Documentation ¶
Overview ¶
Package checks implements Compliance Agent checks
Index ¶
- Variables
- type Builder
- type BuilderOption
- func MayFail(o BuilderOption) BuilderOption
- func WithAudit() BuilderOption
- func WithAuditClient(cli env.AuditClient) BuilderOption
- func WithDocker() BuilderOption
- func WithDockerClient(cli env.DockerClient) BuilderOption
- func WithHostRootMount(hostRootMount string) BuilderOption
- func WithHostname(hostname string) BuilderOption
- func WithInterval(interval time.Duration) BuilderOption
- func WithKubernetesClient(cli env.KubeClient) BuilderOption
- func WithMatchRule(matcher RuleMatcher) BuilderOption
- func WithMatchSuite(matcher SuiteMatcher) BuilderOption
- type RuleMatcher
- type SuiteMatcher
Constants ¶
This section is empty.
Variables ¶
var ErrGroupNotFound = errors.New("group not found")
ErrGroupNotFound is returned when a group cannot be found
var ErrInvalidIteration = errors.New("out of bounds iteration")
ErrInvalidIteration is returned when an invalid (out of bounds) iteration is performed
var ( // ErrResourceKindNotSupported is returned in case resource kind is not supported by evaluator ErrResourceKindNotSupported = errors.New("resource kind not supported") )
var ErrResourceNotSupported = errors.New("resource type not supported")
ErrResourceNotSupported is returned when resource type is not supported by Builder
var ErrRuleDoesNotApply = errors.New("rule does not apply to this environment")
ErrRuleDoesNotApply is returned when a rule cannot be applied to the current environment
var ErrRuleScopeNotSupported = errors.New("rule scope not supported")
ErrRuleScopeNotSupported is returned when resource scope is not supported
Functions ¶
This section is empty.
Types ¶
type Builder ¶
type Builder interface { ChecksFromFile(file string, onCheck compliance.CheckVisitor) error CheckFromRule(meta *compliance.SuiteMeta, rule *compliance.Rule) (check.Check, error) Close() error }
Builder defines an interface to build checks from rules
func NewBuilder ¶
func NewBuilder(reporter event.Reporter, options ...BuilderOption) (Builder, error)
NewBuilder constructs a check builder
type BuilderOption ¶
type BuilderOption func(*builder) error
BuilderOption defines a configuration option for the builder
func MayFail ¶
func MayFail(o BuilderOption) BuilderOption
MayFail configures a builder option to succeed on failures and logs an error
func WithAuditClient ¶
func WithAuditClient(cli env.AuditClient) BuilderOption
WithAuditClient configures using specific audit client
func WithDockerClient ¶
func WithDockerClient(cli env.DockerClient) BuilderOption
WithDockerClient configurs specific docker client
func WithHostRootMount ¶
func WithHostRootMount(hostRootMount string) BuilderOption
WithHostRootMount defines host root filesystem mount location
func WithHostname ¶
func WithHostname(hostname string) BuilderOption
WithHostname configures hostname used by checks
func WithInterval ¶
func WithInterval(interval time.Duration) BuilderOption
WithInterval configures default check interval
func WithKubernetesClient ¶
func WithKubernetesClient(cli env.KubeClient) BuilderOption
WithKubernetesClient allows specific Kubernetes client
func WithMatchRule ¶
func WithMatchRule(matcher RuleMatcher) BuilderOption
WithMatchRule configures builder to use a suite matcher
func WithMatchSuite ¶
func WithMatchSuite(matcher SuiteMatcher) BuilderOption
WithMatchSuite configures builder to use a suite matcher
type RuleMatcher ¶
type RuleMatcher func(*compliance.Rule) bool
RuleMatcher checks if a compliance rule is included
type SuiteMatcher ¶
type SuiteMatcher func(*compliance.SuiteMeta) bool
SuiteMatcher checks if a compliance suite is included
func IsFramework ¶
func IsFramework(framework string) SuiteMatcher
IsFramework matches a compliance suite by the name of the framework