From ee10ab66b021941442c61cae219e45705960940f Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Thu, 23 Sep 2021 16:13:27 -0700 Subject: [PATCH] update policy.status subresource Signed-off-by: ShutingZhao --- charts/kyverno/templates/crds.yaml | 124 ++------------ .../crds/kyverno.io_clusterpolicies.yaml | 79 +-------- definitions/crds/kyverno.io_policies.yaml | 79 +-------- definitions/install.yaml | 158 ++---------------- definitions/install_debug.yaml | 158 ++---------------- pkg/api/kyverno/v1/clusterpolicy_types.go | 1 + pkg/api/kyverno/v1/policy_types.go | 70 +------- pkg/api/kyverno/v1/zz_generated.deepcopy.go | 99 ++++++++--- .../kyverno/v1alpha2/zz_generated.deepcopy.go | 1 + .../v1alpha2/zz_generated.deepcopy.go | 1 + 10 files changed, 152 insertions(+), 618 deletions(-) diff --git a/charts/kyverno/templates/crds.yaml b/charts/kyverno/templates/crds.yaml index 21ac750a30..095bb0e4f5 100644 --- a/charts/kyverno/templates/crds.yaml +++ b/charts/kyverno/templates/crds.yaml @@ -31,6 +31,9 @@ spec: - jsonPath: .spec.validationFailureAction name: Action type: string + - jsonPath: .status.ready + name: Ready + type: string name: v1 schema: openAPIV3Schema: @@ -957,60 +960,11 @@ spec: status: description: Status contains policy runtime data. properties: - averageExecutionTime: - description: AvgExecutionTime is the average time taken to process the policy rules on a resource. - type: string - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission review requests that were blocked by this policy. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources that were generated by this policy. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources that were mutated by this policy. - type: integer - ruleStatus: - description: Rules provides per rule statistics - items: - description: 'RuleStats provides statistics for an individual rule within a policy. Deprecated. Policy metrics are now available via the "/metrics" endpoint. See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/' - properties: - appliedCount: - description: AppliedCount is the total number of times this rule was applied. - type: integer - averageExecutionTime: - description: ExecutionTime is the average time taken to execute this rule. - type: string - failedCount: - description: FailedCount is the total count of policy error results for this rule. - type: integer - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission review requests that were blocked by this rule. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources that were generated by this rule. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources that were mutated by this rule. - type: integer - ruleName: - description: Name is the rule name. - type: string - violationCount: - description: ViolationCount is the total count of policy failure results for this rule. - type: integer - required: - - ruleName - type: object - type: array - rulesAppliedCount: - description: RulesAppliedCount is the total number of times this policy was applied. - type: integer - rulesFailedCount: - description: RulesFailedCount is the total count of policy execution errors for this policy. - type: integer - violationCount: - description: ViolationCount is the total count of policy failure results for this policy. - type: integer + ready: + description: Ready indicates if the policy is ready to serve the admission request + type: boolean + required: + - ready type: object required: - spec @@ -2218,6 +2172,9 @@ spec: - jsonPath: .spec.validationFailureAction name: Action type: string + - jsonPath: .status.ready + name: Ready + type: string name: v1 schema: openAPIV3Schema: @@ -3144,60 +3101,11 @@ spec: status: description: Status contains policy runtime information. Deprecated. Policy metrics are available via the metrics endpoint properties: - averageExecutionTime: - description: AvgExecutionTime is the average time taken to process the policy rules on a resource. - type: string - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission review requests that were blocked by this policy. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources that were generated by this policy. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources that were mutated by this policy. - type: integer - ruleStatus: - description: Rules provides per rule statistics - items: - description: 'RuleStats provides statistics for an individual rule within a policy. Deprecated. Policy metrics are now available via the "/metrics" endpoint. See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/' - properties: - appliedCount: - description: AppliedCount is the total number of times this rule was applied. - type: integer - averageExecutionTime: - description: ExecutionTime is the average time taken to execute this rule. - type: string - failedCount: - description: FailedCount is the total count of policy error results for this rule. - type: integer - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission review requests that were blocked by this rule. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources that were generated by this rule. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources that were mutated by this rule. - type: integer - ruleName: - description: Name is the rule name. - type: string - violationCount: - description: ViolationCount is the total count of policy failure results for this rule. - type: integer - required: - - ruleName - type: object - type: array - rulesAppliedCount: - description: RulesAppliedCount is the total number of times this policy was applied. - type: integer - rulesFailedCount: - description: RulesFailedCount is the total count of policy execution errors for this policy. - type: integer - violationCount: - description: ViolationCount is the total count of policy failure results for this policy. - type: integer + ready: + description: Ready indicates if the policy is ready to serve the admission request + type: boolean + required: + - ready type: object required: - spec diff --git a/definitions/crds/kyverno.io_clusterpolicies.yaml b/definitions/crds/kyverno.io_clusterpolicies.yaml index 40f1361471..ef97738723 100644 --- a/definitions/crds/kyverno.io_clusterpolicies.yaml +++ b/definitions/crds/kyverno.io_clusterpolicies.yaml @@ -25,6 +25,9 @@ spec: - jsonPath: .spec.validationFailureAction name: Action type: string + - jsonPath: .status.ready + name: Ready + type: string name: v1 schema: openAPIV3Schema: @@ -1539,76 +1542,12 @@ spec: status: description: Status contains policy runtime data. properties: - averageExecutionTime: - description: AvgExecutionTime is the average time taken to process - the policy rules on a resource. - type: string - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission - review requests that were blocked by this policy. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources - that were generated by this policy. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources - that were mutated by this policy. - type: integer - ruleStatus: - description: Rules provides per rule statistics - items: - description: 'RuleStats provides statistics for an individual rule - within a policy. Deprecated. Policy metrics are now available - via the "/metrics" endpoint. See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/' - properties: - appliedCount: - description: AppliedCount is the total number of times this - rule was applied. - type: integer - averageExecutionTime: - description: ExecutionTime is the average time taken to execute - this rule. - type: string - failedCount: - description: FailedCount is the total count of policy error - results for this rule. - type: integer - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission - review requests that were blocked by this rule. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources - that were generated by this rule. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources - that were mutated by this rule. - type: integer - ruleName: - description: Name is the rule name. - type: string - violationCount: - description: ViolationCount is the total count of policy failure - results for this rule. - type: integer - required: - - ruleName - type: object - type: array - rulesAppliedCount: - description: RulesAppliedCount is the total number of times this policy - was applied. - type: integer - rulesFailedCount: - description: RulesFailedCount is the total count of policy execution - errors for this policy. - type: integer - violationCount: - description: ViolationCount is the total count of policy failure results - for this policy. - type: integer + ready: + description: Ready indicates if the policy is ready to serve the admission + request + type: boolean + required: + - ready type: object required: - spec diff --git a/definitions/crds/kyverno.io_policies.yaml b/definitions/crds/kyverno.io_policies.yaml index db764439f7..d19eea8917 100644 --- a/definitions/crds/kyverno.io_policies.yaml +++ b/definitions/crds/kyverno.io_policies.yaml @@ -25,6 +25,9 @@ spec: - jsonPath: .spec.validationFailureAction name: Action type: string + - jsonPath: .status.ready + name: Ready + type: string name: v1 schema: openAPIV3Schema: @@ -1541,76 +1544,12 @@ spec: description: Status contains policy runtime information. Deprecated. Policy metrics are available via the metrics endpoint properties: - averageExecutionTime: - description: AvgExecutionTime is the average time taken to process - the policy rules on a resource. - type: string - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission - review requests that were blocked by this policy. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources - that were generated by this policy. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources - that were mutated by this policy. - type: integer - ruleStatus: - description: Rules provides per rule statistics - items: - description: 'RuleStats provides statistics for an individual rule - within a policy. Deprecated. Policy metrics are now available - via the "/metrics" endpoint. See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/' - properties: - appliedCount: - description: AppliedCount is the total number of times this - rule was applied. - type: integer - averageExecutionTime: - description: ExecutionTime is the average time taken to execute - this rule. - type: string - failedCount: - description: FailedCount is the total count of policy error - results for this rule. - type: integer - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission - review requests that were blocked by this rule. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources - that were generated by this rule. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources - that were mutated by this rule. - type: integer - ruleName: - description: Name is the rule name. - type: string - violationCount: - description: ViolationCount is the total count of policy failure - results for this rule. - type: integer - required: - - ruleName - type: object - type: array - rulesAppliedCount: - description: RulesAppliedCount is the total number of times this policy - was applied. - type: integer - rulesFailedCount: - description: RulesFailedCount is the total count of policy execution - errors for this policy. - type: integer - violationCount: - description: ViolationCount is the total count of policy failure results - for this policy. - type: integer + ready: + description: Ready indicates if the policy is ready to serve the admission + request + type: boolean + required: + - ready type: object required: - spec diff --git a/definitions/install.yaml b/definitions/install.yaml index d73e930b57..090e7b3955 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -43,6 +43,9 @@ spec: - jsonPath: .spec.validationFailureAction name: Action type: string + - jsonPath: .status.ready + name: Ready + type: string name: v1 schema: openAPIV3Schema: @@ -1557,76 +1560,12 @@ spec: status: description: Status contains policy runtime data. properties: - averageExecutionTime: - description: AvgExecutionTime is the average time taken to process - the policy rules on a resource. - type: string - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission - review requests that were blocked by this policy. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources - that were generated by this policy. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources - that were mutated by this policy. - type: integer - ruleStatus: - description: Rules provides per rule statistics - items: - description: 'RuleStats provides statistics for an individual rule - within a policy. Deprecated. Policy metrics are now available - via the "/metrics" endpoint. See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/' - properties: - appliedCount: - description: AppliedCount is the total number of times this - rule was applied. - type: integer - averageExecutionTime: - description: ExecutionTime is the average time taken to execute - this rule. - type: string - failedCount: - description: FailedCount is the total count of policy error - results for this rule. - type: integer - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission - review requests that were blocked by this rule. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources - that were generated by this rule. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources - that were mutated by this rule. - type: integer - ruleName: - description: Name is the rule name. - type: string - violationCount: - description: ViolationCount is the total count of policy failure - results for this rule. - type: integer - required: - - ruleName - type: object - type: array - rulesAppliedCount: - description: RulesAppliedCount is the total number of times this policy - was applied. - type: integer - rulesFailedCount: - description: RulesFailedCount is the total count of policy execution - errors for this policy. - type: integer - violationCount: - description: ViolationCount is the total count of policy failure results - for this policy. - type: integer + ready: + description: Ready indicates if the policy is ready to serve the admission + request + type: boolean + required: + - ready type: object required: - spec @@ -3223,6 +3162,9 @@ spec: - jsonPath: .spec.validationFailureAction name: Action type: string + - jsonPath: .status.ready + name: Ready + type: string name: v1 schema: openAPIV3Schema: @@ -4739,76 +4681,12 @@ spec: description: Status contains policy runtime information. Deprecated. Policy metrics are available via the metrics endpoint properties: - averageExecutionTime: - description: AvgExecutionTime is the average time taken to process - the policy rules on a resource. - type: string - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission - review requests that were blocked by this policy. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources - that were generated by this policy. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources - that were mutated by this policy. - type: integer - ruleStatus: - description: Rules provides per rule statistics - items: - description: 'RuleStats provides statistics for an individual rule - within a policy. Deprecated. Policy metrics are now available - via the "/metrics" endpoint. See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/' - properties: - appliedCount: - description: AppliedCount is the total number of times this - rule was applied. - type: integer - averageExecutionTime: - description: ExecutionTime is the average time taken to execute - this rule. - type: string - failedCount: - description: FailedCount is the total count of policy error - results for this rule. - type: integer - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission - review requests that were blocked by this rule. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources - that were generated by this rule. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources - that were mutated by this rule. - type: integer - ruleName: - description: Name is the rule name. - type: string - violationCount: - description: ViolationCount is the total count of policy failure - results for this rule. - type: integer - required: - - ruleName - type: object - type: array - rulesAppliedCount: - description: RulesAppliedCount is the total number of times this policy - was applied. - type: integer - rulesFailedCount: - description: RulesFailedCount is the total count of policy execution - errors for this policy. - type: integer - violationCount: - description: ViolationCount is the total count of policy failure results - for this policy. - type: integer + ready: + description: Ready indicates if the policy is ready to serve the admission + request + type: boolean + required: + - ready type: object required: - spec diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml index 2018131448..07980ca2e8 100755 --- a/definitions/install_debug.yaml +++ b/definitions/install_debug.yaml @@ -30,6 +30,9 @@ spec: - jsonPath: .spec.validationFailureAction name: Action type: string + - jsonPath: .status.ready + name: Ready + type: string name: v1 schema: openAPIV3Schema: @@ -1544,76 +1547,12 @@ spec: status: description: Status contains policy runtime data. properties: - averageExecutionTime: - description: AvgExecutionTime is the average time taken to process - the policy rules on a resource. - type: string - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission - review requests that were blocked by this policy. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources - that were generated by this policy. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources - that were mutated by this policy. - type: integer - ruleStatus: - description: Rules provides per rule statistics - items: - description: 'RuleStats provides statistics for an individual rule - within a policy. Deprecated. Policy metrics are now available - via the "/metrics" endpoint. See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/' - properties: - appliedCount: - description: AppliedCount is the total number of times this - rule was applied. - type: integer - averageExecutionTime: - description: ExecutionTime is the average time taken to execute - this rule. - type: string - failedCount: - description: FailedCount is the total count of policy error - results for this rule. - type: integer - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission - review requests that were blocked by this rule. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources - that were generated by this rule. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources - that were mutated by this rule. - type: integer - ruleName: - description: Name is the rule name. - type: string - violationCount: - description: ViolationCount is the total count of policy failure - results for this rule. - type: integer - required: - - ruleName - type: object - type: array - rulesAppliedCount: - description: RulesAppliedCount is the total number of times this policy - was applied. - type: integer - rulesFailedCount: - description: RulesFailedCount is the total count of policy execution - errors for this policy. - type: integer - violationCount: - description: ViolationCount is the total count of policy failure results - for this policy. - type: integer + ready: + description: Ready indicates if the policy is ready to serve the admission + request + type: boolean + required: + - ready type: object required: - spec @@ -3182,6 +3121,9 @@ spec: - jsonPath: .spec.validationFailureAction name: Action type: string + - jsonPath: .status.ready + name: Ready + type: string name: v1 schema: openAPIV3Schema: @@ -4698,76 +4640,12 @@ spec: description: Status contains policy runtime information. Deprecated. Policy metrics are available via the metrics endpoint properties: - averageExecutionTime: - description: AvgExecutionTime is the average time taken to process - the policy rules on a resource. - type: string - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission - review requests that were blocked by this policy. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources - that were generated by this policy. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources - that were mutated by this policy. - type: integer - ruleStatus: - description: Rules provides per rule statistics - items: - description: 'RuleStats provides statistics for an individual rule - within a policy. Deprecated. Policy metrics are now available - via the "/metrics" endpoint. See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/' - properties: - appliedCount: - description: AppliedCount is the total number of times this - rule was applied. - type: integer - averageExecutionTime: - description: ExecutionTime is the average time taken to execute - this rule. - type: string - failedCount: - description: FailedCount is the total count of policy error - results for this rule. - type: integer - resourcesBlockedCount: - description: ResourcesBlockedCount is the total count of admission - review requests that were blocked by this rule. - type: integer - resourcesGeneratedCount: - description: ResourcesGeneratedCount is the total count of resources - that were generated by this rule. - type: integer - resourcesMutatedCount: - description: ResourcesMutatedCount is the total count of resources - that were mutated by this rule. - type: integer - ruleName: - description: Name is the rule name. - type: string - violationCount: - description: ViolationCount is the total count of policy failure - results for this rule. - type: integer - required: - - ruleName - type: object - type: array - rulesAppliedCount: - description: RulesAppliedCount is the total number of times this policy - was applied. - type: integer - rulesFailedCount: - description: RulesFailedCount is the total count of policy execution - errors for this policy. - type: integer - violationCount: - description: ViolationCount is the total count of policy failure results - for this policy. - type: integer + ready: + description: Ready indicates if the policy is ready to serve the admission + request + type: boolean + required: + - ready type: object required: - spec diff --git a/pkg/api/kyverno/v1/clusterpolicy_types.go b/pkg/api/kyverno/v1/clusterpolicy_types.go index a2b07f4fef..68d53b2a85 100644 --- a/pkg/api/kyverno/v1/clusterpolicy_types.go +++ b/pkg/api/kyverno/v1/clusterpolicy_types.go @@ -13,6 +13,7 @@ import ( // +kubebuilder:resource:path=clusterpolicies,scope="Cluster",shortName=cpol // +kubebuilder:printcolumn:name="Background",type="string",JSONPath=".spec.background" // +kubebuilder:printcolumn:name="Action",type="string",JSONPath=".spec.validationFailureAction" +// +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.ready` type ClusterPolicy struct { metav1.TypeMeta `json:",inline,omitempty" yaml:",inline,omitempty"` metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"` diff --git a/pkg/api/kyverno/v1/policy_types.go b/pkg/api/kyverno/v1/policy_types.go index 919a6c7fa4..98eecc6612 100755 --- a/pkg/api/kyverno/v1/policy_types.go +++ b/pkg/api/kyverno/v1/policy_types.go @@ -22,6 +22,7 @@ type PolicyList struct { // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name="Background",type="string",JSONPath=".spec.background" // +kubebuilder:printcolumn:name="Action",type="string",JSONPath=".spec.validationFailureAction" +// +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.ready` // +kubebuilder:resource:shortName=pol type Policy struct { metav1.TypeMeta `json:",inline,omitempty" yaml:",inline,omitempty"` @@ -484,73 +485,8 @@ type CloneFrom struct { // Deprecated. Policy metrics are now available via the "/metrics" endpoint. // See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/ type PolicyStatus struct { - // AvgExecutionTime is the average time taken to process the policy rules on a resource. - // +optional - AvgExecutionTime string `json:"averageExecutionTime,omitempty" yaml:"averageExecutionTime,omitempty"` - - // ViolationCount is the total count of policy failure results for this policy. - // +optional - ViolationCount int `json:"violationCount,omitempty" yaml:"violationCount,omitempty"` - - // RulesFailedCount is the total count of policy execution errors for this policy. - // +optional - RulesFailedCount int `json:"rulesFailedCount,omitempty" yaml:"rulesFailedCount,omitempty"` - - // RulesAppliedCount is the total number of times this policy was applied. - // +optional - RulesAppliedCount int `json:"rulesAppliedCount,omitempty" yaml:"rulesAppliedCount,omitempty"` - - // ResourcesBlockedCount is the total count of admission review requests that were blocked by this policy. - // +optional - ResourcesBlockedCount int `json:"resourcesBlockedCount,omitempty" yaml:"resourcesBlockedCount,omitempty"` - - // ResourcesMutatedCount is the total count of resources that were mutated by this policy. - // +optional - ResourcesMutatedCount int `json:"resourcesMutatedCount,omitempty" yaml:"resourcesMutatedCount,omitempty"` - - // ResourcesGeneratedCount is the total count of resources that were generated by this policy. - // +optional - ResourcesGeneratedCount int `json:"resourcesGeneratedCount,omitempty" yaml:"resourcesGeneratedCount,omitempty"` - - // Rules provides per rule statistics - // +optional - Rules []RuleStats `json:"ruleStatus,omitempty" yaml:"ruleStatus,omitempty"` -} - -// RuleStats provides statistics for an individual rule within a policy. -// Deprecated. Policy metrics are now available via the "/metrics" endpoint. -// See: https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/ -type RuleStats struct { - // Name is the rule name. - Name string `json:"ruleName" yaml:"ruleName"` - - // ExecutionTime is the average time taken to execute this rule. - // +optional - ExecutionTime string `json:"averageExecutionTime,omitempty" yaml:"averageExecutionTime,omitempty"` - - // ViolationCount is the total count of policy failure results for this rule. - // +optional - ViolationCount int `json:"violationCount,omitempty" yaml:"violationCount,omitempty"` - - // FailedCount is the total count of policy error results for this rule. - // +optional - FailedCount int `json:"failedCount,omitempty" yaml:"failedCount,omitempty"` - - // AppliedCount is the total