Documentation ¶
Index ¶
- Constants
- Variables
- func AdoptClusterName(clusterName string) string
- func ConfigFileFullPath() string
- func ConvertLabelsToString(labels map[string]string) string
- func ConvertStringToLabels(labelsStr string) map[string]string
- func DeleteConfigFile() error
- func GetValueFromConfigJson(key string) (string, error)
- func IsFile(name string) bool
- func IsJson(filePath string) bool
- func IsYaml(filePath string) bool
- func LoadResourcesFromFiles(inputPatterns []string) (map[string][]workloadinterface.IMetadata, error)
- func MapArmoResource(armoResourceMap *ArmoResources, resources []string) []string
- func MapCloudResources(armoResourceMap *ArmoResources) []string
- func MapHostResources(armoResourceMap *ArmoResources) []string
- func MapImageVulnResources(armoResourceMap *ArmoResources) []string
- func PrettyJson(data interface{}) ([]byte, error)
- func ReadFile(fileContent []byte, fileFromat FileFormat) ([]workloadinterface.IMetadata, []error)
- func ReportV2ToV1(opaSessionObj *OPASessionObj)
- func SetInfoMapForResources(info string, resources []string, errorMap map[string]apis.StatusInfo)
- func StartSpinner()
- func StopSpinner()
- func StringInSlice(strSlice []string, str string) int
- type ArmoResources
- type BoolPtrFlag
- type ClusterConfig
- func (c *ClusterConfig) DeleteCachedConfig() error
- func (c *ClusterConfig) GetAccountID() string
- func (c *ClusterConfig) GetClusterName() string
- func (c *ClusterConfig) GetConfigObj() *ConfigObj
- func (c *ClusterConfig) GetDefaultNS() string
- func (c *ClusterConfig) GetValueByKeyFromConfigMap(key string) (string, error)
- func (c *ClusterConfig) IsConfigFound() bool
- func (clusterConfig *ClusterConfig) IsRegistered() bool
- func (clusterConfig *ClusterConfig) IsSubmitted() bool
- func (c *ClusterConfig) SetKeyValueInConfigmap(key string, value string) error
- func (c *ClusterConfig) SetTenant() error
- func (c *ClusterConfig) ToMapString() map[string]interface{}
- func (c *ClusterConfig) UpdateCachedConfig() error
- type ComponentConfig
- type ConfigObj
- type Exception
- type FileFormat
- type Getters
- type ITenantConfig
- type IVersionCheckHandler
- type K8SResources
- type LocalConfig
- func (lc *LocalConfig) DeleteCachedConfig() error
- func (lc *LocalConfig) GetAccountID() string
- func (lc *LocalConfig) GetClusterName() string
- func (lc *LocalConfig) GetConfigObj() *ConfigObj
- func (lc *LocalConfig) IsConfigFound() bool
- func (lc *LocalConfig) SetTenant() error
- func (lc *LocalConfig) UpdateCachedConfig() error
- type OPASessionObj
- type Policies
- type RBACObjects
- type RegoInputData
- type RootInfo
- type ScanInfo
- type VersionCheckHandler
- type VersionCheckHandlerMock
- type VersionCheckRequest
- type VersionCheckResponse
Constants ¶
const ( ScanCluster string = "cluster" ScanLocalFiles string = "yaml" )
const SKIP_VERSION_CHECK = "KS_SKIP_UPDATE_CHECK"
const SKIP_VERSION_CHECK_DEPRECATED = "KUBESCAPE_SKIP_UPDATE_CHECK"
const UnknownBuildNumber = "unknown"
const ValueNotFound = -1
Variables ¶
var ( CustomerGUID = "" ClusterName = "" )
CA environment vars
var ( YAML_PREFIX = []string{".yaml", ".yml"} JSON_PREFIX = []string{".json"} )
