Version: v0.10.3 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: May 14, 2021 License: Apache-2.0 Imports: 20 Imported by: 0



The configauditreport package provides primitives for working with Kubernetes workload configuration checkers.



This section is empty.


This section is empty.


func GetScanJobName added in v0.10.2

func GetScanJobName(obj client.Object) string


type Plugin added in v0.9.0

type Plugin interface {

	// GetScanJobSpec describes the pod that will be created by Starboard when
	// it schedules a Kubernetes job to scan the specified workload client.Object.
	// The plugin might return zero to many v1.Secret objects which will be
	// created by Starboard and associated with the scan job.
	GetScanJobSpec(ctx starboard.PluginContext, obj client.Object) (corev1.PodSpec, []*corev1.Secret, error)

	// ParseConfigAuditReportData is a callback to parse and convert logs of
	// the container in a pod controlled by the scan job to v1alpha1.ConfigAuditResult.
	ParseConfigAuditReportData(logsReader io.ReadCloser) (v1alpha1.ConfigAuditResult, error)

	// GetContainerName returns the name of the container in a pod created by a scan job
	// to read logs from.
	GetContainerName() string

	// GetConfigHash returns hash of the plugin's configuration settings. The computed hash
	// is used to invalidate v1alpha1.ConfigAuditReport object whenever configuration changes.
	GetConfigHash(ctx starboard.PluginContext) (string, error)

Plugin defines the interface between Starboard and Kubernetes workload configuration checkers / linters / sanitizers. Not a final version, rather first step to separate generic workloads discovery code and Polaris implementation details.

type ReadWriter

type ReadWriter interface {

func NewReadWriter

func NewReadWriter(client client.Client) ReadWriter

NewReadWriter constructs a new ReadWriter which is using the client package provided by the controller-runtime libraries for interacting with the Kubernetes API server.

type Reader

type Reader interface {
	FindByOwner(ctx context.Context, owner kube.Object) (*v1alpha1.ConfigAuditReport, error)
	FindByOwnerInHierarchy(ctx context.Context, owner kube.Object) (*v1alpha1.ConfigAuditReport, error)

Reader is the interface that wraps methods for finding v1alpha1.ConfigAuditReport objects.

FindByOwner returns a v1alpha1.ConfigAuditReport owned by the given kube.Object or nil if the report is not found.

FindByOwnerInHierarchy is similar to FindByOwner except that it tries to lookup a v1alpha1.ConfigAuditReport object owned by related Kubernetes objects. For example, if the given owner is a Deployment, but a report is owned by the active ReplicaSet (current revision) this method will return the report.

type ReportBuilder added in v0.10.2

type ReportBuilder struct {
	// contains filtered or unexported fields

func NewReportBuilder added in v0.10.2

func NewReportBuilder(scheme *runtime.Scheme) *ReportBuilder

func (*ReportBuilder) Controller added in v0.10.2

func (b *ReportBuilder) Controller(controller metav1.Object) *ReportBuilder

func (*ReportBuilder) Data added in v0.10.2

func (*ReportBuilder) Get added in v0.10.2

func (*ReportBuilder) PluginConfigHash added in v0.10.2

func (b *ReportBuilder) PluginConfigHash(hash string) *ReportBuilder

func (*ReportBuilder) PodSpecHash added in v0.10.2

func (b *ReportBuilder) PodSpecHash(hash string) *ReportBuilder

type ScanJobBuilder added in v0.10.2

type ScanJobBuilder struct {
	// contains filtered or unexported fields

func NewScanJob added in v0.10.2

func NewScanJob() *ScanJobBuilder

func (*ScanJobBuilder) Get added in v0.10.2

func (s *ScanJobBuilder) Get() (*batchv1.Job, []*corev1.Secret, error)

func (*ScanJobBuilder) WithObject added in v0.10.2

func (s *ScanJobBuilder) WithObject(object client.Object) *ScanJobBuilder

func (*ScanJobBuilder) WithPlugin added in v0.10.2

func (s *ScanJobBuilder) WithPlugin(plugin Plugin) *ScanJobBuilder

func (*ScanJobBuilder) WithPluginContext added in v0.10.2

func (s *ScanJobBuilder) WithPluginContext(pluginContext starboard.PluginContext) *ScanJobBuilder

func (*ScanJobBuilder) WithTimeout added in v0.10.2

func (s *ScanJobBuilder) WithTimeout(timeout time.Duration) *ScanJobBuilder

type Scanner added in v0.9.0

type Scanner struct {
	// contains filtered or unexported fields

func NewScanner added in v0.9.0

func NewScanner(
	clientset kubernetes.Interface,
	client client.Client,
	opts kube.ScannerOpts,
	plugin Plugin,
	pluginContext starboard.PluginContext,
) *Scanner

func (*Scanner) Scan added in v0.9.0

func (s *Scanner) Scan(ctx context.Context, workload kube.Object) (v1alpha1.ConfigAuditReport, error)

type Writer

type Writer interface {
	Write(ctx context.Context, report v1alpha1.ConfigAuditReport) error

Writer is the interface that wraps the basic Write method.

Write creates or updates the given v1alpha1.ConfigAuditReport instance.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL