forked from rancher/cis-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcrd.go
More file actions
112 lines (102 loc) · 3.47 KB
/
crd.go
File metadata and controls
112 lines (102 loc) · 3.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package crds
import (
"encoding/json"
"fmt"
"os"
"strings"
cisoperator "github.com/rancher/cis-operator/pkg/apis/cis.cattle.io/v1"
"github.com/rancher/wrangler/v3/pkg/crd"
_ "github.com/rancher/wrangler/v3/pkg/generated/controllers/apiextensions.k8s.io" //using init
"github.com/rancher/wrangler/v3/pkg/yaml"
apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
func WriteCRD() error {
for _, crdDef := range List() {
bCrd, err := crdDef.ToCustomResourceDefinition()
if err != nil {
return err
}
newObj, _ := bCrd.(*unstructured.Unstructured)
var crd apiextv1.CustomResourceDefinition
if err := runtime.DefaultUnstructuredConverter.FromUnstructured(newObj.Object, &crd); err != nil {
return err
}
if crd.Name == "clusterscans.cis.cattle.io" {
customizeClusterScan(&crd)
}
yamlBytes, err := yaml.Export(&crd)
if err != nil {
return err
}
filename := fmt.Sprintf("./crds/%s.yaml", strings.ToLower(crd.Spec.Names.Kind))
err = os.WriteFile(filename, yamlBytes, 0o600)
if err != nil {
return err
}
}
return nil
}
func List() []crd.CRD {
return []crd.CRD{
newCRD(&cisoperator.ClusterScan{}, func(c crd.CRD) crd.CRD {
return c.
WithColumn("ClusterScanProfile", ".status.lastRunScanProfileName").
WithColumn("Total", ".status.summary.total").
WithColumn("Pass", ".status.summary.pass").
WithColumn("Fail", ".status.summary.fail").
WithColumn("Skip", ".status.summary.skip").
WithColumn("Warn", ".status.summary.warn").
WithColumn("Not Applicable", ".status.summary.notApplicable").
WithColumn("LastRunTimestamp", ".status.lastRunTimestamp").
WithColumn("CronSchedule", ".spec.scheduledScanConfig.cronSchedule")
}),
newCRD(&cisoperator.ClusterScanProfile{}, func(c crd.CRD) crd.CRD {
return c.
WithColumn("BenchmarkVersion", ".spec.benchmarkVersion")
}),
newCRD(&cisoperator.ClusterScanReport{}, func(c crd.CRD) crd.CRD {
return c.
WithColumn("LastRunTimestamp", ".spec.lastRunTimestamp").
WithColumn("BenchmarkVersion", ".spec.benchmarkVersion")
}),
newCRD(&cisoperator.ClusterScanBenchmark{}, func(c crd.CRD) crd.CRD {
return c.
WithColumn("ClusterProvider", ".spec.clusterProvider").
WithColumn("MinKubernetesVersion", ".spec.minKubernetesVersion").
WithColumn("MaxKubernetesVersion", ".spec.maxKubernetesVersion").
WithColumn("customBenchmarkConfigMapName", ".spec.customBenchmarkConfigMapName").
WithColumn("customBenchmarkConfigMapNamespace", ".spec.customBenchmarkConfigMapNamespace")
}),
}
}
func newCRD(obj interface{}, customize func(crd.CRD) crd.CRD) crd.CRD {
crd := crd.CRD{
GVK: schema.GroupVersionKind{
Group: "cis.cattle.io",
Version: "v1",
},
NonNamespace: true,
Status: true,
SchemaObject: obj,
}
if customize != nil {
crd = customize(crd)
}
return crd
}
func customizeClusterScan(clusterScan *apiextv1.CustomResourceDefinition) {
properties := clusterScan.Spec.Versions[0].Schema.OpenAPIV3Schema.Properties
if len(properties) == 0 {
return
}
spec := properties["spec"]
scoreWarning := spec.Properties["scoreWarning"]
passRaw, _ := json.Marshal(cisoperator.ClusterScanPassOnWarning)
failRaw, _ := json.Marshal(cisoperator.ClusterScanFailOnWarning)
scoreWarning.Enum = []apiextv1.JSON{{Raw: passRaw}, {Raw: failRaw}}
spec.Properties["scoreWarning"] = scoreWarning
properties["spec"] = spec
}