├── .gitignore ├── Makefile ├── README.md ├── apis └── openreports.io │ └── v1alpha1 │ ├── clusterreport_types.go │ ├── doc.go │ ├── groupversion_info.go │ ├── report_types.go │ └── zz_generated.deepcopy.go ├── crd └── openreports.io │ └── v1alpha1 │ ├── openreports.io_clusterreports.yaml │ └── openreports.io_reports.yaml ├── docs ├── api-docs.md └── config.yaml ├── go.mod ├── go.sum ├── hack ├── boilerplate.go.txt ├── codegen.go └── update-codegen.sh ├── pkg └── client │ ├── clientset │ └── versioned │ │ ├── clientset.go │ │ ├── fake │ │ ├── clientset_generated.go │ │ ├── doc.go │ │ └── register.go │ │ ├── scheme │ │ ├── doc.go │ │ └── register.go │ │ └── typed │ │ └── openreports.io │ │ └── v1alpha1 │ │ ├── clusterreport.go │ │ ├── doc.go │ │ ├── fake │ │ ├── doc.go │ │ ├── fake_clusterreport.go │ │ ├── fake_openreports.io_client.go │ │ └── fake_report.go │ │ ├── generated_expansion.go │ │ ├── openreports.io_client.go │ │ └── report.go │ ├── informers │ └── externalversions │ │ ├── factory.go │ │ ├── generic.go │ │ ├── internalinterfaces │ │ └── factory_interfaces.go │ │ └── openreports.io │ │ ├── interface.go │ │ └── v1alpha1 │ │ ├── clusterreport.go │ │ ├── interface.go │ │ └── report.go │ └── listers │ └── openreports.io │ └── v1alpha1 │ ├── clusterreport.go │ ├── expansion_generated.go │ └── report.go └── samples ├── sample-cis-k8s.yaml ├── sample-co.yaml ├── sample-falco-policy.yaml ├── sample-rhacm-policy.yaml ├── sample-v1beta1-kyverno.yaml └── sample-v1beta2-kyverno.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | GO_CMD ?= go 2 | 3 | PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST)))) 4 | 5 | # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) 6 | ifeq (,$(shell go env GOBIN)) 7 | GOBIN=$(shell go env GOPATH)/bin 8 | else 9 | GOBIN=$(shell go env GOBIN) 10 | endif 11 | 12 | ## Location to install dependencies to 13 | LOCALBIN ?= $(shell pwd)/bin 14 | $(LOCALBIN): 15 | mkdir -p $(LOCALBIN) 16 | 17 | CONTROLLER_TOOLS_VERSION ?= v0.14.0 18 | CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen 19 | GEN_CRD_API_REFERENCE_DOCS ?= $(LOCALBIN)/crd-ref-docs 20 | GEN_CRD_API_REFERENCE_DOCS_VERSION ?= latest 21 | 22 | all: code-generator manifests generate generate-api-docs generate-client build fmt vet 23 | 24 | .PHONY: manifests 25 | manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. 26 | $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./apis/openreports.io/v1alpha1" output:crd:artifacts:config=crd/openreports.io/v1alpha1 27 | 28 | .PHONY: generate 29 | generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. 30 | $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./apis/..." 31 | 32 | .PHONY: generate-client 33 | generate-client: 34 | ./hack/update-codegen.sh 35 | 36 | 37 | # Run go build against code 38 | build: 39 | go build ./... 40 | 41 | # Run go fmt against code 42 | fmt: 43 | go fmt ./... 44 | 45 | # Run go vet against code 46 | vet: 47 | go vet ./... 48 | 49 | .PHONY: controller-gen 50 | controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. 51 | $(CONTROLLER_GEN): $(LOCALBIN) 52 | test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \ 53 | GOBIN=$(LOCALBIN) $(GO_CMD) install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION) 54 | 55 | # Use same code-generator version as k8s.io/api 56 | CODEGEN_VERSION := v0.30.0-rc.2 57 | CODEGEN = $(shell pwd)/bin/code-generator 58 | CODEGEN_ROOT = $(shell $(GO_CMD) env GOMODCACHE)/k8s.io/code-generator@$(CODEGEN_VERSION) 59 | .PHONY: code-generator 60 | code-generator: 61 | @GOBIN=$(PROJECT_DIR)/bin GO111MODULE=on $(GO_CMD) install k8s.io/code-generator/cmd/client-gen@$(CODEGEN_VERSION) 62 | cp -f $(CODEGEN_ROOT)/generate-groups.sh $(PROJECT_DIR)/bin/ 63 | cp -f $(CODEGEN_ROOT)/generate-internal-groups.sh $(PROJECT_DIR)/bin/ 64 | cp -f $(CODEGEN_ROOT)/kube_codegen.sh $(PROJECT_DIR)/bin/ 65 | 66 | # generate-api-docs will create api docs 67 | generate-api-docs: $(GEN_CRD_API_REFERENCE_DOCS) 68 | $(GEN_CRD_API_REFERENCE_DOCS) --source-path=./apis/openreports.io/v1alpha1 --config=./docs/config.yaml --renderer=markdown --output-path=./docs/api-docs.md 69 | 70 | $(GEN_CRD_API_REFERENCE_DOCS): $(LOCALBIN) 71 | $(call go-install-tool,$(GEN_CRD_API_REFERENCE_DOCS),github.com/elastic/crd-ref-docs,$(GEN_CRD_API_REFERENCE_DOCS_VERSION)) 72 | 73 | .PHONY: codegen-api-docs 74 | codegen-api-docs: $(PACKAGE_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) $(GENREF) ## Generate API docs 75 | @echo Generate api docs... >&2 76 | $(GEN_CRD_API_REFERENCE_DOCS) -v=4 \ 77 | -api-dir pkg/api \ 78 | -config docs/config.json \ 79 | -template-dir docs/template \ 80 | -out-file docs/index.html 81 | 82 | # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist 83 | # $1 - target path with name of binary (ideally with version) 84 | # $2 - package url which can be installed 85 | # $3 - specific version of package 86 | define go-install-tool 87 | @[ -f $(1) ] || { \ 88 | set -e; \ 89 | package=$(2)@$(3) ;\ 90 | echo "Downloading $${package}" ;\ 91 | GOBIN=$(LOCALBIN) go install $${package} ;\ 92 | mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ 93 | } 94 | endef 95 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OpenReports API 2 | 3 | The OpenReports API enables uniform reporting of results and findings from policy engines, scanners, or other tooling. 4 | 5 | This repository contains the API specification and Custom Resource Definitions (CRDs). 6 | 7 | ## Concepts 8 | 9 | The API provides a `ClusterReport` and its namespaced variant `Report`. 10 | 11 | Each `Report` contains a set of `results` and a `summary`. Each `result` contains attributes such as the source policy and rule name, severity, timestamp, and the resource. 12 | 13 | ## Reference 14 | 15 | * [API Reference](./docs/api-docs.md) 16 | 17 | ## Demonstration 18 | 19 | Typically the Report API is installed and managed by a [producer](#producers). However, to try out the API in a test cluster you can follow the steps below: 20 | 21 | 1. Add Report API CRDs to your cluster: 22 | 23 | ```sh 24 | kubectl create -f crd/openreports.io/v1alpha1/ 25 | ``` 26 | 2. Create a sample policy report resource: 27 | 28 | ```sh 29 | kubectl create -f samples/sample-cis-k8s.yaml 30 | ``` 31 | 3. View policy report resources: 32 | 33 | ```sh 34 | kubectl get reports 35 | ``` 36 | 37 | ## Implementations 38 | 39 | The following is a list of projects that produce or consume policy reports: 40 | 41 | *(To add your project, please create a [pull request](https://github.com/openreports/reports-api/pulls).)* 42 | 43 | ### Report Producers 44 | 45 | * [Falco](https://github.com/falcosecurity/falcosidekick/blob/master/outputs/policyreport.go) 46 | * [Image Scanner](https://github.com/statnett/image-scanner-operator) 47 | * [jsPolicy](https://github.com/loft-sh/jspolicy/) 48 | * [Kyverno](https://kyverno.io/docs/policy-reports/) 49 | * [Netchecks](https://docs.netchecks.io/) 50 | * [Tracee Adapter](https://github.com/fjogeleit/tracee-polr-adapter) 51 | * [Trivy Operator](https://aquasecurity.github.io/trivy-operator/v0.15.1/tutorials/integrations/policy-reporter/) 52 | * [Kubewarden](https://docs.kubewarden.io/explanations/audit-scanner/policy-reports) 53 | 54 | ### Report Consumers 55 | 56 | * [Fairwinds Insights](https://fairwinds.com/insights) 57 | * [Kyverno Policy Reporter](https://kyverno.github.io/policy-reporter/) 58 | * [Lula](https://github.com/defenseunicorns/lula) 59 | * [Nirmata Control Hub](https://nirmata.com/nirmata-control-hub/) 60 | * [Open Cluster Management](https://open-cluster-management.io/) 61 | 62 | ## Building 63 | 64 | ```sh 65 | make all 66 | ``` 67 | 68 | ## Community, discussion, contribution, and support 69 | 70 | You can reach the maintainers of this project at: 71 | 72 | - [Slack](https://cloud-native.slack.com/archives/C08JH5223A6) 73 | - [GitHub](https://github.com/orgs/openreports/discussions) 74 | 75 | ### Code of conduct 76 | 77 | Participation in the OpenReport community is governed by the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). 78 | 79 | [owners]: https://git.k8s.io/community/contributors/guide/owners.md 80 | [Creative Commons 4.0]: https://git.k8s.io/website/LICENSE 81 | 82 | # Historical References 83 | 84 | See the [Kubernetes Policy Working Group repository](https://github.com/kubernetes-sigs/wg-policy-prototypes/tree/master/policy-report) and the [Policy Reports API proposal](https://docs.google.com/document/d/1nICYLkYS1RE3gJzuHOfHeAC25QIkFZfgymFjgOzMDVw/edit#) for background and details. 85 | 86 | -------------------------------------------------------------------------------- /apis/openreports.io/v1alpha1/clusterreport_types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Kubernetes authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | corev1 "k8s.io/api/core/v1" 21 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 22 | ) 23 | 24 | // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! 25 | // NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. 26 | 27 | // +genclient 28 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 29 | // +genclient:nonNamespaced 30 | // +kubebuilder:storageversion 31 | // +kubebuilder:object:root=true 32 | // +kubebuilder:resource:path=clusterreports,scope="Cluster",shortName=creps 33 | // +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1 34 | // +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1 35 | // +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass` 36 | // +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail` 37 | // +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn` 38 | // +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error` 39 | // +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip` 40 | // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" 41 | 42 | // ClusterReport is the Schema for the ClusterReport API 43 | type ClusterReport struct { 44 | metav1.TypeMeta `json:",inline"` 45 | metav1.ObjectMeta `json:"metadata,omitempty"` 46 | 47 | // Source is an identifier for the source e.g. a policy engine that manages this report. 48 | // Use this field if all the results are produced by a single policy engine. 49 | // If the results are produced by multiple sources e.g. different engines or scanners, 50 | // then use the Source field at the ReportResult level. 51 | // +optional 52 | Source string `json:"source"` 53 | 54 | // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) 55 | // +optional 56 | Scope *corev1.ObjectReference `json:"scope,omitempty"` 57 | 58 | // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). 59 | // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. 60 | // +optional 61 | ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` 62 | 63 | // Configuration is an optional field which can be used to specify 64 | // a contract between Report generators and consumers 65 | // +optional 66 | Configuration *ReportConfiguration `json:"configuration,omitempty"` 67 | 68 | // ReportSummary provides a summary of results 69 | // +optional 70 | Summary ReportSummary `json:"summary,omitempty"` 71 | 72 | // ReportResult provides result details 73 | // +optional 74 | Results []ReportResult `json:"results,omitempty"` 75 | } 76 | 77 | // ClusterReportList contains a list of ClusterReport 78 | // +kubebuilder:object:root=true 79 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 80 | type ClusterReportList struct { 81 | metav1.TypeMeta `json:",inline"` 82 | metav1.ListMeta `json:"metadata,omitempty"` 83 | Items []ClusterReport `json:"items"` 84 | } 85 | 86 | func init() { 87 | SchemeBuilder.Register(&ClusterReport{}, &ClusterReportList{}) 88 | } 89 | -------------------------------------------------------------------------------- /apis/openreports.io/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Kubernetes authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group 18 | // +k8s:deepcopy-gen=package 19 | // +kubebuilder:object:generate=true 20 | // +k8s:openapi-gen=true 21 | // +groupName=openreports.io 22 | package v1alpha1 23 | -------------------------------------------------------------------------------- /apis/openreports.io/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Kubernetes authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group 18 | // +kubebuilder:object:generate=true 19 | // +groupName=openreports.io 20 | package v1alpha1 21 | 22 | import ( 23 | "k8s.io/apimachinery/pkg/runtime/schema" 24 | "sigs.k8s.io/controller-runtime/pkg/scheme" 25 | ) 26 | 27 | // Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group 28 | // +kubebuilder:object:generate=true 29 | // +groupName=openreports.io 30 | var ( 31 | // SchemeGroupVersion is group version used to register these objects 32 | SchemeGroupVersion = schema.GroupVersion{Group: "openreports.io", Version: "v1alpha1"} 33 | 34 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 35 | SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} 36 | 37 | // AddToScheme adds the types in this group-version to the given scheme. 38 | AddToScheme = SchemeBuilder.AddToScheme 39 | ) 40 | 41 | // Kind takes an unqualified kind and returns back a Group qualified GroupKind 42 | func Kind(kind string) schema.GroupKind { 43 | return SchemeGroupVersion.WithKind(kind).GroupKind() 44 | } 45 | 46 | // Resource takes an unqualified resource and returns a Group qualified GroupResource 47 | func Resource(resource string) schema.GroupResource { 48 | return SchemeGroupVersion.WithResource(resource).GroupResource() 49 | } 50 | -------------------------------------------------------------------------------- /apis/openreports.io/v1alpha1/report_types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Kubernetes authors. 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | http://www.apache.org/licenses/LICENSE-2.0 7 | Unless required by applicable law or agreed to in writing, software 8 | distributed under the License is distributed on an "AS IS" BASIS, 9 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | See the License for the specific language governing permissions and 11 | limitations under the License. 12 | */ 13 | 14 | package v1alpha1 15 | 16 | import ( 17 | corev1 "k8s.io/api/core/v1" 18 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 19 | ) 20 | 21 | // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! 22 | // NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. 23 | 24 | // StatusFilter is used by Report generators to write only those reports whose status is specified by the filters 25 | // +kubebuilder:validation:Enum=pass;fail;warn;error;skip 26 | type StatusFilter string 27 | 28 | type Limits struct { 29 | // MaxResults is the maximum number of results contained in the report 30 | // +optional 31 | MaxResults int `json:"maxResults"` 32 | 33 | // StatusFilter indicates that the Report contains only those reports with statuses specified in this list 34 | // +optional 35 | StatusFilter []StatusFilter `json:"statusFilter,omitempty"` 36 | } 37 | 38 | type ReportConfiguration struct { 39 | Limits Limits `json:"limits"` 40 | } 41 | 42 | // ReportSummary provides a status count summary 43 | type ReportSummary struct { 44 | 45 | // Pass provides the count of policies whose requirements were met 46 | // +optional 47 | Pass int `json:"pass"` 48 | 49 | // Fail provides the count of policies whose requirements were not met 50 | // +optional 51 | Fail int `json:"fail"` 52 | 53 | // Warn provides the count of non-scored policies whose requirements were not met 54 | // +optional 55 | Warn int `json:"warn"` 56 | 57 | // Error provides the count of policies that could not be evaluated 58 | // +optional 59 | Error int `json:"error"` 60 | 61 | // Skip indicates the count of policies that were not selected for evaluation 62 | // +optional 63 | Skip int `json:"skip"` 64 | } 65 | 66 | // Result has one of the following values: 67 | // - pass: the policy requirements are met 68 | // - fail: the policy requirements are not met 69 | // - warn: the policy requirements are not met and the policy is not scored 70 | // - error: the policy could not be evaluated 71 | // - skip: the policy was not selected based on user inputs or applicability 72 | // 73 | // +kubebuilder:validation:Enum=pass;fail;warn;error;skip 74 | type Result string 75 | 76 | // ResultSeverity has one of the following values: 77 | // - critical 78 | // - high 79 | // - low 80 | // - medium 81 | // - info 82 | // 83 | // +kubebuilder:validation:Enum=critical;high;low;medium;info 84 | type ResultSeverity string 85 | 86 | // ReportResult provides the result for an individual policy 87 | type ReportResult struct { 88 | 89 | // Source is an identifier for the policy engine that manages this report 90 | // If the Source is specified at this level, it will override the Source 91 | // field set at the Report level 92 | // +optional 93 | Source string `json:"source"` 94 | 95 | // Policy is the name or identifier of the policy 96 | Policy string `json:"policy"` 97 | 98 | // Rule is the name or identifier of the rule within the policy 99 | // +optional 100 | Rule string `json:"rule,omitempty"` 101 | 102 | // Category indicates policy category 103 | // +optional 104 | Category string `json:"category,omitempty"` 105 | 106 | // Severity indicates policy check result criticality 107 | // +optional 108 | Severity ResultSeverity `json:"severity,omitempty"` 109 | 110 | // Timestamp indicates the time the result was found 111 | Timestamp metav1.Timestamp `json:"timestamp,omitempty"` 112 | 113 | // Result indicates the outcome of the policy rule execution 114 | Result Result `json:"result,omitempty"` 115 | 116 | // Scored indicates if this result is scored 117 | Scored bool `json:"scored,omitempty"` 118 | 119 | // Subjects is an optional reference to the checked Kubernetes resources 120 | // +optional 121 | Subjects []corev1.ObjectReference `json:"resources,omitempty"` 122 | 123 | // ResourceSelector is an optional label selector for checked Kubernetes resources. 124 | // For example, a policy result may apply to all pods that match a label. 125 | // Either a Subject or a ResourceSelector can be specified. If neither are provided, the 126 | // result is assumed to be for the policy report scope. 127 | // +optional 128 | ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"` 129 | 130 | // Description is a short user friendly message for the policy rule 131 | Description string `json:"message,omitempty"` 132 | 133 | // Properties provides additional information for the policy rule 134 | Properties map[string]string `json:"properties,omitempty"` 135 | } 136 | 137 | // +genclient 138 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 139 | // +kubebuilder:storageversion 140 | // +kubebuilder:object:root=true 141 | // +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1 142 | // +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1 143 | // +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass` 144 | // +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail` 145 | // +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn` 146 | // +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error` 147 | // +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip` 148 | // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" 149 | // +kubebuilder:resource:shortName=reps 150 | 151 | // Report is the Schema for the reports API 152 | type Report struct { 153 | metav1.TypeMeta `json:",inline"` 154 | metav1.ObjectMeta `json:"metadata,omitempty"` 155 | 156 | // Source is an identifier for the source e.g. a policy engine that manages this report. 157 | // Use this field if all the results are produced by a single policy engine. 158 | // If the results are produced by multiple sources e.g. different engines or scanners, 159 | // then use the Source field at the ReportResult level. 160 | // +optional 161 | Source string `json:"source"` 162 | 163 | // Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) 164 | // +optional 165 | Scope *corev1.ObjectReference `json:"scope,omitempty"` 166 | 167 | // ScopeSelector is an optional selector for multiple scopes (e.g. Pods). 168 | // Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. 169 | // +optional 170 | ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"` 171 | 172 | // Configuration is an optional field which can be used to specify 173 | // a contract between Report generators and consumers 174 | // +optional 175 | Configuration *ReportConfiguration `json:"configuration,omitempty"` 176 | 177 | // ReportSummary provides a summary of results 178 | // +optional 179 | Summary ReportSummary `json:"summary,omitempty"` 180 | 181 | // ReportResult provides result details 182 | // +optional 183 | Results []ReportResult `json:"results,omitempty"` 184 | } 185 | 186 | // ReportList contains a list of Report 187 | // +kubebuilder:object:root=true 188 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 189 | type ReportList struct { 190 | metav1.TypeMeta `json:",inline"` 191 | metav1.ListMeta `json:"metadata,omitempty"` 192 | Items []Report `json:"items"` 193 | } 194 | 195 | func init() { 196 | SchemeBuilder.Register(&Report{}, &ReportList{}) 197 | } 198 | -------------------------------------------------------------------------------- /apis/openreports.io/v1alpha1/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright The Kubernetes Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | // Code generated by deepcopy-gen. DO NOT EDIT. 20 | 21 | package v1alpha1 22 | 23 | import ( 24 | v1 "k8s.io/api/core/v1" 25 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 26 | runtime "k8s.io/apimachinery/pkg/runtime" 27 | ) 28 | 29 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 30 | func (in *ClusterReport) DeepCopyInto(out *ClusterReport) { 31 | *out = *in 32 | out.TypeMeta = in.TypeMeta 33 | in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) 34 | if in.Scope != nil { 35 | in, out := &in.Scope, &out.Scope 36 | *out = new(v1.ObjectReference) 37 | **out = **in 38 | } 39 | if in.ScopeSelector != nil { 40 | in, out := &in.ScopeSelector, &out.ScopeSelector 41 | *out = new(metav1.LabelSelector) 42 | (*in).DeepCopyInto(*out) 43 | } 44 | if in.Configuration != nil { 45 | in, out := &in.Configuration, &out.Configuration 46 | *out = new(ReportConfiguration) 47 | (*in).DeepCopyInto(*out) 48 | } 49 | out.Summary = in.Summary 50 | if in.Results != nil { 51 | in, out := &in.Results, &out.Results 52 | *out = make([]ReportResult, len(*in)) 53 | for i := range *in { 54 | (*in)[i].DeepCopyInto(&(*out)[i]) 55 | } 56 | } 57 | return 58 | } 59 | 60 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterReport. 61 | func (in *ClusterReport) DeepCopy() *ClusterReport { 62 | if in == nil { 63 | return nil 64 | } 65 | out := new(ClusterReport) 66 | in.DeepCopyInto(out) 67 | return out 68 | } 69 | 70 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 71 | func (in *ClusterReport) DeepCopyObject() runtime.Object { 72 | if c := in.DeepCopy(); c != nil { 73 | return c 74 | } 75 | return nil 76 | } 77 | 78 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 79 | func (in *ClusterReportList) DeepCopyInto(out *ClusterReportList) { 80 | *out = *in 81 | out.TypeMeta = in.TypeMeta 82 | in.ListMeta.DeepCopyInto(&out.ListMeta) 83 | if in.Items != nil { 84 | in, out := &in.Items, &out.Items 85 | *out = make([]ClusterReport, len(*in)) 86 | for i := range *in { 87 | (*in)[i].DeepCopyInto(&(*out)[i]) 88 | } 89 | } 90 | return 91 | } 92 | 93 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterReportList. 94 | func (in *ClusterReportList) DeepCopy() *ClusterReportList { 95 | if in == nil { 96 | return nil 97 | } 98 | out := new(ClusterReportList) 99 | in.DeepCopyInto(out) 100 | return out 101 | } 102 | 103 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 104 | func (in *ClusterReportList) DeepCopyObject() runtime.Object { 105 | if c := in.DeepCopy(); c != nil { 106 | return c 107 | } 108 | return nil 109 | } 110 | 111 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 112 | func (in *Limits) DeepCopyInto(out *Limits) { 113 | *out = *in 114 | if in.StatusFilter != nil { 115 | in, out := &in.StatusFilter, &out.StatusFilter 116 | *out = make([]StatusFilter, len(*in)) 117 | copy(*out, *in) 118 | } 119 | return 120 | } 121 | 122 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limits. 123 | func (in *Limits) DeepCopy() *Limits { 124 | if in == nil { 125 | return nil 126 | } 127 | out := new(Limits) 128 | in.DeepCopyInto(out) 129 | return out 130 | } 131 | 132 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 133 | func (in *Report) DeepCopyInto(out *Report) { 134 | *out = *in 135 | out.TypeMeta = in.TypeMeta 136 | in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) 137 | if in.Scope != nil { 138 | in, out := &in.Scope, &out.Scope 139 | *out = new(v1.ObjectReference) 140 | **out = **in 141 | } 142 | if in.ScopeSelector != nil { 143 | in, out := &in.ScopeSelector, &out.ScopeSelector 144 | *out = new(metav1.LabelSelector) 145 | (*in).DeepCopyInto(*out) 146 | } 147 | if in.Configuration != nil { 148 | in, out := &in.Configuration, &out.Configuration 149 | *out = new(ReportConfiguration) 150 | (*in).DeepCopyInto(*out) 151 | } 152 | out.Summary = in.Summary 153 | if in.Results != nil { 154 | in, out := &in.Results, &out.Results 155 | *out = make([]ReportResult, len(*in)) 156 | for i := range *in { 157 | (*in)[i].DeepCopyInto(&(*out)[i]) 158 | } 159 | } 160 | return 161 | } 162 | 163 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Report. 164 | func (in *Report) DeepCopy() *Report { 165 | if in == nil { 166 | return nil 167 | } 168 | out := new(Report) 169 | in.DeepCopyInto(out) 170 | return out 171 | } 172 | 173 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 174 | func (in *Report) DeepCopyObject() runtime.Object { 175 | if c := in.DeepCopy(); c != nil { 176 | return c 177 | } 178 | return nil 179 | } 180 | 181 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 182 | func (in *ReportConfiguration) DeepCopyInto(out *ReportConfiguration) { 183 | *out = *in 184 | in.Limits.DeepCopyInto(&out.Limits) 185 | return 186 | } 187 | 188 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportConfiguration. 189 | func (in *ReportConfiguration) DeepCopy() *ReportConfiguration { 190 | if in == nil { 191 | return nil 192 | } 193 | out := new(ReportConfiguration) 194 | in.DeepCopyInto(out) 195 | return out 196 | } 197 | 198 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 199 | func (in *ReportList) DeepCopyInto(out *ReportList) { 200 | *out = *in 201 | out.TypeMeta = in.TypeMeta 202 | in.ListMeta.DeepCopyInto(&out.ListMeta) 203 | if in.Items != nil { 204 | in, out := &in.Items, &out.Items 205 | *out = make([]Report, len(*in)) 206 | for i := range *in { 207 | (*in)[i].DeepCopyInto(&(*out)[i]) 208 | } 209 | } 210 | return 211 | } 212 | 213 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportList. 214 | func (in *ReportList) DeepCopy() *ReportList { 215 | if in == nil { 216 | return nil 217 | } 218 | out := new(ReportList) 219 | in.DeepCopyInto(out) 220 | return out 221 | } 222 | 223 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 224 | func (in *ReportList) DeepCopyObject() runtime.Object { 225 | if c := in.DeepCopy(); c != nil { 226 | return c 227 | } 228 | return nil 229 | } 230 | 231 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 232 | func (in *ReportResult) DeepCopyInto(out *ReportResult) { 233 | *out = *in 234 | out.Timestamp = in.Timestamp 235 | if in.Subjects != nil { 236 | in, out := &in.Subjects, &out.Subjects 237 | *out = make([]v1.ObjectReference, len(*in)) 238 | copy(*out, *in) 239 | } 240 | if in.ResourceSelector != nil { 241 | in, out := &in.ResourceSelector, &out.ResourceSelector 242 | *out = new(metav1.LabelSelector) 243 | (*in).DeepCopyInto(*out) 244 | } 245 | if in.Properties != nil { 246 | in, out := &in.Properties, &out.Properties 247 | *out = make(map[string]string, len(*in)) 248 | for key, val := range *in { 249 | (*out)[key] = val 250 | } 251 | } 252 | return 253 | } 254 | 255 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportResult. 256 | func (in *ReportResult) DeepCopy() *ReportResult { 257 | if in == nil { 258 | return nil 259 | } 260 | out := new(ReportResult) 261 | in.DeepCopyInto(out) 262 | return out 263 | } 264 | 265 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 266 | func (in *ReportSummary) DeepCopyInto(out *ReportSummary) { 267 | *out = *in 268 | return 269 | } 270 | 271 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportSummary. 272 | func (in *ReportSummary) DeepCopy() *ReportSummary { 273 | if in == nil { 274 | return nil 275 | } 276 | out := new(ReportSummary) 277 | in.DeepCopyInto(out) 278 | return out 279 | } 280 | -------------------------------------------------------------------------------- /crd/openreports.io/v1alpha1/openreports.io_clusterreports.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.14.0 7 | name: clusterreports.openreports.io 8 | spec: 9 | group: openreports.io 10 | names: 11 | kind: ClusterReport 12 | listKind: ClusterReportList 13 | plural: clusterreports 14 | shortNames: 15 | - creps 16 | singular: clusterreport 17 | scope: Cluster 18 | versions: 19 | - additionalPrinterColumns: 20 | - jsonPath: .scope.kind 21 | name: Kind 22 | priority: 1 23 | type: string 24 | - jsonPath: .scope.name 25 | name: Name 26 | priority: 1 27 | type: string 28 | - jsonPath: .summary.pass 29 | name: Pass 30 | type: integer 31 | - jsonPath: .summary.fail 32 | name: Fail 33 | type: integer 34 | - jsonPath: .summary.warn 35 | name: Warn 36 | type: integer 37 | - jsonPath: .summary.error 38 | name: Error 39 | type: integer 40 | - jsonPath: .summary.skip 41 | name: Skip 42 | type: integer 43 | - jsonPath: .metadata.creationTimestamp 44 | name: Age 45 | type: date 46 | name: v1alpha1 47 | schema: 48 | openAPIV3Schema: 49 | description: ClusterReport is the Schema for the ClusterReport API 50 | properties: 51 | apiVersion: 52 | description: |- 53 | APIVersion defines the versioned schema of this representation of an object. 54 | Servers should convert recognized schemas to the latest internal value, and 55 | may reject unrecognized values. 56 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 57 | type: string 58 | configuration: 59 | description: |- 60 | Configuration is an optional field which can be used to specify 61 | a contract between Report generators and consumers 62 | properties: 63 | limits: 64 | properties: 65 | maxResults: 66 | description: MaxResults is the maximum number of results contained 67 | in the report 68 | type: integer 69 | statusFilter: 70 | description: StatusFilter indicates that the Report contains only 71 | those reports with statuses specified in this list 72 | items: 73 | description: StatusFilter is used by Report generators to write 74 | only those reports whose status is specified by the filters 75 | enum: 76 | - pass 77 | - fail 78 | - warn 79 | - error 80 | - skip 81 | type: string 82 | type: array 83 | type: object 84 | required: 85 | - limits 86 | type: object 87 | kind: 88 | description: |- 89 | Kind is a string value representing the REST resource this object represents. 90 | Servers may infer this from the endpoint the client submits requests to. 91 | Cannot be updated. 92 | In CamelCase. 93 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 94 | type: string 95 | metadata: 96 | type: object 97 | results: 98 | description: ReportResult provides result details 99 | items: 100 | description: ReportResult provides the result for an individual policy 101 | properties: 102 | category: 103 | description: Category indicates policy category 104 | type: string 105 | message: 106 | description: Description is a short user friendly message for the 107 | policy rule 108 | type: string 109 | policy: 110 | description: Policy is the name or identifier of the policy 111 | type: string 112 | properties: 113 | additionalProperties: 114 | type: string 115 | description: Properties provides additional information for the 116 | policy rule 117 | type: object 118 | resourceSelector: 119 | description: |- 120 | ResourceSelector is an optional label selector for checked Kubernetes resources. 121 | For example, a policy result may apply to all pods that match a label. 122 | Either a Subject or a ResourceSelector can be specified. If neither are provided, the 123 | result is assumed to be for the policy report scope. 124 | properties: 125 | matchExpressions: 126 | description: matchExpressions is a list of label selector requirements. 127 | The requirements are ANDed. 128 | items: 129 | description: |- 130 | A label selector requirement is a selector that contains values, a key, and an operator that 131 | relates the key and values. 132 | properties: 133 | key: 134 | description: key is the label key that the selector applies 135 | to. 136 | type: string 137 | operator: 138 | description: |- 139 | operator represents a key's relationship to a set of values. 140 | Valid operators are In, NotIn, Exists and DoesNotExist. 141 | type: string 142 | values: 143 | description: |- 144 | values is an array of string values. If the operator is In or NotIn, 145 | the values array must be non-empty. If the operator is Exists or DoesNotExist, 146 | the values array must be empty. This array is replaced during a strategic 147 | merge patch. 148 | items: 149 | type: string 150 | type: array 151 | x-kubernetes-list-type: atomic 152 | required: 153 | - key 154 | - operator 155 | type: object 156 | type: array 157 | x-kubernetes-list-type: atomic 158 | matchLabels: 159 | additionalProperties: 160 | type: string 161 | description: |- 162 | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 163 | map is equivalent to an element of matchExpressions, whose key field is "key", the 164 | operator is "In", and the values array contains only "value". The requirements are ANDed. 165 | type: object 166 | type: object 167 | x-kubernetes-map-type: atomic 168 | resources: 169 | description: Subjects is an optional reference to the checked Kubernetes 170 | resources 171 | items: 172 | description: |- 173 | ObjectReference contains enough information to let you inspect or modify the referred object. 174 | --- 175 | New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 176 | 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 177 | 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular 178 | restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". 179 | Those cannot be well described when embedded. 180 | 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 181 | 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity 182 | during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple 183 | and the version of the actual struct is irrelevant. 184 | 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type 185 | will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. 186 | 187 | 188 | Instead of using this type, create a locally provided and used type that is well-focused on your reference. 189 | For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . 190 | properties: 191 | apiVersion: 192 | description: API version of the referent. 193 | type: string 194 | fieldPath: 195 | description: |- 196 | If referring to a piece of an object instead of an entire object, this string 197 | should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. 198 | For example, if the object reference is to a container within a pod, this would take on a value like: 199 | "spec.containers{name}" (where "name" refers to the name of the container that triggered 200 | the event) or if no container name is specified "spec.containers[2]" (container with 201 | index 2 in this pod). This syntax is chosen only to have some well-defined way of 202 | referencing a part of an object. 203 | TODO: this design is not final and this field is subject to change in the future. 204 | type: string 205 | kind: 206 | description: |- 207 | Kind of the referent. 208 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 209 | type: string 210 | name: 211 | description: |- 212 | Name of the referent. 213 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 214 | type: string 215 | namespace: 216 | description: |- 217 | Namespace of the referent. 218 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ 219 | type: string 220 | resourceVersion: 221 | description: |- 222 | Specific resourceVersion to which this reference is made, if any. 223 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 224 | type: string 225 | uid: 226 | description: |- 227 | UID of the referent. 228 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids 229 | type: string 230 | type: object 231 | x-kubernetes-map-type: atomic 232 | type: array 233 | result: 234 | description: Result indicates the outcome of the policy rule execution 235 | enum: 236 | - pass 237 | - fail 238 | - warn 239 | - error 240 | - skip 241 | type: string 242 | rule: 243 | description: Rule is the name or identifier of the rule within the 244 | policy 245 | type: string 246 | scored: 247 | description: Scored indicates if this result is scored 248 | type: boolean 249 | severity: 250 | description: Severity indicates policy check result criticality 251 | enum: 252 | - critical 253 | - high 254 | - low 255 | - medium 256 | - info 257 | type: string 258 | source: 259 | description: |- 260 | Source is an identifier for the policy engine that manages this report 261 | If the Source is specified at this level, it will override the Source 262 | field set at the Report level 263 | type: string 264 | timestamp: 265 | description: Timestamp indicates the time the result was found 266 | properties: 267 | nanos: 268 | description: |- 269 | Non-negative fractions of a second at nanosecond resolution. Negative 270 | second values with fractions must still have non-negative nanos values 271 | that count forward in time. Must be from 0 to 999,999,999 272 | inclusive. This field may be limited in precision depending on context. 273 | format: int32 274 | type: integer 275 | seconds: 276 | description: |- 277 | Represents seconds of UTC time since Unix epoch 278 | 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 279 | 9999-12-31T23:59:59Z inclusive. 280 | format: int64 281 | type: integer 282 | required: 283 | - nanos 284 | - seconds 285 | type: object 286 | required: 287 | - policy 288 | type: object 289 | type: array 290 | scope: 291 | description: Scope is an optional reference to the report scope (e.g. 292 | a Deployment, Namespace, or Node) 293 | properties: 294 | apiVersion: 295 | description: API version of the referent. 296 | type: string 297 | fieldPath: 298 | description: |- 299 | If referring to a piece of an object instead of an entire object, this string 300 | should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. 301 | For example, if the object reference is to a container within a pod, this would take on a value like: 302 | "spec.containers{name}" (where "name" refers to the name of the container that triggered 303 | the event) or if no container name is specified "spec.containers[2]" (container with 304 | index 2 in this pod). This syntax is chosen only to have some well-defined way of 305 | referencing a part of an object. 306 | TODO: this design is not final and this field is subject to change in the future. 307 | type: string 308 | kind: 309 | description: |- 310 | Kind of the referent. 311 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 312 | type: string 313 | name: 314 | description: |- 315 | Name of the referent. 316 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 317 | type: string 318 | namespace: 319 | description: |- 320 | Namespace of the referent. 321 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ 322 | type: string 323 | resourceVersion: 324 | description: |- 325 | Specific resourceVersion to which this reference is made, if any. 326 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 327 | type: string 328 | uid: 329 | description: |- 330 | UID of the referent. 331 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids 332 | type: string 333 | type: object 334 | x-kubernetes-map-type: atomic 335 | scopeSelector: 336 | description: |- 337 | ScopeSelector is an optional selector for multiple scopes (e.g. Pods). 338 | Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. 339 | properties: 340 | matchExpressions: 341 | description: matchExpressions is a list of label selector requirements. 342 | The requirements are ANDed. 343 | items: 344 | description: |- 345 | A label selector requirement is a selector that contains values, a key, and an operator that 346 | relates the key and values. 347 | properties: 348 | key: 349 | description: key is the label key that the selector applies 350 | to. 351 | type: string 352 | operator: 353 | description: |- 354 | operator represents a key's relationship to a set of values. 355 | Valid operators are In, NotIn, Exists and DoesNotExist. 356 | type: string 357 | values: 358 | description: |- 359 | values is an array of string values. If the operator is In or NotIn, 360 | the values array must be non-empty. If the operator is Exists or DoesNotExist, 361 | the values array must be empty. This array is replaced during a strategic 362 | merge patch. 363 | items: 364 | type: string 365 | type: array 366 | x-kubernetes-list-type: atomic 367 | required: 368 | - key 369 | - operator 370 | type: object 371 | type: array 372 | x-kubernetes-list-type: atomic 373 | matchLabels: 374 | additionalProperties: 375 | type: string 376 | description: |- 377 | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 378 | map is equivalent to an element of matchExpressions, whose key field is "key", the 379 | operator is "In", and the values array contains only "value". The requirements are ANDed. 380 | type: object 381 | type: object 382 | x-kubernetes-map-type: atomic 383 | source: 384 | description: |- 385 | Source is an identifier for the source e.g. a policy engine that manages this report. 386 | Use this field if all the results are produced by a single policy engine. 387 | If the results are produced by multiple sources e.g. different engines or scanners, 388 | then use the Source field at the ReportResult level. 389 | type: string 390 | summary: 391 | description: ReportSummary provides a summary of results 392 | properties: 393 | error: 394 | description: Error provides the count of policies that could not be 395 | evaluated 396 | type: integer 397 | fail: 398 | description: Fail provides the count of policies whose requirements 399 | were not met 400 | type: integer 401 | pass: 402 | description: Pass provides the count of policies whose requirements 403 | were met 404 | type: integer 405 | skip: 406 | description: Skip indicates the count of policies that were not selected 407 | for evaluation 408 | type: integer 409 | warn: 410 | description: Warn provides the count of non-scored policies whose 411 | requirements were not met 412 | type: integer 413 | type: object 414 | type: object 415 | served: true 416 | storage: true 417 | subresources: {} 418 | -------------------------------------------------------------------------------- /crd/openreports.io/v1alpha1/openreports.io_reports.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.14.0 7 | name: reports.openreports.io 8 | spec: 9 | group: openreports.io 10 | names: 11 | kind: Report 12 | listKind: ReportList 13 | plural: reports 14 | shortNames: 15 | - reps 16 | singular: report 17 | scope: Namespaced 18 | versions: 19 | - additionalPrinterColumns: 20 | - jsonPath: .scope.kind 21 | name: Kind 22 | priority: 1 23 | type: string 24 | - jsonPath: .scope.name 25 | name: Name 26 | priority: 1 27 | type: string 28 | - jsonPath: .summary.pass 29 | name: Pass 30 | type: integer 31 | - jsonPath: .summary.fail 32 | name: Fail 33 | type: integer 34 | - jsonPath: .summary.warn 35 | name: Warn 36 | type: integer 37 | - jsonPath: .summary.error 38 | name: Error 39 | type: integer 40 | - jsonPath: .summary.skip 41 | name: Skip 42 | type: integer 43 | - jsonPath: .metadata.creationTimestamp 44 | name: Age 45 | type: date 46 | name: v1alpha1 47 | schema: 48 | openAPIV3Schema: 49 | description: Report is the Schema for the reports API 50 | properties: 51 | apiVersion: 52 | description: |- 53 | APIVersion defines the versioned schema of this representation of an object. 54 | Servers should convert recognized schemas to the latest internal value, and 55 | may reject unrecognized values. 56 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 57 | type: string 58 | configuration: 59 | description: |- 60 | Configuration is an optional field which can be used to specify 61 | a contract between Report generators and consumers 62 | properties: 63 | limits: 64 | properties: 65 | maxResults: 66 | description: MaxResults is the maximum number of results contained 67 | in the report 68 | type: integer 69 | statusFilter: 70 | description: StatusFilter indicates that the Report contains only 71 | those reports with statuses specified in this list 72 | items: 73 | description: StatusFilter is used by Report generators to write 74 | only those reports whose status is specified by the filters 75 | enum: 76 | - pass 77 | - fail 78 | - warn 79 | - error 80 | - skip 81 | type: string 82 | type: array 83 | type: object 84 | required: 85 | - limits 86 | type: object 87 | kind: 88 | description: |- 89 | Kind is a string value representing the REST resource this object represents. 90 | Servers may infer this from the endpoint the client submits requests to. 91 | Cannot be updated. 92 | In CamelCase. 93 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 94 | type: string 95 | metadata: 96 | type: object 97 | results: 98 | description: ReportResult provides result details 99 | items: 100 | description: ReportResult provides the result for an individual policy 101 | properties: 102 | category: 103 | description: Category indicates policy category 104 | type: string 105 | message: 106 | description: Description is a short user friendly message for the 107 | policy rule 108 | type: string 109 | policy: 110 | description: Policy is the name or identifier of the policy 111 | type: string 112 | properties: 113 | additionalProperties: 114 | type: string 115 | description: Properties provides additional information for the 116 | policy rule 117 | type: object 118 | resourceSelector: 119 | description: |- 120 | ResourceSelector is an optional label selector for checked Kubernetes resources. 121 | For example, a policy result may apply to all pods that match a label. 122 | Either a Subject or a ResourceSelector can be specified. If neither are provided, the 123 | result is assumed to be for the policy report scope. 124 | properties: 125 | matchExpressions: 126 | description: matchExpressions is a list of label selector requirements. 127 | The requirements are ANDed. 128 | items: 129 | description: |- 130 | A label selector requirement is a selector that contains values, a key, and an operator that 131 | relates the key and values. 132 | properties: 133 | key: 134 | description: key is the label key that the selector applies 135 | to. 136 | type: string 137 | operator: 138 | description: |- 139 | operator represents a key's relationship to a set of values. 140 | Valid operators are In, NotIn, Exists and DoesNotExist. 141 | type: string 142 | values: 143 | description: |- 144 | values is an array of string values. If the operator is In or NotIn, 145 | the values array must be non-empty. If the operator is Exists or DoesNotExist, 146 | the values array must be empty. This array is replaced during a strategic 147 | merge patch. 148 | items: 149 | type: string 150 | type: array 151 | x-kubernetes-list-type: atomic 152 | required: 153 | - key 154 | - operator 155 | type: object 156 | type: array 157 | x-kubernetes-list-type: atomic 158 | matchLabels: 159 | additionalProperties: 160 | type: string 161 | description: |- 162 | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 163 | map is equivalent to an element of matchExpressions, whose key field is "key", the 164 | operator is "In", and the values array contains only "value". The requirements are ANDed. 165 | type: object 166 | type: object 167 | x-kubernetes-map-type: atomic 168 | resources: 169 | description: Subjects is an optional reference to the checked Kubernetes 170 | resources 171 | items: 172 | description: |- 173 | ObjectReference contains enough information to let you inspect or modify the referred object. 174 | --- 175 | New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 176 | 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 177 | 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular 178 | restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". 179 | Those cannot be well described when embedded. 180 | 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 181 | 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity 182 | during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple 183 | and the version of the actual struct is irrelevant. 184 | 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type 185 | will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. 186 | 187 | 188 | Instead of using this type, create a locally provided and used type that is well-focused on your reference. 189 | For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . 190 | properties: 191 | apiVersion: 192 | description: API version of the referent. 193 | type: string 194 | fieldPath: 195 | description: |- 196 | If referring to a piece of an object instead of an entire object, this string 197 | should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. 198 | For example, if the object reference is to a container within a pod, this would take on a value like: 199 | "spec.containers{name}" (where "name" refers to the name of the container that triggered 200 | the event) or if no container name is specified "spec.containers[2]" (container with 201 | index 2 in this pod). This syntax is chosen only to have some well-defined way of 202 | referencing a part of an object. 203 | TODO: this design is not final and this field is subject to change in the future. 204 | type: string 205 | kind: 206 | description: |- 207 | Kind of the referent. 208 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 209 | type: string 210 | name: 211 | description: |- 212 | Name of the referent. 213 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 214 | type: string 215 | namespace: 216 | description: |- 217 | Namespace of the referent. 218 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ 219 | type: string 220 | resourceVersion: 221 | description: |- 222 | Specific resourceVersion to which this reference is made, if any. 223 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 224 | type: string 225 | uid: 226 | description: |- 227 | UID of the referent. 228 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids 229 | type: string 230 | type: object 231 | x-kubernetes-map-type: atomic 232 | type: array 233 | result: 234 | description: Result indicates the outcome of the policy rule execution 235 | enum: 236 | - pass 237 | - fail 238 | - warn 239 | - error 240 | - skip 241 | type: string 242 | rule: 243 | description: Rule is the name or identifier of the rule within the 244 | policy 245 | type: string 246 | scored: 247 | description: Scored indicates if this result is scored 248 | type: boolean 249 | severity: 250 | description: Severity indicates policy check result criticality 251 | enum: 252 | - critical 253 | - high 254 | - low 255 | - medium 256 | - info 257 | type: string 258 | source: 259 | description: |- 260 | Source is an identifier for the policy engine that manages this report 261 | If the Source is specified at this level, it will override the Source 262 | field set at the Report level 263 | type: string 264 | timestamp: 265 | description: Timestamp indicates the time the result was found 266 | properties: 267 | nanos: 268 | description: |- 269 | Non-negative fractions of a second at nanosecond resolution. Negative 270 | second values with fractions must still have non-negative nanos values 271 | that count forward in time. Must be from 0 to 999,999,999 272 | inclusive. This field may be limited in precision depending on context. 273 | format: int32 274 | type: integer 275 | seconds: 276 | description: |- 277 | Represents seconds of UTC time since Unix epoch 278 | 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 279 | 9999-12-31T23:59:59Z inclusive. 280 | format: int64 281 | type: integer 282 | required: 283 | - nanos 284 | - seconds 285 | type: object 286 | required: 287 | - policy 288 | type: object 289 | type: array 290 | scope: 291 | description: Scope is an optional reference to the report scope (e.g. 292 | a Deployment, Namespace, or Node) 293 | properties: 294 | apiVersion: 295 | description: API version of the referent. 296 | type: string 297 | fieldPath: 298 | description: |- 299 | If referring to a piece of an object instead of an entire object, this string 300 | should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. 301 | For example, if the object reference is to a container within a pod, this would take on a value like: 302 | "spec.containers{name}" (where "name" refers to the name of the container that triggered 303 | the event) or if no container name is specified "spec.containers[2]" (container with 304 | index 2 in this pod). This syntax is chosen only to have some well-defined way of 305 | referencing a part of an object. 306 | TODO: this design is not final and this field is subject to change in the future. 307 | type: string 308 | kind: 309 | description: |- 310 | Kind of the referent. 311 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 312 | type: string 313 | name: 314 | description: |- 315 | Name of the referent. 316 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 317 | type: string 318 | namespace: 319 | description: |- 320 | Namespace of the referent. 321 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ 322 | type: string 323 | resourceVersion: 324 | description: |- 325 | Specific resourceVersion to which this reference is made, if any. 326 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 327 | type: string 328 | uid: 329 | description: |- 330 | UID of the referent. 331 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids 332 | type: string 333 | type: object 334 | x-kubernetes-map-type: atomic 335 | scopeSelector: 336 | description: |- 337 | ScopeSelector is an optional selector for multiple scopes (e.g. Pods). 338 | Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. 339 | properties: 340 | matchExpressions: 341 | description: matchExpressions is a list of label selector requirements. 342 | The requirements are ANDed. 343 | items: 344 | description: |- 345 | A label selector requirement is a selector that contains values, a key, and an operator that 346 | relates the key and values. 347 | properties: 348 | key: 349 | description: key is the label key that the selector applies 350 | to. 351 | type: string 352 | operator: 353 | description: |- 354 | operator represents a key's relationship to a set of values. 355 | Valid operators are In, NotIn, Exists and DoesNotExist. 356 | type: string 357 | values: 358 | description: |- 359 | values is an array of string values. If the operator is In or NotIn, 360 | the values array must be non-empty. If the operator is Exists or DoesNotExist, 361 | the values array must be empty. This array is replaced during a strategic 362 | merge patch. 363 | items: 364 | type: string 365 | type: array 366 | x-kubernetes-list-type: atomic 367 | required: 368 | - key 369 | - operator 370 | type: object 371 | type: array 372 | x-kubernetes-list-type: atomic 373 | matchLabels: 374 | additionalProperties: 375 | type: string 376 | description: |- 377 | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 378 | map is equivalent to an element of matchExpressions, whose key field is "key", the 379 | operator is "In", and the values array contains only "value". The requirements are ANDed. 380 | type: object 381 | type: object 382 | x-kubernetes-map-type: atomic 383 | source: 384 | description: |- 385 | Source is an identifier for the source e.g. a policy engine that manages this report. 386 | Use this field if all the results are produced by a single policy engine. 387 | If the results are produced by multiple sources e.g. different engines or scanners, 388 | then use the Source field at the ReportResult level. 389 | type: string 390 | summary: 391 | description: ReportSummary provides a summary of results 392 | properties: 393 | error: 394 | description: Error provides the count of policies that could not be 395 | evaluated 396 | type: integer 397 | fail: 398 | description: Fail provides the count of policies whose requirements 399 | were not met 400 | type: integer 401 | pass: 402 | description: Pass provides the count of policies whose requirements 403 | were met 404 | type: integer 405 | skip: 406 | description: Skip indicates the count of policies that were not selected 407 | for evaluation 408 | type: integer 409 | warn: 410 | description: Warn provides the count of non-scored policies whose 411 | requirements were not met 412 | type: integer 413 | type: object 414 | type: object 415 | served: true 416 | storage: true 417 | subresources: {} 418 | -------------------------------------------------------------------------------- /docs/api-docs.md: -------------------------------------------------------------------------------- 1 | # API Reference 2 | 3 | ## Packages 4 | - [openreports.io/v1alpha1](#openreportsiov1alpha1) 5 | 6 | 7 | ## openreports.io/v1alpha1 8 | 9 | Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group 10 | 11 | Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group 12 | 13 | ### Resource Types 14 | - [ClusterReport](#clusterreport) 15 | - [ClusterReportList](#clusterreportlist) 16 | - [Report](#report) 17 | - [ReportList](#reportlist) 18 | 19 | 20 | 21 | #### ClusterReport 22 | 23 | 24 | 25 | ClusterReport is the Schema for the ClusterReport API 26 | 27 | 28 | 29 | _Appears in:_ 30 | - [ClusterReportList](#clusterreportlist) 31 | 32 | | Field | Description | Default | Validation | 33 | | --- | --- | --- | --- | 34 | | `apiVersion` _string_ | `openreports.io/v1alpha1` | | | 35 | | `kind` _string_ | `ClusterReport` | | | 36 | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | 37 | | `source` _string_ | Source is an identifier for the source e.g. a policy engine that manages this report.
Use this field if all the results are produced by a single policy engine.
If the results are produced by multiple sources e.g. different engines or scanners,
then use the Source field at the ReportResult level. | | | 38 | | `scope` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectreference-v1-core)_ | Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) | | | 39 | | `scopeSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta)_ | ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. | | | 40 | | `configuration` _[ReportConfiguration](#reportconfiguration)_ | Configuration is an optional field which can be used to specify
a contract between Report generators and consumers | | | 41 | | `summary` _[ReportSummary](#reportsummary)_ | ReportSummary provides a summary of results | | | 42 | | `results` _[ReportResult](#reportresult) array_ | ReportResult provides result details | | | 43 | 44 | 45 | #### ClusterReportList 46 | 47 | 48 | 49 | ClusterReportList contains a list of ClusterReport 50 | 51 | 52 | 53 | 54 | 55 | | Field | Description | Default | Validation | 56 | | --- | --- | --- | --- | 57 | | `apiVersion` _string_ | `openreports.io/v1alpha1` | | | 58 | | `kind` _string_ | `ClusterReportList` | | | 59 | | `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | 60 | | `items` _[ClusterReport](#clusterreport) array_ | | | | 61 | 62 | 63 | #### Limits 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | _Appears in:_ 72 | - [ReportConfiguration](#reportconfiguration) 73 | 74 | | Field | Description | Default | Validation | 75 | | --- | --- | --- | --- | 76 | | `maxResults` _integer_ | MaxResults is the maximum number of results contained in the report | | | 77 | | `statusFilter` _[StatusFilter](#statusfilter) array_ | StatusFilter indicates that the Report contains only those reports with statuses specified in this list | | Enum: [pass fail warn error skip]
| 78 | 79 | 80 | #### Report 81 | 82 | 83 | 84 | Report is the Schema for the reports API 85 | 86 | 87 | 88 | _Appears in:_ 89 | - [ReportList](#reportlist) 90 | 91 | | Field | Description | Default | Validation | 92 | | --- | --- | --- | --- | 93 | | `apiVersion` _string_ | `openreports.io/v1alpha1` | | | 94 | | `kind` _string_ | `Report` | | | 95 | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | 96 | | `source` _string_ | Source is an identifier for the source e.g. a policy engine that manages this report.
Use this field if all the results are produced by a single policy engine.
If the results are produced by multiple sources e.g. different engines or scanners,
then use the Source field at the ReportResult level. | | | 97 | | `scope` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectreference-v1-core)_ | Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) | | | 98 | | `scopeSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta)_ | ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. | | | 99 | | `configuration` _[ReportConfiguration](#reportconfiguration)_ | Configuration is an optional field which can be used to specify
a contract between Report generators and consumers | | | 100 | | `summary` _[ReportSummary](#reportsummary)_ | ReportSummary provides a summary of results | | | 101 | | `results` _[ReportResult](#reportresult) array_ | ReportResult provides result details | | | 102 | 103 | 104 | #### ReportConfiguration 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | _Appears in:_ 113 | - [ClusterReport](#clusterreport) 114 | - [Report](#report) 115 | 116 | | Field | Description | Default | Validation | 117 | | --- | --- | --- | --- | 118 | | `limits` _[Limits](#limits)_ | | | | 119 | 120 | 121 | #### ReportList 122 | 123 | 124 | 125 | ReportList contains a list of Report 126 | 127 | 128 | 129 | 130 | 131 | | Field | Description | Default | Validation | 132 | | --- | --- | --- | --- | 133 | | `apiVersion` _string_ | `openreports.io/v1alpha1` | | | 134 | | `kind` _string_ | `ReportList` | | | 135 | | `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | 136 | | `items` _[Report](#report) array_ | | | | 137 | 138 | 139 | #### ReportResult 140 | 141 | 142 | 143 | ReportResult provides the result for an individual policy 144 | 145 | 146 | 147 | _Appears in:_ 148 | - [ClusterReport](#clusterreport) 149 | - [Report](#report) 150 | 151 | | Field | Description | Default | Validation | 152 | | --- | --- | --- | --- | 153 | | `source` _string_ | Source is an identifier for the policy engine that manages this report
If the Source is specified at this level, it will override the Source
field set at the Report level | | | 154 | | `policy` _string_ | Policy is the name or identifier of the policy | | | 155 | | `rule` _string_ | Rule is the name or identifier of the rule within the policy | | | 156 | | `category` _string_ | Category indicates policy category | | | 157 | | `severity` _[ResultSeverity](#resultseverity)_ | Severity indicates policy check result criticality | | Enum: [critical high low medium info]
| 158 | | `timestamp` _[Timestamp](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#timestamp-v1-meta)_ | Timestamp indicates the time the result was found | | | 159 | | `result` _[Result](#result)_ | Result indicates the outcome of the policy rule execution | | Enum: [pass fail warn error skip]
| 160 | | `scored` _boolean_ | Scored indicates if this result is scored | | | 161 | | `resources` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectreference-v1-core) array_ | Subjects is an optional reference to the checked Kubernetes resources | | | 162 | | `resourceSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta)_ | ResourceSelector is an optional label selector for checked Kubernetes resources.
For example, a policy result may apply to all pods that match a label.
Either a Subject or a ResourceSelector can be specified. If neither are provided, the
result is assumed to be for the policy report scope. | | | 163 | | `message` _string_ | Description is a short user friendly message for the policy rule | | | 164 | | `properties` _object (keys:string, values:string)_ | Properties provides additional information for the policy rule | | | 165 | 166 | 167 | #### ReportSummary 168 | 169 | 170 | 171 | ReportSummary provides a status count summary 172 | 173 | 174 | 175 | _Appears in:_ 176 | - [ClusterReport](#clusterreport) 177 | - [Report](#report) 178 | 179 | | Field | Description | Default | Validation | 180 | | --- | --- | --- | --- | 181 | | `pass` _integer_ | Pass provides the count of policies whose requirements were met | | | 182 | | `fail` _integer_ | Fail provides the count of policies whose requirements were not met | | | 183 | | `warn` _integer_ | Warn provides the count of non-scored policies whose requirements were not met | | | 184 | | `error` _integer_ | Error provides the count of policies that could not be evaluated | | | 185 | | `skip` _integer_ | Skip indicates the count of policies that were not selected for evaluation | | | 186 | 187 | 188 | #### Result 189 | 190 | _Underlying type:_ _string_ 191 | 192 | Result has one of the following values: 193 | - pass: the policy requirements are met 194 | - fail: the policy requirements are not met 195 | - warn: the policy requirements are not met and the policy is not scored 196 | - error: the policy could not be evaluated 197 | - skip: the policy was not selected based on user inputs or applicability 198 | 199 | _Validation:_ 200 | - Enum: [pass fail warn error skip] 201 | 202 | _Appears in:_ 203 | - [ReportResult](#reportresult) 204 | 205 | 206 | 207 | #### ResultSeverity 208 | 209 | _Underlying type:_ _string_ 210 | 211 | ResultSeverity has one of the following values: 212 | - critical 213 | - high 214 | - low 215 | - medium 216 | - info 217 | 218 | _Validation:_ 219 | - Enum: [critical high low medium info] 220 | 221 | _Appears in:_ 222 | - [ReportResult](#reportresult) 223 | 224 | 225 | 226 | #### StatusFilter 227 | 228 | _Underlying type:_ _string_ 229 | 230 | StatusFilter is used by Report generators to write only those reports whose status is specified by the filters 231 | 232 | _Validation:_ 233 | - Enum: [pass fail warn error skip] 234 | 235 | _Appears in:_ 236 | - [Limits](#limits) 237 | 238 | 239 | 240 | -------------------------------------------------------------------------------- /docs/config.yaml: -------------------------------------------------------------------------------- 1 | processor: 2 | ignoreGroupVersions: 3 | ignoreTypes: 4 | ignoreFields: 5 | - "status$" 6 | - "TypeMeta$" 7 | - "kind$" 8 | - "apiVersion$" 9 | customMarkers: 10 | - name: "hidefromdoc" 11 | target: field 12 | 13 | render: 14 | kubernetesVersion: 1.29 15 | knownTypes: 16 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module openreports.io 2 | 3 | go 1.24.1 4 | 5 | require ( 6 | k8s.io/api v0.29.3 7 | k8s.io/apimachinery v0.30.0-rc.2 8 | k8s.io/client-go v0.29.3 9 | k8s.io/code-generator v0.30.0-rc.2 10 | sigs.k8s.io/controller-runtime v0.16.3 11 | ) 12 | 13 | require ( 14 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect 15 | github.com/emicklei/go-restful/v3 v3.11.0 // indirect 16 | github.com/evanphx/json-patch v5.7.0+incompatible // indirect 17 | github.com/go-logr/logr v1.4.1 // indirect 18 | github.com/go-openapi/jsonpointer v0.20.0 // indirect 19 | github.com/go-openapi/jsonreference v0.20.2 // indirect 20 | github.com/go-openapi/swag v0.22.4 // indirect 21 | github.com/gogo/protobuf v1.3.2 // indirect 22 | github.com/golang/protobuf v1.5.4 // indirect 23 | github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect 24 | github.com/google/go-cmp v0.6.0 // indirect 25 | github.com/google/gofuzz v1.2.0 // indirect 26 | github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect 27 | github.com/google/uuid v1.6.0 // indirect 28 | github.com/josharian/intern v1.0.0 // indirect 29 | github.com/json-iterator/go v1.1.12 // indirect 30 | github.com/mailru/easyjson v0.7.7 // indirect 31 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 32 | github.com/modern-go/reflect2 v1.0.2 // indirect 33 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect 34 | github.com/pkg/errors v0.9.1 // indirect 35 | github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect 36 | github.com/spf13/pflag v1.0.5 // indirect 37 | github.com/stretchr/testify v1.9.0 // indirect 38 | golang.org/x/mod v0.17.0 // indirect 39 | golang.org/x/net v0.24.0 // indirect 40 | golang.org/x/oauth2 v0.14.0 // indirect 41 | golang.org/x/sync v0.7.0 // indirect 42 | golang.org/x/sys v0.19.0 // indirect 43 | golang.org/x/term v0.19.0 // indirect 44 | golang.org/x/text v0.14.0 // indirect 45 | golang.org/x/time v0.5.0 // indirect 46 | golang.org/x/tools v0.20.0 // indirect 47 | google.golang.org/appengine v1.6.8 // indirect 48 | google.golang.org/protobuf v1.33.0 // indirect 49 | gopkg.in/inf.v0 v0.9.1 // indirect 50 | gopkg.in/yaml.v2 v2.4.0 // indirect 51 | gopkg.in/yaml.v3 v3.0.1 // indirect 52 | k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect 53 | k8s.io/klog/v2 v2.120.1 // indirect 54 | k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect 55 | k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect 56 | sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect 57 | sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect 58 | sigs.k8s.io/yaml v1.4.0 // indirect 59 | ) 60 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= 2 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 3 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 4 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= 5 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 6 | github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= 7 | github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= 8 | github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= 9 | github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= 10 | github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= 11 | github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= 12 | github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= 13 | github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ= 14 | github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA= 15 | github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= 16 | github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= 17 | github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= 18 | github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= 19 | github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= 20 | github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= 21 | github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= 22 | github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= 23 | github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= 24 | github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= 25 | github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= 26 | github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= 27 | github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= 28 | github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU= 29 | github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M= 30 | github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 31 | github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= 32 | github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= 33 | github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= 34 | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 35 | github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= 36 | github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 37 | github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b h1:RMpPgZTSApbPf7xaVel+QkoGPRLFLrwFO89uDUHEGf0= 38 | github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= 39 | github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= 40 | github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 41 | github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= 42 | github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= 43 | github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= 44 | github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= 45 | github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= 46 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 47 | github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= 48 | github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= 49 | github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= 50 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= 51 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= 52 | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= 53 | github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= 54 | github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= 55 | github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= 56 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 57 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= 58 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 59 | github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= 60 | github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= 61 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= 62 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= 63 | github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= 64 | github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= 65 | github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE= 66 | github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk= 67 | github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= 68 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 69 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 70 | github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= 71 | github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 72 | github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= 73 | github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= 74 | github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= 75 | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 76 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 77 | github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= 78 | github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= 79 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 80 | github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 81 | github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= 82 | github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= 83 | github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= 84 | github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= 85 | github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 86 | github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 87 | github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= 88 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 89 | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 90 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 91 | golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= 92 | golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 93 | golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 94 | golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= 95 | golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= 96 | golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= 97 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 98 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 99 | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 100 | golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= 101 | golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= 102 | golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= 103 | golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= 104 | golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= 105 | golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0= 106 | golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM= 107 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 108 | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 109 | golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 110 | golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 111 | golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= 112 | golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= 113 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 114 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 115 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 116 | golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 117 | golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 118 | golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 119 | golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 120 | golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= 121 | golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 122 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 123 | golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= 124 | golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= 125 | golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= 126 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 127 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 128 | golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= 129 | golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= 130 | golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= 131 | golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= 132 | golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= 133 | golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= 134 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 135 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 136 | golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 137 | golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 138 | golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= 139 | golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= 140 | golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= 141 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 142 | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 143 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 144 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 145 | google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= 146 | google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= 147 | google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= 148 | google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= 149 | google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= 150 | google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= 151 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 152 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= 153 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= 154 | gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= 155 | gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= 156 | gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 157 | gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= 158 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= 159 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 160 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 161 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 162 | k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= 163 | k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= 164 | k8s.io/apimachinery v0.30.0-rc.2 h1:Q1JPqws5zCGjRwKtLW8ZKOY8lvl6aJejqIixJlHoAhc= 165 | k8s.io/apimachinery v0.30.0-rc.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= 166 | k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= 167 | k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= 168 | k8s.io/code-generator v0.30.0-rc.2 h1:FpFPiuhuaZXGm6MUNBRwCdcBO9RhTvu0DwU8xW07XJo= 169 | k8s.io/code-generator v0.30.0-rc.2/go.mod h1:EnOT8yIxF1CXH4qxYhPgJ3wqVeATHN0LCF7RnVmMCyE= 170 | k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo= 171 | k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= 172 | k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= 173 | k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= 174 | k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= 175 | k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= 176 | k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= 177 | k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= 178 | sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= 179 | sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= 180 | sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= 181 | sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= 182 | sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= 183 | sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= 184 | sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= 185 | sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= 186 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /hack/codegen.go: -------------------------------------------------------------------------------- 1 | package hack 2 | 3 | import ( 4 | _ "k8s.io/code-generator" 5 | ) 6 | -------------------------------------------------------------------------------- /hack/update-codegen.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2023 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Derived from: https://github.com/kubernetes/code-generator/blob/master/examples/hack/update-codegen.sh 18 | 19 | set -o errexit 20 | set -o nounset 21 | set -o pipefail 22 | 23 | SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")" 24 | SCRIPT_ROOT="${SCRIPT_DIR}/.." 25 | CODEGEN_PKG="${CODEGEN_PKG:-"${SCRIPT_ROOT}/bin"}" 26 | 27 | source "${CODEGEN_PKG}/kube_codegen.sh" 28 | 29 | kube::codegen::gen_helpers \ 30 | --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \ 31 | "${SCRIPT_ROOT}/apis" 32 | 33 | kube::codegen::gen_client \ 34 | --with-watch \ 35 | --output-dir "${SCRIPT_ROOT}/pkg/client" \ 36 | --output-pkg "openreports.io/pkg/client" \ 37 | --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \ 38 | "${SCRIPT_ROOT}/apis" 39 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/clientset.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package versioned 19 | 20 | import ( 21 | "fmt" 22 | "net/http" 23 | 24 | discovery "k8s.io/client-go/discovery" 25 | rest "k8s.io/client-go/rest" 26 | flowcontrol "k8s.io/client-go/util/flowcontrol" 27 | openreportsv1alpha1 "openreports.io/pkg/client/clientset/versioned/typed/openreports.io/v1alpha1" 28 | ) 29 | 30 | type Interface interface { 31 | Discovery() discovery.DiscoveryInterface 32 | OpenreportsV1alpha1() openreportsv1alpha1.OpenreportsV1alpha1Interface 33 | } 34 | 35 | // Clientset contains the clients for groups. 36 | type Clientset struct { 37 | *discovery.DiscoveryClient 38 | openreportsV1alpha1 *openreportsv1alpha1.OpenreportsV1alpha1Client 39 | } 40 | 41 | // OpenreportsV1alpha1 retrieves the OpenreportsV1alpha1Client 42 | func (c *Clientset) OpenreportsV1alpha1() openreportsv1alpha1.OpenreportsV1alpha1Interface { 43 | return c.openreportsV1alpha1 44 | } 45 | 46 | // Discovery retrieves the DiscoveryClient 47 | func (c *Clientset) Discovery() discovery.DiscoveryInterface { 48 | if c == nil { 49 | return nil 50 | } 51 | return c.DiscoveryClient 52 | } 53 | 54 | // NewForConfig creates a new Clientset for the given config. 55 | // If config's RateLimiter is not set and QPS and Burst are acceptable, 56 | // NewForConfig will generate a rate-limiter in configShallowCopy. 57 | // NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), 58 | // where httpClient was generated with rest.HTTPClientFor(c). 59 | func NewForConfig(c *rest.Config) (*Clientset, error) { 60 | configShallowCopy := *c 61 | 62 | if configShallowCopy.UserAgent == "" { 63 | configShallowCopy.UserAgent = rest.DefaultKubernetesUserAgent() 64 | } 65 | 66 | // share the transport between all clients 67 | httpClient, err := rest.HTTPClientFor(&configShallowCopy) 68 | if err != nil { 69 | return nil, err 70 | } 71 | 72 | return NewForConfigAndClient(&configShallowCopy, httpClient) 73 | } 74 | 75 | // NewForConfigAndClient creates a new Clientset for the given config and http client. 76 | // Note the http client provided takes precedence over the configured transport values. 77 | // If config's RateLimiter is not set and QPS and Burst are acceptable, 78 | // NewForConfigAndClient will generate a rate-limiter in configShallowCopy. 79 | func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, error) { 80 | configShallowCopy := *c 81 | if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 { 82 | if configShallowCopy.Burst <= 0 { 83 | return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0") 84 | } 85 | configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst) 86 | } 87 | 88 | var cs Clientset 89 | var err error 90 | cs.openreportsV1alpha1, err = openreportsv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient) 91 | if err != nil { 92 | return nil, err 93 | } 94 | 95 | cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfigAndClient(&configShallowCopy, httpClient) 96 | if err != nil { 97 | return nil, err 98 | } 99 | return &cs, nil 100 | } 101 | 102 | // NewForConfigOrDie creates a new Clientset for the given config and 103 | // panics if there is an error in the config. 104 | func NewForConfigOrDie(c *rest.Config) *Clientset { 105 | cs, err := NewForConfig(c) 106 | if err != nil { 107 | panic(err) 108 | } 109 | return cs 110 | } 111 | 112 | // New creates a new Clientset for the given RESTClient. 113 | func New(c rest.Interface) *Clientset { 114 | var cs Clientset 115 | cs.openreportsV1alpha1 = openreportsv1alpha1.New(c) 116 | 117 | cs.DiscoveryClient = discovery.NewDiscoveryClient(c) 118 | return &cs 119 | } 120 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/fake/clientset_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package fake 19 | 20 | import ( 21 | "k8s.io/apimachinery/pkg/runtime" 22 | "k8s.io/apimachinery/pkg/watch" 23 | "k8s.io/client-go/discovery" 24 | fakediscovery "k8s.io/client-go/discovery/fake" 25 | "k8s.io/client-go/testing" 26 | clientset "openreports.io/pkg/client/clientset/versioned" 27 | openreportsv1alpha1 "openreports.io/pkg/client/clientset/versioned/typed/openreports.io/v1alpha1" 28 | fakeopenreportsv1alpha1 "openreports.io/pkg/client/clientset/versioned/typed/openreports.io/v1alpha1/fake" 29 | ) 30 | 31 | // NewSimpleClientset returns a clientset that will respond with the provided objects. 32 | // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, 33 | // without applying any validations and/or defaults. It shouldn't be considered a replacement 34 | // for a real clientset and is mostly useful in simple unit tests. 35 | func NewSimpleClientset(objects ...runtime.Object) *Clientset { 36 | o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) 37 | for _, obj := range objects { 38 | if err := o.Add(obj); err != nil { 39 | panic(err) 40 | } 41 | } 42 | 43 | cs := &Clientset{tracker: o} 44 | cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake} 45 | cs.AddReactor("*", "*", testing.ObjectReaction(o)) 46 | cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) { 47 | gvr := action.GetResource() 48 | ns := action.GetNamespace() 49 | watch, err := o.Watch(gvr, ns) 50 | if err != nil { 51 | return false, nil, err 52 | } 53 | return true, watch, nil 54 | }) 55 | 56 | return cs 57 | } 58 | 59 | // Clientset implements clientset.Interface. Meant to be embedded into a 60 | // struct to get a default implementation. This makes faking out just the method 61 | // you want to test easier. 62 | type Clientset struct { 63 | testing.Fake 64 | discovery *fakediscovery.FakeDiscovery 65 | tracker testing.ObjectTracker 66 | } 67 | 68 | func (c *Clientset) Discovery() discovery.DiscoveryInterface { 69 | return c.discovery 70 | } 71 | 72 | func (c *Clientset) Tracker() testing.ObjectTracker { 73 | return c.tracker 74 | } 75 | 76 | var ( 77 | _ clientset.Interface = &Clientset{} 78 | _ testing.FakeClient = &Clientset{} 79 | ) 80 | 81 | // OpenreportsV1alpha1 retrieves the OpenreportsV1alpha1Client 82 | func (c *Clientset) OpenreportsV1alpha1() openreportsv1alpha1.OpenreportsV1alpha1Interface { 83 | return &fakeopenreportsv1alpha1.FakeOpenreportsV1alpha1{Fake: &c.Fake} 84 | } 85 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | // This package has the automatically generated fake clientset. 19 | package fake 20 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/fake/register.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package fake 19 | 20 | import ( 21 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 22 | runtime "k8s.io/apimachinery/pkg/runtime" 23 | schema "k8s.io/apimachinery/pkg/runtime/schema" 24 | serializer "k8s.io/apimachinery/pkg/runtime/serializer" 25 | utilruntime "k8s.io/apimachinery/pkg/util/runtime" 26 | openreportsv1alpha1 "openreports.io/apis/openreports.io/v1alpha1" 27 | ) 28 | 29 | var scheme = runtime.NewScheme() 30 | var codecs = serializer.NewCodecFactory(scheme) 31 | 32 | var localSchemeBuilder = runtime.SchemeBuilder{ 33 | openreportsv1alpha1.AddToScheme, 34 | } 35 | 36 | // AddToScheme adds all types of this clientset into the given scheme. This allows composition 37 | // of clientsets, like in: 38 | // 39 | // import ( 40 | // "k8s.io/client-go/kubernetes" 41 | // clientsetscheme "k8s.io/client-go/kubernetes/scheme" 42 | // aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" 43 | // ) 44 | // 45 | // kclientset, _ := kubernetes.NewForConfig(c) 46 | // _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) 47 | // 48 | // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types 49 | // correctly. 50 | var AddToScheme = localSchemeBuilder.AddToScheme 51 | 52 | func init() { 53 | v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"}) 54 | utilruntime.Must(AddToScheme(scheme)) 55 | } 56 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/scheme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | // This package contains the scheme of the automatically generated clientset. 19 | package scheme 20 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/scheme/register.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package scheme 19 | 20 | import ( 21 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 22 | runtime "k8s.io/apimachinery/pkg/runtime" 23 | schema "k8s.io/apimachinery/pkg/runtime/schema" 24 | serializer "k8s.io/apimachinery/pkg/runtime/serializer" 25 | utilruntime "k8s.io/apimachinery/pkg/util/runtime" 26 | openreportsv1alpha1 "openreports.io/apis/openreports.io/v1alpha1" 27 | ) 28 | 29 | var Scheme = runtime.NewScheme() 30 | var Codecs = serializer.NewCodecFactory(Scheme) 31 | var ParameterCodec = runtime.NewParameterCodec(Scheme) 32 | var localSchemeBuilder = runtime.SchemeBuilder{ 33 | openreportsv1alpha1.AddToScheme, 34 | } 35 | 36 | // AddToScheme adds all types of this clientset into the given scheme. This allows composition 37 | // of clientsets, like in: 38 | // 39 | // import ( 40 | // "k8s.io/client-go/kubernetes" 41 | // clientsetscheme "k8s.io/client-go/kubernetes/scheme" 42 | // aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" 43 | // ) 44 | // 45 | // kclientset, _ := kubernetes.NewForConfig(c) 46 | // _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) 47 | // 48 | // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types 49 | // correctly. 50 | var AddToScheme = localSchemeBuilder.AddToScheme 51 | 52 | func init() { 53 | v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) 54 | utilruntime.Must(AddToScheme(Scheme)) 55 | } 56 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/openreports.io/v1alpha1/clusterreport.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import ( 21 | "context" 22 | "time" 23 | 24 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | types "k8s.io/apimachinery/pkg/types" 26 | watch "k8s.io/apimachinery/pkg/watch" 27 | rest "k8s.io/client-go/rest" 28 | v1alpha1 "openreports.io/apis/openreports.io/v1alpha1" 29 | scheme "openreports.io/pkg/client/clientset/versioned/scheme" 30 | ) 31 | 32 | // ClusterReportsGetter has a method to return a ClusterReportInterface. 33 | // A group's client should implement this interface. 34 | type ClusterReportsGetter interface { 35 | ClusterReports() ClusterReportInterface 36 | } 37 | 38 | // ClusterReportInterface has methods to work with ClusterReport resources. 39 | type ClusterReportInterface interface { 40 | Create(ctx context.Context, clusterReport *v1alpha1.ClusterReport, opts v1.CreateOptions) (*v1alpha1.ClusterReport, error) 41 | Update(ctx context.Context, clusterReport *v1alpha1.ClusterReport, opts v1.UpdateOptions) (*v1alpha1.ClusterReport, error) 42 | Delete(ctx context.Context, name string, opts v1.DeleteOptions) error 43 | DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error 44 | Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ClusterReport, error) 45 | List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ClusterReportList, error) 46 | Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) 47 | Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterReport, err error) 48 | ClusterReportExpansion 49 | } 50 | 51 | // clusterReports implements ClusterReportInterface 52 | type clusterReports struct { 53 | client rest.Interface 54 | } 55 | 56 | // newClusterReports returns a ClusterReports 57 | func newClusterReports(c *OpenreportsV1alpha1Client) *clusterReports { 58 | return &clusterReports{ 59 | client: c.RESTClient(), 60 | } 61 | } 62 | 63 | // Get takes name of the clusterReport, and returns the corresponding clusterReport object, and an error if there is any. 64 | func (c *clusterReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterReport, err error) { 65 | result = &v1alpha1.ClusterReport{} 66 | err = c.client.Get(). 67 | Resource("clusterreports"). 68 | Name(name). 69 | VersionedParams(&options, scheme.ParameterCodec). 70 | Do(ctx). 71 | Into(result) 72 | return 73 | } 74 | 75 | // List takes label and field selectors, and returns the list of ClusterReports that match those selectors. 76 | func (c *clusterReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterReportList, err error) { 77 | var timeout time.Duration 78 | if opts.TimeoutSeconds != nil { 79 | timeout = time.Duration(*opts.TimeoutSeconds) * time.Second 80 | } 81 | result = &v1alpha1.ClusterReportList{} 82 | err = c.client.Get(). 83 | Resource("clusterreports"). 84 | VersionedParams(&opts, scheme.ParameterCodec). 85 | Timeout(timeout). 86 | Do(ctx). 87 | Into(result) 88 | return 89 | } 90 | 91 | // Watch returns a watch.Interface that watches the requested clusterReports. 92 | func (c *clusterReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { 93 | var timeout time.Duration 94 | if opts.TimeoutSeconds != nil { 95 | timeout = time.Duration(*opts.TimeoutSeconds) * time.Second 96 | } 97 | opts.Watch = true 98 | return c.client.Get(). 99 | Resource("clusterreports"). 100 | VersionedParams(&opts, scheme.ParameterCodec). 101 | Timeout(timeout). 102 | Watch(ctx) 103 | } 104 | 105 | // Create takes the representation of a clusterReport and creates it. Returns the server's representation of the clusterReport, and an error, if there is any. 106 | func (c *clusterReports) Create(ctx context.Context, clusterReport *v1alpha1.ClusterReport, opts v1.CreateOptions) (result *v1alpha1.ClusterReport, err error) { 107 | result = &v1alpha1.ClusterReport{} 108 | err = c.client.Post(). 109 | Resource("clusterreports"). 110 | VersionedParams(&opts, scheme.ParameterCodec). 111 | Body(clusterReport). 112 | Do(ctx). 113 | Into(result) 114 | return 115 | } 116 | 117 | // Update takes the representation of a clusterReport and updates it. Returns the server's representation of the clusterReport, and an error, if there is any. 118 | func (c *clusterReports) Update(ctx context.Context, clusterReport *v1alpha1.ClusterReport, opts v1.UpdateOptions) (result *v1alpha1.ClusterReport, err error) { 119 | result = &v1alpha1.ClusterReport{} 120 | err = c.client.Put(). 121 | Resource("clusterreports"). 122 | Name(clusterReport.Name). 123 | VersionedParams(&opts, scheme.ParameterCodec). 124 | Body(clusterReport). 125 | Do(ctx). 126 | Into(result) 127 | return 128 | } 129 | 130 | // Delete takes name of the clusterReport and deletes it. Returns an error if one occurs. 131 | func (c *clusterReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { 132 | return c.client.Delete(). 133 | Resource("clusterreports"). 134 | Name(name). 135 | Body(&opts). 136 | Do(ctx). 137 | Error() 138 | } 139 | 140 | // DeleteCollection deletes a collection of objects. 141 | func (c *clusterReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { 142 | var timeout time.Duration 143 | if listOpts.TimeoutSeconds != nil { 144 | timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second 145 | } 146 | return c.client.Delete(). 147 | Resource("clusterreports"). 148 | VersionedParams(&listOpts, scheme.ParameterCodec). 149 | Timeout(timeout). 150 | Body(&opts). 151 | Do(ctx). 152 | Error() 153 | } 154 | 155 | // Patch applies the patch and returns the patched clusterReport. 156 | func (c *clusterReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterReport, err error) { 157 | result = &v1alpha1.ClusterReport{} 158 | err = c.client.Patch(pt). 159 | Resource("clusterreports"). 160 | Name(name). 161 | SubResource(subresources...). 162 | VersionedParams(&opts, scheme.ParameterCodec). 163 | Body(data). 164 | Do(ctx). 165 | Into(result) 166 | return 167 | } 168 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/openreports.io/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | // This package has the automatically generated typed clients. 19 | package v1alpha1 20 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/openreports.io/v1alpha1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | // Package fake has the automatically generated clients. 19 | package fake 20 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/openreports.io/v1alpha1/fake/fake_clusterreport.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package fake 19 | 20 | import ( 21 | "context" 22 | 23 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 24 | labels "k8s.io/apimachinery/pkg/labels" 25 | types "k8s.io/apimachinery/pkg/types" 26 | watch "k8s.io/apimachinery/pkg/watch" 27 | testing "k8s.io/client-go/testing" 28 | v1alpha1 "openreports.io/apis/openreports.io/v1alpha1" 29 | ) 30 | 31 | // FakeClusterReports implements ClusterReportInterface 32 | type FakeClusterReports struct { 33 | Fake *FakeOpenreportsV1alpha1 34 | } 35 | 36 | var clusterreportsResource = v1alpha1.SchemeGroupVersion.WithResource("clusterreports") 37 | 38 | var clusterreportsKind = v1alpha1.SchemeGroupVersion.WithKind("ClusterReport") 39 | 40 | // Get takes name of the clusterReport, and returns the corresponding clusterReport object, and an error if there is any. 41 | func (c *FakeClusterReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterReport, err error) { 42 | obj, err := c.Fake. 43 | Invokes(testing.NewRootGetAction(clusterreportsResource, name), &v1alpha1.ClusterReport{}) 44 | if obj == nil { 45 | return nil, err 46 | } 47 | return obj.(*v1alpha1.ClusterReport), err 48 | } 49 | 50 | // List takes label and field selectors, and returns the list of ClusterReports that match those selectors. 51 | func (c *FakeClusterReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterReportList, err error) { 52 | obj, err := c.Fake. 53 | Invokes(testing.NewRootListAction(clusterreportsResource, clusterreportsKind, opts), &v1alpha1.ClusterReportList{}) 54 | if obj == nil { 55 | return nil, err 56 | } 57 | 58 | label, _, _ := testing.ExtractFromListOptions(opts) 59 | if label == nil { 60 | label = labels.Everything() 61 | } 62 | list := &v1alpha1.ClusterReportList{ListMeta: obj.(*v1alpha1.ClusterReportList).ListMeta} 63 | for _, item := range obj.(*v1alpha1.ClusterReportList).Items { 64 | if label.Matches(labels.Set(item.Labels)) { 65 | list.Items = append(list.Items, item) 66 | } 67 | } 68 | return list, err 69 | } 70 | 71 | // Watch returns a watch.Interface that watches the requested clusterReports. 72 | func (c *FakeClusterReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { 73 | return c.Fake. 74 | InvokesWatch(testing.NewRootWatchAction(clusterreportsResource, opts)) 75 | } 76 | 77 | // Create takes the representation of a clusterReport and creates it. Returns the server's representation of the clusterReport, and an error, if there is any. 78 | func (c *FakeClusterReports) Create(ctx context.Context, clusterReport *v1alpha1.ClusterReport, opts v1.CreateOptions) (result *v1alpha1.ClusterReport, err error) { 79 | obj, err := c.Fake. 80 | Invokes(testing.NewRootCreateAction(clusterreportsResource, clusterReport), &v1alpha1.ClusterReport{}) 81 | if obj == nil { 82 | return nil, err 83 | } 84 | return obj.(*v1alpha1.ClusterReport), err 85 | } 86 | 87 | // Update takes the representation of a clusterReport and updates it. Returns the server's representation of the clusterReport, and an error, if there is any. 88 | func (c *FakeClusterReports) Update(ctx context.Context, clusterReport *v1alpha1.ClusterReport, opts v1.UpdateOptions) (result *v1alpha1.ClusterReport, err error) { 89 | obj, err := c.Fake. 90 | Invokes(testing.NewRootUpdateAction(clusterreportsResource, clusterReport), &v1alpha1.ClusterReport{}) 91 | if obj == nil { 92 | return nil, err 93 | } 94 | return obj.(*v1alpha1.ClusterReport), err 95 | } 96 | 97 | // Delete takes name of the clusterReport and deletes it. Returns an error if one occurs. 98 | func (c *FakeClusterReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { 99 | _, err := c.Fake. 100 | Invokes(testing.NewRootDeleteActionWithOptions(clusterreportsResource, name, opts), &v1alpha1.ClusterReport{}) 101 | return err 102 | } 103 | 104 | // DeleteCollection deletes a collection of objects. 105 | func (c *FakeClusterReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { 106 | action := testing.NewRootDeleteCollectionAction(clusterreportsResource, listOpts) 107 | 108 | _, err := c.Fake.Invokes(action, &v1alpha1.ClusterReportList{}) 109 | return err 110 | } 111 | 112 | // Patch applies the patch and returns the patched clusterReport. 113 | func (c *FakeClusterReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterReport, err error) { 114 | obj, err := c.Fake. 115 | Invokes(testing.NewRootPatchSubresourceAction(clusterreportsResource, name, pt, data, subresources...), &v1alpha1.ClusterReport{}) 116 | if obj == nil { 117 | return nil, err 118 | } 119 | return obj.(*v1alpha1.ClusterReport), err 120 | } 121 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/openreports.io/v1alpha1/fake/fake_openreports.io_client.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package fake 19 | 20 | import ( 21 | rest "k8s.io/client-go/rest" 22 | testing "k8s.io/client-go/testing" 23 | v1alpha1 "openreports.io/pkg/client/clientset/versioned/typed/openreports.io/v1alpha1" 24 | ) 25 | 26 | type FakeOpenreportsV1alpha1 struct { 27 | *testing.Fake 28 | } 29 | 30 | func (c *FakeOpenreportsV1alpha1) ClusterReports() v1alpha1.ClusterReportInterface { 31 | return &FakeClusterReports{c} 32 | } 33 | 34 | func (c *FakeOpenreportsV1alpha1) Reports(namespace string) v1alpha1.ReportInterface { 35 | return &FakeReports{c, namespace} 36 | } 37 | 38 | // RESTClient returns a RESTClient that is used to communicate 39 | // with API server by this client implementation. 40 | func (c *FakeOpenreportsV1alpha1) RESTClient() rest.Interface { 41 | var ret *rest.RESTClient 42 | return ret 43 | } 44 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/openreports.io/v1alpha1/fake/fake_report.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package fake 19 | 20 | import ( 21 | "context" 22 | 23 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 24 | labels "k8s.io/apimachinery/pkg/labels" 25 | types "k8s.io/apimachinery/pkg/types" 26 | watch "k8s.io/apimachinery/pkg/watch" 27 | testing "k8s.io/client-go/testing" 28 | v1alpha1 "openreports.io/apis/openreports.io/v1alpha1" 29 | ) 30 | 31 | // FakeReports implements ReportInterface 32 | type FakeReports struct { 33 | Fake *FakeOpenreportsV1alpha1 34 | ns string 35 | } 36 | 37 | var reportsResource = v1alpha1.SchemeGroupVersion.WithResource("reports") 38 | 39 | var reportsKind = v1alpha1.SchemeGroupVersion.WithKind("Report") 40 | 41 | // Get takes name of the report, and returns the corresponding report object, and an error if there is any. 42 | func (c *FakeReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Report, err error) { 43 | obj, err := c.Fake. 44 | Invokes(testing.NewGetAction(reportsResource, c.ns, name), &v1alpha1.Report{}) 45 | 46 | if obj == nil { 47 | return nil, err 48 | } 49 | return obj.(*v1alpha1.Report), err 50 | } 51 | 52 | // List takes label and field selectors, and returns the list of Reports that match those selectors. 53 | func (c *FakeReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ReportList, err error) { 54 | obj, err := c.Fake. 55 | Invokes(testing.NewListAction(reportsResource, reportsKind, c.ns, opts), &v1alpha1.ReportList{}) 56 | 57 | if obj == nil { 58 | return nil, err 59 | } 60 | 61 | label, _, _ := testing.ExtractFromListOptions(opts) 62 | if label == nil { 63 | label = labels.Everything() 64 | } 65 | list := &v1alpha1.ReportList{ListMeta: obj.(*v1alpha1.ReportList).ListMeta} 66 | for _, item := range obj.(*v1alpha1.ReportList).Items { 67 | if label.Matches(labels.Set(item.Labels)) { 68 | list.Items = append(list.Items, item) 69 | } 70 | } 71 | return list, err 72 | } 73 | 74 | // Watch returns a watch.Interface that watches the requested reports. 75 | func (c *FakeReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { 76 | return c.Fake. 77 | InvokesWatch(testing.NewWatchAction(reportsResource, c.ns, opts)) 78 | 79 | } 80 | 81 | // Create takes the representation of a report and creates it. Returns the server's representation of the report, and an error, if there is any. 82 | func (c *FakeReports) Create(ctx context.Context, report *v1alpha1.Report, opts v1.CreateOptions) (result *v1alpha1.Report, err error) { 83 | obj, err := c.Fake. 84 | Invokes(testing.NewCreateAction(reportsResource, c.ns, report), &v1alpha1.Report{}) 85 | 86 | if obj == nil { 87 | return nil, err 88 | } 89 | return obj.(*v1alpha1.Report), err 90 | } 91 | 92 | // Update takes the representation of a report and updates it. Returns the server's representation of the report, and an error, if there is any. 93 | func (c *FakeReports) Update(ctx context.Context, report *v1alpha1.Report, opts v1.UpdateOptions) (result *v1alpha1.Report, err error) { 94 | obj, err := c.Fake. 95 | Invokes(testing.NewUpdateAction(reportsResource, c.ns, report), &v1alpha1.Report{}) 96 | 97 | if obj == nil { 98 | return nil, err 99 | } 100 | return obj.(*v1alpha1.Report), err 101 | } 102 | 103 | // Delete takes name of the report and deletes it. Returns an error if one occurs. 104 | func (c *FakeReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { 105 | _, err := c.Fake. 106 | Invokes(testing.NewDeleteActionWithOptions(reportsResource, c.ns, name, opts), &v1alpha1.Report{}) 107 | 108 | return err 109 | } 110 | 111 | // DeleteCollection deletes a collection of objects. 112 | func (c *FakeReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { 113 | action := testing.NewDeleteCollectionAction(reportsResource, c.ns, listOpts) 114 | 115 | _, err := c.Fake.Invokes(action, &v1alpha1.ReportList{}) 116 | return err 117 | } 118 | 119 | // Patch applies the patch and returns the patched report. 120 | func (c *FakeReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Report, err error) { 121 | obj, err := c.Fake. 122 | Invokes(testing.NewPatchSubresourceAction(reportsResource, c.ns, name, pt, data, subresources...), &v1alpha1.Report{}) 123 | 124 | if obj == nil { 125 | return nil, err 126 | } 127 | return obj.(*v1alpha1.Report), err 128 | } 129 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/openreports.io/v1alpha1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | type ClusterReportExpansion interface{} 21 | 22 | type ReportExpansion interface{} 23 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/openreports.io/v1alpha1/openreports.io_client.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import ( 21 | "net/http" 22 | 23 | rest "k8s.io/client-go/rest" 24 | v1alpha1 "openreports.io/apis/openreports.io/v1alpha1" 25 | "openreports.io/pkg/client/clientset/versioned/scheme" 26 | ) 27 | 28 | type OpenreportsV1alpha1Interface interface { 29 | RESTClient() rest.Interface 30 | ClusterReportsGetter 31 | ReportsGetter 32 | } 33 | 34 | // OpenreportsV1alpha1Client is used to interact with features provided by the openreports.io group. 35 | type OpenreportsV1alpha1Client struct { 36 | restClient rest.Interface 37 | } 38 | 39 | func (c *OpenreportsV1alpha1Client) ClusterReports() ClusterReportInterface { 40 | return newClusterReports(c) 41 | } 42 | 43 | func (c *OpenreportsV1alpha1Client) Reports(namespace string) ReportInterface { 44 | return newReports(c, namespace) 45 | } 46 | 47 | // NewForConfig creates a new OpenreportsV1alpha1Client for the given config. 48 | // NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), 49 | // where httpClient was generated with rest.HTTPClientFor(c). 50 | func NewForConfig(c *rest.Config) (*OpenreportsV1alpha1Client, error) { 51 | config := *c 52 | if err := setConfigDefaults(&config); err != nil { 53 | return nil, err 54 | } 55 | httpClient, err := rest.HTTPClientFor(&config) 56 | if err != nil { 57 | return nil, err 58 | } 59 | return NewForConfigAndClient(&config, httpClient) 60 | } 61 | 62 | // NewForConfigAndClient creates a new OpenreportsV1alpha1Client for the given config and http client. 63 | // Note the http client provided takes precedence over the configured transport values. 64 | func NewForConfigAndClient(c *rest.Config, h *http.Client) (*OpenreportsV1alpha1Client, error) { 65 | config := *c 66 | if err := setConfigDefaults(&config); err != nil { 67 | return nil, err 68 | } 69 | client, err := rest.RESTClientForConfigAndClient(&config, h) 70 | if err != nil { 71 | return nil, err 72 | } 73 | return &OpenreportsV1alpha1Client{client}, nil 74 | } 75 | 76 | // NewForConfigOrDie creates a new OpenreportsV1alpha1Client for the given config and 77 | // panics if there is an error in the config. 78 | func NewForConfigOrDie(c *rest.Config) *OpenreportsV1alpha1Client { 79 | client, err := NewForConfig(c) 80 | if err != nil { 81 | panic(err) 82 | } 83 | return client 84 | } 85 | 86 | // New creates a new OpenreportsV1alpha1Client for the given RESTClient. 87 | func New(c rest.Interface) *OpenreportsV1alpha1Client { 88 | return &OpenreportsV1alpha1Client{c} 89 | } 90 | 91 | func setConfigDefaults(config *rest.Config) error { 92 | gv := v1alpha1.SchemeGroupVersion 93 | config.GroupVersion = &gv 94 | config.APIPath = "/apis" 95 | config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() 96 | 97 | if config.UserAgent == "" { 98 | config.UserAgent = rest.DefaultKubernetesUserAgent() 99 | } 100 | 101 | return nil 102 | } 103 | 104 | // RESTClient returns a RESTClient that is used to communicate 105 | // with API server by this client implementation. 106 | func (c *OpenreportsV1alpha1Client) RESTClient() rest.Interface { 107 | if c == nil { 108 | return nil 109 | } 110 | return c.restClient 111 | } 112 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/openreports.io/v1alpha1/report.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import ( 21 | "context" 22 | "time" 23 | 24 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | types "k8s.io/apimachinery/pkg/types" 26 | watch "k8s.io/apimachinery/pkg/watch" 27 | rest "k8s.io/client-go/rest" 28 | v1alpha1 "openreports.io/apis/openreports.io/v1alpha1" 29 | scheme "openreports.io/pkg/client/clientset/versioned/scheme" 30 | ) 31 | 32 | // ReportsGetter has a method to return a ReportInterface. 33 | // A group's client should implement this interface. 34 | type ReportsGetter interface { 35 | Reports(namespace string) ReportInterface 36 | } 37 | 38 | // ReportInterface has methods to work with Report resources. 39 | type ReportInterface interface { 40 | Create(ctx context.Context, report *v1alpha1.Report, opts v1.CreateOptions) (*v1alpha1.Report, error) 41 | Update(ctx context.Context, report *v1alpha1.Report, opts v1.UpdateOptions) (*v1alpha1.Report, error) 42 | Delete(ctx context.Context, name string, opts v1.DeleteOptions) error 43 | DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error 44 | Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.Report, error) 45 | List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ReportList, error) 46 | Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) 47 | Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Report, err error) 48 | ReportExpansion 49 | } 50 | 51 | // reports implements ReportInterface 52 | type reports struct { 53 | client rest.Interface 54 | ns string 55 | } 56 | 57 | // newReports returns a Reports 58 | func newReports(c *OpenreportsV1alpha1Client, namespace string) *reports { 59 | return &reports{ 60 | client: c.RESTClient(), 61 | ns: namespace, 62 | } 63 | } 64 | 65 | // Get takes name of the report, and returns the corresponding report object, and an error if there is any. 66 | func (c *reports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Report, err error) { 67 | result = &v1alpha1.Report{} 68 | err = c.client.Get(). 69 | Namespace(c.ns). 70 | Resource("reports"). 71 | Name(name). 72 | VersionedParams(&options, scheme.ParameterCodec). 73 | Do(ctx). 74 | Into(result) 75 | return 76 | } 77 | 78 | // List takes label and field selectors, and returns the list of Reports that match those selectors. 79 | func (c *reports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ReportList, err error) { 80 | var timeout time.Duration 81 | if opts.TimeoutSeconds != nil { 82 | timeout = time.Duration(*opts.TimeoutSeconds) * time.Second 83 | } 84 | result = &v1alpha1.ReportList{} 85 | err = c.client.Get(). 86 | Namespace(c.ns). 87 | Resource("reports"). 88 | VersionedParams(&opts, scheme.ParameterCodec). 89 | Timeout(timeout). 90 | Do(ctx). 91 | Into(result) 92 | return 93 | } 94 | 95 | // Watch returns a watch.Interface that watches the requested reports. 96 | func (c *reports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { 97 | var timeout time.Duration 98 | if opts.TimeoutSeconds != nil { 99 | timeout = time.Duration(*opts.TimeoutSeconds) * time.Second 100 | } 101 | opts.Watch = true 102 | return c.client.Get(). 103 | Namespace(c.ns). 104 | Resource("reports"). 105 | VersionedParams(&opts, scheme.ParameterCodec). 106 | Timeout(timeout). 107 | Watch(ctx) 108 | } 109 | 110 | // Create takes the representation of a report and creates it. Returns the server's representation of the report, and an error, if there is any. 111 | func (c *reports) Create(ctx context.Context, report *v1alpha1.Report, opts v1.CreateOptions) (result *v1alpha1.Report, err error) { 112 | result = &v1alpha1.Report{} 113 | err = c.client.Post(). 114 | Namespace(c.ns). 115 | Resource("reports"). 116 | VersionedParams(&opts, scheme.ParameterCodec). 117 | Body(report). 118 | Do(ctx). 119 | Into(result) 120 | return 121 | } 122 | 123 | // Update takes the representation of a report and updates it. Returns the server's representation of the report, and an error, if there is any. 124 | func (c *reports) Update(ctx context.Context, report *v1alpha1.Report, opts v1.UpdateOptions) (result *v1alpha1.Report, err error) { 125 | result = &v1alpha1.Report{} 126 | err = c.client.Put(). 127 | Namespace(c.ns). 128 | Resource("reports"). 129 | Name(report.Name). 130 | VersionedParams(&opts, scheme.ParameterCodec). 131 | Body(report). 132 | Do(ctx). 133 | Into(result) 134 | return 135 | } 136 | 137 | // Delete takes name of the report and deletes it. Returns an error if one occurs. 138 | func (c *reports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { 139 | return c.client.Delete(). 140 | Namespace(c.ns). 141 | Resource("reports"). 142 | Name(name). 143 | Body(&opts). 144 | Do(ctx). 145 | Error() 146 | } 147 | 148 | // DeleteCollection deletes a collection of objects. 149 | func (c *reports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { 150 | var timeout time.Duration 151 | if listOpts.TimeoutSeconds != nil { 152 | timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second 153 | } 154 | return c.client.Delete(). 155 | Namespace(c.ns). 156 | Resource("reports"). 157 | VersionedParams(&listOpts, scheme.ParameterCodec). 158 | Timeout(timeout). 159 | Body(&opts). 160 | Do(ctx). 161 | Error() 162 | } 163 | 164 | // Patch applies the patch and returns the patched report. 165 | func (c *reports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.Report, err error) { 166 | result = &v1alpha1.Report{} 167 | err = c.client.Patch(pt). 168 | Namespace(c.ns). 169 | Resource("reports"). 170 | Name(name). 171 | SubResource(subresources...). 172 | VersionedParams(&opts, scheme.ParameterCodec). 173 | Body(data). 174 | Do(ctx). 175 | Into(result) 176 | return 177 | } 178 | -------------------------------------------------------------------------------- /pkg/client/informers/externalversions/factory.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by informer-gen. DO NOT EDIT. 17 | 18 | package externalversions 19 | 20 | import ( 21 | reflect "reflect" 22 | sync "sync" 23 | time "time" 24 | 25 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 26 | runtime "k8s.io/apimachinery/pkg/runtime" 27 | schema "k8s.io/apimachinery/pkg/runtime/schema" 28 | cache "k8s.io/client-go/tools/cache" 29 | versioned "openreports.io/pkg/client/clientset/versioned" 30 | internalinterfaces "openreports.io/pkg/client/informers/externalversions/internalinterfaces" 31 | openreportsio "openreports.io/pkg/client/informers/externalversions/openreports.io" 32 | ) 33 | 34 | // SharedInformerOption defines the functional option type for SharedInformerFactory. 35 | type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory 36 | 37 | type sharedInformerFactory struct { 38 | client versioned.Interface 39 | namespace string 40 | tweakListOptions internalinterfaces.TweakListOptionsFunc 41 | lock sync.Mutex 42 | defaultResync time.Duration 43 | customResync map[reflect.Type]time.Duration 44 | transform cache.TransformFunc 45 | 46 | informers map[reflect.Type]cache.SharedIndexInformer 47 | // startedInformers is used for tracking which informers have been started. 48 | // This allows Start() to be called multiple times safely. 49 | startedInformers map[reflect.Type]bool 50 | // wg tracks how many goroutines were started. 51 | wg sync.WaitGroup 52 | // shuttingDown is true when Shutdown has been called. It may still be running 53 | // because it needs to wait for goroutines. 54 | shuttingDown bool 55 | } 56 | 57 | // WithCustomResyncConfig sets a custom resync period for the specified informer types. 58 | func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption { 59 | return func(factory *sharedInformerFactory) *sharedInformerFactory { 60 | for k, v := range resyncConfig { 61 | factory.customResync[reflect.TypeOf(k)] = v 62 | } 63 | return factory 64 | } 65 | } 66 | 67 | // WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory. 68 | func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption { 69 | return func(factory *sharedInformerFactory) *sharedInformerFactory { 70 | factory.tweakListOptions = tweakListOptions 71 | return factory 72 | } 73 | } 74 | 75 | // WithNamespace limits the SharedInformerFactory to the specified namespace. 76 | func WithNamespace(namespace string) SharedInformerOption { 77 | return func(factory *sharedInformerFactory) *sharedInformerFactory { 78 | factory.namespace = namespace 79 | return factory 80 | } 81 | } 82 | 83 | // WithTransform sets a transform on all informers. 84 | func WithTransform(transform cache.TransformFunc) SharedInformerOption { 85 | return func(factory *sharedInformerFactory) *sharedInformerFactory { 86 | factory.transform = transform 87 | return factory 88 | } 89 | } 90 | 91 | // NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces. 92 | func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory { 93 | return NewSharedInformerFactoryWithOptions(client, defaultResync) 94 | } 95 | 96 | // NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory. 97 | // Listers obtained via this SharedInformerFactory will be subject to the same filters 98 | // as specified here. 99 | // Deprecated: Please use NewSharedInformerFactoryWithOptions instead 100 | func NewFilteredSharedInformerFactory(client versioned.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory { 101 | return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions)) 102 | } 103 | 104 | // NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options. 105 | func NewSharedInformerFactoryWithOptions(client versioned.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory { 106 | factory := &sharedInformerFactory{ 107 | client: client, 108 | namespace: v1.NamespaceAll, 109 | defaultResync: defaultResync, 110 | informers: make(map[reflect.Type]cache.SharedIndexInformer), 111 | startedInformers: make(map[reflect.Type]bool), 112 | customResync: make(map[reflect.Type]time.Duration), 113 | } 114 | 115 | // Apply all options 116 | for _, opt := range options { 117 | factory = opt(factory) 118 | } 119 | 120 | return factory 121 | } 122 | 123 | func (f *sharedInformerFactory) Start(stopCh <-chan struct{}) { 124 | f.lock.Lock() 125 | defer f.lock.Unlock() 126 | 127 | if f.shuttingDown { 128 | return 129 | } 130 | 131 | for informerType, informer := range f.informers { 132 | if !f.startedInformers[informerType] { 133 | f.wg.Add(1) 134 | // We need a new variable in each loop iteration, 135 | // otherwise the goroutine would use the loop variable 136 | // and that keeps changing. 137 | informer := informer 138 | go func() { 139 | defer f.wg.Done() 140 | informer.Run(stopCh) 141 | }() 142 | f.startedInformers[informerType] = true 143 | } 144 | } 145 | } 146 | 147 | func (f *sharedInformerFactory) Shutdown() { 148 | f.lock.Lock() 149 | f.shuttingDown = true 150 | f.lock.Unlock() 151 | 152 | // Will return immediately if there is nothing to wait for. 153 | f.wg.Wait() 154 | } 155 | 156 | func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool { 157 | informers := func() map[reflect.Type]cache.SharedIndexInformer { 158 | f.lock.Lock() 159 | defer f.lock.Unlock() 160 | 161 | informers := map[reflect.Type]cache.SharedIndexInformer{} 162 | for informerType, informer := range f.informers { 163 | if f.startedInformers[informerType] { 164 | informers[informerType] = informer 165 | } 166 | } 167 | return informers 168 | }() 169 | 170 | res := map[reflect.Type]bool{} 171 | for informType, informer := range informers { 172 | res[informType] = cache.WaitForCacheSync(stopCh, informer.HasSynced) 173 | } 174 | return res 175 | } 176 | 177 | // InformerFor returns the SharedIndexInformer for obj using an internal 178 | // client. 179 | func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer { 180 | f.lock.Lock() 181 | defer f.lock.Unlock() 182 | 183 | informerType := reflect.TypeOf(obj) 184 | informer, exists := f.informers[informerType] 185 | if exists { 186 | return informer 187 | } 188 | 189 | resyncPeriod, exists := f.customResync[informerType] 190 | if !exists { 191 | resyncPeriod = f.defaultResync 192 | } 193 | 194 | informer = newFunc(f.client, resyncPeriod) 195 | informer.SetTransform(f.transform) 196 | f.informers[informerType] = informer 197 | 198 | return informer 199 | } 200 | 201 | // SharedInformerFactory provides shared informers for resources in all known 202 | // API group versions. 203 | // 204 | // It is typically used like this: 205 | // 206 | // ctx, cancel := context.Background() 207 | // defer cancel() 208 | // factory := NewSharedInformerFactory(client, resyncPeriod) 209 | // defer factory.WaitForStop() // Returns immediately if nothing was started. 210 | // genericInformer := factory.ForResource(resource) 211 | // typedInformer := factory.SomeAPIGroup().V1().SomeType() 212 | // factory.Start(ctx.Done()) // Start processing these informers. 213 | // synced := factory.WaitForCacheSync(ctx.Done()) 214 | // for v, ok := range synced { 215 | // if !ok { 216 | // fmt.Fprintf(os.Stderr, "caches failed to sync: %v", v) 217 | // return 218 | // } 219 | // } 220 | // 221 | // // Creating informers can also be created after Start, but then 222 | // // Start must be called again: 223 | // anotherGenericInformer := factory.ForResource(resource) 224 | // factory.Start(ctx.Done()) 225 | type SharedInformerFactory interface { 226 | internalinterfaces.SharedInformerFactory 227 | 228 | // Start initializes all requested informers. They are handled in goroutines 229 | // which run until the stop channel gets closed. 230 | Start(stopCh <-chan struct{}) 231 | 232 | // Shutdown marks a factory as shutting down. At that point no new 233 | // informers can be started anymore and Start will return without 234 | // doing anything. 235 | // 236 | // In addition, Shutdown blocks until all goroutines have terminated. For that 237 | // to happen, the close channel(s) that they were started with must be closed, 238 | // either before Shutdown gets called or while it is waiting. 239 | // 240 | // Shutdown may be called multiple times, even concurrently. All such calls will 241 | // block until all goroutines have terminated. 242 | Shutdown() 243 | 244 | // WaitForCacheSync blocks until all started informers' caches were synced 245 | // or the stop channel gets closed. 246 | WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool 247 | 248 | // ForResource gives generic access to a shared informer of the matching type. 249 | ForResource(resource schema.GroupVersionResource) (GenericInformer, error) 250 | 251 | // InformerFor returns the SharedIndexInformer for obj using an internal 252 | // client. 253 | InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer 254 | 255 | Openreports() openreportsio.Interface 256 | } 257 | 258 | func (f *sharedInformerFactory) Openreports() openreportsio.Interface { 259 | return openreportsio.New(f, f.namespace, f.tweakListOptions) 260 | } 261 | -------------------------------------------------------------------------------- /pkg/client/informers/externalversions/generic.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by informer-gen. DO NOT EDIT. 17 | 18 | package externalversions 19 | 20 | import ( 21 | "fmt" 22 | 23 | schema "k8s.io/apimachinery/pkg/runtime/schema" 24 | cache "k8s.io/client-go/tools/cache" 25 | v1alpha1 "openreports.io/apis/openreports.io/v1alpha1" 26 | ) 27 | 28 | // GenericInformer is type of SharedIndexInformer which will locate and delegate to other 29 | // sharedInformers based on type 30 | type GenericInformer interface { 31 | Informer() cache.SharedIndexInformer 32 | Lister() cache.GenericLister 33 | } 34 | 35 | type genericInformer struct { 36 | informer cache.SharedIndexInformer 37 | resource schema.GroupResource 38 | } 39 | 40 | // Informer returns the SharedIndexInformer. 41 | func (f *genericInformer) Informer() cache.SharedIndexInformer { 42 | return f.informer 43 | } 44 | 45 | // Lister returns the GenericLister. 46 | func (f *genericInformer) Lister() cache.GenericLister { 47 | return cache.NewGenericLister(f.Informer().GetIndexer(), f.resource) 48 | } 49 | 50 | // ForResource gives generic access to a shared informer of the matching type 51 | // TODO extend this to unknown resources with a client pool 52 | func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { 53 | switch resource { 54 | // Group=openreports.io, Version=v1alpha1 55 | case v1alpha1.SchemeGroupVersion.WithResource("clusterreports"): 56 | return &genericInformer{resource: resource.GroupResource(), informer: f.Openreports().V1alpha1().ClusterReports().Informer()}, nil 57 | case v1alpha1.SchemeGroupVersion.WithResource("reports"): 58 | return &genericInformer{resource: resource.GroupResource(), informer: f.Openreports().V1alpha1().Reports().Informer()}, nil 59 | 60 | } 61 | 62 | return nil, fmt.Errorf("no informer found for %v", resource) 63 | } 64 | -------------------------------------------------------------------------------- /pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by informer-gen. DO NOT EDIT. 17 | 18 | package internalinterfaces 19 | 20 | import ( 21 | time "time" 22 | 23 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 24 | runtime "k8s.io/apimachinery/pkg/runtime" 25 | cache "k8s.io/client-go/tools/cache" 26 | versioned "openreports.io/pkg/client/clientset/versioned" 27 | ) 28 | 29 | // NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer. 30 | type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer 31 | 32 | // SharedInformerFactory a small interface to allow for adding an informer without an import cycle 33 | type SharedInformerFactory interface { 34 | Start(stopCh <-chan struct{}) 35 | InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer 36 | } 37 | 38 | // TweakListOptionsFunc is a function that transforms a v1.ListOptions. 39 | type TweakListOptionsFunc func(*v1.ListOptions) 40 | -------------------------------------------------------------------------------- /pkg/client/informers/externalversions/openreports.io/interface.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by informer-gen. DO NOT EDIT. 17 | 18 | package openreports 19 | 20 | import ( 21 | internalinterfaces "openreports.io/pkg/client/informers/externalversions/internalinterfaces" 22 | v1alpha1 "openreports.io/pkg/client/informers/externalversions/openreports.io/v1alpha1" 23 | ) 24 | 25 | // Interface provides access to each of this group's versions. 26 | type Interface interface { 27 | // V1alpha1 provides access to shared informers for resources in V1alpha1. 28 | V1alpha1() v1alpha1.Interface 29 | } 30 | 31 | type group struct { 32 | factory internalinterfaces.SharedInformerFactory 33 | namespace string 34 | tweakListOptions internalinterfaces.TweakListOptionsFunc 35 | } 36 | 37 | // New returns a new Interface. 38 | func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { 39 | return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} 40 | } 41 | 42 | // V1alpha1 returns a new v1alpha1.Interface. 43 | func (g *group) V1alpha1() v1alpha1.Interface { 44 | return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) 45 | } 46 | -------------------------------------------------------------------------------- /pkg/client/informers/externalversions/openreports.io/v1alpha1/clusterreport.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by informer-gen. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import ( 21 | "context" 22 | time "time" 23 | 24 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | watch "k8s.io/apimachinery/pkg/watch" 27 | cache "k8s.io/client-go/tools/cache" 28 | openreportsiov1alpha1 "openreports.io/apis/openreports.io/v1alpha1" 29 | versioned "openreports.io/pkg/client/clientset/versioned" 30 | internalinterfaces "openreports.io/pkg/client/informers/externalversions/internalinterfaces" 31 | v1alpha1 "openreports.io/pkg/client/listers/openreports.io/v1alpha1" 32 | ) 33 | 34 | // ClusterReportInformer provides access to a shared informer and lister for 35 | // ClusterReports. 36 | type ClusterReportInformer interface { 37 | Informer() cache.SharedIndexInformer 38 | Lister() v1alpha1.ClusterReportLister 39 | } 40 | 41 | type clusterReportInformer struct { 42 | factory internalinterfaces.SharedInformerFactory 43 | tweakListOptions internalinterfaces.TweakListOptionsFunc 44 | } 45 | 46 | // NewClusterReportInformer constructs a new informer for ClusterReport type. 47 | // Always prefer using an informer factory to get a shared informer instead of getting an independent 48 | // one. This reduces memory footprint and number of connections to the server. 49 | func NewClusterReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { 50 | return NewFilteredClusterReportInformer(client, resyncPeriod, indexers, nil) 51 | } 52 | 53 | // NewFilteredClusterReportInformer constructs a new informer for ClusterReport type. 54 | // Always prefer using an informer factory to get a shared informer instead of getting an independent 55 | // one. This reduces memory footprint and number of connections to the server. 56 | func NewFilteredClusterReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { 57 | return cache.NewSharedIndexInformer( 58 | &cache.ListWatch{ 59 | ListFunc: func(options v1.ListOptions) (runtime.Object, error) { 60 | if tweakListOptions != nil { 61 | tweakListOptions(&options) 62 | } 63 | return client.OpenreportsV1alpha1().ClusterReports().List(context.TODO(), options) 64 | }, 65 | WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { 66 | if tweakListOptions != nil { 67 | tweakListOptions(&options) 68 | } 69 | return client.OpenreportsV1alpha1().ClusterReports().Watch(context.TODO(), options) 70 | }, 71 | }, 72 | &openreportsiov1alpha1.ClusterReport{}, 73 | resyncPeriod, 74 | indexers, 75 | ) 76 | } 77 | 78 | func (f *clusterReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { 79 | return NewFilteredClusterReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) 80 | } 81 | 82 | func (f *clusterReportInformer) Informer() cache.SharedIndexInformer { 83 | return f.factory.InformerFor(&openreportsiov1alpha1.ClusterReport{}, f.defaultInformer) 84 | } 85 | 86 | func (f *clusterReportInformer) Lister() v1alpha1.ClusterReportLister { 87 | return v1alpha1.NewClusterReportLister(f.Informer().GetIndexer()) 88 | } 89 | -------------------------------------------------------------------------------- /pkg/client/informers/externalversions/openreports.io/v1alpha1/interface.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by informer-gen. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import ( 21 | internalinterfaces "openreports.io/pkg/client/informers/externalversions/internalinterfaces" 22 | ) 23 | 24 | // Interface provides access to all the informers in this group version. 25 | type Interface interface { 26 | // ClusterReports returns a ClusterReportInformer. 27 | ClusterReports() ClusterReportInformer 28 | // Reports returns a ReportInformer. 29 | Reports() ReportInformer 30 | } 31 | 32 | type version struct { 33 | factory internalinterfaces.SharedInformerFactory 34 | namespace string 35 | tweakListOptions internalinterfaces.TweakListOptionsFunc 36 | } 37 | 38 | // New returns a new Interface. 39 | func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { 40 | return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} 41 | } 42 | 43 | // ClusterReports returns a ClusterReportInformer. 44 | func (v *version) ClusterReports() ClusterReportInformer { 45 | return &clusterReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} 46 | } 47 | 48 | // Reports returns a ReportInformer. 49 | func (v *version) Reports() ReportInformer { 50 | return &reportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} 51 | } 52 | -------------------------------------------------------------------------------- /pkg/client/informers/externalversions/openreports.io/v1alpha1/report.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by informer-gen. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import ( 21 | "context" 22 | time "time" 23 | 24 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | watch "k8s.io/apimachinery/pkg/watch" 27 | cache "k8s.io/client-go/tools/cache" 28 | openreportsiov1alpha1 "openreports.io/apis/openreports.io/v1alpha1" 29 | versioned "openreports.io/pkg/client/clientset/versioned" 30 | internalinterfaces "openreports.io/pkg/client/informers/externalversions/internalinterfaces" 31 | v1alpha1 "openreports.io/pkg/client/listers/openreports.io/v1alpha1" 32 | ) 33 | 34 | // ReportInformer provides access to a shared informer and lister for 35 | // Reports. 36 | type ReportInformer interface { 37 | Informer() cache.SharedIndexInformer 38 | Lister() v1alpha1.ReportLister 39 | } 40 | 41 | type reportInformer struct { 42 | factory internalinterfaces.SharedInformerFactory 43 | tweakListOptions internalinterfaces.TweakListOptionsFunc 44 | namespace string 45 | } 46 | 47 | // NewReportInformer constructs a new informer for Report type. 48 | // Always prefer using an informer factory to get a shared informer instead of getting an independent 49 | // one. This reduces memory footprint and number of connections to the server. 50 | func NewReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { 51 | return NewFilteredReportInformer(client, namespace, resyncPeriod, indexers, nil) 52 | } 53 | 54 | // NewFilteredReportInformer constructs a new informer for Report type. 55 | // Always prefer using an informer factory to get a shared informer instead of getting an independent 56 | // one. This reduces memory footprint and number of connections to the server. 57 | func NewFilteredReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { 58 | return cache.NewSharedIndexInformer( 59 | &cache.ListWatch{ 60 | ListFunc: func(options v1.ListOptions) (runtime.Object, error) { 61 | if tweakListOptions != nil { 62 | tweakListOptions(&options) 63 | } 64 | return client.OpenreportsV1alpha1().Reports(namespace).List(context.TODO(), options) 65 | }, 66 | WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { 67 | if tweakListOptions != nil { 68 | tweakListOptions(&options) 69 | } 70 | return client.OpenreportsV1alpha1().Reports(namespace).Watch(context.TODO(), options) 71 | }, 72 | }, 73 | &openreportsiov1alpha1.Report{}, 74 | resyncPeriod, 75 | indexers, 76 | ) 77 | } 78 | 79 | func (f *reportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { 80 | return NewFilteredReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) 81 | } 82 | 83 | func (f *reportInformer) Informer() cache.SharedIndexInformer { 84 | return f.factory.InformerFor(&openreportsiov1alpha1.Report{}, f.defaultInformer) 85 | } 86 | 87 | func (f *reportInformer) Lister() v1alpha1.ReportLister { 88 | return v1alpha1.NewReportLister(f.Informer().GetIndexer()) 89 | } 90 | -------------------------------------------------------------------------------- /pkg/client/listers/openreports.io/v1alpha1/clusterreport.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by lister-gen. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import ( 21 | "k8s.io/apimachinery/pkg/api/errors" 22 | "k8s.io/apimachinery/pkg/labels" 23 | "k8s.io/client-go/tools/cache" 24 | v1alpha1 "openreports.io/apis/openreports.io/v1alpha1" 25 | ) 26 | 27 | // ClusterReportLister helps list ClusterReports. 28 | // All objects returned here must be treated as read-only. 29 | type ClusterReportLister interface { 30 | // List lists all ClusterReports in the indexer. 31 | // Objects returned here must be treated as read-only. 32 | List(selector labels.Selector) (ret []*v1alpha1.ClusterReport, err error) 33 | // Get retrieves the ClusterReport from the index for a given name. 34 | // Objects returned here must be treated as read-only. 35 | Get(name string) (*v1alpha1.ClusterReport, error) 36 | ClusterReportListerExpansion 37 | } 38 | 39 | // clusterReportLister implements the ClusterReportLister interface. 40 | type clusterReportLister struct { 41 | indexer cache.Indexer 42 | } 43 | 44 | // NewClusterReportLister returns a new ClusterReportLister. 45 | func NewClusterReportLister(indexer cache.Indexer) ClusterReportLister { 46 | return &clusterReportLister{indexer: indexer} 47 | } 48 | 49 | // List lists all ClusterReports in the indexer. 50 | func (s *clusterReportLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterReport, err error) { 51 | err = cache.ListAll(s.indexer, selector, func(m interface{}) { 52 | ret = append(ret, m.(*v1alpha1.ClusterReport)) 53 | }) 54 | return ret, err 55 | } 56 | 57 | // Get retrieves the ClusterReport from the index for a given name. 58 | func (s *clusterReportLister) Get(name string) (*v1alpha1.ClusterReport, error) { 59 | obj, exists, err := s.indexer.GetByKey(name) 60 | if err != nil { 61 | return nil, err 62 | } 63 | if !exists { 64 | return nil, errors.NewNotFound(v1alpha1.Resource("clusterreport"), name) 65 | } 66 | return obj.(*v1alpha1.ClusterReport), nil 67 | } 68 | -------------------------------------------------------------------------------- /pkg/client/listers/openreports.io/v1alpha1/expansion_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by lister-gen. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | // ClusterReportListerExpansion allows custom methods to be added to 21 | // ClusterReportLister. 22 | type ClusterReportListerExpansion interface{} 23 | 24 | // ReportListerExpansion allows custom methods to be added to 25 | // ReportLister. 26 | type ReportListerExpansion interface{} 27 | 28 | // ReportNamespaceListerExpansion allows custom methods to be added to 29 | // ReportNamespaceLister. 30 | type ReportNamespaceListerExpansion interface{} 31 | -------------------------------------------------------------------------------- /pkg/client/listers/openreports.io/v1alpha1/report.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by lister-gen. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import ( 21 | "k8s.io/apimachinery/pkg/api/errors" 22 | "k8s.io/apimachinery/pkg/labels" 23 | "k8s.io/client-go/tools/cache" 24 | v1alpha1 "openreports.io/apis/openreports.io/v1alpha1" 25 | ) 26 | 27 | // ReportLister helps list Reports. 28 | // All objects returned here must be treated as read-only. 29 | type ReportLister interface { 30 | // List lists all Reports in the indexer. 31 | // Objects returned here must be treated as read-only. 32 | List(selector labels.Selector) (ret []*v1alpha1.Report, err error) 33 | // Reports returns an object that can list and get Reports. 34 | Reports(namespace string) ReportNamespaceLister 35 | ReportListerExpansion 36 | } 37 | 38 | // reportLister implements the ReportLister interface. 39 | type reportLister struct { 40 | indexer cache.Indexer 41 | } 42 | 43 | // NewReportLister returns a new ReportLister. 44 | func NewReportLister(indexer cache.Indexer) ReportLister { 45 | return &reportLister{indexer: indexer} 46 | } 47 | 48 | // List lists all Reports in the indexer. 49 | func (s *reportLister) List(selector labels.Selector) (ret []*v1alpha1.Report, err error) { 50 | err = cache.ListAll(s.indexer, selector, func(m interface{}) { 51 | ret = append(ret, m.(*v1alpha1.Report)) 52 | }) 53 | return ret, err 54 | } 55 | 56 | // Reports returns an object that can list and get Reports. 57 | func (s *reportLister) Reports(namespace string) ReportNamespaceLister { 58 | return reportNamespaceLister{indexer: s.indexer, namespace: namespace} 59 | } 60 | 61 | // ReportNamespaceLister helps list and get Reports. 62 | // All objects returned here must be treated as read-only. 63 | type ReportNamespaceLister interface { 64 | // List lists all Reports in the indexer for a given namespace. 65 | // Objects returned here must be treated as read-only. 66 | List(selector labels.Selector) (ret []*v1alpha1.Report, err error) 67 | // Get retrieves the Report from the indexer for a given namespace and name. 68 | // Objects returned here must be treated as read-only. 69 | Get(name string) (*v1alpha1.Report, error) 70 | ReportNamespaceListerExpansion 71 | } 72 | 73 | // reportNamespaceLister implements the ReportNamespaceLister 74 | // interface. 75 | type reportNamespaceLister struct { 76 | indexer cache.Indexer 77 | namespace string 78 | } 79 | 80 | // List lists all Reports in the indexer for a given namespace. 81 | func (s reportNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.Report, err error) { 82 | err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { 83 | ret = append(ret, m.(*v1alpha1.Report)) 84 | }) 85 | return ret, err 86 | } 87 | 88 | // Get retrieves the Report from the indexer for a given namespace and name. 89 | func (s reportNamespaceLister) Get(name string) (*v1alpha1.Report, error) { 90 | obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) 91 | if err != nil { 92 | return nil, err 93 | } 94 | if !exists { 95 | return nil, errors.NewNotFound(v1alpha1.Resource("report"), name) 96 | } 97 | return obj.(*v1alpha1.Report), nil 98 | } 99 | -------------------------------------------------------------------------------- /samples/sample-cis-k8s.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: openreports.io/v1alpha1 2 | kind: Report 3 | metadata: 4 | name: sample-cis-bench-api-server 5 | annotations: 6 | name: CIS Kubernetes Benchmarks 7 | category: API Server 8 | version: v1.5.1 - 02-14-2020 9 | source: kube-bench-adapter 10 | summary: 11 | pass: 8 12 | fail: 2 13 | warn: 0 14 | error: 0 15 | skip: 0 16 | results: 17 | - policy: api-server:anonymous-auth 18 | message: ensure that --anonymous-auth argument is set to false 19 | result: warn 20 | scored: true 21 | properties: 22 | category: API Server 23 | index: 1.2.2 24 | - policy: api-server:basic-auth-file 25 | message: ensure that --basic-auth-file argument is not set 26 | result: fail 27 | scored: true 28 | properties: 29 | category: API Server 30 | index: 1.2.2 31 | - policy: api-server:token-auth-file 32 | message: ensure that --token-auth-file argument is not set 33 | result: warn 34 | scored: false 35 | properties: 36 | category: API Server 37 | index: 1.2.2 38 | -------------------------------------------------------------------------------- /samples/sample-co.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: openreports.io/v1alpha1 2 | kind: PolicyReport 3 | metadata: 4 | name: sample-fedramp-compliance-operator 5 | labels: 6 | policy.kubernetes.io/engine: openshift-compliance-operator 7 | annotations: 8 | name: FedRAMP Moderate Benchmarks 9 | category: OCP4 CoreOS 10 | file: ssg-ocp4-ds.xml 11 | version: v1.5.1 - 02-14-2020 12 | summary: 13 | pass: 8 14 | fail: 1 15 | warn: 1 16 | error: 0 17 | skip: 0 18 | results: 19 | - policy: xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open 20 | message: |- 21 | Record Events that Modify User/Group Information via open syscall - /etc/group 22 | Creation of groups through direct edition of /etc/group could be an indicator of malicious activity on a system. 23 | Auditing these events could serve as evidence of potential system compromise. 24 | result: fail 25 | scored: true 26 | severity: medium 27 | properties: 28 | suite: fedramp-moderate 29 | scan: workers-scan 30 | - policy: xccdf_org.ssgproject.content_rule_sshd_limit_user_access 31 | message: |- 32 | Limit Users' SSH Access 33 | Specifying which accounts are allowed SSH access into the system reduces the 34 | possibility of unauthorized access to the system. 35 | result: warn 36 | scored: false 37 | properties: 38 | suite: fedramp-moderate 39 | scan: workers-scan 40 | -------------------------------------------------------------------------------- /samples/sample-falco-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: openreports.io/v1alpha1 2 | kind: PolicyReport 3 | metadata: 4 | name: falco-alerts-policy 5 | namespace: my-namespace 6 | labels: 7 | policy.kubernetes.io/engine: falco-agent 8 | summary: 9 | fail: 1 10 | results: 11 | - policy: "Change thread namespace" 12 | message: "Falco alert created due to the Change thread namespace rule" 13 | result: fail 14 | scored: false 15 | resources: 16 | - apiVersion: v1 17 | kind: Pod 18 | name: a-pod 19 | namespace: my-namespace 20 | properties: 21 | details: '12:57:37.086240437: Notice Namespace change (setns) by unexpected program (user=root user_loginuid=-1 command=ovnkube --init-node ...' 22 | container.id: "0f8d7e2a3296" 23 | evt.arg.path: "/bin/directory-created-by-event-generator" 24 | proc.cmdline: "event-generator run --loop ^syscall" 25 | severity: low 26 | --- 27 | apiVersion: openreports.io/v1alpha1 28 | kind: ClusterPolicyReport 29 | metadata: 30 | name: falco-alerts-policy 31 | labels: 32 | policy.kubernetes.io/engine: falco-agent 33 | summary: 34 | fail: 1 35 | results: 36 | - policy: audit 37 | message: "audit rule violation from the kubernetes api server" 38 | result: fail 39 | scored: false 40 | properties: 41 | details: 'Warning K8s Operation performed by user not in allowed list of users' 42 | severity: medium 43 | user: username 44 | target: kubernetes/endpoints 45 | verb: create 46 | uri: '/api/v1/namespaces/default/endpoints/kubernetes' 47 | resp: '200' 48 | -------------------------------------------------------------------------------- /samples/sample-rhacm-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: openreports.io/v1alpha1 2 | kind: PolicyReport 3 | metadata: 4 | name: sample-rhacm-policy 5 | labels: 6 | policy.kubernetes.io/engine: rhacm-configuration-policy 7 | scope: 8 | apiVersion: policy.open-cluster-management.io/v1 9 | kind: Policy 10 | name: policy-imagemanifestvuln 11 | namespace: cluster1 12 | summary: 13 | pass: 1 14 | fail: 11 15 | results: 16 | - policy: mustnothaveimagevuln 17 | message: must not have imagemanifestvulns 18 | result: fail 19 | scored: false 20 | resources: 21 | - apiVersion: secscan.quay.redhat.com/v1alpha1 22 | kind: ImageManifestVuln 23 | name: sha256.8d104847fc2371a983f7cb01c7c0a3ab35b7381d6bf7ce355d9b32a08c0031f0 24 | namespace: openshift-cluster-version 25 | properties: 26 | details: 'NonCompliant; violation - imagemanifestvulns exist and should be deleted: [sha256.8d104847fc2371a983f7cb01c7c0a3ab35b7381d6bf7ce355d9b32a08c0031f0] in namespace openshift-cluster-version' 27 | standards: NIST-CSF 28 | categories: 'DE.CM Security Continuous Monitoring' 29 | controls: 'DE.CM-8 Vulnerability scans' 30 | severity: high -------------------------------------------------------------------------------- /samples/sample-v1beta1-kyverno.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: openreports.io/v1alpha1 2 | kind: PolicyReport 3 | metadata: 4 | name: sample-v1beta1-cr 5 | annotations: 6 | name: Sample CR 7 | configuration: 8 | limits: 9 | maxResults: 100 10 | statusFilter: 11 | - pass 12 | - fail 13 | - skip 14 | source: kyverno 15 | summary: 16 | pass: 1 17 | fail: 0 18 | warn: 0 19 | error: 0 20 | skip: 0 21 | results: 22 | - category: Pod Security Standards (Baseline) 23 | message: validation rule 'adding-capabilities' passed. 24 | policy: disallow-capabilities 25 | resources: 26 | - apiVersion: v1 27 | kind: Pod 28 | name: kyverno-6d88f6dcdd-k6bc5 29 | namespace: nirmata 30 | uid: 3407b31a-b0bb-4716-a443-f4aa15662ef2 31 | result: pass 32 | rule: adding-capabilities 33 | scored: true 34 | severity: medium 35 | source: kyverno 36 | timestamp: 37 | nanos: 0 38 | seconds: 1679565894 39 | -------------------------------------------------------------------------------- /samples/sample-v1beta2-kyverno.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: openreports.io/v1alpha1 2 | kind: PolicyReport 3 | metadata: 4 | name: sample-v1beta2-cr 5 | annotations: 6 | name: Sample CR 7 | configuration: 8 | limits: 9 | maxResults: 100 10 | statusFilter: 11 | - pass 12 | - fail 13 | - skip 14 | source: kyverno 15 | summary: 16 | pass: 1 17 | fail: 0 18 | warn: 0 19 | error: 0 20 | skip: 0 21 | results: 22 | - category: Pod Security Standards (Baseline) 23 | message: validation rule 'adding-capabilities' passed. 24 | policy: disallow-capabilities 25 | resources: 26 | - apiVersion: v1 27 | kind: Pod 28 | name: kyverno-6d88f6dcdd-k6bc5 29 | namespace: nirmata 30 | uid: 3407b31a-b0bb-4716-a443-f4aa15662ef2 31 | result: pass 32 | rule: adding-capabilities 33 | scored: true 34 | severity: medium 35 | source: kyverno 36 | timestamp: 37 | nanos: 0 38 | seconds: 1679565894 39 | --------------------------------------------------------------------------------