Retracted

compliance

package

v0.8.0 Latest Latest Go to latest Published: Jul 23, 2020 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/DataDog/datadog-agent

Links

Open Source Insights

Documentation ¶

Overview ¶

Package compliance defines common interfaces and types for Compliance Agent

Index ¶

Constants
type Audit
- func (a *Audit) Validate() error
type BinaryCmd
- func (c *BinaryCmd) String() string
type CheckVisitor
type Command
- func (c *Command) String() string
type DockerResource
type File
type Group
type HostSelector
type KubeNodeSelector
type KubernetesAPIRequest
type KubernetesResource
- func (kr *KubernetesResource) String() string
type Process
type Resource
- func (r *Resource) Kind() ResourceKind
type ResourceKind
type Rule
type Scope
type ShellCmd
- func (c *ShellCmd) String() string
type Suite
- func ParseSuite(config string) (*Suite, error)
type SuiteMeta

Constants ¶

View Source

const (
	// KindInvalid is set in case resource is invalid
	KindInvalid = ResourceKind("invalid")
	// KindFile is used for a file resource
	KindFile = ResourceKind("file")
	// KindProcess is used for a Process resource
	KindProcess = ResourceKind("process")
	// KindGroup is used for a Group resource
	KindGroup = ResourceKind("group")
	// KindCommand is used for a Command resource
	KindCommand = ResourceKind("command")
	// KindDocker is used for a DockerResource resource
	KindDocker = ResourceKind("docker")
	// KindAudit is used for an Audit resource
	KindAudit = ResourceKind("audit")
	// KindKubernetes is used for a KubernetesResource
	KindKubernetes = ResourceKind("kubernetes")
)

View Source

const (
	// DockerScope const
	DockerScope string = "docker"
	// KubernetesNodeScope const
	KubernetesNodeScope string = "kubernetesNode"
	// KubernetesClusterScope const
	KubernetesClusterScope string = "kubernetesCluster"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Audit ¶

type Audit struct {
	Path string `yaml:"path"`
}

Audit describes an audited file resource

func (*Audit) Validate ¶

func (a *Audit) Validate() error

Validate validates audit resource

type BinaryCmd ¶

type BinaryCmd struct {
	Name string   `yaml:"name"`
	Args []string `yaml:"args,omitempty"`
}

BinaryCmd describes a command in form of a name + args

func (*BinaryCmd) String ¶

func (c *BinaryCmd) String() string

type CheckVisitor ¶

type CheckVisitor func(check.Check) error

CheckVisitor defines a visitor func for compliance checks

type Command ¶

type Command struct {
	BinaryCmd      *BinaryCmd `yaml:"binary,omitempty"`
	ShellCmd       *ShellCmd  `yaml:"shell,omitempty"`
	TimeoutSeconds int        `yaml:"timeout,omitempty"`
}

Command describes a command resource usually reporting exit code or output

func (*Command) String ¶

func (c *Command) String() string

type DockerResource ¶

type DockerResource struct {
	Kind string `yaml:"kind"`
}

DockerResource describes a resource from docker daemon

type File ¶

type File struct {
	Path string `yaml:"path"`
}

File describes a file resource

type Group ¶

type Group struct {
	Name string `yaml:"name"`
}

Group describes a group membership resource

type HostSelector ¶

type HostSelector struct {
	KubernetesNodeLabels []KubeNodeSelector `yaml:"kubernetesRole,omitempty"`
	KubernetesNodeRole   string             `yaml:"kubernetesNodeRole,omitempty"`
}

HostSelector allows to activate/deactivate dynamically based on host properties

type KubeNodeSelector ¶

type KubeNodeSelector struct {
	Label string `yaml:"label,omitempty"`
	Value string `yaml:"value,omitempty"`
}

KubeNodeSelector defines selector for a Kubernetes node

type KubernetesAPIRequest ¶

type KubernetesAPIRequest struct {
	Verb         string `yaml:"verb"`
	ResourceName string `yaml:"resourceName,omitempty"`
}

KubernetesAPIRequest defines it check applies to a single object or a list

type KubernetesResource ¶

type KubernetesResource struct {
	Kind      string `yaml:"kind"`
	Version   string `yaml:"version,omitempty"`
	Group     string `yaml:"group"`
	Namespace string `yaml:"namespace,omitempty"`

	// A selector to restrict the list of returned objects by their labels.
	// Defaults to everything.
	LabelSelector string `yaml:"labelSelector,omitempty"`
	// A selector to restrict the list of returned objects by their fields.
	// Defaults to everything.
	FieldSelector string `yaml:"fieldSelector,omitempty"`

	APIRequest KubernetesAPIRequest `yaml:"apiRequest"`
}

KubernetesResource describes any object in Kubernetes (incl. CRDs)

func (*KubernetesResource) String ¶

func (kr *KubernetesResource) String() string

String returns human-friendly information string about the KubernetesResource

type Process ¶

type Process struct {
	Name string `yaml:"name"`
}

Process describes a process resource

type Resource ¶

type Resource struct {
	File          *File               `yaml:"file,omitempty"`
	Process       *Process            `yaml:"process,omitempty"`
	Group         *Group              `yaml:"group,omitempty"`
	Command       *Command            `yaml:"command,omitempty"`
	Audit         *Audit              `yaml:"audit,omitempty"`
	Docker        *DockerResource     `yaml:"docker,omitempty"`
	KubeApiserver *KubernetesResource `yaml:"kubeApiserver,omitempty"`
	Condition     string              `yaml:"condition"`
}

Resource describes supported resource types observed by a Rule

func (*Resource) Kind ¶

func (r *Resource) Kind() ResourceKind

Kind returns ResourceKind of the resource

type ResourceKind ¶

type ResourceKind string

ResourceKind represents resource kind

type Rule ¶

type Rule struct {
	ID           string        `yaml:"id"`
	Scope        Scope         `yaml:"scope"`
	HostSelector *HostSelector `yaml:"hostSelector,omitempty"`
	Resources    []Resource    `yaml:"resources,omitempty"`
}

Rule defines a rule in a compliance config

type Scope ¶

type Scope struct {
	Docker            bool `yaml:"docker,omitempty"`
	KubernetesNode    bool `yaml:"kubernetesNode,omitempty"`
	KubernetesCluster bool `yaml:"kubernetesCluster,omitempty"`
}

Scope defines when a rule can be run based on observed properties of the environment

type ShellCmd ¶

type ShellCmd struct {
	Run   string     `yaml:"run"`
	Shell *BinaryCmd `yaml:"shell,omitempty"`
}

ShellCmd describes a command to be run through a shell

func (*ShellCmd) String ¶

func (c *ShellCmd) String() string

type Suite ¶

type Suite struct {
	Meta  SuiteMeta `yaml:",inline"`
	Rules []Rule    `yaml:"rules,omitempty"`
}

Suite represents a set of compliance checks reporting events

func ParseSuite ¶

func ParseSuite(config string) (*Suite, error)

ParseSuite loads a single compliance suite

type SuiteMeta ¶

type SuiteMeta struct {
	Name      string   `yaml:"name,omitempty"`
	Framework string   `yaml:"framework,omitempty"`
	Version   string   `yaml:"version,omitempty"`
	Tags      []string `yaml:"tags,omitempty"`
}

SuiteMeta contains metadata for a compliance suite

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
agent Package agent implements the Compliance Agent entrypoint	Package agent implements the Compliance Agent entrypoint
checks Package checks implements Compliance Agent checks	Package checks implements Compliance Agent checks
env
eval
event
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL