/reports.kyverno.io_clusterbackgroundscanreports.yaml
new file mode 100644
index 0000000000..fe35fee68b
--- /dev/null
+++ b/config/crds/reports.kyverno.io_clusterbackgroundscanreports.yaml
@@ -0,0 +1,297 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: clusterbackgroundscanreports.reports.kyverno.io
+spec:
+ group: reports.kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: ClusterBackgroundScanReport
+ listKind: ClusterBackgroundScanReportList
+ plural: clusterbackgroundscanreports
+ shortNames:
+ - cbgscanr
+ singular: clusterbackgroundscanreport
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.ownerReferences[0].apiVersion
+ name: ApiVersion
+ type: string
+ - jsonPath: .metadata.ownerReferences[0].kind
+ name: Kind
+ type: string
+ - jsonPath: .metadata.ownerReferences[0].name
+ name: Subject
+ type: string
+ - jsonPath: .spec.summary.pass
+ name: Pass
+ type: integer
+ - jsonPath: .spec.summary.fail
+ name: Fail
+ type: integer
+ - jsonPath: .spec.summary.warn
+ name: Warn
+ type: integer
+ - jsonPath: .spec.summary.error
+ name: Error
+ type: integer
+ - jsonPath: .spec.summary.skip
+ name: Skip
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash']
+ name: Hash
+ priority: 1
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ message:
+ description: Description is a short user friendly message for
+ the policy rule
+ type: string
+ policy:
+ description: Policy is the name or identifier of the policy
+ type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for
+ the policy rule
+ type: object
+ resourceSelector:
+ description: SubjectSelector is an optional label selector for
+ checked Kubernetes resources. For example, a policy result
+ may apply to all pods that match a label. Either a Subject
+ or a SubjectSelector can be specified. If neither are provided,
+ the result is assumed to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: Subjects is an optional reference to the checked
+ Kubernetes resources
+ items:
+ description: "ObjectReference contains enough information
+ to let you inspect or modify the referred object. --- New
+ uses of this type are discouraged because of difficulty
+ describing its usage when embedded in APIs. 1. Ignored fields.
+ \ It includes many fields which are not generally honored.
+ \ For instance, ResourceVersion and FieldPath are both very
+ rarely valid in actual usage. 2. Invalid usage help. It
+ is impossible to add specific help for individual usage.
+ \ In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not
+ honored\" or \"name must be restricted\". Those cannot be
+ well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules
+ are different by usage, which makes it hard for users to
+ predict what will happen. 4. The fields are both imprecise
+ and overly precise. Kind is not a precise mapping to a
+ URL. This can produce ambiguity during interpretation and
+ require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this
+ type will affect numerous schemas. Don't make new APIs
+ embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and
+ used type that is well-focused on your reference. For example,
+ ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ result:
+ description: Result indicates the outcome of the policy rule
+ execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ rule:
+ description: Rule is the name or identifier of the rule within
+ the policy
+ type: string
+ scored:
+ description: Scored indicates if this result is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy check result criticality
+ enum:
+ - critical
+ - high
+ - low
+ - medium
+ - info
+ type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must
+ still have non-negative nanos values that count forward
+ in time. Must be from 0 to 999,999,999 inclusive. This
+ field may be limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+ to 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
+ required:
+ - policy
+ type: object
+ type: array
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not
+ be evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not
+ selected for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of non-scored policies whose
+ requirements were not met
+ type: integer
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
index 276a388cc1..580a96e71a 100644
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@@ -48471,6 +48471,1289 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/component: crds
+ app.kubernetes.io/instance: kyverno
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kyverno-crds
+ app.kubernetes.io/version: 0.0.0
+ helm.sh/chart: crds-0.0.0
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: admissionreports.reports.kyverno.io
+spec:
+ group: reports.kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: AdmissionReport
+ listKind: AdmissionReportList
+ plural: admissionreports
+ shortNames:
+ - admr
+ singular: admissionreport
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.summary.pass
+ name: PASS
+ type: integer
+ - jsonPath: .spec.summary.fail
+ name: FAIL
+ type: integer
+ - jsonPath: .spec.summary.warn
+ name: WARN
+ type: integer
+ - jsonPath: .spec.summary.error
+ name: ERROR
+ type: integer
+ - jsonPath: .spec.summary.skip
+ name: SKIP
+ type: integer
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr']
+ name: GVR
+ type: string
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name']
+ name: REF
+ type: string
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate']
+ name: AGGREGATE
+ priority: 1
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: AdmissionReport is the Schema for the AdmissionReports API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ owner:
+ description: Owner is a reference to the report owner (e.g. a Deployment,
+ Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ blockOwnerDeletion:
+ description: If true, AND if the owner has the "foregroundDeletion"
+ finalizer, then the owner cannot be deleted from the key-value
+ store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+ for how the garbage collector interacts with this field and
+ enforces the foreground deletion. Defaults to false. To set
+ this field, a user needs "delete" permission of the owner, otherwise
+ 422 (Unprocessable Entity) will be returned.
+ type: boolean
+ controller:
+ description: If true, this reference points to the managing controller.
+ type: boolean
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids'
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ - uid
+ type: object
+ x-kubernetes-map-type: atomic
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ message:
+ description: Description is a short user friendly message for
+ the policy rule
+ type: string
+ policy:
+ description: Policy is the name or identifier of the policy
+ type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for
+ the policy rule
+ type: object
+ resourceSelector:
+ description: SubjectSelector is an optional label selector for
+ checked Kubernetes resources. For example, a policy result
+ may apply to all pods that match a label. Either a Subject
+ or a SubjectSelector can be specified. If neither are provided,
+ the result is assumed to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: Subjects is an optional reference to the checked
+ Kubernetes resources
+ items:
+ description: "ObjectReference contains enough information
+ to let you inspect or modify the referred object. --- New
+ uses of this type are discouraged because of difficulty
+ describing its usage when embedded in APIs. 1. Ignored fields.
+ \ It includes many fields which are not generally honored.
+ \ For instance, ResourceVersion and FieldPath are both very
+ rarely valid in actual usage. 2. Invalid usage help. It
+ is impossible to add specific help for individual usage.
+ \ In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not
+ honored\" or \"name must be restricted\". Those cannot be
+ well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules
+ are different by usage, which makes it hard for users to
+ predict what will happen. 4. The fields are both imprecise
+ and overly precise. Kind is not a precise mapping to a
+ URL. This can produce ambiguity during interpretation and
+ require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this
+ type will affect numerous schemas. Don't make new APIs
+ embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and
+ used type that is well-focused on your reference. For example,
+ ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ result:
+ description: Result indicates the outcome of the policy rule
+ execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ rule:
+ description: Rule is the name or identifier of the rule within
+ the policy
+ type: string
+ scored:
+ description: Scored indicates if this result is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy check result criticality
+ enum:
+ - critical
+ - high
+ - low
+ - medium
+ - info
+ type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must
+ still have non-negative nanos values that count forward
+ in time. Must be from 0 to 999,999,999 inclusive. This
+ field may be limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+ to 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
+ required:
+ - policy
+ type: object
+ type: array
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not
+ be evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not
+ selected for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of non-scored policies whose
+ requirements were not met
+ type: integer
+ type: object
+ required:
+ - owner
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/component: crds
+ app.kubernetes.io/instance: kyverno
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kyverno-crds
+ app.kubernetes.io/version: 0.0.0
+ helm.sh/chart: crds-0.0.0
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: backgroundscanreports.reports.kyverno.io
+spec:
+ group: reports.kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: BackgroundScanReport
+ listKind: BackgroundScanReportList
+ plural: backgroundscanreports
+ shortNames:
+ - bgscanr
+ singular: backgroundscanreport
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.ownerReferences[0].apiVersion
+ name: ApiVersion
+ type: string
+ - jsonPath: .metadata.ownerReferences[0].kind
+ name: Kind
+ type: string
+ - jsonPath: .metadata.ownerReferences[0].name
+ name: Subject
+ type: string
+ - jsonPath: .spec.summary.pass
+ name: Pass
+ type: integer
+ - jsonPath: .spec.summary.fail
+ name: Fail
+ type: integer
+ - jsonPath: .spec.summary.warn
+ name: Warn
+ type: integer
+ - jsonPath: .spec.summary.error
+ name: Error
+ type: integer
+ - jsonPath: .spec.summary.skip
+ name: Skip
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash']
+ name: Hash
+ priority: 1
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: BackgroundScanReport is the Schema for the BackgroundScanReports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ message:
+ description: Description is a short user friendly message for
+ the policy rule
+ type: string
+ policy:
+ description: Policy is the name or identifier of the policy
+ type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for
+ the policy rule
+ type: object
+ resourceSelector:
+ description: SubjectSelector is an optional label selector for
+ checked Kubernetes resources. For example, a policy result
+ may apply to all pods that match a label. Either a Subject
+ or a SubjectSelector can be specified. If neither are provided,
+ the result is assumed to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: Subjects is an optional reference to the checked
+ Kubernetes resources
+ items:
+ description: "ObjectReference contains enough information
+ to let you inspect or modify the referred object. --- New
+ uses of this type are discouraged because of difficulty
+ describing its usage when embedded in APIs. 1. Ignored fields.
+ \ It includes many fields which are not generally honored.
+ \ For instance, ResourceVersion and FieldPath are both very
+ rarely valid in actual usage. 2. Invalid usage help. It
+ is impossible to add specific help for individual usage.
+ \ In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not
+ honored\" or \"name must be restricted\". Those cannot be
+ well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules
+ are different by usage, which makes it hard for users to
+ predict what will happen. 4. The fields are both imprecise
+ and overly precise. Kind is not a precise mapping to a
+ URL. This can produce ambiguity during interpretation and
+ require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this
+ type will affect numerous schemas. Don't make new APIs
+ embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and
+ used type that is well-focused on your reference. For example,
+ ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ result:
+ description: Result indicates the outcome of the policy rule
+ execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ rule:
+ description: Rule is the name or identifier of the rule within
+ the policy
+ type: string
+ scored:
+ description: Scored indicates if this result is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy check result criticality
+ enum:
+ - critical
+ - high
+ - low
+ - medium
+ - info
+ type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must
+ still have non-negative nanos values that count forward
+ in time. Must be from 0 to 999,999,999 inclusive. This
+ field may be limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+ to 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
+ required:
+ - policy
+ type: object
+ type: array
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not
+ be evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not
+ selected for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of non-scored policies whose
+ requirements were not met
+ type: integer
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/component: crds
+ app.kubernetes.io/instance: kyverno
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kyverno-crds
+ app.kubernetes.io/version: 0.0.0
+ helm.sh/chart: crds-0.0.0
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: clusteradmissionreports.reports.kyverno.io
+spec:
+ group: reports.kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: ClusterAdmissionReport
+ listKind: ClusterAdmissionReportList
+ plural: clusteradmissionreports
+ shortNames:
+ - cadmr
+ singular: clusteradmissionreport
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.summary.pass
+ name: PASS
+ type: integer
+ - jsonPath: .spec.summary.fail
+ name: FAIL
+ type: integer
+ - jsonPath: .spec.summary.warn
+ name: WARN
+ type: integer
+ - jsonPath: .spec.summary.error
+ name: ERROR
+ type: integer
+ - jsonPath: .spec.summary.skip
+ name: SKIP
+ type: integer
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr']
+ name: GVR
+ type: string
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name']
+ name: REF
+ type: string
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate']
+ name: AGGREGATE
+ priority: 1
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: ClusterAdmissionReport is the Schema for the ClusterAdmissionReports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ owner:
+ description: Owner is a reference to the report owner (e.g. a Deployment,
+ Namespace, or Node)
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ blockOwnerDeletion:
+ description: If true, AND if the owner has the "foregroundDeletion"
+ finalizer, then the owner cannot be deleted from the key-value
+ store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+ for how the garbage collector interacts with this field and
+ enforces the foreground deletion. Defaults to false. To set
+ this field, a user needs "delete" permission of the owner, otherwise
+ 422 (Unprocessable Entity) will be returned.
+ type: boolean
+ controller:
+ description: If true, this reference points to the managing controller.
+ type: boolean
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids'
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ - uid
+ type: object
+ x-kubernetes-map-type: atomic
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ message:
+ description: Description is a short user friendly message for
+ the policy rule
+ type: string
+ policy:
+ description: Policy is the name or identifier of the policy
+ type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for
+ the policy rule
+ type: object
+ resourceSelector:
+ description: SubjectSelector is an optional label selector for
+ checked Kubernetes resources. For example, a policy result
+ may apply to all pods that match a label. Either a Subject
+ or a SubjectSelector can be specified. If neither are provided,
+ the result is assumed to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: Subjects is an optional reference to the checked
+ Kubernetes resources
+ items:
+ description: "ObjectReference contains enough information
+ to let you inspect or modify the referred object. --- New
+ uses of this type are discouraged because of difficulty
+ describing its usage when embedded in APIs. 1. Ignored fields.
+ \ It includes many fields which are not generally honored.
+ \ For instance, ResourceVersion and FieldPath are both very
+ rarely valid in actual usage. 2. Invalid usage help. It
+ is impossible to add specific help for individual usage.
+ \ In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not
+ honored\" or \"name must be restricted\". Those cannot be
+ well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules
+ are different by usage, which makes it hard for users to
+ predict what will happen. 4. The fields are both imprecise
+ and overly precise. Kind is not a precise mapping to a
+ URL. This can produce ambiguity during interpretation and
+ require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this
+ type will affect numerous schemas. Don't make new APIs
+ embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and
+ used type that is well-focused on your reference. For example,
+ ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ result:
+ description: Result indicates the outcome of the policy rule
+ execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ rule:
+ description: Rule is the name or identifier of the rule within
+ the policy
+ type: string
+ scored:
+ description: Scored indicates if this result is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy check result criticality
+ enum:
+ - critical
+ - high
+ - low
+ - medium
+ - info
+ type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must
+ still have non-negative nanos values that count forward
+ in time. Must be from 0 to 999,999,999 inclusive. This
+ field may be limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+ to 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
+ required:
+ - policy
+ type: object
+ type: array
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not
+ be evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not
+ selected for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of non-scored policies whose
+ requirements were not met
+ type: integer
+ type: object
+ required:
+ - owner
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/component: crds
+ app.kubernetes.io/instance: kyverno
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kyverno-crds
+ app.kubernetes.io/version: 0.0.0
+ helm.sh/chart: crds-0.0.0
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: clusterbackgroundscanreports.reports.kyverno.io
+spec:
+ group: reports.kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: ClusterBackgroundScanReport
+ listKind: ClusterBackgroundScanReportList
+ plural: clusterbackgroundscanreports
+ shortNames:
+ - cbgscanr
+ singular: clusterbackgroundscanreport
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.ownerReferences[0].apiVersion
+ name: ApiVersion
+ type: string
+ - jsonPath: .metadata.ownerReferences[0].kind
+ name: Kind
+ type: string
+ - jsonPath: .metadata.ownerReferences[0].name
+ name: Subject
+ type: string
+ - jsonPath: .spec.summary.pass
+ name: Pass
+ type: integer
+ - jsonPath: .spec.summary.fail
+ name: Fail
+ type: integer
+ - jsonPath: .spec.summary.warn
+ name: Warn
+ type: integer
+ - jsonPath: .spec.summary.error
+ name: Error
+ type: integer
+ - jsonPath: .spec.summary.skip
+ name: Skip
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash']
+ name: Hash
+ priority: 1
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ results:
+ description: PolicyReportResult provides result details
+ items:
+ description: PolicyReportResult provides the result for an individual
+ policy
+ properties:
+ category:
+ description: Category indicates policy category
+ type: string
+ message:
+ description: Description is a short user friendly message for
+ the policy rule
+ type: string
+ policy:
+ description: Policy is the name or identifier of the policy
+ type: string
+ properties:
+ additionalProperties:
+ type: string
+ description: Properties provides additional information for
+ the policy rule
+ type: object
+ resourceSelector:
+ description: SubjectSelector is an optional label selector for
+ checked Kubernetes resources. For example, a policy result
+ may apply to all pods that match a label. Either a Subject
+ or a SubjectSelector can be specified. If neither are provided,
+ the result is assumed to be for the policy report scope.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: Subjects is an optional reference to the checked
+ Kubernetes resources
+ items:
+ description: "ObjectReference contains enough information
+ to let you inspect or modify the referred object. --- New
+ uses of this type are discouraged because of difficulty
+ describing its usage when embedded in APIs. 1. Ignored fields.
+ \ It includes many fields which are not generally honored.
+ \ For instance, ResourceVersion and FieldPath are both very
+ rarely valid in actual usage. 2. Invalid usage help. It
+ is impossible to add specific help for individual usage.
+ \ In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not
+ honored\" or \"name must be restricted\". Those cannot be
+ well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules
+ are different by usage, which makes it hard for users to
+ predict what will happen. 4. The fields are both imprecise
+ and overly precise. Kind is not a precise mapping to a
+ URL. This can produce ambiguity during interpretation and
+ require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual
+ struct is irrelevant. 5. We cannot easily change it. Because
+ this type is embedded in many locations, updates to this
+ type will affect numerous schemas. Don't make new APIs
+ embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and
+ used type that is well-focused on your reference. For example,
+ ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ result:
+ description: Result indicates the outcome of the policy rule
+ execution
+ enum:
+ - pass
+ - fail
+ - warn
+ - error
+ - skip
+ type: string
+ rule:
+ description: Rule is the name or identifier of the rule within
+ the policy
+ type: string
+ scored:
+ description: Scored indicates if this result is scored
+ type: boolean
+ severity:
+ description: Severity indicates policy check result criticality
+ enum:
+ - critical
+ - high
+ - low
+ - medium
+ - info
+ type: string
+ source:
+ description: Source is an identifier for the policy engine that
+ manages this report
+ type: string
+ timestamp:
+ description: Timestamp indicates the time the result was found
+ properties:
+ nanos:
+ description: Non-negative fractions of a second at nanosecond
+ resolution. Negative second values with fractions must
+ still have non-negative nanos values that count forward
+ in time. Must be from 0 to 999,999,999 inclusive. This
+ field may be limited in precision depending on context.
+ format: int32
+ type: integer
+ seconds:
+ description: Represents seconds of UTC time since Unix epoch
+ 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+ to 9999-12-31T23:59:59Z inclusive.
+ format: int64
+ type: integer
+ required:
+ - nanos
+ - seconds
+ type: object
+ required:
+ - policy
+ type: object
+ type: array
+ summary:
+ description: PolicyReportSummary provides a summary of results
+ properties:
+ error:
+ description: Error provides the count of policies that could not
+ be evaluated
+ type: integer
+ fail:
+ description: Fail provides the count of policies whose requirements
+ were not met
+ type: integer
+ pass:
+ description: Pass provides the count of policies whose requirements
+ were met
+ type: integer
+ skip:
+ description: Skip indicates the count of policies that were not
+ selected for evaluation
+ type: integer
+ warn:
+ description: Warn provides the count of non-scored policies whose
+ requirements were not met
+ type: integer
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/component: crds
@@ -49275,6 +50558,22 @@ rules:
- update
- watch
- deletecollection
+ - apiGroups:
+ - reports.kyverno.io
+ resources:
+ - admissionreports
+ - clusteradmissionreports
+ - backgroundscanreports
+ - clusterbackgroundscanreports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - deletecollection
- apiGroups:
- wgpolicyk8s.io
resources:
@@ -49551,6 +50850,15 @@ rules:
- list
- deletecollection
- delete
+ - apiGroups:
+ - reports.kyverno.io
+ resources:
+ - admissionreports
+ - clusteradmissionreports
+ verbs:
+ - list
+ - deletecollection
+ - delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -49674,6 +50982,21 @@ rules:
- patch
- update
- watch
+ - apiGroups:
+ - reports.kyverno.io
+ resources:
+ - admissionreports
+ - clusteradmissionreports
+ - backgroundscanreports
+ - clusterbackgroundscanreports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -49697,6 +51020,17 @@ rules:
- get
- list
- watch
+ - apiGroups:
+ - reports.kyverno.io
+ resources:
+ - admissionreports
+ - clusteradmissionreports
+ - backgroundscanreports
+ - clusterbackgroundscanreports
+ verbs:
+ - get
+ - list
+ - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -49805,6 +51139,22 @@ rules:
- update
- watch
- deletecollection
+ - apiGroups:
+ - reports.kyverno.io
+ resources:
+ - admissionreports
+ - clusteradmissionreports
+ - backgroundscanreports
+ - clusterbackgroundscanreports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - deletecollection
- apiGroups:
- wgpolicyk8s.io
resources:
@@ -50429,6 +51779,7 @@ spec:
- --otelConfig=prometheus
- --metricsPort=8000
- --admissionReports=true
+ - --alternateReportStorage=false
- --autoUpdateWebhooks=true
- --enableConfigMapCaching=true
- --enableDeferredLoading=true
@@ -50584,6 +51935,7 @@ spec:
- --disableMetrics=false
- --otelConfig=prometheus
- --metricsPort=8000
+ - --alternateReportStorage=false
- --enableConfigMapCaching=true
- --enableDeferredLoading=true
- --loggingFormat=text
@@ -50824,6 +52176,7 @@ spec:
- --metricsPort=8000
- --admissionReports=true
- --aggregateReports=true
+ - --alternateReportStorage=false
- --policyReports=true
- --validatingAdmissionPolicyReports=false
- --backgroundScan=true
@@ -50911,10 +52264,10 @@ spec:
- /bin/sh
- -c
- |
- COUNT=$(kubectl get admissionreports.kyverno.io -A | wc -l)
+ COUNT=$(kubectl get admissionreports.reports.kyverno.io -A | wc -l)
if [ "$COUNT" -gt 10000 ]; then
echo "too many reports found ($COUNT), cleaning up..."
- kubectl delete admissionreports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
+ kubectl delete admissionreports.reports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
else
echo "($COUNT) reports found, no clean up needed"
fi
@@ -50959,10 +52312,10 @@ spec:
- /bin/sh
- -c
- |
- COUNT=$(kubectl get clusteradmissionreports.kyverno.io -A | wc -l)
+ COUNT=$(kubectl get clusteradmissionreports.reports.kyverno.io -A | wc -l)
if [ "$COUNT" -gt 10000 ]; then
echo "too many reports found ($COUNT), cleaning up..."
- kubectl delete clusteradmissionreports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
+ kubectl delete clusteradmissionreports.reports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
else
echo "($COUNT) reports found, no clean up needed"
fi
diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html
index c81187fe02..baa6c0a3e4 100644
--- a/docs/user/crd/index.html
+++ b/docs/user/crd/index.html
@@ -36,6 +36,9 @@ background-color: #1589dd;
kyverno.io/v2beta1
+reports.kyverno.io/v1
+
+
wgpolicyk8s.io/v1alpha2
@@ -9987,6 +9990,519 @@ CEL
+reports.kyverno.io/v1
+
+
+Resource Types:
+
+
+AdmissionReport
+
+
+
AdmissionReport is the Schema for the AdmissionReports API
+
+
+
+
+| Field |
+Description |
+
+
+
+
+
+apiVersion
+string |
+
+
+reports.kyverno.io/v1
+
+ |
+
+
+
+kind
+string
+ |
+AdmissionReport |
+
+
+
+metadata
+
+
+Kubernetes meta/v1.ObjectMeta
+
+
+ |
+
+Refer to the Kubernetes API documentation for the fields of the
+metadata field.
+ |
+
+
+
+spec
+
+
+AdmissionReportSpec
+
+
+ |
+
+
+
+
+ |
+
+
+
+
+BackgroundScanReport
+
+
+
BackgroundScanReport is the Schema for the BackgroundScanReports API
+
+
+
+
+| Field |
+Description |
+
+
+
+
+
+apiVersion
+string |
+
+
+reports.kyverno.io/v1
+
+ |
+
+
+
+kind
+string
+ |
+BackgroundScanReport |
+
+
+
+metadata
+
+
+Kubernetes meta/v1.ObjectMeta
+
+
+ |
+
+Refer to the Kubernetes API documentation for the fields of the
+metadata field.
+ |
+
+
+
+spec
+
+
+BackgroundScanReportSpec
+
+
+ |
+
+
+
+
+ |
+
+
+
+
+ClusterAdmissionReport
+
+
+
ClusterAdmissionReport is the Schema for the ClusterAdmissionReports API
+
+
+
+
+| Field |
+Description |
+
+
+
+
+
+apiVersion
+string |
+
+
+reports.kyverno.io/v1
+
+ |
+
+
+
+kind
+string
+ |
+ClusterAdmissionReport |
+
+
+
+metadata
+
+
+Kubernetes meta/v1.ObjectMeta
+
+
+ |
+
+Refer to the Kubernetes API documentation for the fields of the
+metadata field.
+ |
+
+
+
+spec
+
+
+AdmissionReportSpec
+
+
+ |
+
+
+
+
+ |
+
+
+
+
+ClusterBackgroundScanReport
+
+
+
ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports API
+
+
+
+
+| Field |
+Description |
+
+
+
+
+
+apiVersion
+string |
+
+
+reports.kyverno.io/v1
+
+ |
+
+
+
+kind
+string
+ |
+ClusterBackgroundScanReport |
+
+
+
+metadata
+
+
+Kubernetes meta/v1.ObjectMeta
+
+
+ |
+
+Refer to the Kubernetes API documentation for the fields of the
+metadata field.
+ |
+
+
+
+spec
+
+
+BackgroundScanReportSpec
+
+
+ |
+
+
+
+
+ |
+
+
+
+
+AdmissionReportSpec
+
+
+(Appears on:
+AdmissionReport,
+ClusterAdmissionReport)
+
+
+
+
+
+BackgroundScanReportSpec
+
+
+(Appears on:
+BackgroundScanReport,
+ClusterBackgroundScanReport)
+
+
+
+
+
+
+| Field |
+Description |
+
+
+
+
+
+summary
+
+
+PolicyReportSummary
+
+
+ |
+
+(Optional)
+ PolicyReportSummary provides a summary of results
+ |
+
+
+
+results
+
+
+[]PolicyReportResult
+
+
+ |
+
+(Optional)
+ PolicyReportResult provides result details
+ |
+
+
+
+
wgpolicyk8s.io/v1alpha2
Resource Types:
-
@@ -10209,6 +10725,8 @@ PolicyReportSummary
(Appears on:
ClusterPolicyReport,
PolicyReport,
+AdmissionReportSpec,
+BackgroundScanReportSpec,
AdmissionReportSpec,
BackgroundScanReportSpec)
@@ -10383,6 +10901,8 @@ PolicySeverity
(Appears on:
ClusterPolicyReport,
PolicyReport,
+AdmissionReportSpec,
+BackgroundScanReportSpec,
AdmissionReportSpec,
BackgroundScanReportSpec)
diff --git a/pkg/client/applyconfigurations/reports/v1/admissionreport.go b/pkg/client/applyconfigurations/reports/v1/admissionreport.go
new file mode 100644
index 0000000000..a974f3b7d7
--- /dev/null
+++ b/pkg/client/applyconfigurations/reports/v1/admissionreport.go
@@ -0,0 +1,210 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// AdmissionReportApplyConfiguration represents an declarative configuration of the AdmissionReport type for use
+// with apply.
+type AdmissionReportApplyConfiguration struct {
+ v1.TypeMetaApplyConfiguration `json:",inline"`
+ *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+ Spec *AdmissionReportSpecApplyConfiguration `json:"spec,omitempty"`
+}
+
+// AdmissionReport constructs an declarative configuration of the AdmissionReport type for use with
+// apply.
+func AdmissionReport(name, namespace string) *AdmissionReportApplyConfiguration {
+ b := &AdmissionReportApplyConfiguration{}
+ b.WithName(name)
+ b.WithNamespace(namespace)
+ b.WithKind("AdmissionReport")
+ b.WithAPIVersion("reports.kyverno.io/v1")
+ return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithKind(value string) *AdmissionReportApplyConfiguration {
+ b.Kind = &value
+ return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithAPIVersion(value string) *AdmissionReportApplyConfiguration {
+ b.APIVersion = &value
+ return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithName(value string) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Name = &value
+ return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithGenerateName(value string) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.GenerateName = &value
+ return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithNamespace(value string) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Namespace = &value
+ return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithUID(value types.UID) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.UID = &value
+ return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithResourceVersion(value string) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ResourceVersion = &value
+ return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithGeneration(value int64) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Generation = &value
+ return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithCreationTimestamp(value metav1.Time) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.CreationTimestamp = &value
+ return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.DeletionTimestamp = &value
+ return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.DeletionGracePeriodSeconds = &value
+ return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *AdmissionReportApplyConfiguration) WithLabels(entries map[string]string) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ if b.Labels == nil && len(entries) > 0 {
+ b.Labels = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.Labels[k] = v
+ }
+ return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *AdmissionReportApplyConfiguration) WithAnnotations(entries map[string]string) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ if b.Annotations == nil && len(entries) > 0 {
+ b.Annotations = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.Annotations[k] = v
+ }
+ return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *AdmissionReportApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithOwnerReferences")
+ }
+ b.OwnerReferences = append(b.OwnerReferences, *values[i])
+ }
+ return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *AdmissionReportApplyConfiguration) WithFinalizers(values ...string) *AdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ for i := range values {
+ b.Finalizers = append(b.Finalizers, values[i])
+ }
+ return b
+}
+
+func (b *AdmissionReportApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+ if b.ObjectMetaApplyConfiguration == nil {
+ b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+ }
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithSpec(value *AdmissionReportSpecApplyConfiguration) *AdmissionReportApplyConfiguration {
+ b.Spec = value
+ return b
+}
diff --git a/pkg/client/applyconfigurations/reports/v1/admissionreportspec.go b/pkg/client/applyconfigurations/reports/v1/admissionreportspec.go
new file mode 100644
index 0000000000..c1c6cdce1e
--- /dev/null
+++ b/pkg/client/applyconfigurations/reports/v1/admissionreportspec.go
@@ -0,0 +1,67 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ v1alpha2 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/policyreport/v1alpha2"
+ v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// AdmissionReportSpecApplyConfiguration represents an declarative configuration of the AdmissionReportSpec type for use
+// with apply.
+type AdmissionReportSpecApplyConfiguration struct {
+ Owner *v1.OwnerReferenceApplyConfiguration `json:"owner,omitempty"`
+ Summary *v1alpha2.PolicyReportSummaryApplyConfiguration `json:"summary,omitempty"`
+ Results []v1alpha2.PolicyReportResultApplyConfiguration `json:"results,omitempty"`
+}
+
+// AdmissionReportSpecApplyConfiguration constructs an declarative configuration of the AdmissionReportSpec type for use with
+// apply.
+func AdmissionReportSpec() *AdmissionReportSpecApplyConfiguration {
+ return &AdmissionReportSpecApplyConfiguration{}
+}
+
+// WithOwner sets the Owner field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Owner field is set to the value of the last call.
+func (b *AdmissionReportSpecApplyConfiguration) WithOwner(value *v1.OwnerReferenceApplyConfiguration) *AdmissionReportSpecApplyConfiguration {
+ b.Owner = value
+ return b
+}
+
+// WithSummary sets the Summary field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Summary field is set to the value of the last call.
+func (b *AdmissionReportSpecApplyConfiguration) WithSummary(value *v1alpha2.PolicyReportSummaryApplyConfiguration) *AdmissionReportSpecApplyConfiguration {
+ b.Summary = value
+ return b
+}
+
+// WithResults adds the given value to the Results field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Results field.
+func (b *AdmissionReportSpecApplyConfiguration) WithResults(values ...*v1alpha2.PolicyReportResultApplyConfiguration) *AdmissionReportSpecApplyConfiguration {
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithResults")
+ }
+ b.Results = append(b.Results, *values[i])
+ }
+ return b
+}
diff --git a/pkg/client/applyconfigurations/reports/v1/backgroundscanreport.go b/pkg/client/applyconfigurations/reports/v1/backgroundscanreport.go
new file mode 100644
index 0000000000..93b7b00d8e
--- /dev/null
+++ b/pkg/client/applyconfigurations/reports/v1/backgroundscanreport.go
@@ -0,0 +1,210 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// BackgroundScanReportApplyConfiguration represents an declarative configuration of the BackgroundScanReport type for use
+// with apply.
+type BackgroundScanReportApplyConfiguration struct {
+ v1.TypeMetaApplyConfiguration `json:",inline"`
+ *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+ Spec *BackgroundScanReportSpecApplyConfiguration `json:"spec,omitempty"`
+}
+
+// BackgroundScanReport constructs an declarative configuration of the BackgroundScanReport type for use with
+// apply.
+func BackgroundScanReport(name, namespace string) *BackgroundScanReportApplyConfiguration {
+ b := &BackgroundScanReportApplyConfiguration{}
+ b.WithName(name)
+ b.WithNamespace(namespace)
+ b.WithKind("BackgroundScanReport")
+ b.WithAPIVersion("reports.kyverno.io/v1")
+ return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithKind(value string) *BackgroundScanReportApplyConfiguration {
+ b.Kind = &value
+ return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithAPIVersion(value string) *BackgroundScanReportApplyConfiguration {
+ b.APIVersion = &value
+ return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithName(value string) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Name = &value
+ return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithGenerateName(value string) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.GenerateName = &value
+ return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithNamespace(value string) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Namespace = &value
+ return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithUID(value types.UID) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.UID = &value
+ return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithResourceVersion(value string) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ResourceVersion = &value
+ return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithGeneration(value int64) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Generation = &value
+ return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithCreationTimestamp(value metav1.Time) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.CreationTimestamp = &value
+ return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.DeletionTimestamp = &value
+ return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.DeletionGracePeriodSeconds = &value
+ return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *BackgroundScanReportApplyConfiguration) WithLabels(entries map[string]string) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ if b.Labels == nil && len(entries) > 0 {
+ b.Labels = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.Labels[k] = v
+ }
+ return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *BackgroundScanReportApplyConfiguration) WithAnnotations(entries map[string]string) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ if b.Annotations == nil && len(entries) > 0 {
+ b.Annotations = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.Annotations[k] = v
+ }
+ return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *BackgroundScanReportApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithOwnerReferences")
+ }
+ b.OwnerReferences = append(b.OwnerReferences, *values[i])
+ }
+ return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *BackgroundScanReportApplyConfiguration) WithFinalizers(values ...string) *BackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ for i := range values {
+ b.Finalizers = append(b.Finalizers, values[i])
+ }
+ return b
+}
+
+func (b *BackgroundScanReportApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+ if b.ObjectMetaApplyConfiguration == nil {
+ b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+ }
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithSpec(value *BackgroundScanReportSpecApplyConfiguration) *BackgroundScanReportApplyConfiguration {
+ b.Spec = value
+ return b
+}
diff --git a/pkg/client/applyconfigurations/reports/v1/backgroundscanreportspec.go b/pkg/client/applyconfigurations/reports/v1/backgroundscanreportspec.go
new file mode 100644
index 0000000000..0da16cb9ff
--- /dev/null
+++ b/pkg/client/applyconfigurations/reports/v1/backgroundscanreportspec.go
@@ -0,0 +1,57 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ v1alpha2 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/policyreport/v1alpha2"
+)
+
+// BackgroundScanReportSpecApplyConfiguration represents an declarative configuration of the BackgroundScanReportSpec type for use
+// with apply.
+type BackgroundScanReportSpecApplyConfiguration struct {
+ Summary *v1alpha2.PolicyReportSummaryApplyConfiguration `json:"summary,omitempty"`
+ Results []v1alpha2.PolicyReportResultApplyConfiguration `json:"results,omitempty"`
+}
+
+// BackgroundScanReportSpecApplyConfiguration constructs an declarative configuration of the BackgroundScanReportSpec type for use with
+// apply.
+func BackgroundScanReportSpec() *BackgroundScanReportSpecApplyConfiguration {
+ return &BackgroundScanReportSpecApplyConfiguration{}
+}
+
+// WithSummary sets the Summary field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Summary field is set to the value of the last call.
+func (b *BackgroundScanReportSpecApplyConfiguration) WithSummary(value *v1alpha2.PolicyReportSummaryApplyConfiguration) *BackgroundScanReportSpecApplyConfiguration {
+ b.Summary = value
+ return b
+}
+
+// WithResults adds the given value to the Results field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Results field.
+func (b *BackgroundScanReportSpecApplyConfiguration) WithResults(values ...*v1alpha2.PolicyReportResultApplyConfiguration) *BackgroundScanReportSpecApplyConfiguration {
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithResults")
+ }
+ b.Results = append(b.Results, *values[i])
+ }
+ return b
+}
diff --git a/pkg/client/applyconfigurations/reports/v1/clusteradmissionreport.go b/pkg/client/applyconfigurations/reports/v1/clusteradmissionreport.go
new file mode 100644
index 0000000000..845fc5014f
--- /dev/null
+++ b/pkg/client/applyconfigurations/reports/v1/clusteradmissionreport.go
@@ -0,0 +1,209 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ClusterAdmissionReportApplyConfiguration represents an declarative configuration of the ClusterAdmissionReport type for use
+// with apply.
+type ClusterAdmissionReportApplyConfiguration struct {
+ v1.TypeMetaApplyConfiguration `json:",inline"`
+ *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+ Spec *AdmissionReportSpecApplyConfiguration `json:"spec,omitempty"`
+}
+
+// ClusterAdmissionReport constructs an declarative configuration of the ClusterAdmissionReport type for use with
+// apply.
+func ClusterAdmissionReport(name string) *ClusterAdmissionReportApplyConfiguration {
+ b := &ClusterAdmissionReportApplyConfiguration{}
+ b.WithName(name)
+ b.WithKind("ClusterAdmissionReport")
+ b.WithAPIVersion("reports.kyverno.io/v1")
+ return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithKind(value string) *ClusterAdmissionReportApplyConfiguration {
+ b.Kind = &value
+ return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithAPIVersion(value string) *ClusterAdmissionReportApplyConfiguration {
+ b.APIVersion = &value
+ return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithName(value string) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Name = &value
+ return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithGenerateName(value string) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.GenerateName = &value
+ return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithNamespace(value string) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Namespace = &value
+ return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithUID(value types.UID) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.UID = &value
+ return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithResourceVersion(value string) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ResourceVersion = &value
+ return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithGeneration(value int64) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Generation = &value
+ return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.CreationTimestamp = &value
+ return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.DeletionTimestamp = &value
+ return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.DeletionGracePeriodSeconds = &value
+ return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *ClusterAdmissionReportApplyConfiguration) WithLabels(entries map[string]string) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ if b.Labels == nil && len(entries) > 0 {
+ b.Labels = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.Labels[k] = v
+ }
+ return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *ClusterAdmissionReportApplyConfiguration) WithAnnotations(entries map[string]string) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ if b.Annotations == nil && len(entries) > 0 {
+ b.Annotations = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.Annotations[k] = v
+ }
+ return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *ClusterAdmissionReportApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithOwnerReferences")
+ }
+ b.OwnerReferences = append(b.OwnerReferences, *values[i])
+ }
+ return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *ClusterAdmissionReportApplyConfiguration) WithFinalizers(values ...string) *ClusterAdmissionReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ for i := range values {
+ b.Finalizers = append(b.Finalizers, values[i])
+ }
+ return b
+}
+
+func (b *ClusterAdmissionReportApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+ if b.ObjectMetaApplyConfiguration == nil {
+ b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+ }
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithSpec(value *AdmissionReportSpecApplyConfiguration) *ClusterAdmissionReportApplyConfiguration {
+ b.Spec = value
+ return b
+}
diff --git a/pkg/client/applyconfigurations/reports/v1/clusterbackgroundscanreport.go b/pkg/client/applyconfigurations/reports/v1/clusterbackgroundscanreport.go
new file mode 100644
index 0000000000..25059c9dcf
--- /dev/null
+++ b/pkg/client/applyconfigurations/reports/v1/clusterbackgroundscanreport.go
@@ -0,0 +1,209 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ClusterBackgroundScanReportApplyConfiguration represents an declarative configuration of the ClusterBackgroundScanReport type for use
+// with apply.
+type ClusterBackgroundScanReportApplyConfiguration struct {
+ v1.TypeMetaApplyConfiguration `json:",inline"`
+ *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+ Spec *BackgroundScanReportSpecApplyConfiguration `json:"spec,omitempty"`
+}
+
+// ClusterBackgroundScanReport constructs an declarative configuration of the ClusterBackgroundScanReport type for use with
+// apply.
+func ClusterBackgroundScanReport(name string) *ClusterBackgroundScanReportApplyConfiguration {
+ b := &ClusterBackgroundScanReportApplyConfiguration{}
+ b.WithName(name)
+ b.WithKind("ClusterBackgroundScanReport")
+ b.WithAPIVersion("reports.kyverno.io/v1")
+ return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithKind(value string) *ClusterBackgroundScanReportApplyConfiguration {
+ b.Kind = &value
+ return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithAPIVersion(value string) *ClusterBackgroundScanReportApplyConfiguration {
+ b.APIVersion = &value
+ return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithName(value string) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Name = &value
+ return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithGenerateName(value string) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.GenerateName = &value
+ return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithNamespace(value string) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Namespace = &value
+ return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithUID(value types.UID) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.UID = &value
+ return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithResourceVersion(value string) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ResourceVersion = &value
+ return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithGeneration(value int64) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Generation = &value
+ return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.CreationTimestamp = &value
+ return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.DeletionTimestamp = &value
+ return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.DeletionGracePeriodSeconds = &value
+ return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithLabels(entries map[string]string) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ if b.Labels == nil && len(entries) > 0 {
+ b.Labels = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.Labels[k] = v
+ }
+ return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithAnnotations(entries map[string]string) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ if b.Annotations == nil && len(entries) > 0 {
+ b.Annotations = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.Annotations[k] = v
+ }
+ return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithOwnerReferences")
+ }
+ b.OwnerReferences = append(b.OwnerReferences, *values[i])
+ }
+ return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithFinalizers(values ...string) *ClusterBackgroundScanReportApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ for i := range values {
+ b.Finalizers = append(b.Finalizers, values[i])
+ }
+ return b
+}
+
+func (b *ClusterBackgroundScanReportApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+ if b.ObjectMetaApplyConfiguration == nil {
+ b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+ }
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithSpec(value *BackgroundScanReportSpecApplyConfiguration) *ClusterBackgroundScanReportApplyConfiguration {
+ b.Spec = value
+ return b
+}
diff --git a/pkg/client/applyconfigurations/utils.go b/pkg/client/applyconfigurations/utils.go
index 8312eda056..fa54814302 100644
--- a/pkg/client/applyconfigurations/utils.go
+++ b/pkg/client/applyconfigurations/utils.go
@@ -19,6 +19,7 @@ limitations under the License.
package applyconfigurations
import (
+ reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
v1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
v1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
@@ -33,6 +34,7 @@ import (
kyvernov2alpha1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v2alpha1"
kyvernov2beta1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v2beta1"
applyconfigurationspolicyreportv1alpha2 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/policyreport/v1alpha2"
+ applyconfigurationsreportsv1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/reports/v1"
schema "k8s.io/apimachinery/pkg/runtime/schema"
)
@@ -256,6 +258,20 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
case v2beta1.SchemeGroupVersion.WithKind("Validation"):
return &kyvernov2beta1.ValidationApplyConfiguration{}
+ // Group=reports.kyverno.io, Version=v1
+ case reportsv1.SchemeGroupVersion.WithKind("AdmissionReport"):
+ return &applyconfigurationsreportsv1.AdmissionReportApplyConfiguration{}
+ case reportsv1.SchemeGroupVersion.WithKind("AdmissionReportSpec"):
+ return &applyconfigurationsreportsv1.AdmissionReportSpecApplyConfiguration{}
+ case reportsv1.SchemeGroupVersion.WithKind("BackgroundScanReport"):
+ return &applyconfigurationsreportsv1.BackgroundScanReportApplyConfiguration{}
+ case reportsv1.SchemeGroupVersion.WithKind("BackgroundScanReportSpec"):
+ return &applyconfigurationsreportsv1.BackgroundScanReportSpecApplyConfiguration{}
+ case reportsv1.SchemeGroupVersion.WithKind("ClusterAdmissionReport"):
+ return &applyconfigurationsreportsv1.ClusterAdmissionReportApplyConfiguration{}
+ case reportsv1.SchemeGroupVersion.WithKind("ClusterBackgroundScanReport"):
+ return &applyconfigurationsreportsv1.ClusterBackgroundScanReportApplyConfiguration{}
+
// Group=wgpolicyk8s.io, Version=v1alpha2
case policyreportv1alpha2.SchemeGroupVersion.WithKind("ClusterPolicyReport"):
return &applyconfigurationspolicyreportv1alpha2.ClusterPolicyReportApplyConfiguration{}
diff --git a/pkg/client/clientset/versioned/clientset.go b/pkg/client/clientset/versioned/clientset.go
index dc8647fe83..b441a72855 100644
--- a/pkg/client/clientset/versioned/clientset.go
+++ b/pkg/client/clientset/versioned/clientset.go
@@ -29,6 +29,7 @@ import (
kyvernov2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1"
kyvernov2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1"
wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
+ reportsv1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest"
flowcontrol "k8s.io/client-go/util/flowcontrol"
@@ -43,6 +44,7 @@ type Interface interface {
KyvernoV2beta1() kyvernov2beta1.KyvernoV2beta1Interface
KyvernoV2alpha1() kyvernov2alpha1.KyvernoV2alpha1Interface
Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface
+ ReportsV1() reportsv1.ReportsV1Interface
}
// Clientset contains the clients for groups.
@@ -55,6 +57,7 @@ type Clientset struct {
kyvernoV2beta1 *kyvernov2beta1.KyvernoV2beta1Client
kyvernoV2alpha1 *kyvernov2alpha1.KyvernoV2alpha1Client
wgpolicyk8sV1alpha2 *wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Client
+ reportsV1 *reportsv1.ReportsV1Client
}
// KyvernoV1 retrieves the KyvernoV1Client
@@ -92,6 +95,11 @@ func (c *Clientset) Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha
return c.wgpolicyk8sV1alpha2
}
+// ReportsV1 retrieves the ReportsV1Client
+func (c *Clientset) ReportsV1() reportsv1.ReportsV1Interface {
+ return c.reportsV1
+}
+
// Discovery retrieves the DiscoveryClient
func (c *Clientset) Discovery() discovery.DiscoveryInterface {
if c == nil {
@@ -164,6 +172,10 @@ func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset,
if err != nil {
return nil, err
}
+ cs.reportsV1, err = reportsv1.NewForConfigAndClient(&configShallowCopy, httpClient)
+ if err != nil {
+ return nil, err
+ }
cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfigAndClient(&configShallowCopy, httpClient)
if err != nil {
@@ -192,6 +204,7 @@ func New(c rest.Interface) *Clientset {
cs.kyvernoV2beta1 = kyvernov2beta1.New(c)
cs.kyvernoV2alpha1 = kyvernov2alpha1.New(c)
cs.wgpolicyk8sV1alpha2 = wgpolicyk8sv1alpha2.New(c)
+ cs.reportsV1 = reportsv1.New(c)
cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
return &cs
diff --git a/pkg/client/clientset/versioned/fake/clientset_generated.go b/pkg/client/clientset/versioned/fake/clientset_generated.go
index 36b4393ca0..6529f36b1e 100644
--- a/pkg/client/clientset/versioned/fake/clientset_generated.go
+++ b/pkg/client/clientset/versioned/fake/clientset_generated.go
@@ -34,6 +34,8 @@ import (
fakekyvernov2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1/fake"
wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
fakewgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake"
+ reportsv1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+ fakereportsv1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1/fake"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/discovery"
@@ -125,3 +127,8 @@ func (c *Clientset) KyvernoV2alpha1() kyvernov2alpha1.KyvernoV2alpha1Interface {
func (c *Clientset) Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface {
return &fakewgpolicyk8sv1alpha2.FakeWgpolicyk8sV1alpha2{Fake: &c.Fake}
}
+
+// ReportsV1 retrieves the ReportsV1Client
+func (c *Clientset) ReportsV1() reportsv1.ReportsV1Interface {
+ return &fakereportsv1.FakeReportsV1{Fake: &c.Fake}
+}
diff --git a/pkg/client/clientset/versioned/fake/register.go b/pkg/client/clientset/versioned/fake/register.go
index e119212635..e46f805c88 100644
--- a/pkg/client/clientset/versioned/fake/register.go
+++ b/pkg/client/clientset/versioned/fake/register.go
@@ -19,6 +19,7 @@ limitations under the License.
package fake
import (
+ reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
@@ -44,6 +45,7 @@ var localSchemeBuilder = runtime.SchemeBuilder{
kyvernov2beta1.AddToScheme,
kyvernov2alpha1.AddToScheme,
wgpolicyk8sv1alpha2.AddToScheme,
+ reportsv1.AddToScheme,
}
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
diff --git a/pkg/client/clientset/versioned/scheme/register.go b/pkg/client/clientset/versioned/scheme/register.go
index b103910b41..53250df83f 100644
--- a/pkg/client/clientset/versioned/scheme/register.go
+++ b/pkg/client/clientset/versioned/scheme/register.go
@@ -19,6 +19,7 @@ limitations under the License.
package scheme
import (
+ reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
@@ -44,6 +45,7 @@ var localSchemeBuilder = runtime.SchemeBuilder{
kyvernov2beta1.AddToScheme,
kyvernov2alpha1.AddToScheme,
wgpolicyk8sv1alpha2.AddToScheme,
+ reportsv1.AddToScheme,
}
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/admissionreport.go b/pkg/client/clientset/versioned/typed/reports/v1/admissionreport.go
new file mode 100644
index 0000000000..0365f9d43f
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/admissionreport.go
@@ -0,0 +1,178 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ "context"
+ "time"
+
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ rest "k8s.io/client-go/rest"
+)
+
+// AdmissionReportsGetter has a method to return a AdmissionReportInterface.
