diff --git a/apis/management.cattle.io/v3/alerting_types.go b/apis/management.cattle.io/v3/alerting_types.go index 5d68af43..04e6d6b7 100755 --- a/apis/management.cattle.io/v3/alerting_types.go +++ b/apis/management.cattle.io/v3/alerting_types.go @@ -161,6 +161,7 @@ type ClusterAlertRuleSpec struct { EventRule *EventRule `json:"eventRule,omitempty"` SystemServiceRule *SystemServiceRule `json:"systemServiceRule,omitempty"` MetricRule *MetricRule `json:"metricRule,omitempty"` + ClusterScanRule *ClusterScanRule `json:"clusterScanRule,omitempty"` } type ProjectAlertRule struct { @@ -199,6 +200,11 @@ type CommonRuleField struct { TimingField } +type ClusterScanRule struct { + ScanRunType ClusterScanRunType `json:"scanRunType,omitempty" norman:"required,options=manual|scheduled,default=scheduled"` + FailuresOnly bool `json:"failuresOnly,omitempty"` +} + type MetricRule struct { Expression string `json:"expression,omitempty" norman:"required"` Description string `json:"description,omitempty"` diff --git a/apis/management.cattle.io/v3/cluster_scan_types.go b/apis/management.cattle.io/v3/cluster_scan_types.go index e3f1e8e7..5a6cbc87 100644 --- a/apis/management.cattle.io/v3/cluster_scan_types.go +++ b/apis/management.cattle.io/v3/cluster_scan_types.go @@ -9,11 +9,15 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +type ClusterScanRunType string +type CisScanProfileType string + const ( ClusterScanConditionCreated condition.Cond = typescond.Created ClusterScanConditionRunCompleted condition.Cond = typescond.RunCompleted ClusterScanConditionCompleted condition.Cond = typescond.Completed ClusterScanConditionFailed condition.Cond = typescond.Failed + ClusterScanConditionAlerted condition.Cond = typescond.Alerted ClusterScanTypeCis = "cis" DefaultNamespaceForCis = "security-scan" @@ -23,6 +27,14 @@ const ( RunCisScanAnnotation = "field.cattle.io/runCisScan" SonobuoyCompletionAnnotation = "field.cattle.io/sonobuoyDone" CisHelmChartOwner = "field.cattle.io/clusterScanOwner" + + ClusterScanRunTypeManual ClusterScanRunType = "manual" + ClusterScanRunTypeScheduled ClusterScanRunType = "scheduled" + + CisScanProfileTypePermissive CisScanProfileType = "permissive" + CisScanProfileTypeHardened CisScanProfileType = "hardened" + + DefaultScanOutputFileName string = "output.json" ) type CisScanConfig struct { @@ -30,12 +42,22 @@ type CisScanConfig struct { OverrideSkip []string `json:"overrideSkip"` // Override the CIS benchmark version to use for the scan (instead of latest) OverrideBenchmarkVersion string `json:"overrideBenchmarkVersion,omitempty"` + // scan profile to use + Profile CisScanProfileType `json:"profile,omitempty" norman:"required,options=permissive|hardened,default=permissive"` // Internal flag for debugging master component of the scan DebugMaster bool `json:"debugMaster"` // Internal flag for debugging worker component of the scan DebugWorker bool `json:"debugWorker"` } +type CisScanStatus struct { + Total int `json:"total"` + Pass int `json:"pass"` + Fail int `json:"fail"` + Skip int `json:"skip"` + NotApplicable int `json:"notApplicable"` +} + type ClusterScanConfig struct { CisScanConfig *CisScanConfig `json:"cisScanConfig"` } @@ -59,14 +81,15 @@ type ClusterScanSpec struct { ScanType string `json:"scanType"` // cluster ID ClusterID string `json:"clusterId,omitempty" norman:"required,type=reference[cluster]"` - // manual flag - Manual bool `yaml:"manual" json:"manual,omitempty"` + // Run type + RunType ClusterScanRunType `json:"runType,omitempty"` // scanConfig ScanConfig ClusterScanConfig `yaml:",omitempty" json:"scanConfig,omitempty"` } type ClusterScanStatus struct { - Conditions []ClusterScanCondition `json:"conditions"` + Conditions []ClusterScanCondition `json:"conditions"` + CisScanStatus *CisScanStatus `json:"cisScanStatus"` } type ClusterScan struct { @@ -80,7 +103,10 @@ type ClusterScan struct { } type CisBenchmarkVersionInfo struct { - MinKubernetesVersion string `yaml:"min_kubernetes_version" json:"minKubernetesVersion"` + Managed bool `yaml:"managed" json:"managed"` + MinKubernetesVersion string `yaml:"min_kubernetes_version" json:"minKubernetesVersion"` + SkippedChecks map[string]string `yaml:"skipped_checks" json:"skippedChecks"` + NotApplicableChecks map[string]string `yaml:"not_applicable_checks" json:"notApplicableChecks"` } type CisConfigParams struct { @@ -104,3 +130,22 @@ type CisBenchmarkVersion struct { Info CisBenchmarkVersionInfo `json:"info" yaml:"info"` } + +type ScheduledClusterScanConfig struct { + // Cron Expression for Schedule + CronSchedule string `yaml:"cron_schedule" json:"cronSchedule,omitempty"` + // Number of past scans to keep + Retention int `yaml:"retention" json:"retention,omitempty"` +} + +type ScheduledClusterScan struct { + // Enable or disable scheduled scans + Enabled bool `yaml:"enabled" json:"enabled,omitempty" norman:"default=false"` + ScheduleConfig *ScheduledClusterScanConfig `yaml:"schedule_config" json:"scheduleConfig,omitempty"` + ScanConfig *ClusterScanConfig `yaml:"scan_config,omitempty" json:"scanConfig,omitempty"` +} + +type ScheduledClusterScanStatus struct { + Enabled bool `yaml:"enabled" json:"enabled,omitempty"` + LastRunTimestamp string `yaml:"last_run_timestamp" json:"lastRunTimestamp"` +} diff --git a/apis/management.cattle.io/v3/cluster_types.go b/apis/management.cattle.io/v3/cluster_types.go index 17c1d599..5a66b083 100644 --- a/apis/management.cattle.io/v3/cluster_types.go +++ b/apis/management.cattle.io/v3/cluster_types.go @@ -103,6 +103,7 @@ type ClusterSpecBase struct { EnableClusterMonitoring bool `json:"enableClusterMonitoring" norman:"default=false"` WindowsPreferedCluster bool `json:"windowsPreferedCluster" norman:"noupdate"` LocalClusterAuthEndpoint LocalClusterAuthEndpoint `json:"localClusterAuthEndpoint,omitempty"` + ScheduledClusterScan *ScheduledClusterScan `json:"scheduledClusterScan,omitempty"` } type ClusterSpec struct { @@ -131,27 +132,28 @@ type ClusterStatus struct { Conditions []ClusterCondition `json:"conditions,omitempty"` // Component statuses will represent cluster's components (etcd/controller/scheduler) health // https://kubernetes.io/docs/api-reference/v1.8/#componentstatus-v1-core - Driver string `json:"driver"` - AgentImage string `json:"agentImage"` - AgentFeatures map[string]bool `json:"agentFeatures,omitempty"` - AuthImage string `json:"authImage"` - ComponentStatuses []ClusterComponentStatus `json:"componentStatuses,omitempty"` - APIEndpoint string `json:"apiEndpoint,omitempty"` - ServiceAccountToken string `json:"serviceAccountToken,omitempty"` - CACert string `json:"caCert,omitempty"` - Capacity v1.ResourceList `json:"capacity,omitempty"` - Allocatable v1.ResourceList `json:"allocatable,omitempty"` - AppliedSpec ClusterSpec `json:"appliedSpec,omitempty"` - FailedSpec *ClusterSpec `json:"failedSpec,omitempty"` - Requested v1.ResourceList `json:"requested,omitempty"` - Limits v1.ResourceList `json:"limits,omitempty"` - Version *version.Info `json:"version,omitempty"` - AppliedPodSecurityPolicyTemplateName string `json:"appliedPodSecurityPolicyTemplateId"` - AppliedEnableNetworkPolicy bool `json:"appliedEnableNetworkPolicy" norman:"nocreate,noupdate,default=false"` - Capabilities Capabilities `json:"capabilities,omitempty"` - MonitoringStatus *MonitoringStatus `json:"monitoringStatus,omitempty" norman:"nocreate,noupdate"` - IstioEnabled bool `json:"istioEnabled,omitempty" norman:"nocreate,noupdate,default=false"` - CertificatesExpiration map[string]CertExpiration `json:"certificatesExpiration,omitempty"` + Driver string `json:"driver"` + AgentImage string `json:"agentImage"` + AgentFeatures map[string]bool `json:"agentFeatures,omitempty"` + AuthImage string `json:"authImage"` + ComponentStatuses []ClusterComponentStatus `json:"componentStatuses,omitempty"` + APIEndpoint string `json:"apiEndpoint,omitempty"` + ServiceAccountToken string `json:"serviceAccountToken,omitempty"` + CACert string `json:"caCert,omitempty"` + Capacity v1.ResourceList `json:"capacity,omitempty"` + Allocatable v1.ResourceList `json:"allocatable,omitempty"` + AppliedSpec ClusterSpec `json:"appliedSpec,omitempty"` + FailedSpec *ClusterSpec `json:"failedSpec,omitempty"` + Requested v1.ResourceList `json:"requested,omitempty"` + Limits v1.ResourceList `json:"limits,omitempty"` + Version *version.Info `json:"version,omitempty"` + AppliedPodSecurityPolicyTemplateName string `json:"appliedPodSecurityPolicyTemplateId"` + AppliedEnableNetworkPolicy bool `json:"appliedEnableNetworkPolicy" norman:"nocreate,noupdate,default=false"` + Capabilities Capabilities `json:"capabilities,omitempty"` + MonitoringStatus *MonitoringStatus `json:"monitoringStatus,omitempty" norman:"nocreate,noupdate"` + IstioEnabled bool `json:"istioEnabled,omitempty" norman:"nocreate,noupdate,default=false"` + CertificatesExpiration map[string]CertExpiration `json:"certificatesExpiration,omitempty"` + ScheduledClusterScanStatus *ScheduledClusterScanStatus `json:"scheduledClusterScanStatus,omitempty"` } type ClusterComponentStatus struct { diff --git a/apis/management.cattle.io/v3/zz_generated_deepcopy.go b/apis/management.cattle.io/v3/zz_generated_deepcopy.go index 50d0e418..8b282e38 100644 --- a/apis/management.cattle.io/v3/zz_generated_deepcopy.go +++ b/apis/management.cattle.io/v3/zz_generated_deepcopy.go @@ -930,7 +930,7 @@ func (in *CisBenchmarkVersion) DeepCopyInto(out *CisBenchmarkVersion) { out.Namespaced = in.Namespaced out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Info = in.Info + in.Info.DeepCopyInto(&out.Info) return } @@ -955,6 +955,20 @@ func (in *CisBenchmarkVersion) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CisBenchmarkVersionInfo) DeepCopyInto(out *CisBenchmarkVersionInfo) { *out = *in + if in.SkippedChecks != nil { + in, out := &in.SkippedChecks, &out.SkippedChecks + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.NotApplicableChecks != nil { + in, out := &in.NotApplicableChecks, &out.NotApplicableChecks + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } return } @@ -1099,6 +1113,22 @@ func (in *CisScanConfig) DeepCopy() *CisScanConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CisScanStatus) DeepCopyInto(out *CisScanStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CisScanStatus. +func (in *CisScanStatus) DeepCopy() *CisScanStatus { + if in == nil { + return nil + } + out := new(CisScanStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CloudCredential) DeepCopyInto(out *CloudCredential) { *out = *in @@ -1471,6 +1501,11 @@ func (in *ClusterAlertRuleSpec) DeepCopyInto(out *ClusterAlertRuleSpec) { *out = new(MetricRule) **out = **in } + if in.ClusterScanRule != nil { + in, out := &in.ClusterScanRule, &out.ClusterScanRule + *out = new(ClusterScanRule) + **out = **in + } return } @@ -2126,6 +2161,22 @@ func (in *ClusterScanList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterScanRule) DeepCopyInto(out *ClusterScanRule) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterScanRule. +func (in *ClusterScanRule) DeepCopy() *ClusterScanRule { + if in == nil { + return nil + } + out := new(ClusterScanRule) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterScanSpec) DeepCopyInto(out *ClusterScanSpec) { *out = *in @@ -2151,6 +2202,11 @@ func (in *ClusterScanStatus) DeepCopyInto(out *ClusterScanStatus) { *out = make([]ClusterScanCondition, len(*in)) copy(*out, *in) } + if in.CisScanStatus != nil { + in, out := &in.CisScanStatus, &out.CisScanStatus + *out = new(CisScanStatus) + **out = **in + } return } @@ -2224,6 +2280,11 @@ func (in *ClusterSpecBase) DeepCopyInto(out *ClusterSpecBase) { **out = **in } out.LocalClusterAuthEndpoint = in.LocalClusterAuthEndpoint + if in.ScheduledClusterScan != nil { + in, out := &in.ScheduledClusterScan, &out.ScheduledClusterScan + *out = new(ScheduledClusterScan) + (*in).DeepCopyInto(*out) + } return } @@ -2311,6 +2372,11 @@ func (in *ClusterStatus) DeepCopyInto(out *ClusterStatus) { (*out)[key] = val } } + if in.ScheduledClusterScanStatus != nil { + in, out := &in.ScheduledClusterScanStatus, &out.ScheduledClusterScanStatus + *out = new(ScheduledClusterScanStatus) + **out = **in + } return } @@ -8916,6 +8982,64 @@ func (in *SaveAsTemplateOutput) DeepCopy() *SaveAsTemplateOutput { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScheduledClusterScan) DeepCopyInto(out *ScheduledClusterScan) { + *out = *in + if in.ScheduleConfig != nil { + in, out := &in.ScheduleConfig, &out.ScheduleConfig + *out = new(ScheduledClusterScanConfig) + **out = **in + } + if in.ScanConfig != nil { + in, out := &in.ScanConfig, &out.ScanConfig + *out = new(ClusterScanConfig) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScheduledClusterScan. +func (in *ScheduledClusterScan) DeepCopy() *ScheduledClusterScan { + if in == nil { + return nil + } + out := new(ScheduledClusterScan) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScheduledClusterScanConfig) DeepCopyInto(out *ScheduledClusterScanConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScheduledClusterScanConfig. +func (in *ScheduledClusterScanConfig) DeepCopy() *ScheduledClusterScanConfig { + if in == nil { + return nil + } + out := new(ScheduledClusterScanConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScheduledClusterScanStatus) DeepCopyInto(out *ScheduledClusterScanStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScheduledClusterScanStatus. +func (in *ScheduledClusterScanStatus) DeepCopy() *ScheduledClusterScanStatus { + if in == nil { + return nil + } + out := new(ScheduledClusterScanStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SchedulerService) DeepCopyInto(out *SchedulerService) { *out = *in diff --git a/client/management/v3/zz_generated_cis_benchmark_version_info.go b/client/management/v3/zz_generated_cis_benchmark_version_info.go index f6dda5b3..f3cf776f 100644 --- a/client/management/v3/zz_generated_cis_benchmark_version_info.go +++ b/client/management/v3/zz_generated_cis_benchmark_version_info.go @@ -2,9 +2,15 @@ package client const ( CisBenchmarkVersionInfoType = "cisBenchmarkVersionInfo" + CisBenchmarkVersionInfoFieldManaged = "managed" CisBenchmarkVersionInfoFieldMinKubernetesVersion = "minKubernetesVersion" + CisBenchmarkVersionInfoFieldNotApplicableChecks = "notApplicableChecks" + CisBenchmarkVersionInfoFieldSkippedChecks = "skippedChecks" ) type CisBenchmarkVersionInfo struct { - MinKubernetesVersion string `json:"minKubernetesVersion,omitempty" yaml:"minKubernetesVersion,omitempty"` + Managed bool `json:"managed,omitempty" yaml:"managed,omitempty"` + MinKubernetesVersion string `json:"minKubernetesVersion,omitempty" yaml:"minKubernetesVersion,omitempty"` + NotApplicableChecks map[string]string `json:"notApplicableChecks,omitempty" yaml:"notApplicableChecks,omitempty"` + SkippedChecks map[string]string `json:"skippedChecks,omitempty" yaml:"skippedChecks,omitempty"` } diff --git a/client/management/v3/zz_generated_cis_scan_config.go b/client/management/v3/zz_generated_cis_scan_config.go index 9cce5a4e..bf487982 100644 --- a/client/management/v3/zz_generated_cis_scan_config.go +++ b/client/management/v3/zz_generated_cis_scan_config.go @@ -6,6 +6,7 @@ const ( CisScanConfigFieldDebugWorker = "debugWorker" CisScanConfigFieldOverrideBenchmarkVersion = "overrideBenchmarkVersion" CisScanConfigFieldOverrideSkip = "overrideSkip" + CisScanConfigFieldProfile = "profile" ) type CisScanConfig struct { @@ -13,4 +14,5 @@ type CisScanConfig struct { DebugWorker bool `json:"debugWorker,omitempty" yaml:"debugWorker,omitempty"` OverrideBenchmarkVersion string `json:"overrideBenchmarkVersion,omitempty" yaml:"overrideBenchmarkVersion,omitempty"` OverrideSkip []string `json:"overrideSkip,omitempty" yaml:"overrideSkip,omitempty"` + Profile string `json:"profile,omitempty" yaml:"profile,omitempty"` } diff --git a/client/management/v3/zz_generated_cis_scan_status.go b/client/management/v3/zz_generated_cis_scan_status.go new file mode 100644 index 00000000..a6c27a96 --- /dev/null +++ b/client/management/v3/zz_generated_cis_scan_status.go @@ -0,0 +1,18 @@ +package client + +const ( + CisScanStatusType = "cisScanStatus" + CisScanStatusFieldFail = "fail" + CisScanStatusFieldNotApplicable = "notApplicable" + CisScanStatusFieldPass = "pass" + CisScanStatusFieldSkip = "skip" + CisScanStatusFieldTotal = "total" +) + +type CisScanStatus struct { + Fail int64 `json:"fail,omitempty" yaml:"fail,omitempty"` + NotApplicable int64 `json:"notApplicable,omitempty" yaml:"notApplicable,omitempty"` + Pass int64 `json:"pass,omitempty" yaml:"pass,omitempty"` + Skip int64 `json:"skip,omitempty" yaml:"skip,omitempty"` + Total int64 `json:"total,omitempty" yaml:"total,omitempty"` +} diff --git a/client/management/v3/zz_generated_cluster.go b/client/management/v3/zz_generated_cluster.go index 3edf643e..15470bd0 100644 --- a/client/management/v3/zz_generated_cluster.go +++ b/client/management/v3/zz_generated_cluster.go @@ -51,6 +51,8 @@ const ( ClusterFieldRancherKubernetesEngineConfig = "rancherKubernetesEngineConfig" ClusterFieldRemoved = "removed" ClusterFieldRequested = "requested" + ClusterFieldScheduledClusterScan = "scheduledClusterScan" + ClusterFieldScheduledClusterScanStatus = "scheduledClusterScanStatus" ClusterFieldState = "state" ClusterFieldTransitioning = "transitioning" ClusterFieldTransitioningMessage = "transitioningMessage" @@ -106,6 +108,8 @@ type Cluster struct { RancherKubernetesEngineConfig *RancherKubernetesEngineConfig `json:"rancherKubernetesEngineConfig,omitempty" yaml:"rancherKubernetesEngineConfig,omitempty"` Removed string `json:"removed,omitempty" yaml:"removed,omitempty"` Requested map[string]string `json:"requested,omitempty" yaml:"requested,omitempty"` + ScheduledClusterScan *ScheduledClusterScan `json:"scheduledClusterScan,omitempty" yaml:"scheduledClusterScan,omitempty"` + ScheduledClusterScanStatus *ScheduledClusterScanStatus `json:"scheduledClusterScanStatus,omitempty" yaml:"scheduledClusterScanStatus,omitempty"` State string `json:"state,omitempty" yaml:"state,omitempty"` Transitioning string `json:"transitioning,omitempty" yaml:"transitioning,omitempty"` TransitioningMessage string `json:"transitioningMessage,omitempty" yaml:"transitioningMessage,omitempty"` diff --git a/client/management/v3/zz_generated_cluster_alert_rule.go b/client/management/v3/zz_generated_cluster_alert_rule.go index cbc5fb5c..6c3502ad 100644 --- a/client/management/v3/zz_generated_cluster_alert_rule.go +++ b/client/management/v3/zz_generated_cluster_alert_rule.go @@ -9,6 +9,7 @@ const ( ClusterAlertRuleFieldAlertState = "alertState" ClusterAlertRuleFieldAnnotations = "annotations" ClusterAlertRuleFieldClusterID = "clusterId" + ClusterAlertRuleFieldClusterScanRule = "clusterScanRule" ClusterAlertRuleFieldCreated = "created" ClusterAlertRuleFieldCreatorID = "creatorId" ClusterAlertRuleFieldEventRule = "eventRule" @@ -37,6 +38,7 @@ type ClusterAlertRule struct { AlertState string `json:"alertState,omitempty" yaml:"alertState,omitempty"` Annotations map[string]string `json:"annotations,omitempty" yaml:"annotations,omitempty"` ClusterID string `json:"clusterId,omitempty" yaml:"clusterId,omitempty"` + ClusterScanRule *ClusterScanRule `json:"clusterScanRule,omitempty" yaml:"clusterScanRule,omitempty"` Created string `json:"created,omitempty" yaml:"created,omitempty"` CreatorID string `json:"creatorId,omitempty" yaml:"creatorId,omitempty"` EventRule *EventRule `json:"eventRule,omitempty" yaml:"eventRule,omitempty"` diff --git a/client/management/v3/zz_generated_cluster_alert_rule_spec.go b/client/management/v3/zz_generated_cluster_alert_rule_spec.go index 2cbf67fb..dfbc2ec0 100644 --- a/client/management/v3/zz_generated_cluster_alert_rule_spec.go +++ b/client/management/v3/zz_generated_cluster_alert_rule_spec.go @@ -3,6 +3,7 @@ package client const ( ClusterAlertRuleSpecType = "clusterAlertRuleSpec" ClusterAlertRuleSpecFieldClusterID = "clusterId" + ClusterAlertRuleSpecFieldClusterScanRule = "clusterScanRule" ClusterAlertRuleSpecFieldDisplayName = "displayName" ClusterAlertRuleSpecFieldEventRule = "eventRule" ClusterAlertRuleSpecFieldGroupID = "groupId" @@ -18,6 +19,7 @@ const ( type ClusterAlertRuleSpec struct { ClusterID string `json:"clusterId,omitempty" yaml:"clusterId,omitempty"` + ClusterScanRule *ClusterScanRule `json:"clusterScanRule,omitempty" yaml:"clusterScanRule,omitempty"` DisplayName string `json:"displayName,omitempty" yaml:"displayName,omitempty"` EventRule *EventRule `json:"eventRule,omitempty" yaml:"eventRule,omitempty"` GroupID string `json:"groupId,omitempty" yaml:"groupId,omitempty"` diff --git a/client/management/v3/zz_generated_cluster_scan.go b/client/management/v3/zz_generated_cluster_scan.go index 43d851e0..be09e7a6 100644 --- a/client/management/v3/zz_generated_cluster_scan.go +++ b/client/management/v3/zz_generated_cluster_scan.go @@ -11,11 +11,11 @@ const ( ClusterScanFieldCreated = "created" ClusterScanFieldCreatorID = "creatorId" ClusterScanFieldLabels = "labels" - ClusterScanFieldManual = "manual" ClusterScanFieldName = "name" ClusterScanFieldNamespaceId = "namespaceId" ClusterScanFieldOwnerReferences = "ownerReferences" ClusterScanFieldRemoved = "removed" + ClusterScanFieldRunType = "runType" ClusterScanFieldScanConfig = "scanConfig" ClusterScanFieldScanType = "scanType" ClusterScanFieldState = "state" @@ -32,11 +32,11 @@ type ClusterScan struct { Created string `json:"created,omitempty" yaml:"created,omitempty"` CreatorID string `json:"creatorId,omitempty" yaml:"creatorId,omitempty"` Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"` - Manual bool `json:"manual,omitempty" yaml:"manual,omitempty"` Name string `json:"name,omitempty" yaml:"name,omitempty"` NamespaceId string `json:"namespaceId,omitempty" yaml:"namespaceId,omitempty"` OwnerReferences []OwnerReference `json:"ownerReferences,omitempty" yaml:"ownerReferences,omitempty"` Removed string `json:"removed,omitempty" yaml:"removed,omitempty"` + RunType string `json:"runType,omitempty" yaml:"runType,omitempty"` ScanConfig *ClusterScanConfig `json:"scanConfig,omitempty" yaml:"scanConfig,omitempty"` ScanType string `json:"scanType,omitempty" yaml:"scanType,omitempty"` State string `json:"state,omitempty" yaml:"state,omitempty"` diff --git a/client/management/v3/zz_generated_cluster_scan_rule.go b/client/management/v3/zz_generated_cluster_scan_rule.go new file mode 100644 index 00000000..ed5670e8 --- /dev/null +++ b/client/management/v3/zz_generated_cluster_scan_rule.go @@ -0,0 +1,12 @@ +package client + +const ( + ClusterScanRuleType = "clusterScanRule" + ClusterScanRuleFieldFailuresOnly = "failuresOnly" + ClusterScanRuleFieldScanRunType = "scanRunType" +) + +type ClusterScanRule struct { + FailuresOnly bool `json:"failuresOnly,omitempty" yaml:"failuresOnly,omitempty"` + ScanRunType string `json:"scanRunType,omitempty" yaml:"scanRunType,omitempty"` +} diff --git a/client/management/v3/zz_generated_cluster_scan_spec.go b/client/management/v3/zz_generated_cluster_scan_spec.go index 19ce3811..0fa555f1 100644 --- a/client/management/v3/zz_generated_cluster_scan_spec.go +++ b/client/management/v3/zz_generated_cluster_scan_spec.go @@ -3,14 +3,14 @@ package client const ( ClusterScanSpecType = "clusterScanSpec" ClusterScanSpecFieldClusterID = "clusterId" - ClusterScanSpecFieldManual = "manual" + ClusterScanSpecFieldRunType = "runType" ClusterScanSpecFieldScanConfig = "scanConfig" ClusterScanSpecFieldScanType = "scanType" ) type ClusterScanSpec struct { ClusterID string `json:"clusterId,omitempty" yaml:"clusterId,omitempty"` - Manual bool `json:"manual,omitempty" yaml:"manual,omitempty"` + RunType string `json:"runType,omitempty" yaml:"runType,omitempty"` ScanConfig *ClusterScanConfig `json:"scanConfig,omitempty" yaml:"scanConfig,omitempty"` ScanType string `json:"scanType,omitempty" yaml:"scanType,omitempty"` } diff --git a/client/management/v3/zz_generated_cluster_scan_status.go b/client/management/v3/zz_generated_cluster_scan_status.go index 4356c48f..601f5402 100644 --- a/client/management/v3/zz_generated_cluster_scan_status.go +++ b/client/management/v3/zz_generated_cluster_scan_status.go @@ -1,10 +1,12 @@ package client const ( - ClusterScanStatusType = "clusterScanStatus" - ClusterScanStatusFieldConditions = "conditions" + ClusterScanStatusType = "clusterScanStatus" + ClusterScanStatusFieldCisScanStatus = "cisScanStatus" + ClusterScanStatusFieldConditions = "conditions" ) type ClusterScanStatus struct { - Conditions []ClusterScanCondition `json:"conditions,omitempty" yaml:"conditions,omitempty"` + CisScanStatus *CisScanStatus `json:"cisScanStatus,omitempty" yaml:"cisScanStatus,omitempty"` + Conditions []ClusterScanCondition `json:"conditions,omitempty" yaml:"conditions,omitempty"` } diff --git a/client/management/v3/zz_generated_cluster_spec.go b/client/management/v3/zz_generated_cluster_spec.go index ba5dad08..5f8dc322 100644 --- a/client/management/v3/zz_generated_cluster_spec.go +++ b/client/management/v3/zz_generated_cluster_spec.go @@ -25,6 +25,7 @@ const ( ClusterSpecFieldInternal = "internal" ClusterSpecFieldLocalClusterAuthEndpoint = "localClusterAuthEndpoint" ClusterSpecFieldRancherKubernetesEngineConfig = "rancherKubernetesEngineConfig" + ClusterSpecFieldScheduledClusterScan = "scheduledClusterScan" ClusterSpecFieldWindowsPreferedCluster = "windowsPreferedCluster" ) @@ -52,5 +53,6 @@ type ClusterSpec struct { Internal bool `json:"internal,omitempty" yaml:"internal,omitempty"` LocalClusterAuthEndpoint *LocalClusterAuthEndpoint `json:"localClusterAuthEndpoint,omitempty" yaml:"localClusterAuthEndpoint,omitempty"` RancherKubernetesEngineConfig *RancherKubernetesEngineConfig `json:"rancherKubernetesEngineConfig,omitempty" yaml:"rancherKubernetesEngineConfig,omitempty"` + ScheduledClusterScan *ScheduledClusterScan `json:"scheduledClusterScan,omitempty" yaml:"scheduledClusterScan,omitempty"` WindowsPreferedCluster bool `json:"windowsPreferedCluster,omitempty" yaml:"windowsPreferedCluster,omitempty"` } diff --git a/client/management/v3/zz_generated_cluster_spec_base.go b/client/management/v3/zz_generated_cluster_spec_base.go index 40322e6b..91e80362 100644 --- a/client/management/v3/zz_generated_cluster_spec_base.go +++ b/client/management/v3/zz_generated_cluster_spec_base.go @@ -13,6 +13,7 @@ const ( ClusterSpecBaseFieldEnableNetworkPolicy = "enableNetworkPolicy" ClusterSpecBaseFieldLocalClusterAuthEndpoint = "localClusterAuthEndpoint" ClusterSpecBaseFieldRancherKubernetesEngineConfig = "rancherKubernetesEngineConfig" + ClusterSpecBaseFieldScheduledClusterScan = "scheduledClusterScan" ClusterSpecBaseFieldWindowsPreferedCluster = "windowsPreferedCluster" ) @@ -28,5 +29,6 @@ type ClusterSpecBase struct { EnableNetworkPolicy *bool `json:"enableNetworkPolicy,omitempty" yaml:"enableNetworkPolicy,omitempty"` LocalClusterAuthEndpoint *LocalClusterAuthEndpoint `json:"localClusterAuthEndpoint,omitempty" yaml:"localClusterAuthEndpoint,omitempty"` RancherKubernetesEngineConfig *RancherKubernetesEngineConfig `json:"rancherKubernetesEngineConfig,omitempty" yaml:"rancherKubernetesEngineConfig,omitempty"` + ScheduledClusterScan *ScheduledClusterScan `json:"scheduledClusterScan,omitempty" yaml:"scheduledClusterScan,omitempty"` WindowsPreferedCluster bool `json:"windowsPreferedCluster,omitempty" yaml:"windowsPreferedCluster,omitempty"` } diff --git a/client/management/v3/zz_generated_cluster_status.go b/client/management/v3/zz_generated_cluster_status.go index 6ac55e84..9b03387f 100644 --- a/client/management/v3/zz_generated_cluster_status.go +++ b/client/management/v3/zz_generated_cluster_status.go @@ -22,29 +22,31 @@ const ( ClusterStatusFieldLimits = "limits" ClusterStatusFieldMonitoringStatus = "monitoringStatus" ClusterStatusFieldRequested = "requested" + ClusterStatusFieldScheduledClusterScanStatus = "scheduledClusterScanStatus" ClusterStatusFieldVersion = "version" ) type ClusterStatus struct { - APIEndpoint string `json:"apiEndpoint,omitempty" yaml:"apiEndpoint,omitempty"` - AgentFeatures map[string]bool `json:"agentFeatures,omitempty" yaml:"agentFeatures,omitempty"` - AgentImage string `json:"agentImage,omitempty" yaml:"agentImage,omitempty"` - Allocatable map[string]string `json:"allocatable,omitempty" yaml:"allocatable,omitempty"` - AppliedEnableNetworkPolicy bool `json:"appliedEnableNetworkPolicy,omitempty" yaml:"appliedEnableNetworkPolicy,omitempty"` - AppliedPodSecurityPolicyTemplateName string `json:"appliedPodSecurityPolicyTemplateId,omitempty" yaml:"appliedPodSecurityPolicyTemplateId,omitempty"` - AppliedSpec *ClusterSpec `json:"appliedSpec,omitempty" yaml:"appliedSpec,omitempty"` - AuthImage string `json:"authImage,omitempty" yaml:"authImage,omitempty"` - CACert string `json:"caCert,omitempty" yaml:"caCert,omitempty"` - Capabilities *Capabilities `json:"capabilities,omitempty" yaml:"capabilities,omitempty"` - Capacity map[string]string `json:"capacity,omitempty" yaml:"capacity,omitempty"` - CertificatesExpiration map[string]CertExpiration `json:"certificatesExpiration,omitempty" yaml:"certificatesExpiration,omitempty"` - ComponentStatuses []ClusterComponentStatus `json:"componentStatuses,omitempty" yaml:"componentStatuses,omitempty"` - Conditions []ClusterCondition `json:"conditions,omitempty" yaml:"conditions,omitempty"` - Driver string `json:"driver,omitempty" yaml:"driver,omitempty"` - FailedSpec *ClusterSpec `json:"failedSpec,omitempty" yaml:"failedSpec,omitempty"` - IstioEnabled bool `json:"istioEnabled,omitempty" yaml:"istioEnabled,omitempty"` - Limits map[string]string `json:"limits,omitempty" yaml:"limits,omitempty"` - MonitoringStatus *MonitoringStatus `json:"monitoringStatus,omitempty" yaml:"monitoringStatus,omitempty"` - Requested map[string]string `json:"requested,omitempty" yaml:"requested,omitempty"` - Version *Info `json:"version,omitempty" yaml:"version,omitempty"` + APIEndpoint string `json:"apiEndpoint,omitempty" yaml:"apiEndpoint,omitempty"` + AgentFeatures map[string]bool `json:"agentFeatures,omitempty" yaml:"agentFeatures,omitempty"` + AgentImage string `json:"agentImage,omitempty" yaml:"agentImage,omitempty"` + Allocatable map[string]string `json:"allocatable,omitempty" yaml:"allocatable,omitempty"` + AppliedEnableNetworkPolicy bool `json:"appliedEnableNetworkPolicy,omitempty" yaml:"appliedEnableNetworkPolicy,omitempty"` + AppliedPodSecurityPolicyTemplateName string `json:"appliedPodSecurityPolicyTemplateId,omitempty" yaml:"appliedPodSecurityPolicyTemplateId,omitempty"` + AppliedSpec *ClusterSpec `json:"appliedSpec,omitempty" yaml:"appliedSpec,omitempty"` + AuthImage string `json:"authImage,omitempty" yaml:"authImage,omitempty"` + CACert string `json:"caCert,omitempty" yaml:"caCert,omitempty"` + Capabilities *Capabilities `json:"capabilities,omitempty" yaml:"capabilities,omitempty"` + Capacity map[string]string `json:"capacity,omitempty" yaml:"capacity,omitempty"` + CertificatesExpiration map[string]CertExpiration `json:"certificatesExpiration,omitempty" yaml:"certificatesExpiration,omitempty"` + ComponentStatuses []ClusterComponentStatus `json:"componentStatuses,omitempty" yaml:"componentStatuses,omitempty"` + Conditions []ClusterCondition `json:"conditions,omitempty" yaml:"conditions,omitempty"` + Driver string `json:"driver,omitempty" yaml:"driver,omitempty"` + FailedSpec *ClusterSpec `json:"failedSpec,omitempty" yaml:"failedSpec,omitempty"` + IstioEnabled bool `json:"istioEnabled,omitempty" yaml:"istioEnabled,omitempty"` + Limits map[string]string `json:"limits,omitempty" yaml:"limits,omitempty"` + MonitoringStatus *MonitoringStatus `json:"monitoringStatus,omitempty" yaml:"monitoringStatus,omitempty"` + Requested map[string]string `json:"requested,omitempty" yaml:"requested,omitempty"` + ScheduledClusterScanStatus *ScheduledClusterScanStatus `json:"scheduledClusterScanStatus,omitempty" yaml:"scheduledClusterScanStatus,omitempty"` + Version *Info `json:"version,omitempty" yaml:"version,omitempty"` } diff --git a/client/management/v3/zz_generated_scheduled_cluster_scan.go b/client/management/v3/zz_generated_scheduled_cluster_scan.go new file mode 100644 index 00000000..dcdab448 --- /dev/null +++ b/client/management/v3/zz_generated_scheduled_cluster_scan.go @@ -0,0 +1,14 @@ +package client + +const ( + ScheduledClusterScanType = "scheduledClusterScan" + ScheduledClusterScanFieldEnabled = "enabled" + ScheduledClusterScanFieldScanConfig = "scanConfig" + ScheduledClusterScanFieldScheduleConfig = "scheduleConfig" +) + +type ScheduledClusterScan struct { + Enabled bool `json:"enabled,omitempty" yaml:"enabled,omitempty"` + ScanConfig *ClusterScanConfig `json:"scanConfig,omitempty" yaml:"scanConfig,omitempty"` + ScheduleConfig *ScheduledClusterScanConfig `json:"scheduleConfig,omitempty" yaml:"scheduleConfig,omitempty"` +} diff --git a/client/management/v3/zz_generated_scheduled_cluster_scan_config.go b/client/management/v3/zz_generated_scheduled_cluster_scan_config.go new file mode 100644 index 00000000..6355c631 --- /dev/null +++ b/client/management/v3/zz_generated_scheduled_cluster_scan_config.go @@ -0,0 +1,12 @@ +package client + +const ( + ScheduledClusterScanConfigType = "scheduledClusterScanConfig" + ScheduledClusterScanConfigFieldCronSchedule = "cronSchedule" + ScheduledClusterScanConfigFieldRetention = "retention" +) + +type ScheduledClusterScanConfig struct { + CronSchedule string `json:"cronSchedule,omitempty" yaml:"cronSchedule,omitempty"` + Retention int64 `json:"retention,omitempty" yaml:"retention,omitempty"` +} diff --git a/client/management/v3/zz_generated_scheduled_cluster_scan_status.go b/client/management/v3/zz_generated_scheduled_cluster_scan_status.go new file mode 100644 index 00000000..1060685b --- /dev/null +++ b/client/management/v3/zz_generated_scheduled_cluster_scan_status.go @@ -0,0 +1,12 @@ +package client + +const ( + ScheduledClusterScanStatusType = "scheduledClusterScanStatus" + ScheduledClusterScanStatusFieldEnabled = "enabled" + ScheduledClusterScanStatusFieldLastRunTimestamp = "lastRunTimestamp" +) + +type ScheduledClusterScanStatus struct { + Enabled bool `json:"enabled,omitempty" yaml:"enabled,omitempty"` + LastRunTimestamp string `json:"lastRunTimestamp,omitempty" yaml:"lastRunTimestamp,omitempty"` +} diff --git a/condition/constants.go b/condition/constants.go index f0d94bd6..e5210e45 100644 --- a/condition/constants.go +++ b/condition/constants.go @@ -18,4 +18,9 @@ const ( // error type Failed cond.Cond = "Failed" + + // generic type + // these will not trigger any state change on the object + + Alerted cond.Cond = "Alerted" )