diff --git a/api/policyreport/v1alpha2/clusterpolicyreport_types.go b/api/policyreport/v1alpha2/clusterpolicyreport_types.go index ad0ba4ce74..d4a17cd30e 100755 --- a/api/policyreport/v1alpha2/clusterpolicyreport_types.go +++ b/api/policyreport/v1alpha2/clusterpolicyreport_types.go @@ -21,9 +21,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +genclient:nonNamespaced diff --git a/api/policyreport/v1alpha2/common.go b/api/policyreport/v1alpha2/common.go new file mode 100644 index 0000000000..0716d2dd6e --- /dev/null +++ b/api/policyreport/v1alpha2/common.go @@ -0,0 +1,136 @@ +/* +Copyright 2020 The Kubernetes authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha2 + +import ( + "encoding/json" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// Status specifies state of a policy result +const ( + StatusPass = "pass" + StatusFail = "fail" + StatusWarn = "warn" + StatusError = "error" + StatusSkip = "skip" +) + +// Severity specifies priority of a policy result +const ( + SeverityCritical = "critical" + SeverityHigh = "high" + SeverityMedium = "medium" + SeverityLow = "low" + SeverityInfo = "info" +) + +// PolicyReportSummary provides a status count summary +type PolicyReportSummary struct { + // Pass provides the count of policies whose requirements were met + // +optional + Pass int `json:"pass"` + + // Fail provides the count of policies whose requirements were not met + // +optional + Fail int `json:"fail"` + + // Warn provides the count of non-scored policies whose requirements were not met + // +optional + Warn int `json:"warn"` + + // Error provides the count of policies that could not be evaluated + // +optional + Error int `json:"error"` + + // Skip indicates the count of policies that were not selected for evaluation + // +optional + Skip int `json:"skip"` +} + +func (prs PolicyReportSummary) ToMap() map[string]interface{} { + b, _ := json.Marshal(&prs) + var m map[string]interface{} + _ = json.Unmarshal(b, &m) + return m +} + +// PolicyResult has one of the following values: +// - pass: indicates that the policy requirements are met +// - fail: indicates that the policy requirements are not met +// - warn: indicates that the policy requirements and not met, and the policy is not scored +// - error: indicates that the policy could not be evaluated +// - skip: indicates that the policy was not selected based on user inputs or applicability +// +// +kubebuilder:validation:Enum=pass;fail;warn;error;skip +type PolicyResult string + +// PolicySeverity has one of the following values: +// - critical +// - high +// - low +// - medium +// - info +// +kubebuilder:validation:Enum=critical;high;low;medium;info +type PolicySeverity string + +// PolicyReportResult provides the result for an individual policy +type PolicyReportResult struct { + // Source is an identifier for the policy engine that manages this report + // +optional + Source string `json:"source"` + + // Policy is the name or identifier of the policy + Policy string `json:"policy"` + + // Rule is the name or identifier of the rule within the policy + // +optional + Rule string `json:"rule,omitempty"` + + // Subjects is an optional reference to the checked Kubernetes resources + // +optional + Resources []corev1.ObjectReference `json:"resources,omitempty"` + + // SubjectSelector is an optional label selector for checked Kubernetes resources. + // For example, a policy result may apply to all pods that match a label. + // Either a Subject or a SubjectSelector can be specified. + // If neither are provided, the result is assumed to be for the policy report scope. + // +optional + ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"` + + // Description is a short user friendly message for the policy rule + Message string `json:"message,omitempty"` + + // Result indicates the outcome of the policy rule execution + Result PolicyResult `json:"result,omitempty"` + + // Scored indicates if this result is scored + Scored bool `json:"scored,omitempty"` + + // Properties provides additional information for the policy rule + Properties map[string]string `json:"properties,omitempty"` + + // Timestamp indicates the time the result was found + Timestamp metav1.Timestamp `json:"timestamp,omitempty"` + + // Category indicates policy category + // +optional + Category string `json:"category,omitempty"` + + // Severity indicates policy check result criticality + // +optional + Severity PolicySeverity `json:"severity,omitempty"` +} diff --git a/api/policyreport/v1alpha2/policyreport_types.go b/api/policyreport/v1alpha2/policyreport_types.go index 90da7f7f0d..ff7da67a08 100644 --- a/api/policyreport/v1alpha2/policyreport_types.go +++ b/api/policyreport/v1alpha2/policyreport_types.go @@ -14,130 +14,10 @@ limitations under the License. package v1alpha2 import ( - "encoding/json" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -// Status specifies state of a policy result -const ( - StatusPass = "pass" - StatusFail = "fail" - StatusWarn = "warn" - StatusError = "error" - StatusSkip = "skip" -) - -// Severity specifies priority of a policy result -const ( - SeverityCritical = "critical" - SeverityHigh = "high" - SeverityMedium = "medium" - SeverityLow = "low" - SeverityInfo = "info" -) - -// PolicyReportSummary provides a status count summary -type PolicyReportSummary struct { - // Pass provides the count of policies whose requirements were met - // +optional - Pass int `json:"pass"` - - // Fail provides the count of policies whose requirements were not met - // +optional - Fail int `json:"fail"` - - // Warn provides the count of non-scored policies whose requirements were not met - // +optional - Warn int `json:"warn"` - - // Error provides the count of policies that could not be evaluated - // +optional - Error int `json:"error"` - - // Skip indicates the count of policies that were not selected for evaluation - // +optional - Skip int `json:"skip"` -} - -func (prs PolicyReportSummary) ToMap() map[string]interface{} { - b, _ := json.Marshal(&prs) - var m map[string]interface{} - _ = json.Unmarshal(b, &m) - return m -} - -// PolicyResult has one of the following values: -// - pass: indicates that the policy requirements are met -// - fail: indicates that the policy requirements are not met -// - warn: indicates that the policy requirements and not met, and the policy is not scored -// - error: indicates that the policy could not be evaluated -// - skip: indicates that the policy was not selected based on user inputs or applicability -// -// +kubebuilder:validation:Enum=pass;fail;warn;error;skip -type PolicyResult string - -// PolicySeverity has one of the following values: -// - critical -// - high -// - low -// - medium -// - info -// +kubebuilder:validation:Enum=critical;high;low;medium;info -type PolicySeverity string - -// PolicyReportResult provides the result for an individual policy -type PolicyReportResult struct { - // Source is an identifier for the policy engine that manages this report - // +optional - Source string `json:"source"` - - // Policy is the name or identifier of the policy - Policy string `json:"policy"` - - // Rule is the name or identifier of the rule within the policy - // +optional - Rule string `json:"rule,omitempty"` - - // Subjects is an optional reference to the checked Kubernetes resources - // +optional - Resources []corev1.ObjectReference `json:"resources,omitempty"` - - // SubjectSelector is an optional label selector for checked Kubernetes resources. - // For example, a policy result may apply to all pods that match a label. - // Either a Subject or a SubjectSelector can be specified. - // If neither are provided, the result is assumed to be for the policy report scope. - // +optional - ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"` - - // Description is a short user friendly message for the policy rule - Message string `json:"message,omitempty"` - - // Result indicates the outcome of the policy rule execution - Result PolicyResult `json:"result,omitempty"` - - // Scored indicates if this result is scored - Scored bool `json:"scored,omitempty"` - - // Properties provides additional information for the policy rule - Properties map[string]string `json:"properties,omitempty"` - - // Timestamp indicates the time the result was found - Timestamp metav1.Timestamp `json:"timestamp,omitempty"` - - // Category indicates policy category - // +optional - Category string `json:"category,omitempty"` - - // Severity indicates policy check result criticality - // +optional - Severity PolicySeverity `json:"severity,omitempty"` -} - // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true