open-cluster-management.io/governance-policy-propagator@v0.13.0/api/v1beta1/policyautomation_types.go

open-cluster-management.io/governance-policy-propagator@v0.13.0/api/v1beta1/policyautomation_types.go (about)

     1  // Copyright (c) 2021 Red Hat, Inc.
     2  // Copyright Contributors to the Open Cluster Management project
     3  
     4  package v1beta1
     5  
     6  import (
     7  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
     8  	runtime "k8s.io/apimachinery/pkg/runtime"
     9  
    10  	policyv1 "open-cluster-management.io/governance-policy-propagator/api/v1"
    11  )
    12  
    13  // PolicyAutomationSpec defines the desired state of PolicyAutomation
    14  type PolicyAutomationSpec struct {
    15  	// PolicyRef is the name of the policy that this automation resource
    16  	// is bound to.
    17  	// +kubebuilder:validation:Required
    18  	PolicyRef string `json:"policyRef"`
    19  	// Mode decides how automation is going to be triggered
    20  	Mode PolicyAutomationMode `json:"mode"`
    21  	// EventHook decides when automation is going to be triggered
    22  	// +kubebuilder:validation:Enum={noncompliant}
    23  	// +kubebuilder:validation:Required
    24  	EventHook string `json:"eventHook,omitempty"`
    25  	// RescanAfter is reserved for future use.
    26  	RescanAfter string `json:"rescanAfter,omitempty"`
    27  	// DelayAfterRunSeconds sets the minimum number of seconds before
    28  	// an automation can run again due to a new violation on the same
    29  	// managed cluster. This only applies to the EveryEvent Mode.  The
    30  	// default value is 0.
    31  	// +kubebuilder:validation:Minimum=0
    32  	DelayAfterRunSeconds uint `json:"delayAfterRunSeconds,omitempty"`
    33  	// +kubebuilder:validation:Required
    34  	Automation AutomationDef `json:"automationDef"`
    35  }
    36  
    37  // +kubebuilder:validation:Enum={once,everyEvent,disabled}
    38  // +kubebuilder:validation:Required
    39  type PolicyAutomationMode string
    40  
    41  const (
    42  	Once       PolicyAutomationMode = "once"
    43  	EveryEvent PolicyAutomationMode = "everyEvent"
    44  	Disabled   PolicyAutomationMode = "disabled"
    45  )
    46  
    47  const DefaultPolicyViolationsLimit = 1000
    48  
    49  // AutomationDef defines the automation to invoke
    50  type AutomationDef struct {
    51  	// Type of the automation to invoke
    52  	Type string `json:"type,omitempty"`
    53  	// Name of the Ansible Template to run in Tower as a job
    54  	// +kubebuilder:validation:Required
    55  	// +kubebuilder:validation:MinLength=1
    56  	Name string `json:"name"`
    57  	// ExtraVars is passed to the Ansible job at execution time and is a known Ansible entity.
    58  	// +kubebuilder:pruning:PreserveUnknownFields
    59  	ExtraVars *runtime.RawExtension `json:"extra_vars,omitempty"`
    60  	// TowerSecret is the name of the secret that contains the Ansible Automation Platform
    61  	// credential.
    62  	// +kubebuilder:validation:Required
    63  	// +kubebuilder:validation:MinLength=1
    64  	TowerSecret string `json:"secret"`
    65  	// JobTTL sets the time to live for the Kubernetes AnsibleJob object after the Ansible job run has finished.
    66  	JobTTL *int `json:"jobTtl,omitempty"`
    67  	// +kubebuilder:validation:Minimum=0
    68  	// The maximum number of violating cluster contexts that will be provided to the Ansible job as extra variables.
    69  	// When policyViolationsLimit is set to 0, it means no limit.
    70  	// The default value is 1000.
