forked from buildsec/frsca
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfrsca.cue
100 lines (85 loc) · 2.5 KB
/
frsca.cue
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
package frsca
import (
k8sCoreV1 "k8s.io/api/core/v1"
k8sRbacV1 "k8s.io/api/rbac/v1"
kyvernoV1 "github.com/kyverno/kyverno/api/kyverno/v1"
pipelineV1Beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
)
frsca: configMap?: [Name=_]: k8sCoreV1.#ConfigMap & {
apiVersion: "v1"
kind: "ConfigMap"
metadata: name: *Name | string
}
frsca: secret?: [Name=_]: k8sCoreV1.#Secret & {
apiVersion: "v1"
kind: "Secret"
metadata: name: *Name | string
}
frsca: serviceAccount?: [Name=_]: k8sCoreV1.#ServiceAccount & {
apiVersion: "v1"
kind: "ServiceAccount"
metadata: name: *Name | string
}
frsca: role?: [Name=_]: k8sRbacV1.#Role & {
kind: "Role"
apiVersion: "rbac.authorization.k8s.io/v1"
metadata: name: *Name | string
}
frsca: clusterRole?: [Name=_]: k8sRbacV1.#ClusterRole & {
kind: "ClusterRole"
apiVersion: "rbac.authorization.k8s.io/v1"
metadata: name: *Name | string
}
frsca: roleBinding?: [Name=_]: k8sRbacV1.#RoleBinding & {
apiVersion: "rbac.authorization.k8s.io/v1"
kind: "RoleBinding"
metadata: name: *Name | string
}
frsca: clusterRoleBinding?: [Name=_]: k8sRbacV1.#ClusterRoleBinding & {
apiVersion: "rbac.authorization.k8s.io/v1"
kind: "ClusterRoleBinding"
metadata: name: *Name | string
}
frsca: task?: [Name=_]: pipelineV1Beta1.#Task & {
apiVersion: "tekton.dev/v1beta1"
kind: "Task"
metadata: name: *Name | string
}
frsca: taskRun?: [Name=_]: pipelineV1Beta1.#TaskRun & {
apiVersion: "tekton.dev/v1beta1"
kind: "TaskRun"
metadata: name: *Name | string
}
frsca: pipeline?: [Name=_]: pipelineV1Beta1.#Pipeline & {
apiVersion: "tekton.dev/v1beta1"
kind: "Pipeline"
metadata: name: *Name | string
}
frsca: pipelineRun?: [GeneratedName=_]: pipelineV1Beta1.#PipelineRun & {
apiVersion: "tekton.dev/v1beta1"
kind: "PipelineRun"
metadata: {
generateName: *GeneratedName | string
labels: "app.kubernetes.io/description": "PipelineRun"
}
}
frsca: persistentVolumeClaim?: [Name=_]: k8sCoreV1.#PersistentVolumeClaim & {
apiVersion: "v1"
kind: "PersistentVolumeClaim"
metadata: name: *Name | string
}
frsca: clusterPolicy?: [Name=_]: kyvernoV1.#ClusterPolicy & {
apiVersion: "kyverno.io/v1"
kind: "ClusterPolicy"
metadata: name: *Name | string
}
// Compensate for Kyverno ImageVerification bool defaults
frsca: clusterPolicy?: [_]: {
spec: rules: [...{
verifyImages: [...{
mutateDigest: *true | bool
verifyDigest: *true | bool
required: *true | bool
}]
}]
}