+// A group's client should implement this interface.
+type AdmissionReportsGetter interface {
+ AdmissionReports(namespace string) AdmissionReportInterface
+}
+
+// AdmissionReportInterface has methods to work with AdmissionReport resources.
+type AdmissionReportInterface interface {
+ Create(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.CreateOptions) (*v1.AdmissionReport, error)
+ Update(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.UpdateOptions) (*v1.AdmissionReport, error)
+ Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+ Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.AdmissionReport, error)
+ List(ctx context.Context, opts metav1.ListOptions) (*v1.AdmissionReportList, error)
+ Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.AdmissionReport, err error)
+ AdmissionReportExpansion
+}
+
+// admissionReports implements AdmissionReportInterface
+type admissionReports struct {
+ client rest.Interface
+ ns string
+}
+
+// newAdmissionReports returns a AdmissionReports
+func newAdmissionReports(c *ReportsV1Client, namespace string) *admissionReports {
+ return &admissionReports{
+ client: c.RESTClient(),
+ ns: namespace,
+ }
+}
+
+// Get takes name of the admissionReport, and returns the corresponding admissionReport object, and an error if there is any.
+func (c *admissionReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.AdmissionReport, err error) {
+ result = &v1.AdmissionReport{}
+ err = c.client.Get().
+ Namespace(c.ns).
+ Resource("admissionreports").
+ Name(name).
+ VersionedParams(&options, scheme.ParameterCodec).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// List takes label and field selectors, and returns the list of AdmissionReports that match those selectors.
+func (c *admissionReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.AdmissionReportList, err error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ result = &v1.AdmissionReportList{}
+ err = c.client.Get().
+ Namespace(c.ns).
+ Resource("admissionreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Watch returns a watch.Interface that watches the requested admissionReports.
+func (c *admissionReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ opts.Watch = true
+ return c.client.Get().
+ Namespace(c.ns).
+ Resource("admissionreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Watch(ctx)
+}
+
+// Create takes the representation of a admissionReport and creates it. Returns the server's representation of the admissionReport, and an error, if there is any.
+func (c *admissionReports) Create(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.CreateOptions) (result *v1.AdmissionReport, err error) {
+ result = &v1.AdmissionReport{}
+ err = c.client.Post().
+ Namespace(c.ns).
+ Resource("admissionreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(admissionReport).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Update takes the representation of a admissionReport and updates it. Returns the server's representation of the admissionReport, and an error, if there is any.
+func (c *admissionReports) Update(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.UpdateOptions) (result *v1.AdmissionReport, err error) {
+ result = &v1.AdmissionReport{}
+ err = c.client.Put().
+ Namespace(c.ns).
+ Resource("admissionreports").
+ Name(admissionReport.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(admissionReport).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Delete takes name of the admissionReport and deletes it. Returns an error if one occurs.
+func (c *admissionReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+ return c.client.Delete().
+ Namespace(c.ns).
+ Resource("admissionreports").
+ Name(name).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *admissionReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+ var timeout time.Duration
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+ }
+ return c.client.Delete().
+ Namespace(c.ns).
+ Resource("admissionreports").
+ VersionedParams(&listOpts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// Patch applies the patch and returns the patched admissionReport.
+func (c *admissionReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.AdmissionReport, err error) {
+ result = &v1.AdmissionReport{}
+ err = c.client.Patch(pt).
+ Namespace(c.ns).
+ Resource("admissionreports").
+ Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(data).
+ Do(ctx).
+ Into(result)
+ return
+}
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/backgroundscanreport.go b/pkg/client/clientset/versioned/typed/reports/v1/backgroundscanreport.go
new file mode 100644
index 0000000000..9e54546242
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/backgroundscanreport.go
@@ -0,0 +1,178 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ "context"
+ "time"
+
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ rest "k8s.io/client-go/rest"
+)
+
+// BackgroundScanReportsGetter has a method to return a BackgroundScanReportInterface.
+// A group's client should implement this interface.
+type BackgroundScanReportsGetter interface {
+ BackgroundScanReports(namespace string) BackgroundScanReportInterface
+}
+
+// BackgroundScanReportInterface has methods to work with BackgroundScanReport resources.
+type BackgroundScanReportInterface interface {
+ Create(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.CreateOptions) (*v1.BackgroundScanReport, error)
+ Update(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.UpdateOptions) (*v1.BackgroundScanReport, error)
+ Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+ Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.BackgroundScanReport, error)
+ List(ctx context.Context, opts metav1.ListOptions) (*v1.BackgroundScanReportList, error)
+ Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.BackgroundScanReport, err error)
+ BackgroundScanReportExpansion
+}
+
+// backgroundScanReports implements BackgroundScanReportInterface
+type backgroundScanReports struct {
+ client rest.Interface
+ ns string
+}
+
+// newBackgroundScanReports returns a BackgroundScanReports
+func newBackgroundScanReports(c *ReportsV1Client, namespace string) *backgroundScanReports {
+ return &backgroundScanReports{
+ client: c.RESTClient(),
+ ns: namespace,
+ }
+}
+
+// Get takes name of the backgroundScanReport, and returns the corresponding backgroundScanReport object, and an error if there is any.
+func (c *backgroundScanReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.BackgroundScanReport, err error) {
+ result = &v1.BackgroundScanReport{}
+ err = c.client.Get().
+ Namespace(c.ns).
+ Resource("backgroundscanreports").
+ Name(name).
+ VersionedParams(&options, scheme.ParameterCodec).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// List takes label and field selectors, and returns the list of BackgroundScanReports that match those selectors.
+func (c *backgroundScanReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.BackgroundScanReportList, err error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ result = &v1.BackgroundScanReportList{}
+ err = c.client.Get().
+ Namespace(c.ns).
+ Resource("backgroundscanreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Watch returns a watch.Interface that watches the requested backgroundScanReports.
+func (c *backgroundScanReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ opts.Watch = true
+ return c.client.Get().
+ Namespace(c.ns).
+ Resource("backgroundscanreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Watch(ctx)
+}
+
+// Create takes the representation of a backgroundScanReport and creates it. Returns the server's representation of the backgroundScanReport, and an error, if there is any.
+func (c *backgroundScanReports) Create(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.CreateOptions) (result *v1.BackgroundScanReport, err error) {
+ result = &v1.BackgroundScanReport{}
+ err = c.client.Post().
+ Namespace(c.ns).
+ Resource("backgroundscanreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(backgroundScanReport).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Update takes the representation of a backgroundScanReport and updates it. Returns the server's representation of the backgroundScanReport, and an error, if there is any.
+func (c *backgroundScanReports) Update(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.UpdateOptions) (result *v1.BackgroundScanReport, err error) {
+ result = &v1.BackgroundScanReport{}
+ err = c.client.Put().
+ Namespace(c.ns).
+ Resource("backgroundscanreports").
+ Name(backgroundScanReport.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(backgroundScanReport).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Delete takes name of the backgroundScanReport and deletes it. Returns an error if one occurs.
+func (c *backgroundScanReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+ return c.client.Delete().
+ Namespace(c.ns).
+ Resource("backgroundscanreports").
+ Name(name).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *backgroundScanReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+ var timeout time.Duration
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+ }
+ return c.client.Delete().
+ Namespace(c.ns).
+ Resource("backgroundscanreports").
+ VersionedParams(&listOpts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// Patch applies the patch and returns the patched backgroundScanReport.
+func (c *backgroundScanReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.BackgroundScanReport, err error) {
+ result = &v1.BackgroundScanReport{}
+ err = c.client.Patch(pt).
+ Namespace(c.ns).
+ Resource("backgroundscanreports").
+ Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(data).
+ Do(ctx).
+ Into(result)
+ return
+}
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/clusteradmissionreport.go b/pkg/client/clientset/versioned/typed/reports/v1/clusteradmissionreport.go
new file mode 100644
index 0000000000..0326055a5d
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/clusteradmissionreport.go
@@ -0,0 +1,168 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ "context"
+ "time"
+
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ rest "k8s.io/client-go/rest"
+)
+
+// ClusterAdmissionReportsGetter has a method to return a ClusterAdmissionReportInterface.
+// A group's client should implement this interface.
+type ClusterAdmissionReportsGetter interface {
+ ClusterAdmissionReports() ClusterAdmissionReportInterface
+}
+
+// ClusterAdmissionReportInterface has methods to work with ClusterAdmissionReport resources.
+type ClusterAdmissionReportInterface interface {
+ Create(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.CreateOptions) (*v1.ClusterAdmissionReport, error)
+ Update(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.UpdateOptions) (*v1.ClusterAdmissionReport, error)
+ Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+ Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterAdmissionReport, error)
+ List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterAdmissionReportList, error)
+ Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterAdmissionReport, err error)
+ ClusterAdmissionReportExpansion
+}
+
+// clusterAdmissionReports implements ClusterAdmissionReportInterface
+type clusterAdmissionReports struct {
+ client rest.Interface
+}
+
+// newClusterAdmissionReports returns a ClusterAdmissionReports
+func newClusterAdmissionReports(c *ReportsV1Client) *clusterAdmissionReports {
+ return &clusterAdmissionReports{
+ client: c.RESTClient(),
+ }
+}
+
+// Get takes name of the clusterAdmissionReport, and returns the corresponding clusterAdmissionReport object, and an error if there is any.
+func (c *clusterAdmissionReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterAdmissionReport, err error) {
+ result = &v1.ClusterAdmissionReport{}
+ err = c.client.Get().
+ Resource("clusteradmissionreports").
+ Name(name).
+ VersionedParams(&options, scheme.ParameterCodec).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// List takes label and field selectors, and returns the list of ClusterAdmissionReports that match those selectors.
+func (c *clusterAdmissionReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterAdmissionReportList, err error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ result = &v1.ClusterAdmissionReportList{}
+ err = c.client.Get().
+ Resource("clusteradmissionreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Watch returns a watch.Interface that watches the requested clusterAdmissionReports.
+func (c *clusterAdmissionReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ opts.Watch = true
+ return c.client.Get().
+ Resource("clusteradmissionreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Watch(ctx)
+}
+
+// Create takes the representation of a clusterAdmissionReport and creates it. Returns the server's representation of the clusterAdmissionReport, and an error, if there is any.
+func (c *clusterAdmissionReports) Create(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.CreateOptions) (result *v1.ClusterAdmissionReport, err error) {
+ result = &v1.ClusterAdmissionReport{}
+ err = c.client.Post().
+ Resource("clusteradmissionreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(clusterAdmissionReport).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Update takes the representation of a clusterAdmissionReport and updates it. Returns the server's representation of the clusterAdmissionReport, and an error, if there is any.
+func (c *clusterAdmissionReports) Update(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.UpdateOptions) (result *v1.ClusterAdmissionReport, err error) {
+ result = &v1.ClusterAdmissionReport{}
+ err = c.client.Put().
+ Resource("clusteradmissionreports").
+ Name(clusterAdmissionReport.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(clusterAdmissionReport).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Delete takes name of the clusterAdmissionReport and deletes it. Returns an error if one occurs.
+func (c *clusterAdmissionReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+ return c.client.Delete().
+ Resource("clusteradmissionreports").
+ Name(name).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *clusterAdmissionReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+ var timeout time.Duration
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+ }
+ return c.client.Delete().
+ Resource("clusteradmissionreports").
+ VersionedParams(&listOpts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// Patch applies the patch and returns the patched clusterAdmissionReport.
+func (c *clusterAdmissionReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterAdmissionReport, err error) {
+ result = &v1.ClusterAdmissionReport{}
+ err = c.client.Patch(pt).
+ Resource("clusteradmissionreports").
+ Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(data).
+ Do(ctx).
+ Into(result)
+ return
+}
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/clusterbackgroundscanreport.go b/pkg/client/clientset/versioned/typed/reports/v1/clusterbackgroundscanreport.go
new file mode 100644
index 0000000000..6c5ae883e6
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/clusterbackgroundscanreport.go
@@ -0,0 +1,168 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ "context"
+ "time"
+
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ rest "k8s.io/client-go/rest"
+)
+
+// ClusterBackgroundScanReportsGetter has a method to return a ClusterBackgroundScanReportInterface.
+// A group's client should implement this interface.
+type ClusterBackgroundScanReportsGetter interface {
+ ClusterBackgroundScanReports() ClusterBackgroundScanReportInterface
+}
+
+// ClusterBackgroundScanReportInterface has methods to work with ClusterBackgroundScanReport resources.
+type ClusterBackgroundScanReportInterface interface {
+ Create(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.CreateOptions) (*v1.ClusterBackgroundScanReport, error)
+ Update(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.UpdateOptions) (*v1.ClusterBackgroundScanReport, error)
+ Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+ Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterBackgroundScanReport, error)
+ List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterBackgroundScanReportList, error)
+ Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterBackgroundScanReport, err error)
+ ClusterBackgroundScanReportExpansion
+}
+
+// clusterBackgroundScanReports implements ClusterBackgroundScanReportInterface
+type clusterBackgroundScanReports struct {
+ client rest.Interface
+}
+
+// newClusterBackgroundScanReports returns a ClusterBackgroundScanReports
+func newClusterBackgroundScanReports(c *ReportsV1Client) *clusterBackgroundScanReports {
+ return &clusterBackgroundScanReports{
+ client: c.RESTClient(),
+ }
+}
+
+// Get takes name of the clusterBackgroundScanReport, and returns the corresponding clusterBackgroundScanReport object, and an error if there is any.
+func (c *clusterBackgroundScanReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterBackgroundScanReport, err error) {
+ result = &v1.ClusterBackgroundScanReport{}
+ err = c.client.Get().
+ Resource("clusterbackgroundscanreports").
+ Name(name).
+ VersionedParams(&options, scheme.ParameterCodec).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// List takes label and field selectors, and returns the list of ClusterBackgroundScanReports that match those selectors.
+func (c *clusterBackgroundScanReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterBackgroundScanReportList, err error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ result = &v1.ClusterBackgroundScanReportList{}
+ err = c.client.Get().
+ Resource("clusterbackgroundscanreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Watch returns a watch.Interface that watches the requested clusterBackgroundScanReports.
+func (c *clusterBackgroundScanReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ opts.Watch = true
+ return c.client.Get().
+ Resource("clusterbackgroundscanreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Watch(ctx)
+}
+
+// Create takes the representation of a clusterBackgroundScanReport and creates it. Returns the server's representation of the clusterBackgroundScanReport, and an error, if there is any.
+func (c *clusterBackgroundScanReports) Create(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.CreateOptions) (result *v1.ClusterBackgroundScanReport, err error) {
+ result = &v1.ClusterBackgroundScanReport{}
+ err = c.client.Post().
+ Resource("clusterbackgroundscanreports").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(clusterBackgroundScanReport).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Update takes the representation of a clusterBackgroundScanReport and updates it. Returns the server's representation of the clusterBackgroundScanReport, and an error, if there is any.
+func (c *clusterBackgroundScanReports) Update(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.UpdateOptions) (result *v1.ClusterBackgroundScanReport, err error) {
+ result = &v1.ClusterBackgroundScanReport{}
+ err = c.client.Put().
+ Resource("clusterbackgroundscanreports").
+ Name(clusterBackgroundScanReport.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(clusterBackgroundScanReport).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Delete takes name of the clusterBackgroundScanReport and deletes it. Returns an error if one occurs.
+func (c *clusterBackgroundScanReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+ return c.client.Delete().
+ Resource("clusterbackgroundscanreports").
+ Name(name).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *clusterBackgroundScanReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+ var timeout time.Duration
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+ }
+ return c.client.Delete().
+ Resource("clusterbackgroundscanreports").
+ VersionedParams(&listOpts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// Patch applies the patch and returns the patched clusterBackgroundScanReport.
+func (c *clusterBackgroundScanReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterBackgroundScanReport, err error) {
+ result = &v1.ClusterBackgroundScanReport{}
+ err = c.client.Patch(pt).
+ Resource("clusterbackgroundscanreports").
+ Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(data).
+ Do(ctx).
+ Into(result)
+ return
+}
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/doc.go b/pkg/client/clientset/versioned/typed/reports/v1/doc.go
new file mode 100644
index 0000000000..3af5d054f1
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/doc.go
@@ -0,0 +1,20 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated typed clients.
+package v1
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/fake/doc.go b/pkg/client/clientset/versioned/typed/reports/v1/fake/doc.go
new file mode 100644
index 0000000000..16f4439906
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/fake/doc.go
@@ -0,0 +1,20 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// Package fake has the automatically generated clients.
+package fake
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_admissionreport.go b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_admissionreport.go
new file mode 100644
index 0000000000..d682fa6c26
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_admissionreport.go
@@ -0,0 +1,129 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ "context"
+
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ testing "k8s.io/client-go/testing"
+)
+
+// FakeAdmissionReports implements AdmissionReportInterface
+type FakeAdmissionReports struct {
+ Fake *FakeReportsV1
+ ns string
+}
+
+var admissionreportsResource = v1.SchemeGroupVersion.WithResource("admissionreports")
+
+var admissionreportsKind = v1.SchemeGroupVersion.WithKind("AdmissionReport")
+
+// Get takes name of the admissionReport, and returns the corresponding admissionReport object, and an error if there is any.
+func (c *FakeAdmissionReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.AdmissionReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewGetAction(admissionreportsResource, c.ns, name), &v1.AdmissionReport{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.AdmissionReport), err
+}
+
+// List takes label and field selectors, and returns the list of AdmissionReports that match those selectors.
+func (c *FakeAdmissionReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.AdmissionReportList, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewListAction(admissionreportsResource, admissionreportsKind, c.ns, opts), &v1.AdmissionReportList{})
+
+ if obj == nil {
+ return nil, err
+ }
+
+ label, _, _ := testing.ExtractFromListOptions(opts)
+ if label == nil {
+ label = labels.Everything()
+ }
+ list := &v1.AdmissionReportList{ListMeta: obj.(*v1.AdmissionReportList).ListMeta}
+ for _, item := range obj.(*v1.AdmissionReportList).Items {
+ if label.Matches(labels.Set(item.Labels)) {
+ list.Items = append(list.Items, item)
+ }
+ }
+ return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested admissionReports.
+func (c *FakeAdmissionReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+ return c.Fake.
+ InvokesWatch(testing.NewWatchAction(admissionreportsResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a admissionReport and creates it. Returns the server's representation of the admissionReport, and an error, if there is any.
+func (c *FakeAdmissionReports) Create(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.CreateOptions) (result *v1.AdmissionReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewCreateAction(admissionreportsResource, c.ns, admissionReport), &v1.AdmissionReport{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.AdmissionReport), err
+}
+
+// Update takes the representation of a admissionReport and updates it. Returns the server's representation of the admissionReport, and an error, if there is any.
+func (c *FakeAdmissionReports) Update(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.UpdateOptions) (result *v1.AdmissionReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewUpdateAction(admissionreportsResource, c.ns, admissionReport), &v1.AdmissionReport{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.AdmissionReport), err
+}
+
+// Delete takes name of the admissionReport and deletes it. Returns an error if one occurs.
+func (c *FakeAdmissionReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+ _, err := c.Fake.
+ Invokes(testing.NewDeleteActionWithOptions(admissionreportsResource, c.ns, name, opts), &v1.AdmissionReport{})
+
+ return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeAdmissionReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+ action := testing.NewDeleteCollectionAction(admissionreportsResource, c.ns, listOpts)
+
+ _, err := c.Fake.Invokes(action, &v1.AdmissionReportList{})
+ return err
+}
+
+// Patch applies the patch and returns the patched admissionReport.
+func (c *FakeAdmissionReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.AdmissionReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewPatchSubresourceAction(admissionreportsResource, c.ns, name, pt, data, subresources...), &v1.AdmissionReport{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.AdmissionReport), err
+}
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_backgroundscanreport.go b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_backgroundscanreport.go
new file mode 100644
index 0000000000..58f21fc3e6
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_backgroundscanreport.go
@@ -0,0 +1,129 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ "context"
+
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ testing "k8s.io/client-go/testing"
+)
+
+// FakeBackgroundScanReports implements BackgroundScanReportInterface
+type FakeBackgroundScanReports struct {
+ Fake *FakeReportsV1
+ ns string
+}
+
+var backgroundscanreportsResource = v1.SchemeGroupVersion.WithResource("backgroundscanreports")
+
+var backgroundscanreportsKind = v1.SchemeGroupVersion.WithKind("BackgroundScanReport")
+
+// Get takes name of the backgroundScanReport, and returns the corresponding backgroundScanReport object, and an error if there is any.
+func (c *FakeBackgroundScanReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.BackgroundScanReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewGetAction(backgroundscanreportsResource, c.ns, name), &v1.BackgroundScanReport{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.BackgroundScanReport), err
+}
+
+// List takes label and field selectors, and returns the list of BackgroundScanReports that match those selectors.
+func (c *FakeBackgroundScanReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.BackgroundScanReportList, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewListAction(backgroundscanreportsResource, backgroundscanreportsKind, c.ns, opts), &v1.BackgroundScanReportList{})
+
+ if obj == nil {
+ return nil, err
+ }
+
+ label, _, _ := testing.ExtractFromListOptions(opts)
+ if label == nil {
+ label = labels.Everything()
+ }
+ list := &v1.BackgroundScanReportList{ListMeta: obj.(*v1.BackgroundScanReportList).ListMeta}
+ for _, item := range obj.(*v1.BackgroundScanReportList).Items {
+ if label.Matches(labels.Set(item.Labels)) {
+ list.Items = append(list.Items, item)
+ }
+ }
+ return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested backgroundScanReports.
+func (c *FakeBackgroundScanReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+ return c.Fake.
+ InvokesWatch(testing.NewWatchAction(backgroundscanreportsResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a backgroundScanReport and creates it. Returns the server's representation of the backgroundScanReport, and an error, if there is any.
+func (c *FakeBackgroundScanReports) Create(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.CreateOptions) (result *v1.BackgroundScanReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewCreateAction(backgroundscanreportsResource, c.ns, backgroundScanReport), &v1.BackgroundScanReport{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.BackgroundScanReport), err
+}
+
+// Update takes the representation of a backgroundScanReport and updates it. Returns the server's representation of the backgroundScanReport, and an error, if there is any.
+func (c *FakeBackgroundScanReports) Update(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.UpdateOptions) (result *v1.BackgroundScanReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewUpdateAction(backgroundscanreportsResource, c.ns, backgroundScanReport), &v1.BackgroundScanReport{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.BackgroundScanReport), err
+}
+
+// Delete takes name of the backgroundScanReport and deletes it. Returns an error if one occurs.
+func (c *FakeBackgroundScanReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+ _, err := c.Fake.
+ Invokes(testing.NewDeleteActionWithOptions(backgroundscanreportsResource, c.ns, name, opts), &v1.BackgroundScanReport{})
+
+ return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeBackgroundScanReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+ action := testing.NewDeleteCollectionAction(backgroundscanreportsResource, c.ns, listOpts)
+
+ _, err := c.Fake.Invokes(action, &v1.BackgroundScanReportList{})
+ return err
+}
+
+// Patch applies the patch and returns the patched backgroundScanReport.
+func (c *FakeBackgroundScanReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.BackgroundScanReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewPatchSubresourceAction(backgroundscanreportsResource, c.ns, name, pt, data, subresources...), &v1.BackgroundScanReport{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.BackgroundScanReport), err
+}
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusteradmissionreport.go b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusteradmissionreport.go
new file mode 100644
index 0000000000..405b143f7d
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusteradmissionreport.go
@@ -0,0 +1,121 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ "context"
+
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ testing "k8s.io/client-go/testing"
+)
+
+// FakeClusterAdmissionReports implements ClusterAdmissionReportInterface
+type FakeClusterAdmissionReports struct {
+ Fake *FakeReportsV1
+}
+
+var clusteradmissionreportsResource = v1.SchemeGroupVersion.WithResource("clusteradmissionreports")
+
+var clusteradmissionreportsKind = v1.SchemeGroupVersion.WithKind("ClusterAdmissionReport")
+
+// Get takes name of the clusterAdmissionReport, and returns the corresponding clusterAdmissionReport object, and an error if there is any.
+func (c *FakeClusterAdmissionReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterAdmissionReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootGetAction(clusteradmissionreportsResource, name), &v1.ClusterAdmissionReport{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.ClusterAdmissionReport), err
+}
+
+// List takes label and field selectors, and returns the list of ClusterAdmissionReports that match those selectors.
+func (c *FakeClusterAdmissionReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterAdmissionReportList, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootListAction(clusteradmissionreportsResource, clusteradmissionreportsKind, opts), &v1.ClusterAdmissionReportList{})
+ if obj == nil {
+ return nil, err
+ }
+
+ label, _, _ := testing.ExtractFromListOptions(opts)
+ if label == nil {
+ label = labels.Everything()
+ }
+ list := &v1.ClusterAdmissionReportList{ListMeta: obj.(*v1.ClusterAdmissionReportList).ListMeta}
+ for _, item := range obj.(*v1.ClusterAdmissionReportList).Items {
+ if label.Matches(labels.Set(item.Labels)) {
+ list.Items = append(list.Items, item)
+ }
+ }
+ return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested clusterAdmissionReports.
+func (c *FakeClusterAdmissionReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+ return c.Fake.
+ InvokesWatch(testing.NewRootWatchAction(clusteradmissionreportsResource, opts))
+}
+
+// Create takes the representation of a clusterAdmissionReport and creates it. Returns the server's representation of the clusterAdmissionReport, and an error, if there is any.
+func (c *FakeClusterAdmissionReports) Create(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.CreateOptions) (result *v1.ClusterAdmissionReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootCreateAction(clusteradmissionreportsResource, clusterAdmissionReport), &v1.ClusterAdmissionReport{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.ClusterAdmissionReport), err
+}
+
+// Update takes the representation of a clusterAdmissionReport and updates it. Returns the server's representation of the clusterAdmissionReport, and an error, if there is any.
+func (c *FakeClusterAdmissionReports) Update(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.UpdateOptions) (result *v1.ClusterAdmissionReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootUpdateAction(clusteradmissionreportsResource, clusterAdmissionReport), &v1.ClusterAdmissionReport{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.ClusterAdmissionReport), err
+}
+
+// Delete takes name of the clusterAdmissionReport and deletes it. Returns an error if one occurs.
+func (c *FakeClusterAdmissionReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+ _, err := c.Fake.
+ Invokes(testing.NewRootDeleteActionWithOptions(clusteradmissionreportsResource, name, opts), &v1.ClusterAdmissionReport{})
+ return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeClusterAdmissionReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+ action := testing.NewRootDeleteCollectionAction(clusteradmissionreportsResource, listOpts)
+
+ _, err := c.Fake.Invokes(action, &v1.ClusterAdmissionReportList{})
+ return err
+}
+
+// Patch applies the patch and returns the patched clusterAdmissionReport.
+func (c *FakeClusterAdmissionReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterAdmissionReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootPatchSubresourceAction(clusteradmissionreportsResource, name, pt, data, subresources...), &v1.ClusterAdmissionReport{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.ClusterAdmissionReport), err
+}
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusterbackgroundscanreport.go b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusterbackgroundscanreport.go
new file mode 100644
index 0000000000..f2a0c1f217
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusterbackgroundscanreport.go
@@ -0,0 +1,121 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ "context"
+
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ testing "k8s.io/client-go/testing"
+)
+
+// FakeClusterBackgroundScanReports implements ClusterBackgroundScanReportInterface
+type FakeClusterBackgroundScanReports struct {
+ Fake *FakeReportsV1
+}
+
+var clusterbackgroundscanreportsResource = v1.SchemeGroupVersion.WithResource("clusterbackgroundscanreports")
+
+var clusterbackgroundscanreportsKind = v1.SchemeGroupVersion.WithKind("ClusterBackgroundScanReport")
+
+// Get takes name of the clusterBackgroundScanReport, and returns the corresponding clusterBackgroundScanReport object, and an error if there is any.
+func (c *FakeClusterBackgroundScanReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterBackgroundScanReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootGetAction(clusterbackgroundscanreportsResource, name), &v1.ClusterBackgroundScanReport{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.ClusterBackgroundScanReport), err
+}
+
+// List takes label and field selectors, and returns the list of ClusterBackgroundScanReports that match those selectors.
+func (c *FakeClusterBackgroundScanReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterBackgroundScanReportList, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootListAction(clusterbackgroundscanreportsResource, clusterbackgroundscanreportsKind, opts), &v1.ClusterBackgroundScanReportList{})
+ if obj == nil {
+ return nil, err
+ }
+
+ label, _, _ := testing.ExtractFromListOptions(opts)
+ if label == nil {
+ label = labels.Everything()
+ }
+ list := &v1.ClusterBackgroundScanReportList{ListMeta: obj.(*v1.ClusterBackgroundScanReportList).ListMeta}
+ for _, item := range obj.(*v1.ClusterBackgroundScanReportList).Items {
+ if label.Matches(labels.Set(item.Labels)) {
+ list.Items = append(list.Items, item)
+ }
+ }
+ return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested clusterBackgroundScanReports.
+func (c *FakeClusterBackgroundScanReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+ return c.Fake.
+ InvokesWatch(testing.NewRootWatchAction(clusterbackgroundscanreportsResource, opts))
+}
+
+// Create takes the representation of a clusterBackgroundScanReport and creates it. Returns the server's representation of the clusterBackgroundScanReport, and an error, if there is any.
+func (c *FakeClusterBackgroundScanReports) Create(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.CreateOptions) (result *v1.ClusterBackgroundScanReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootCreateAction(clusterbackgroundscanreportsResource, clusterBackgroundScanReport), &v1.ClusterBackgroundScanReport{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.ClusterBackgroundScanReport), err
+}
+
+// Update takes the representation of a clusterBackgroundScanReport and updates it. Returns the server's representation of the clusterBackgroundScanReport, and an error, if there is any.
+func (c *FakeClusterBackgroundScanReports) Update(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.UpdateOptions) (result *v1.ClusterBackgroundScanReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootUpdateAction(clusterbackgroundscanreportsResource, clusterBackgroundScanReport), &v1.ClusterBackgroundScanReport{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.ClusterBackgroundScanReport), err
+}
+
+// Delete takes name of the clusterBackgroundScanReport and deletes it. Returns an error if one occurs.
+func (c *FakeClusterBackgroundScanReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+ _, err := c.Fake.
+ Invokes(testing.NewRootDeleteActionWithOptions(clusterbackgroundscanreportsResource, name, opts), &v1.ClusterBackgroundScanReport{})
+ return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeClusterBackgroundScanReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+ action := testing.NewRootDeleteCollectionAction(clusterbackgroundscanreportsResource, listOpts)
+
+ _, err := c.Fake.Invokes(action, &v1.ClusterBackgroundScanReportList{})
+ return err
+}
+
+// Patch applies the patch and returns the patched clusterBackgroundScanReport.
+func (c *FakeClusterBackgroundScanReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterBackgroundScanReport, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootPatchSubresourceAction(clusterbackgroundscanreportsResource, name, pt, data, subresources...), &v1.ClusterBackgroundScanReport{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1.ClusterBackgroundScanReport), err
+}
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_reports_client.go b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_reports_client.go
new file mode 100644
index 0000000000..032de4a2aa
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_reports_client.go
@@ -0,0 +1,52 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+ rest "k8s.io/client-go/rest"
+ testing "k8s.io/client-go/testing"
+)
+
+type FakeReportsV1 struct {
+ *testing.Fake
+}
+
+func (c *FakeReportsV1) AdmissionReports(namespace string) v1.AdmissionReportInterface {
+ return &FakeAdmissionReports{c, namespace}
+}
+
+func (c *FakeReportsV1) BackgroundScanReports(namespace string) v1.BackgroundScanReportInterface {
+ return &FakeBackgroundScanReports{c, namespace}
+}
+
+func (c *FakeReportsV1) ClusterAdmissionReports() v1.ClusterAdmissionReportInterface {
+ return &FakeClusterAdmissionReports{c}
+}
+
+func (c *FakeReportsV1) ClusterBackgroundScanReports() v1.ClusterBackgroundScanReportInterface {
+ return &FakeClusterBackgroundScanReports{c}
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *FakeReportsV1) RESTClient() rest.Interface {
+ var ret *rest.RESTClient
+ return ret
+}
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/reports/v1/generated_expansion.go
new file mode 100644
index 0000000000..5110f52f91
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/generated_expansion.go
@@ -0,0 +1,27 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+type AdmissionReportExpansion interface{}
+
+type BackgroundScanReportExpansion interface{}
+
+type ClusterAdmissionReportExpansion interface{}
+
+type ClusterBackgroundScanReportExpansion interface{}
diff --git a/pkg/client/clientset/versioned/typed/reports/v1/reports_client.go b/pkg/client/clientset/versioned/typed/reports/v1/reports_client.go
new file mode 100644
index 0000000000..31477dd115
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/reports/v1/reports_client.go
@@ -0,0 +1,122 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ "net/http"
+
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+ rest "k8s.io/client-go/rest"
+)
+
+type ReportsV1Interface interface {
+ RESTClient() rest.Interface
+ AdmissionReportsGetter
+ BackgroundScanReportsGetter
+ ClusterAdmissionReportsGetter
+ ClusterBackgroundScanReportsGetter
+}
+
+// ReportsV1Client is used to interact with features provided by the reports.kyverno.io group.
+type ReportsV1Client struct {
+ restClient rest.Interface
+}
+
+func (c *ReportsV1Client) AdmissionReports(namespace string) AdmissionReportInterface {
+ return newAdmissionReports(c, namespace)
+}
+
+func (c *ReportsV1Client) BackgroundScanReports(namespace string) BackgroundScanReportInterface {
+ return newBackgroundScanReports(c, namespace)
+}
+
+func (c *ReportsV1Client) ClusterAdmissionReports() ClusterAdmissionReportInterface {
+ return newClusterAdmissionReports(c)
+}
+
+func (c *ReportsV1Client) ClusterBackgroundScanReports() ClusterBackgroundScanReportInterface {
+ return newClusterBackgroundScanReports(c)
+}
+
+// NewForConfig creates a new ReportsV1Client for the given config.
+// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
+// where httpClient was generated with rest.HTTPClientFor(c).
+func NewForConfig(c *rest.Config) (*ReportsV1Client, error) {
+ config := *c
+ if err := setConfigDefaults(&config); err != nil {
+ return nil, err
+ }
+ httpClient, err := rest.HTTPClientFor(&config)
+ if err != nil {
+ return nil, err
+ }
+ return NewForConfigAndClient(&config, httpClient)
+}
+
+// NewForConfigAndClient creates a new ReportsV1Client for the given config and http client.
+// Note the http client provided takes precedence over the configured transport values.
+func NewForConfigAndClient(c *rest.Config, h *http.Client) (*ReportsV1Client, error) {
+ config := *c
+ if err := setConfigDefaults(&config); err != nil {
+ return nil, err
+ }
+ client, err := rest.RESTClientForConfigAndClient(&config, h)
+ if err != nil {
+ return nil, err
+ }
+ return &ReportsV1Client{client}, nil
+}
+
+// NewForConfigOrDie creates a new ReportsV1Client for the given config and
+// panics if there is an error in the config.
+func NewForConfigOrDie(c *rest.Config) *ReportsV1Client {
+ client, err := NewForConfig(c)
+ if err != nil {
+ panic(err)
+ }
+ return client
+}
+
+// New creates a new ReportsV1Client for the given RESTClient.
+func New(c rest.Interface) *ReportsV1Client {
+ return &ReportsV1Client{c}
+}
+
+func setConfigDefaults(config *rest.Config) error {
+ gv := v1.SchemeGroupVersion
+ config.GroupVersion = &gv
+ config.APIPath = "/apis"
+ config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
+
+ if config.UserAgent == "" {
+ config.UserAgent = rest.DefaultKubernetesUserAgent()
+ }
+
+ return nil
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *ReportsV1Client) RESTClient() rest.Interface {
+ if c == nil {
+ return nil
+ }
+ return c.restClient
+}
diff --git a/pkg/client/informers/externalversions/factory.go b/pkg/client/informers/externalversions/factory.go
index 1a4f876baa..71c71a7375 100644
--- a/pkg/client/informers/externalversions/factory.go
+++ b/pkg/client/informers/externalversions/factory.go
@@ -27,6 +27,7 @@ import (
internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
kyverno "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno"
policyreport "github.com/kyverno/kyverno/pkg/client/informers/externalversions/policyreport"
+ reports "github.com/kyverno/kyverno/pkg/client/informers/externalversions/reports"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -246,6 +247,7 @@ type SharedInformerFactory interface {
Kyverno() kyverno.Interface
Wgpolicyk8s() policyreport.Interface
+ Reports() reports.Interface
}
func (f *sharedInformerFactory) Kyverno() kyverno.Interface {
@@ -255,3 +257,7 @@ func (f *sharedInformerFactory) Kyverno() kyverno.Interface {
func (f *sharedInformerFactory) Wgpolicyk8s() policyreport.Interface {
return policyreport.New(f, f.namespace, f.tweakListOptions)
}
+
+func (f *sharedInformerFactory) Reports() reports.Interface {
+ return reports.New(f, f.namespace, f.tweakListOptions)
+}
diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go
index c7e9a9b4d2..be8bedb457 100644
--- a/pkg/client/informers/externalversions/generic.go
+++ b/pkg/client/informers/externalversions/generic.go
@@ -21,6 +21,7 @@ package externalversions
import (
"fmt"
+ reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
v1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
v1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
@@ -116,6 +117,16 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
case v2beta1.SchemeGroupVersion.WithResource("policyexceptions"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2beta1().PolicyExceptions().Informer()}, nil
+ // Group=reports.kyverno.io, Version=v1
+ case reportsv1.SchemeGroupVersion.WithResource("admissionreports"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1().AdmissionReports().Informer()}, nil
+ case reportsv1.SchemeGroupVersion.WithResource("backgroundscanreports"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1().BackgroundScanReports().Informer()}, nil
+ case reportsv1.SchemeGroupVersion.WithResource("clusteradmissionreports"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1().ClusterAdmissionReports().Informer()}, nil
+ case reportsv1.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1().ClusterBackgroundScanReports().Informer()}, nil
+
// Group=wgpolicyk8s.io, Version=v1alpha2
case policyreportv1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha2().ClusterPolicyReports().Informer()}, nil
diff --git a/pkg/client/informers/externalversions/reports/interface.go b/pkg/client/informers/externalversions/reports/interface.go
new file mode 100644
index 0000000000..501b554e1e
--- /dev/null
+++ b/pkg/client/informers/externalversions/reports/interface.go
@@ -0,0 +1,46 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package reports
+
+import (
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+ v1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/reports/v1"
+)
+
+// Interface provides access to each of this group's versions.
+type Interface interface {
+ // V1 provides access to shared informers for resources in V1.
+ V1() v1.Interface
+}
+
+type group struct {
+ factory internalinterfaces.SharedInformerFactory
+ namespace string
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+ return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// V1 returns a new v1.Interface.
+func (g *group) V1() v1.Interface {
+ return v1.New(g.factory, g.namespace, g.tweakListOptions)
+}
diff --git a/pkg/client/informers/externalversions/reports/v1/admissionreport.go b/pkg/client/informers/externalversions/reports/v1/admissionreport.go
new file mode 100644
index 0000000000..77f087e5fd
--- /dev/null
+++ b/pkg/client/informers/externalversions/reports/v1/admissionreport.go
@@ -0,0 +1,90 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ "context"
+ time "time"
+
+ reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+ v1 "github.com/kyverno/kyverno/pkg/client/listers/reports/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// AdmissionReportInformer provides access to a shared informer and lister for
+// AdmissionReports.
+type AdmissionReportInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() v1.AdmissionReportLister
+}
+
+type admissionReportInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+ namespace string
+}
+
+// NewAdmissionReportInformer constructs a new informer for AdmissionReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewAdmissionReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredAdmissionReportInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredAdmissionReportInformer constructs a new informer for AdmissionReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredAdmissionReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ &cache.ListWatch{
+ ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.ReportsV1().AdmissionReports(namespace).List(context.TODO(), options)
+ },
+ WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.ReportsV1().AdmissionReports(namespace).Watch(context.TODO(), options)
+ },
+ },
+ &reportsv1.AdmissionReport{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *admissionReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredAdmissionReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *admissionReportInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&reportsv1.AdmissionReport{}, f.defaultInformer)
+}
+
+func (f *admissionReportInformer) Lister() v1.AdmissionReportLister {
+ return v1.NewAdmissionReportLister(f.Informer().GetIndexer())
+}
diff --git a/pkg/client/informers/externalversions/reports/v1/backgroundscanreport.go b/pkg/client/informers/externalversions/reports/v1/backgroundscanreport.go
new file mode 100644
index 0000000000..9d401e0325
--- /dev/null
+++ b/pkg/client/informers/externalversions/reports/v1/backgroundscanreport.go
@@ -0,0 +1,90 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ "context"
+ time "time"
+
+ reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+ v1 "github.com/kyverno/kyverno/pkg/client/listers/reports/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// BackgroundScanReportInformer provides access to a shared informer and lister for
+// BackgroundScanReports.
+type BackgroundScanReportInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() v1.BackgroundScanReportLister
+}
+
+type backgroundScanReportInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+ namespace string
+}
+
+// NewBackgroundScanReportInformer constructs a new informer for BackgroundScanReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewBackgroundScanReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredBackgroundScanReportInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredBackgroundScanReportInformer constructs a new informer for BackgroundScanReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredBackgroundScanReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ &cache.ListWatch{
+ ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.ReportsV1().BackgroundScanReports(namespace).List(context.TODO(), options)
+ },
+ WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.ReportsV1().BackgroundScanReports(namespace).Watch(context.TODO(), options)
+ },
+ },
+ &reportsv1.BackgroundScanReport{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *backgroundScanReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredBackgroundScanReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *backgroundScanReportInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&reportsv1.BackgroundScanReport{}, f.defaultInformer)
+}
+
+func (f *backgroundScanReportInformer) Lister() v1.BackgroundScanReportLister {
+ return v1.NewBackgroundScanReportLister(f.Informer().GetIndexer())
+}
diff --git a/pkg/client/informers/externalversions/reports/v1/clusteradmissionreport.go b/pkg/client/informers/externalversions/reports/v1/clusteradmissionreport.go
new file mode 100644
index 0000000000..c0ede6ef64
--- /dev/null
+++ b/pkg/client/informers/externalversions/reports/v1/clusteradmissionreport.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ "context"
+ time "time"
+
+ reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+ v1 "github.com/kyverno/kyverno/pkg/client/listers/reports/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// ClusterAdmissionReportInformer provides access to a shared informer and lister for
+// ClusterAdmissionReports.
+type ClusterAdmissionReportInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() v1.ClusterAdmissionReportLister
+}
+
+type clusterAdmissionReportInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewClusterAdmissionReportInformer constructs a new informer for ClusterAdmissionReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewClusterAdmissionReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredClusterAdmissionReportInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredClusterAdmissionReportInformer constructs a new informer for ClusterAdmissionReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredClusterAdmissionReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ &cache.ListWatch{
+ ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.ReportsV1().ClusterAdmissionReports().List(context.TODO(), options)
+ },
+ WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.ReportsV1().ClusterAdmissionReports().Watch(context.TODO(), options)
+ },
+ },
+ &reportsv1.ClusterAdmissionReport{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *clusterAdmissionReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredClusterAdmissionReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *clusterAdmissionReportInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&reportsv1.ClusterAdmissionReport{}, f.defaultInformer)
+}
+
+func (f *clusterAdmissionReportInformer) Lister() v1.ClusterAdmissionReportLister {
+ return v1.NewClusterAdmissionReportLister(f.Informer().GetIndexer())
+}
diff --git a/pkg/client/informers/externalversions/reports/v1/clusterbackgroundscanreport.go b/pkg/client/informers/externalversions/reports/v1/clusterbackgroundscanreport.go
new file mode 100644
index 0000000000..f65714adbb
--- /dev/null
+++ b/pkg/client/informers/externalversions/reports/v1/clusterbackgroundscanreport.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ "context"
+ time "time"
+
+ reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+ v1 "github.com/kyverno/kyverno/pkg/client/listers/reports/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// ClusterBackgroundScanReportInformer provides access to a shared informer and lister for
+// ClusterBackgroundScanReports.
+type ClusterBackgroundScanReportInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() v1.ClusterBackgroundScanReportLister
+}
+
+type clusterBackgroundScanReportInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewClusterBackgroundScanReportInformer constructs a new informer for ClusterBackgroundScanReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewClusterBackgroundScanReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredClusterBackgroundScanReportInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredClusterBackgroundScanReportInformer constructs a new informer for ClusterBackgroundScanReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredClusterBackgroundScanReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ &cache.ListWatch{
+ ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.ReportsV1().ClusterBackgroundScanReports().List(context.TODO(), options)
+ },
+ WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.ReportsV1().ClusterBackgroundScanReports().Watch(context.TODO(), options)
+ },
+ },
+ &reportsv1.ClusterBackgroundScanReport{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *clusterBackgroundScanReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredClusterBackgroundScanReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *clusterBackgroundScanReportInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&reportsv1.ClusterBackgroundScanReport{}, f.defaultInformer)
+}
+
+func (f *clusterBackgroundScanReportInformer) Lister() v1.ClusterBackgroundScanReportLister {
+ return v1.NewClusterBackgroundScanReportLister(f.Informer().GetIndexer())
+}
diff --git a/pkg/client/informers/externalversions/reports/v1/interface.go b/pkg/client/informers/externalversions/reports/v1/interface.go
new file mode 100644
index 0000000000..f83291cfc0
--- /dev/null
+++ b/pkg/client/informers/externalversions/reports/v1/interface.go
@@ -0,0 +1,66 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+)
+
+// Interface provides access to all the informers in this group version.
+type Interface interface {
+ // AdmissionReports returns a AdmissionReportInformer.
+ AdmissionReports() AdmissionReportInformer
+ // BackgroundScanReports returns a BackgroundScanReportInformer.
+ BackgroundScanReports() BackgroundScanReportInformer
+ // ClusterAdmissionReports returns a ClusterAdmissionReportInformer.
+ ClusterAdmissionReports() ClusterAdmissionReportInformer
+ // ClusterBackgroundScanReports returns a ClusterBackgroundScanReportInformer.
+ ClusterBackgroundScanReports() ClusterBackgroundScanReportInformer
+}
+
+type version struct {
+ factory internalinterfaces.SharedInformerFactory
+ namespace string
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+ return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// AdmissionReports returns a AdmissionReportInformer.
+func (v *version) AdmissionReports() AdmissionReportInformer {
+ return &admissionReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
+
+// BackgroundScanReports returns a BackgroundScanReportInformer.
+func (v *version) BackgroundScanReports() BackgroundScanReportInformer {
+ return &backgroundScanReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
+
+// ClusterAdmissionReports returns a ClusterAdmissionReportInformer.
+func (v *version) ClusterAdmissionReports() ClusterAdmissionReportInformer {
+ return &clusterAdmissionReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
+// ClusterBackgroundScanReports returns a ClusterBackgroundScanReportInformer.
+func (v *version) ClusterBackgroundScanReports() ClusterBackgroundScanReportInformer {
+ return &clusterBackgroundScanReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
diff --git a/pkg/client/listers/reports/v1/admissionreport.go b/pkg/client/listers/reports/v1/admissionreport.go
new file mode 100644
index 0000000000..8c64286977
--- /dev/null
+++ b/pkg/client/listers/reports/v1/admissionreport.go
@@ -0,0 +1,99 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/client-go/tools/cache"
+)
+
+// AdmissionReportLister helps list AdmissionReports.
+// All objects returned here must be treated as read-only.
+type AdmissionReportLister interface {
+ // List lists all AdmissionReports in the indexer.
+ // Objects returned here must be treated as read-only.
+ List(selector labels.Selector) (ret []*v1.AdmissionReport, err error)
+ // AdmissionReports returns an object that can list and get AdmissionReports.
+ AdmissionReports(namespace string) AdmissionReportNamespaceLister
+ AdmissionReportListerExpansion
+}
+
+// admissionReportLister implements the AdmissionReportLister interface.
+type admissionReportLister struct {
+ indexer cache.Indexer
+}
+
+// NewAdmissionReportLister returns a new AdmissionReportLister.
+func NewAdmissionReportLister(indexer cache.Indexer) AdmissionReportLister {
+ return &admissionReportLister{indexer: indexer}
+}
+
+// List lists all AdmissionReports in the indexer.
+func (s *admissionReportLister) List(selector labels.Selector) (ret []*v1.AdmissionReport, err error) {
+ err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1.AdmissionReport))
+ })
+ return ret, err
+}
+
+// AdmissionReports returns an object that can list and get AdmissionReports.
+func (s *admissionReportLister) AdmissionReports(namespace string) AdmissionReportNamespaceLister {
+ return admissionReportNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// AdmissionReportNamespaceLister helps list and get AdmissionReports.
+// All objects returned here must be treated as read-only.
+type AdmissionReportNamespaceLister interface {
+ // List lists all AdmissionReports in the indexer for a given namespace.
+ // Objects returned here must be treated as read-only.
+ List(selector labels.Selector) (ret []*v1.AdmissionReport, err error)
+ // Get retrieves the AdmissionReport from the indexer for a given namespace and name.
+ // Objects returned here must be treated as read-only.
+ Get(name string) (*v1.AdmissionReport, error)
+ AdmissionReportNamespaceListerExpansion
+}
+
+// admissionReportNamespaceLister implements the AdmissionReportNamespaceLister
+// interface.
+type admissionReportNamespaceLister struct {
+ indexer cache.Indexer
+ namespace string
+}
+
+// List lists all AdmissionReports in the indexer for a given namespace.
+func (s admissionReportNamespaceLister) List(selector labels.Selector) (ret []*v1.AdmissionReport, err error) {
+ err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1.AdmissionReport))
+ })
+ return ret, err
+}
+
+// Get retrieves the AdmissionReport from the indexer for a given namespace and name.
+func (s admissionReportNamespaceLister) Get(name string) (*v1.AdmissionReport, error) {
+ obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+ if err != nil {
+ return nil, err
+ }
+ if !exists {
+ return nil, errors.NewNotFound(v1.Resource("admissionreport"), name)
+ }
+ return obj.(*v1.AdmissionReport), nil
+}
diff --git a/pkg/client/listers/reports/v1/backgroundscanreport.go b/pkg/client/listers/reports/v1/backgroundscanreport.go
new file mode 100644
index 0000000000..9462a4146b
--- /dev/null
+++ b/pkg/client/listers/reports/v1/backgroundscanreport.go
@@ -0,0 +1,99 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/client-go/tools/cache"
+)
+
+// BackgroundScanReportLister helps list BackgroundScanReports.
+// All objects returned here must be treated as read-only.
+type BackgroundScanReportLister interface {
+ // List lists all BackgroundScanReports in the indexer.
+ // Objects returned here must be treated as read-only.
+ List(selector labels.Selector) (ret []*v1.BackgroundScanReport, err error)
+ // BackgroundScanReports returns an object that can list and get BackgroundScanReports.
+ BackgroundScanReports(namespace string) BackgroundScanReportNamespaceLister
+ BackgroundScanReportListerExpansion
+}
+
+// backgroundScanReportLister implements the BackgroundScanReportLister interface.
+type backgroundScanReportLister struct {
+ indexer cache.Indexer
+}
+
+// NewBackgroundScanReportLister returns a new BackgroundScanReportLister.
+func NewBackgroundScanReportLister(indexer cache.Indexer) BackgroundScanReportLister {
+ return &backgroundScanReportLister{indexer: indexer}
+}
+
+// List lists all BackgroundScanReports in the indexer.
+func (s *backgroundScanReportLister) List(selector labels.Selector) (ret []*v1.BackgroundScanReport, err error) {
+ err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1.BackgroundScanReport))
+ })
+ return ret, err
+}
+
+// BackgroundScanReports returns an object that can list and get BackgroundScanReports.
+func (s *backgroundScanReportLister) BackgroundScanReports(namespace string) BackgroundScanReportNamespaceLister {
+ return backgroundScanReportNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// BackgroundScanReportNamespaceLister helps list and get BackgroundScanReports.
+// All objects returned here must be treated as read-only.
+type BackgroundScanReportNamespaceLister interface {
+ // List lists all BackgroundScanReports in the indexer for a given namespace.
+ // Objects returned here must be treated as read-only.
+ List(selector labels.Selector) (ret []*v1.BackgroundScanReport, err error)
+ // Get retrieves the BackgroundScanReport from the indexer for a given namespace and name.
+ // Objects returned here must be treated as read-only.
+ Get(name string) (*v1.BackgroundScanReport, error)
+ BackgroundScanReportNamespaceListerExpansion
+}
+
+// backgroundScanReportNamespaceLister implements the BackgroundScanReportNamespaceLister
+// interface.
+type backgroundScanReportNamespaceLister struct {
+ indexer cache.Indexer
+ namespace string
+}
+
+// List lists all BackgroundScanReports in the indexer for a given namespace.
+func (s backgroundScanReportNamespaceLister) List(selector labels.Selector) (ret []*v1.BackgroundScanReport, err error) {
+ err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1.BackgroundScanReport))
+ })
+ return ret, err
+}
+
+// Get retrieves the BackgroundScanReport from the indexer for a given namespace and name.
+func (s backgroundScanReportNamespaceLister) Get(name string) (*v1.BackgroundScanReport, error) {
+ obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+ if err != nil {
+ return nil, err
+ }
+ if !exists {
+ return nil, errors.NewNotFound(v1.Resource("backgroundscanreport"), name)
+ }
+ return obj.(*v1.BackgroundScanReport), nil
+}
diff --git a/pkg/client/listers/reports/v1/clusteradmissionreport.go b/pkg/client/listers/reports/v1/clusteradmissionreport.go
new file mode 100644
index 0000000000..3eda22266d
--- /dev/null
+++ b/pkg/client/listers/reports/v1/clusteradmissionreport.go
@@ -0,0 +1,68 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/client-go/tools/cache"
+)
+
+// ClusterAdmissionReportLister helps list ClusterAdmissionReports.
+// All objects returned here must be treated as read-only.
+type ClusterAdmissionReportLister interface {
+ // List lists all ClusterAdmissionReports in the indexer.
+ // Objects returned here must be treated as read-only.
+ List(selector labels.Selector) (ret []*v1.ClusterAdmissionReport, err error)
+ // Get retrieves the ClusterAdmissionReport from the index for a given name.
+ // Objects returned here must be treated as read-only.
+ Get(name string) (*v1.ClusterAdmissionReport, error)
+ ClusterAdmissionReportListerExpansion
+}
+
+// clusterAdmissionReportLister implements the ClusterAdmissionReportLister interface.
+type clusterAdmissionReportLister struct {
+ indexer cache.Indexer
+}
+
+// NewClusterAdmissionReportLister returns a new ClusterAdmissionReportLister.
+func NewClusterAdmissionReportLister(indexer cache.Indexer) ClusterAdmissionReportLister {
+ return &clusterAdmissionReportLister{indexer: indexer}
+}
+
+// List lists all ClusterAdmissionReports in the indexer.
+func (s *clusterAdmissionReportLister) List(selector labels.Selector) (ret []*v1.ClusterAdmissionReport, err error) {
+ err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1.ClusterAdmissionReport))
+ })
+ return ret, err
+}
+
+// Get retrieves the ClusterAdmissionReport from the index for a given name.
+func (s *clusterAdmissionReportLister) Get(name string) (*v1.ClusterAdmissionReport, error) {
+ obj, exists, err := s.indexer.GetByKey(name)
+ if err != nil {
+ return nil, err
+ }
+ if !exists {
+ return nil, errors.NewNotFound(v1.Resource("clusteradmissionreport"), name)
+ }
+ return obj.(*v1.ClusterAdmissionReport), nil
+}
diff --git a/pkg/client/listers/reports/v1/clusterbackgroundscanreport.go b/pkg/client/listers/reports/v1/clusterbackgroundscanreport.go
new file mode 100644
index 0000000000..9aaf3a49a6
--- /dev/null
+++ b/pkg/client/listers/reports/v1/clusterbackgroundscanreport.go
@@ -0,0 +1,68 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/client-go/tools/cache"
+)
+
+// ClusterBackgroundScanReportLister helps list ClusterBackgroundScanReports.
+// All objects returned here must be treated as read-only.
+type ClusterBackgroundScanReportLister interface {
+ // List lists all ClusterBackgroundScanReports in the indexer.
+ // Objects returned here must be treated as read-only.
+ List(selector labels.Selector) (ret []*v1.ClusterBackgroundScanReport, err error)
+ // Get retrieves the ClusterBackgroundScanReport from the index for a given name.
+ // Objects returned here must be treated as read-only.
+ Get(name string) (*v1.ClusterBackgroundScanReport, error)
+ ClusterBackgroundScanReportListerExpansion
+}
+
+// clusterBackgroundScanReportLister implements the ClusterBackgroundScanReportLister interface.
+type clusterBackgroundScanReportLister struct {
+ indexer cache.Indexer
+}
+
+// NewClusterBackgroundScanReportLister returns a new ClusterBackgroundScanReportLister.
+func NewClusterBackgroundScanReportLister(indexer cache.Indexer) ClusterBackgroundScanReportLister {
+ return &clusterBackgroundScanReportLister{indexer: indexer}
+}
+
+// List lists all ClusterBackgroundScanReports in the indexer.
+func (s *clusterBackgroundScanReportLister) List(selector labels.Selector) (ret []*v1.ClusterBackgroundScanReport, err error) {
+ err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1.ClusterBackgroundScanReport))
+ })
+ return ret, err
+}
+
+// Get retrieves the ClusterBackgroundScanReport from the index for a given name.
+func (s *clusterBackgroundScanReportLister) Get(name string) (*v1.ClusterBackgroundScanReport, error) {
+ obj, exists, err := s.indexer.GetByKey(name)
+ if err != nil {
+ return nil, err
+ }
+ if !exists {
+ return nil, errors.NewNotFound(v1.Resource("clusterbackgroundscanreport"), name)
+ }
+ return obj.(*v1.ClusterBackgroundScanReport), nil
+}
diff --git a/pkg/client/listers/reports/v1/expansion_generated.go b/pkg/client/listers/reports/v1/expansion_generated.go
new file mode 100644
index 0000000000..e6a59d3bf5
--- /dev/null
+++ b/pkg/client/listers/reports/v1/expansion_generated.go
@@ -0,0 +1,43 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1
+
+// AdmissionReportListerExpansion allows custom methods to be added to
+// AdmissionReportLister.
+type AdmissionReportListerExpansion interface{}
+
+// AdmissionReportNamespaceListerExpansion allows custom methods to be added to
+// AdmissionReportNamespaceLister.
+type AdmissionReportNamespaceListerExpansion interface{}
+
+// BackgroundScanReportListerExpansion allows custom methods to be added to
+// BackgroundScanReportLister.
+type BackgroundScanReportListerExpansion interface{}
+
+// BackgroundScanReportNamespaceListerExpansion allows custom methods to be added to
+// BackgroundScanReportNamespaceLister.
+type BackgroundScanReportNamespaceListerExpansion interface{}
+
+// ClusterAdmissionReportListerExpansion allows custom methods to be added to
+// ClusterAdmissionReportLister.
+type ClusterAdmissionReportListerExpansion interface{}
+
+// ClusterBackgroundScanReportListerExpansion allows custom methods to be added to
+// ClusterBackgroundScanReportLister.
+type ClusterBackgroundScanReportListerExpansion interface{}
diff --git a/pkg/clients/kyverno/clientset.generated.go b/pkg/clients/kyverno/clientset.generated.go
index 15408b5728..197102c06e 100644
--- a/pkg/clients/kyverno/clientset.generated.go
+++ b/pkg/clients/kyverno/clientset.generated.go
@@ -10,6 +10,7 @@ import (
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1"
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1"
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_policyreport_v1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
+ github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
discovery "github.com/kyverno/kyverno/pkg/clients/kyverno/discovery"
kyvernov1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov1"
kyvernov1alpha2 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov1alpha2"
@@ -17,6 +18,7 @@ import (
kyvernov2 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2"
kyvernov2alpha1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2alpha1"
kyvernov2beta1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2beta1"
+ reportsv1 "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1"
wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/clients/kyverno/wgpolicyk8sv1alpha2"
"github.com/kyverno/kyverno/pkg/metrics"
k8s_io_client_go_discovery "k8s.io/client-go/discovery"
@@ -30,6 +32,7 @@ type clientset struct {
kyvernov2 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2.KyvernoV2Interface
kyvernov2alpha1 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.KyvernoV2alpha1Interface
kyvernov2beta1 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.KyvernoV2beta1Interface
+ reportsv1 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface
wgpolicyk8sv1alpha2 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_policyreport_v1alpha2.Wgpolicyk8sV1alpha2Interface
}
@@ -54,6 +57,9 @@ func (c *clientset) KyvernoV2alpha1() github_com_kyverno_kyverno_pkg_client_clie
func (c *clientset) KyvernoV2beta1() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.KyvernoV2beta1Interface {
return c.kyvernov2beta1
}
+func (c *clientset) ReportsV1() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface {
+ return c.reportsv1
+}
func (c *clientset) Wgpolicyk8sV1alpha2() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_policyreport_v1alpha2.Wgpolicyk8sV1alpha2Interface {
return c.wgpolicyk8sv1alpha2
}
@@ -67,6 +73,7 @@ func WrapWithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versi
kyvernov2: kyvernov2.WithMetrics(inner.KyvernoV2(), m, clientType),
kyvernov2alpha1: kyvernov2alpha1.WithMetrics(inner.KyvernoV2alpha1(), m, clientType),
kyvernov2beta1: kyvernov2beta1.WithMetrics(inner.KyvernoV2beta1(), m, clientType),
+ reportsv1: reportsv1.WithMetrics(inner.ReportsV1(), m, clientType),
wgpolicyk8sv1alpha2: wgpolicyk8sv1alpha2.WithMetrics(inner.Wgpolicyk8sV1alpha2(), m, clientType),
}
}
@@ -80,6 +87,7 @@ func WrapWithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versi
kyvernov2: kyvernov2.WithTracing(inner.KyvernoV2(), "KyvernoV2"),
kyvernov2alpha1: kyvernov2alpha1.WithTracing(inner.KyvernoV2alpha1(), "KyvernoV2alpha1"),
kyvernov2beta1: kyvernov2beta1.WithTracing(inner.KyvernoV2beta1(), "KyvernoV2beta1"),
+ reportsv1: reportsv1.WithTracing(inner.ReportsV1(), "ReportsV1"),
wgpolicyk8sv1alpha2: wgpolicyk8sv1alpha2.WithTracing(inner.Wgpolicyk8sV1alpha2(), "Wgpolicyk8sV1alpha2"),
}
}
@@ -93,6 +101,7 @@ func WrapWithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versi
kyvernov2: kyvernov2.WithLogging(inner.KyvernoV2(), logger.WithValues("group", "KyvernoV2")),
kyvernov2alpha1: kyvernov2alpha1.WithLogging(inner.KyvernoV2alpha1(), logger.WithValues("group", "KyvernoV2alpha1")),
kyvernov2beta1: kyvernov2beta1.WithLogging(inner.KyvernoV2beta1(), logger.WithValues("group", "KyvernoV2beta1")),
+ reportsv1: reportsv1.WithLogging(inner.ReportsV1(), logger.WithValues("group", "ReportsV1")),
wgpolicyk8sv1alpha2: wgpolicyk8sv1alpha2.WithLogging(inner.Wgpolicyk8sV1alpha2(), logger.WithValues("group", "Wgpolicyk8sV1alpha2")),
}
}
diff --git a/pkg/clients/kyverno/reportsv1/admissionreports/resource.generated.go b/pkg/clients/kyverno/reportsv1/admissionreports/resource.generated.go
new file mode 100644
index 0000000000..52b16766fa
--- /dev/null
+++ b/pkg/clients/kyverno/reportsv1/admissionreports/resource.generated.go
@@ -0,0 +1,337 @@
+package resource
+
+import (
+ context "context"
+ "fmt"
+ "time"
+
+ "github.com/go-logr/logr"
+ github_com_kyverno_kyverno_api_kyverno_reports_v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+ "github.com/kyverno/kyverno/pkg/metrics"
+ "github.com/kyverno/kyverno/pkg/tracing"
+ "go.opentelemetry.io/otel/trace"
+ "go.uber.org/multierr"
+ k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
+ k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
+)
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface {
+ return &withLogging{inner, logger}
+}
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface {
+ return &withMetrics{inner, recorder}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface {
+ return &withTracing{inner, client, kind}
+}
+
+type withLogging struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface
+ logger logr.Logger
+}
+
+func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Create")
+ ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Create failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Create done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Delete")
+ ret0 := c.inner.Delete(arg0, arg1, arg2)
+ if err := multierr.Combine(ret0); err != nil {
+ logger.Error(err, "Delete failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Delete done", "duration", time.Since(start))
+ }
+ return ret0
+}
+func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "DeleteCollection")
+ ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+ if err := multierr.Combine(ret0); err != nil {
+ logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
+ } else {
+ logger.Info("DeleteCollection done", "duration", time.Since(start))
+ }
+ return ret0
+}
+func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Get")
+ ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Get failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Get done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReportList, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "List")
+ ret0, ret1 := c.inner.List(arg0, arg1)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "List failed", "duration", time.Since(start))
+ } else {
+ logger.Info("List done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Patch")
+ ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Patch failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Patch done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Update")
+ ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Update failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Update done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Watch")
+ ret0, ret1 := c.inner.Watch(arg0, arg1)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Watch failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Watch done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+
+type withMetrics struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface
+ recorder metrics.Recorder
+}
+
+func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "create")
+ return c.inner.Create(arg0, arg1, arg2)
+}
+func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ defer c.recorder.RecordWithContext(arg0, "delete")
+ return c.inner.Delete(arg0, arg1, arg2)
+}
+func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ defer c.recorder.RecordWithContext(arg0, "delete_collection")
+ return c.inner.DeleteCollection(arg0, arg1, arg2)
+}
+func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "get")
+ return c.inner.Get(arg0, arg1, arg2)
+}
+func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReportList, error) {
+ defer c.recorder.RecordWithContext(arg0, "list")
+ return c.inner.List(arg0, arg1)
+}
+func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "patch")
+ return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+}
+func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "update")
+ return c.inner.Update(arg0, arg1, arg2)
+}
+func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ defer c.recorder.RecordWithContext(arg0, "watch")
+ return c.inner.Watch(arg0, arg1)
+}
+
+type withTracing struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface
+ client string
+ kind string
+}
+
+func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Create"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Delete"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0 := c.inner.Delete(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret0)
+ }
+ return ret0
+}
+func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("DeleteCollection"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret0)
+ }
+ return ret0
+}
+func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Get"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReportList, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("List"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.List(arg0, arg1)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Patch"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Update"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Watch"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Watch(arg0, arg1)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
diff --git a/pkg/clients/kyverno/reportsv1/backgroundscanreports/resource.generated.go b/pkg/clients/kyverno/reportsv1/backgroundscanreports/resource.generated.go
new file mode 100644
index 0000000000..dc4794974a
--- /dev/null
+++ b/pkg/clients/kyverno/reportsv1/backgroundscanreports/resource.generated.go
@@ -0,0 +1,337 @@
+package resource
+
+import (
+ context "context"
+ "fmt"
+ "time"
+
+ "github.com/go-logr/logr"
+ github_com_kyverno_kyverno_api_kyverno_reports_v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+ "github.com/kyverno/kyverno/pkg/metrics"
+ "github.com/kyverno/kyverno/pkg/tracing"
+ "go.opentelemetry.io/otel/trace"
+ "go.uber.org/multierr"
+ k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
+ k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
+)
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface {
+ return &withLogging{inner, logger}
+}
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface {
+ return &withMetrics{inner, recorder}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface {
+ return &withTracing{inner, client, kind}
+}
+
+type withLogging struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface
+ logger logr.Logger
+}
+
+func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Create")
+ ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Create failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Create done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Delete")
+ ret0 := c.inner.Delete(arg0, arg1, arg2)
+ if err := multierr.Combine(ret0); err != nil {
+ logger.Error(err, "Delete failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Delete done", "duration", time.Since(start))
+ }
+ return ret0
+}
+func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "DeleteCollection")
+ ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+ if err := multierr.Combine(ret0); err != nil {
+ logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
+ } else {
+ logger.Info("DeleteCollection done", "duration", time.Since(start))
+ }
+ return ret0
+}
+func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Get")
+ ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Get failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Get done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReportList, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "List")
+ ret0, ret1 := c.inner.List(arg0, arg1)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "List failed", "duration", time.Since(start))
+ } else {
+ logger.Info("List done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Patch")
+ ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Patch failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Patch done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Update")
+ ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Update failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Update done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Watch")
+ ret0, ret1 := c.inner.Watch(arg0, arg1)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Watch failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Watch done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+
+type withMetrics struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface
+ recorder metrics.Recorder
+}
+
+func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "create")
+ return c.inner.Create(arg0, arg1, arg2)
+}
+func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ defer c.recorder.RecordWithContext(arg0, "delete")
+ return c.inner.Delete(arg0, arg1, arg2)
+}
+func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ defer c.recorder.RecordWithContext(arg0, "delete_collection")
+ return c.inner.DeleteCollection(arg0, arg1, arg2)
+}
+func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "get")
+ return c.inner.Get(arg0, arg1, arg2)
+}
+func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReportList, error) {
+ defer c.recorder.RecordWithContext(arg0, "list")
+ return c.inner.List(arg0, arg1)
+}
+func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "patch")
+ return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+}
+func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "update")
+ return c.inner.Update(arg0, arg1, arg2)
+}
+func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ defer c.recorder.RecordWithContext(arg0, "watch")
+ return c.inner.Watch(arg0, arg1)
+}
+
+type withTracing struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface
+ client string
+ kind string
+}
+
+func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Create"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Delete"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0 := c.inner.Delete(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret0)
+ }
+ return ret0
+}
+func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("DeleteCollection"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret0)
+ }
+ return ret0
+}
+func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Get"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReportList, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("List"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.List(arg0, arg1)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Patch"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Update"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Watch"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Watch(arg0, arg1)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
diff --git a/pkg/clients/kyverno/reportsv1/client.generated.go b/pkg/clients/kyverno/reportsv1/client.generated.go
new file mode 100644
index 0000000000..ee32ef63f7
--- /dev/null
+++ b/pkg/clients/kyverno/reportsv1/client.generated.go
@@ -0,0 +1,92 @@
+package client
+
+import (
+ "github.com/go-logr/logr"
+ github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+ admissionreports "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1/admissionreports"
+ backgroundscanreports "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1/backgroundscanreports"
+ clusteradmissionreports "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1/clusteradmissionreports"
+ clusterbackgroundscanreports "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1/clusterbackgroundscanreports"
+ "github.com/kyverno/kyverno/pkg/metrics"
+ "k8s.io/client-go/rest"
+)
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface, metrics metrics.MetricsConfigManager, clientType metrics.ClientType) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface {
+ return &withMetrics{inner, metrics, clientType}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface, client string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface {
+ return &withTracing{inner, client}
+}
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface {
+ return &withLogging{inner, logger}
+}
+
+type withMetrics struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface
+ metrics metrics.MetricsConfigManager
+ clientType metrics.ClientType
+}
+
+func (c *withMetrics) RESTClient() rest.Interface {
+ return c.inner.RESTClient()
+}
+func (c *withMetrics) AdmissionReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface {
+ recorder := metrics.NamespacedClientQueryRecorder(c.metrics, namespace, "AdmissionReport", c.clientType)
+ return admissionreports.WithMetrics(c.inner.AdmissionReports(namespace), recorder)
+}
+func (c *withMetrics) BackgroundScanReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface {
+ recorder := metrics.NamespacedClientQueryRecorder(c.metrics, namespace, "BackgroundScanReport", c.clientType)
+ return backgroundscanreports.WithMetrics(c.inner.BackgroundScanReports(namespace), recorder)
+}
+func (c *withMetrics) ClusterAdmissionReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface {
+ recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "ClusterAdmissionReport", c.clientType)
+ return clusteradmissionreports.WithMetrics(c.inner.ClusterAdmissionReports(), recorder)
+}
+func (c *withMetrics) ClusterBackgroundScanReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface {
+ recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "ClusterBackgroundScanReport", c.clientType)
+ return clusterbackgroundscanreports.WithMetrics(c.inner.ClusterBackgroundScanReports(), recorder)
+}
+
+type withTracing struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface
+ client string
+}
+
+func (c *withTracing) RESTClient() rest.Interface {
+ return c.inner.RESTClient()
+}
+func (c *withTracing) AdmissionReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface {
+ return admissionreports.WithTracing(c.inner.AdmissionReports(namespace), c.client, "AdmissionReport")
+}
+func (c *withTracing) BackgroundScanReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface {
+ return backgroundscanreports.WithTracing(c.inner.BackgroundScanReports(namespace), c.client, "BackgroundScanReport")
+}
+func (c *withTracing) ClusterAdmissionReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface {
+ return clusteradmissionreports.WithTracing(c.inner.ClusterAdmissionReports(), c.client, "ClusterAdmissionReport")
+}
+func (c *withTracing) ClusterBackgroundScanReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface {
+ return clusterbackgroundscanreports.WithTracing(c.inner.ClusterBackgroundScanReports(), c.client, "ClusterBackgroundScanReport")
+}
+
+type withLogging struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface
+ logger logr.Logger
+}
+
+func (c *withLogging) RESTClient() rest.Interface {
+ return c.inner.RESTClient()
+}
+func (c *withLogging) AdmissionReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface {
+ return admissionreports.WithLogging(c.inner.AdmissionReports(namespace), c.logger.WithValues("resource", "AdmissionReports").WithValues("namespace", namespace))
+}
+func (c *withLogging) BackgroundScanReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface {
+ return backgroundscanreports.WithLogging(c.inner.BackgroundScanReports(namespace), c.logger.WithValues("resource", "BackgroundScanReports").WithValues("namespace", namespace))
+}
+func (c *withLogging) ClusterAdmissionReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface {
+ return clusteradmissionreports.WithLogging(c.inner.ClusterAdmissionReports(), c.logger.WithValues("resource", "ClusterAdmissionReports"))
+}
+func (c *withLogging) ClusterBackgroundScanReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface {
+ return clusterbackgroundscanreports.WithLogging(c.inner.ClusterBackgroundScanReports(), c.logger.WithValues("resource", "ClusterBackgroundScanReports"))
+}
diff --git a/pkg/clients/kyverno/reportsv1/clusteradmissionreports/resource.generated.go b/pkg/clients/kyverno/reportsv1/clusteradmissionreports/resource.generated.go
new file mode 100644
index 0000000000..665e72f4a9
--- /dev/null
+++ b/pkg/clients/kyverno/reportsv1/clusteradmissionreports/resource.generated.go
@@ -0,0 +1,337 @@
+package resource
+
+import (
+ context "context"
+ "fmt"
+ "time"
+
+ "github.com/go-logr/logr"
+ github_com_kyverno_kyverno_api_kyverno_reports_v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+ "github.com/kyverno/kyverno/pkg/metrics"
+ "github.com/kyverno/kyverno/pkg/tracing"
+ "go.opentelemetry.io/otel/trace"
+ "go.uber.org/multierr"
+ k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
+ k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
+)
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface {
+ return &withLogging{inner, logger}
+}
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface {
+ return &withMetrics{inner, recorder}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface {
+ return &withTracing{inner, client, kind}
+}
+
+type withLogging struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface
+ logger logr.Logger
+}
+
+func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Create")
+ ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Create failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Create done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Delete")
+ ret0 := c.inner.Delete(arg0, arg1, arg2)
+ if err := multierr.Combine(ret0); err != nil {
+ logger.Error(err, "Delete failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Delete done", "duration", time.Since(start))
+ }
+ return ret0
+}
+func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "DeleteCollection")
+ ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+ if err := multierr.Combine(ret0); err != nil {
+ logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
+ } else {
+ logger.Info("DeleteCollection done", "duration", time.Since(start))
+ }
+ return ret0
+}
+func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Get")
+ ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Get failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Get done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReportList, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "List")
+ ret0, ret1 := c.inner.List(arg0, arg1)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "List failed", "duration", time.Since(start))
+ } else {
+ logger.Info("List done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Patch")
+ ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Patch failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Patch done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Update")
+ ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Update failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Update done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Watch")
+ ret0, ret1 := c.inner.Watch(arg0, arg1)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Watch failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Watch done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+
+type withMetrics struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface
+ recorder metrics.Recorder
+}
+
+func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "create")
+ return c.inner.Create(arg0, arg1, arg2)
+}
+func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ defer c.recorder.RecordWithContext(arg0, "delete")
+ return c.inner.Delete(arg0, arg1, arg2)
+}
+func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ defer c.recorder.RecordWithContext(arg0, "delete_collection")
+ return c.inner.DeleteCollection(arg0, arg1, arg2)
+}
+func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "get")
+ return c.inner.Get(arg0, arg1, arg2)
+}
+func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReportList, error) {
+ defer c.recorder.RecordWithContext(arg0, "list")
+ return c.inner.List(arg0, arg1)
+}
+func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "patch")
+ return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+}
+func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "update")
+ return c.inner.Update(arg0, arg1, arg2)
+}
+func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ defer c.recorder.RecordWithContext(arg0, "watch")
+ return c.inner.Watch(arg0, arg1)
+}
+
+type withTracing struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface
+ client string
+ kind string
+}
+
+func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Create"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Delete"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0 := c.inner.Delete(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret0)
+ }
+ return ret0
+}
+func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("DeleteCollection"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret0)
+ }
+ return ret0
+}
+func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Get"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReportList, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("List"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.List(arg0, arg1)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Patch"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Update"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Watch"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Watch(arg0, arg1)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
diff --git a/pkg/clients/kyverno/reportsv1/clusterbackgroundscanreports/resource.generated.go b/pkg/clients/kyverno/reportsv1/clusterbackgroundscanreports/resource.generated.go
new file mode 100644
index 0000000000..0777c3beac
--- /dev/null
+++ b/pkg/clients/kyverno/reportsv1/clusterbackgroundscanreports/resource.generated.go
@@ -0,0 +1,337 @@
+package resource
+
+import (
+ context "context"
+ "fmt"
+ "time"
+
+ "github.com/go-logr/logr"
+ github_com_kyverno_kyverno_api_kyverno_reports_v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+ "github.com/kyverno/kyverno/pkg/metrics"
+ "github.com/kyverno/kyverno/pkg/tracing"
+ "go.opentelemetry.io/otel/trace"
+ "go.uber.org/multierr"
+ k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
+ k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
+)
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface {
+ return &withLogging{inner, logger}
+}
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface {
+ return &withMetrics{inner, recorder}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface {
+ return &withTracing{inner, client, kind}
+}
+
+type withLogging struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface
+ logger logr.Logger
+}
+
+func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Create")
+ ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Create failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Create done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Delete")
+ ret0 := c.inner.Delete(arg0, arg1, arg2)
+ if err := multierr.Combine(ret0); err != nil {
+ logger.Error(err, "Delete failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Delete done", "duration", time.Since(start))
+ }
+ return ret0
+}
+func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "DeleteCollection")
+ ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+ if err := multierr.Combine(ret0); err != nil {
+ logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
+ } else {
+ logger.Info("DeleteCollection done", "duration", time.Since(start))
+ }
+ return ret0
+}
+func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Get")
+ ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Get failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Get done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReportList, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "List")
+ ret0, ret1 := c.inner.List(arg0, arg1)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "List failed", "duration", time.Since(start))
+ } else {
+ logger.Info("List done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Patch")
+ ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Patch failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Patch done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Update")
+ ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Update failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Update done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Watch")
+ ret0, ret1 := c.inner.Watch(arg0, arg1)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Watch failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Watch done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+
+type withMetrics struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface
+ recorder metrics.Recorder
+}
+
+func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "create")
+ return c.inner.Create(arg0, arg1, arg2)
+}
+func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ defer c.recorder.RecordWithContext(arg0, "delete")
+ return c.inner.Delete(arg0, arg1, arg2)
+}
+func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ defer c.recorder.RecordWithContext(arg0, "delete_collection")
+ return c.inner.DeleteCollection(arg0, arg1, arg2)
+}
+func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "get")
+ return c.inner.Get(arg0, arg1, arg2)
+}
+func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReportList, error) {
+ defer c.recorder.RecordWithContext(arg0, "list")
+ return c.inner.List(arg0, arg1)
+}
+func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "patch")
+ return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+}
+func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+ defer c.recorder.RecordWithContext(arg0, "update")
+ return c.inner.Update(arg0, arg1, arg2)
+}
+func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ defer c.recorder.RecordWithContext(arg0, "watch")
+ return c.inner.Watch(arg0, arg1)
+}
+
+type withTracing struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface
+ client string
+ kind string
+}
+
+func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Create"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Delete"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0 := c.inner.Delete(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret0)
+ }
+ return ret0
+}
+func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("DeleteCollection"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret0)
+ }
+ return ret0
+}
+func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Get"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReportList, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("List"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.List(arg0, arg1)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Patch"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Update"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Watch"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Watch(arg0, arg1)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
diff --git a/pkg/controllers/report/admission/controller.go b/pkg/controllers/report/admission/controller.go
index a9e3ae7e82..b8a91b4128 100644
--- a/pkg/controllers/report/admission/controller.go
+++ b/pkg/controllers/report/admission/controller.go
@@ -2,6 +2,7 @@ package admission
import (
"context"
+ "fmt"
"time"
"github.com/go-logr/logr"
@@ -11,6 +12,7 @@ import (
"github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/controllers"
"github.com/kyverno/kyverno/pkg/controllers/report/utils"
+ "github.com/kyverno/kyverno/pkg/report"
controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
reportutils "github.com/kyverno/kyverno/pkg/utils/report"
"go.uber.org/multierr"
@@ -36,8 +38,9 @@ const (
type controller struct {
// clients
- client versioned.Interface
- dclient dclient.Interface
+ client versioned.Interface
+ dclient dclient.Interface
+ reportManager report.Interface
// listers
admrLister cache.GenericLister
@@ -51,16 +54,18 @@ func NewController(
client versioned.Interface,
dclient dclient.Interface,
metadataFactory metadatainformers.SharedInformerFactory,
+ reportManager report.Interface,
) controllers.Controller {
- admrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("admissionreports"))
- cadmrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusteradmissionreports"))
+ admrInformer := reportManager.AdmissionReportInformer(metadataFactory)
+ cadmrInformer := reportManager.ClusterAdmissionReportInformer(metadataFactory)
queue := workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName)
c := controller{
- client: client,
- dclient: dclient,
- admrLister: admrInformer.Lister(),
- cadmrLister: cadmrInformer.Lister(),
- queue: queue,
+ client: client,
+ dclient: dclient,
+ reportManager: reportManager,
+ admrLister: admrInformer.Lister(),
+ cadmrLister: cadmrInformer.Lister(),
+ queue: queue,
}
if _, err := controllerutils.AddEventHandlersT(
admrInformer.Informer(),
@@ -110,9 +115,9 @@ func (c *controller) getReports(uid types.UID) ([]metav1.Object, error) {
func (c *controller) fetchReport(ctx context.Context, namespace, name string) (kyvernov1alpha2.ReportInterface, error) {
if namespace == "" {
- return c.client.KyvernoV1alpha2().ClusterAdmissionReports().Get(ctx, name, metav1.GetOptions{})
+ return c.reportManager.GetClusterAdmissionReports(ctx, name, metav1.GetOptions{})
} else {
- return c.client.KyvernoV1alpha2().AdmissionReports(namespace).Get(ctx, name, metav1.GetOptions{})
+ return c.reportManager.GetAdmissionReports(ctx, name, namespace, metav1.GetOptions{})
}
}
@@ -142,18 +147,26 @@ func (c *controller) fetchReports(ctx context.Context, uid types.UID) ([]kyverno
} else {
for n := range ns {
if n == "" {
- cadmrs, err := c.client.KyvernoV1alpha2().ClusterAdmissionReports().List(ctx, metav1.ListOptions{LabelSelector: selector.String()})
+ cadmrsObj, err := c.reportManager.ListClusterAdmissionReports(ctx, metav1.ListOptions{LabelSelector: selector.String()})
if err != nil {
return nil, err
}
+ cadmrs, ok := cadmrsObj.(*kyvernov1alpha2.ClusterAdmissionReportList)
+ if !ok {
+ return nil, fmt.Errorf("failed to convert runtime object to cluster admission report list")
+ }
for i := range cadmrs.Items {
results = append(results, &cadmrs.Items[i])
}
} else {
- admrs, err := c.client.KyvernoV1alpha2().AdmissionReports(n).List(ctx, metav1.ListOptions{LabelSelector: selector.String()})
+ admrsObj, err := c.reportManager.ListAdmissionReports(ctx, n, metav1.ListOptions{LabelSelector: selector.String()})
if err != nil {
return nil, err
}
+ admrs, ok := admrsObj.(*kyvernov1alpha2.AdmissionReportList)
+ if !ok {
+ return nil, fmt.Errorf("failed to convert runtime object to admission report list")
+ }
for i := range admrs.Items {
results = append(results, &admrs.Items[i])
}
@@ -165,9 +178,9 @@ func (c *controller) fetchReports(ctx context.Context, uid types.UID) ([]kyverno
func (c *controller) deleteReport(ctx context.Context, namespace, name string) error {
if namespace == "" {
- return c.client.KyvernoV1alpha2().ClusterAdmissionReports().Delete(ctx, name, metav1.DeleteOptions{})
+ return c.reportManager.DeleteClusterAdmissionReports(ctx, name, metav1.DeleteOptions{})
} else {
- return c.client.KyvernoV1alpha2().AdmissionReports(namespace).Delete(ctx, name, metav1.DeleteOptions{})
+ return c.reportManager.DeleteAdmissionReports(ctx, name, namespace, metav1.DeleteOptions{})
}
}
@@ -224,7 +237,7 @@ func (c *controller) aggregateReports(ctx context.Context, uid types.UID) (kyver
// if we found the resource, build an aggregated report for it
if res != nil {
if aggregated == nil {
- aggregated = reportutils.NewAdmissionReport(res.GetNamespace(), string(uid), gvr, *res)
+ aggregated = c.reportManager.NewAdmissionReport(res.GetNamespace(), string(uid), gvr, *res)
controllerutils.SetOwner(aggregated, res.GetAPIVersion(), res.GetKind(), res.GetName(), uid)
controllerutils.SetLabel(aggregated, reportutils.LabelAggregatedReport, string(uid))
}
@@ -251,12 +264,12 @@ func (c *controller) aggregateReports(ctx context.Context, uid types.UID) (kyver
}
after := aggregated
if aggregated.GetResourceVersion() != "" {
- after = reportutils.DeepCopy(aggregated)
+ after = c.reportManager.DeepCopy(aggregated)
}
reportutils.SetResults(after, results...)
if after.GetResourceVersion() == "" {
if len(results) > 0 {
- if _, err := reportutils.CreateReport(ctx, after, c.client); err != nil {
+ if _, err := c.reportManager.CreateReport(ctx, after); err != nil {
errs = append(errs, err)
}
}
@@ -267,7 +280,7 @@ func (c *controller) aggregateReports(ctx context.Context, uid types.UID) (kyver
}
} else {
if !utils.ReportsAreIdentical(aggregated, after) {
- if _, err = reportutils.UpdateReport(ctx, after, c.client); err != nil {
+ if _, err = c.reportManager.UpdateReport(ctx, after); err != nil {
errs = append(errs, err)
}
}
diff --git a/pkg/controllers/report/aggregate/namespace/controller.go b/pkg/controllers/report/aggregate/namespace/controller.go
index e80e10783e..d3c6a3de7b 100644
--- a/pkg/controllers/report/aggregate/namespace/controller.go
+++ b/pkg/controllers/report/aggregate/namespace/controller.go
@@ -16,6 +16,7 @@ import (
"github.com/kyverno/kyverno/pkg/controllers"
"github.com/kyverno/kyverno/pkg/controllers/report/resource"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
+ "github.com/kyverno/kyverno/pkg/report"
controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
datautils "github.com/kyverno/kyverno/pkg/utils/data"
reportutils "github.com/kyverno/kyverno/pkg/utils/report"
@@ -42,7 +43,8 @@ const (
type controller struct {
// clients
- client versioned.Interface
+ client versioned.Interface
+ reportManager report.Interface
// listers
polLister kyvernov1listers.PolicyLister
@@ -73,19 +75,21 @@ func keyFunc(obj metav1.Object) cache.ExplicitKey {
func NewController(
client versioned.Interface,
metadataFactory metadatainformers.SharedInformerFactory,
+ reportManager report.Interface,
polInformer kyvernov1informers.PolicyInformer,
cpolInformer kyvernov1informers.ClusterPolicyInformer,
metadataCache resource.MetadataCache,
chunkSize int,
) controllers.Controller {
- admrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("admissionreports"))
- cadmrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusteradmissionreports"))
- bgscanrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports"))
- cbgscanrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"))
+ admrInformer := reportManager.AdmissionReportInformer(metadataFactory)
+ cadmrInformer := reportManager.ClusterAdmissionReportInformer(metadataFactory)
+ bgscanrInformer := reportManager.BackgroundScanReportInformer(metadataFactory)
+ cbgscanrInformer := reportManager.ClusterBackgroundScanReportInformer(metadataFactory)
polrInformer := metadataFactory.ForResource(policyreportv1alpha2.SchemeGroupVersion.WithResource("policyreports"))
cpolrInformer := metadataFactory.ForResource(policyreportv1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports"))
c := controller{
client: client,
+ reportManager: reportManager,
polLister: polInformer.Lister(),
cpolLister: cpolInformer.Lister(),
admrLister: admrInformer.Lister(),
@@ -141,7 +145,7 @@ func (c *controller) mergeAdmissionReports(ctx context.Context, namespace string
if namespace == "" {
next := ""
for {
- cadms, err := c.client.KyvernoV1alpha2().ClusterAdmissionReports().List(ctx, metav1.ListOptions{
+ cadmsObj, err := c.reportManager.ListClusterAdmissionReports(ctx, metav1.ListOptions{
// no need to consider non aggregated reports
LabelSelector: reportutils.LabelAggregatedReport,
Limit: mergeLimit,
@@ -150,6 +154,10 @@ func (c *controller) mergeAdmissionReports(ctx context.Context, namespace string
if err != nil {
return err
}
+ cadms, ok := cadmsObj.(*kyvernov1alpha2.ClusterAdmissionReportList)
+ if !ok {
+ return fmt.Errorf("failed to convert runtime object to cluster admission report list")
+ }
next = cadms.Continue
for i := range cadms.Items {
mergeReports(policyMap, accumulator, &cadms.Items[i])
@@ -161,7 +169,7 @@ func (c *controller) mergeAdmissionReports(ctx context.Context, namespace string
} else {
next := ""
for {
- adms, err := c.client.KyvernoV1alpha2().AdmissionReports(namespace).List(ctx, metav1.ListOptions{
+ admsObj, err := c.reportManager.ListAdmissionReports(ctx, namespace, metav1.ListOptions{
// no need to consider non aggregated reports
LabelSelector: reportutils.LabelAggregatedReport,
Limit: mergeLimit,
@@ -170,6 +178,10 @@ func (c *controller) mergeAdmissionReports(ctx context.Context, namespace string
if err != nil {
return err
}
+ adms, ok := admsObj.(*kyvernov1alpha2.AdmissionReportList)
+ if !ok {
+ return fmt.Errorf("failed to convert runtime object to admission report list")
+ }
next = adms.Continue
for i := range adms.Items {
mergeReports(policyMap, accumulator, &adms.Items[i])
@@ -185,13 +197,17 @@ func (c *controller) mergeBackgroundScanReports(ctx context.Context, namespace s
if namespace == "" {
next := ""
for {
- cbgscans, err := c.client.KyvernoV1alpha2().ClusterBackgroundScanReports().List(ctx, metav1.ListOptions{
+ cbgscansObj, err := c.reportManager.ListClusterBackgroundScanReports(ctx, metav1.ListOptions{
Limit: mergeLimit,
Continue: next,
})
if err != nil {
return err
}
+ cbgscans, ok := cbgscansObj.(*kyvernov1alpha2.ClusterBackgroundScanReportList)
+ if !ok {
+ return fmt.Errorf("failed to convert runtime object to admission report list")
+ }
next = cbgscans.Continue
for i := range cbgscans.Items {
mergeReports(policyMap, accumulator, &cbgscans.Items[i])
@@ -203,13 +219,17 @@ func (c *controller) mergeBackgroundScanReports(ctx context.Context, namespace s
} else {
next := ""
for {
- bgscans, err := c.client.KyvernoV1alpha2().BackgroundScanReports(namespace).List(ctx, metav1.ListOptions{
+ bgscansObj, err := c.reportManager.ListBackgroundScanReports(ctx, namespace, metav1.ListOptions{
Limit: mergeLimit,
Continue: next,
})
if err != nil {
return err
}
+ bgscans, ok := bgscansObj.(*kyvernov1alpha2.BackgroundScanReportList)
+ if !ok {
+ return fmt.Errorf("failed to convert runtime object to admission report list")
+ }
next = bgscans.Continue
for i := range bgscans.Items {
mergeReports(policyMap, accumulator, &bgscans.Items[i])
@@ -230,9 +250,9 @@ func (c *controller) reconcileReport(ctx context.Context, policyMap map[string]p
reportutils.SetPolicyLabel(report, engineapi.NewKyvernoPolicy(policy.policy))
}
}
- return reportutils.CreateReport(ctx, report, c.client)
+ return c.reportManager.CreateReport(ctx, report)
}
- after := reportutils.DeepCopy(report)
+ after := c.reportManager.DeepCopy(report)
// hold custom labels
reportutils.CleanupKyvernoLabels(after)
reportutils.SetManagedByKyvernoLabel(after)
@@ -246,7 +266,7 @@ func (c *controller) reconcileReport(ctx context.Context, policyMap map[string]p
if datautils.DeepEqual(report, after) {
return after, nil
}
- return reportutils.UpdateReport(ctx, after, c.client)
+ return c.reportManager.UpdateReport(ctx, after)
}
func (c *controller) cleanReports(ctx context.Context, actual map[string]kyvernov1alpha2.ReportInterface, expected []kyvernov1alpha2.ReportInterface) error {
@@ -256,7 +276,7 @@ func (c *controller) cleanReports(ctx context.Context, actual map[string]kyverno
}
for _, obj := range actual {
if !keep.Has(obj.GetName()) {
- err := reportutils.DeleteReport(ctx, obj, c.client)
+ err := c.reportManager.DeleteReport(ctx, obj)
if err != nil {
return err
}
diff --git a/pkg/controllers/report/aggregate/resource/controller.go b/pkg/controllers/report/aggregate/resource/controller.go
index e36659230f..4420b64da2 100644
--- a/pkg/controllers/report/aggregate/resource/controller.go
+++ b/pkg/controllers/report/aggregate/resource/controller.go
@@ -14,6 +14,7 @@ import (
kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
"github.com/kyverno/kyverno/pkg/controllers"
"github.com/kyverno/kyverno/pkg/controllers/report/resource"
+ "github.com/kyverno/kyverno/pkg/report"
controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
reportutils "github.com/kyverno/kyverno/pkg/utils/report"
corev1 "k8s.io/api/core/v1"
@@ -39,7 +40,8 @@ const (
type controller struct {
// clients
- client versioned.Interface
+ client versioned.Interface
+ reportManager report.Interface
// listers
polLister kyvernov1listers.PolicyLister
@@ -63,20 +65,22 @@ type policyMapEntry struct {
func NewController(
client versioned.Interface,
metadataFactory metadatainformers.SharedInformerFactory,
+ reportManager report.Interface,
polInformer kyvernov1informers.PolicyInformer,
cpolInformer kyvernov1informers.ClusterPolicyInformer,
vapInformer admissionregistrationv1alpha1informers.ValidatingAdmissionPolicyInformer,
metadataCache resource.MetadataCache,
chunkSize int,
) controllers.Controller {
- admrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("admissionreports"))
- cadmrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusteradmissionreports"))
- bgscanrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports"))
- cbgscanrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"))
+ admrInformer := reportManager.AdmissionReportInformer(metadataFactory)
+ cadmrInformer := reportManager.ClusterAdmissionReportInformer(metadataFactory)
+ bgscanrInformer := reportManager.BackgroundScanReportInformer(metadataFactory)
+ cbgscanrInformer := reportManager.ClusterBackgroundScanReportInformer(metadataFactory)
polrInformer := metadataFactory.ForResource(policyreportv1alpha2.SchemeGroupVersion.WithResource("policyreports"))
cpolrInformer := metadataFactory.ForResource(policyreportv1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports"))
c := controller{
client: client,
+ reportManager: reportManager,
polLister: polInformer.Lister(),
cpolLister: cpolInformer.Lister(),
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName),
@@ -216,7 +220,7 @@ func (c *controller) createVapMap() (sets.Set[string], error) {
func (c *controller) getBackgroundScanReport(ctx context.Context, namespace, name string) (kyvernov1alpha2.ReportInterface, error) {
if namespace == "" {
- report, err := c.client.KyvernoV1alpha2().ClusterBackgroundScanReports().Get(ctx, name, metav1.GetOptions{})
+ report, err := c.reportManager.GetClusterBackgroundScanReports(ctx, name, metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return nil, nil
@@ -225,7 +229,7 @@ func (c *controller) getBackgroundScanReport(ctx context.Context, namespace, nam
}
return report, nil
} else {
- report, err := c.client.KyvernoV1alpha2().BackgroundScanReports(namespace).Get(ctx, name, metav1.GetOptions{})
+ report, err := c.reportManager.GetBackgroundScanReports(ctx, name, namespace, metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return nil, nil
@@ -238,7 +242,7 @@ func (c *controller) getBackgroundScanReport(ctx context.Context, namespace, nam
func (c *controller) getAdmissionReport(ctx context.Context, namespace, name string) (kyvernov1alpha2.ReportInterface, error) {
if namespace == "" {
- report, err := c.client.KyvernoV1alpha2().ClusterAdmissionReports().Get(ctx, name, metav1.GetOptions{})
+ report, err := c.reportManager.GetClusterAdmissionReports(ctx, name, metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return nil, nil
@@ -247,7 +251,7 @@ func (c *controller) getAdmissionReport(ctx context.Context, namespace, name str
}
return report, nil
} else {
- report, err := c.client.KyvernoV1alpha2().AdmissionReports(namespace).Get(ctx, name, metav1.GetOptions{})
+ report, err := c.reportManager.GetAdmissionReports(ctx, name, namespace, metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return nil, nil
@@ -334,29 +338,29 @@ func (c *controller) reconcile(ctx context.Context, logger logr.Logger, _, names
}
if len(results) == 0 {
if !create {
- if err := deleteReport(ctx, policyReport, c.client); err != nil {
+ if err := deleteReport(ctx, policyReport, c.reportManager); err != nil {
return err
}
}
} else {
reportutils.SetResults(policyReport, results...)
if create {
- if _, err := reportutils.CreateReport(ctx, policyReport, c.client); err != nil {
+ if _, err := c.reportManager.CreateReport(ctx, policyReport); err != nil {
return err
}
} else {
- if _, err := updateReport(ctx, policyReport, c.client); err != nil {
+ if _, err := updateReport(ctx, policyReport, c.reportManager); err != nil {
return err
}
}
}
if admissionReport != nil {
- if err := deleteReport(ctx, admissionReport, c.client); err != nil {
+ if err := deleteReport(ctx, admissionReport, c.reportManager); err != nil {
return err
}
}
if backgroundReport != nil {
- if err := deleteReport(ctx, backgroundReport, c.client); err != nil {
+ if err := deleteReport(ctx, backgroundReport, c.reportManager); err != nil {
return err
}
}
@@ -366,7 +370,7 @@ func (c *controller) reconcile(ctx context.Context, logger logr.Logger, _, names
return err
}
if policyReport != nil {
- if err := deleteReport(ctx, policyReport, c.client); err != nil {
+ if err := deleteReport(ctx, policyReport, c.reportManager); err != nil {
return err
}
}
diff --git a/pkg/controllers/report/aggregate/resource/utils.go b/pkg/controllers/report/aggregate/resource/utils.go
index 765062dab5..ac05e247fb 100644
--- a/pkg/controllers/report/aggregate/resource/utils.go
+++ b/pkg/controllers/report/aggregate/resource/utils.go
@@ -6,9 +6,8 @@ import (
kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
- "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ "github.com/kyverno/kyverno/pkg/report"
controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
- reportutils "github.com/kyverno/kyverno/pkg/utils/report"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/sets"
)
@@ -42,16 +41,16 @@ func mergeReports(policyMap map[string]policyMapEntry, vapMap sets.Set[string],
}
}
-func deleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) error {
+func deleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, reportManager report.Interface) error {
if !controllerutils.IsManagedByKyverno(report) {
return errors.New("can't delete report because it is not managed by kyverno")
}
- return reportutils.DeleteReport(ctx, report, client)
+ return reportManager.DeleteReport(ctx, report)
}
-func updateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
+func updateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, reportManager report.Interface) (kyvernov1alpha2.ReportInterface, error) {
if !controllerutils.IsManagedByKyverno(report) {
return nil, errors.New("can't update report because it is not managed by kyverno")
}
- return reportutils.UpdateReport(ctx, report, client)
+ return reportManager.UpdateReport(ctx, report)
}
diff --git a/pkg/controllers/report/background/controller.go b/pkg/controllers/report/background/controller.go
index d97912cbfb..eb51900ebd 100644
--- a/pkg/controllers/report/background/controller.go
+++ b/pkg/controllers/report/background/controller.go
@@ -22,6 +22,7 @@ import (
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
"github.com/kyverno/kyverno/pkg/engine/jmespath"
"github.com/kyverno/kyverno/pkg/event"
+ "github.com/kyverno/kyverno/pkg/report"
controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
datautils "github.com/kyverno/kyverno/pkg/utils/data"
reportutils "github.com/kyverno/kyverno/pkg/utils/report"
@@ -52,6 +53,7 @@ type controller struct {
// clients
client dclient.Interface
kyvernoClient versioned.Interface
+ reportManager report.Interface
engine engineapi.Engine
// listers
@@ -80,6 +82,7 @@ type controller struct {
func NewController(
client dclient.Interface,
kyvernoClient versioned.Interface,
+ reportManager report.Interface,
engine engineapi.Engine,
metadataFactory metadatainformers.SharedInformerFactory,
polInformer kyvernov1informers.PolicyInformer,
@@ -94,12 +97,13 @@ func NewController(
eventGen event.Interface,
policyReports bool,
) controllers.Controller {
- bgscanr := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports"))
- cbgscanr := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"))
+ bgscanr := reportManager.BackgroundScanReportInformer(metadataFactory)
+ cbgscanr := reportManager.ClusterBackgroundScanReportInformer(metadataFactory)
queue := workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName)
c := controller{
client: client,
kyvernoClient: kyvernoClient,
+ reportManager: reportManager,
engine: engine,
polLister: polInformer.Lister(),
cpolLister: cpolInformer.Lister(),
@@ -199,9 +203,9 @@ func (c *controller) enqueueResources() {
func (c *controller) getReport(ctx context.Context, namespace, name string) (kyvernov1alpha2.ReportInterface, error) {
if namespace == "" {
- return c.kyvernoClient.KyvernoV1alpha2().ClusterBackgroundScanReports().Get(ctx, name, metav1.GetOptions{})
+ return c.reportManager.GetClusterBackgroundScanReports(ctx, name, metav1.GetOptions{})
} else {
- return c.kyvernoClient.KyvernoV1alpha2().BackgroundScanReports(namespace).Get(ctx, name, metav1.GetOptions{})
+ return c.reportManager.GetBackgroundScanReports(ctx, name, namespace, metav1.GetOptions{})
}
}
@@ -300,7 +304,7 @@ func (c *controller) reconcileReport(
if !apierrors.IsNotFound(err) {
return err
}
- observed = reportutils.NewBackgroundScanReport(namespace, name, gvk, resource.Name, uid)
+ observed = c.reportManager.NewBackgroundScanReport(namespace, name, gvk, resource.Name, uid)
}
// build desired report
expected := map[string]string{}
@@ -372,7 +376,7 @@ func (c *controller) reconcileReport(
}
}
}
- desired := reportutils.DeepCopy(observed)
+ desired := c.reportManager.DeepCopy(observed)
for key := range desired.GetLabels() {
if reportutils.IsPolicyLabel(key) {
delete(desired.GetLabels(), key)
@@ -402,19 +406,19 @@ func (c *controller) storeReport(ctx context.Context, observed, desired kyvernov
if !hasReport && !wantsReport {
return nil
} else if !hasReport && wantsReport {
- _, err = reportutils.CreateReport(ctx, desired, c.kyvernoClient)
+ _, err = c.reportManager.CreateReport(ctx, desired)
return err
} else if hasReport && !wantsReport {
if observed.GetNamespace() == "" {
- return c.kyvernoClient.KyvernoV1alpha2().ClusterBackgroundScanReports().Delete(ctx, observed.GetName(), metav1.DeleteOptions{})
+ return c.reportManager.DeleteClusterBackgroundScanReports(ctx, observed.GetName(), metav1.DeleteOptions{})
} else {
- return c.kyvernoClient.KyvernoV1alpha2().BackgroundScanReports(observed.GetNamespace()).Delete(ctx, observed.GetName(), metav1.DeleteOptions{})
+ return c.reportManager.DeleteBackgroundScanReports(ctx, observed.GetName(), observed.GetNamespace(), metav1.DeleteOptions{})
}
} else {
if utils.ReportsAreIdentical(observed, desired) {
return nil
}
- _, err = reportutils.UpdateReport(ctx, desired, c.kyvernoClient)
+ _, err = c.reportManager.UpdateReport(ctx, desired)
return err
}
}
@@ -434,9 +438,9 @@ func (c *controller) reconcile(ctx context.Context, log logr.Logger, key, namesp
return nil
} else {
if report.GetNamespace() == "" {
- return c.kyvernoClient.KyvernoV1alpha2().ClusterBackgroundScanReports().Delete(ctx, report.GetName(), metav1.DeleteOptions{})
+ return c.reportManager.DeleteClusterBackgroundScanReports(ctx, report.GetName(), metav1.DeleteOptions{})
} else {
- return c.kyvernoClient.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Delete(ctx, report.GetName(), metav1.DeleteOptions{})
+ return c.reportManager.DeleteBackgroundScanReports(ctx, report.GetName(), report.GetNamespace(), metav1.DeleteOptions{})
}
}
}
diff --git a/pkg/report/copy.go b/pkg/report/copy.go
new file mode 100644
index 0000000000..2c28eeaadc
--- /dev/null
+++ b/pkg/report/copy.go
@@ -0,0 +1,45 @@
+package report
+
+import (
+ reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
+ policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+)
+
+func deepCopyV1Alpha2(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface {
+ switch v := report.(type) {
+ case *kyvernov1alpha2.AdmissionReport:
+ return v.DeepCopy()
+ case *kyvernov1alpha2.ClusterAdmissionReport:
+ return v.DeepCopy()
+ case *kyvernov1alpha2.BackgroundScanReport:
+ return v.DeepCopy()
+ case *kyvernov1alpha2.ClusterBackgroundScanReport:
+ return v.DeepCopy()
+ case *policyreportv1alpha2.PolicyReport:
+ return v.DeepCopy()
+ case *policyreportv1alpha2.ClusterPolicyReport:
+ return v.DeepCopy()
+ default:
+ return nil
+ }
+}
+
+func deepCopyReportV1(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface {
+ switch v := report.(type) {
+ case *reportv1.AdmissionReport:
+ return v.DeepCopy()
+ case *reportv1.ClusterAdmissionReport:
+ return v.DeepCopy()
+ case *reportv1.BackgroundScanReport:
+ return v.DeepCopy()
+ case *reportv1.ClusterBackgroundScanReport:
+ return v.DeepCopy()
+ case *policyreportv1alpha2.PolicyReport:
+ return v.DeepCopy()
+ case *policyreportv1alpha2.ClusterPolicyReport:
+ return v.DeepCopy()
+ default:
+ return nil
+ }
+}
diff --git a/pkg/report/create.go b/pkg/report/create.go
new file mode 100644
index 0000000000..978e80374b
--- /dev/null
+++ b/pkg/report/create.go
@@ -0,0 +1,62 @@
+package report
+
+import (
+ "context"
+ "errors"
+
+ reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
+ policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+ "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func createV1Alpha1Report(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
+ switch v := report.(type) {
+ case *kyvernov1alpha2.AdmissionReport:
+ report, err := client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
+ return report, err
+ case *kyvernov1alpha2.ClusterAdmissionReport:
+ report, err := client.KyvernoV1alpha2().ClusterAdmissionReports().Create(ctx, v, metav1.CreateOptions{})
+ return report, err
+ case *kyvernov1alpha2.BackgroundScanReport:
+ report, err := client.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
+ return report, err
+ case *kyvernov1alpha2.ClusterBackgroundScanReport:
+ report, err := client.KyvernoV1alpha2().ClusterBackgroundScanReports().Create(ctx, v, metav1.CreateOptions{})
+ return report, err
+ case *policyreportv1alpha2.PolicyReport:
+ report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
+ return report, err
+ case *policyreportv1alpha2.ClusterPolicyReport:
+ report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Create(ctx, v, metav1.CreateOptions{})
+ return report, err
+ default:
+ return nil, errors.New("unknow type")
+ }
+}
+
+func createReportV1Report(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
+ switch v := report.(type) {
+ case *reportv1.AdmissionReport:
+ report, err := client.ReportsV1().AdmissionReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
+ return report, err
+ case *reportv1.ClusterAdmissionReport:
+ report, err := client.ReportsV1().ClusterAdmissionReports().Create(ctx, v, metav1.CreateOptions{})
+ return report, err
+ case *reportv1.BackgroundScanReport:
+ report, err := client.ReportsV1().BackgroundScanReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
+ return report, err
+ case *reportv1.ClusterBackgroundScanReport:
+ report, err := client.ReportsV1().ClusterBackgroundScanReports().Create(ctx, v, metav1.CreateOptions{})
+ return report, err
+ case *policyreportv1alpha2.PolicyReport:
+ report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
+ return report, err
+ case *policyreportv1alpha2.ClusterPolicyReport:
+ report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Create(ctx, v, metav1.CreateOptions{})
+ return report, err
+ default:
+ return nil, errors.New("unknow type")
+ }
+}
diff --git a/pkg/utils/report/delete.go b/pkg/report/delete.go
similarity index 50%
rename from pkg/utils/report/delete.go
rename to pkg/report/delete.go
index 4ea76bd04e..e7f01f85a5 100644
--- a/pkg/utils/report/delete.go
+++ b/pkg/report/delete.go
@@ -4,13 +4,14 @@ import (
"context"
"errors"
+ reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
-func DeleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) error {
+func deleteV1Alpha1Reports(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) error {
switch v := report.(type) {
case *kyvernov1alpha2.AdmissionReport:
return client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Delete(ctx, v.GetName(), metav1.DeleteOptions{})
@@ -28,3 +29,22 @@ func DeleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, c
return errors.New("unknow type")
}
}
+
+func deleteReportV1Reports(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) error {
+ switch v := report.(type) {
+ case *reportv1.AdmissionReport:
+ return client.ReportsV1().AdmissionReports(report.GetNamespace()).Delete(ctx, v.GetName(), metav1.DeleteOptions{})
+ case *reportv1.ClusterAdmissionReport:
+ return client.ReportsV1().ClusterAdmissionReports().Delete(ctx, v.GetName(), metav1.DeleteOptions{})
+ case *reportv1.BackgroundScanReport:
+ return client.ReportsV1().BackgroundScanReports(report.GetNamespace()).Delete(ctx, v.GetName(), metav1.DeleteOptions{})
+ case *reportv1.ClusterBackgroundScanReport:
+ return client.ReportsV1().ClusterBackgroundScanReports().Delete(ctx, v.GetName(), metav1.DeleteOptions{})
+ case *policyreportv1alpha2.PolicyReport:
+ return client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Delete(ctx, v.GetName(), metav1.DeleteOptions{})
+ case *policyreportv1alpha2.ClusterPolicyReport:
+ return client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Delete(ctx, v.GetName(), metav1.DeleteOptions{})
+ default:
+ return errors.New("unknow type")
+ }
+}
diff --git a/pkg/report/new.go b/pkg/report/new.go
new file mode 100644
index 0000000000..4d09330938
--- /dev/null
+++ b/pkg/report/new.go
@@ -0,0 +1,88 @@
+package report
+
+import (
+ reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
+ kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
+ engineapi "github.com/kyverno/kyverno/pkg/engine/api"
+ controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
+ reportutils "github.com/kyverno/kyverno/pkg/utils/report"
+ admissionv1 "k8s.io/api/admission/v1"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ "k8s.io/apimachinery/pkg/runtime/schema"
+ "k8s.io/apimachinery/pkg/types"
+)
+
+func newAdmissionReportV1Alpha1(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface {
+ var report kyvernov1alpha2.ReportInterface
+ if namespace == "" {
+ report = &kyvernov1alpha2.ClusterAdmissionReport{Spec: kyvernov2.AdmissionReportSpec{}}
+ } else {
+ report = &kyvernov1alpha2.AdmissionReport{Spec: kyvernov2.AdmissionReportSpec{}}
+ }
+ report.SetName(name)
+ report.SetNamespace(namespace)
+ reportutils.SetResourceUid(report, resource.GetUID())
+ reportutils.SetResourceGVR(report, gvr)
+ reportutils.SetResourceNamespaceAndName(report, resource.GetNamespace(), resource.GetName())
+ reportutils.SetManagedByKyvernoLabel(report)
+ return report
+}
+
+func buildAdmissionReportV1Alpha1(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface {
+ report := newAdmissionReportV1Alpha1(resource.GetNamespace(), string(request.UID), schema.GroupVersionResource(request.Resource), resource)
+ reportutils.SetResponses(report, responses...)
+ return report
+}
+
+func newAdmissionReportReportV1(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface {
+ var report kyvernov1alpha2.ReportInterface
+ if namespace == "" {
+ report = &reportv1.ClusterAdmissionReport{Spec: reportv1.AdmissionReportSpec{}}
+ } else {
+ report = &reportv1.AdmissionReport{Spec: reportv1.AdmissionReportSpec{}}
+ }
+ report.SetName(name)
+ report.SetNamespace(namespace)
+ reportutils.SetResourceUid(report, resource.GetUID())
+ reportutils.SetResourceGVR(report, gvr)
+ reportutils.SetResourceNamespaceAndName(report, resource.GetNamespace(), resource.GetName())
+ reportutils.SetManagedByKyvernoLabel(report)
+ return report
+}
+
+func buildAdmissionReportReportV1(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface {
+ report := newAdmissionReportReportV1(resource.GetNamespace(), string(request.UID), schema.GroupVersionResource(request.Resource), resource)
+ reportutils.SetResponses(report, responses...)
+ return report
+}
+
+func newBackgroundScanReportV1Alpha1(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface {
+ var report kyvernov1alpha2.ReportInterface
+ if namespace == "" {
+ report = &kyvernov1alpha2.ClusterBackgroundScanReport{}
+ } else {
+ report = &kyvernov1alpha2.BackgroundScanReport{}
+ }
+ report.SetName(name)
+ report.SetNamespace(namespace)
+ controllerutils.SetOwner(report, gvk.GroupVersion().String(), gvk.Kind, owner, uid)
+ reportutils.SetResourceUid(report, uid)
+ reportutils.SetManagedByKyvernoLabel(report)
+ return report
+}
+
+func newBackgroundScanReportReportsV1(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface {
+ var report kyvernov1alpha2.ReportInterface
+ if namespace == "" {
+ report = &reportv1.ClusterBackgroundScanReport{}
+ } else {
+ report = &reportv1.BackgroundScanReport{}
+ }
+ report.SetName(name)
+ report.SetNamespace(namespace)
+ controllerutils.SetOwner(report, gvk.GroupVersion().String(), gvk.Kind, owner, uid)
+ reportutils.SetResourceUid(report, uid)
+ reportutils.SetManagedByKyvernoLabel(report)
+ return report
+}
diff --git a/pkg/report/report_manager.go b/pkg/report/report_manager.go
new file mode 100644
index 0000000000..9eaed635b2
--- /dev/null
+++ b/pkg/report/report_manager.go
@@ -0,0 +1,247 @@
+package report
+
+import (
+ "context"
+
+ reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
+ "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ engineapi "github.com/kyverno/kyverno/pkg/engine/api"
+ admissionv1 "k8s.io/api/admission/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/runtime/schema"
+ "k8s.io/apimachinery/pkg/types"
+ "k8s.io/client-go/informers"
+ metadatainformers "k8s.io/client-go/metadata/metadatainformer"
+)
+
+type reportManager struct {
+ storeInDB bool
+ client versioned.Interface
+}
+
+type Interface interface {
+ CreateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) (kyvernov1alpha2.ReportInterface, error)
+ UpdateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) (kyvernov1alpha2.ReportInterface, error)
+ DeleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) error
+
+ NewAdmissionReport(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface
+ BuildAdmissionReport(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface
+ NewBackgroundScanReport(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface
+
+ GetAdmissionReports(ctx context.Context, name string, namespace string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error)
+ ListAdmissionReports(ctx context.Context, namespace string, opts metav1.ListOptions) (runtime.Object, error)
+ DeleteAdmissionReports(ctx context.Context, name, namespace string, opts metav1.DeleteOptions) error
+
+ GetBackgroundScanReports(ctx context.Context, name string, namespace string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error)
+ ListBackgroundScanReports(ctx context.Context, namespace string, opts metav1.ListOptions) (runtime.Object, error)
+ DeleteBackgroundScanReports(ctx context.Context, name, namespace string, opts metav1.DeleteOptions) error
+
+ GetClusterAdmissionReports(ctx context.Context, name string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error)
+ ListClusterAdmissionReports(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error)
+ DeleteClusterAdmissionReports(ctx context.Context, namespace string, opts metav1.DeleteOptions) error
+
+ GetClusterBackgroundScanReports(ctx context.Context, name string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error)
+ ListClusterBackgroundScanReports(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error)
+ DeleteClusterBackgroundScanReports(ctx context.Context, namespace string, opts metav1.DeleteOptions) error
+
+ AdmissionReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer
+ ClusterAdmissionReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer
+ BackgroundScanReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer
+ ClusterBackgroundScanReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer
+
+ DeepCopy(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface
+}
+
+func NewReportManager(storeInDB bool, client versioned.Interface) Interface {
+ return &reportManager{
+ storeInDB: storeInDB,
+ client: client,
+ }
+}
+
+func (r *reportManager) CreateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) (kyvernov1alpha2.ReportInterface, error) {
+ if r.storeInDB {
+ return createReportV1Report(ctx, report, r.client)
+ } else {
+ return createV1Alpha1Report(ctx, report, r.client)
+ }
+}
+
+func (r *reportManager) UpdateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) (kyvernov1alpha2.ReportInterface, error) {
+ if r.storeInDB {
+ return updateReportsV1Report(ctx, report, r.client)
+ } else {
+ return updateV1Alpha1Report(ctx, report, r.client)
+ }
+}
+
+func (r *reportManager) DeleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) error {
+ if r.storeInDB {
+ return deleteReportV1Reports(ctx, report, r.client)
+ } else {
+ return deleteV1Alpha1Reports(ctx, report, r.client)
+ }
+}
+
+func (r *reportManager) GetAdmissionReports(ctx context.Context, name string, namespace string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) {
+ if r.storeInDB {
+ return r.client.ReportsV1().AdmissionReports(namespace).Get(ctx, name, opts)
+ } else {
+ return r.client.KyvernoV1alpha2().AdmissionReports(namespace).Get(ctx, name, opts)
+ }
+}
+
+func (r *reportManager) ListAdmissionReports(ctx context.Context, namespace string, opts metav1.ListOptions) (runtime.Object, error) {
+ if r.storeInDB {
+ return r.client.ReportsV1().AdmissionReports(namespace).List(ctx, opts)
+ } else {
+ return r.client.KyvernoV1alpha2().AdmissionReports(namespace).List(ctx, opts)
+ }
+}
+
+func (r *reportManager) DeleteAdmissionReports(ctx context.Context, name, namespace string, opts metav1.DeleteOptions) error {
+ if r.storeInDB {
+ return r.client.ReportsV1().AdmissionReports(namespace).Delete(ctx, name, opts)
+ } else {
+ return r.client.KyvernoV1alpha2().AdmissionReports(namespace).Delete(ctx, name, opts)
+ }
+}
+
+func (r *reportManager) GetBackgroundScanReports(ctx context.Context, name string, namespace string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) {
+ if r.storeInDB {
+ return r.client.ReportsV1().BackgroundScanReports(namespace).Get(ctx, name, opts)
+ } else {
+ return r.client.KyvernoV1alpha2().BackgroundScanReports(namespace).Get(ctx, name, opts)
+ }
+}
+
+func (r *reportManager) ListBackgroundScanReports(ctx context.Context, namespace string, opts metav1.ListOptions) (runtime.Object, error) {
+ if r.storeInDB {
+ return r.client.ReportsV1().BackgroundScanReports(namespace).List(ctx, opts)
+ } else {
+ return r.client.KyvernoV1alpha2().BackgroundScanReports(namespace).List(ctx, opts)
+ }
+}
+
+func (r *reportManager) DeleteBackgroundScanReports(ctx context.Context, name, namespace string, opts metav1.DeleteOptions) error {
+ if r.storeInDB {
+ return r.client.ReportsV1().BackgroundScanReports(namespace).Delete(ctx, name, opts)
+ } else {
+ return r.client.KyvernoV1alpha2().BackgroundScanReports(namespace).Delete(ctx, name, opts)
+ }
+}
+
+func (r *reportManager) GetClusterAdmissionReports(ctx context.Context, name string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) {
+ if r.storeInDB {
+ return r.client.ReportsV1().ClusterAdmissionReports().Get(ctx, name, opts)
+ } else {
+ return r.client.KyvernoV1alpha2().ClusterAdmissionReports().Get(ctx, name, opts)
+ }
+}
+
+func (r *reportManager) ListClusterAdmissionReports(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) {
+ if r.storeInDB {
+ return r.client.ReportsV1().ClusterAdmissionReports().List(ctx, opts)
+ } else {
+ return r.client.KyvernoV1alpha2().ClusterAdmissionReports().List(ctx, opts)
+ }
+}
+
+func (r *reportManager) DeleteClusterAdmissionReports(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+ if r.storeInDB {
+ return r.client.ReportsV1().ClusterAdmissionReports().Delete(ctx, name, opts)
+ } else {
+ return r.client.KyvernoV1alpha2().ClusterAdmissionReports().Delete(ctx, name, opts)
+ }
+}
+
+func (r *reportManager) GetClusterBackgroundScanReports(ctx context.Context, name string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) {
+ if r.storeInDB {
+ return r.client.ReportsV1().ClusterBackgroundScanReports().Get(ctx, name, opts)
+ } else {
+ return r.client.KyvernoV1alpha2().ClusterBackgroundScanReports().Get(ctx, name, opts)
+ }
+}
+
+func (r *reportManager) ListClusterBackgroundScanReports(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) {
+ if r.storeInDB {
+ return r.client.ReportsV1().ClusterBackgroundScanReports().List(ctx, opts)
+ } else {
+ return r.client.KyvernoV1alpha2().ClusterBackgroundScanReports().List(ctx, opts)
+ }
+}
+
+func (r *reportManager) DeleteClusterBackgroundScanReports(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+ if r.storeInDB {
+ return r.client.ReportsV1().ClusterBackgroundScanReports().Delete(ctx, name, opts)
+ } else {
+ return r.client.KyvernoV1alpha2().ClusterBackgroundScanReports().Delete(ctx, name, opts)
+ }
+}
+
+func (r *reportManager) NewAdmissionReport(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface {
+ if r.storeInDB {
+ return newAdmissionReportReportV1(namespace, name, gvr, resource)
+ } else {
+ return newAdmissionReportV1Alpha1(namespace, name, gvr, resource)
+ }
+}
+
+func (r *reportManager) BuildAdmissionReport(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface {
+ if r.storeInDB {
+ return buildAdmissionReportReportV1(resource, request, responses...)
+ } else {
+ return buildAdmissionReportV1Alpha1(resource, request, responses...)
+ }
+}
+
+func (r *reportManager) NewBackgroundScanReport(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface {
+ if r.storeInDB {
+ return newBackgroundScanReportReportsV1(namespace, name, gvk, owner, uid)
+ } else {
+ return newBackgroundScanReportV1Alpha1(namespace, name, gvk, owner, uid)
+ }
+}
+
+func (r *reportManager) AdmissionReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer {
+ if r.storeInDB {
+ return metadataFactory.ForResource(reportv1.SchemeGroupVersion.WithResource("admissionreports"))
+ } else {
+ return metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("admissionreports"))
+ }
+}
+
+func (r *reportManager) ClusterAdmissionReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer {
+ if r.storeInDB {
+ return metadataFactory.ForResource(reportv1.SchemeGroupVersion.WithResource("clusteradmissionreports"))
+ } else {
+ return metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusteradmissionreports"))
+ }
+}
+
+func (r *reportManager) BackgroundScanReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer {
+ if r.storeInDB {
+ return metadataFactory.ForResource(reportv1.SchemeGroupVersion.WithResource("backgroundscanreports"))
+ } else {
+ return metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports"))
+ }
+}
+
+func (r *reportManager) ClusterBackgroundScanReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer {
+ if r.storeInDB {
+ return metadataFactory.ForResource(reportv1.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"))
+ } else {
+ return metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"))
+ }
+}
+
+func (r *reportManager) DeepCopy(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface {
+ if r.storeInDB {
+ return deepCopyReportV1(report)
+ } else {
+ return deepCopyV1Alpha2(report)
+ }
+}
diff --git a/pkg/report/update.go b/pkg/report/update.go
new file mode 100644
index 0000000000..5532c852d5
--- /dev/null
+++ b/pkg/report/update.go
@@ -0,0 +1,62 @@
+package report
+
+import (
+ "context"
+ "errors"
+
+ reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+ kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
+ policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+ "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func updateV1Alpha1Report(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
+ switch v := report.(type) {
+ case *kyvernov1alpha2.AdmissionReport:
+ report, err := client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
+ return report, err
+ case *kyvernov1alpha2.ClusterAdmissionReport:
+ report, err := client.KyvernoV1alpha2().ClusterAdmissionReports().Update(ctx, v, metav1.UpdateOptions{})
+ return report, err
+ case *kyvernov1alpha2.BackgroundScanReport:
+ report, err := client.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
+ return report, err
+ case *kyvernov1alpha2.ClusterBackgroundScanReport:
+ report, err := client.KyvernoV1alpha2().ClusterBackgroundScanReports().Update(ctx, v, metav1.UpdateOptions{})
+ return report, err
+ case *policyreportv1alpha2.PolicyReport:
+ report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
+ return report, err
+ case *policyreportv1alpha2.ClusterPolicyReport:
+ report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(ctx, v, metav1.UpdateOptions{})
+ return report, err
+ default:
+ return nil, errors.New("unknow type")
+ }
+}
+
+func updateReportsV1Report(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
+ switch v := report.(type) {
+ case *reportv1.AdmissionReport:
+ report, err := client.ReportsV1().AdmissionReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
+ return report, err
+ case *reportv1.ClusterAdmissionReport:
+ report, err := client.ReportsV1().ClusterAdmissionReports().Update(ctx, v, metav1.UpdateOptions{})
+ return report, err
+ case *reportv1.BackgroundScanReport:
+ report, err := client.ReportsV1().BackgroundScanReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
+ return report, err
+ case *reportv1.ClusterBackgroundScanReport:
+ report, err := client.ReportsV1().ClusterBackgroundScanReports().Update(ctx, v, metav1.UpdateOptions{})
+ return report, err
+ case *policyreportv1alpha2.PolicyReport:
+ report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
+ return report, err
+ case *policyreportv1alpha2.ClusterPolicyReport:
+ report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(ctx, v, metav1.UpdateOptions{})
+ return report, err
+ default:
+ return nil, errors.New("unknow type")
+ }
+}
diff --git a/pkg/utils/kube/crd.go b/pkg/utils/kube/crd.go
index 52ecc3d040..1ef78416ff 100644
--- a/pkg/utils/kube/crd.go
+++ b/pkg/utils/kube/crd.go
@@ -13,10 +13,14 @@ import (
func CRDsInstalled(apiserverClient apiserver.Interface) error {
kyvernoCRDs := []string{
"admissionreports.kyverno.io",
+ "admissionreports.reports.kyverno.io",
"backgroundscanreports.kyverno.io",
+ "backgroundscanreports.reports.kyverno.io",
"cleanuppolicies.kyverno.io",
"clusteradmissionreports.kyverno.io",
+ "clusteradmissionreports.reports.kyverno.io",
"clusterbackgroundscanreports.kyverno.io",
+ "clusterbackgroundscanreports.reports.kyverno.io",
"clustercleanuppolicies.kyverno.io",
"clusterpolicies.kyverno.io",
"clusterpolicyreports.wgpolicyk8s.io",
diff --git a/pkg/utils/report/copy.go b/pkg/utils/report/copy.go
deleted file mode 100644
index 90ae88b059..0000000000
--- a/pkg/utils/report/copy.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package report
-
-import (
- kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
- policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
-)
-
-func DeepCopy(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface {
- switch v := report.(type) {
- case *kyvernov1alpha2.AdmissionReport:
- return v.DeepCopy()
- case *kyvernov1alpha2.ClusterAdmissionReport:
- return v.DeepCopy()
- case *kyvernov1alpha2.BackgroundScanReport:
- return v.DeepCopy()
- case *kyvernov1alpha2.ClusterBackgroundScanReport:
- return v.DeepCopy()
- case *policyreportv1alpha2.PolicyReport:
- return v.DeepCopy()
- case *policyreportv1alpha2.ClusterPolicyReport:
- return v.DeepCopy()
- default:
- return nil
- }
-}
diff --git a/pkg/utils/report/create.go b/pkg/utils/report/create.go
deleted file mode 100644
index 9af43e1328..0000000000
--- a/pkg/utils/report/create.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package report
-
-import (
- "context"
- "errors"
-
- kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
- policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
- "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-func CreateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
- switch v := report.(type) {
- case *kyvernov1alpha2.AdmissionReport:
- report, err := client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
- return report, err
- case *kyvernov1alpha2.ClusterAdmissionReport:
- report, err := client.KyvernoV1alpha2().ClusterAdmissionReports().Create(ctx, v, metav1.CreateOptions{})
- return report, err
- case *kyvernov1alpha2.BackgroundScanReport:
- report, err := client.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
- return report, err
- case *kyvernov1alpha2.ClusterBackgroundScanReport:
- report, err := client.KyvernoV1alpha2().ClusterBackgroundScanReports().Create(ctx, v, metav1.CreateOptions{})
- return report, err
- case *policyreportv1alpha2.PolicyReport:
- report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
- return report, err
- case *policyreportv1alpha2.ClusterPolicyReport:
- report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Create(ctx, v, metav1.CreateOptions{})
- return report, err
- default:
- return nil, errors.New("unknow type")
- }
-}
diff --git a/pkg/utils/report/new.go b/pkg/utils/report/new.go
index aa802a9b5c..97fc5e2047 100644
--- a/pkg/utils/report/new.go
+++ b/pkg/utils/report/new.go
@@ -2,54 +2,10 @@ package report
import (
kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
- kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
- engineapi "github.com/kyverno/kyverno/pkg/engine/api"
- controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
- admissionv1 "k8s.io/api/admission/v1"
corev1 "k8s.io/api/core/v1"
- "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
- "k8s.io/apimachinery/pkg/runtime/schema"
- "k8s.io/apimachinery/pkg/types"
)
-func NewAdmissionReport(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface {
- var report kyvernov1alpha2.ReportInterface
- if namespace == "" {
- report = &kyvernov1alpha2.ClusterAdmissionReport{Spec: kyvernov2.AdmissionReportSpec{}}
- } else {
- report = &kyvernov1alpha2.AdmissionReport{Spec: kyvernov2.AdmissionReportSpec{}}
- }
- report.SetName(name)
- report.SetNamespace(namespace)
- SetResourceUid(report, resource.GetUID())
- SetResourceGVR(report, gvr)
- SetResourceNamespaceAndName(report, resource.GetNamespace(), resource.GetName())
- SetManagedByKyvernoLabel(report)
- return report
-}
-
-func BuildAdmissionReport(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface {
- report := NewAdmissionReport(resource.GetNamespace(), string(request.UID), schema.GroupVersionResource(request.Resource), resource)
- SetResponses(report, responses...)
- return report
-}
-
-func NewBackgroundScanReport(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface {
- var report kyvernov1alpha2.ReportInterface
- if namespace == "" {
- report = &kyvernov1alpha2.ClusterBackgroundScanReport{}
- } else {
- report = &kyvernov1alpha2.BackgroundScanReport{}
- }
- report.SetName(name)
- report.SetNamespace(namespace)
- controllerutils.SetOwner(report, gvk.GroupVersion().String(), gvk.Kind, owner, uid)
- SetResourceUid(report, uid)
- SetManagedByKyvernoLabel(report)
- return report
-}
-
func NewPolicyReport(namespace, name string, scope *corev1.ObjectReference, results ...policyreportv1alpha2.PolicyReportResult) kyvernov1alpha2.ReportInterface {
var report kyvernov1alpha2.ReportInterface
if namespace == "" {
diff --git a/pkg/utils/report/update.go b/pkg/utils/report/update.go
deleted file mode 100644
index 16af02a530..0000000000
--- a/pkg/utils/report/update.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package report
-
-import (
- "context"
- "errors"
-
- kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
- policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
- "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-func UpdateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
- switch v := report.(type) {
- case *kyvernov1alpha2.AdmissionReport:
- report, err := client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
- return report, err
- case *kyvernov1alpha2.ClusterAdmissionReport:
- report, err := client.KyvernoV1alpha2().ClusterAdmissionReports().Update(ctx, v, metav1.UpdateOptions{})
- return report, err
- case *kyvernov1alpha2.BackgroundScanReport:
- report, err := client.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
- return report, err
- case *kyvernov1alpha2.ClusterBackgroundScanReport:
- report, err := client.KyvernoV1alpha2().ClusterBackgroundScanReports().Update(ctx, v, metav1.UpdateOptions{})
- return report, err
- case *policyreportv1alpha2.PolicyReport:
- report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
- return report, err
- case *policyreportv1alpha2.ClusterPolicyReport:
- report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(ctx, v, metav1.UpdateOptions{})
- return report, err
- default:
- return nil, errors.New("unknow type")
- }
-}
diff --git a/pkg/webhooks/resource/handlers.go b/pkg/webhooks/resource/handlers.go
index cac3653da3..bfd485d581 100644
--- a/pkg/webhooks/resource/handlers.go
+++ b/pkg/webhooks/resource/handlers.go
@@ -18,6 +18,7 @@ import (
"github.com/kyverno/kyverno/pkg/event"
"github.com/kyverno/kyverno/pkg/metrics"
"github.com/kyverno/kyverno/pkg/policycache"
+ "github.com/kyverno/kyverno/pkg/report"
admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
engineutils "github.com/kyverno/kyverno/pkg/utils/engine"
jsonutils "github.com/kyverno/kyverno/pkg/utils/json"
@@ -36,6 +37,7 @@ type resourceHandlers struct {
// clients
client dclient.Interface
kyvernoClient versioned.Interface
+ reportManager report.Interface
engine engineapi.Engine
// config
@@ -63,6 +65,7 @@ func NewHandlers(
engine engineapi.Engine,
client dclient.Interface,
kyvernoClient versioned.Interface,
+ reportManager report.Interface,
configuration config.Configuration,
metricsConfig metrics.MetricsConfigManager,
pCache policycache.Cache,
@@ -80,6 +83,7 @@ func NewHandlers(
engine: engine,
client: client,
kyvernoClient: kyvernoClient,
+ reportManager: reportManager,
configuration: configuration,
metricsConfig: metricsConfig,
pCache: pCache,
@@ -124,7 +128,7 @@ func (h *resourceHandlers) Validate(ctx context.Context, logger logr.Logger, req
namespaceLabels = engineutils.GetNamespaceSelectorsFromNamespaceLister(request.Kind.Kind, request.Namespace, h.nsLister, logger)
}
policyContext = policyContext.WithNamespaceLabels(namespaceLabels)
- vh := validation.NewValidationHandler(logger, h.kyvernoClient, h.engine, h.pCache, h.pcBuilder, h.eventGen, h.admissionReports, h.metricsConfig, h.configuration)
+ vh := validation.NewValidationHandler(logger, h.kyvernoClient, h.reportManager, h.engine, h.pCache, h.pcBuilder, h.eventGen, h.admissionReports, h.metricsConfig, h.configuration)
ok, msg, warnings := vh.HandleValidation(ctx, request, policies, policyContext, startTime)
if !ok {
@@ -167,7 +171,7 @@ func (h *resourceHandlers) Mutate(ctx context.Context, logger logr.Logger, reque
logger.Error(err, "failed to build policy context")
return admissionutils.Response(request.UID, err)
}
- ivh := imageverification.NewImageVerificationHandler(logger, h.kyvernoClient, h.engine, h.eventGen, h.admissionReports, h.configuration, h.nsLister)
+ ivh := imageverification.NewImageVerificationHandler(logger, h.kyvernoClient, h.reportManager, h.engine, h.eventGen, h.admissionReports, h.configuration, h.nsLister)
imagePatches, imageVerifyWarnings, err := ivh.Handle(ctx, newRequest, verifyImagesPolicies, policyContext)
if err != nil {
logger.Error(err, "image verification failed")
diff --git a/pkg/webhooks/resource/imageverification/handler.go b/pkg/webhooks/resource/imageverification/handler.go
index 6c2d241dfa..78ecdadde4 100644
--- a/pkg/webhooks/resource/imageverification/handler.go
+++ b/pkg/webhooks/resource/imageverification/handler.go
@@ -13,6 +13,7 @@ import (
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
"github.com/kyverno/kyverno/pkg/engine/mutate/patch"
"github.com/kyverno/kyverno/pkg/event"
+ "github.com/kyverno/kyverno/pkg/report"
"github.com/kyverno/kyverno/pkg/tracing"
admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
engineutils "github.com/kyverno/kyverno/pkg/utils/engine"
@@ -33,6 +34,7 @@ type ImageVerificationHandler interface {
type imageVerificationHandler struct {
kyvernoClient versioned.Interface
+ reportManager report.Interface
engine engineapi.Engine
log logr.Logger
eventGen event.Interface
@@ -44,6 +46,7 @@ type imageVerificationHandler struct {
func NewImageVerificationHandler(
log logr.Logger,
kyvernoClient versioned.Interface,
+ reportManager report.Interface,
engine engineapi.Engine,
eventGen event.Interface,
admissionReports bool,
@@ -53,6 +56,7 @@ func NewImageVerificationHandler(
return &imageVerificationHandler{
kyvernoClient: kyvernoClient,
engine: engine,
+ reportManager: reportManager,
log: log,
eventGen: eventGen,
admissionReports: admissionReports,
@@ -173,9 +177,9 @@ func (v *imageVerificationHandler) handleAudit(
fmt.Sprintf("AUDIT %s %s", request.Operation, request.Kind),
func(ctx context.Context, span trace.Span) {
if createReport {
- report := reportutils.BuildAdmissionReport(resource, request, engineResponses...)
+ report := v.reportManager.BuildAdmissionReport(resource, request, engineResponses...)
if len(report.GetResults()) > 0 {
- _, err := reportutils.CreateReport(context.Background(), report, v.kyvernoClient)
+ _, err := v.reportManager.CreateReport(context.Background(), report)
if err != nil {
v.log.Error(err, "failed to create report")
}
diff --git a/pkg/webhooks/resource/validation/validation.go b/pkg/webhooks/resource/validation/validation.go
index 981a516761..1dcc6457c3 100644
--- a/pkg/webhooks/resource/validation/validation.go
+++ b/pkg/webhooks/resource/validation/validation.go
@@ -14,6 +14,7 @@ import (
"github.com/kyverno/kyverno/pkg/event"
"github.com/kyverno/kyverno/pkg/metrics"
"github.com/kyverno/kyverno/pkg/policycache"
+ "github.com/kyverno/kyverno/pkg/report"
"github.com/kyverno/kyverno/pkg/tracing"
admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
reportutils "github.com/kyverno/kyverno/pkg/utils/report"
@@ -35,6 +36,7 @@ type ValidationHandler interface {
func NewValidationHandler(
log logr.Logger,
kyvernoClient versioned.Interface,
+ reportManager report.Interface,
engine engineapi.Engine,
pCache policycache.Cache,
pcBuilder webhookutils.PolicyContextBuilder,
@@ -46,6 +48,7 @@ func NewValidationHandler(
return &validationHandler{
log: log,
kyvernoClient: kyvernoClient,
+ reportManager: reportManager,
engine: engine,
pCache: pCache,
pcBuilder: pcBuilder,
@@ -59,6 +62,7 @@ func NewValidationHandler(
type validationHandler struct {
log logr.Logger
kyvernoClient versioned.Interface
+ reportManager report.Interface
engine engineapi.Engine
pCache policycache.Cache
pcBuilder webhookutils.PolicyContextBuilder
@@ -190,9 +194,9 @@ func (v *validationHandler) handleAudit(
v.eventGen.Add(events...)
if createReport {
responses = append(responses, engineResponses...)
- report := reportutils.BuildAdmissionReport(resource, request.AdmissionRequest, responses...)
+ report := v.reportManager.BuildAdmissionReport(resource, request.AdmissionRequest, responses...)
if len(report.GetResults()) > 0 {
- _, err = reportutils.CreateReport(ctx, report, v.kyvernoClient)
+ _, err = v.reportManager.CreateReport(ctx, report)
if err != nil {
v.log.Error(err, "failed to create report")
}
diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/rbac.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/rbac.yaml
index 0169a4706f..8906855f11 100644
--- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/rbac.yaml
+++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/rbac.yaml
@@ -379,6 +379,21 @@ rules:
- patch
- update
- watch
+- apiGroups:
+ - reports.kyverno.io
+ resources:
+ - admissionreports
+ - clusteradmissionreports
+ - backgroundscanreports
+ - clusterbackgroundscanreports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
- apiGroups:
- kyverno.io
resources:
diff --git a/test/conformance/chainsaw/rbac/aggregate-to-admin/admin-reports.yaml b/test/conformance/chainsaw/rbac/aggregate-to-admin/admin-reports.yaml
index 4182aad28c..24861fcb47 100644
--- a/test/conformance/chainsaw/rbac/aggregate-to-admin/admin-reports.yaml
+++ b/test/conformance/chainsaw/rbac/aggregate-to-admin/admin-reports.yaml
@@ -20,3 +20,18 @@ rules:
- patch
- update
- watch
+ - apiGroups:
+ - reports.kyverno.io
+ resources:
+ - admissionreports
+ - clusteradmissionreports
+ - backgroundscanreports
+ - clusterbackgroundscanreports
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
\ No newline at end of file