secureCodeBox
diff --git a/‎operator/PROJECT‎
Lines changed: 3 additions & 0 deletions b/‎operator/PROJECT‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎operator/apis/cascading/v1/cascadingrule_types.go‎
Lines changed: 77 additions & 0 deletions b/‎operator/apis/cascading/v1/cascadingrule_types.go‎
Lines changed: 77 additions & 0 deletions
diff --git a/‎operator/apis/cascading/v1/groupversion_info.go‎
Lines changed: 36 additions & 0 deletions b/‎operator/apis/cascading/v1/groupversion_info.go‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎operator/apis/cascading/v1/zz_generated.deepcopy.go‎
Lines changed: 114 additions & 0 deletions b/‎operator/apis/cascading/v1/zz_generated.deepcopy.go‎
Lines changed: 114 additions & 0 deletions
diff --git a/‎operator/config/crd/bases/cascading.experimental.securecodebox.io_cascadingrules.yaml‎
Lines changed: 93 additions & 0 deletions b/‎operator/config/crd/bases/cascading.experimental.securecodebox.io_cascadingrules.yaml‎
Lines changed: 93 additions & 0 deletions
diff --git a/‎operator/config/crd/kustomization.yaml‎
Lines changed: 3 additions & 0 deletions b/‎operator/config/crd/kustomization.yaml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎operator/config/crd/patches/cainjection_in_cascadingrules.yaml‎
Lines changed: 8 additions & 0 deletions b/‎operator/config/crd/patches/cainjection_in_cascadingrules.yaml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎operator/config/crd/patches/webhook_in_cascadingrules.yaml‎
Lines changed: 17 additions & 0 deletions b/‎operator/config/crd/patches/webhook_in_cascadingrules.yaml‎
Lines changed: 17 additions & 0 deletions
@@ -20,4 +20,7 @@ resources:
 - group: targets
   kind: Host
   version: v1
+- group: cascading
+  kind: CascadingRule
+  version: v1
 version: "2"
@@ -0,0 +1,77 @@
+/*
+Copyright 2020 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// CascadingRuleSpec defines the desired state of CascadingRule
+type CascadingRuleSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Foo is an example field of CascadingRule. Edit CascadingRule_types.go to remove/update
+	Matches  []MatchesRule        `json:"matches"`
+	ScanSpec executionv1.ScanSpec `json:"scanSpec"`
+}
+
+// MatchesRule is a generic map which is used to model the structure of a finding for which the CascadingRule should take effect
+type MatchesRule struct {
+	Name        string                        `json:"name,omitempty"`
+	Category    string                        `json:"category,omitempty"`
+	Description string                        `json:"description,omitempty"`
+	Location    string                        `json:"location,omitempty"`
+	Severity    string                        `json:"severity,omitempty"`
+	OsiLayer    string                        `json:"osi_layer,omitempty"`
+	Attributes  map[string]intstr.IntOrString `json:"attributes,omitempty"`
+}
+
+// CascadingRuleStatus defines the observed state of CascadingRule
+type CascadingRuleStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+// +kubebuilder:object:root=true
+
+// CascadingRule is the Schema for the cascadingrules API
+type CascadingRule struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   CascadingRuleSpec   `json:"spec,omitempty"`
+	Status CascadingRuleStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// CascadingRuleList contains a list of CascadingRule
+type CascadingRuleList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []CascadingRule `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&CascadingRule{}, &CascadingRuleList{})
+}
@@ -0,0 +1,36 @@
+/*
+Copyright 2020 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1 contains API Schema definitions for the cascading v1 API group
+// +kubebuilder:object:generate=true
+// +groupName=cascading.experimental.securecodebox.io
+package v1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "cascading.experimental.securecodebox.io", Version: "v1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
@@ -0,0 +1,93 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.4
+  creationTimestamp: null
+  name: cascadingrules.cascading.experimental.securecodebox.io
+spec:
+  group: cascading.experimental.securecodebox.io
+  names:
+    kind: CascadingRule
+    listKind: CascadingRuleList
+    plural: cascadingrules
+    singular: cascadingrule
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      description: CascadingRule is the Schema for the cascadingrules API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: CascadingRuleSpec defines the desired state of CascadingRule
+          properties:
+            matches:
+              description: Foo is an example field of CascadingRule. Edit CascadingRule_types.go
+                to remove/update
+              items:
+                description: MatchesRule is a generic map which is used to model the
+                  structure of a finding for which the CascadingRule should take effect
+                properties:
+                  attributes:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      x-kubernetes-int-or-string: true
+                    type: object
+                  category:
+                    type: string
+                  description:
+                    type: string
+                  location:
+                    type: string
+                  name:
+                    type: string
+                  osi_layer:
+                    type: string
+                  severity:
+                    type: string
+                type: object
+              type: array
+            scanSpec:
+              description: ScanSpec defines the desired state of Scan
+              properties:
+                parameters:
+                  items:
+                    type: string
+                  type: array
+                scanType:
+                  type: string
+              type: object
+          required:
+          - matches
+          - scanSpec
+          type: object
+        status:
+          description: CascadingRuleStatus defines the observed state of CascadingRule
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
@@ -8,6 +8,7 @@ resources:
 - bases/execution.experimental.securecodebox.io_parsedefinitions.yaml
 - bases/execution.experimental.securecodebox.io_scheduledscans.yaml
 - bases/targets.experimental.securecodebox.io_hosts.yaml
+- bases/cascading.experimental.securecodebox.io_cascadingrules.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -19,6 +20,7 @@ patchesStrategicMerge:
 #- patches/webhook_in_parsedefinitions.yaml
 #- patches/webhook_in_scheduledscans.yaml
 #- patches/webhook_in_hosts.yaml
+#- patches/webhook_in_cascadingrules.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
@@ -29,6 +31,7 @@ patchesStrategicMerge:
 #- patches/cainjection_in_parsedefinitions.yaml
 #- patches/cainjection_in_scheduledscans.yaml
 #- patches/cainjection_in_hosts.yaml
+#- patches/cainjection_in_cascadingrules.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.
 
@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: cascadingrules.cascading.experimental.securecodebox.io
@@ -0,0 +1,17 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: cascadingrules.cascading.experimental.securecodebox.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert