crowdsec

package
v0.0.0-...-0732b9d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 16, 2025 License: MIT Imports: 29 Imported by: 0

Documentation

Overview

Package crowdsec provides integration with CrowdSec for security decisions and remediation.

Package crowdsec provides integration with CrowdSec for security decisions and remediation.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrCacheMiss    = errors.New("cache miss")
	ErrCacheExpired = errors.New("cache expired")
)

Functions

func CheckLAPIHealth 

func CheckLAPIHealth(lapiURL string) bool

CheckLAPIHealth verifies CrowdSec LAPI is responding.

func EnsureBouncerRegistered 

func EnsureBouncerRegistered(ctx context.Context, lapiURL string) (string, error)

EnsureBouncerRegistered checks if a caddy bouncer is registered with CrowdSec LAPI. If not registered and cscli is available, it will attempt to register one. Returns the API key for the bouncer (from env var or newly registered).

func GetLAPIVersion 

func GetLAPIVersion(ctx context.Context, lapiURL string) (string, error)

GetLAPIVersion retrieves the CrowdSec LAPI version.

Types

type ApplyResult 

type ApplyResult struct {
	Status        string `json:"status"`
	BackupPath    string `json:"backup_path"`
	ReloadHint    bool   `json:"reload_hint"`
	UsedCSCLI     bool   `json:"used_cscli"`
	CacheKey      string `json:"cache_key"`
	ErrorMessage  string `json:"error,omitempty"`
	AppliedPreset string `json:"slug"`
}

ApplyResult captures the outcome of an apply attempt.

type BouncerRegistration 

type BouncerRegistration struct {
	Name      string    `json:"name"`
	APIKey    string    `json:"api_key"`
	IPAddress string    `json:"ip_address,omitempty"`
	Valid     bool      `json:"valid"`
	CreatedAt time.Time `json:"created_at,omitempty"`
}

BouncerRegistration holds information about a registered bouncer.

type CachedPreset 

type CachedPreset struct {
	Slug        string    `json:"slug"`
	CacheKey    string    `json:"cache_key"`
	Etag        string    `json:"etag"`
	Source      string    `json:"source"`
	RetrievedAt time.Time `json:"retrieved_at"`
	PreviewPath string    `json:"preview_path"`
	ArchivePath string    `json:"archive_path"`
	SizeBytes   int64     `json:"size_bytes"`
}

CachedPreset captures metadata about a pulled preset bundle.

type CommandExecutor 

type CommandExecutor interface {
	Execute(ctx context.Context, name string, args ...string) ([]byte, error)
}

CommandExecutor defines the minimal command execution interface we need for cscli calls.

type ConsoleEnrollRequest 

type ConsoleEnrollRequest struct {
	EnrollmentKey string
	Tenant        string
	AgentName     string
	Force         bool
}

ConsoleEnrollRequest captures enrollment input.

type ConsoleEnrollmentService 

type ConsoleEnrollmentService struct {
	// contains filtered or unexported fields
}

ConsoleEnrollmentService manages console enrollment lifecycle and persistence.

func NewConsoleEnrollmentService 

func NewConsoleEnrollmentService(db *gorm.DB, executor EnvCommandExecutor, dataDir, secret string) *ConsoleEnrollmentService

NewConsoleEnrollmentService constructs a service using the supplied secret material for encryption.

func (*ConsoleEnrollmentService) ClearEnrollment 

func (s *ConsoleEnrollmentService) ClearEnrollment(ctx context.Context) error

ClearEnrollment resets the enrollment state to allow fresh enrollment. This does NOT unenroll from crowdsec.net - that must be done manually on the console.

func (*ConsoleEnrollmentService) Enroll 

func (s *ConsoleEnrollmentService) Enroll(ctx context.Context, req ConsoleEnrollRequest) (ConsoleEnrollmentStatus, error)

Enroll performs an enrollment attempt. It is idempotent when already enrolled unless Force is set.

func (*ConsoleEnrollmentService) Status 

func (s *ConsoleEnrollmentService) Status(ctx context.Context) (ConsoleEnrollmentStatus, error)

Status returns the current enrollment state.

type ConsoleEnrollmentStatus 

type ConsoleEnrollmentStatus struct {
	Status          string     `json:"status"`
	Tenant          string     `json:"tenant"`
	AgentName       string     `json:"agent_name"`
	LastError       string     `json:"last_error,omitempty"`
	LastAttemptAt   *time.Time `json:"last_attempt_at,omitempty"`
	EnrolledAt      *time.Time `json:"enrolled_at,omitempty"`
	LastHeartbeatAt *time.Time `json:"last_heartbeat_at,omitempty"`
	KeyPresent      bool       `json:"key_present"`
	CorrelationID   string     `json:"correlation_id,omitempty"`
}

ConsoleEnrollmentStatus is the safe, redacted status view.

type EnvCommandExecutor 

type EnvCommandExecutor interface {
	ExecuteWithEnv(ctx context.Context, name string, args []string, env map[string]string) ([]byte, error)
}

EnvCommandExecutor executes commands with optional environment overrides.

type HubCache 

type HubCache struct {
	// contains filtered or unexported fields
}

HubCache persists pulled bundles on disk with TTL-based eviction.

func NewHubCache 

func NewHubCache(baseDir string, ttl time.Duration) (*HubCache, error)

NewHubCache constructs a cache rooted at baseDir with the provided TTL.

func (*HubCache) Evict 

func (c *HubCache) Evict(ctx context.Context, slug string) error

Evict removes cached data for the given slug.

func (*HubCache) Exists 

func (c *HubCache) Exists(ctx context.Context, slug string) bool

Exists returns true when a non-expired cache entry is present.

func (*HubCache) List 

func (c *HubCache) List(ctx context.Context) ([]CachedPreset, error)

List returns cached presets that have not expired.

func (*HubCache) Load 

func (c *HubCache) Load(ctx context.Context, slug string) (CachedPreset, error)

Load returns cached preset metadata, enforcing TTL.

func (*HubCache) LoadPreview 

func (c *HubCache) LoadPreview(ctx context.Context, slug string) (string, error)

LoadPreview returns the preview contents for a cached preset.

func (*HubCache) Size 

func (c *HubCache) Size(ctx context.Context) int64

Size returns aggregated size of cached archives (best effort).

func (*HubCache) Store 

func (c *HubCache) Store(ctx context.Context, slug, etag, source, preview string, archive []byte) (CachedPreset, error)

Store writes the bundle archive and preview to disk and returns the cache metadata.

func (*HubCache) TTL 

func (c *HubCache) TTL() time.Duration

TTL returns the configured time-to-live for cached entries.

func (*HubCache) Touch 

func (c *HubCache) Touch(ctx context.Context, slug string) error

Touch updates the timestamp to extend TTL; noop when missing.

type HubIndex 

type HubIndex struct {
	Items []HubIndexEntry `json:"items"`
}

HubIndex is a small wrapper for hub listing payloads.

type HubIndexEntry 

type HubIndexEntry struct {
	Name        string `json:"name"`
	Title       string `json:"title"`
	Version     string `json:"version"`
	Type        string `json:"type"`
	Description string `json:"description"`
	Etag        string `json:"etag"`
	DownloadURL string `json:"download_url"`
	PreviewURL  string `json:"preview_url"`
}

HubIndexEntry represents a single hub catalog entry.

type HubService 

type HubService struct {
	Exec          CommandExecutor
	Cache         *HubCache
	DataDir       string
	HTTPClient    *http.Client
	HubBaseURL    string
	MirrorBaseURL string
	PullTimeout   time.Duration
	ApplyTimeout  time.Duration
}

HubService coordinates hub pulls, caching, and apply operations.

func NewHubService 

func NewHubService(exec CommandExecutor, cache *HubCache, dataDir string) *HubService

NewHubService constructs a HubService with sane defaults.

func (*HubService) Apply 

func (s *HubService) Apply(ctx context.Context, slug string) (ApplyResult, error)

Apply installs the preset, preferring cscli when available. Falls back to manual extraction.

func (*HubService) FetchIndex 

func (s *HubService) FetchIndex(ctx context.Context) (HubIndex, error)

FetchIndex downloads the hub index. If the hub is unreachable, returns ErrCacheMiss.

func (*HubService) Pull 

func (s *HubService) Pull(ctx context.Context, slug string) (PullResult, error)

Pull downloads a preset bundle, validates it, and stores it in cache.

type LAPIHealthResponse 

type LAPIHealthResponse struct {
	Message string `json:"message,omitempty"`
	Version string `json:"version,omitempty"`
}

LAPIHealthResponse represents the health check response from CrowdSec LAPI.

type Preset 

type Preset struct {
	Slug        string   `json:"slug"`
	Title       string   `json:"title"`
	Summary     string   `json:"summary"`
	Source      string   `json:"source"`
	Tags        []string `json:"tags,omitempty"`
	RequiresHub bool     `json:"requires_hub"`
}

Preset represents a curated CrowdSec preset offered by Charon.

func FindPreset 

func FindPreset(slug string) (Preset, bool)

FindPreset returns a preset by slug.

func ListCuratedPresets 

func ListCuratedPresets() []Preset

ListCuratedPresets returns a copy of curated presets to avoid external mutation.

type PullResult 

type PullResult struct {
	Meta    CachedPreset
	Preview string
}

PullResult bundles the pull metadata, preview text, and cache entry.

type SecureCommandExecutor 

type SecureCommandExecutor struct{}

SecureCommandExecutor is the production executor that avoids leaking args by passing secrets via env.

func (*SecureCommandExecutor) ExecuteWithEnv 

func (r *SecureCommandExecutor) ExecuteWithEnv(ctx context.Context, name string, args []string, env map[string]string) ([]byte, error)

ExecuteWithEnv runs the command with provided env merged onto the current environment.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.