forked from rancher/types
/
cluster_scan_types.go
106 lines (85 loc) · 3.32 KB
/
cluster_scan_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package v3
import (
"github.com/rancher/norman/condition"
"github.com/rancher/norman/types"
typescond "github.com/rancher/types/condition"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
const (
ClusterScanConditionCreated condition.Cond = typescond.Created
ClusterScanConditionRunCompleted condition.Cond = typescond.RunCompleted
ClusterScanConditionCompleted condition.Cond = typescond.Completed
ClusterScanConditionFailed condition.Cond = typescond.Failed
ClusterScanTypeCis = "cis"
DefaultNamespaceForCis = "security-scan"
DefaultSonobuoyPodName = "security-scan-runner"
ConfigMapNameForUserConfig = "security-scan-cfg"
RunCisScanAnnotation = "field.cattle.io/runCisScan"
SonobuoyCompletionAnnotation = "field.cattle.io/sonobuoyDone"
CisHelmChartOwner = "field.cattle.io/clusterScanOwner"
)
type CisScanConfig struct {
// IDs of the checks that need to be skipped in the final report
OverrideSkip []string `json:"overrideSkip"`
// Override the CIS benchmark version to use for the scan (instead of latest)
OverrideBenchmarkVersion string `json:"overrideBenchmarkVersion,omitempty"`
// Internal flag for debugging master component of the scan
DebugMaster bool `json:"debugMaster"`
// Internal flag for debugging worker component of the scan
DebugWorker bool `json:"debugWorker"`
}
type ClusterScanConfig struct {
CisScanConfig *CisScanConfig `json:"cisScanConfig"`
}
type ClusterScanCondition struct {
// Type of condition.
Type string `json:"type"`
// Status of the condition, one of True, False, Unknown.
Status v1.ConditionStatus `json:"status"`
// The last time this condition was updated.
LastUpdateTime string `json:"lastUpdateTime,omitempty"`
// Last time the condition transitioned from one status to another.
LastTransitionTime string `json:"lastTransitionTime,omitempty"`
// The reason for the condition's last transition.
Reason string `json:"reason,omitempty"`
// Human-readable message indicating details about last transition
Message string `json:"message,omitempty"`
}
type ClusterScanSpec struct {
ScanType string `json:"scanType"`
// cluster ID
ClusterID string `json:"clusterId,omitempty" norman:"required,type=reference[cluster]"`
// manual flag
Manual bool `yaml:"manual" json:"manual,omitempty"`
// scanConfig
ScanConfig ClusterScanConfig `yaml:",omitempty" json:"scanConfig,omitempty"`
}
type ClusterScanStatus struct {
Conditions []ClusterScanCondition `json:"conditions"`
}
type ClusterScan struct {
types.Namespaced
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ClusterScanSpec `json:"spec"`
Status ClusterScanStatus `yaml:"status" json:"status,omitempty"`
}
type CisBenchmarkVersionInfo struct {
MinKubernetesVersion string `yaml:"min_kubernetes_version" json:"minKubernetesVersion"`
}
type CisConfigParams struct {
BenchmarkVersion string `yaml:"benchmark_version" json:"benchmarkVersion"`
}
type CisConfig struct {
types.Namespaced
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Params CisConfigParams `yaml:"params" json:"params,omitempty"`
}
type CisBenchmarkVersion struct {
types.Namespaced
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Info CisBenchmarkVersionInfo `json:"info" yaml:"info"`
}