From e6c39f31a5eb31721f74fb1731e7a30adf6c9f48 Mon Sep 17 00:00:00 2001 From: Vishal Choudhary Date: Fri, 26 Jan 2024 19:10:29 +0530 Subject: [PATCH] feat: add a new API group `reports.kyverno.io` (#9521) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: add new report interface Signed-off-by: Vishal Choudhary * chore: reports.kyverno.io/v1 apigroup Signed-off-by: Vishal Choudhary * chore: codegen Signed-off-by: Vishal Choudhary * feat: add report manager Signed-off-by: Vishal Choudhary * feat: add reports manager to reports controller Signed-off-by: Vishal Choudhary * feat: add alternateReportStorage to helm chart Signed-off-by: Vishal Choudhary * fix: report utils deepcopy Signed-off-by: Vishal Choudhary * init flag Signed-off-by: Vishal Choudhary * fix: wrong return value Signed-off-by: Vishal Choudhary --------- Signed-off-by: Vishal Choudhary Co-authored-by: Charles-Edouard Brétéché --- Makefile | 2 +- .../reports/v1/admission_report_types.go | 124 ++ .../v1/background_scan_report_types.go | 123 ++ api/kyverno/reports/v1/doc.go | 21 + .../reports/v1/zz_generated.deepcopy.go | 316 ++++ .../reports/v1/zz_generated.defaults.go | 33 + .../reports/v1/zz_generated.register.go | 73 + charts/kyverno/README.md | 1 + .../kyverno/charts/crds/templates/crds.yaml | 1275 +++++++++++++++ charts/kyverno/templates/_helpers.tpl | 3 + .../admission-controller/clusterrole.yaml | 18 +- .../admission-controller/deployment.yaml | 1 + .../admission-controller/flowschema.yaml | 33 +- .../background-controller/deployment.yaml | 1 + .../cleanup/cleanup-admission-reports.yaml | 6 +- .../cleanup-cluster-admission-reports.yaml | 6 +- .../templates/cleanup/clusterrole.yaml | 9 + charts/kyverno/templates/rbac/reports.yaml | 28 +- .../reports-controller/clusterrole.yaml | 18 +- .../reports-controller/deployment.yaml | 1 + .../reports-controller/flowschema.yaml | 33 +- charts/kyverno/values.yaml | 3 + cmd/background-controller/main.go | 1 + cmd/internal/config.go | 12 + cmd/internal/flag.go | 10 + cmd/internal/setup.go | 8 + cmd/kyverno/main.go | 2 + cmd/reports-controller/main.go | 9 + .../reports.kyverno.io_admissionreports.yaml | 330 ++++ ...orts.kyverno.io_backgroundscanreports.yaml | 297 ++++ ...ts.kyverno.io_clusteradmissionreports.yaml | 331 ++++ ...verno.io_clusterbackgroundscanreports.yaml | 297 ++++ config/install-latest-testing.yaml | 1361 ++++++++++++++++- docs/user/crd/index.html | 520 +++++++ .../reports/v1/admissionreport.go | 210 +++ .../reports/v1/admissionreportspec.go | 67 + .../reports/v1/backgroundscanreport.go | 210 +++ .../reports/v1/backgroundscanreportspec.go | 57 + .../reports/v1/clusteradmissionreport.go | 209 +++ .../reports/v1/clusterbackgroundscanreport.go | 209 +++ pkg/client/applyconfigurations/utils.go | 16 + pkg/client/clientset/versioned/clientset.go | 13 + .../versioned/fake/clientset_generated.go | 7 + .../clientset/versioned/fake/register.go | 2 + .../clientset/versioned/scheme/register.go | 2 + .../typed/reports/v1/admissionreport.go | 178 +++ .../typed/reports/v1/backgroundscanreport.go | 178 +++ .../reports/v1/clusteradmissionreport.go | 168 ++ .../reports/v1/clusterbackgroundscanreport.go | 168 ++ .../versioned/typed/reports/v1/doc.go | 20 + .../versioned/typed/reports/v1/fake/doc.go | 20 + .../reports/v1/fake/fake_admissionreport.go | 129 ++ .../v1/fake/fake_backgroundscanreport.go | 129 ++ .../v1/fake/fake_clusteradmissionreport.go | 121 ++ .../fake/fake_clusterbackgroundscanreport.go | 121 ++ .../reports/v1/fake/fake_reports_client.go | 52 + .../typed/reports/v1/generated_expansion.go | 27 + .../typed/reports/v1/reports_client.go | 122 ++ .../informers/externalversions/factory.go | 6 + .../informers/externalversions/generic.go | 11 + .../externalversions/reports/interface.go | 46 + .../reports/v1/admissionreport.go | 90 ++ .../reports/v1/backgroundscanreport.go | 90 ++ .../reports/v1/clusteradmissionreport.go | 89 ++ .../reports/v1/clusterbackgroundscanreport.go | 89 ++ .../externalversions/reports/v1/interface.go | 66 + .../listers/reports/v1/admissionreport.go | 99 ++ .../reports/v1/backgroundscanreport.go | 99 ++ .../reports/v1/clusteradmissionreport.go | 68 + .../reports/v1/clusterbackgroundscanreport.go | 68 + .../listers/reports/v1/expansion_generated.go | 43 + pkg/clients/kyverno/clientset.generated.go | 9 + .../admissionreports/resource.generated.go | 337 ++++ .../resource.generated.go | 337 ++++ .../kyverno/reportsv1/client.generated.go | 92 ++ .../resource.generated.go | 337 ++++ .../resource.generated.go | 337 ++++ .../report/admission/controller.go | 51 +- .../report/aggregate/namespace/controller.go | 46 +- .../report/aggregate/resource/controller.go | 34 +- .../report/aggregate/resource/utils.go | 11 +- .../report/background/controller.go | 28 +- pkg/report/copy.go | 45 + pkg/report/create.go | 62 + pkg/{utils => }/report/delete.go | 22 +- pkg/report/new.go | 88 ++ pkg/report/report_manager.go | 247 +++ pkg/report/update.go | 62 + pkg/utils/kube/crd.go | 4 + pkg/utils/report/copy.go | 25 - pkg/utils/report/create.go | 36 - pkg/utils/report/new.go | 44 - pkg/utils/report/update.go | 36 - pkg/webhooks/resource/handlers.go | 8 +- .../resource/imageverification/handler.go | 8 +- .../resource/validation/validation.go | 8 +- .../cpol-data-trigger-not-present/rbac.yaml | 15 + .../aggregate-to-admin/admin-reports.yaml | 15 + 98 files changed, 10720 insertions(+), 229 deletions(-) create mode 100644 api/kyverno/reports/v1/admission_report_types.go create mode 100644 api/kyverno/reports/v1/background_scan_report_types.go create mode 100644 api/kyverno/reports/v1/doc.go create mode 100644 api/kyverno/reports/v1/zz_generated.deepcopy.go create mode 100644 api/kyverno/reports/v1/zz_generated.defaults.go create mode 100644 api/kyverno/reports/v1/zz_generated.register.go create mode 100644 config/crds/reports.kyverno.io_admissionreports.yaml create mode 100644 config/crds/reports.kyverno.io_backgroundscanreports.yaml create mode 100644 config/crds/reports.kyverno.io_clusteradmissionreports.yaml create mode 100644 config/crds/reports.kyverno.io_clusterbackgroundscanreports.yaml create mode 100644 pkg/client/applyconfigurations/reports/v1/admissionreport.go create mode 100644 pkg/client/applyconfigurations/reports/v1/admissionreportspec.go create mode 100644 pkg/client/applyconfigurations/reports/v1/backgroundscanreport.go create mode 100644 pkg/client/applyconfigurations/reports/v1/backgroundscanreportspec.go create mode 100644 pkg/client/applyconfigurations/reports/v1/clusteradmissionreport.go create mode 100644 pkg/client/applyconfigurations/reports/v1/clusterbackgroundscanreport.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/admissionreport.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/backgroundscanreport.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/clusteradmissionreport.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/clusterbackgroundscanreport.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/doc.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/fake/doc.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/fake/fake_admissionreport.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/fake/fake_backgroundscanreport.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusteradmissionreport.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusterbackgroundscanreport.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/fake/fake_reports_client.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/generated_expansion.go create mode 100644 pkg/client/clientset/versioned/typed/reports/v1/reports_client.go create mode 100644 pkg/client/informers/externalversions/reports/interface.go create mode 100644 pkg/client/informers/externalversions/reports/v1/admissionreport.go create mode 100644 pkg/client/informers/externalversions/reports/v1/backgroundscanreport.go create mode 100644 pkg/client/informers/externalversions/reports/v1/clusteradmissionreport.go create mode 100644 pkg/client/informers/externalversions/reports/v1/clusterbackgroundscanreport.go create mode 100644 pkg/client/informers/externalversions/reports/v1/interface.go create mode 100644 pkg/client/listers/reports/v1/admissionreport.go create mode 100644 pkg/client/listers/reports/v1/backgroundscanreport.go create mode 100644 pkg/client/listers/reports/v1/clusteradmissionreport.go create mode 100644 pkg/client/listers/reports/v1/clusterbackgroundscanreport.go create mode 100644 pkg/client/listers/reports/v1/expansion_generated.go create mode 100644 pkg/clients/kyverno/reportsv1/admissionreports/resource.generated.go create mode 100644 pkg/clients/kyverno/reportsv1/backgroundscanreports/resource.generated.go create mode 100644 pkg/clients/kyverno/reportsv1/client.generated.go create mode 100644 pkg/clients/kyverno/reportsv1/clusteradmissionreports/resource.generated.go create mode 100644 pkg/clients/kyverno/reportsv1/clusterbackgroundscanreports/resource.generated.go create mode 100644 pkg/report/copy.go create mode 100644 pkg/report/create.go rename pkg/{utils => }/report/delete.go (50%) create mode 100644 pkg/report/new.go create mode 100644 pkg/report/report_manager.go create mode 100644 pkg/report/update.go delete mode 100644 pkg/utils/report/copy.go delete mode 100644 pkg/utils/report/create.go delete mode 100644 pkg/utils/report/update.go diff --git a/Makefile b/Makefile index c2d99af004..f63219e557 100644 --- a/Makefile +++ b/Makefile @@ -396,7 +396,7 @@ image-build-all: $(BUILD_WITH)-build-all GOPATH_SHIM := ${PWD}/.gopath PACKAGE_SHIM := $(GOPATH_SHIM)/src/$(PACKAGE) OUT_PACKAGE := $(PACKAGE)/pkg/client -INPUT_DIRS := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v1alpha2,$(PACKAGE)/api/kyverno/v1beta1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/policyreport/v1alpha2 +INPUT_DIRS := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v1alpha2,$(PACKAGE)/api/kyverno/v1beta1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/kyverno/reports/v1,$(PACKAGE)/api/policyreport/v1alpha2 CLIENTSET_PACKAGE := $(OUT_PACKAGE)/clientset LISTERS_PACKAGE := $(OUT_PACKAGE)/listers INFORMERS_PACKAGE := $(OUT_PACKAGE)/informers diff --git a/api/kyverno/reports/v1/admission_report_types.go b/api/kyverno/reports/v1/admission_report_types.go new file mode 100644 index 0000000000..f7c086810d --- /dev/null +++ b/api/kyverno/reports/v1/admission_report_types.go @@ -0,0 +1,124 @@ +/* +Copyright 2020 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +type AdmissionReportSpec struct { + // Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node) + Owner metav1.OwnerReference `json:"owner"` + + // PolicyReportSummary provides a summary of results + // +optional + Summary policyreportv1alpha2.PolicyReportSummary `json:"summary,omitempty"` + + // PolicyReportResult provides result details + // +optional + Results []policyreportv1alpha2.PolicyReportResult `json:"results,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:storageversion +// +kubebuilder:resource:shortName=admr,categories=kyverno +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:printcolumn:name="PASS",type=integer,JSONPath=".spec.summary.pass" +// +kubebuilder:printcolumn:name="FAIL",type=integer,JSONPath=".spec.summary.fail" +// +kubebuilder:printcolumn:name="WARN",type=integer,JSONPath=".spec.summary.warn" +// +kubebuilder:printcolumn:name="ERROR",type=integer,JSONPath=".spec.summary.error" +// +kubebuilder:printcolumn:name="SKIP",type=integer,JSONPath=".spec.summary.skip" +// +kubebuilder:printcolumn:name="GVR",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.gvr']" +// +kubebuilder:printcolumn:name="REF",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.name']" +// +kubebuilder:printcolumn:name="AGGREGATE",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/report\\.aggregate']",priority=1 + +// AdmissionReport is the Schema for the AdmissionReports API +type AdmissionReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec AdmissionReportSpec `json:"spec"` +} + +func (r *AdmissionReport) GetResults() []policyreportv1alpha2.PolicyReportResult { + return r.Spec.Results +} + +func (r *AdmissionReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) { + r.Spec.Results = results +} + +func (r *AdmissionReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) { + r.Spec.Summary = summary +} + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:storageversion +// +kubebuilder:resource:scope=Cluster,shortName=cadmr,categories=kyverno +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:printcolumn:name="PASS",type=integer,JSONPath=".spec.summary.pass" +// +kubebuilder:printcolumn:name="FAIL",type=integer,JSONPath=".spec.summary.fail" +// +kubebuilder:printcolumn:name="WARN",type=integer,JSONPath=".spec.summary.warn" +// +kubebuilder:printcolumn:name="ERROR",type=integer,JSONPath=".spec.summary.error" +// +kubebuilder:printcolumn:name="SKIP",type=integer,JSONPath=".spec.summary.skip" +// +kubebuilder:printcolumn:name="GVR",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.gvr']" +// +kubebuilder:printcolumn:name="REF",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.name']" +// +kubebuilder:printcolumn:name="AGGREGATE",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/report\\.aggregate']",priority=1 + +// ClusterAdmissionReport is the Schema for the ClusterAdmissionReports API +type ClusterAdmissionReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec AdmissionReportSpec `json:"spec"` +} + +func (r *ClusterAdmissionReport) GetResults() []policyreportv1alpha2.PolicyReportResult { + return r.Spec.Results +} + +func (r *ClusterAdmissionReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) { + r.Spec.Results = results +} + +func (r *ClusterAdmissionReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) { + r.Spec.Summary = summary +} + +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// AdmissionReportList contains a list of AdmissionReport +type AdmissionReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AdmissionReport `json:"items"` +} + +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ClusterAdmissionReportList contains a list of ClusterAdmissionReport +type ClusterAdmissionReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClusterAdmissionReport `json:"items"` +} diff --git a/api/kyverno/reports/v1/background_scan_report_types.go b/api/kyverno/reports/v1/background_scan_report_types.go new file mode 100644 index 0000000000..66fc05a767 --- /dev/null +++ b/api/kyverno/reports/v1/background_scan_report_types.go @@ -0,0 +1,123 @@ +/* +Copyright 2020 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +type BackgroundScanReportSpec struct { + // PolicyReportSummary provides a summary of results + // +optional + Summary policyreportv1alpha2.PolicyReportSummary `json:"summary,omitempty"` + + // PolicyReportResult provides result details + // +optional + Results []policyreportv1alpha2.PolicyReportResult `json:"results,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:storageversion +// +kubebuilder:resource:shortName=bgscanr,categories=kyverno +// +kubebuilder:printcolumn:name="ApiVersion",type=string,JSONPath=".metadata.ownerReferences[0].apiVersion" +// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=".metadata.ownerReferences[0].kind" +// +kubebuilder:printcolumn:name="Subject",type=string,JSONPath=".metadata.ownerReferences[0].name" +// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=".spec.summary.pass" +// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=".spec.summary.fail" +// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=".spec.summary.warn" +// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=".spec.summary.error" +// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=".spec.summary.skip" +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:printcolumn:name="Hash",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.hash']",priority=1 + +// BackgroundScanReport is the Schema for the BackgroundScanReports API +type BackgroundScanReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec BackgroundScanReportSpec `json:"spec"` +} + +func (r *BackgroundScanReport) GetResults() []policyreportv1alpha2.PolicyReportResult { + return r.Spec.Results +} + +func (r *BackgroundScanReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) { + r.Spec.Results = results +} + +func (r *BackgroundScanReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) { + r.Spec.Summary = summary +} + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:storageversion +// +kubebuilder:resource:scope=Cluster,shortName=cbgscanr,categories=kyverno +// +kubebuilder:printcolumn:name="ApiVersion",type=string,JSONPath=".metadata.ownerReferences[0].apiVersion" +// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=".metadata.ownerReferences[0].kind" +// +kubebuilder:printcolumn:name="Subject",type=string,JSONPath=".metadata.ownerReferences[0].name" +// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=".spec.summary.pass" +// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=".spec.summary.fail" +// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=".spec.summary.warn" +// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=".spec.summary.error" +// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=".spec.summary.skip" +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:printcolumn:name="Hash",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.hash']",priority=1 + +// ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports API +type ClusterBackgroundScanReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec BackgroundScanReportSpec `json:"spec"` +} + +func (r *ClusterBackgroundScanReport) GetResults() []policyreportv1alpha2.PolicyReportResult { + return r.Spec.Results +} + +func (r *ClusterBackgroundScanReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) { + r.Spec.Results = results +} + +func (r *ClusterBackgroundScanReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) { + r.Spec.Summary = summary +} + +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// BackgroundScanReportList contains a list of BackgroundScanReport +type BackgroundScanReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []BackgroundScanReport `json:"items"` +} + +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ClusterBackgroundScanReportList contains a list of ClusterBackgroundScanReport +type ClusterBackgroundScanReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClusterBackgroundScanReport `json:"items"` +} diff --git a/api/kyverno/reports/v1/doc.go b/api/kyverno/reports/v1/doc.go new file mode 100644 index 0000000000..1e554afc16 --- /dev/null +++ b/api/kyverno/reports/v1/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2020 The Kubernetes authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +kubebuilder:object:generate=true +// +groupName=reports.kyverno.io +package v1 diff --git a/api/kyverno/reports/v1/zz_generated.deepcopy.go b/api/kyverno/reports/v1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..5528f7e7a4 --- /dev/null +++ b/api/kyverno/reports/v1/zz_generated.deepcopy.go @@ -0,0 +1,316 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 + +import ( + v1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdmissionReport) DeepCopyInto(out *AdmissionReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReport. +func (in *AdmissionReport) DeepCopy() *AdmissionReport { + if in == nil { + return nil + } + out := new(AdmissionReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AdmissionReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdmissionReportList) DeepCopyInto(out *AdmissionReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AdmissionReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReportList. +func (in *AdmissionReportList) DeepCopy() *AdmissionReportList { + if in == nil { + return nil + } + out := new(AdmissionReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AdmissionReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdmissionReportSpec) DeepCopyInto(out *AdmissionReportSpec) { + *out = *in + in.Owner.DeepCopyInto(&out.Owner) + out.Summary = in.Summary + if in.Results != nil { + in, out := &in.Results, &out.Results + *out = make([]v1alpha2.PolicyReportResult, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReportSpec. +func (in *AdmissionReportSpec) DeepCopy() *AdmissionReportSpec { + if in == nil { + return nil + } + out := new(AdmissionReportSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackgroundScanReport) DeepCopyInto(out *BackgroundScanReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackgroundScanReport. +func (in *BackgroundScanReport) DeepCopy() *BackgroundScanReport { + if in == nil { + return nil + } + out := new(BackgroundScanReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BackgroundScanReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackgroundScanReportList) DeepCopyInto(out *BackgroundScanReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]BackgroundScanReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackgroundScanReportList. +func (in *BackgroundScanReportList) DeepCopy() *BackgroundScanReportList { + if in == nil { + return nil + } + out := new(BackgroundScanReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BackgroundScanReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackgroundScanReportSpec) DeepCopyInto(out *BackgroundScanReportSpec) { + *out = *in + out.Summary = in.Summary + if in.Results != nil { + in, out := &in.Results, &out.Results + *out = make([]v1alpha2.PolicyReportResult, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackgroundScanReportSpec. +func (in *BackgroundScanReportSpec) DeepCopy() *BackgroundScanReportSpec { + if in == nil { + return nil + } + out := new(BackgroundScanReportSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAdmissionReport) DeepCopyInto(out *ClusterAdmissionReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionReport. +func (in *ClusterAdmissionReport) DeepCopy() *ClusterAdmissionReport { + if in == nil { + return nil + } + out := new(ClusterAdmissionReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterAdmissionReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAdmissionReportList) DeepCopyInto(out *ClusterAdmissionReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterAdmissionReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionReportList. +func (in *ClusterAdmissionReportList) DeepCopy() *ClusterAdmissionReportList { + if in == nil { + return nil + } + out := new(ClusterAdmissionReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterAdmissionReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterBackgroundScanReport) DeepCopyInto(out *ClusterBackgroundScanReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterBackgroundScanReport. +func (in *ClusterBackgroundScanReport) DeepCopy() *ClusterBackgroundScanReport { + if in == nil { + return nil + } + out := new(ClusterBackgroundScanReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterBackgroundScanReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterBackgroundScanReportList) DeepCopyInto(out *ClusterBackgroundScanReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterBackgroundScanReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterBackgroundScanReportList. +func (in *ClusterBackgroundScanReportList) DeepCopy() *ClusterBackgroundScanReportList { + if in == nil { + return nil + } + out := new(ClusterBackgroundScanReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterBackgroundScanReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} diff --git a/api/kyverno/reports/v1/zz_generated.defaults.go b/api/kyverno/reports/v1/zz_generated.defaults.go new file mode 100644 index 0000000000..dac177e93b --- /dev/null +++ b/api/kyverno/reports/v1/zz_generated.defaults.go @@ -0,0 +1,33 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/api/kyverno/reports/v1/zz_generated.register.go b/api/kyverno/reports/v1/zz_generated.register.go new file mode 100644 index 0000000000..85d90fd0a7 --- /dev/null +++ b/api/kyverno/reports/v1/zz_generated.register.go @@ -0,0 +1,73 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by register-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName specifies the group name used to register the objects. +const GroupName = "reports.kyverno.io" + +// GroupVersion specifies the group and the version used to register the objects. +var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1"} + +// SchemeGroupVersion is group version used to register these objects +// Deprecated: use GroupVersion instead. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + // Depreciated: use Install instead + AddToScheme = localSchemeBuilder.AddToScheme + Install = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +// Adds the list of known types to Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &AdmissionReport{}, + &AdmissionReportList{}, + &BackgroundScanReport{}, + &BackgroundScanReportList{}, + &ClusterAdmissionReport{}, + &ClusterAdmissionReportList{}, + &ClusterBackgroundScanReport{}, + &ClusterBackgroundScanReportList{}, + ) + // AddToGroupVersion allows the serialization of client types like ListOptions. + v1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index 68f7b63d05..5c18893f40 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -313,6 +313,7 @@ The chart values are organised per component. |-----|------|---------|-------------| | features.admissionReports.enabled | bool | `true` | Enables the feature | | features.aggregateReports.enabled | bool | `true` | Enables the feature | +| features.alternateReportStorage.enabled | bool | `false` | Enables the feature | | features.policyReports.enabled | bool | `true` | Enables the feature | | features.validatingAdmissionPolicyReports.enabled | bool | `false` | Enables the feature | | features.autoUpdateWebhooks.enabled | bool | `true` | Enables the feature | diff --git a/charts/kyverno/charts/crds/templates/crds.yaml b/charts/kyverno/charts/crds/templates/crds.yaml index a019949f73..155454b441 100644 --- a/charts/kyverno/charts/crds/templates/crds.yaml +++ b/charts/kyverno/charts/crds/templates/crds.yaml @@ -48246,6 +48246,1281 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + labels: + {{- include "kyverno.crds.labels" . | nindent 4 }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 + name: admissionreports.reports.kyverno.io +spec: + group: reports.kyverno.io + names: + categories: + - kyverno + kind: AdmissionReport + listKind: AdmissionReportList + plural: admissionreports + shortNames: + - admr + singular: admissionreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.summary.pass + name: PASS + type: integer + - jsonPath: .spec.summary.fail + name: FAIL + type: integer + - jsonPath: .spec.summary.warn + name: WARN + type: integer + - jsonPath: .spec.summary.error + name: ERROR + type: integer + - jsonPath: .spec.summary.skip + name: SKIP + type: integer + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] + name: GVR + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] + name: REF + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] + name: AGGREGATE + priority: 1 + type: string + name: v1 + schema: + openAPIV3Schema: + description: AdmissionReport is the Schema for the AdmissionReports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + owner: + description: Owner is a reference to the report owner (e.g. a Deployment, + Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and + enforces the foreground deletion. Defaults to false. To set + this field, a user needs "delete" permission of the owner, otherwise + 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for + the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for + the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result + may apply to all pods that match a label. Either a Subject + or a SubjectSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked + Kubernetes resources + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- New + uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored fields. + \ It includes many fields which are not generally honored. + \ For instance, ResourceVersion and FieldPath are both very + rarely valid in actual usage. 2. Invalid usage help. It + is impossible to add specific help for individual usage. + \ In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not + honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation rules + are different by usage, which makes it hard for users to + predict what will happen. 4. The fields are both imprecise + and overly precise. Kind is not a precise mapping to a + URL. This can produce ambiguity during interpretation and + require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this + type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n + Instead of using this type, create a locally provided and + used type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule + execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within + the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must + still have non-negative nanos values that count forward + in time. Must be from 0 to 999,999,999 inclusive. This + field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z + to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not + be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not + selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + required: + - owner + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "kyverno.crds.labels" . | nindent 4 }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 + name: backgroundscanreports.reports.kyverno.io +spec: + group: reports.kyverno.io + names: + categories: + - kyverno + kind: BackgroundScanReport + listKind: BackgroundScanReportList + plural: backgroundscanreports + shortNames: + - bgscanr + singular: backgroundscanreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.ownerReferences[0].apiVersion + name: ApiVersion + type: string + - jsonPath: .metadata.ownerReferences[0].kind + name: Kind + type: string + - jsonPath: .metadata.ownerReferences[0].name + name: Subject + type: string + - jsonPath: .spec.summary.pass + name: Pass + type: integer + - jsonPath: .spec.summary.fail + name: Fail + type: integer + - jsonPath: .spec.summary.warn + name: Warn + type: integer + - jsonPath: .spec.summary.error + name: Error + type: integer + - jsonPath: .spec.summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] + name: Hash + priority: 1 + type: string + name: v1 + schema: + openAPIV3Schema: + description: BackgroundScanReport is the Schema for the BackgroundScanReports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for + the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for + the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result + may apply to all pods that match a label. Either a Subject + or a SubjectSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked + Kubernetes resources + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- New + uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored fields. + \ It includes many fields which are not generally honored. + \ For instance, ResourceVersion and FieldPath are both very + rarely valid in actual usage. 2. Invalid usage help. It + is impossible to add specific help for individual usage. + \ In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not + honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation rules + are different by usage, which makes it hard for users to + predict what will happen. 4. The fields are both imprecise + and overly precise. Kind is not a precise mapping to a + URL. This can produce ambiguity during interpretation and + require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this + type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n + Instead of using this type, create a locally provided and + used type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule + execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within + the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must + still have non-negative nanos values that count forward + in time. Must be from 0 to 999,999,999 inclusive. This + field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z + to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not + be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not + selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "kyverno.crds.labels" . | nindent 4 }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 + name: clusteradmissionreports.reports.kyverno.io +spec: + group: reports.kyverno.io + names: + categories: + - kyverno + kind: ClusterAdmissionReport + listKind: ClusterAdmissionReportList + plural: clusteradmissionreports + shortNames: + - cadmr + singular: clusteradmissionreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.summary.pass + name: PASS + type: integer + - jsonPath: .spec.summary.fail + name: FAIL + type: integer + - jsonPath: .spec.summary.warn + name: WARN + type: integer + - jsonPath: .spec.summary.error + name: ERROR + type: integer + - jsonPath: .spec.summary.skip + name: SKIP + type: integer + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] + name: GVR + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] + name: REF + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] + name: AGGREGATE + priority: 1 + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterAdmissionReport is the Schema for the ClusterAdmissionReports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + owner: + description: Owner is a reference to the report owner (e.g. a Deployment, + Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and + enforces the foreground deletion. Defaults to false. To set + this field, a user needs "delete" permission of the owner, otherwise + 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for + the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for + the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result + may apply to all pods that match a label. Either a Subject + or a SubjectSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked + Kubernetes resources + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- New + uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored fields. + \ It includes many fields which are not generally honored. + \ For instance, ResourceVersion and FieldPath are both very + rarely valid in actual usage. 2. Invalid usage help. It + is impossible to add specific help for individual usage. + \ In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not + honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation rules + are different by usage, which makes it hard for users to + predict what will happen. 4. The fields are both imprecise + and overly precise. Kind is not a precise mapping to a + URL. This can produce ambiguity during interpretation and + require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this + type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n + Instead of using this type, create a locally provided and + used type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule + execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within + the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must + still have non-negative nanos values that count forward + in time. Must be from 0 to 999,999,999 inclusive. This + field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z + to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not + be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not + selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + required: + - owner + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "kyverno.crds.labels" . | nindent 4 }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 + name: clusterbackgroundscanreports.reports.kyverno.io +spec: + group: reports.kyverno.io + names: + categories: + - kyverno + kind: ClusterBackgroundScanReport + listKind: ClusterBackgroundScanReportList + plural: clusterbackgroundscanreports + shortNames: + - cbgscanr + singular: clusterbackgroundscanreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.ownerReferences[0].apiVersion + name: ApiVersion + type: string + - jsonPath: .metadata.ownerReferences[0].kind + name: Kind + type: string + - jsonPath: .metadata.ownerReferences[0].name + name: Subject + type: string + - jsonPath: .spec.summary.pass + name: Pass + type: integer + - jsonPath: .spec.summary.fail + name: Fail + type: integer + - jsonPath: .spec.summary.warn + name: Warn + type: integer + - jsonPath: .spec.summary.error + name: Error + type: integer + - jsonPath: .spec.summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] + name: Hash + priority: 1 + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for + the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for + the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result + may apply to all pods that match a label. Either a Subject + or a SubjectSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked + Kubernetes resources + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- New + uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored fields. + \ It includes many fields which are not generally honored. + \ For instance, ResourceVersion and FieldPath are both very + rarely valid in actual usage. 2. Invalid usage help. It + is impossible to add specific help for individual usage. + \ In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not + honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation rules + are different by usage, which makes it hard for users to + predict what will happen. 