    71  	PolicyViolationsLimit *uint `json:"policyViolationsLimit,omitempty"`
    72  }
    73  
    74  // ViolationContext defines the non-compliant replicated policy information
    75  // that is sent to the AnsibleJob through extra_vars.
    76  type ViolationContext struct {
    77  	TargetClusters   []string                          `json:"targetClusters" ansibleJob:"target_clusters"`
    78  	PolicyName       string                            `json:"policyName" ansibleJob:"policy_name"`
    79  	PolicyNamespace  string                            `json:"policyNamespace" ansibleJob:"policy_namespace"`
    80  	HubCluster       string                            `json:"hubCluster" ansibleJob:"hub_cluster"`
    81  	PolicySets       []string                          `json:"policySets" ansibleJob:"policy_sets"`
    82  	PolicyViolations map[string]ReplicatedPolicyStatus `json:"policyViolations" ansibleJob:"policy_violations"`
    83  }
    84  
    85  // PolicyAutomationStatus defines the observed state of PolicyAutomation
    86  type PolicyAutomationStatus struct {
    87  	// Cluster name as the key of ClustersWithEvent
    88  	ClustersWithEvent map[string]ClusterEvent `json:"clustersWithEvent,omitempty"`
    89  }
    90  
    91  //+kubebuilder:object:root=true
    92  
    93  // PolicyAutomation is the Schema for the policyautomations API
    94  // +kubebuilder:subresource:status
    95  // +kubebuilder:resource:path=policyautomations,scope=Namespaced
    96  // +kubebuilder:resource:path=policyautomations,shortName=plca
    97  type PolicyAutomation struct {
    98  	metav1.TypeMeta   `json:",inline"`
    99  	metav1.ObjectMeta `json:"metadata,omitempty"`
   100  	// +kubebuilder:validation:Required
   101  	Spec   PolicyAutomationSpec   `json:"spec"`
   102  	Status PolicyAutomationStatus `json:"status,omitempty"`
   103  }
   104  
   105  //+kubebuilder:object:root=true
   106  
   107  // PolicyAutomationList contains a list of PolicyAutomation
   108  type PolicyAutomationList struct {
   109  	metav1.TypeMeta `json:",inline"`
   110  	metav1.ListMeta `json:"metadata,omitempty"`
   111  	Items           []PolicyAutomation `json:"items"`
   112  }
   113  
   114  // PolicyAutomation events on each target cluster
   115  type ClusterEvent struct {
   116  	// Policy automation start time for everyEvent mode
   117  	AutomationStartTime string `json:"automationStartTime"`
   118  	// The last policy compliance transition event time
   119  	EventTime string `json:"eventTime"`
   120  }
   121  
   122  func init() {
   123  	SchemeBuilder.Register(&PolicyAutomation{}, &PolicyAutomationList{})
   124  }
   125  
   126  // ReplicatedDetailsPerTemplate defines the replicated policy compliance details and history
   127  type ReplicatedDetailsPerTemplate struct {
   128  	ComplianceState policyv1.ComplianceState      `json:"compliant"`
   129  	History         []ReplicatedComplianceHistory `json:"history"`
   130  }
   131  
   132  // ReplicatedComplianceHistory defines the replicated policy compliance details history
   133  type ReplicatedComplianceHistory struct {
   134  	LastTimestamp metav1.Time `json:"lastTimestamp,omitempty" protobuf:"bytes,7,opt,name=lastTimestamp"`
   135  	Message       string      `json:"message,omitempty" protobuf:"bytes,4,opt,name=message"`
   136  }
   137  
   138  // ReplicatedPolicyStatus defines the replicated policy status
   139  type ReplicatedPolicyStatus struct {
   140  	ComplianceState  policyv1.ComplianceState       `json:"compliant"`         // used by replicated policy
   141  	ViolationMessage string                         `json:"violation_message"` // used by replicated policy
   142  	Details          []ReplicatedDetailsPerTemplate `json:"details"`           // used by replicated policy
   143  }