mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
137 lines
4.4 KiB
Go
137 lines
4.4 KiB
Go
/*
|
|
Copyright 2020 The Kubernetes authors.
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package v1alpha2
|
|
|
|
import (
|
|
"encoding/json"
|
|
|
|
corev1 "k8s.io/api/core/v1"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
)
|
|
|
|
// Status specifies state of a policy result
|
|
const (
|
|
StatusPass PolicyResult = "pass"
|
|
StatusFail PolicyResult = "fail"
|
|
StatusWarn PolicyResult = "warn"
|
|
StatusError PolicyResult = "error"
|
|
StatusSkip PolicyResult = "skip"
|
|
)
|
|
|
|
// Severity specifies priority of a policy result
|
|
const (
|
|
SeverityCritical PolicySeverity = "critical"
|
|
SeverityHigh PolicySeverity = "high"
|
|
SeverityMedium PolicySeverity = "medium"
|
|
SeverityLow PolicySeverity = "low"
|
|
SeverityInfo PolicySeverity = "info"
|
|
)
|
|
|
|
// PolicyReportSummary provides a status count summary
|
|
type PolicyReportSummary struct {
|
|
// Pass provides the count of policies whose requirements were met
|
|
// +optional
|
|
Pass int `json:"pass"`
|
|
|
|
// Fail provides the count of policies whose requirements were not met
|
|
// +optional
|
|
Fail int `json:"fail"`
|
|
|
|
// Warn provides the count of non-scored policies whose requirements were not met
|
|
// +optional
|
|
Warn int `json:"warn"`
|
|
|
|
// Error provides the count of policies that could not be evaluated
|
|
// +optional
|
|
Error int `json:"error"`
|
|
|
|
// Skip indicates the count of policies that were not selected for evaluation
|
|
// +optional
|
|
Skip int `json:"skip"`
|
|
}
|
|
|
|
func (prs PolicyReportSummary) ToMap() map[string]interface{} {
|
|
b, _ := json.Marshal(&prs)
|
|
var m map[string]interface{}
|
|
_ = json.Unmarshal(b, &m)
|
|
return m
|
|
}
|
|
|
|
// +kubebuilder:validation:Enum=pass;fail;warn;error;skip
|
|
|
|
// PolicyResult has one of the following values:
|
|
// - pass: indicates that the policy requirements are met
|
|
// - fail: indicates that the policy requirements are not met
|
|
// - warn: indicates that the policy requirements and not met, and the policy is not scored
|
|
// - error: indicates that the policy could not be evaluated
|
|
// - skip: indicates that the policy was not selected based on user inputs or applicability
|
|
type PolicyResult string
|
|
|
|
// +kubebuilder:validation:Enum=critical;high;low;medium;info
|
|
|
|
// PolicySeverity has one of the following values:
|
|
// - critical
|
|
// - high
|
|
// - low
|
|
// - medium
|
|
// - info
|
|
type PolicySeverity string
|
|
|
|
// PolicyReportResult provides the result for an individual policy
|
|
type PolicyReportResult struct {
|
|
// Source is an identifier for the policy engine that manages this report
|
|
// +optional
|
|
Source string `json:"source"`
|
|
|
|
// Policy is the name or identifier of the policy
|
|
Policy string `json:"policy"`
|
|
|
|
// Rule is the name or identifier of the rule within the policy
|
|
// +optional
|
|
Rule string `json:"rule,omitempty"`
|
|
|
|
// Subjects is an optional reference to the checked Kubernetes resources
|
|
// +optional
|
|
Resources []corev1.ObjectReference `json:"resources,omitempty"`
|
|
|
|
// SubjectSelector is an optional label selector for checked Kubernetes resources.
|
|
// For example, a policy result may apply to all pods that match a label.
|
|
// Either a Subject or a SubjectSelector can be specified.
|
|
// If neither are provided, the result is assumed to be for the policy report scope.
|
|
// +optional
|
|
ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"`
|
|
|
|
// Description is a short user friendly message for the policy rule
|
|
Message string `json:"message,omitempty"`
|
|
|
|
// Result indicates the outcome of the policy rule execution
|
|
Result PolicyResult `json:"result,omitempty"`
|
|
|
|
// Scored indicates if this result is scored
|
|
Scored bool `json:"scored,omitempty"`
|
|
|
|
// Properties provides additional information for the policy rule
|
|
Properties map[string]string `json:"properties,omitempty"`
|
|
|
|
// Timestamp indicates the time the result was found
|
|
Timestamp metav1.Timestamp `json:"timestamp,omitempty"`
|
|
|
|
// Category indicates policy category
|
|
// +optional
|
|
Category string `json:"category,omitempty"`
|
|
|
|
// Severity indicates policy check result criticality
|
|
// +optional
|
|
Severity PolicySeverity `json:"severity,omitempty"`
|
|
}
|