number of times this rule was applied. - // +optional - AppliedCount int `json:"appliedCount,omitempty" yaml:"appliedCount,omitempty"` - - // ResourcesBlockedCount is the total count of admission review requests that were blocked by this rule. - // +optional - ResourcesBlockedCount int `json:"resourcesBlockedCount,omitempty" yaml:"resourcesBlockedCount,omitempty"` - - // ResourcesMutatedCount is the total count of resources that were mutated by this rule. - // +optional - ResourcesMutatedCount int `json:"resourcesMutatedCount,omitempty" yaml:"resourcesMutatedCount,omitempty"` - - // ResourcesGeneratedCount is the total count of resources that were generated by this rule. - // +optional - ResourcesGeneratedCount int `json:"resourcesGeneratedCount,omitempty" yaml:"resourcesGeneratedCount,omitempty"` + // Ready indicates if the policy is ready to serve the admission request + Ready bool `json:"ready" yaml:"ready"` } // ResourceSpec contains information to identify a resource. diff --git a/pkg/api/kyverno/v1/zz_generated.deepcopy.go b/pkg/api/kyverno/v1/zz_generated.deepcopy.go index 1a2ff2787b..063431ff50 100755 --- a/pkg/api/kyverno/v1/zz_generated.deepcopy.go +++ b/pkg/api/kyverno/v1/zz_generated.deepcopy.go @@ -1,3 +1,4 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated /* @@ -94,7 +95,7 @@ func (in *ClusterPolicy) DeepCopyInto(out *ClusterPolicy) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + out.Status = in.Status return } @@ -214,6 +215,20 @@ func (in *Deny) DeepCopy() *Deny { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ExcludeResources) DeepCopyInto(out *ExcludeResources) { *out = *in + if in.Any != nil { + in, out := &in.Any, &out.Any + *out = make(ResourceFilters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.All != nil { + in, out := &in.All, &out.All + *out = make(ResourceFilters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } in.UserInfo.DeepCopyInto(&out.UserInfo) in.ResourceDescription.DeepCopyInto(&out.ResourceDescription) return @@ -375,6 +390,20 @@ func (in *ImageVerification) DeepCopy() *ImageVerification { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MatchResources) DeepCopyInto(out *MatchResources) { *out = *in + if in.Any != nil { + in, out := &in.Any, &out.Any + *out = make(ResourceFilters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.All != nil { + in, out := &in.All, &out.All + *out = make(ResourceFilters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } in.UserInfo.DeepCopyInto(&out.UserInfo) in.ResourceDescription.DeepCopyInto(&out.ResourceDescription) return @@ -406,7 +435,7 @@ func (in *Policy) DeepCopyInto(out *Policy) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + out.Status = in.Status return } @@ -464,11 +493,6 @@ func (in *PolicyList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus) { *out = *in - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]RuleStats, len(*in)) - copy(*out, *in) - } return } @@ -557,6 +581,46 @@ func (in *ResourceDescription) DeepCopy() *ResourceDescription { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ResourceFilter) DeepCopyInto(out *ResourceFilter) { + *out = *in + in.UserInfo.DeepCopyInto(&out.UserInfo) + in.ResourceDescription.DeepCopyInto(&out.ResourceDescription) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceFilter. +func (in *ResourceFilter) DeepCopy() *ResourceFilter { + if in == nil { + return nil + } + out := new(ResourceFilter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ResourceFilters) DeepCopyInto(out *ResourceFilters) { + { + in := &in + *out = make(ResourceFilters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceFilters. +func (in ResourceFilters) DeepCopy() ResourceFilters { + if in == nil { + return nil + } + out := new(ResourceFilters) + in.DeepCopyInto(out) + return *out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResourceSpec) DeepCopyInto(out *ResourceSpec) { *out = *in @@ -583,22 +647,6 @@ func (in *Rule) DeepCopy() *Rule { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RuleStats) DeepCopyInto(out *RuleStats) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleStats. -func (in *RuleStats) DeepCopy() *RuleStats { - if in == nil { - return nil - } - out := new(RuleStats) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Spec) DeepCopyInto(out *Spec) { *out = *in @@ -614,6 +662,11 @@ func (in *Spec) DeepCopyInto(out *Spec) { *out = new(bool) **out = **in } + if in.SchemaValidation != nil { + in, out := &in.SchemaValidation, &out.SchemaValidation + *out = new(bool) + **out = **in + } return } diff --git a/pkg/api/kyverno/v1alpha2/zz_generated.deepcopy.go b/pkg/api/kyverno/v1alpha2/zz_generated.deepcopy.go index ed2a1e15f3..2fbd8752e7 100644 --- a/pkg/api/kyverno/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/api/kyverno/v1alpha2/zz_generated.deepcopy.go @@ -1,3 +1,4 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated /* diff --git a/pkg/api/policyreport/v1alpha2/zz_generated.deepcopy.go b/pkg/api/policyreport/v1alpha2/zz_generated.deepcopy.go index f153b0739c..606e3d48c7 100644 --- a/pkg/api/policyreport/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/api/policyreport/v1alpha2/zz_generated.deepcopy.go @@ -1,3 +1,4 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated /*