observer

package

v0.0.0-...-47a937c Latest Latest Go to latest Published: Sep 6, 2021 License: Apache-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/IBM/integrity-shield

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func Contains(pattern []string, value string) bool
func LoadKeySecret(keySecertNamespace, keySecertName string) (string, error)
type ConstraintResult
type ConstraintSpec
type Kinds
type MatchCondition
type ObservationDetailResults
type Observer
- func NewObserver() *Observer
- func (self *Observer) Init() error
- func (self *Observer) Run()
type VerifyResultDetail
- func ObserveResources(resources []unstructured.Unstructured, signatureRef k8smnfconfig.SignatureRef, ...) []VerifyResultDetail

Constants ¶

View Source

const VerifyResourceIgnoreLabel = "integrityshield.io/verifyResourceIgnored"

View Source

const VerifyResourceViolationLabel = "integrityshield.io/verifyResourceViolation"

Variables ¶

This section is empty.

Functions ¶

func Contains ¶

func Contains(pattern []string, value string) bool

func LoadKeySecret ¶

func LoadKeySecret(keySecertNamespace, keySecertName string) (string, error)

Types ¶

type ConstraintResult ¶

type ConstraintResult struct {
	ConstraintName  string               `json:"constraintName"`
	Violation       bool                 `json:"violation"`
	TotalViolations int                  `json:"totalViolations"`
	Results         []VerifyResultDetail `json:"results"`
}

type ConstraintSpec ¶

type ConstraintSpec struct {
	Match      MatchCondition               `json:"match,omitempty"`
	Parameters k8smnfconfig.ParameterObject `json:"parameters,omitempty"`
}

type Kinds ¶

type Kinds struct {
	Kinds     []string `json:"kinds,omitempty"`
	ApiGroups []string `json:"apiGroups,omitempty"`
}

type MatchCondition ¶

type MatchCondition struct {
	Kinds              []Kinds               `json:"kinds,omitempty"`
	Namespaces         []string              `json:"namespaces,omitempty"`
	ExcludedNamespaces []string              `json:"excludedNamespaces,omitempty"`
	LabelSelector      *metav1.LabelSelector `json:"labelSelector,omitempty"`
	NamespaceSelector  *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
}

type ObservationDetailResults ¶

type ObservationDetailResults struct {
	ConstraintResults []ConstraintResult `json:"constraintResults"`
}

type Observer ¶

type Observer struct {
	APIResources []groupResource
	// contains filtered or unexported fields
}

func NewObserver ¶

func NewObserver() *Observer

func (*Observer) Init ¶

func (self *Observer) Init() error

func (*Observer) Run ¶

func (self *Observer) Run()

type VerifyResultDetail ¶

type VerifyResultDetail struct {
	Time                 string                            `json:"time"`
	Namespace            string                            `json:"namespace"`
	Name                 string                            `json:"name"`
	Kind                 string                            `json:"kind"`
	ApiGroup             string                            `json:"apiGroup"`
	ApiVersion           string                            `json:"apiVersion"`
	Error                bool                              `json:"error"`
	Message              string                            `json:"message"`
	Violation            bool                              `json:"violation"`
	VerifyResourceResult *k8smanifest.VerifyResourceResult `json:"verifyResourceResult"`
}

Observer Result Detail

func ObserveResources ¶

func ObserveResources(resources []unstructured.Unstructured, signatureRef k8smnfconfig.SignatureRef, ignoreFields k8smanifest.ObjectFieldBindingList, secrets []k8smnfconfig.KeyConfig) []VerifyResultDetail

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL