feat: add a new API group reports.kyverno.io (kyverno#9521)

* feat: add new report interface Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: reports.kyverno.io/v1 apigroup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: codegen Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add report manager Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add reports manager to reports controller Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add alternateReportStorage to helm chart Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: report utils deepcopy Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * init flag Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: wrong return value Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
bdun1013 · Jan 26, 2024 · e6c39f3 · e6c39f3
1 parent b0737a7
commit e6c39f3
Show file tree

Hide file tree

Showing 98 changed files with 10,720 additions and 229 deletions.
diff --git a/Makefile b/Makefile
@@ -396,7 +396,7 @@ image-build-all: $(BUILD_WITH)-build-all
 GOPATH_SHIM                 := ${PWD}/.gopath
 PACKAGE_SHIM                := $(GOPATH_SHIM)/src/$(PACKAGE)
 OUT_PACKAGE                 := $(PACKAGE)/pkg/client
-INPUT_DIRS                  := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v1alpha2,$(PACKAGE)/api/kyverno/v1beta1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/policyreport/v1alpha2
+INPUT_DIRS                  := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v1alpha2,$(PACKAGE)/api/kyverno/v1beta1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/kyverno/reports/v1,$(PACKAGE)/api/policyreport/v1alpha2
 CLIENTSET_PACKAGE           := $(OUT_PACKAGE)/clientset
 LISTERS_PACKAGE             := $(OUT_PACKAGE)/listers
 INFORMERS_PACKAGE           := $(OUT_PACKAGE)/informers

diff --git a/api/kyverno/reports/v1/admission_report_types.go b/api/kyverno/reports/v1/admission_report_types.go
@@ -0,0 +1,124 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type AdmissionReportSpec struct {
+	// Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)
+	Owner metav1.OwnerReference `json:"owner"`
+
+	// PolicyReportSummary provides a summary of results
+	// +optional
+	Summary policyreportv1alpha2.PolicyReportSummary `json:"summary,omitempty"`
+
+	// PolicyReportResult provides result details
+	// +optional
+	Results []policyreportv1alpha2.PolicyReportResult `json:"results,omitempty"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:shortName=admr,categories=kyverno
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="PASS",type=integer,JSONPath=".spec.summary.pass"
+// +kubebuilder:printcolumn:name="FAIL",type=integer,JSONPath=".spec.summary.fail"
+// +kubebuilder:printcolumn:name="WARN",type=integer,JSONPath=".spec.summary.warn"
+// +kubebuilder:printcolumn:name="ERROR",type=integer,JSONPath=".spec.summary.error"
+// +kubebuilder:printcolumn:name="SKIP",type=integer,JSONPath=".spec.summary.skip"
+// +kubebuilder:printcolumn:name="GVR",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.gvr']"
+// +kubebuilder:printcolumn:name="REF",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.name']"
+// +kubebuilder:printcolumn:name="AGGREGATE",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/report\\.aggregate']",priority=1
+
+// AdmissionReport is the Schema for the AdmissionReports API
+type AdmissionReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              AdmissionReportSpec `json:"spec"`
+}
+
+func (r *AdmissionReport) GetResults() []policyreportv1alpha2.PolicyReportResult {
+	return r.Spec.Results
+}
+
+func (r *AdmissionReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) {
+	r.Spec.Results = results
+}
+
+func (r *AdmissionReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) {
+	r.Spec.Summary = summary
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:scope=Cluster,shortName=cadmr,categories=kyverno
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="PASS",type=integer,JSONPath=".spec.summary.pass"
+// +kubebuilder:printcolumn:name="FAIL",type=integer,JSONPath=".spec.summary.fail"
+// +kubebuilder:printcolumn:name="WARN",type=integer,JSONPath=".spec.summary.warn"
+// +kubebuilder:printcolumn:name="ERROR",type=integer,JSONPath=".spec.summary.error"
+// +kubebuilder:printcolumn:name="SKIP",type=integer,JSONPath=".spec.summary.skip"
+// +kubebuilder:printcolumn:name="GVR",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.gvr']"
+// +kubebuilder:printcolumn:name="REF",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.name']"
+// +kubebuilder:printcolumn:name="AGGREGATE",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/report\\.aggregate']",priority=1
+
+// ClusterAdmissionReport is the Schema for the ClusterAdmissionReports API
+type ClusterAdmissionReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              AdmissionReportSpec `json:"spec"`
+}
+
+func (r *ClusterAdmissionReport) GetResults() []policyreportv1alpha2.PolicyReportResult {
+	return r.Spec.Results
+}
+
+func (r *ClusterAdmissionReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) {
+	r.Spec.Results = results
+}
+
+func (r *ClusterAdmissionReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) {
+	r.Spec.Summary = summary
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// AdmissionReportList contains a list of AdmissionReport
+type AdmissionReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []AdmissionReport `json:"items"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ClusterAdmissionReportList contains a list of ClusterAdmissionReport
+type ClusterAdmissionReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ClusterAdmissionReport `json:"items"`
+}
diff --git a/api/kyverno/reports/v1/background_scan_report_types.go b/api/kyverno/reports/v1/background_scan_report_types.go
@@ -0,0 +1,123 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type BackgroundScanReportSpec struct {
+	// PolicyReportSummary provides a summary of results
+	// +optional
+	Summary policyreportv1alpha2.PolicyReportSummary `json:"summary,omitempty"`
+
+	// PolicyReportResult provides result details
+	// +optional
+	Results []policyreportv1alpha2.PolicyReportResult `json:"results,omitempty"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:shortName=bgscanr,categories=kyverno
+// +kubebuilder:printcolumn:name="ApiVersion",type=string,JSONPath=".metadata.ownerReferences[0].apiVersion"
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=".metadata.ownerReferences[0].kind"
+// +kubebuilder:printcolumn:name="Subject",type=string,JSONPath=".metadata.ownerReferences[0].name"
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=".spec.summary.pass"
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=".spec.summary.fail"
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=".spec.summary.warn"
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=".spec.summary.error"
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=".spec.summary.skip"
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="Hash",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.hash']",priority=1
+
+// BackgroundScanReport is the Schema for the BackgroundScanReports API
+type BackgroundScanReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              BackgroundScanReportSpec `json:"spec"`
+}
+
+func (r *BackgroundScanReport) GetResults() []policyreportv1alpha2.PolicyReportResult {
+	return r.Spec.Results
+}
+
+func (r *BackgroundScanReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) {
+	r.Spec.Results = results
+}
+
+func (r *BackgroundScanReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) {
+	r.Spec.Summary = summary
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:scope=Cluster,shortName=cbgscanr,categories=kyverno
+// +kubebuilder:printcolumn:name="ApiVersion",type=string,JSONPath=".metadata.ownerReferences[0].apiVersion"
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=".metadata.ownerReferences[0].kind"
+// +kubebuilder:printcolumn:name="Subject",type=string,JSONPath=".metadata.ownerReferences[0].name"
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=".spec.summary.pass"
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=".spec.summary.fail"
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=".spec.summary.warn"
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=".spec.summary.error"
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=".spec.summary.skip"
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="Hash",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.hash']",priority=1
+
+// ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports API
+type ClusterBackgroundScanReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              BackgroundScanReportSpec `json:"spec"`
+}
+
+func (r *ClusterBackgroundScanReport) GetResults() []policyreportv1alpha2.PolicyReportResult {
+	return r.Spec.Results
+}
+
+func (r *ClusterBackgroundScanReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) {
+	r.Spec.Results = results
+}
+
+func (r *ClusterBackgroundScanReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) {
+	r.Spec.Summary = summary
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// BackgroundScanReportList contains a list of BackgroundScanReport
+type BackgroundScanReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []BackgroundScanReport `json:"items"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ClusterBackgroundScanReportList contains a list of ClusterBackgroundScanReport
+type ClusterBackgroundScanReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ClusterBackgroundScanReport `json:"items"`
+}
diff --git a/api/kyverno/reports/v1/doc.go b/api/kyverno/reports/v1/doc.go
@@ -0,0 +1,21 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+// +kubebuilder:object:generate=true
+// +groupName=reports.kyverno.io
+package v1