Add & Implement PolicyReport API for gatekeeper policies (#188)

Signed-off-by: Arnob kumar saha <[email protected]>

Author: ArnobKumarSaha

.config/api-rules/violation_exceptions.list

@@ -140,6 +140,10 @@ API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,CertificateS
 API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,CertificateSpec,EmailAddresses
 API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,CertificateSpec,IPAddresses
 API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,CertificateSpec,URIs
+API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,ImageInfo,Lineages
+API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,Lineage,Chain
+API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,Lineage,Containers
+API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,PullCredentials,SecretRefs
 API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,TLSConfig,Certificates
 API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,X509Subject,Countries
 API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,X509Subject,Localities
@@ -148,7 +152,8 @@ API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,X509Subject,
 API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,X509Subject,PostalCodes
 API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,X509Subject,Provinces
 API rule violation: list_type_missing,kmodules.xyz/client-go/api/v1,X509Subject,StreetAddresses
-API rule violation: list_type_missing,kubeops.dev/ui-server/apis/identity/v1alpha1,UserInfo,Groups
+API rule violation: list_type_missing,kubeops.dev/ui-server/apis/policy/v1alpha1,Constraint,Violations
+API rule violation: list_type_missing,kubeops.dev/ui-server/apis/policy/v1alpha1,PolicyReportResponse,Constraints
 API rule violation: names_match,k8s.io/api/core/v1,AzureDiskVolumeSource,DataDiskURI
 API rule violation: names_match,k8s.io/api/core/v1,ContainerStatus,LastTerminationState
 API rule violation: names_match,k8s.io/api/core/v1,DaemonEndpoint,Port

Makefile

@@ -26,7 +26,7 @@ COMPRESS ?= no
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS          ?= "crd:crdVersions={v1},allowDangerousTypes=true"
 CODE_GENERATOR_IMAGE ?= appscode/gengo:release-1.25
-API_GROUPS           ?= identity:v1alpha1
+API_GROUPS           ?= identity:v1alpha1 policy:v1alpha1
 
 # Where to push the docker image.
 REGISTRY ?= ghcr.io/appscode

apis/identity/v1alpha1/openapi_generated.go

@@ -0,0 +1,34 @@
+/*
+Copyright AppsCode Inc. and Contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package fuzzer
+
+import (
+	"kubeops.dev/ui-server/apis/policy/v1alpha1"
+
+	fuzz "github.com/google/gofuzz"
+	runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
+)
+
+// Funcs returns the fuzzer functions for this api group.
+var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
+	return []interface{}{
+		// v1alpha1
+		func(s *v1alpha1.PolicyReport, c fuzz.Continue) {
+			c.FuzzNoCustom(s) // fuzz self without calling this function again
+		},
+	}
+}

apis/policy/fuzzer/fuzzer.go

@@ -0,0 +1,29 @@
+/*
+Copyright AppsCode Inc. and Contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package install
+
+import (
+	"kubeops.dev/ui-server/apis/policy/v1alpha1"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+)
+
+// Install registers the API group and adds types to a scheme
+func Install(scheme *runtime.Scheme) {
+	utilruntime.Must(v1alpha1.AddToScheme(scheme))
+}

apis/policy/install/install.go

@@ -0,0 +1,31 @@
+/*
+Copyright AppsCode Inc. and Contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package install
+
+import (
+	"testing"
+
+	policyfuzzer "kubeops.dev/ui-server/apis/policy/fuzzer"
+
+	"k8s.io/apimachinery/pkg/api/apitesting/roundtrip"
+)
+
+func TestRoundTripTypes(t *testing.T) {
+	roundtrip.RoundTripTestForAPIGroup(t, Install, policyfuzzer.Funcs)
+	// TODO: enable protobuf generation for the sample-apiserver
+	// roundtrip.RoundTripProtobufTestForAPIGroup(t, Install, identityfuzzer.Funcs)
+}

apis/policy/install/roundtrip_test.go

@@ -0,0 +1,23 @@
+/*
+Copyright AppsCode Inc. and Contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the identity v1alpha1 API group
+
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+// +k8s:defaulter-gen=TypeMeta
+// +groupName=policy.k8s.appscode.com
+package v1alpha1 // import "kubeops.dev/ui-server/apis/policy/v1alpha1"

apis/policy/v1alpha1/doc.go

@@ -0,0 +1,19 @@
+/*
+Copyright AppsCode Inc. and Contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+const GroupName = "policy.k8s.appscode.com"