Documentation
¶
Index ¶
- Constants
- Variables
- func GetCategoryList() []string
- func GetNotifications() map[string]Notifier
- func GetPolicyAccessToken() string
- func GetPolicyBasePath() string
- func GetPolicyBranch() string
- func GetPolicyEnvironment() string
- func GetPolicyRepoPath() string
- func GetPolicyRepoURL() string
- func GetScanRules() []string
- func GetSeverityLevel() string
- func GetSkipRules() []string
- func LoadGlobalConfig(configFile string) error
- type Category
- type K8sAdmissionControl
- type Notifier
- type Policy
- type Rules
- type Severity
- type TerrascanConfig
- type TerrascanConfigReader
Constants ¶
const ConfigEnvvarName = "TERRASCAN_CONFIG"
ConfigEnvvarName env variable
Variables ¶
var ( // ErrTomlLoadConfig indicates error: Failed to load toml config ErrTomlLoadConfig = fmt.Errorf("failed to load toml config") // ErrNotPresent indicates error: Config file not present ErrNotPresent = fmt.Errorf("config file not present") )
Functions ¶
func GetCategoryList ¶ added in v1.5.0
func GetCategoryList() []string
GetCategoryList returns the configured list of category of violations
func GetNotifications ¶ added in v1.5.0
GetNotifications returns the configured notifier map
func GetPolicyAccessToken ¶ added in v1.14.0
func GetPolicyAccessToken() string
GetPolicyAccessToken returns the configured policy access token
func GetPolicyBasePath ¶
func GetPolicyBasePath() string
GetPolicyBasePath returns the configured policy base path
func GetPolicyBranch ¶
func GetPolicyBranch() string
GetPolicyBranch returns the configured policy repo url
func GetPolicyEnvironment ¶ added in v1.14.0
func GetPolicyEnvironment() string
GetPolicyEnvironment returns the configured policy environment url
func GetPolicyRepoPath ¶
func GetPolicyRepoPath() string
GetPolicyRepoPath return the configured path to the policies repo locally downloaded
func GetPolicyRepoURL ¶
func GetPolicyRepoURL() string
GetPolicyRepoURL returns the configured policy repo url
func GetScanRules ¶ added in v1.5.0
func GetScanRules() []string
GetScanRules returns the configured scan rules
func GetSeverityLevel ¶ added in v1.5.0
func GetSeverityLevel() string
GetSeverityLevel returns the configured severity level
func GetSkipRules ¶ added in v1.5.0
func GetSkipRules() []string
GetSkipRules returns the configured skips rules
func LoadGlobalConfig ¶ added in v1.2.0
LoadGlobalConfig loads policy configuration from specified configFile into var Global.Policy. Members of Global.Policy that are not specified in configFile will get default values
Types ¶
type Category ¶ added in v1.5.0
type Category struct {
List []string `toml:"list" yaml:"list"`
}
Category defines the categories of violations that you want to be reported
type K8sAdmissionControl ¶ added in v1.5.0
type K8sAdmissionControl struct {
Dashboard bool `toml:"dashboard,omitempty" yaml:"dashboard,omitempty"`
DeniedSeverity string `toml:"denied-severity,omitempty" yaml:"denied-severity,omitempty"`
Categories []string `toml:"denied-categories,omitempty" yaml:"denied-categories,omitempty"`
SaveRequests bool `toml:"save-requests,omitempty" yaml:"save-requests,omitempty"`
}
K8sAdmissionControl deny rules in the terrascan config file
func GetK8sAdmissionControl ¶ added in v1.5.0
func GetK8sAdmissionControl() K8sAdmissionControl
GetK8sAdmissionControl returns kubernetes admission control configuration
type Notifier ¶ added in v1.3.0
type Notifier struct {
NotifierType string `toml:"type" yaml:"type"`
NotifierConfig interface{} `toml:"config" yaml:"config"`
}
Notifier represent a single notification in the terrascan config file
type Policy ¶ added in v1.3.0
type Policy struct {
// policy repo local path
BasePath string `toml:"path,omitempty" yaml:"path,omitempty"`
// local filepath where repository containing policies is cached at
RepoPath string `toml:"rego_subdir,omitempty" yaml:"rego_subdir,omitempty"`
// policy git url and branch
RepoURL string `toml:"repo_url,omitempty" yaml:"repo_url,omitempty"`
Branch string `toml:"branch,omitempty" yaml:"branch,omitempty"`
// policy environment and access token
Environment string `toml:"environment,omitempty" yaml:"environment,omitempty"`
AccessToken string `toml:"access_token,omitempty" yaml:"access_token,omitempty"`
}
Policy struct defines policy specific configurations
type Rules ¶ added in v1.3.0
type Rules struct {
ScanRules []string `toml:"scan-rules,omitempty" yaml:"scan-rules,omitempty"`
SkipRules []string `toml:"skip-rules,omitempty" yaml:"skip-rules,omitempty"`
}
Rules represents scan and skip rules in the terrascan config file
type Severity ¶ added in v1.4.0
type Severity struct {
Level string `toml:"level" yaml:"level"`
}
Severity defines the minimum level of severity of violations that you want to be reported
type TerrascanConfig ¶ added in v1.3.0
type TerrascanConfig struct {
Policy `toml:"policy,omitempty" yaml:"policy,omitempty"`
Notifications map[string]Notifier `toml:"notifications,omitempty" yaml:"notifications,omitempty"`
Rules `toml:"rules,omitempty" yaml:"rules,omitempty"`
Category `toml:"category,omitempty" yaml:"category,omitempty"`
Severity `toml:"severity,omitempty" yaml:"severity,omitempty"`
K8sAdmissionControl `toml:"k8s-admission-control,omitempty" yaml:"k8s-admission-control,omitempty"`
}
TerrascanConfig struct defines global variables/configurations across terrascan
type TerrascanConfigReader ¶ added in v1.3.0
type TerrascanConfigReader struct {
// contains filtered or unexported fields
}
TerrascanConfigReader holds the terrascan config file name
func NewTerrascanConfigReader ¶ added in v1.3.0
func NewTerrascanConfigReader(fileName string) (*TerrascanConfigReader, error)
NewTerrascanConfigReader initialises and returns a config reader
func (TerrascanConfigReader) GetK8sAdmissionControl ¶ added in v1.5.0
func (r TerrascanConfigReader) GetK8sAdmissionControl() K8sAdmissionControl
GetK8sAdmissionControl will return the k8s deny rules specified in the terrascan config file
Source Files