4. The fields are both imprecise + and overly precise. Kind is not a precise mapping to a + URL. This can produce ambiguity during interpretation and + require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this + type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n + Instead of using this type, create a locally provided and + used type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule + execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within + the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must + still have non-negative nanos values that count forward + in time. Must be from 0 to 999,999,999 inclusive. This + field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z + to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not + be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not + selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: labels: {{- include "kyverno.crds.labels" . | nindent 4 }} diff --git a/charts/kyverno/templates/_helpers.tpl b/charts/kyverno/templates/_helpers.tpl index 7eb2456ab9..82b142f96f 100644 --- a/charts/kyverno/templates/_helpers.tpl +++ b/charts/kyverno/templates/_helpers.tpl @@ -16,6 +16,9 @@ {{- with .aggregateReports -}} {{- $flags = append $flags (print "--aggregateReports=" .enabled) -}} {{- end -}} +{{- with .alternateReportStorage -}} + {{- $flags = append $flags (print "--alternateReportStorage=" .enabled) -}} +{{- end -}} {{- with .policyReports -}} {{- $flags = append $flags (print "--policyReports=" .enabled) -}} {{- end -}} diff --git a/charts/kyverno/templates/admission-controller/clusterrole.yaml b/charts/kyverno/templates/admission-controller/clusterrole.yaml index d0eeb5ff9c..9d54b09828 100644 --- a/charts/kyverno/templates/admission-controller/clusterrole.yaml +++ b/charts/kyverno/templates/admission-controller/clusterrole.yaml @@ -68,6 +68,22 @@ rules: - update - watch - deletecollection + - apiGroups: + - reports.kyverno.io + resources: + - admissionreports + - clusteradmissionreports + - backgroundscanreports + - clusterbackgroundscanreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection - apiGroups: - wgpolicyk8s.io resources: @@ -146,4 +162,4 @@ metadata: rules: {{- toYaml . | nindent 2 }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kyverno/templates/admission-controller/deployment.yaml b/charts/kyverno/templates/admission-controller/deployment.yaml index a086e0b87d..f2978c0994 100644 --- a/charts/kyverno/templates/admission-controller/deployment.yaml +++ b/charts/kyverno/templates/admission-controller/deployment.yaml @@ -168,6 +168,7 @@ spec: "policyExceptions" "protectManagedResources" "registryClient" + "alternateReportStorage" "tuf" ) | nindent 12 }} {{- range $key, $value := .Values.admissionController.container.extraArgs }} diff --git a/charts/kyverno/templates/admission-controller/flowschema.yaml b/charts/kyverno/templates/admission-controller/flowschema.yaml index e1a9e4e11e..adfbf05752 100644 --- a/charts/kyverno/templates/admission-controller/flowschema.yaml +++ b/charts/kyverno/templates/admission-controller/flowschema.yaml @@ -81,6 +81,37 @@ spec: - update - watch - deletecollection + - apiGroups: + - reports.kyverno.io + clusterScope: true + resources: + - clusteradmissionreports + - clusterbackgroundscanreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection + - apiGroups: + - reports.kyverno.io + namespaces: + - '*' + resources: + - admissionreports + - backgroundscanreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection - apiGroups: - wgpolicyk8s.io clusterScope: true @@ -192,4 +223,4 @@ spec: serviceAccount: name: {{ template "kyverno.admission-controller.serviceAccountName" . }} namespace: {{ template "kyverno.namespace" . }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kyverno/templates/background-controller/deployment.yaml b/charts/kyverno/templates/background-controller/deployment.yaml index 655da0711e..d073fd2d3d 100644 --- a/charts/kyverno/templates/background-controller/deployment.yaml +++ b/charts/kyverno/templates/background-controller/deployment.yaml @@ -120,6 +120,7 @@ spec: "logging" "omitEvents" "policyExceptions" + "alternateReportStorage" ) | nindent 12 }} {{- range $key, $value := .Values.backgroundController.extraArgs }} {{- if $value }} diff --git a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml index 40c9548421..1b9d51c237 100644 --- a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml +++ b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml @@ -40,10 +40,10 @@ spec: - /bin/sh - -c - | - COUNT=$(kubectl get admissionreports.kyverno.io -A | wc -l) + COUNT=$(kubectl get admissionreports.reports.kyverno.io -A | wc -l) if [ "$COUNT" -gt {{ .Values.cleanupJobs.admissionReports.threshold }} ]; then echo "too many reports found ($COUNT), cleaning up..." - kubectl delete admissionreports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate' + kubectl delete admissionreports.reports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate' else echo "($COUNT) reports found, no clean up needed" fi @@ -83,4 +83,4 @@ spec: {{- tpl (toYaml .) $ | nindent 14 }} {{- end }} {{- end }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml index b0b31a6ac4..388e9a5222 100644 --- a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml +++ b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml @@ -40,10 +40,10 @@ spec: - /bin/sh - -c - | - COUNT=$(kubectl get clusteradmissionreports.kyverno.io -A | wc -l) + COUNT=$(kubectl get clusteradmissionreports.reports.kyverno.io -A | wc -l) if [ "$COUNT" -gt {{ .Values.cleanupJobs.clusterAdmissionReports.threshold }} ]; then echo "too many reports found ($COUNT), cleaning up..." - kubectl delete clusteradmissionreports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate' + kubectl delete clusteradmissionreports.reports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate' else echo "($COUNT) reports found, no clean up needed" fi @@ -83,4 +83,4 @@ spec: {{- tpl (toYaml .) $ | nindent 14 }} {{- end }} {{- end }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/kyverno/templates/cleanup/clusterrole.yaml b/charts/kyverno/templates/cleanup/clusterrole.yaml index 1c570fcb24..1fa0727cf0 100644 --- a/charts/kyverno/templates/cleanup/clusterrole.yaml +++ b/charts/kyverno/templates/cleanup/clusterrole.yaml @@ -14,3 +14,12 @@ rules: - list - deletecollection - delete + - apiGroups: + - reports.kyverno.io + resources: + - admissionreports + - clusteradmissionreports + verbs: + - list + - deletecollection + - delete \ No newline at end of file diff --git a/charts/kyverno/templates/rbac/reports.yaml b/charts/kyverno/templates/rbac/reports.yaml index d14529bfb4..65a93ae483 100644 --- a/charts/kyverno/templates/rbac/reports.yaml +++ b/charts/kyverno/templates/rbac/reports.yaml @@ -21,6 +21,21 @@ rules: - patch - update - watch + - apiGroups: + - reports.kyverno.io + resources: + - admissionreports + - clusteradmissionreports + - backgroundscanreports + - clusterbackgroundscanreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -40,4 +55,15 @@ rules: - get - list - watch -{{- end -}} + - apiGroups: + - reports.kyverno.io + resources: + - admissionreports + - clusteradmissionreports + - backgroundscanreports + - clusterbackgroundscanreports + verbs: + - get + - list + - watch +{{- end -}} \ No newline at end of file diff --git a/charts/kyverno/templates/reports-controller/clusterrole.yaml b/charts/kyverno/templates/reports-controller/clusterrole.yaml index bab437fdba..29378b8cbb 100644 --- a/charts/kyverno/templates/reports-controller/clusterrole.yaml +++ b/charts/kyverno/templates/reports-controller/clusterrole.yaml @@ -55,6 +55,22 @@ rules: - update - watch - deletecollection + - apiGroups: + - reports.kyverno.io + resources: + - admissionreports + - clusteradmissionreports + - backgroundscanreports + - clusterbackgroundscanreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection - apiGroups: - wgpolicyk8s.io resources: @@ -100,4 +116,4 @@ rules: {{- end }} {{- end }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kyverno/templates/reports-controller/deployment.yaml b/charts/kyverno/templates/reports-controller/deployment.yaml index a7b55b1ea9..e04afee95b 100644 --- a/charts/kyverno/templates/reports-controller/deployment.yaml +++ b/charts/kyverno/templates/reports-controller/deployment.yaml @@ -127,6 +127,7 @@ spec: "policyExceptions" "reports" "registryClient" + "alternateReportStorage" "tuf" ) | nindent 12 }} {{- range $key, $value := .Values.reportsController.extraArgs }} diff --git a/charts/kyverno/templates/reports-controller/flowschema.yaml b/charts/kyverno/templates/reports-controller/flowschema.yaml index fa2e9d1986..8f68f00882 100644 --- a/charts/kyverno/templates/reports-controller/flowschema.yaml +++ b/charts/kyverno/templates/reports-controller/flowschema.yaml @@ -51,6 +51,37 @@ spec: - update - watch - deletecollection + - apiGroups: + - reports.kyverno.io + clusterScope: true + resources: + - clusteradmissionreports + - clusterbackgroundscanreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection + - apiGroups: + - reports.kyverno.io + namespaces: + - '*' + resources: + - admissionreports + - backgroundscanreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection - apiGroups: - wgpolicyk8s.io clusterScope: true @@ -119,4 +150,4 @@ spec: serviceAccount: name: {{ template "kyverno.reports-controller.serviceAccountName" . }} namespace: {{ template "kyverno.namespace" . }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index 2f6cd4b687..bb320092d4 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -561,6 +561,9 @@ features: aggregateReports: # -- Enables the feature enabled: true + alternateReportStorage: + # -- Enables the feature + enabled: false policyReports: # -- Enables the feature enabled: true diff --git a/cmd/background-controller/main.go b/cmd/background-controller/main.go index c57796200e..ad4dd15062 100644 --- a/cmd/background-controller/main.go +++ b/cmd/background-controller/main.go @@ -106,6 +106,7 @@ func main() { internal.WithRegistryClient(), internal.WithLeaderElection(), internal.WithKyvernoClient(), + internal.WithAlternateReportStore(), internal.WithDynamicClient(), internal.WithKyvernoDynamicClient(), internal.WithEventsClient(), diff --git a/cmd/internal/config.go b/cmd/internal/config.go index be92d66aee..de257a4a1b 100644 --- a/cmd/internal/config.go +++ b/cmd/internal/config.go @@ -17,6 +17,7 @@ type Configuration interface { UsesImageVerifyCache() bool UsesLeaderElection() bool UsesKyvernoClient() bool + UsesAlternateReportStore() bool UsesDynamicClient() bool UsesApiServerClient() bool UsesMetadataClient() bool @@ -107,6 +108,12 @@ func WithKyvernoClient() ConfigurationOption { } } +func WithAlternateReportStore() ConfigurationOption { + return func(c *configuration) { + c.usesAlternateReportStore = true + } +} + func WithDynamicClient() ConfigurationOption { return func(c *configuration) { c.usesDynamicClient = true @@ -158,6 +165,7 @@ type configuration struct { usesImageVerifyCache bool usesLeaderElection bool usesKyvernoClient bool + usesAlternateReportStore bool usesDynamicClient bool usesApiServerClient bool usesMetadataClient bool @@ -214,6 +222,10 @@ func (c *configuration) UsesKyvernoClient() bool { return c.usesKyvernoClient } +func (c *configuration) UsesAlternateReportStore() bool { + return c.usesAlternateReportStore +} + func (c *configuration) UsesDynamicClient() bool { return c.usesDynamicClient } diff --git a/cmd/internal/flag.go b/cmd/internal/flag.go index f00fac4865..b2eb694f96 100644 --- a/cmd/internal/flag.go +++ b/cmd/internal/flag.go @@ -56,6 +56,8 @@ var ( imageVerifyCacheEnabled bool imageVerifyCacheTTLDuration time.Duration imageVerifyCacheMaxSize int64 + // alternate report storage + alternateReportStorage bool ) func initLoggingFlags() { @@ -133,6 +135,10 @@ func initCleanupFlags() { flag.StringVar(&cleanupServerPort, "cleanupServerPort", "9443", "kyverno cleanup server port, defaults to '9443'.") } +func initAltReportStoreFlag() { + flag.BoolVar(&alternateReportStorage, "alternateReportStorage", false, "Store kyverno intermediate reports in a separate api group reports.kyverno.io. defaults to false.") +} + type options struct { clientRateLimitQPS float64 clientRateLimitBurst int @@ -216,6 +222,10 @@ func initFlags(config Configuration, opts ...Option) { if config.UsesLeaderElection() { initLeaderElectionFlags() } + // alternate report storage + if config.UsesAlternateReportStore() { + initAltReportStoreFlag() + } initCleanupFlags() diff --git a/cmd/internal/setup.go b/cmd/internal/setup.go index b30a443ffd..f013d93996 100644 --- a/cmd/internal/setup.go +++ b/cmd/internal/setup.go @@ -16,6 +16,7 @@ import ( "github.com/kyverno/kyverno/pkg/imageverifycache" "github.com/kyverno/kyverno/pkg/metrics" "github.com/kyverno/kyverno/pkg/registryclient" + "github.com/kyverno/kyverno/pkg/report" eventsv1 "k8s.io/client-go/kubernetes/typed/events/v1" corev1listers "k8s.io/client-go/listers/core/v1" ) @@ -48,6 +49,7 @@ type SetupResult struct { MetadataClient metadataclient.UpstreamInterface KyvernoDynamicClient dclient.Interface EventsClient eventsv1.EventsV1Interface + ReportManager report.Interface } func Setup(config Configuration, name string, skipResourceFilters bool) (context.Context, SetupResult, context.CancelFunc) { @@ -82,8 +84,13 @@ func Setup(config Configuration, name string, skipResourceFilters bool) (context leaderElectionClient = createKubernetesClient(logger, clientRateLimitQPS, clientRateLimitBurst, kubeclient.WithMetrics(metricsManager, metrics.KubeClient), kubeclient.WithTracing()) } var kyvernoClient kyvernoclient.UpstreamInterface + var reportManager report.Interface if config.UsesKyvernoClient() { kyvernoClient = createKyvernoClient(logger, kyvernoclient.WithMetrics(metricsManager, metrics.KyvernoClient), kyvernoclient.WithTracing()) + + if config.UsesAlternateReportStore() { + reportManager = report.NewReportManager(alternateReportStorage, kyvernoClient) + } } var dynamicClient dynamicclient.UpstreamInterface if config.UsesDynamicClient() { @@ -123,6 +130,7 @@ func Setup(config Configuration, name string, skipResourceFilters bool) (context MetadataClient: metadataClient, KyvernoDynamicClient: dClient, EventsClient: eventsClient, + ReportManager: reportManager, }, shutdown(logger.WithName("shutdown"), sdownMaxProcs, sdownMetrics, sdownTracing, sdownSignals) } diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index 8af7959c9d..bd5c1a4db2 100644 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -254,6 +254,7 @@ func main() { internal.WithImageVerifyCache(), internal.WithLeaderElection(), internal.WithKyvernoClient(), + internal.WithAlternateReportStore(), internal.WithDynamicClient(), internal.WithKyvernoDynamicClient(), internal.WithEventsClient(), @@ -482,6 +483,7 @@ func main() { engine, setup.KyvernoDynamicClient, setup.KyvernoClient, + setup.ReportManager, setup.Configuration, setup.MetricsManager, policyCache, diff --git a/cmd/reports-controller/main.go b/cmd/reports-controller/main.go index 5bdf92f9b0..768661d7dd 100644 --- a/cmd/reports-controller/main.go +++ b/cmd/reports-controller/main.go @@ -24,6 +24,7 @@ import ( "github.com/kyverno/kyverno/pkg/event" "github.com/kyverno/kyverno/pkg/leaderelection" "github.com/kyverno/kyverno/pkg/logging" + "github.com/kyverno/kyverno/pkg/report" "k8s.io/apimachinery/pkg/runtime/schema" kubeinformers "k8s.io/client-go/informers" admissionregistrationv1alpha1informers "k8s.io/client-go/informers/admissionregistration/v1alpha1" @@ -46,6 +47,7 @@ func createReportControllers( backgroundScanWorkers int, client dclient.Interface, kyvernoClient versioned.Interface, + reportManager report.Interface, metadataFactory metadatainformers.SharedInformerFactory, kubeInformer kubeinformers.SharedInformerFactory, kyvernoInformer kyvernoinformer.SharedInformerFactory, @@ -85,6 +87,7 @@ func createReportControllers( aggregatereportcontroller.NewController( kyvernoClient, metadataFactory, + reportManager, kyvernoV1.Policies(), kyvernoV1.ClusterPolicies(), vapInformer, @@ -101,6 +104,7 @@ func createReportControllers( kyvernoClient, client, metadataFactory, + reportManager, ), admissionreportcontroller.Workers, )) @@ -109,6 +113,7 @@ func createReportControllers( backgroundScanController := backgroundscancontroller.NewController( client, kyvernoClient, + reportManager, eng, metadataFactory, kyvernoV1.Policies(), @@ -153,6 +158,7 @@ func createrLeaderControllers( kyvernoInformer kyvernoinformer.SharedInformerFactory, metadataInformer metadatainformers.SharedInformerFactory, kyvernoClient versioned.Interface, + reportManager report.Interface, dynamicClient dclient.Interface, configuration config.Configuration, jp jmespath.Interface, @@ -170,6 +176,7 @@ func createrLeaderControllers( backgroundScanWorkers, dynamicClient, kyvernoClient, + reportManager, metadataInformer, kubeInformer, kyvernoInformer, @@ -223,6 +230,7 @@ func main() { internal.WithImageVerifyCache(), internal.WithLeaderElection(), internal.WithKyvernoClient(), + internal.WithAlternateReportStore(), internal.WithDynamicClient(), internal.WithMetadataClient(), internal.WithKyvernoDynamicClient(), @@ -313,6 +321,7 @@ func main() { kyvernoInformer, metadataInformer, setup.KyvernoClient, + setup.ReportManager, setup.KyvernoDynamicClient, setup.Configuration, setup.Jp, diff --git a/config/crds/reports.kyverno.io_admissionreports.yaml b/config/crds/reports.kyverno.io_admissionreports.yaml new file mode 100644 index 0000000000..b057e8eb75 --- /dev/null +++ b/config/crds/reports.kyverno.io_admissionreports.yaml @@ -0,0 +1,330 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: admissionreports.reports.kyverno.io +spec: + group: reports.kyverno.io + names: + categories: + - kyverno + kind: AdmissionReport + listKind: AdmissionReportList + plural: admissionreports + shortNames: + - admr + singular: admissionreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.summary.pass + name: PASS + type: integer + - jsonPath: .spec.summary.fail + name: FAIL + type: integer + - jsonPath: .spec.summary.warn + name: WARN + type: integer + - jsonPath: .spec.summary.error + name: ERROR + type: integer + - jsonPath: .spec.summary.skip + name: SKIP + type: integer + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] + name: GVR + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] + name: REF + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] + name: AGGREGATE + priority: 1 + type: string + name: v1 + schema: + openAPIV3Schema: + description: AdmissionReport is the Schema for the AdmissionReports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + owner: + description: Owner is a reference to the report owner (e.g. a Deployment, + Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and + enforces the foreground deletion. Defaults to false. To set + this field, a user needs "delete" permission of the owner, otherwise + 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for + the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for + the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result + may apply to all pods that match a label. Either a Subject + or a SubjectSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked + Kubernetes resources + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- New + uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored fields. + \ It includes many fields which are not generally honored. + \ For instance, ResourceVersion and FieldPath are both very + rarely valid in actual usage. 2. Invalid usage help. It + is impossible to add specific help for individual usage. + \ In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not + honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation rules + are different by usage, which makes it hard for users to + predict what will happen. 4. The fields are both imprecise + and overly precise. Kind is not a precise mapping to a + URL. This can produce ambiguity during interpretation and + require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this + type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n + Instead of using this type, create a locally provided and + used type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule + execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within + the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must + still have non-negative nanos values that count forward + in time. Must be from 0 to 999,999,999 inclusive. This + field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z + to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not + be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not + selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + required: + - owner + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} diff --git a/config/crds/reports.kyverno.io_backgroundscanreports.yaml b/config/crds/reports.kyverno.io_backgroundscanreports.yaml new file mode 100644 index 0000000000..e6c76d5f4d --- /dev/null +++ b/config/crds/reports.kyverno.io_backgroundscanreports.yaml @@ -0,0 +1,297 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: backgroundscanreports.reports.kyverno.io +spec: + group: reports.kyverno.io + names: + categories: + - kyverno + kind: BackgroundScanReport + listKind: BackgroundScanReportList + plural: backgroundscanreports + shortNames: + - bgscanr + singular: backgroundscanreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.ownerReferences[0].apiVersion + name: ApiVersion + type: string + - jsonPath: .metadata.ownerReferences[0].kind + name: Kind + type: string + - jsonPath: .metadata.ownerReferences[0].name + name: Subject + type: string + - jsonPath: .spec.summary.pass + name: Pass + type: integer + - jsonPath: .spec.summary.fail + name: Fail + type: integer + - jsonPath: .spec.summary.warn + name: Warn + type: integer + - jsonPath: .spec.summary.error + name: Error + type: integer + - jsonPath: .spec.summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] + name: Hash + priority: 1 + type: string + name: v1 + schema: + openAPIV3Schema: + description: BackgroundScanReport is the Schema for the BackgroundScanReports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for + the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for + the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result + may apply to all pods that match a label. Either a Subject + or a SubjectSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked + Kubernetes resources + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- New + uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored fields. + \ It includes many fields which are not generally honored. + \ For instance, ResourceVersion and FieldPath are both very + rarely valid in actual usage. 2. Invalid usage help. It + is impossible to add specific help for individual usage. + \ In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not + honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation rules + are different by usage, which makes it hard for users to + predict what will happen. 4. The fields are both imprecise + and overly precise. Kind is not a precise mapping to a + URL. This can produce ambiguity during interpretation and + require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this + type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n + Instead of using this type, create a locally provided and + used type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule + execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within + the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must + still have non-negative nanos values that count forward + in time. Must be from 0 to 999,999,999 inclusive. This + field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z + to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not + be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not + selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} diff --git a/config/crds/reports.kyverno.io_clusteradmissionreports.yaml b/config/crds/reports.kyverno.io_clusteradmissionreports.yaml new file mode 100644 index 0000000000..5719dc5e06 --- /dev/null +++ b/config/crds/reports.kyverno.io_clusteradmissionreports.yaml @@ -0,0 +1,331 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: clusteradmissionreports.reports.kyverno.io +spec: + group: reports.kyverno.io + names: + categories: + - kyverno + kind: ClusterAdmissionReport + listKind: ClusterAdmissionReportList + plural: clusteradmissionreports + shortNames: + - cadmr + singular: clusteradmissionreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.summary.pass + name: PASS + type: integer + - jsonPath: .spec.summary.fail + name: FAIL + type: integer + - jsonPath: .spec.summary.warn + name: WARN + type: integer + - jsonPath: .spec.summary.error + name: ERROR + type: integer + - jsonPath: .spec.summary.skip + name: SKIP + type: integer + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] + name: GVR + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] + name: REF + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] + name: AGGREGATE + priority: 1 + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterAdmissionReport is the Schema for the ClusterAdmissionReports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + owner: + description: Owner is a reference to the report owner (e.g. a Deployment, + Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and + enforces the foreground deletion. Defaults to false. To set + this field, a user needs "delete" permission of the owner, otherwise + 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for + the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for + the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result + may apply to all pods that match a label. Either a Subject + or a SubjectSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked + Kubernetes resources + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- New + uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored fields. + \ It includes many fields which are not generally honored. + \ For instance, ResourceVersion and FieldPath are both very + rarely valid in actual usage. 2. Invalid usage help. It + is impossible to add specific help for individual usage. + \ In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not + honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation rules + are different by usage, which makes it hard for users to + predict what will happen. 4. The fields are both imprecise + and overly precise. Kind is not a precise mapping to a + URL. This can produce ambiguity during interpretation and + require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this + type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n + Instead of using this type, create a locally provided and + used type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule + execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within + the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must + still have non-negative nanos values that count forward + in time. Must be from 0 to 999,999,999 inclusive. This + field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z + to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not + be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not + selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + required: + - owner + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} diff --git a/config/crds/reports.kyverno.io_clusterbackgroundscanreports.yaml b/config/crds/reports.kyverno.io_clusterbackgroundscanreports.yaml new file mode 100644 index 0000000000..fe35fee68b --- /dev/null +++ b/config/crds/reports.kyverno.io_clusterbackgroundscanreports.yaml @@ -0,0 +1,297 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: clusterbackgroundscanreports.reports.kyverno.io +spec: + group: reports.kyverno.io + names: + categories: + - kyverno + kind: ClusterBackgroundScanReport + listKind: ClusterBackgroundScanReportList + plural: clusterbackgroundscanreports + shortNames: + - cbgscanr + singular: clusterbackgroundscanreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.ownerReferences[0].apiVersion + name: ApiVersion + type: string + - jsonPath: .metadata.ownerReferences[0].kind + name: Kind + type: string + - jsonPath: .metadata.ownerReferences[0].name + name: Subject + type: string + - jsonPath: .spec.summary.pass + name: Pass + type: integer + - jsonPath: .spec.summary.fail + name: Fail + type: integer + - jsonPath: .spec.summary.warn + name: Warn + type: integer + - jsonPath: .spec.summary.error + name: Error + type: integer + - jsonPath: .spec.summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] + name: Hash + priority: 1 + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for + the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for + the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result + may apply to all pods that match a label. Either a Subject + or a SubjectSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked + Kubernetes resources + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- New + uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored fields. + \ It includes many fields which are not generally honored. + \ For instance, ResourceVersion and FieldPath are both very + rarely valid in actual usage. 2. Invalid usage help. It + is impossible to add specific help for individual usage. + \ In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not + honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation rules + are different by usage, which makes it hard for users to + predict what will happen. 4. The fields are both imprecise + and overly precise. Kind is not a precise mapping to a + URL. This can produce ambiguity during interpretation and + require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this + type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n + Instead of using this type, create a locally provided and + used type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule + execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within + the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must + still have non-negative nanos values that count forward + in time. Must be from 0 to 999,999,999 inclusive. This + field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z + to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not + be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not + selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml index 276a388cc1..580a96e71a 100644 --- a/config/install-latest-testing.yaml +++ b/config/install-latest-testing.yaml @@ -48471,6 +48471,1289 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: crds + app.kubernetes.io/instance: kyverno + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyverno-crds + app.kubernetes.io/version: 0.0.0 + helm.sh/chart: crds-0.0.0 + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: admissionreports.reports.kyverno.io +spec: + group: reports.kyverno.io + names: + categories: + - kyverno + kind: AdmissionReport + listKind: AdmissionReportList + plural: admissionreports + shortNames: + - admr + singular: admissionreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.summary.pass + name: PASS + type: integer + - jsonPath: .spec.summary.fail + name: FAIL + type: integer + - jsonPath: .spec.summary.warn + name: WARN + type: integer + - jsonPath: .spec.summary.error + name: ERROR + type: integer + - jsonPath: .spec.summary.skip + name: SKIP + type: integer + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] + name: GVR + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] + name: REF + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] + name: AGGREGATE + priority: 1 + type: string + name: v1 + schema: + openAPIV3Schema: + description: AdmissionReport is the Schema for the AdmissionReports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + owner: + description: Owner is a reference to the report owner (e.g. a Deployment, + Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and + enforces the foreground deletion. Defaults to false. To set + this field, a user needs "delete" permission of the owner, otherwise + 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for + the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for + the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result + may apply to all pods that match a label. Either a Subject + or a SubjectSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked + Kubernetes resources + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- New + uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored fields. + \ It includes many fields which are not generally honored. + \ For instance, ResourceVersion and FieldPath are both very + rarely valid in actual usage. 2. Invalid usage help. It + is impossible to add specific help for individual usage. + \ In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not + honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation rules + are different by usage, which makes it hard for users to + predict what will happen. 4. The fields are both imprecise + and overly precise. Kind is not a precise mapping to a + URL. This can produce ambiguity during interpretation and + require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this + type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n + Instead of using this type, create a locally provided and + used type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule + execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within + the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must + still have non-negative nanos values that count forward + in time. Must be from 0 to 999,999,999 inclusive. This + field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z + to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not + be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not + selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + required: + - owner + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: crds + app.kubernetes.io/instance: kyverno + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyverno-crds + app.kubernetes.io/version: 0.0.0 + helm.sh/chart: crds-0.0.0 + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: backgroundscanreports.reports.kyverno.io +spec: + group: reports.kyverno.io + names: + categories: + - kyverno + kind: BackgroundScanReport + listKind: BackgroundScanReportList + plural: backgroundscanreports + shortNames: + - bgscanr + singular: backgroundscanreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.ownerReferences[0].apiVersion + name: ApiVersion + type: string + - jsonPath: .metadata.ownerReferences[0].kind + name: Kind + type: string + - jsonPath: .metadata.ownerReferences[0].name + name: Subject + type: string + - jsonPath: .spec.summary.pass + name: Pass + type: integer + - jsonPath: .spec.summary.fail + name: Fail + type: integer + - jsonPath: .spec.summary.warn + name: Warn + type: integer + - jsonPath: .spec.summary.error + name: Error + type: integer + - jsonPath: .spec.summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] + name: Hash + priority: 1 + type: string + name: v1 + schema: + openAPIV3Schema: + description: BackgroundScanReport is the Schema for the BackgroundScanReports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for + the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for + the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result + may apply to all pods that match a label. Either a Subject + or a SubjectSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked + Kubernetes resources + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- New + uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored fields. + \ It includes many fields which are not generally honored. + \ For instance, ResourceVersion and FieldPath are both very + rarely valid in actual usage. 2. Invalid usage help. It + is impossible to add specific help for individual usage. + \ In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not + honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation rules + are different by usage, which makes it hard for users to + predict what will happen. 4. The fields are both imprecise + and overly precise. Kind is not a precise mapping to a + URL. This can produce ambiguity during interpretation and + require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this + type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n + Instead of using this type, create a locally provided and + used type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule + execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within + the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must + still have non-negative nanos values that count forward + in time. Must be from 0 to 999,999,999 inclusive. This + field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z + to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not + be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not + selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: crds + app.kubernetes.io/instance: kyverno + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyverno-crds + app.kubernetes.io/version: 0.0.0 + helm.sh/chart: crds-0.0.0 + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: clusteradmissionreports.reports.kyverno.io +spec: + group: reports.kyverno.io + names: + categories: + - kyverno + kind: ClusterAdmissionReport + listKind: ClusterAdmissionReportList + plural: clusteradmissionreports + shortNames: + - cadmr + singular: clusteradmissionreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.summary.pass + name: PASS + type: integer + - jsonPath: .spec.summary.fail + name: FAIL + type: integer + - jsonPath: .spec.summary.warn + name: WARN + type: integer + - jsonPath: .spec.summary.error + name: ERROR + type: integer + - jsonPath: .spec.summary.skip + name: SKIP + type: integer + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] + name: GVR + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] + name: REF + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] + name: AGGREGATE + priority: 1 + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterAdmissionReport is the Schema for the ClusterAdmissionReports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + owner: + description: Owner is a reference to the report owner (e.g. a Deployment, + Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and + enforces the foreground deletion. Defaults to false. To set + this field, a user needs "delete" permission of the owner, otherwise + 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for + the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for + the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result + may apply to all pods that match a label. Either a Subject + or a SubjectSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked + Kubernetes resources + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- New + uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored fields. + \ It includes many fields which are not generally honored. + \ For instance, ResourceVersion and FieldPath are both very + rarely valid in actual usage. 2. Invalid usage help. It + is impossible to add specific help for individual usage. + \ In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not + honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation rules + are different by usage, which makes it hard for users to + predict what will happen. 4. The fields are both imprecise + and overly precise. Kind is not a precise mapping to a + URL. This can produce ambiguity during interpretation and + require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this + type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n + Instead of using this type, create a locally provided and + used type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule + execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within + the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must + still have non-negative nanos values that count forward + in time. Must be from 0 to 999,999,999 inclusive. This + field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z + to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not + be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not + selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + required: + - owner + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: crds + app.kubernetes.io/instance: kyverno + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyverno-crds + app.kubernetes.io/version: 0.0.0 + helm.sh/chart: crds-0.0.0 + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: clusterbackgroundscanreports.reports.kyverno.io +spec: + group: reports.kyverno.io + names: + categories: + - kyverno + kind: ClusterBackgroundScanReport + listKind: ClusterBackgroundScanReportList + plural: clusterbackgroundscanreports + shortNames: + - cbgscanr + singular: clusterbackgroundscanreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.ownerReferences[0].apiVersion + name: ApiVersion + type: string + - jsonPath: .metadata.ownerReferences[0].kind + name: Kind + type: string + - jsonPath: .metadata.ownerReferences[0].name + name: Subject + type: string + - jsonPath: .spec.summary.pass + name: Pass + type: integer + - jsonPath: .spec.summary.fail + name: Fail + type: integer + - jsonPath: .spec.summary.warn + name: Warn + type: integer + - jsonPath: .spec.summary.error + name: Error + type: integer + - jsonPath: .spec.summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] + name: Hash + priority: 1 + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual + policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for + the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for + the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for + checked Kubernetes resources. For example, a policy result + may apply to all pods that match a label. Either a Subject + or a SubjectSelector can be specified. If neither are provided, + the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked + Kubernetes resources + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- New + uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored fields. + \ It includes many fields which are not generally honored. + \ For instance, ResourceVersion and FieldPath are both very + rarely valid in actual usage. 2. Invalid usage help. It + is impossible to add specific help for individual usage. + \ In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not + honored\" or \"name must be restricted\". Those cannot be + well described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation rules + are different by usage, which makes it hard for users to + predict what will happen. 4. The fields are both imprecise + and overly precise. Kind is not a precise mapping to a + URL. This can produce ambiguity during interpretation and + require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this + type will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. \n + Instead of using this type, create a locally provided and + used type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule + execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within + the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that + manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond + resolution. Negative second values with fractions must + still have non-negative nanos values that count forward + in time. Must be from 0 to 999,999,999 inclusive. This + field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch + 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z + to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not + be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements + were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements + were met + type: integer + skip: + description: Skip indicates the count of policies that were not + selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose + requirements were not met + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: labels: app.kubernetes.io/component: crds @@ -49275,6 +50558,22 @@ rules: - update - watch - deletecollection + - apiGroups: + - reports.kyverno.io + resources: + - admissionreports + - clusteradmissionreports + - backgroundscanreports + - clusterbackgroundscanreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection - apiGroups: - wgpolicyk8s.io resources: @@ -49551,6 +50850,15 @@ rules: - list - deletecollection - delete + - apiGroups: + - reports.kyverno.io + resources: + - admissionreports + - clusteradmissionreports + verbs: + - list + - deletecollection + - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -49674,6 +50982,21 @@ rules: - patch - update - watch + - apiGroups: + - reports.kyverno.io + resources: + - admissionreports + - clusteradmissionreports + - backgroundscanreports + - clusterbackgroundscanreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -49697,6 +51020,17 @@ rules: - get - list - watch + - apiGroups: + - reports.kyverno.io + resources: + - admissionreports + - clusteradmissionreports + - backgroundscanreports + - clusterbackgroundscanreports + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -49805,6 +51139,22 @@ rules: - update - watch - deletecollection + - apiGroups: + - reports.kyverno.io + resources: + - admissionreports + - clusteradmissionreports + - backgroundscanreports + - clusterbackgroundscanreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection - apiGroups: - wgpolicyk8s.io resources: @@ -50429,6 +51779,7 @@ spec: - --otelConfig=prometheus - --metricsPort=8000 - --admissionReports=true + - --alternateReportStorage=false - --autoUpdateWebhooks=true - --enableConfigMapCaching=true - --enableDeferredLoading=true @@ -50584,6 +51935,7 @@ spec: - --disableMetrics=false - --otelConfig=prometheus - --metricsPort=8000 + - --alternateReportStorage=false - --enableConfigMapCaching=true - --enableDeferredLoading=true - --loggingFormat=text @@ -50824,6 +52176,7 @@ spec: - --metricsPort=8000 - --admissionReports=true - --aggregateReports=true + - --alternateReportStorage=false - --policyReports=true - --validatingAdmissionPolicyReports=false - --backgroundScan=true @@ -50911,10 +52264,10 @@ spec: - /bin/sh - -c - | - COUNT=$(kubectl get admissionreports.kyverno.io -A | wc -l) + COUNT=$(kubectl get admissionreports.reports.kyverno.io -A | wc -l) if [ "$COUNT" -gt 10000 ]; then echo "too many reports found ($COUNT), cleaning up..." - kubectl delete admissionreports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate' + kubectl delete admissionreports.reports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate' else echo "($COUNT) reports found, no clean up needed" fi @@ -50959,10 +52312,10 @@ spec: - /bin/sh - -c - | - COUNT=$(kubectl get clusteradmissionreports.kyverno.io -A | wc -l) + COUNT=$(kubectl get clusteradmissionreports.reports.kyverno.io -A | wc -l) if [ "$COUNT" -gt 10000 ]; then echo "too many reports found ($COUNT), cleaning up..." - kubectl delete clusteradmissionreports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate' + kubectl delete clusteradmissionreports.reports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate' else echo "($COUNT) reports found, no clean up needed" fi diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html index c81187fe02..baa6c0a3e4 100644 --- a/docs/user/crd/index.html +++ b/docs/user/crd/index.html @@ -36,6 +36,9 @@ background-color: #1589dd; kyverno.io/v2beta1
  • +reports.kyverno.io/v1 +
    • +
  • wgpolicyk8s.io/v1alpha2
    • @@ -9987,6 +9990,519 @@ CEL
    +

    reports.kyverno.io/v1

    +

    +

    +Resource Types: + +
    +

    AdmissionReport +

    +

    +

    AdmissionReport is the Schema for the AdmissionReports API

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +apiVersion
    +string    		 + +reports.kyverno.io/v1 + +
    +kind
    +string +    		AdmissionReport
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +spec
    + + +AdmissionReportSpec + + +    		 +
    +
    + + + + + + + + + + + + + +
    +owner
    + + +Kubernetes meta/v1.OwnerReference + + +    		 +

    Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)

    +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +
    +

    BackgroundScanReport +

    +

    +

    BackgroundScanReport is the Schema for the BackgroundScanReports API

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +apiVersion
    +string    		 + +reports.kyverno.io/v1 + +
    +kind
    +string +    		BackgroundScanReport
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +spec
    + + +BackgroundScanReportSpec + + +    		 +
    +
    + + + + + + + + + +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +
    +

    ClusterAdmissionReport +

    +

    +

    ClusterAdmissionReport is the Schema for the ClusterAdmissionReports API

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +apiVersion
    +string    		 + +reports.kyverno.io/v1 + +
    +kind
    +string +    		ClusterAdmissionReport
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +spec
    + + +AdmissionReportSpec + + +    		 +
    +
    + + + + + + + + + + + + + +
    +owner
    + + +Kubernetes meta/v1.OwnerReference + + +    		 +

    Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)

    +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +
    +

    ClusterBackgroundScanReport +

    +

    +

    ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports API

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +apiVersion
    +string    		 + +reports.kyverno.io/v1 + +
    +kind
    +string +    		ClusterBackgroundScanReport
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +spec
    + + +BackgroundScanReportSpec + + +    		 +
    +
    + + + + + + + + + +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +
    +

    AdmissionReportSpec +

    +

    +(Appears on: +AdmissionReport, +ClusterAdmissionReport) +

    +

    +

    + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +owner
    + + +Kubernetes meta/v1.OwnerReference + + +    		 +

    Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)

    +
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +
    +

    BackgroundScanReportSpec +

    +

    +(Appears on: +BackgroundScanReport, +ClusterBackgroundScanReport) +

    +

    +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +summary
    + + +PolicyReportSummary + + +    		 +(Optional) +

    PolicyReportSummary provides a summary of results

    +
    +results
    + + +[]PolicyReportResult + + +    		 +(Optional) +

    PolicyReportResult provides result details

    +
    +

    wgpolicyk8s.io/v1alpha2

    Resource Types:
    • @@ -10209,6 +10725,8 @@ PolicyReportSummary (Appears on: ClusterPolicyReport, PolicyReport, +AdmissionReportSpec, +BackgroundScanReportSpec, AdmissionReportSpec, BackgroundScanReportSpec)

      @@ -10383,6 +10901,8 @@ PolicySeverity (Appears on: ClusterPolicyReport, PolicyReport, +AdmissionReportSpec, +BackgroundScanReportSpec, AdmissionReportSpec, BackgroundScanReportSpec)

      diff --git a/pkg/client/applyconfigurations/reports/v1/admissionreport.go b/pkg/client/applyconfigurations/reports/v1/admissionreport.go new file mode 100644 index 0000000000..a974f3b7d7 --- /dev/null +++ b/pkg/client/applyconfigurations/reports/v1/admissionreport.go @@ -0,0 +1,210 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// AdmissionReportApplyConfiguration represents an declarative configuration of the AdmissionReport type for use +// with apply. +type AdmissionReportApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *AdmissionReportSpecApplyConfiguration `json:"spec,omitempty"` +} + +// AdmissionReport constructs an declarative configuration of the AdmissionReport type for use with +// apply. +func AdmissionReport(name, namespace string) *AdmissionReportApplyConfiguration { + b := &AdmissionReportApplyConfiguration{} + b.WithName(name) + b.WithNamespace(namespace) + b.WithKind("AdmissionReport") + b.WithAPIVersion("reports.kyverno.io/v1") + return b +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *AdmissionReportApplyConfiguration) WithKind(value string) *AdmissionReportApplyConfiguration { + b.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *AdmissionReportApplyConfiguration) WithAPIVersion(value string) *AdmissionReportApplyConfiguration { + b.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *AdmissionReportApplyConfiguration) WithName(value string) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *AdmissionReportApplyConfiguration) WithGenerateName(value string) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *AdmissionReportApplyConfiguration) WithNamespace(value string) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *AdmissionReportApplyConfiguration) WithUID(value types.UID) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *AdmissionReportApplyConfiguration) WithResourceVersion(value string) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *AdmissionReportApplyConfiguration) WithGeneration(value int64) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *AdmissionReportApplyConfiguration) WithCreationTimestamp(value metav1.Time) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *AdmissionReportApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *AdmissionReportApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *AdmissionReportApplyConfiguration) WithLabels(entries map[string]string) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *AdmissionReportApplyConfiguration) WithAnnotations(entries map[string]string) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *AdmissionReportApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.OwnerReferences = append(b.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *AdmissionReportApplyConfiguration) WithFinalizers(values ...string) *AdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.Finalizers = append(b.Finalizers, values[i]) + } + return b +} + +func (b *AdmissionReportApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *AdmissionReportApplyConfiguration) WithSpec(value *AdmissionReportSpecApplyConfiguration) *AdmissionReportApplyConfiguration { + b.Spec = value + return b +} diff --git a/pkg/client/applyconfigurations/reports/v1/admissionreportspec.go b/pkg/client/applyconfigurations/reports/v1/admissionreportspec.go new file mode 100644 index 0000000000..c1c6cdce1e --- /dev/null +++ b/pkg/client/applyconfigurations/reports/v1/admissionreportspec.go @@ -0,0 +1,67 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1alpha2 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/policyreport/v1alpha2" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// AdmissionReportSpecApplyConfiguration represents an declarative configuration of the AdmissionReportSpec type for use +// with apply. +type AdmissionReportSpecApplyConfiguration struct { + Owner *v1.OwnerReferenceApplyConfiguration `json:"owner,omitempty"` + Summary *v1alpha2.PolicyReportSummaryApplyConfiguration `json:"summary,omitempty"` + Results []v1alpha2.PolicyReportResultApplyConfiguration `json:"results,omitempty"` +} + +// AdmissionReportSpecApplyConfiguration constructs an declarative configuration of the AdmissionReportSpec type for use with +// apply. +func AdmissionReportSpec() *AdmissionReportSpecApplyConfiguration { + return &AdmissionReportSpecApplyConfiguration{} +} + +// WithOwner sets the Owner field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Owner field is set to the value of the last call. +func (b *AdmissionReportSpecApplyConfiguration) WithOwner(value *v1.OwnerReferenceApplyConfiguration) *AdmissionReportSpecApplyConfiguration { + b.Owner = value + return b +} + +// WithSummary sets the Summary field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Summary field is set to the value of the last call. +func (b *AdmissionReportSpecApplyConfiguration) WithSummary(value *v1alpha2.PolicyReportSummaryApplyConfiguration) *AdmissionReportSpecApplyConfiguration { + b.Summary = value + return b +} + +// WithResults adds the given value to the Results field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Results field. +func (b *AdmissionReportSpecApplyConfiguration) WithResults(values ...*v1alpha2.PolicyReportResultApplyConfiguration) *AdmissionReportSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResults") + } + b.Results = append(b.Results, *values[i]) + } + return b +} diff --git a/pkg/client/applyconfigurations/reports/v1/backgroundscanreport.go b/pkg/client/applyconfigurations/reports/v1/backgroundscanreport.go new file mode 100644 index 0000000000..93b7b00d8e --- /dev/null +++ b/pkg/client/applyconfigurations/reports/v1/backgroundscanreport.go @@ -0,0 +1,210 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// BackgroundScanReportApplyConfiguration represents an declarative configuration of the BackgroundScanReport type for use +// with apply. +type BackgroundScanReportApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *BackgroundScanReportSpecApplyConfiguration `json:"spec,omitempty"` +} + +// BackgroundScanReport constructs an declarative configuration of the BackgroundScanReport type for use with +// apply. +func BackgroundScanReport(name, namespace string) *BackgroundScanReportApplyConfiguration { + b := &BackgroundScanReportApplyConfiguration{} + b.WithName(name) + b.WithNamespace(namespace) + b.WithKind("BackgroundScanReport") + b.WithAPIVersion("reports.kyverno.io/v1") + return b +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *BackgroundScanReportApplyConfiguration) WithKind(value string) *BackgroundScanReportApplyConfiguration { + b.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *BackgroundScanReportApplyConfiguration) WithAPIVersion(value string) *BackgroundScanReportApplyConfiguration { + b.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *BackgroundScanReportApplyConfiguration) WithName(value string) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *BackgroundScanReportApplyConfiguration) WithGenerateName(value string) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *BackgroundScanReportApplyConfiguration) WithNamespace(value string) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *BackgroundScanReportApplyConfiguration) WithUID(value types.UID) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *BackgroundScanReportApplyConfiguration) WithResourceVersion(value string) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *BackgroundScanReportApplyConfiguration) WithGeneration(value int64) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *BackgroundScanReportApplyConfiguration) WithCreationTimestamp(value metav1.Time) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *BackgroundScanReportApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *BackgroundScanReportApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *BackgroundScanReportApplyConfiguration) WithLabels(entries map[string]string) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *BackgroundScanReportApplyConfiguration) WithAnnotations(entries map[string]string) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *BackgroundScanReportApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.OwnerReferences = append(b.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *BackgroundScanReportApplyConfiguration) WithFinalizers(values ...string) *BackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.Finalizers = append(b.Finalizers, values[i]) + } + return b +} + +func (b *BackgroundScanReportApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *BackgroundScanReportApplyConfiguration) WithSpec(value *BackgroundScanReportSpecApplyConfiguration) *BackgroundScanReportApplyConfiguration { + b.Spec = value + return b +} diff --git a/pkg/client/applyconfigurations/reports/v1/backgroundscanreportspec.go b/pkg/client/applyconfigurations/reports/v1/backgroundscanreportspec.go new file mode 100644 index 0000000000..0da16cb9ff --- /dev/null +++ b/pkg/client/applyconfigurations/reports/v1/backgroundscanreportspec.go @@ -0,0 +1,57 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1alpha2 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/policyreport/v1alpha2" +) + +// BackgroundScanReportSpecApplyConfiguration represents an declarative configuration of the BackgroundScanReportSpec type for use +// with apply. +type BackgroundScanReportSpecApplyConfiguration struct { + Summary *v1alpha2.PolicyReportSummaryApplyConfiguration `json:"summary,omitempty"` + Results []v1alpha2.PolicyReportResultApplyConfiguration `json:"results,omitempty"` +} + +// BackgroundScanReportSpecApplyConfiguration constructs an declarative configuration of the BackgroundScanReportSpec type for use with +// apply. +func BackgroundScanReportSpec() *BackgroundScanReportSpecApplyConfiguration { + return &BackgroundScanReportSpecApplyConfiguration{} +} + +// WithSummary sets the Summary field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Summary field is set to the value of the last call. +func (b *BackgroundScanReportSpecApplyConfiguration) WithSummary(value *v1alpha2.PolicyReportSummaryApplyConfiguration) *BackgroundScanReportSpecApplyConfiguration { + b.Summary = value + return b +} + +// WithResults adds the given value to the Results field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Results field. +func (b *BackgroundScanReportSpecApplyConfiguration) WithResults(values ...*v1alpha2.PolicyReportResultApplyConfiguration) *BackgroundScanReportSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResults") + } + b.Results = append(b.Results, *values[i]) + } + return b +} diff --git a/pkg/client/applyconfigurations/reports/v1/clusteradmissionreport.go b/pkg/client/applyconfigurations/reports/v1/clusteradmissionreport.go new file mode 100644 index 0000000000..845fc5014f --- /dev/null +++ b/pkg/client/applyconfigurations/reports/v1/clusteradmissionreport.go @@ -0,0 +1,209 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// ClusterAdmissionReportApplyConfiguration represents an declarative configuration of the ClusterAdmissionReport type for use +// with apply. +type ClusterAdmissionReportApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *AdmissionReportSpecApplyConfiguration `json:"spec,omitempty"` +} + +// ClusterAdmissionReport constructs an declarative configuration of the ClusterAdmissionReport type for use with +// apply. +func ClusterAdmissionReport(name string) *ClusterAdmissionReportApplyConfiguration { + b := &ClusterAdmissionReportApplyConfiguration{} + b.WithName(name) + b.WithKind("ClusterAdmissionReport") + b.WithAPIVersion("reports.kyverno.io/v1") + return b +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *ClusterAdmissionReportApplyConfiguration) WithKind(value string) *ClusterAdmissionReportApplyConfiguration { + b.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *ClusterAdmissionReportApplyConfiguration) WithAPIVersion(value string) *ClusterAdmissionReportApplyConfiguration { + b.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *ClusterAdmissionReportApplyConfiguration) WithName(value string) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *ClusterAdmissionReportApplyConfiguration) WithGenerateName(value string) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *ClusterAdmissionReportApplyConfiguration) WithNamespace(value string) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *ClusterAdmissionReportApplyConfiguration) WithUID(value types.UID) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *ClusterAdmissionReportApplyConfiguration) WithResourceVersion(value string) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *ClusterAdmissionReportApplyConfiguration) WithGeneration(value int64) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *ClusterAdmissionReportApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *ClusterAdmissionReportApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *ClusterAdmissionReportApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *ClusterAdmissionReportApplyConfiguration) WithLabels(entries map[string]string) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *ClusterAdmissionReportApplyConfiguration) WithAnnotations(entries map[string]string) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *ClusterAdmissionReportApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.OwnerReferences = append(b.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *ClusterAdmissionReportApplyConfiguration) WithFinalizers(values ...string) *ClusterAdmissionReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.Finalizers = append(b.Finalizers, values[i]) + } + return b +} + +func (b *ClusterAdmissionReportApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *ClusterAdmissionReportApplyConfiguration) WithSpec(value *AdmissionReportSpecApplyConfiguration) *ClusterAdmissionReportApplyConfiguration { + b.Spec = value + return b +} diff --git a/pkg/client/applyconfigurations/reports/v1/clusterbackgroundscanreport.go b/pkg/client/applyconfigurations/reports/v1/clusterbackgroundscanreport.go new file mode 100644 index 0000000000..25059c9dcf --- /dev/null +++ b/pkg/client/applyconfigurations/reports/v1/clusterbackgroundscanreport.go @@ -0,0 +1,209 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// ClusterBackgroundScanReportApplyConfiguration represents an declarative configuration of the ClusterBackgroundScanReport type for use +// with apply. +type ClusterBackgroundScanReportApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *BackgroundScanReportSpecApplyConfiguration `json:"spec,omitempty"` +} + +// ClusterBackgroundScanReport constructs an declarative configuration of the ClusterBackgroundScanReport type for use with +// apply. +func ClusterBackgroundScanReport(name string) *ClusterBackgroundScanReportApplyConfiguration { + b := &ClusterBackgroundScanReportApplyConfiguration{} + b.WithName(name) + b.WithKind("ClusterBackgroundScanReport") + b.WithAPIVersion("reports.kyverno.io/v1") + return b +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithKind(value string) *ClusterBackgroundScanReportApplyConfiguration { + b.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithAPIVersion(value string) *ClusterBackgroundScanReportApplyConfiguration { + b.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithName(value string) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithGenerateName(value string) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithNamespace(value string) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithUID(value types.UID) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithResourceVersion(value string) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithGeneration(value int64) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithLabels(entries map[string]string) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithAnnotations(entries map[string]string) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.OwnerReferences = append(b.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithFinalizers(values ...string) *ClusterBackgroundScanReportApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.Finalizers = append(b.Finalizers, values[i]) + } + return b +} + +func (b *ClusterBackgroundScanReportApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *ClusterBackgroundScanReportApplyConfiguration) WithSpec(value *BackgroundScanReportSpecApplyConfiguration) *ClusterBackgroundScanReportApplyConfiguration { + b.Spec = value + return b +} diff --git a/pkg/client/applyconfigurations/utils.go b/pkg/client/applyconfigurations/utils.go index 8312eda056..fa54814302 100644 --- a/pkg/client/applyconfigurations/utils.go +++ b/pkg/client/applyconfigurations/utils.go @@ -19,6 +19,7 @@ limitations under the License. package applyconfigurations import ( + reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" v1 "github.com/kyverno/kyverno/api/kyverno/v1" v1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" v1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1" @@ -33,6 +34,7 @@ import ( kyvernov2alpha1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v2alpha1" kyvernov2beta1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v2beta1" applyconfigurationspolicyreportv1alpha2 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/policyreport/v1alpha2" + applyconfigurationsreportsv1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/reports/v1" schema "k8s.io/apimachinery/pkg/runtime/schema" ) @@ -256,6 +258,20 @@ func ForKind(kind schema.GroupVersionKind) interface{} { case v2beta1.SchemeGroupVersion.WithKind("Validation"): return &kyvernov2beta1.ValidationApplyConfiguration{} + // Group=reports.kyverno.io, Version=v1 + case reportsv1.SchemeGroupVersion.WithKind("AdmissionReport"): + return &applyconfigurationsreportsv1.AdmissionReportApplyConfiguration{} + case reportsv1.SchemeGroupVersion.WithKind("AdmissionReportSpec"): + return &applyconfigurationsreportsv1.AdmissionReportSpecApplyConfiguration{} + case reportsv1.SchemeGroupVersion.WithKind("BackgroundScanReport"): + return &applyconfigurationsreportsv1.BackgroundScanReportApplyConfiguration{} + case reportsv1.SchemeGroupVersion.WithKind("BackgroundScanReportSpec"): + return &applyconfigurationsreportsv1.BackgroundScanReportSpecApplyConfiguration{} + case reportsv1.SchemeGroupVersion.WithKind("ClusterAdmissionReport"): + return &applyconfigurationsreportsv1.ClusterAdmissionReportApplyConfiguration{} + case reportsv1.SchemeGroupVersion.WithKind("ClusterBackgroundScanReport"): + return &applyconfigurationsreportsv1.ClusterBackgroundScanReportApplyConfiguration{} + // Group=wgpolicyk8s.io, Version=v1alpha2 case policyreportv1alpha2.SchemeGroupVersion.WithKind("ClusterPolicyReport"): return &applyconfigurationspolicyreportv1alpha2.ClusterPolicyReportApplyConfiguration{} diff --git a/pkg/client/clientset/versioned/clientset.go b/pkg/client/clientset/versioned/clientset.go index dc8647fe83..b441a72855 100644 --- a/pkg/client/clientset/versioned/clientset.go +++ b/pkg/client/clientset/versioned/clientset.go @@ -29,6 +29,7 @@ import ( kyvernov2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1" kyvernov2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1" wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2" + reportsv1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" flowcontrol "k8s.io/client-go/util/flowcontrol" @@ -43,6 +44,7 @@ type Interface interface { KyvernoV2beta1() kyvernov2beta1.KyvernoV2beta1Interface KyvernoV2alpha1() kyvernov2alpha1.KyvernoV2alpha1Interface Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface + ReportsV1() reportsv1.ReportsV1Interface } // Clientset contains the clients for groups. @@ -55,6 +57,7 @@ type Clientset struct { kyvernoV2beta1 *kyvernov2beta1.KyvernoV2beta1Client kyvernoV2alpha1 *kyvernov2alpha1.KyvernoV2alpha1Client wgpolicyk8sV1alpha2 *wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Client + reportsV1 *reportsv1.ReportsV1Client } // KyvernoV1 retrieves the KyvernoV1Client @@ -92,6 +95,11 @@ func (c *Clientset) Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha return c.wgpolicyk8sV1alpha2 } +// ReportsV1 retrieves the ReportsV1Client +func (c *Clientset) ReportsV1() reportsv1.ReportsV1Interface { + return c.reportsV1 +} + // Discovery retrieves the DiscoveryClient func (c *Clientset) Discovery() discovery.DiscoveryInterface { if c == nil { @@ -164,6 +172,10 @@ func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, if err != nil { return nil, err } + cs.reportsV1, err = reportsv1.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfigAndClient(&configShallowCopy, httpClient) if err != nil { @@ -192,6 +204,7 @@ func New(c rest.Interface) *Clientset { cs.kyvernoV2beta1 = kyvernov2beta1.New(c) cs.kyvernoV2alpha1 = kyvernov2alpha1.New(c) cs.wgpolicyk8sV1alpha2 = wgpolicyk8sv1alpha2.New(c) + cs.reportsV1 = reportsv1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) return &cs diff --git a/pkg/client/clientset/versioned/fake/clientset_generated.go b/pkg/client/clientset/versioned/fake/clientset_generated.go index 36b4393ca0..6529f36b1e 100644 --- a/pkg/client/clientset/versioned/fake/clientset_generated.go +++ b/pkg/client/clientset/versioned/fake/clientset_generated.go @@ -34,6 +34,8 @@ import ( fakekyvernov2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1/fake" wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2" fakewgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake" + reportsv1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1" + fakereportsv1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1/fake" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/discovery" @@ -125,3 +127,8 @@ func (c *Clientset) KyvernoV2alpha1() kyvernov2alpha1.KyvernoV2alpha1Interface { func (c *Clientset) Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface { return &fakewgpolicyk8sv1alpha2.FakeWgpolicyk8sV1alpha2{Fake: &c.Fake} } + +// ReportsV1 retrieves the ReportsV1Client +func (c *Clientset) ReportsV1() reportsv1.ReportsV1Interface { + return &fakereportsv1.FakeReportsV1{Fake: &c.Fake} +} diff --git a/pkg/client/clientset/versioned/fake/register.go b/pkg/client/clientset/versioned/fake/register.go index e119212635..e46f805c88 100644 --- a/pkg/client/clientset/versioned/fake/register.go +++ b/pkg/client/clientset/versioned/fake/register.go @@ -19,6 +19,7 @@ limitations under the License. package fake import ( + reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1" @@ -44,6 +45,7 @@ var localSchemeBuilder = runtime.SchemeBuilder{ kyvernov2beta1.AddToScheme, kyvernov2alpha1.AddToScheme, wgpolicyk8sv1alpha2.AddToScheme, + reportsv1.AddToScheme, } // AddToScheme adds all types of this clientset into the given scheme. This allows composition diff --git a/pkg/client/clientset/versioned/scheme/register.go b/pkg/client/clientset/versioned/scheme/register.go index b103910b41..53250df83f 100644 --- a/pkg/client/clientset/versioned/scheme/register.go +++ b/pkg/client/clientset/versioned/scheme/register.go @@ -19,6 +19,7 @@ limitations under the License. package scheme import ( + reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1" @@ -44,6 +45,7 @@ var localSchemeBuilder = runtime.SchemeBuilder{ kyvernov2beta1.AddToScheme, kyvernov2alpha1.AddToScheme, wgpolicyk8sv1alpha2.AddToScheme, + reportsv1.AddToScheme, } // AddToScheme adds all types of this clientset into the given scheme. This allows composition diff --git a/pkg/client/clientset/versioned/typed/reports/v1/admissionreport.go b/pkg/client/clientset/versioned/typed/reports/v1/admissionreport.go new file mode 100644 index 0000000000..0365f9d43f --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/admissionreport.go @@ -0,0 +1,178 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// AdmissionReportsGetter has a method to return a AdmissionReportInterface. +// A group's client should implement this interface. +type AdmissionReportsGetter interface { + AdmissionReports(namespace string) AdmissionReportInterface +} + +// AdmissionReportInterface has methods to work with AdmissionReport resources. +type AdmissionReportInterface interface { + Create(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.CreateOptions) (*v1.AdmissionReport, error) + Update(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.UpdateOptions) (*v1.AdmissionReport, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.AdmissionReport, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.AdmissionReportList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.AdmissionReport, err error) + AdmissionReportExpansion +} + +// admissionReports implements AdmissionReportInterface +type admissionReports struct { + client rest.Interface + ns string +} + +// newAdmissionReports returns a AdmissionReports +func newAdmissionReports(c *ReportsV1Client, namespace string) *admissionReports { + return &admissionReports{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the admissionReport, and returns the corresponding admissionReport object, and an error if there is any. +func (c *admissionReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.AdmissionReport, err error) { + result = &v1.AdmissionReport{} + err = c.client.Get(). + Namespace(c.ns). + Resource("admissionreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of AdmissionReports that match those selectors. +func (c *admissionReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.AdmissionReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.AdmissionReportList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("admissionreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested admissionReports. +func (c *admissionReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("admissionreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a admissionReport and creates it. Returns the server's representation of the admissionReport, and an error, if there is any. +func (c *admissionReports) Create(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.CreateOptions) (result *v1.AdmissionReport, err error) { + result = &v1.AdmissionReport{} + err = c.client.Post(). + Namespace(c.ns). + Resource("admissionreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(admissionReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a admissionReport and updates it. Returns the server's representation of the admissionReport, and an error, if there is any. +func (c *admissionReports) Update(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.UpdateOptions) (result *v1.AdmissionReport, err error) { + result = &v1.AdmissionReport{} + err = c.client.Put(). + Namespace(c.ns). + Resource("admissionreports"). + Name(admissionReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(admissionReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the admissionReport and deletes it. Returns an error if one occurs. +func (c *admissionReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("admissionreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *admissionReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("admissionreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched admissionReport. +func (c *admissionReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.AdmissionReport, err error) { + result = &v1.AdmissionReport{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("admissionreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/reports/v1/backgroundscanreport.go b/pkg/client/clientset/versioned/typed/reports/v1/backgroundscanreport.go new file mode 100644 index 0000000000..9e54546242 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/backgroundscanreport.go @@ -0,0 +1,178 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// BackgroundScanReportsGetter has a method to return a BackgroundScanReportInterface. +// A group's client should implement this interface. +type BackgroundScanReportsGetter interface { + BackgroundScanReports(namespace string) BackgroundScanReportInterface +} + +// BackgroundScanReportInterface has methods to work with BackgroundScanReport resources. +type BackgroundScanReportInterface interface { + Create(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.CreateOptions) (*v1.BackgroundScanReport, error) + Update(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.UpdateOptions) (*v1.BackgroundScanReport, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.BackgroundScanReport, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.BackgroundScanReportList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.BackgroundScanReport, err error) + BackgroundScanReportExpansion +} + +// backgroundScanReports implements BackgroundScanReportInterface +type backgroundScanReports struct { + client rest.Interface + ns string +} + +// newBackgroundScanReports returns a BackgroundScanReports +func newBackgroundScanReports(c *ReportsV1Client, namespace string) *backgroundScanReports { + return &backgroundScanReports{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the backgroundScanReport, and returns the corresponding backgroundScanReport object, and an error if there is any. +func (c *backgroundScanReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.BackgroundScanReport, err error) { + result = &v1.BackgroundScanReport{} + err = c.client.Get(). + Namespace(c.ns). + Resource("backgroundscanreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of BackgroundScanReports that match those selectors. +func (c *backgroundScanReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.BackgroundScanReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.BackgroundScanReportList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("backgroundscanreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested backgroundScanReports. +func (c *backgroundScanReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("backgroundscanreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a backgroundScanReport and creates it. Returns the server's representation of the backgroundScanReport, and an error, if there is any. +func (c *backgroundScanReports) Create(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.CreateOptions) (result *v1.BackgroundScanReport, err error) { + result = &v1.BackgroundScanReport{} + err = c.client.Post(). + Namespace(c.ns). + Resource("backgroundscanreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(backgroundScanReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a backgroundScanReport and updates it. Returns the server's representation of the backgroundScanReport, and an error, if there is any. +func (c *backgroundScanReports) Update(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.UpdateOptions) (result *v1.BackgroundScanReport, err error) { + result = &v1.BackgroundScanReport{} + err = c.client.Put(). + Namespace(c.ns). + Resource("backgroundscanreports"). + Name(backgroundScanReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(backgroundScanReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the backgroundScanReport and deletes it. Returns an error if one occurs. +func (c *backgroundScanReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("backgroundscanreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *backgroundScanReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("backgroundscanreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched backgroundScanReport. +func (c *backgroundScanReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.BackgroundScanReport, err error) { + result = &v1.BackgroundScanReport{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("backgroundscanreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/reports/v1/clusteradmissionreport.go b/pkg/client/clientset/versioned/typed/reports/v1/clusteradmissionreport.go new file mode 100644 index 0000000000..0326055a5d --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/clusteradmissionreport.go @@ -0,0 +1,168 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterAdmissionReportsGetter has a method to return a ClusterAdmissionReportInterface. +// A group's client should implement this interface. +type ClusterAdmissionReportsGetter interface { + ClusterAdmissionReports() ClusterAdmissionReportInterface +} + +// ClusterAdmissionReportInterface has methods to work with ClusterAdmissionReport resources. +type ClusterAdmissionReportInterface interface { + Create(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.CreateOptions) (*v1.ClusterAdmissionReport, error) + Update(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.UpdateOptions) (*v1.ClusterAdmissionReport, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterAdmissionReport, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterAdmissionReportList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterAdmissionReport, err error) + ClusterAdmissionReportExpansion +} + +// clusterAdmissionReports implements ClusterAdmissionReportInterface +type clusterAdmissionReports struct { + client rest.Interface +} + +// newClusterAdmissionReports returns a ClusterAdmissionReports +func newClusterAdmissionReports(c *ReportsV1Client) *clusterAdmissionReports { + return &clusterAdmissionReports{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterAdmissionReport, and returns the corresponding clusterAdmissionReport object, and an error if there is any. +func (c *clusterAdmissionReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterAdmissionReport, err error) { + result = &v1.ClusterAdmissionReport{} + err = c.client.Get(). + Resource("clusteradmissionreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterAdmissionReports that match those selectors. +func (c *clusterAdmissionReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterAdmissionReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterAdmissionReportList{} + err = c.client.Get(). + Resource("clusteradmissionreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterAdmissionReports. +func (c *clusterAdmissionReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusteradmissionreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterAdmissionReport and creates it. Returns the server's representation of the clusterAdmissionReport, and an error, if there is any. +func (c *clusterAdmissionReports) Create(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.CreateOptions) (result *v1.ClusterAdmissionReport, err error) { + result = &v1.ClusterAdmissionReport{} + err = c.client.Post(). + Resource("clusteradmissionreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterAdmissionReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterAdmissionReport and updates it. Returns the server's representation of the clusterAdmissionReport, and an error, if there is any. +func (c *clusterAdmissionReports) Update(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.UpdateOptions) (result *v1.ClusterAdmissionReport, err error) { + result = &v1.ClusterAdmissionReport{} + err = c.client.Put(). + Resource("clusteradmissionreports"). + Name(clusterAdmissionReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterAdmissionReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterAdmissionReport and deletes it. Returns an error if one occurs. +func (c *clusterAdmissionReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusteradmissionreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterAdmissionReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusteradmissionreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterAdmissionReport. +func (c *clusterAdmissionReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterAdmissionReport, err error) { + result = &v1.ClusterAdmissionReport{} + err = c.client.Patch(pt). + Resource("clusteradmissionreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/reports/v1/clusterbackgroundscanreport.go b/pkg/client/clientset/versioned/typed/reports/v1/clusterbackgroundscanreport.go new file mode 100644 index 0000000000..6c5ae883e6 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/clusterbackgroundscanreport.go @@ -0,0 +1,168 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + "time" + + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterBackgroundScanReportsGetter has a method to return a ClusterBackgroundScanReportInterface. +// A group's client should implement this interface. +type ClusterBackgroundScanReportsGetter interface { + ClusterBackgroundScanReports() ClusterBackgroundScanReportInterface +} + +// ClusterBackgroundScanReportInterface has methods to work with ClusterBackgroundScanReport resources. +type ClusterBackgroundScanReportInterface interface { + Create(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.CreateOptions) (*v1.ClusterBackgroundScanReport, error) + Update(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.UpdateOptions) (*v1.ClusterBackgroundScanReport, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterBackgroundScanReport, error) + List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterBackgroundScanReportList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterBackgroundScanReport, err error) + ClusterBackgroundScanReportExpansion +} + +// clusterBackgroundScanReports implements ClusterBackgroundScanReportInterface +type clusterBackgroundScanReports struct { + client rest.Interface +} + +// newClusterBackgroundScanReports returns a ClusterBackgroundScanReports +func newClusterBackgroundScanReports(c *ReportsV1Client) *clusterBackgroundScanReports { + return &clusterBackgroundScanReports{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterBackgroundScanReport, and returns the corresponding clusterBackgroundScanReport object, and an error if there is any. +func (c *clusterBackgroundScanReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterBackgroundScanReport, err error) { + result = &v1.ClusterBackgroundScanReport{} + err = c.client.Get(). + Resource("clusterbackgroundscanreports"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterBackgroundScanReports that match those selectors. +func (c *clusterBackgroundScanReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterBackgroundScanReportList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1.ClusterBackgroundScanReportList{} + err = c.client.Get(). + Resource("clusterbackgroundscanreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterBackgroundScanReports. +func (c *clusterBackgroundScanReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clusterbackgroundscanreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterBackgroundScanReport and creates it. Returns the server's representation of the clusterBackgroundScanReport, and an error, if there is any. +func (c *clusterBackgroundScanReports) Create(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.CreateOptions) (result *v1.ClusterBackgroundScanReport, err error) { + result = &v1.ClusterBackgroundScanReport{} + err = c.client.Post(). + Resource("clusterbackgroundscanreports"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterBackgroundScanReport). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterBackgroundScanReport and updates it. Returns the server's representation of the clusterBackgroundScanReport, and an error, if there is any. +func (c *clusterBackgroundScanReports) Update(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.UpdateOptions) (result *v1.ClusterBackgroundScanReport, err error) { + result = &v1.ClusterBackgroundScanReport{} + err = c.client.Put(). + Resource("clusterbackgroundscanreports"). + Name(clusterBackgroundScanReport.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterBackgroundScanReport). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterBackgroundScanReport and deletes it. Returns an error if one occurs. +func (c *clusterBackgroundScanReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + return c.client.Delete(). + Resource("clusterbackgroundscanreports"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterBackgroundScanReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clusterbackgroundscanreports"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterBackgroundScanReport. +func (c *clusterBackgroundScanReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterBackgroundScanReport, err error) { + result = &v1.ClusterBackgroundScanReport{} + err = c.client.Patch(pt). + Resource("clusterbackgroundscanreports"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/reports/v1/doc.go b/pkg/client/clientset/versioned/typed/reports/v1/doc.go new file mode 100644 index 0000000000..3af5d054f1 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/doc.go @@ -0,0 +1,20 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1 diff --git a/pkg/client/clientset/versioned/typed/reports/v1/fake/doc.go b/pkg/client/clientset/versioned/typed/reports/v1/fake/doc.go new file mode 100644 index 0000000000..16f4439906 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/fake/doc.go @@ -0,0 +1,20 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_admissionreport.go b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_admissionreport.go new file mode 100644 index 0000000000..d682fa6c26 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_admissionreport.go @@ -0,0 +1,129 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeAdmissionReports implements AdmissionReportInterface +type FakeAdmissionReports struct { + Fake *FakeReportsV1 + ns string +} + +var admissionreportsResource = v1.SchemeGroupVersion.WithResource("admissionreports") + +var admissionreportsKind = v1.SchemeGroupVersion.WithKind("AdmissionReport") + +// Get takes name of the admissionReport, and returns the corresponding admissionReport object, and an error if there is any. +func (c *FakeAdmissionReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.AdmissionReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(admissionreportsResource, c.ns, name), &v1.AdmissionReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.AdmissionReport), err +} + +// List takes label and field selectors, and returns the list of AdmissionReports that match those selectors. +func (c *FakeAdmissionReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.AdmissionReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(admissionreportsResource, admissionreportsKind, c.ns, opts), &v1.AdmissionReportList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.AdmissionReportList{ListMeta: obj.(*v1.AdmissionReportList).ListMeta} + for _, item := range obj.(*v1.AdmissionReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested admissionReports. +func (c *FakeAdmissionReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(admissionreportsResource, c.ns, opts)) + +} + +// Create takes the representation of a admissionReport and creates it. Returns the server's representation of the admissionReport, and an error, if there is any. +func (c *FakeAdmissionReports) Create(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.CreateOptions) (result *v1.AdmissionReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(admissionreportsResource, c.ns, admissionReport), &v1.AdmissionReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.AdmissionReport), err +} + +// Update takes the representation of a admissionReport and updates it. Returns the server's representation of the admissionReport, and an error, if there is any. +func (c *FakeAdmissionReports) Update(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.UpdateOptions) (result *v1.AdmissionReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(admissionreportsResource, c.ns, admissionReport), &v1.AdmissionReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.AdmissionReport), err +} + +// Delete takes name of the admissionReport and deletes it. Returns an error if one occurs. +func (c *FakeAdmissionReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(admissionreportsResource, c.ns, name, opts), &v1.AdmissionReport{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeAdmissionReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewDeleteCollectionAction(admissionreportsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1.AdmissionReportList{}) + return err +} + +// Patch applies the patch and returns the patched admissionReport. +func (c *FakeAdmissionReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.AdmissionReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(admissionreportsResource, c.ns, name, pt, data, subresources...), &v1.AdmissionReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.AdmissionReport), err +} diff --git a/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_backgroundscanreport.go b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_backgroundscanreport.go new file mode 100644 index 0000000000..58f21fc3e6 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_backgroundscanreport.go @@ -0,0 +1,129 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeBackgroundScanReports implements BackgroundScanReportInterface +type FakeBackgroundScanReports struct { + Fake *FakeReportsV1 + ns string +} + +var backgroundscanreportsResource = v1.SchemeGroupVersion.WithResource("backgroundscanreports") + +var backgroundscanreportsKind = v1.SchemeGroupVersion.WithKind("BackgroundScanReport") + +// Get takes name of the backgroundScanReport, and returns the corresponding backgroundScanReport object, and an error if there is any. +func (c *FakeBackgroundScanReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.BackgroundScanReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(backgroundscanreportsResource, c.ns, name), &v1.BackgroundScanReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.BackgroundScanReport), err +} + +// List takes label and field selectors, and returns the list of BackgroundScanReports that match those selectors. +func (c *FakeBackgroundScanReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.BackgroundScanReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(backgroundscanreportsResource, backgroundscanreportsKind, c.ns, opts), &v1.BackgroundScanReportList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.BackgroundScanReportList{ListMeta: obj.(*v1.BackgroundScanReportList).ListMeta} + for _, item := range obj.(*v1.BackgroundScanReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested backgroundScanReports. +func (c *FakeBackgroundScanReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(backgroundscanreportsResource, c.ns, opts)) + +} + +// Create takes the representation of a backgroundScanReport and creates it. Returns the server's representation of the backgroundScanReport, and an error, if there is any. +func (c *FakeBackgroundScanReports) Create(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.CreateOptions) (result *v1.BackgroundScanReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(backgroundscanreportsResource, c.ns, backgroundScanReport), &v1.BackgroundScanReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.BackgroundScanReport), err +} + +// Update takes the representation of a backgroundScanReport and updates it. Returns the server's representation of the backgroundScanReport, and an error, if there is any. +func (c *FakeBackgroundScanReports) Update(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.UpdateOptions) (result *v1.BackgroundScanReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(backgroundscanreportsResource, c.ns, backgroundScanReport), &v1.BackgroundScanReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.BackgroundScanReport), err +} + +// Delete takes name of the backgroundScanReport and deletes it. Returns an error if one occurs. +func (c *FakeBackgroundScanReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(backgroundscanreportsResource, c.ns, name, opts), &v1.BackgroundScanReport{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeBackgroundScanReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewDeleteCollectionAction(backgroundscanreportsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1.BackgroundScanReportList{}) + return err +} + +// Patch applies the patch and returns the patched backgroundScanReport. +func (c *FakeBackgroundScanReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.BackgroundScanReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(backgroundscanreportsResource, c.ns, name, pt, data, subresources...), &v1.BackgroundScanReport{}) + + if obj == nil { + return nil, err + } + return obj.(*v1.BackgroundScanReport), err +} diff --git a/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusteradmissionreport.go b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusteradmissionreport.go new file mode 100644 index 0000000000..405b143f7d --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusteradmissionreport.go @@ -0,0 +1,121 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterAdmissionReports implements ClusterAdmissionReportInterface +type FakeClusterAdmissionReports struct { + Fake *FakeReportsV1 +} + +var clusteradmissionreportsResource = v1.SchemeGroupVersion.WithResource("clusteradmissionreports") + +var clusteradmissionreportsKind = v1.SchemeGroupVersion.WithKind("ClusterAdmissionReport") + +// Get takes name of the clusterAdmissionReport, and returns the corresponding clusterAdmissionReport object, and an error if there is any. +func (c *FakeClusterAdmissionReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterAdmissionReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusteradmissionreportsResource, name), &v1.ClusterAdmissionReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterAdmissionReport), err +} + +// List takes label and field selectors, and returns the list of ClusterAdmissionReports that match those selectors. +func (c *FakeClusterAdmissionReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterAdmissionReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusteradmissionreportsResource, clusteradmissionreportsKind, opts), &v1.ClusterAdmissionReportList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.ClusterAdmissionReportList{ListMeta: obj.(*v1.ClusterAdmissionReportList).ListMeta} + for _, item := range obj.(*v1.ClusterAdmissionReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterAdmissionReports. +func (c *FakeClusterAdmissionReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusteradmissionreportsResource, opts)) +} + +// Create takes the representation of a clusterAdmissionReport and creates it. Returns the server's representation of the clusterAdmissionReport, and an error, if there is any. +func (c *FakeClusterAdmissionReports) Create(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.CreateOptions) (result *v1.ClusterAdmissionReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusteradmissionreportsResource, clusterAdmissionReport), &v1.ClusterAdmissionReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterAdmissionReport), err +} + +// Update takes the representation of a clusterAdmissionReport and updates it. Returns the server's representation of the clusterAdmissionReport, and an error, if there is any. +func (c *FakeClusterAdmissionReports) Update(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.UpdateOptions) (result *v1.ClusterAdmissionReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusteradmissionreportsResource, clusterAdmissionReport), &v1.ClusterAdmissionReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterAdmissionReport), err +} + +// Delete takes name of the clusterAdmissionReport and deletes it. Returns an error if one occurs. +func (c *FakeClusterAdmissionReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusteradmissionreportsResource, name, opts), &v1.ClusterAdmissionReport{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterAdmissionReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusteradmissionreportsResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1.ClusterAdmissionReportList{}) + return err +} + +// Patch applies the patch and returns the patched clusterAdmissionReport. +func (c *FakeClusterAdmissionReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterAdmissionReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusteradmissionreportsResource, name, pt, data, subresources...), &v1.ClusterAdmissionReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterAdmissionReport), err +} diff --git a/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusterbackgroundscanreport.go b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusterbackgroundscanreport.go new file mode 100644 index 0000000000..f2a0c1f217 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusterbackgroundscanreport.go @@ -0,0 +1,121 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterBackgroundScanReports implements ClusterBackgroundScanReportInterface +type FakeClusterBackgroundScanReports struct { + Fake *FakeReportsV1 +} + +var clusterbackgroundscanreportsResource = v1.SchemeGroupVersion.WithResource("clusterbackgroundscanreports") + +var clusterbackgroundscanreportsKind = v1.SchemeGroupVersion.WithKind("ClusterBackgroundScanReport") + +// Get takes name of the clusterBackgroundScanReport, and returns the corresponding clusterBackgroundScanReport object, and an error if there is any. +func (c *FakeClusterBackgroundScanReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterBackgroundScanReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clusterbackgroundscanreportsResource, name), &v1.ClusterBackgroundScanReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterBackgroundScanReport), err +} + +// List takes label and field selectors, and returns the list of ClusterBackgroundScanReports that match those selectors. +func (c *FakeClusterBackgroundScanReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterBackgroundScanReportList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clusterbackgroundscanreportsResource, clusterbackgroundscanreportsKind, opts), &v1.ClusterBackgroundScanReportList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1.ClusterBackgroundScanReportList{ListMeta: obj.(*v1.ClusterBackgroundScanReportList).ListMeta} + for _, item := range obj.(*v1.ClusterBackgroundScanReportList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterBackgroundScanReports. +func (c *FakeClusterBackgroundScanReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clusterbackgroundscanreportsResource, opts)) +} + +// Create takes the representation of a clusterBackgroundScanReport and creates it. Returns the server's representation of the clusterBackgroundScanReport, and an error, if there is any. +func (c *FakeClusterBackgroundScanReports) Create(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.CreateOptions) (result *v1.ClusterBackgroundScanReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clusterbackgroundscanreportsResource, clusterBackgroundScanReport), &v1.ClusterBackgroundScanReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterBackgroundScanReport), err +} + +// Update takes the representation of a clusterBackgroundScanReport and updates it. Returns the server's representation of the clusterBackgroundScanReport, and an error, if there is any. +func (c *FakeClusterBackgroundScanReports) Update(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.UpdateOptions) (result *v1.ClusterBackgroundScanReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clusterbackgroundscanreportsResource, clusterBackgroundScanReport), &v1.ClusterBackgroundScanReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterBackgroundScanReport), err +} + +// Delete takes name of the clusterBackgroundScanReport and deletes it. Returns an error if one occurs. +func (c *FakeClusterBackgroundScanReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(clusterbackgroundscanreportsResource, name, opts), &v1.ClusterBackgroundScanReport{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterBackgroundScanReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clusterbackgroundscanreportsResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1.ClusterBackgroundScanReportList{}) + return err +} + +// Patch applies the patch and returns the patched clusterBackgroundScanReport. +func (c *FakeClusterBackgroundScanReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterBackgroundScanReport, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clusterbackgroundscanreportsResource, name, pt, data, subresources...), &v1.ClusterBackgroundScanReport{}) + if obj == nil { + return nil, err + } + return obj.(*v1.ClusterBackgroundScanReport), err +} diff --git a/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_reports_client.go b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_reports_client.go new file mode 100644 index 0000000000..032de4a2aa --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/fake/fake_reports_client.go @@ -0,0 +1,52 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeReportsV1 struct { + *testing.Fake +} + +func (c *FakeReportsV1) AdmissionReports(namespace string) v1.AdmissionReportInterface { + return &FakeAdmissionReports{c, namespace} +} + +func (c *FakeReportsV1) BackgroundScanReports(namespace string) v1.BackgroundScanReportInterface { + return &FakeBackgroundScanReports{c, namespace} +} + +func (c *FakeReportsV1) ClusterAdmissionReports() v1.ClusterAdmissionReportInterface { + return &FakeClusterAdmissionReports{c} +} + +func (c *FakeReportsV1) ClusterBackgroundScanReports() v1.ClusterBackgroundScanReportInterface { + return &FakeClusterBackgroundScanReports{c} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeReportsV1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/pkg/client/clientset/versioned/typed/reports/v1/generated_expansion.go b/pkg/client/clientset/versioned/typed/reports/v1/generated_expansion.go new file mode 100644 index 0000000000..5110f52f91 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/generated_expansion.go @@ -0,0 +1,27 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +type AdmissionReportExpansion interface{} + +type BackgroundScanReportExpansion interface{} + +type ClusterAdmissionReportExpansion interface{} + +type ClusterBackgroundScanReportExpansion interface{} diff --git a/pkg/client/clientset/versioned/typed/reports/v1/reports_client.go b/pkg/client/clientset/versioned/typed/reports/v1/reports_client.go new file mode 100644 index 0000000000..31477dd115 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/reports/v1/reports_client.go @@ -0,0 +1,122 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + "net/http" + + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type ReportsV1Interface interface { + RESTClient() rest.Interface + AdmissionReportsGetter + BackgroundScanReportsGetter + ClusterAdmissionReportsGetter + ClusterBackgroundScanReportsGetter +} + +// ReportsV1Client is used to interact with features provided by the reports.kyverno.io group. +type ReportsV1Client struct { + restClient rest.Interface +} + +func (c *ReportsV1Client) AdmissionReports(namespace string) AdmissionReportInterface { + return newAdmissionReports(c, namespace) +} + +func (c *ReportsV1Client) BackgroundScanReports(namespace string) BackgroundScanReportInterface { + return newBackgroundScanReports(c, namespace) +} + +func (c *ReportsV1Client) ClusterAdmissionReports() ClusterAdmissionReportInterface { + return newClusterAdmissionReports(c) +} + +func (c *ReportsV1Client) ClusterBackgroundScanReports() ClusterBackgroundScanReportInterface { + return newClusterBackgroundScanReports(c) +} + +// NewForConfig creates a new ReportsV1Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*ReportsV1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new ReportsV1Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*ReportsV1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) + if err != nil { + return nil, err + } + return &ReportsV1Client{client}, nil +} + +// NewForConfigOrDie creates a new ReportsV1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *ReportsV1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new ReportsV1Client for the given RESTClient. +func New(c rest.Interface) *ReportsV1Client { + return &ReportsV1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *ReportsV1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/pkg/client/informers/externalversions/factory.go b/pkg/client/informers/externalversions/factory.go index 1a4f876baa..71c71a7375 100644 --- a/pkg/client/informers/externalversions/factory.go +++ b/pkg/client/informers/externalversions/factory.go @@ -27,6 +27,7 @@ import ( internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces" kyverno "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno" policyreport "github.com/kyverno/kyverno/pkg/client/informers/externalversions/policyreport" + reports "github.com/kyverno/kyverno/pkg/client/informers/externalversions/reports" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -246,6 +247,7 @@ type SharedInformerFactory interface { Kyverno() kyverno.Interface Wgpolicyk8s() policyreport.Interface + Reports() reports.Interface } func (f *sharedInformerFactory) Kyverno() kyverno.Interface { @@ -255,3 +257,7 @@ func (f *sharedInformerFactory) Kyverno() kyverno.Interface { func (f *sharedInformerFactory) Wgpolicyk8s() policyreport.Interface { return policyreport.New(f, f.namespace, f.tweakListOptions) } + +func (f *sharedInformerFactory) Reports() reports.Interface { + return reports.New(f, f.namespace, f.tweakListOptions) +} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index c7e9a9b4d2..be8bedb457 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -21,6 +21,7 @@ package externalversions import ( "fmt" + reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" v1 "github.com/kyverno/kyverno/api/kyverno/v1" v1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" v1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1" @@ -116,6 +117,16 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case v2beta1.SchemeGroupVersion.WithResource("policyexceptions"): return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2beta1().PolicyExceptions().Informer()}, nil + // Group=reports.kyverno.io, Version=v1 + case reportsv1.SchemeGroupVersion.WithResource("admissionreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1().AdmissionReports().Informer()}, nil + case reportsv1.SchemeGroupVersion.WithResource("backgroundscanreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1().BackgroundScanReports().Informer()}, nil + case reportsv1.SchemeGroupVersion.WithResource("clusteradmissionreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1().ClusterAdmissionReports().Informer()}, nil + case reportsv1.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1().ClusterBackgroundScanReports().Informer()}, nil + // Group=wgpolicyk8s.io, Version=v1alpha2 case policyreportv1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports"): return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha2().ClusterPolicyReports().Informer()}, nil diff --git a/pkg/client/informers/externalversions/reports/interface.go b/pkg/client/informers/externalversions/reports/interface.go new file mode 100644 index 0000000000..501b554e1e --- /dev/null +++ b/pkg/client/informers/externalversions/reports/interface.go @@ -0,0 +1,46 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package reports + +import ( + internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces" + v1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/reports/v1" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1 provides access to shared informers for resources in V1. + V1() v1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1 returns a new v1.Interface. +func (g *group) V1() v1.Interface { + return v1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/pkg/client/informers/externalversions/reports/v1/admissionreport.go b/pkg/client/informers/externalversions/reports/v1/admissionreport.go new file mode 100644 index 0000000000..77f087e5fd --- /dev/null +++ b/pkg/client/informers/externalversions/reports/v1/admissionreport.go @@ -0,0 +1,90 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned" + internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces" + v1 "github.com/kyverno/kyverno/pkg/client/listers/reports/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// AdmissionReportInformer provides access to a shared informer and lister for +// AdmissionReports. +type AdmissionReportInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.AdmissionReportLister +} + +type admissionReportInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewAdmissionReportInformer constructs a new informer for AdmissionReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewAdmissionReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredAdmissionReportInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredAdmissionReportInformer constructs a new informer for AdmissionReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredAdmissionReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ReportsV1().AdmissionReports(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ReportsV1().AdmissionReports(namespace).Watch(context.TODO(), options) + }, + }, + &reportsv1.AdmissionReport{}, + resyncPeriod, + indexers, + ) +} + +func (f *admissionReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredAdmissionReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *admissionReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&reportsv1.AdmissionReport{}, f.defaultInformer) +} + +func (f *admissionReportInformer) Lister() v1.AdmissionReportLister { + return v1.NewAdmissionReportLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/reports/v1/backgroundscanreport.go b/pkg/client/informers/externalversions/reports/v1/backgroundscanreport.go new file mode 100644 index 0000000000..9d401e0325 --- /dev/null +++ b/pkg/client/informers/externalversions/reports/v1/backgroundscanreport.go @@ -0,0 +1,90 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned" + internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces" + v1 "github.com/kyverno/kyverno/pkg/client/listers/reports/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// BackgroundScanReportInformer provides access to a shared informer and lister for +// BackgroundScanReports. +type BackgroundScanReportInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.BackgroundScanReportLister +} + +type backgroundScanReportInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewBackgroundScanReportInformer constructs a new informer for BackgroundScanReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewBackgroundScanReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredBackgroundScanReportInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredBackgroundScanReportInformer constructs a new informer for BackgroundScanReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredBackgroundScanReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ReportsV1().BackgroundScanReports(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ReportsV1().BackgroundScanReports(namespace).Watch(context.TODO(), options) + }, + }, + &reportsv1.BackgroundScanReport{}, + resyncPeriod, + indexers, + ) +} + +func (f *backgroundScanReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredBackgroundScanReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *backgroundScanReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&reportsv1.BackgroundScanReport{}, f.defaultInformer) +} + +func (f *backgroundScanReportInformer) Lister() v1.BackgroundScanReportLister { + return v1.NewBackgroundScanReportLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/reports/v1/clusteradmissionreport.go b/pkg/client/informers/externalversions/reports/v1/clusteradmissionreport.go new file mode 100644 index 0000000000..c0ede6ef64 --- /dev/null +++ b/pkg/client/informers/externalversions/reports/v1/clusteradmissionreport.go @@ -0,0 +1,89 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned" + internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces" + v1 "github.com/kyverno/kyverno/pkg/client/listers/reports/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ClusterAdmissionReportInformer provides access to a shared informer and lister for +// ClusterAdmissionReports. +type ClusterAdmissionReportInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterAdmissionReportLister +} + +type clusterAdmissionReportInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterAdmissionReportInformer constructs a new informer for ClusterAdmissionReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterAdmissionReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterAdmissionReportInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterAdmissionReportInformer constructs a new informer for ClusterAdmissionReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterAdmissionReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ReportsV1().ClusterAdmissionReports().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ReportsV1().ClusterAdmissionReports().Watch(context.TODO(), options) + }, + }, + &reportsv1.ClusterAdmissionReport{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterAdmissionReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterAdmissionReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterAdmissionReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&reportsv1.ClusterAdmissionReport{}, f.defaultInformer) +} + +func (f *clusterAdmissionReportInformer) Lister() v1.ClusterAdmissionReportLister { + return v1.NewClusterAdmissionReportLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/reports/v1/clusterbackgroundscanreport.go b/pkg/client/informers/externalversions/reports/v1/clusterbackgroundscanreport.go new file mode 100644 index 0000000000..f65714adbb --- /dev/null +++ b/pkg/client/informers/externalversions/reports/v1/clusterbackgroundscanreport.go @@ -0,0 +1,89 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + "context" + time "time" + + reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned" + internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces" + v1 "github.com/kyverno/kyverno/pkg/client/listers/reports/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ClusterBackgroundScanReportInformer provides access to a shared informer and lister for +// ClusterBackgroundScanReports. +type ClusterBackgroundScanReportInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1.ClusterBackgroundScanReportLister +} + +type clusterBackgroundScanReportInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterBackgroundScanReportInformer constructs a new informer for ClusterBackgroundScanReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterBackgroundScanReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterBackgroundScanReportInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterBackgroundScanReportInformer constructs a new informer for ClusterBackgroundScanReport type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterBackgroundScanReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ReportsV1().ClusterBackgroundScanReports().List(context.TODO(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ReportsV1().ClusterBackgroundScanReports().Watch(context.TODO(), options) + }, + }, + &reportsv1.ClusterBackgroundScanReport{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterBackgroundScanReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterBackgroundScanReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterBackgroundScanReportInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&reportsv1.ClusterBackgroundScanReport{}, f.defaultInformer) +} + +func (f *clusterBackgroundScanReportInformer) Lister() v1.ClusterBackgroundScanReportLister { + return v1.NewClusterBackgroundScanReportLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/reports/v1/interface.go b/pkg/client/informers/externalversions/reports/v1/interface.go new file mode 100644 index 0000000000..f83291cfc0 --- /dev/null +++ b/pkg/client/informers/externalversions/reports/v1/interface.go @@ -0,0 +1,66 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // AdmissionReports returns a AdmissionReportInformer. + AdmissionReports() AdmissionReportInformer + // BackgroundScanReports returns a BackgroundScanReportInformer. + BackgroundScanReports() BackgroundScanReportInformer + // ClusterAdmissionReports returns a ClusterAdmissionReportInformer. + ClusterAdmissionReports() ClusterAdmissionReportInformer + // ClusterBackgroundScanReports returns a ClusterBackgroundScanReportInformer. + ClusterBackgroundScanReports() ClusterBackgroundScanReportInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// AdmissionReports returns a AdmissionReportInformer. +func (v *version) AdmissionReports() AdmissionReportInformer { + return &admissionReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + +// BackgroundScanReports returns a BackgroundScanReportInformer. +func (v *version) BackgroundScanReports() BackgroundScanReportInformer { + return &backgroundScanReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + +// ClusterAdmissionReports returns a ClusterAdmissionReportInformer. +func (v *version) ClusterAdmissionReports() ClusterAdmissionReportInformer { + return &clusterAdmissionReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + +// ClusterBackgroundScanReports returns a ClusterBackgroundScanReportInformer. +func (v *version) ClusterBackgroundScanReports() ClusterBackgroundScanReportInformer { + return &clusterBackgroundScanReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} diff --git a/pkg/client/listers/reports/v1/admissionreport.go b/pkg/client/listers/reports/v1/admissionreport.go new file mode 100644 index 0000000000..8c64286977 --- /dev/null +++ b/pkg/client/listers/reports/v1/admissionreport.go @@ -0,0 +1,99 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// AdmissionReportLister helps list AdmissionReports. +// All objects returned here must be treated as read-only. +type AdmissionReportLister interface { + // List lists all AdmissionReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.AdmissionReport, err error) + // AdmissionReports returns an object that can list and get AdmissionReports. + AdmissionReports(namespace string) AdmissionReportNamespaceLister + AdmissionReportListerExpansion +} + +// admissionReportLister implements the AdmissionReportLister interface. +type admissionReportLister struct { + indexer cache.Indexer +} + +// NewAdmissionReportLister returns a new AdmissionReportLister. +func NewAdmissionReportLister(indexer cache.Indexer) AdmissionReportLister { + return &admissionReportLister{indexer: indexer} +} + +// List lists all AdmissionReports in the indexer. +func (s *admissionReportLister) List(selector labels.Selector) (ret []*v1.AdmissionReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.AdmissionReport)) + }) + return ret, err +} + +// AdmissionReports returns an object that can list and get AdmissionReports. +func (s *admissionReportLister) AdmissionReports(namespace string) AdmissionReportNamespaceLister { + return admissionReportNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// AdmissionReportNamespaceLister helps list and get AdmissionReports. +// All objects returned here must be treated as read-only. +type AdmissionReportNamespaceLister interface { + // List lists all AdmissionReports in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.AdmissionReport, err error) + // Get retrieves the AdmissionReport from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.AdmissionReport, error) + AdmissionReportNamespaceListerExpansion +} + +// admissionReportNamespaceLister implements the AdmissionReportNamespaceLister +// interface. +type admissionReportNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all AdmissionReports in the indexer for a given namespace. +func (s admissionReportNamespaceLister) List(selector labels.Selector) (ret []*v1.AdmissionReport, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1.AdmissionReport)) + }) + return ret, err +} + +// Get retrieves the AdmissionReport from the indexer for a given namespace and name. +func (s admissionReportNamespaceLister) Get(name string) (*v1.AdmissionReport, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("admissionreport"), name) + } + return obj.(*v1.AdmissionReport), nil +} diff --git a/pkg/client/listers/reports/v1/backgroundscanreport.go b/pkg/client/listers/reports/v1/backgroundscanreport.go new file mode 100644 index 0000000000..9462a4146b --- /dev/null +++ b/pkg/client/listers/reports/v1/backgroundscanreport.go @@ -0,0 +1,99 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// BackgroundScanReportLister helps list BackgroundScanReports. +// All objects returned here must be treated as read-only. +type BackgroundScanReportLister interface { + // List lists all BackgroundScanReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.BackgroundScanReport, err error) + // BackgroundScanReports returns an object that can list and get BackgroundScanReports. + BackgroundScanReports(namespace string) BackgroundScanReportNamespaceLister + BackgroundScanReportListerExpansion +} + +// backgroundScanReportLister implements the BackgroundScanReportLister interface. +type backgroundScanReportLister struct { + indexer cache.Indexer +} + +// NewBackgroundScanReportLister returns a new BackgroundScanReportLister. +func NewBackgroundScanReportLister(indexer cache.Indexer) BackgroundScanReportLister { + return &backgroundScanReportLister{indexer: indexer} +} + +// List lists all BackgroundScanReports in the indexer. +func (s *backgroundScanReportLister) List(selector labels.Selector) (ret []*v1.BackgroundScanReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.BackgroundScanReport)) + }) + return ret, err +} + +// BackgroundScanReports returns an object that can list and get BackgroundScanReports. +func (s *backgroundScanReportLister) BackgroundScanReports(namespace string) BackgroundScanReportNamespaceLister { + return backgroundScanReportNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// BackgroundScanReportNamespaceLister helps list and get BackgroundScanReports. +// All objects returned here must be treated as read-only. +type BackgroundScanReportNamespaceLister interface { + // List lists all BackgroundScanReports in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.BackgroundScanReport, err error) + // Get retrieves the BackgroundScanReport from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.BackgroundScanReport, error) + BackgroundScanReportNamespaceListerExpansion +} + +// backgroundScanReportNamespaceLister implements the BackgroundScanReportNamespaceLister +// interface. +type backgroundScanReportNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all BackgroundScanReports in the indexer for a given namespace. +func (s backgroundScanReportNamespaceLister) List(selector labels.Selector) (ret []*v1.BackgroundScanReport, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1.BackgroundScanReport)) + }) + return ret, err +} + +// Get retrieves the BackgroundScanReport from the indexer for a given namespace and name. +func (s backgroundScanReportNamespaceLister) Get(name string) (*v1.BackgroundScanReport, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("backgroundscanreport"), name) + } + return obj.(*v1.BackgroundScanReport), nil +} diff --git a/pkg/client/listers/reports/v1/clusteradmissionreport.go b/pkg/client/listers/reports/v1/clusteradmissionreport.go new file mode 100644 index 0000000000..3eda22266d --- /dev/null +++ b/pkg/client/listers/reports/v1/clusteradmissionreport.go @@ -0,0 +1,68 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ClusterAdmissionReportLister helps list ClusterAdmissionReports. +// All objects returned here must be treated as read-only. +type ClusterAdmissionReportLister interface { + // List lists all ClusterAdmissionReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.ClusterAdmissionReport, err error) + // Get retrieves the ClusterAdmissionReport from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.ClusterAdmissionReport, error) + ClusterAdmissionReportListerExpansion +} + +// clusterAdmissionReportLister implements the ClusterAdmissionReportLister interface. +type clusterAdmissionReportLister struct { + indexer cache.Indexer +} + +// NewClusterAdmissionReportLister returns a new ClusterAdmissionReportLister. +func NewClusterAdmissionReportLister(indexer cache.Indexer) ClusterAdmissionReportLister { + return &clusterAdmissionReportLister{indexer: indexer} +} + +// List lists all ClusterAdmissionReports in the indexer. +func (s *clusterAdmissionReportLister) List(selector labels.Selector) (ret []*v1.ClusterAdmissionReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.ClusterAdmissionReport)) + }) + return ret, err +} + +// Get retrieves the ClusterAdmissionReport from the index for a given name. +func (s *clusterAdmissionReportLister) Get(name string) (*v1.ClusterAdmissionReport, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("clusteradmissionreport"), name) + } + return obj.(*v1.ClusterAdmissionReport), nil +} diff --git a/pkg/client/listers/reports/v1/clusterbackgroundscanreport.go b/pkg/client/listers/reports/v1/clusterbackgroundscanreport.go new file mode 100644 index 0000000000..9aaf3a49a6 --- /dev/null +++ b/pkg/client/listers/reports/v1/clusterbackgroundscanreport.go @@ -0,0 +1,68 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ClusterBackgroundScanReportLister helps list ClusterBackgroundScanReports. +// All objects returned here must be treated as read-only. +type ClusterBackgroundScanReportLister interface { + // List lists all ClusterBackgroundScanReports in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1.ClusterBackgroundScanReport, err error) + // Get retrieves the ClusterBackgroundScanReport from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1.ClusterBackgroundScanReport, error) + ClusterBackgroundScanReportListerExpansion +} + +// clusterBackgroundScanReportLister implements the ClusterBackgroundScanReportLister interface. +type clusterBackgroundScanReportLister struct { + indexer cache.Indexer +} + +// NewClusterBackgroundScanReportLister returns a new ClusterBackgroundScanReportLister. +func NewClusterBackgroundScanReportLister(indexer cache.Indexer) ClusterBackgroundScanReportLister { + return &clusterBackgroundScanReportLister{indexer: indexer} +} + +// List lists all ClusterBackgroundScanReports in the indexer. +func (s *clusterBackgroundScanReportLister) List(selector labels.Selector) (ret []*v1.ClusterBackgroundScanReport, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1.ClusterBackgroundScanReport)) + }) + return ret, err +} + +// Get retrieves the ClusterBackgroundScanReport from the index for a given name. +func (s *clusterBackgroundScanReportLister) Get(name string) (*v1.ClusterBackgroundScanReport, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1.Resource("clusterbackgroundscanreport"), name) + } + return obj.(*v1.ClusterBackgroundScanReport), nil +} diff --git a/pkg/client/listers/reports/v1/expansion_generated.go b/pkg/client/listers/reports/v1/expansion_generated.go new file mode 100644 index 0000000000..e6a59d3bf5 --- /dev/null +++ b/pkg/client/listers/reports/v1/expansion_generated.go @@ -0,0 +1,43 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +// AdmissionReportListerExpansion allows custom methods to be added to +// AdmissionReportLister. +type AdmissionReportListerExpansion interface{} + +// AdmissionReportNamespaceListerExpansion allows custom methods to be added to +// AdmissionReportNamespaceLister. +type AdmissionReportNamespaceListerExpansion interface{} + +// BackgroundScanReportListerExpansion allows custom methods to be added to +// BackgroundScanReportLister. +type BackgroundScanReportListerExpansion interface{} + +// BackgroundScanReportNamespaceListerExpansion allows custom methods to be added to +// BackgroundScanReportNamespaceLister. +type BackgroundScanReportNamespaceListerExpansion interface{} + +// ClusterAdmissionReportListerExpansion allows custom methods to be added to +// ClusterAdmissionReportLister. +type ClusterAdmissionReportListerExpansion interface{} + +// ClusterBackgroundScanReportListerExpansion allows custom methods to be added to +// ClusterBackgroundScanReportLister. +type ClusterBackgroundScanReportListerExpansion interface{} diff --git a/pkg/clients/kyverno/clientset.generated.go b/pkg/clients/kyverno/clientset.generated.go index 15408b5728..197102c06e 100644 --- a/pkg/clients/kyverno/clientset.generated.go +++ b/pkg/clients/kyverno/clientset.generated.go @@ -10,6 +10,7 @@ import ( github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1" github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1" github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_policyreport_v1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2" + github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1" discovery "github.com/kyverno/kyverno/pkg/clients/kyverno/discovery" kyvernov1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov1" kyvernov1alpha2 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov1alpha2" @@ -17,6 +18,7 @@ import ( kyvernov2 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2" kyvernov2alpha1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2alpha1" kyvernov2beta1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2beta1" + reportsv1 "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1" wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/clients/kyverno/wgpolicyk8sv1alpha2" "github.com/kyverno/kyverno/pkg/metrics" k8s_io_client_go_discovery "k8s.io/client-go/discovery" @@ -30,6 +32,7 @@ type clientset struct { kyvernov2 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2.KyvernoV2Interface kyvernov2alpha1 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.KyvernoV2alpha1Interface kyvernov2beta1 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.KyvernoV2beta1Interface + reportsv1 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface wgpolicyk8sv1alpha2 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_policyreport_v1alpha2.Wgpolicyk8sV1alpha2Interface } @@ -54,6 +57,9 @@ func (c *clientset) KyvernoV2alpha1() github_com_kyverno_kyverno_pkg_client_clie func (c *clientset) KyvernoV2beta1() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.KyvernoV2beta1Interface { return c.kyvernov2beta1 } +func (c *clientset) ReportsV1() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface { + return c.reportsv1 +} func (c *clientset) Wgpolicyk8sV1alpha2() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_policyreport_v1alpha2.Wgpolicyk8sV1alpha2Interface { return c.wgpolicyk8sv1alpha2 } @@ -67,6 +73,7 @@ func WrapWithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versi kyvernov2: kyvernov2.WithMetrics(inner.KyvernoV2(), m, clientType), kyvernov2alpha1: kyvernov2alpha1.WithMetrics(inner.KyvernoV2alpha1(), m, clientType), kyvernov2beta1: kyvernov2beta1.WithMetrics(inner.KyvernoV2beta1(), m, clientType), + reportsv1: reportsv1.WithMetrics(inner.ReportsV1(), m, clientType), wgpolicyk8sv1alpha2: wgpolicyk8sv1alpha2.WithMetrics(inner.Wgpolicyk8sV1alpha2(), m, clientType), } } @@ -80,6 +87,7 @@ func WrapWithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versi kyvernov2: kyvernov2.WithTracing(inner.KyvernoV2(), "KyvernoV2"), kyvernov2alpha1: kyvernov2alpha1.WithTracing(inner.KyvernoV2alpha1(), "KyvernoV2alpha1"), kyvernov2beta1: kyvernov2beta1.WithTracing(inner.KyvernoV2beta1(), "KyvernoV2beta1"), + reportsv1: reportsv1.WithTracing(inner.ReportsV1(), "ReportsV1"), wgpolicyk8sv1alpha2: wgpolicyk8sv1alpha2.WithTracing(inner.Wgpolicyk8sV1alpha2(), "Wgpolicyk8sV1alpha2"), } } @@ -93,6 +101,7 @@ func WrapWithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versi kyvernov2: kyvernov2.WithLogging(inner.KyvernoV2(), logger.WithValues("group", "KyvernoV2")), kyvernov2alpha1: kyvernov2alpha1.WithLogging(inner.KyvernoV2alpha1(), logger.WithValues("group", "KyvernoV2alpha1")), kyvernov2beta1: kyvernov2beta1.WithLogging(inner.KyvernoV2beta1(), logger.WithValues("group", "KyvernoV2beta1")), + reportsv1: reportsv1.WithLogging(inner.ReportsV1(), logger.WithValues("group", "ReportsV1")), wgpolicyk8sv1alpha2: wgpolicyk8sv1alpha2.WithLogging(inner.Wgpolicyk8sV1alpha2(), logger.WithValues("group", "Wgpolicyk8sV1alpha2")), } } diff --git a/pkg/clients/kyverno/reportsv1/admissionreports/resource.generated.go b/pkg/clients/kyverno/reportsv1/admissionreports/resource.generated.go new file mode 100644 index 0000000000..52b16766fa --- /dev/null +++ b/pkg/clients/kyverno/reportsv1/admissionreports/resource.generated.go @@ -0,0 +1,337 @@ +package resource + +import ( + context "context" + "fmt" + "time" + + "github.com/go-logr/logr" + github_com_kyverno_kyverno_api_kyverno_reports_v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1" + "github.com/kyverno/kyverno/pkg/metrics" + "github.com/kyverno/kyverno/pkg/tracing" + "go.opentelemetry.io/otel/trace" + "go.uber.org/multierr" + k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types" + k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch" +) + +func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface { + return &withLogging{inner, logger} +} + +func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface { + return &withMetrics{inner, recorder} +} + +func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface { + return &withTracing{inner, client, kind} +} + +type withLogging struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface + logger logr.Logger +} + +func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Create") + ret0, ret1 := c.inner.Create(arg0, arg1, arg2) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Create failed", "duration", time.Since(start)) + } else { + logger.Info("Create done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error { + start := time.Now() + logger := c.logger.WithValues("operation", "Delete") + ret0 := c.inner.Delete(arg0, arg1, arg2) + if err := multierr.Combine(ret0); err != nil { + logger.Error(err, "Delete failed", "duration", time.Since(start)) + } else { + logger.Info("Delete done", "duration", time.Since(start)) + } + return ret0 +} +func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error { + start := time.Now() + logger := c.logger.WithValues("operation", "DeleteCollection") + ret0 := c.inner.DeleteCollection(arg0, arg1, arg2) + if err := multierr.Combine(ret0); err != nil { + logger.Error(err, "DeleteCollection failed", "duration", time.Since(start)) + } else { + logger.Info("DeleteCollection done", "duration", time.Since(start)) + } + return ret0 +} +func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Get") + ret0, ret1 := c.inner.Get(arg0, arg1, arg2) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Get failed", "duration", time.Since(start)) + } else { + logger.Info("Get done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReportList, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "List") + ret0, ret1 := c.inner.List(arg0, arg1) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "List failed", "duration", time.Since(start)) + } else { + logger.Info("List done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Patch") + ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Patch failed", "duration", time.Since(start)) + } else { + logger.Info("Patch done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Update") + ret0, ret1 := c.inner.Update(arg0, arg1, arg2) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Update failed", "duration", time.Since(start)) + } else { + logger.Info("Update done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Watch") + ret0, ret1 := c.inner.Watch(arg0, arg1) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Watch failed", "duration", time.Since(start)) + } else { + logger.Info("Watch done", "duration", time.Since(start)) + } + return ret0, ret1 +} + +type withMetrics struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface + recorder metrics.Recorder +} + +func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) { + defer c.recorder.RecordWithContext(arg0, "create") + return c.inner.Create(arg0, arg1, arg2) +} +func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error { + defer c.recorder.RecordWithContext(arg0, "delete") + return c.inner.Delete(arg0, arg1, arg2) +} +func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error { + defer c.recorder.RecordWithContext(arg0, "delete_collection") + return c.inner.DeleteCollection(arg0, arg1, arg2) +} +func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) { + defer c.recorder.RecordWithContext(arg0, "get") + return c.inner.Get(arg0, arg1, arg2) +} +func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReportList, error) { + defer c.recorder.RecordWithContext(arg0, "list") + return c.inner.List(arg0, arg1) +} +func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) { + defer c.recorder.RecordWithContext(arg0, "patch") + return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...) +} +func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) { + defer c.recorder.RecordWithContext(arg0, "update") + return c.inner.Update(arg0, arg1, arg2) +} +func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) { + defer c.recorder.RecordWithContext(arg0, "watch") + return c.inner.Watch(arg0, arg1) +} + +type withTracing struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface + client string + kind string +} + +func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Create"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Create(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Delete"), + ), + ) + defer span.End() + } + ret0 := c.inner.Delete(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret0) + } + return ret0 +} +func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("DeleteCollection"), + ), + ) + defer span.End() + } + ret0 := c.inner.DeleteCollection(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret0) + } + return ret0 +} +func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Get"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Get(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReportList, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("List"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.List(arg0, arg1) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Patch"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Update"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Update(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Watch"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Watch(arg0, arg1) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} diff --git a/pkg/clients/kyverno/reportsv1/backgroundscanreports/resource.generated.go b/pkg/clients/kyverno/reportsv1/backgroundscanreports/resource.generated.go new file mode 100644 index 0000000000..dc4794974a --- /dev/null +++ b/pkg/clients/kyverno/reportsv1/backgroundscanreports/resource.generated.go @@ -0,0 +1,337 @@ +package resource + +import ( + context "context" + "fmt" + "time" + + "github.com/go-logr/logr" + github_com_kyverno_kyverno_api_kyverno_reports_v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1" + "github.com/kyverno/kyverno/pkg/metrics" + "github.com/kyverno/kyverno/pkg/tracing" + "go.opentelemetry.io/otel/trace" + "go.uber.org/multierr" + k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types" + k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch" +) + +func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface { + return &withLogging{inner, logger} +} + +func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface { + return &withMetrics{inner, recorder} +} + +func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface { + return &withTracing{inner, client, kind} +} + +type withLogging struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface + logger logr.Logger +} + +func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Create") + ret0, ret1 := c.inner.Create(arg0, arg1, arg2) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Create failed", "duration", time.Since(start)) + } else { + logger.Info("Create done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error { + start := time.Now() + logger := c.logger.WithValues("operation", "Delete") + ret0 := c.inner.Delete(arg0, arg1, arg2) + if err := multierr.Combine(ret0); err != nil { + logger.Error(err, "Delete failed", "duration", time.Since(start)) + } else { + logger.Info("Delete done", "duration", time.Since(start)) + } + return ret0 +} +func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error { + start := time.Now() + logger := c.logger.WithValues("operation", "DeleteCollection") + ret0 := c.inner.DeleteCollection(arg0, arg1, arg2) + if err := multierr.Combine(ret0); err != nil { + logger.Error(err, "DeleteCollection failed", "duration", time.Since(start)) + } else { + logger.Info("DeleteCollection done", "duration", time.Since(start)) + } + return ret0 +} +func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Get") + ret0, ret1 := c.inner.Get(arg0, arg1, arg2) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Get failed", "duration", time.Since(start)) + } else { + logger.Info("Get done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReportList, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "List") + ret0, ret1 := c.inner.List(arg0, arg1) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "List failed", "duration", time.Since(start)) + } else { + logger.Info("List done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Patch") + ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Patch failed", "duration", time.Since(start)) + } else { + logger.Info("Patch done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Update") + ret0, ret1 := c.inner.Update(arg0, arg1, arg2) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Update failed", "duration", time.Since(start)) + } else { + logger.Info("Update done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Watch") + ret0, ret1 := c.inner.Watch(arg0, arg1) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Watch failed", "duration", time.Since(start)) + } else { + logger.Info("Watch done", "duration", time.Since(start)) + } + return ret0, ret1 +} + +type withMetrics struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface + recorder metrics.Recorder +} + +func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) { + defer c.recorder.RecordWithContext(arg0, "create") + return c.inner.Create(arg0, arg1, arg2) +} +func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error { + defer c.recorder.RecordWithContext(arg0, "delete") + return c.inner.Delete(arg0, arg1, arg2) +} +func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error { + defer c.recorder.RecordWithContext(arg0, "delete_collection") + return c.inner.DeleteCollection(arg0, arg1, arg2) +} +func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) { + defer c.recorder.RecordWithContext(arg0, "get") + return c.inner.Get(arg0, arg1, arg2) +} +func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReportList, error) { + defer c.recorder.RecordWithContext(arg0, "list") + return c.inner.List(arg0, arg1) +} +func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) { + defer c.recorder.RecordWithContext(arg0, "patch") + return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...) +} +func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) { + defer c.recorder.RecordWithContext(arg0, "update") + return c.inner.Update(arg0, arg1, arg2) +} +func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) { + defer c.recorder.RecordWithContext(arg0, "watch") + return c.inner.Watch(arg0, arg1) +} + +type withTracing struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface + client string + kind string +} + +func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Create"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Create(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Delete"), + ), + ) + defer span.End() + } + ret0 := c.inner.Delete(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret0) + } + return ret0 +} +func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("DeleteCollection"), + ), + ) + defer span.End() + } + ret0 := c.inner.DeleteCollection(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret0) + } + return ret0 +} +func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Get"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Get(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReportList, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("List"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.List(arg0, arg1) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Patch"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Update"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Update(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Watch"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Watch(arg0, arg1) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} diff --git a/pkg/clients/kyverno/reportsv1/client.generated.go b/pkg/clients/kyverno/reportsv1/client.generated.go new file mode 100644 index 0000000000..ee32ef63f7 --- /dev/null +++ b/pkg/clients/kyverno/reportsv1/client.generated.go @@ -0,0 +1,92 @@ +package client + +import ( + "github.com/go-logr/logr" + github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1" + admissionreports "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1/admissionreports" + backgroundscanreports "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1/backgroundscanreports" + clusteradmissionreports "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1/clusteradmissionreports" + clusterbackgroundscanreports "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1/clusterbackgroundscanreports" + "github.com/kyverno/kyverno/pkg/metrics" + "k8s.io/client-go/rest" +) + +func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface, metrics metrics.MetricsConfigManager, clientType metrics.ClientType) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface { + return &withMetrics{inner, metrics, clientType} +} + +func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface, client string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface { + return &withTracing{inner, client} +} + +func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface { + return &withLogging{inner, logger} +} + +type withMetrics struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface + metrics metrics.MetricsConfigManager + clientType metrics.ClientType +} + +func (c *withMetrics) RESTClient() rest.Interface { + return c.inner.RESTClient() +} +func (c *withMetrics) AdmissionReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface { + recorder := metrics.NamespacedClientQueryRecorder(c.metrics, namespace, "AdmissionReport", c.clientType) + return admissionreports.WithMetrics(c.inner.AdmissionReports(namespace), recorder) +} +func (c *withMetrics) BackgroundScanReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface { + recorder := metrics.NamespacedClientQueryRecorder(c.metrics, namespace, "BackgroundScanReport", c.clientType) + return backgroundscanreports.WithMetrics(c.inner.BackgroundScanReports(namespace), recorder) +} +func (c *withMetrics) ClusterAdmissionReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface { + recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "ClusterAdmissionReport", c.clientType) + return clusteradmissionreports.WithMetrics(c.inner.ClusterAdmissionReports(), recorder) +} +func (c *withMetrics) ClusterBackgroundScanReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface { + recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "ClusterBackgroundScanReport", c.clientType) + return clusterbackgroundscanreports.WithMetrics(c.inner.ClusterBackgroundScanReports(), recorder) +} + +type withTracing struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface + client string +} + +func (c *withTracing) RESTClient() rest.Interface { + return c.inner.RESTClient() +} +func (c *withTracing) AdmissionReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface { + return admissionreports.WithTracing(c.inner.AdmissionReports(namespace), c.client, "AdmissionReport") +} +func (c *withTracing) BackgroundScanReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface { + return backgroundscanreports.WithTracing(c.inner.BackgroundScanReports(namespace), c.client, "BackgroundScanReport") +} +func (c *withTracing) ClusterAdmissionReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface { + return clusteradmissionreports.WithTracing(c.inner.ClusterAdmissionReports(), c.client, "ClusterAdmissionReport") +} +func (c *withTracing) ClusterBackgroundScanReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface { + return clusterbackgroundscanreports.WithTracing(c.inner.ClusterBackgroundScanReports(), c.client, "ClusterBackgroundScanReport") +} + +type withLogging struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface + logger logr.Logger +} + +func (c *withLogging) RESTClient() rest.Interface { + return c.inner.RESTClient() +} +func (c *withLogging) AdmissionReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface { + return admissionreports.WithLogging(c.inner.AdmissionReports(namespace), c.logger.WithValues("resource", "AdmissionReports").WithValues("namespace", namespace)) +} +func (c *withLogging) BackgroundScanReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface { + return backgroundscanreports.WithLogging(c.inner.BackgroundScanReports(namespace), c.logger.WithValues("resource", "BackgroundScanReports").WithValues("namespace", namespace)) +} +func (c *withLogging) ClusterAdmissionReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface { + return clusteradmissionreports.WithLogging(c.inner.ClusterAdmissionReports(), c.logger.WithValues("resource", "ClusterAdmissionReports")) +} +func (c *withLogging) ClusterBackgroundScanReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface { + return clusterbackgroundscanreports.WithLogging(c.inner.ClusterBackgroundScanReports(), c.logger.WithValues("resource", "ClusterBackgroundScanReports")) +} diff --git a/pkg/clients/kyverno/reportsv1/clusteradmissionreports/resource.generated.go b/pkg/clients/kyverno/reportsv1/clusteradmissionreports/resource.generated.go new file mode 100644 index 0000000000..665e72f4a9 --- /dev/null +++ b/pkg/clients/kyverno/reportsv1/clusteradmissionreports/resource.generated.go @@ -0,0 +1,337 @@ +package resource + +import ( + context "context" + "fmt" + "time" + + "github.com/go-logr/logr" + github_com_kyverno_kyverno_api_kyverno_reports_v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1" + "github.com/kyverno/kyverno/pkg/metrics" + "github.com/kyverno/kyverno/pkg/tracing" + "go.opentelemetry.io/otel/trace" + "go.uber.org/multierr" + k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types" + k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch" +) + +func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface { + return &withLogging{inner, logger} +} + +func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface { + return &withMetrics{inner, recorder} +} + +func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface { + return &withTracing{inner, client, kind} +} + +type withLogging struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface + logger logr.Logger +} + +func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Create") + ret0, ret1 := c.inner.Create(arg0, arg1, arg2) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Create failed", "duration", time.Since(start)) + } else { + logger.Info("Create done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error { + start := time.Now() + logger := c.logger.WithValues("operation", "Delete") + ret0 := c.inner.Delete(arg0, arg1, arg2) + if err := multierr.Combine(ret0); err != nil { + logger.Error(err, "Delete failed", "duration", time.Since(start)) + } else { + logger.Info("Delete done", "duration", time.Since(start)) + } + return ret0 +} +func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error { + start := time.Now() + logger := c.logger.WithValues("operation", "DeleteCollection") + ret0 := c.inner.DeleteCollection(arg0, arg1, arg2) + if err := multierr.Combine(ret0); err != nil { + logger.Error(err, "DeleteCollection failed", "duration", time.Since(start)) + } else { + logger.Info("DeleteCollection done", "duration", time.Since(start)) + } + return ret0 +} +func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Get") + ret0, ret1 := c.inner.Get(arg0, arg1, arg2) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Get failed", "duration", time.Since(start)) + } else { + logger.Info("Get done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReportList, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "List") + ret0, ret1 := c.inner.List(arg0, arg1) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "List failed", "duration", time.Since(start)) + } else { + logger.Info("List done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Patch") + ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Patch failed", "duration", time.Since(start)) + } else { + logger.Info("Patch done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Update") + ret0, ret1 := c.inner.Update(arg0, arg1, arg2) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Update failed", "duration", time.Since(start)) + } else { + logger.Info("Update done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Watch") + ret0, ret1 := c.inner.Watch(arg0, arg1) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Watch failed", "duration", time.Since(start)) + } else { + logger.Info("Watch done", "duration", time.Since(start)) + } + return ret0, ret1 +} + +type withMetrics struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface + recorder metrics.Recorder +} + +func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) { + defer c.recorder.RecordWithContext(arg0, "create") + return c.inner.Create(arg0, arg1, arg2) +} +func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error { + defer c.recorder.RecordWithContext(arg0, "delete") + return c.inner.Delete(arg0, arg1, arg2) +} +func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error { + defer c.recorder.RecordWithContext(arg0, "delete_collection") + return c.inner.DeleteCollection(arg0, arg1, arg2) +} +func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) { + defer c.recorder.RecordWithContext(arg0, "get") + return c.inner.Get(arg0, arg1, arg2) +} +func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReportList, error) { + defer c.recorder.RecordWithContext(arg0, "list") + return c.inner.List(arg0, arg1) +} +func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) { + defer c.recorder.RecordWithContext(arg0, "patch") + return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...) +} +func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) { + defer c.recorder.RecordWithContext(arg0, "update") + return c.inner.Update(arg0, arg1, arg2) +} +func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) { + defer c.recorder.RecordWithContext(arg0, "watch") + return c.inner.Watch(arg0, arg1) +} + +type withTracing struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface + client string + kind string +} + +func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Create"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Create(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Delete"), + ), + ) + defer span.End() + } + ret0 := c.inner.Delete(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret0) + } + return ret0 +} +func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("DeleteCollection"), + ), + ) + defer span.End() + } + ret0 := c.inner.DeleteCollection(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret0) + } + return ret0 +} +func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Get"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Get(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReportList, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("List"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.List(arg0, arg1) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Patch"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Update"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Update(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Watch"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Watch(arg0, arg1) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} diff --git a/pkg/clients/kyverno/reportsv1/clusterbackgroundscanreports/resource.generated.go b/pkg/clients/kyverno/reportsv1/clusterbackgroundscanreports/resource.generated.go new file mode 100644 index 0000000000..0777c3beac --- /dev/null +++ b/pkg/clients/kyverno/reportsv1/clusterbackgroundscanreports/resource.generated.go @@ -0,0 +1,337 @@ +package resource + +import ( + context "context" + "fmt" + "time" + + "github.com/go-logr/logr" + github_com_kyverno_kyverno_api_kyverno_reports_v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1" + "github.com/kyverno/kyverno/pkg/metrics" + "github.com/kyverno/kyverno/pkg/tracing" + "go.opentelemetry.io/otel/trace" + "go.uber.org/multierr" + k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types" + k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch" +) + +func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface { + return &withLogging{inner, logger} +} + +func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface { + return &withMetrics{inner, recorder} +} + +func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface { + return &withTracing{inner, client, kind} +} + +type withLogging struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface + logger logr.Logger +} + +func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Create") + ret0, ret1 := c.inner.Create(arg0, arg1, arg2) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Create failed", "duration", time.Since(start)) + } else { + logger.Info("Create done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error { + start := time.Now() + logger := c.logger.WithValues("operation", "Delete") + ret0 := c.inner.Delete(arg0, arg1, arg2) + if err := multierr.Combine(ret0); err != nil { + logger.Error(err, "Delete failed", "duration", time.Since(start)) + } else { + logger.Info("Delete done", "duration", time.Since(start)) + } + return ret0 +} +func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error { + start := time.Now() + logger := c.logger.WithValues("operation", "DeleteCollection") + ret0 := c.inner.DeleteCollection(arg0, arg1, arg2) + if err := multierr.Combine(ret0); err != nil { + logger.Error(err, "DeleteCollection failed", "duration", time.Since(start)) + } else { + logger.Info("DeleteCollection done", "duration", time.Since(start)) + } + return ret0 +} +func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Get") + ret0, ret1 := c.inner.Get(arg0, arg1, arg2) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Get failed", "duration", time.Since(start)) + } else { + logger.Info("Get done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReportList, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "List") + ret0, ret1 := c.inner.List(arg0, arg1) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "List failed", "duration", time.Since(start)) + } else { + logger.Info("List done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Patch") + ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Patch failed", "duration", time.Since(start)) + } else { + logger.Info("Patch done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Update") + ret0, ret1 := c.inner.Update(arg0, arg1, arg2) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Update failed", "duration", time.Since(start)) + } else { + logger.Info("Update done", "duration", time.Since(start)) + } + return ret0, ret1 +} +func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) { + start := time.Now() + logger := c.logger.WithValues("operation", "Watch") + ret0, ret1 := c.inner.Watch(arg0, arg1) + if err := multierr.Combine(ret1); err != nil { + logger.Error(err, "Watch failed", "duration", time.Since(start)) + } else { + logger.Info("Watch done", "duration", time.Since(start)) + } + return ret0, ret1 +} + +type withMetrics struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface + recorder metrics.Recorder +} + +func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) { + defer c.recorder.RecordWithContext(arg0, "create") + return c.inner.Create(arg0, arg1, arg2) +} +func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error { + defer c.recorder.RecordWithContext(arg0, "delete") + return c.inner.Delete(arg0, arg1, arg2) +} +func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error { + defer c.recorder.RecordWithContext(arg0, "delete_collection") + return c.inner.DeleteCollection(arg0, arg1, arg2) +} +func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) { + defer c.recorder.RecordWithContext(arg0, "get") + return c.inner.Get(arg0, arg1, arg2) +} +func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReportList, error) { + defer c.recorder.RecordWithContext(arg0, "list") + return c.inner.List(arg0, arg1) +} +func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) { + defer c.recorder.RecordWithContext(arg0, "patch") + return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...) +} +func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) { + defer c.recorder.RecordWithContext(arg0, "update") + return c.inner.Update(arg0, arg1, arg2) +} +func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) { + defer c.recorder.RecordWithContext(arg0, "watch") + return c.inner.Watch(arg0, arg1) +} + +type withTracing struct { + inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface + client string + kind string +} + +func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Create"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Create(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Delete"), + ), + ) + defer span.End() + } + ret0 := c.inner.Delete(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret0) + } + return ret0 +} +func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("DeleteCollection"), + ), + ) + defer span.End() + } + ret0 := c.inner.DeleteCollection(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret0) + } + return ret0 +} +func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Get"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Get(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReportList, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("List"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.List(arg0, arg1) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Patch"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Update"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Update(arg0, arg1, arg2) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} +func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) { + var span trace.Span + if tracing.IsInSpan(arg0) { + arg0, span = tracing.StartChildSpan( + arg0, + "", + fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"), + trace.WithAttributes( + tracing.KubeClientGroupKey.String(c.client), + tracing.KubeClientKindKey.String(c.kind), + tracing.KubeClientOperationKey.String("Watch"), + ), + ) + defer span.End() + } + ret0, ret1 := c.inner.Watch(arg0, arg1) + if span != nil { + tracing.SetSpanStatus(span, ret1) + } + return ret0, ret1 +} diff --git a/pkg/controllers/report/admission/controller.go b/pkg/controllers/report/admission/controller.go index a9e3ae7e82..b8a91b4128 100644 --- a/pkg/controllers/report/admission/controller.go +++ b/pkg/controllers/report/admission/controller.go @@ -2,6 +2,7 @@ package admission import ( "context" + "fmt" "time" "github.com/go-logr/logr" @@ -11,6 +12,7 @@ import ( "github.com/kyverno/kyverno/pkg/clients/dclient" "github.com/kyverno/kyverno/pkg/controllers" "github.com/kyverno/kyverno/pkg/controllers/report/utils" + "github.com/kyverno/kyverno/pkg/report" controllerutils "github.com/kyverno/kyverno/pkg/utils/controller" reportutils "github.com/kyverno/kyverno/pkg/utils/report" "go.uber.org/multierr" @@ -36,8 +38,9 @@ const ( type controller struct { // clients - client versioned.Interface - dclient dclient.Interface + client versioned.Interface + dclient dclient.Interface + reportManager report.Interface // listers admrLister cache.GenericLister @@ -51,16 +54,18 @@ func NewController( client versioned.Interface, dclient dclient.Interface, metadataFactory metadatainformers.SharedInformerFactory, + reportManager report.Interface, ) controllers.Controller { - admrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("admissionreports")) - cadmrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusteradmissionreports")) + admrInformer := reportManager.AdmissionReportInformer(metadataFactory) + cadmrInformer := reportManager.ClusterAdmissionReportInformer(metadataFactory) queue := workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName) c := controller{ - client: client, - dclient: dclient, - admrLister: admrInformer.Lister(), - cadmrLister: cadmrInformer.Lister(), - queue: queue, + client: client, + dclient: dclient, + reportManager: reportManager, + admrLister: admrInformer.Lister(), + cadmrLister: cadmrInformer.Lister(), + queue: queue, } if _, err := controllerutils.AddEventHandlersT( admrInformer.Informer(), @@ -110,9 +115,9 @@ func (c *controller) getReports(uid types.UID) ([]metav1.Object, error) { func (c *controller) fetchReport(ctx context.Context, namespace, name string) (kyvernov1alpha2.ReportInterface, error) { if namespace == "" { - return c.client.KyvernoV1alpha2().ClusterAdmissionReports().Get(ctx, name, metav1.GetOptions{}) + return c.reportManager.GetClusterAdmissionReports(ctx, name, metav1.GetOptions{}) } else { - return c.client.KyvernoV1alpha2().AdmissionReports(namespace).Get(ctx, name, metav1.GetOptions{}) + return c.reportManager.GetAdmissionReports(ctx, name, namespace, metav1.GetOptions{}) } } @@ -142,18 +147,26 @@ func (c *controller) fetchReports(ctx context.Context, uid types.UID) ([]kyverno } else { for n := range ns { if n == "" { - cadmrs, err := c.client.KyvernoV1alpha2().ClusterAdmissionReports().List(ctx, metav1.ListOptions{LabelSelector: selector.String()}) + cadmrsObj, err := c.reportManager.ListClusterAdmissionReports(ctx, metav1.ListOptions{LabelSelector: selector.String()}) if err != nil { return nil, err } + cadmrs, ok := cadmrsObj.(*kyvernov1alpha2.ClusterAdmissionReportList) + if !ok { + return nil, fmt.Errorf("failed to convert runtime object to cluster admission report list") + } for i := range cadmrs.Items { results = append(results, &cadmrs.Items[i]) } } else { - admrs, err := c.client.KyvernoV1alpha2().AdmissionReports(n).List(ctx, metav1.ListOptions{LabelSelector: selector.String()}) + admrsObj, err := c.reportManager.ListAdmissionReports(ctx, n, metav1.ListOptions{LabelSelector: selector.String()}) if err != nil { return nil, err } + admrs, ok := admrsObj.(*kyvernov1alpha2.AdmissionReportList) + if !ok { + return nil, fmt.Errorf("failed to convert runtime object to admission report list") + } for i := range admrs.Items { results = append(results, &admrs.Items[i]) } @@ -165,9 +178,9 @@ func (c *controller) fetchReports(ctx context.Context, uid types.UID) ([]kyverno func (c *controller) deleteReport(ctx context.Context, namespace, name string) error { if namespace == "" { - return c.client.KyvernoV1alpha2().ClusterAdmissionReports().Delete(ctx, name, metav1.DeleteOptions{}) + return c.reportManager.DeleteClusterAdmissionReports(ctx, name, metav1.DeleteOptions{}) } else { - return c.client.KyvernoV1alpha2().AdmissionReports(namespace).Delete(ctx, name, metav1.DeleteOptions{}) + return c.reportManager.DeleteAdmissionReports(ctx, name, namespace, metav1.DeleteOptions{}) } } @@ -224,7 +237,7 @@ func (c *controller) aggregateReports(ctx context.Context, uid types.UID) (kyver // if we found the resource, build an aggregated report for it if res != nil { if aggregated == nil { - aggregated = reportutils.NewAdmissionReport(res.GetNamespace(), string(uid), gvr, *res) + aggregated = c.reportManager.NewAdmissionReport(res.GetNamespace(), string(uid), gvr, *res) controllerutils.SetOwner(aggregated, res.GetAPIVersion(), res.GetKind(), res.GetName(), uid) controllerutils.SetLabel(aggregated, reportutils.LabelAggregatedReport, string(uid)) } @@ -251,12 +264,12 @@ func (c *controller) aggregateReports(ctx context.Context, uid types.UID) (kyver } after := aggregated if aggregated.GetResourceVersion() != "" { - after = reportutils.DeepCopy(aggregated) + after = c.reportManager.DeepCopy(aggregated) } reportutils.SetResults(after, results...) if after.GetResourceVersion() == "" { if len(results) > 0 { - if _, err := reportutils.CreateReport(ctx, after, c.client); err != nil { + if _, err := c.reportManager.CreateReport(ctx, after); err != nil { errs = append(errs, err) } } @@ -267,7 +280,7 @@ func (c *controller) aggregateReports(ctx context.Context, uid types.UID) (kyver } } else { if !utils.ReportsAreIdentical(aggregated, after) { - if _, err = reportutils.UpdateReport(ctx, after, c.client); err != nil { + if _, err = c.reportManager.UpdateReport(ctx, after); err != nil { errs = append(errs, err) } } diff --git a/pkg/controllers/report/aggregate/namespace/controller.go b/pkg/controllers/report/aggregate/namespace/controller.go index e80e10783e..d3c6a3de7b 100644 --- a/pkg/controllers/report/aggregate/namespace/controller.go +++ b/pkg/controllers/report/aggregate/namespace/controller.go @@ -16,6 +16,7 @@ import ( "github.com/kyverno/kyverno/pkg/controllers" "github.com/kyverno/kyverno/pkg/controllers/report/resource" engineapi "github.com/kyverno/kyverno/pkg/engine/api" + "github.com/kyverno/kyverno/pkg/report" controllerutils "github.com/kyverno/kyverno/pkg/utils/controller" datautils "github.com/kyverno/kyverno/pkg/utils/data" reportutils "github.com/kyverno/kyverno/pkg/utils/report" @@ -42,7 +43,8 @@ const ( type controller struct { // clients - client versioned.Interface + client versioned.Interface + reportManager report.Interface // listers polLister kyvernov1listers.PolicyLister @@ -73,19 +75,21 @@ func keyFunc(obj metav1.Object) cache.ExplicitKey { func NewController( client versioned.Interface, metadataFactory metadatainformers.SharedInformerFactory, + reportManager report.Interface, polInformer kyvernov1informers.PolicyInformer, cpolInformer kyvernov1informers.ClusterPolicyInformer, metadataCache resource.MetadataCache, chunkSize int, ) controllers.Controller { - admrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("admissionreports")) - cadmrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusteradmissionreports")) - bgscanrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports")) - cbgscanrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports")) + admrInformer := reportManager.AdmissionReportInformer(metadataFactory) + cadmrInformer := reportManager.ClusterAdmissionReportInformer(metadataFactory) + bgscanrInformer := reportManager.BackgroundScanReportInformer(metadataFactory) + cbgscanrInformer := reportManager.ClusterBackgroundScanReportInformer(metadataFactory) polrInformer := metadataFactory.ForResource(policyreportv1alpha2.SchemeGroupVersion.WithResource("policyreports")) cpolrInformer := metadataFactory.ForResource(policyreportv1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports")) c := controller{ client: client, + reportManager: reportManager, polLister: polInformer.Lister(), cpolLister: cpolInformer.Lister(), admrLister: admrInformer.Lister(), @@ -141,7 +145,7 @@ func (c *controller) mergeAdmissionReports(ctx context.Context, namespace string if namespace == "" { next := "" for { - cadms, err := c.client.KyvernoV1alpha2().ClusterAdmissionReports().List(ctx, metav1.ListOptions{ + cadmsObj, err := c.reportManager.ListClusterAdmissionReports(ctx, metav1.ListOptions{ // no need to consider non aggregated reports LabelSelector: reportutils.LabelAggregatedReport, Limit: mergeLimit, @@ -150,6 +154,10 @@ func (c *controller) mergeAdmissionReports(ctx context.Context, namespace string if err != nil { return err } + cadms, ok := cadmsObj.(*kyvernov1alpha2.ClusterAdmissionReportList) + if !ok { + return fmt.Errorf("failed to convert runtime object to cluster admission report list") + } next = cadms.Continue for i := range cadms.Items { mergeReports(policyMap, accumulator, &cadms.Items[i]) @@ -161,7 +169,7 @@ func (c *controller) mergeAdmissionReports(ctx context.Context, namespace string } else { next := "" for { - adms, err := c.client.KyvernoV1alpha2().AdmissionReports(namespace).List(ctx, metav1.ListOptions{ + admsObj, err := c.reportManager.ListAdmissionReports(ctx, namespace, metav1.ListOptions{ // no need to consider non aggregated reports LabelSelector: reportutils.LabelAggregatedReport, Limit: mergeLimit, @@ -170,6 +178,10 @@ func (c *controller) mergeAdmissionReports(ctx context.Context, namespace string if err != nil { return err } + adms, ok := admsObj.(*kyvernov1alpha2.AdmissionReportList) + if !ok { + return fmt.Errorf("failed to convert runtime object to admission report list") + } next = adms.Continue for i := range adms.Items { mergeReports(policyMap, accumulator, &adms.Items[i]) @@ -185,13 +197,17 @@ func (c *controller) mergeBackgroundScanReports(ctx context.Context, namespace s if namespace == "" { next := "" for { - cbgscans, err := c.client.KyvernoV1alpha2().ClusterBackgroundScanReports().List(ctx, metav1.ListOptions{ + cbgscansObj, err := c.reportManager.ListClusterBackgroundScanReports(ctx, metav1.ListOptions{ Limit: mergeLimit, Continue: next, }) if err != nil { return err } + cbgscans, ok := cbgscansObj.(*kyvernov1alpha2.ClusterBackgroundScanReportList) + if !ok { + return fmt.Errorf("failed to convert runtime object to admission report list") + } next = cbgscans.Continue for i := range cbgscans.Items { mergeReports(policyMap, accumulator, &cbgscans.Items[i]) @@ -203,13 +219,17 @@ func (c *controller) mergeBackgroundScanReports(ctx context.Context, namespace s } else { next := "" for { - bgscans, err := c.client.KyvernoV1alpha2().BackgroundScanReports(namespace).List(ctx, metav1.ListOptions{ + bgscansObj, err := c.reportManager.ListBackgroundScanReports(ctx, namespace, metav1.ListOptions{ Limit: mergeLimit, Continue: next, }) if err != nil { return err } + bgscans, ok := bgscansObj.(*kyvernov1alpha2.BackgroundScanReportList) + if !ok { + return fmt.Errorf("failed to convert runtime object to admission report list") + } next = bgscans.Continue for i := range bgscans.Items { mergeReports(policyMap, accumulator, &bgscans.Items[i]) @@ -230,9 +250,9 @@ func (c *controller) reconcileReport(ctx context.Context, policyMap map[string]p reportutils.SetPolicyLabel(report, engineapi.NewKyvernoPolicy(policy.policy)) } } - return reportutils.CreateReport(ctx, report, c.client) + return c.reportManager.CreateReport(ctx, report) } - after := reportutils.DeepCopy(report) + after := c.reportManager.DeepCopy(report) // hold custom labels reportutils.CleanupKyvernoLabels(after) reportutils.SetManagedByKyvernoLabel(after) @@ -246,7 +266,7 @@ func (c *controller) reconcileReport(ctx context.Context, policyMap map[string]p if datautils.DeepEqual(report, after) { return after, nil } - return reportutils.UpdateReport(ctx, after, c.client) + return c.reportManager.UpdateReport(ctx, after) } func (c *controller) cleanReports(ctx context.Context, actual map[string]kyvernov1alpha2.ReportInterface, expected []kyvernov1alpha2.ReportInterface) error { @@ -256,7 +276,7 @@ func (c *controller) cleanReports(ctx context.Context, actual map[string]kyverno } for _, obj := range actual { if !keep.Has(obj.GetName()) { - err := reportutils.DeleteReport(ctx, obj, c.client) + err := c.reportManager.DeleteReport(ctx, obj) if err != nil { return err } diff --git a/pkg/controllers/report/aggregate/resource/controller.go b/pkg/controllers/report/aggregate/resource/controller.go index e36659230f..4420b64da2 100644 --- a/pkg/controllers/report/aggregate/resource/controller.go +++ b/pkg/controllers/report/aggregate/resource/controller.go @@ -14,6 +14,7 @@ import ( kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" "github.com/kyverno/kyverno/pkg/controllers" "github.com/kyverno/kyverno/pkg/controllers/report/resource" + "github.com/kyverno/kyverno/pkg/report" controllerutils "github.com/kyverno/kyverno/pkg/utils/controller" reportutils "github.com/kyverno/kyverno/pkg/utils/report" corev1 "k8s.io/api/core/v1" @@ -39,7 +40,8 @@ const ( type controller struct { // clients - client versioned.Interface + client versioned.Interface + reportManager report.Interface // listers polLister kyvernov1listers.PolicyLister @@ -63,20 +65,22 @@ type policyMapEntry struct { func NewController( client versioned.Interface, metadataFactory metadatainformers.SharedInformerFactory, + reportManager report.Interface, polInformer kyvernov1informers.PolicyInformer, cpolInformer kyvernov1informers.ClusterPolicyInformer, vapInformer admissionregistrationv1alpha1informers.ValidatingAdmissionPolicyInformer, metadataCache resource.MetadataCache, chunkSize int, ) controllers.Controller { - admrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("admissionreports")) - cadmrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusteradmissionreports")) - bgscanrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports")) - cbgscanrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports")) + admrInformer := reportManager.AdmissionReportInformer(metadataFactory) + cadmrInformer := reportManager.ClusterAdmissionReportInformer(metadataFactory) + bgscanrInformer := reportManager.BackgroundScanReportInformer(metadataFactory) + cbgscanrInformer := reportManager.ClusterBackgroundScanReportInformer(metadataFactory) polrInformer := metadataFactory.ForResource(policyreportv1alpha2.SchemeGroupVersion.WithResource("policyreports")) cpolrInformer := metadataFactory.ForResource(policyreportv1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports")) c := controller{ client: client, + reportManager: reportManager, polLister: polInformer.Lister(), cpolLister: cpolInformer.Lister(), queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName), @@ -216,7 +220,7 @@ func (c *controller) createVapMap() (sets.Set[string], error) { func (c *controller) getBackgroundScanReport(ctx context.Context, namespace, name string) (kyvernov1alpha2.ReportInterface, error) { if namespace == "" { - report, err := c.client.KyvernoV1alpha2().ClusterBackgroundScanReports().Get(ctx, name, metav1.GetOptions{}) + report, err := c.reportManager.GetClusterBackgroundScanReports(ctx, name, metav1.GetOptions{}) if err != nil { if apierrors.IsNotFound(err) { return nil, nil @@ -225,7 +229,7 @@ func (c *controller) getBackgroundScanReport(ctx context.Context, namespace, nam } return report, nil } else { - report, err := c.client.KyvernoV1alpha2().BackgroundScanReports(namespace).Get(ctx, name, metav1.GetOptions{}) + report, err := c.reportManager.GetBackgroundScanReports(ctx, name, namespace, metav1.GetOptions{}) if err != nil { if apierrors.IsNotFound(err) { return nil, nil @@ -238,7 +242,7 @@ func (c *controller) getBackgroundScanReport(ctx context.Context, namespace, nam func (c *controller) getAdmissionReport(ctx context.Context, namespace, name string) (kyvernov1alpha2.ReportInterface, error) { if namespace == "" { - report, err := c.client.KyvernoV1alpha2().ClusterAdmissionReports().Get(ctx, name, metav1.GetOptions{}) + report, err := c.reportManager.GetClusterAdmissionReports(ctx, name, metav1.GetOptions{}) if err != nil { if apierrors.IsNotFound(err) { return nil, nil @@ -247,7 +251,7 @@ func (c *controller) getAdmissionReport(ctx context.Context, namespace, name str } return report, nil } else { - report, err := c.client.KyvernoV1alpha2().AdmissionReports(namespace).Get(ctx, name, metav1.GetOptions{}) + report, err := c.reportManager.GetAdmissionReports(ctx, name, namespace, metav1.GetOptions{}) if err != nil { if apierrors.IsNotFound(err) { return nil, nil @@ -334,29 +338,29 @@ func (c *controller) reconcile(ctx context.Context, logger logr.Logger, _, names } if len(results) == 0 { if !create { - if err := deleteReport(ctx, policyReport, c.client); err != nil { + if err := deleteReport(ctx, policyReport, c.reportManager); err != nil { return err } } } else { reportutils.SetResults(policyReport, results...) if create { - if _, err := reportutils.CreateReport(ctx, policyReport, c.client); err != nil { + if _, err := c.reportManager.CreateReport(ctx, policyReport); err != nil { return err } } else { - if _, err := updateReport(ctx, policyReport, c.client); err != nil { + if _, err := updateReport(ctx, policyReport, c.reportManager); err != nil { return err } } } if admissionReport != nil { - if err := deleteReport(ctx, admissionReport, c.client); err != nil { + if err := deleteReport(ctx, admissionReport, c.reportManager); err != nil { return err } } if backgroundReport != nil { - if err := deleteReport(ctx, backgroundReport, c.client); err != nil { + if err := deleteReport(ctx, backgroundReport, c.reportManager); err != nil { return err } } @@ -366,7 +370,7 @@ func (c *controller) reconcile(ctx context.Context, logger logr.Logger, _, names return err } if policyReport != nil { - if err := deleteReport(ctx, policyReport, c.client); err != nil { + if err := deleteReport(ctx, policyReport, c.reportManager); err != nil { return err } } diff --git a/pkg/controllers/report/aggregate/resource/utils.go b/pkg/controllers/report/aggregate/resource/utils.go index 765062dab5..ac05e247fb 100644 --- a/pkg/controllers/report/aggregate/resource/utils.go +++ b/pkg/controllers/report/aggregate/resource/utils.go @@ -6,9 +6,8 @@ import ( kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" - "github.com/kyverno/kyverno/pkg/client/clientset/versioned" + "github.com/kyverno/kyverno/pkg/report" controllerutils "github.com/kyverno/kyverno/pkg/utils/controller" - reportutils "github.com/kyverno/kyverno/pkg/utils/report" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" ) @@ -42,16 +41,16 @@ func mergeReports(policyMap map[string]policyMapEntry, vapMap sets.Set[string], } } -func deleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) error { +func deleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, reportManager report.Interface) error { if !controllerutils.IsManagedByKyverno(report) { return errors.New("can't delete report because it is not managed by kyverno") } - return reportutils.DeleteReport(ctx, report, client) + return reportManager.DeleteReport(ctx, report) } -func updateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) { +func updateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, reportManager report.Interface) (kyvernov1alpha2.ReportInterface, error) { if !controllerutils.IsManagedByKyverno(report) { return nil, errors.New("can't update report because it is not managed by kyverno") } - return reportutils.UpdateReport(ctx, report, client) + return reportManager.UpdateReport(ctx, report) } diff --git a/pkg/controllers/report/background/controller.go b/pkg/controllers/report/background/controller.go index d97912cbfb..eb51900ebd 100644 --- a/pkg/controllers/report/background/controller.go +++ b/pkg/controllers/report/background/controller.go @@ -22,6 +22,7 @@ import ( engineapi "github.com/kyverno/kyverno/pkg/engine/api" "github.com/kyverno/kyverno/pkg/engine/jmespath" "github.com/kyverno/kyverno/pkg/event" + "github.com/kyverno/kyverno/pkg/report" controllerutils "github.com/kyverno/kyverno/pkg/utils/controller" datautils "github.com/kyverno/kyverno/pkg/utils/data" reportutils "github.com/kyverno/kyverno/pkg/utils/report" @@ -52,6 +53,7 @@ type controller struct { // clients client dclient.Interface kyvernoClient versioned.Interface + reportManager report.Interface engine engineapi.Engine // listers @@ -80,6 +82,7 @@ type controller struct { func NewController( client dclient.Interface, kyvernoClient versioned.Interface, + reportManager report.Interface, engine engineapi.Engine, metadataFactory metadatainformers.SharedInformerFactory, polInformer kyvernov1informers.PolicyInformer, @@ -94,12 +97,13 @@ func NewController( eventGen event.Interface, policyReports bool, ) controllers.Controller { - bgscanr := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports")) - cbgscanr := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports")) + bgscanr := reportManager.BackgroundScanReportInformer(metadataFactory) + cbgscanr := reportManager.ClusterBackgroundScanReportInformer(metadataFactory) queue := workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName) c := controller{ client: client, kyvernoClient: kyvernoClient, + reportManager: reportManager, engine: engine, polLister: polInformer.Lister(), cpolLister: cpolInformer.Lister(), @@ -199,9 +203,9 @@ func (c *controller) enqueueResources() { func (c *controller) getReport(ctx context.Context, namespace, name string) (kyvernov1alpha2.ReportInterface, error) { if namespace == "" { - return c.kyvernoClient.KyvernoV1alpha2().ClusterBackgroundScanReports().Get(ctx, name, metav1.GetOptions{}) + return c.reportManager.GetClusterBackgroundScanReports(ctx, name, metav1.GetOptions{}) } else { - return c.kyvernoClient.KyvernoV1alpha2().BackgroundScanReports(namespace).Get(ctx, name, metav1.GetOptions{}) + return c.reportManager.GetBackgroundScanReports(ctx, name, namespace, metav1.GetOptions{}) } } @@ -300,7 +304,7 @@ func (c *controller) reconcileReport( if !apierrors.IsNotFound(err) { return err } - observed = reportutils.NewBackgroundScanReport(namespace, name, gvk, resource.Name, uid) + observed = c.reportManager.NewBackgroundScanReport(namespace, name, gvk, resource.Name, uid) } // build desired report expected := map[string]string{} @@ -372,7 +376,7 @@ func (c *controller) reconcileReport( } } } - desired := reportutils.DeepCopy(observed) + desired := c.reportManager.DeepCopy(observed) for key := range desired.GetLabels() { if reportutils.IsPolicyLabel(key) { delete(desired.GetLabels(), key) @@ -402,19 +406,19 @@ func (c *controller) storeReport(ctx context.Context, observed, desired kyvernov if !hasReport && !wantsReport { return nil } else if !hasReport && wantsReport { - _, err = reportutils.CreateReport(ctx, desired, c.kyvernoClient) + _, err = c.reportManager.CreateReport(ctx, desired) return err } else if hasReport && !wantsReport { if observed.GetNamespace() == "" { - return c.kyvernoClient.KyvernoV1alpha2().ClusterBackgroundScanReports().Delete(ctx, observed.GetName(), metav1.DeleteOptions{}) + return c.reportManager.DeleteClusterBackgroundScanReports(ctx, observed.GetName(), metav1.DeleteOptions{}) } else { - return c.kyvernoClient.KyvernoV1alpha2().BackgroundScanReports(observed.GetNamespace()).Delete(ctx, observed.GetName(), metav1.DeleteOptions{}) + return c.reportManager.DeleteBackgroundScanReports(ctx, observed.GetName(), observed.GetNamespace(), metav1.DeleteOptions{}) } } else { if utils.ReportsAreIdentical(observed, desired) { return nil } - _, err = reportutils.UpdateReport(ctx, desired, c.kyvernoClient) + _, err = c.reportManager.UpdateReport(ctx, desired) return err } } @@ -434,9 +438,9 @@ func (c *controller) reconcile(ctx context.Context, log logr.Logger, key, namesp return nil } else { if report.GetNamespace() == "" { - return c.kyvernoClient.KyvernoV1alpha2().ClusterBackgroundScanReports().Delete(ctx, report.GetName(), metav1.DeleteOptions{}) + return c.reportManager.DeleteClusterBackgroundScanReports(ctx, report.GetName(), metav1.DeleteOptions{}) } else { - return c.kyvernoClient.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Delete(ctx, report.GetName(), metav1.DeleteOptions{}) + return c.reportManager.DeleteBackgroundScanReports(ctx, report.GetName(), report.GetNamespace(), metav1.DeleteOptions{}) } } } diff --git a/pkg/report/copy.go b/pkg/report/copy.go new file mode 100644 index 0000000000..2c28eeaadc --- /dev/null +++ b/pkg/report/copy.go @@ -0,0 +1,45 @@ +package report + +import ( + reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" + policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" +) + +func deepCopyV1Alpha2(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface { + switch v := report.(type) { + case *kyvernov1alpha2.AdmissionReport: + return v.DeepCopy() + case *kyvernov1alpha2.ClusterAdmissionReport: + return v.DeepCopy() + case *kyvernov1alpha2.BackgroundScanReport: + return v.DeepCopy() + case *kyvernov1alpha2.ClusterBackgroundScanReport: + return v.DeepCopy() + case *policyreportv1alpha2.PolicyReport: + return v.DeepCopy() + case *policyreportv1alpha2.ClusterPolicyReport: + return v.DeepCopy() + default: + return nil + } +} + +func deepCopyReportV1(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface { + switch v := report.(type) { + case *reportv1.AdmissionReport: + return v.DeepCopy() + case *reportv1.ClusterAdmissionReport: + return v.DeepCopy() + case *reportv1.BackgroundScanReport: + return v.DeepCopy() + case *reportv1.ClusterBackgroundScanReport: + return v.DeepCopy() + case *policyreportv1alpha2.PolicyReport: + return v.DeepCopy() + case *policyreportv1alpha2.ClusterPolicyReport: + return v.DeepCopy() + default: + return nil + } +} diff --git a/pkg/report/create.go b/pkg/report/create.go new file mode 100644 index 0000000000..978e80374b --- /dev/null +++ b/pkg/report/create.go @@ -0,0 +1,62 @@ +package report + +import ( + "context" + "errors" + + reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" + policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" + "github.com/kyverno/kyverno/pkg/client/clientset/versioned" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +func createV1Alpha1Report(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) { + switch v := report.(type) { + case *kyvernov1alpha2.AdmissionReport: + report, err := client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{}) + return report, err + case *kyvernov1alpha2.ClusterAdmissionReport: + report, err := client.KyvernoV1alpha2().ClusterAdmissionReports().Create(ctx, v, metav1.CreateOptions{}) + return report, err + case *kyvernov1alpha2.BackgroundScanReport: + report, err := client.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{}) + return report, err + case *kyvernov1alpha2.ClusterBackgroundScanReport: + report, err := client.KyvernoV1alpha2().ClusterBackgroundScanReports().Create(ctx, v, metav1.CreateOptions{}) + return report, err + case *policyreportv1alpha2.PolicyReport: + report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{}) + return report, err + case *policyreportv1alpha2.ClusterPolicyReport: + report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Create(ctx, v, metav1.CreateOptions{}) + return report, err + default: + return nil, errors.New("unknow type") + } +} + +func createReportV1Report(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) { + switch v := report.(type) { + case *reportv1.AdmissionReport: + report, err := client.ReportsV1().AdmissionReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{}) + return report, err + case *reportv1.ClusterAdmissionReport: + report, err := client.ReportsV1().ClusterAdmissionReports().Create(ctx, v, metav1.CreateOptions{}) + return report, err + case *reportv1.BackgroundScanReport: + report, err := client.ReportsV1().BackgroundScanReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{}) + return report, err + case *reportv1.ClusterBackgroundScanReport: + report, err := client.ReportsV1().ClusterBackgroundScanReports().Create(ctx, v, metav1.CreateOptions{}) + return report, err + case *policyreportv1alpha2.PolicyReport: + report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{}) + return report, err + case *policyreportv1alpha2.ClusterPolicyReport: + report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Create(ctx, v, metav1.CreateOptions{}) + return report, err + default: + return nil, errors.New("unknow type") + } +} diff --git a/pkg/utils/report/delete.go b/pkg/report/delete.go similarity index 50% rename from pkg/utils/report/delete.go rename to pkg/report/delete.go index 4ea76bd04e..e7f01f85a5 100644 --- a/pkg/utils/report/delete.go +++ b/pkg/report/delete.go @@ -4,13 +4,14 @@ import ( "context" "errors" + reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" "github.com/kyverno/kyverno/pkg/client/clientset/versioned" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -func DeleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) error { +func deleteV1Alpha1Reports(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) error { switch v := report.(type) { case *kyvernov1alpha2.AdmissionReport: return client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Delete(ctx, v.GetName(), metav1.DeleteOptions{}) @@ -28,3 +29,22 @@ func DeleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, c return errors.New("unknow type") } } + +func deleteReportV1Reports(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) error { + switch v := report.(type) { + case *reportv1.AdmissionReport: + return client.ReportsV1().AdmissionReports(report.GetNamespace()).Delete(ctx, v.GetName(), metav1.DeleteOptions{}) + case *reportv1.ClusterAdmissionReport: + return client.ReportsV1().ClusterAdmissionReports().Delete(ctx, v.GetName(), metav1.DeleteOptions{}) + case *reportv1.BackgroundScanReport: + return client.ReportsV1().BackgroundScanReports(report.GetNamespace()).Delete(ctx, v.GetName(), metav1.DeleteOptions{}) + case *reportv1.ClusterBackgroundScanReport: + return client.ReportsV1().ClusterBackgroundScanReports().Delete(ctx, v.GetName(), metav1.DeleteOptions{}) + case *policyreportv1alpha2.PolicyReport: + return client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Delete(ctx, v.GetName(), metav1.DeleteOptions{}) + case *policyreportv1alpha2.ClusterPolicyReport: + return client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Delete(ctx, v.GetName(), metav1.DeleteOptions{}) + default: + return errors.New("unknow type") + } +} diff --git a/pkg/report/new.go b/pkg/report/new.go new file mode 100644 index 0000000000..4d09330938 --- /dev/null +++ b/pkg/report/new.go @@ -0,0 +1,88 @@ +package report + +import ( + reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" + kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" + engineapi "github.com/kyverno/kyverno/pkg/engine/api" + controllerutils "github.com/kyverno/kyverno/pkg/utils/controller" + reportutils "github.com/kyverno/kyverno/pkg/utils/report" + admissionv1 "k8s.io/api/admission/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/types" +) + +func newAdmissionReportV1Alpha1(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface { + var report kyvernov1alpha2.ReportInterface + if namespace == "" { + report = &kyvernov1alpha2.ClusterAdmissionReport{Spec: kyvernov2.AdmissionReportSpec{}} + } else { + report = &kyvernov1alpha2.AdmissionReport{Spec: kyvernov2.AdmissionReportSpec{}} + } + report.SetName(name) + report.SetNamespace(namespace) + reportutils.SetResourceUid(report, resource.GetUID()) + reportutils.SetResourceGVR(report, gvr) + reportutils.SetResourceNamespaceAndName(report, resource.GetNamespace(), resource.GetName()) + reportutils.SetManagedByKyvernoLabel(report) + return report +} + +func buildAdmissionReportV1Alpha1(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface { + report := newAdmissionReportV1Alpha1(resource.GetNamespace(), string(request.UID), schema.GroupVersionResource(request.Resource), resource) + reportutils.SetResponses(report, responses...) + return report +} + +func newAdmissionReportReportV1(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface { + var report kyvernov1alpha2.ReportInterface + if namespace == "" { + report = &reportv1.ClusterAdmissionReport{Spec: reportv1.AdmissionReportSpec{}} + } else { + report = &reportv1.AdmissionReport{Spec: reportv1.AdmissionReportSpec{}} + } + report.SetName(name) + report.SetNamespace(namespace) + reportutils.SetResourceUid(report, resource.GetUID()) + reportutils.SetResourceGVR(report, gvr) + reportutils.SetResourceNamespaceAndName(report, resource.GetNamespace(), resource.GetName()) + reportutils.SetManagedByKyvernoLabel(report) + return report +} + +func buildAdmissionReportReportV1(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface { + report := newAdmissionReportReportV1(resource.GetNamespace(), string(request.UID), schema.GroupVersionResource(request.Resource), resource) + reportutils.SetResponses(report, responses...) + return report +} + +func newBackgroundScanReportV1Alpha1(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface { + var report kyvernov1alpha2.ReportInterface + if namespace == "" { + report = &kyvernov1alpha2.ClusterBackgroundScanReport{} + } else { + report = &kyvernov1alpha2.BackgroundScanReport{} + } + report.SetName(name) + report.SetNamespace(namespace) + controllerutils.SetOwner(report, gvk.GroupVersion().String(), gvk.Kind, owner, uid) + reportutils.SetResourceUid(report, uid) + reportutils.SetManagedByKyvernoLabel(report) + return report +} + +func newBackgroundScanReportReportsV1(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface { + var report kyvernov1alpha2.ReportInterface + if namespace == "" { + report = &reportv1.ClusterBackgroundScanReport{} + } else { + report = &reportv1.BackgroundScanReport{} + } + report.SetName(name) + report.SetNamespace(namespace) + controllerutils.SetOwner(report, gvk.GroupVersion().String(), gvk.Kind, owner, uid) + reportutils.SetResourceUid(report, uid) + reportutils.SetManagedByKyvernoLabel(report) + return report +} diff --git a/pkg/report/report_manager.go b/pkg/report/report_manager.go new file mode 100644 index 0000000000..9eaed635b2 --- /dev/null +++ b/pkg/report/report_manager.go @@ -0,0 +1,247 @@ +package report + +import ( + "context" + + reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" + "github.com/kyverno/kyverno/pkg/client/clientset/versioned" + engineapi "github.com/kyverno/kyverno/pkg/engine/api" + admissionv1 "k8s.io/api/admission/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/informers" + metadatainformers "k8s.io/client-go/metadata/metadatainformer" +) + +type reportManager struct { + storeInDB bool + client versioned.Interface +} + +type Interface interface { + CreateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) (kyvernov1alpha2.ReportInterface, error) + UpdateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) (kyvernov1alpha2.ReportInterface, error) + DeleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) error + + NewAdmissionReport(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface + BuildAdmissionReport(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface + NewBackgroundScanReport(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface + + GetAdmissionReports(ctx context.Context, name string, namespace string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) + ListAdmissionReports(ctx context.Context, namespace string, opts metav1.ListOptions) (runtime.Object, error) + DeleteAdmissionReports(ctx context.Context, name, namespace string, opts metav1.DeleteOptions) error + + GetBackgroundScanReports(ctx context.Context, name string, namespace string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) + ListBackgroundScanReports(ctx context.Context, namespace string, opts metav1.ListOptions) (runtime.Object, error) + DeleteBackgroundScanReports(ctx context.Context, name, namespace string, opts metav1.DeleteOptions) error + + GetClusterAdmissionReports(ctx context.Context, name string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) + ListClusterAdmissionReports(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) + DeleteClusterAdmissionReports(ctx context.Context, namespace string, opts metav1.DeleteOptions) error + + GetClusterBackgroundScanReports(ctx context.Context, name string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) + ListClusterBackgroundScanReports(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) + DeleteClusterBackgroundScanReports(ctx context.Context, namespace string, opts metav1.DeleteOptions) error + + AdmissionReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer + ClusterAdmissionReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer + BackgroundScanReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer + ClusterBackgroundScanReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer + + DeepCopy(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface +} + +func NewReportManager(storeInDB bool, client versioned.Interface) Interface { + return &reportManager{ + storeInDB: storeInDB, + client: client, + } +} + +func (r *reportManager) CreateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) (kyvernov1alpha2.ReportInterface, error) { + if r.storeInDB { + return createReportV1Report(ctx, report, r.client) + } else { + return createV1Alpha1Report(ctx, report, r.client) + } +} + +func (r *reportManager) UpdateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) (kyvernov1alpha2.ReportInterface, error) { + if r.storeInDB { + return updateReportsV1Report(ctx, report, r.client) + } else { + return updateV1Alpha1Report(ctx, report, r.client) + } +} + +func (r *reportManager) DeleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) error { + if r.storeInDB { + return deleteReportV1Reports(ctx, report, r.client) + } else { + return deleteV1Alpha1Reports(ctx, report, r.client) + } +} + +func (r *reportManager) GetAdmissionReports(ctx context.Context, name string, namespace string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) { + if r.storeInDB { + return r.client.ReportsV1().AdmissionReports(namespace).Get(ctx, name, opts) + } else { + return r.client.KyvernoV1alpha2().AdmissionReports(namespace).Get(ctx, name, opts) + } +} + +func (r *reportManager) ListAdmissionReports(ctx context.Context, namespace string, opts metav1.ListOptions) (runtime.Object, error) { + if r.storeInDB { + return r.client.ReportsV1().AdmissionReports(namespace).List(ctx, opts) + } else { + return r.client.KyvernoV1alpha2().AdmissionReports(namespace).List(ctx, opts) + } +} + +func (r *reportManager) DeleteAdmissionReports(ctx context.Context, name, namespace string, opts metav1.DeleteOptions) error { + if r.storeInDB { + return r.client.ReportsV1().AdmissionReports(namespace).Delete(ctx, name, opts) + } else { + return r.client.KyvernoV1alpha2().AdmissionReports(namespace).Delete(ctx, name, opts) + } +} + +func (r *reportManager) GetBackgroundScanReports(ctx context.Context, name string, namespace string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) { + if r.storeInDB { + return r.client.ReportsV1().BackgroundScanReports(namespace).Get(ctx, name, opts) + } else { + return r.client.KyvernoV1alpha2().BackgroundScanReports(namespace).Get(ctx, name, opts) + } +} + +func (r *reportManager) ListBackgroundScanReports(ctx context.Context, namespace string, opts metav1.ListOptions) (runtime.Object, error) { + if r.storeInDB { + return r.client.ReportsV1().BackgroundScanReports(namespace).List(ctx, opts) + } else { + return r.client.KyvernoV1alpha2().BackgroundScanReports(namespace).List(ctx, opts) + } +} + +func (r *reportManager) DeleteBackgroundScanReports(ctx context.Context, name, namespace string, opts metav1.DeleteOptions) error { + if r.storeInDB { + return r.client.ReportsV1().BackgroundScanReports(namespace).Delete(ctx, name, opts) + } else { + return r.client.KyvernoV1alpha2().BackgroundScanReports(namespace).Delete(ctx, name, opts) + } +} + +func (r *reportManager) GetClusterAdmissionReports(ctx context.Context, name string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) { + if r.storeInDB { + return r.client.ReportsV1().ClusterAdmissionReports().Get(ctx, name, opts) + } else { + return r.client.KyvernoV1alpha2().ClusterAdmissionReports().Get(ctx, name, opts) + } +} + +func (r *reportManager) ListClusterAdmissionReports(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) { + if r.storeInDB { + return r.client.ReportsV1().ClusterAdmissionReports().List(ctx, opts) + } else { + return r.client.KyvernoV1alpha2().ClusterAdmissionReports().List(ctx, opts) + } +} + +func (r *reportManager) DeleteClusterAdmissionReports(ctx context.Context, name string, opts metav1.DeleteOptions) error { + if r.storeInDB { + return r.client.ReportsV1().ClusterAdmissionReports().Delete(ctx, name, opts) + } else { + return r.client.KyvernoV1alpha2().ClusterAdmissionReports().Delete(ctx, name, opts) + } +} + +func (r *reportManager) GetClusterBackgroundScanReports(ctx context.Context, name string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) { + if r.storeInDB { + return r.client.ReportsV1().ClusterBackgroundScanReports().Get(ctx, name, opts) + } else { + return r.client.KyvernoV1alpha2().ClusterBackgroundScanReports().Get(ctx, name, opts) + } +} + +func (r *reportManager) ListClusterBackgroundScanReports(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) { + if r.storeInDB { + return r.client.ReportsV1().ClusterBackgroundScanReports().List(ctx, opts) + } else { + return r.client.KyvernoV1alpha2().ClusterBackgroundScanReports().List(ctx, opts) + } +} + +func (r *reportManager) DeleteClusterBackgroundScanReports(ctx context.Context, name string, opts metav1.DeleteOptions) error { + if r.storeInDB { + return r.client.ReportsV1().ClusterBackgroundScanReports().Delete(ctx, name, opts) + } else { + return r.client.KyvernoV1alpha2().ClusterBackgroundScanReports().Delete(ctx, name, opts) + } +} + +func (r *reportManager) NewAdmissionReport(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface { + if r.storeInDB { + return newAdmissionReportReportV1(namespace, name, gvr, resource) + } else { + return newAdmissionReportV1Alpha1(namespace, name, gvr, resource) + } +} + +func (r *reportManager) BuildAdmissionReport(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface { + if r.storeInDB { + return buildAdmissionReportReportV1(resource, request, responses...) + } else { + return buildAdmissionReportV1Alpha1(resource, request, responses...) + } +} + +func (r *reportManager) NewBackgroundScanReport(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface { + if r.storeInDB { + return newBackgroundScanReportReportsV1(namespace, name, gvk, owner, uid) + } else { + return newBackgroundScanReportV1Alpha1(namespace, name, gvk, owner, uid) + } +} + +func (r *reportManager) AdmissionReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer { + if r.storeInDB { + return metadataFactory.ForResource(reportv1.SchemeGroupVersion.WithResource("admissionreports")) + } else { + return metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("admissionreports")) + } +} + +func (r *reportManager) ClusterAdmissionReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer { + if r.storeInDB { + return metadataFactory.ForResource(reportv1.SchemeGroupVersion.WithResource("clusteradmissionreports")) + } else { + return metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusteradmissionreports")) + } +} + +func (r *reportManager) BackgroundScanReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer { + if r.storeInDB { + return metadataFactory.ForResource(reportv1.SchemeGroupVersion.WithResource("backgroundscanreports")) + } else { + return metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports")) + } +} + +func (r *reportManager) ClusterBackgroundScanReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer { + if r.storeInDB { + return metadataFactory.ForResource(reportv1.SchemeGroupVersion.WithResource("clusterbackgroundscanreports")) + } else { + return metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports")) + } +} + +func (r *reportManager) DeepCopy(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface { + if r.storeInDB { + return deepCopyReportV1(report) + } else { + return deepCopyV1Alpha2(report) + } +} diff --git a/pkg/report/update.go b/pkg/report/update.go new file mode 100644 index 0000000000..5532c852d5 --- /dev/null +++ b/pkg/report/update.go @@ -0,0 +1,62 @@ +package report + +import ( + "context" + "errors" + + reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1" + kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" + policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" + "github.com/kyverno/kyverno/pkg/client/clientset/versioned" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +func updateV1Alpha1Report(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) { + switch v := report.(type) { + case *kyvernov1alpha2.AdmissionReport: + report, err := client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{}) + return report, err + case *kyvernov1alpha2.ClusterAdmissionReport: + report, err := client.KyvernoV1alpha2().ClusterAdmissionReports().Update(ctx, v, metav1.UpdateOptions{}) + return report, err + case *kyvernov1alpha2.BackgroundScanReport: + report, err := client.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{}) + return report, err + case *kyvernov1alpha2.ClusterBackgroundScanReport: + report, err := client.KyvernoV1alpha2().ClusterBackgroundScanReports().Update(ctx, v, metav1.UpdateOptions{}) + return report, err + case *policyreportv1alpha2.PolicyReport: + report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{}) + return report, err + case *policyreportv1alpha2.ClusterPolicyReport: + report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(ctx, v, metav1.UpdateOptions{}) + return report, err + default: + return nil, errors.New("unknow type") + } +} + +func updateReportsV1Report(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) { + switch v := report.(type) { + case *reportv1.AdmissionReport: + report, err := client.ReportsV1().AdmissionReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{}) + return report, err + case *reportv1.ClusterAdmissionReport: + report, err := client.ReportsV1().ClusterAdmissionReports().Update(ctx, v, metav1.UpdateOptions{}) + return report, err + case *reportv1.BackgroundScanReport: + report, err := client.ReportsV1().BackgroundScanReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{}) + return report, err + case *reportv1.ClusterBackgroundScanReport: + report, err := client.ReportsV1().ClusterBackgroundScanReports().Update(ctx, v, metav1.UpdateOptions{}) + return report, err + case *policyreportv1alpha2.PolicyReport: + report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{}) + return report, err + case *policyreportv1alpha2.ClusterPolicyReport: + report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(ctx, v, metav1.UpdateOptions{}) + return report, err + default: + return nil, errors.New("unknow type") + } +} diff --git a/pkg/utils/kube/crd.go b/pkg/utils/kube/crd.go index 52ecc3d040..1ef78416ff 100644 --- a/pkg/utils/kube/crd.go +++ b/pkg/utils/kube/crd.go @@ -13,10 +13,14 @@ import ( func CRDsInstalled(apiserverClient apiserver.Interface) error { kyvernoCRDs := []string{ "admissionreports.kyverno.io", + "admissionreports.reports.kyverno.io", "backgroundscanreports.kyverno.io", + "backgroundscanreports.reports.kyverno.io", "cleanuppolicies.kyverno.io", "clusteradmissionreports.kyverno.io", + "clusteradmissionreports.reports.kyverno.io", "clusterbackgroundscanreports.kyverno.io", + "clusterbackgroundscanreports.reports.kyverno.io", "clustercleanuppolicies.kyverno.io", "clusterpolicies.kyverno.io", "clusterpolicyreports.wgpolicyk8s.io", diff --git a/pkg/utils/report/copy.go b/pkg/utils/report/copy.go deleted file mode 100644 index 90ae88b059..0000000000 --- a/pkg/utils/report/copy.go +++ /dev/null @@ -1,25 +0,0 @@ -package report - -import ( - kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" - policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" -) - -func DeepCopy(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface { - switch v := report.(type) { - case *kyvernov1alpha2.AdmissionReport: - return v.DeepCopy() - case *kyvernov1alpha2.ClusterAdmissionReport: - return v.DeepCopy() - case *kyvernov1alpha2.BackgroundScanReport: - return v.DeepCopy() - case *kyvernov1alpha2.ClusterBackgroundScanReport: - return v.DeepCopy() - case *policyreportv1alpha2.PolicyReport: - return v.DeepCopy() - case *policyreportv1alpha2.ClusterPolicyReport: - return v.DeepCopy() - default: - return nil - } -} diff --git a/pkg/utils/report/create.go b/pkg/utils/report/create.go deleted file mode 100644 index 9af43e1328..0000000000 --- a/pkg/utils/report/create.go +++ /dev/null @@ -1,36 +0,0 @@ -package report - -import ( - "context" - "errors" - - kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" - policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" - "github.com/kyverno/kyverno/pkg/client/clientset/versioned" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -func CreateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) { - switch v := report.(type) { - case *kyvernov1alpha2.AdmissionReport: - report, err := client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{}) - return report, err - case *kyvernov1alpha2.ClusterAdmissionReport: - report, err := client.KyvernoV1alpha2().ClusterAdmissionReports().Create(ctx, v, metav1.CreateOptions{}) - return report, err - case *kyvernov1alpha2.BackgroundScanReport: - report, err := client.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{}) - return report, err - case *kyvernov1alpha2.ClusterBackgroundScanReport: - report, err := client.KyvernoV1alpha2().ClusterBackgroundScanReports().Create(ctx, v, metav1.CreateOptions{}) - return report, err - case *policyreportv1alpha2.PolicyReport: - report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{}) - return report, err - case *policyreportv1alpha2.ClusterPolicyReport: - report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Create(ctx, v, metav1.CreateOptions{}) - return report, err - default: - return nil, errors.New("unknow type") - } -} diff --git a/pkg/utils/report/new.go b/pkg/utils/report/new.go index aa802a9b5c..97fc5e2047 100644 --- a/pkg/utils/report/new.go +++ b/pkg/utils/report/new.go @@ -2,54 +2,10 @@ package report import ( kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" - kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2" policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" - engineapi "github.com/kyverno/kyverno/pkg/engine/api" - controllerutils "github.com/kyverno/kyverno/pkg/utils/controller" - admissionv1 "k8s.io/api/admission/v1" corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" ) -func NewAdmissionReport(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface { - var report kyvernov1alpha2.ReportInterface - if namespace == "" { - report = &kyvernov1alpha2.ClusterAdmissionReport{Spec: kyvernov2.AdmissionReportSpec{}} - } else { - report = &kyvernov1alpha2.AdmissionReport{Spec: kyvernov2.AdmissionReportSpec{}} - } - report.SetName(name) - report.SetNamespace(namespace) - SetResourceUid(report, resource.GetUID()) - SetResourceGVR(report, gvr) - SetResourceNamespaceAndName(report, resource.GetNamespace(), resource.GetName()) - SetManagedByKyvernoLabel(report) - return report -} - -func BuildAdmissionReport(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface { - report := NewAdmissionReport(resource.GetNamespace(), string(request.UID), schema.GroupVersionResource(request.Resource), resource) - SetResponses(report, responses...) - return report -} - -func NewBackgroundScanReport(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface { - var report kyvernov1alpha2.ReportInterface - if namespace == "" { - report = &kyvernov1alpha2.ClusterBackgroundScanReport{} - } else { - report = &kyvernov1alpha2.BackgroundScanReport{} - } - report.SetName(name) - report.SetNamespace(namespace) - controllerutils.SetOwner(report, gvk.GroupVersion().String(), gvk.Kind, owner, uid) - SetResourceUid(report, uid) - SetManagedByKyvernoLabel(report) - return report -} - func NewPolicyReport(namespace, name string, scope *corev1.ObjectReference, results ...policyreportv1alpha2.PolicyReportResult) kyvernov1alpha2.ReportInterface { var report kyvernov1alpha2.ReportInterface if namespace == "" { diff --git a/pkg/utils/report/update.go b/pkg/utils/report/update.go deleted file mode 100644 index 16af02a530..0000000000 --- a/pkg/utils/report/update.go +++ /dev/null @@ -1,36 +0,0 @@ -package report - -import ( - "context" - "errors" - - kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2" - policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" - "github.com/kyverno/kyverno/pkg/client/clientset/versioned" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -func UpdateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) { - switch v := report.(type) { - case *kyvernov1alpha2.AdmissionReport: - report, err := client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{}) - return report, err - case *kyvernov1alpha2.ClusterAdmissionReport: - report, err := client.KyvernoV1alpha2().ClusterAdmissionReports().Update(ctx, v, metav1.UpdateOptions{}) - return report, err - case *kyvernov1alpha2.BackgroundScanReport: - report, err := client.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{}) - return report, err - case *kyvernov1alpha2.ClusterBackgroundScanReport: - report, err := client.KyvernoV1alpha2().ClusterBackgroundScanReports().Update(ctx, v, metav1.UpdateOptions{}) - return report, err - case *policyreportv1alpha2.PolicyReport: - report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{}) - return report, err - case *policyreportv1alpha2.ClusterPolicyReport: - report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(ctx, v, metav1.UpdateOptions{}) - return report, err - default: - return nil, errors.New("unknow type") - } -} diff --git a/pkg/webhooks/resource/handlers.go b/pkg/webhooks/resource/handlers.go index cac3653da3..bfd485d581 100644 --- a/pkg/webhooks/resource/handlers.go +++ b/pkg/webhooks/resource/handlers.go @@ -18,6 +18,7 @@ import ( "github.com/kyverno/kyverno/pkg/event" "github.com/kyverno/kyverno/pkg/metrics" "github.com/kyverno/kyverno/pkg/policycache" + "github.com/kyverno/kyverno/pkg/report" admissionutils "github.com/kyverno/kyverno/pkg/utils/admission" engineutils "github.com/kyverno/kyverno/pkg/utils/engine" jsonutils "github.com/kyverno/kyverno/pkg/utils/json" @@ -36,6 +37,7 @@ type resourceHandlers struct { // clients client dclient.Interface kyvernoClient versioned.Interface + reportManager report.Interface engine engineapi.Engine // config @@ -63,6 +65,7 @@ func NewHandlers( engine engineapi.Engine, client dclient.Interface, kyvernoClient versioned.Interface, + reportManager report.Interface, configuration config.Configuration, metricsConfig metrics.MetricsConfigManager, pCache policycache.Cache, @@ -80,6 +83,7 @@ func NewHandlers( engine: engine, client: client, kyvernoClient: kyvernoClient, + reportManager: reportManager, configuration: configuration, metricsConfig: metricsConfig, pCache: pCache, @@ -124,7 +128,7 @@ func (h *resourceHandlers) Validate(ctx context.Context, logger logr.Logger, req namespaceLabels = engineutils.GetNamespaceSelectorsFromNamespaceLister(request.Kind.Kind, request.Namespace, h.nsLister, logger) } policyContext = policyContext.WithNamespaceLabels(namespaceLabels) - vh := validation.NewValidationHandler(logger, h.kyvernoClient, h.engine, h.pCache, h.pcBuilder, h.eventGen, h.admissionReports, h.metricsConfig, h.configuration) + vh := validation.NewValidationHandler(logger, h.kyvernoClient, h.reportManager, h.engine, h.pCache, h.pcBuilder, h.eventGen, h.admissionReports, h.metricsConfig, h.configuration) ok, msg, warnings := vh.HandleValidation(ctx, request, policies, policyContext, startTime) if !ok { @@ -167,7 +171,7 @@ func (h *resourceHandlers) Mutate(ctx context.Context, logger logr.Logger, reque logger.Error(err, "failed to build policy context") return admissionutils.Response(request.UID, err) } - ivh := imageverification.NewImageVerificationHandler(logger, h.kyvernoClient, h.engine, h.eventGen, h.admissionReports, h.configuration, h.nsLister) + ivh := imageverification.NewImageVerificationHandler(logger, h.kyvernoClient, h.reportManager, h.engine, h.eventGen, h.admissionReports, h.configuration, h.nsLister) imagePatches, imageVerifyWarnings, err := ivh.Handle(ctx, newRequest, verifyImagesPolicies, policyContext) if err != nil { logger.Error(err, "image verification failed") diff --git a/pkg/webhooks/resource/imageverification/handler.go b/pkg/webhooks/resource/imageverification/handler.go index 6c2d241dfa..78ecdadde4 100644 --- a/pkg/webhooks/resource/imageverification/handler.go +++ b/pkg/webhooks/resource/imageverification/handler.go @@ -13,6 +13,7 @@ import ( engineapi "github.com/kyverno/kyverno/pkg/engine/api" "github.com/kyverno/kyverno/pkg/engine/mutate/patch" "github.com/kyverno/kyverno/pkg/event" + "github.com/kyverno/kyverno/pkg/report" "github.com/kyverno/kyverno/pkg/tracing" admissionutils "github.com/kyverno/kyverno/pkg/utils/admission" engineutils "github.com/kyverno/kyverno/pkg/utils/engine" @@ -33,6 +34,7 @@ type ImageVerificationHandler interface { type imageVerificationHandler struct { kyvernoClient versioned.Interface + reportManager report.Interface engine engineapi.Engine log logr.Logger eventGen event.Interface @@ -44,6 +46,7 @@ type imageVerificationHandler struct { func NewImageVerificationHandler( log logr.Logger, kyvernoClient versioned.Interface, + reportManager report.Interface, engine engineapi.Engine, eventGen event.Interface, admissionReports bool, @@ -53,6 +56,7 @@ func NewImageVerificationHandler( return &imageVerificationHandler{ kyvernoClient: kyvernoClient, engine: engine, + reportManager: reportManager, log: log, eventGen: eventGen, admissionReports: admissionReports, @@ -173,9 +177,9 @@ func (v *imageVerificationHandler) handleAudit( fmt.Sprintf("AUDIT %s %s", request.Operation, request.Kind), func(ctx context.Context, span trace.Span) { if createReport { - report := reportutils.BuildAdmissionReport(resource, request, engineResponses...) + report := v.reportManager.BuildAdmissionReport(resource, request, engineResponses...) if len(report.GetResults()) > 0 { - _, err := reportutils.CreateReport(context.Background(), report, v.kyvernoClient) + _, err := v.reportManager.CreateReport(context.Background(), report) if err != nil { v.log.Error(err, "failed to create report") } diff --git a/pkg/webhooks/resource/validation/validation.go b/pkg/webhooks/resource/validation/validation.go index 981a516761..1dcc6457c3 100644 --- a/pkg/webhooks/resource/validation/validation.go +++ b/pkg/webhooks/resource/validation/validation.go @@ -14,6 +14,7 @@ import ( "github.com/kyverno/kyverno/pkg/event" "github.com/kyverno/kyverno/pkg/metrics" "github.com/kyverno/kyverno/pkg/policycache" + "github.com/kyverno/kyverno/pkg/report" "github.com/kyverno/kyverno/pkg/tracing" admissionutils "github.com/kyverno/kyverno/pkg/utils/admission" reportutils "github.com/kyverno/kyverno/pkg/utils/report" @@ -35,6 +36,7 @@ type ValidationHandler interface { func NewValidationHandler( log logr.Logger, kyvernoClient versioned.Interface, + reportManager report.Interface, engine engineapi.Engine, pCache policycache.Cache, pcBuilder webhookutils.PolicyContextBuilder, @@ -46,6 +48,7 @@ func NewValidationHandler( return &validationHandler{ log: log, kyvernoClient: kyvernoClient, + reportManager: reportManager, engine: engine, pCache: pCache, pcBuilder: pcBuilder, @@ -59,6 +62,7 @@ func NewValidationHandler( type validationHandler struct { log logr.Logger kyvernoClient versioned.Interface + reportManager report.Interface engine engineapi.Engine pCache policycache.Cache pcBuilder webhookutils.PolicyContextBuilder @@ -190,9 +194,9 @@ func (v *validationHandler) handleAudit( v.eventGen.Add(events...) if createReport { responses = append(responses, engineResponses...) - report := reportutils.BuildAdmissionReport(resource, request.AdmissionRequest, responses...) + report := v.reportManager.BuildAdmissionReport(resource, request.AdmissionRequest, responses...) if len(report.GetResults()) > 0 { - _, err = reportutils.CreateReport(ctx, report, v.kyvernoClient) + _, err = v.reportManager.CreateReport(ctx, report) if err != nil { v.log.Error(err, "failed to create report") } diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/rbac.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/rbac.yaml index 0169a4706f..8906855f11 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/rbac.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/rbac.yaml @@ -379,6 +379,21 @@ rules: - patch - update - watch +- apiGroups: + - reports.kyverno.io + resources: + - admissionreports + - clusteradmissionreports + - backgroundscanreports + - clusterbackgroundscanreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - kyverno.io resources: diff --git a/test/conformance/chainsaw/rbac/aggregate-to-admin/admin-reports.yaml b/test/conformance/chainsaw/rbac/aggregate-to-admin/admin-reports.yaml index 4182aad28c..24861fcb47 100644 --- a/test/conformance/chainsaw/rbac/aggregate-to-admin/admin-reports.yaml +++ b/test/conformance/chainsaw/rbac/aggregate-to-admin/admin-reports.yaml @@ -20,3 +20,18 @@ rules: - patch - update - watch + - apiGroups: + - reports.kyverno.io + resources: + - admissionreports + - clusteradmissionreports + - backgroundscanreports + - clusterbackgroundscanreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch \ No newline at end of file