var ( ImageVulnResources = []string{"ImageVulnerabilities"} HostSensorResources = []string{"KubeletConfiguration", "KubeletCommandLine", "OsReleaseFile", "KernelVersion", "LinuxSecurityHardeningStatus", "OpenPortsList", "LinuxKernelVariables"} CloudResources = []string{"ClusterDescribe"} )
var BuildNumber string
var InfoTextDisplay = color.New(color.Bold, color.FgHiYellow).FprintfFunc()
var SimpleDisplay = color.New().FprintfFunc()
var WarningDisplay = color.New(color.Bold, color.FgHiYellow).FprintfFunc()
Functions ¶
func AdoptClusterName ¶
func ConfigFileFullPath ¶
func ConfigFileFullPath() string
func ConvertLabelsToString ¶
func ConvertStringToLabels ¶
ConvertStringToLabels convert a string "a=b;c=d" to map: {"a":"b", "c":"d"}
func DeleteConfigFile ¶
func DeleteConfigFile() error
func GetValueFromConfigJson ¶
func LoadResourcesFromFiles ¶
func LoadResourcesFromFiles(inputPatterns []string) (map[string][]workloadinterface.IMetadata, error)
func MapArmoResource ¶
func MapArmoResource(armoResourceMap *ArmoResources, resources []string) []string
func MapCloudResources ¶
func MapCloudResources(armoResourceMap *ArmoResources) []string
func MapHostResources ¶
func MapHostResources(armoResourceMap *ArmoResources) []string
func MapImageVulnResources ¶
func MapImageVulnResources(armoResourceMap *ArmoResources) []string
func PrettyJson ¶
func ReadFile ¶
func ReadFile(fileContent []byte, fileFromat FileFormat) ([]workloadinterface.IMetadata, []error)
func ReportV2ToV1 ¶
func ReportV2ToV1(opaSessionObj *OPASessionObj)
func SetInfoMapForResources ¶
func SetInfoMapForResources(info string, resources []string, errorMap map[string]apis.StatusInfo)
func StartSpinner ¶
func StartSpinner()
func StopSpinner ¶
func StopSpinner()
func StringInSlice ¶
Types ¶
type ArmoResources ¶
type BoolPtrFlag ¶
type BoolPtrFlag struct {
// contains filtered or unexported fields
}
func (*BoolPtrFlag) Get ¶
func (bpf *BoolPtrFlag) Get() *bool
func (*BoolPtrFlag) GetBool ¶
func (bpf *BoolPtrFlag) GetBool() bool
func (*BoolPtrFlag) Set ¶
func (bpf *BoolPtrFlag) Set(val string) error
func (*BoolPtrFlag) SetBool ¶
func (bpf *BoolPtrFlag) SetBool(val bool)
func (*BoolPtrFlag) String ¶
func (bpf *BoolPtrFlag) String() string
func (*BoolPtrFlag) Type ¶
func (bpf *BoolPtrFlag) Type() string
type ClusterConfig ¶
type ClusterConfig struct {
// contains filtered or unexported fields
}
ClusterConfig configuration of specific cluster
Supported environments variables: KS_DEFAULT_CONFIGMAP_NAME // name of configmap, if not set default is 'kubescape' KS_DEFAULT_CONFIGMAP_NAMESPACE // configmap namespace, if not set default is 'default'
KS_ACCOUNT_ID KS_CLIENT_ID KS_SECRET_KEY
TODO - supprot: KS_CACHE // path to cached files
func NewClusterConfig ¶
func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, customerGUID, clusterName string) *ClusterConfig
func (*ClusterConfig) DeleteCachedConfig ¶
func (c *ClusterConfig) DeleteCachedConfig() error
func (*ClusterConfig) GetAccountID ¶
func (c *ClusterConfig) GetAccountID() string
func (*ClusterConfig) GetClusterName ¶
func (c *ClusterConfig) GetClusterName() string
func (*ClusterConfig) GetConfigObj ¶
func (c *ClusterConfig) GetConfigObj() *ConfigObj
func (*ClusterConfig) GetDefaultNS ¶
func (c *ClusterConfig) GetDefaultNS() string
func (*ClusterConfig) GetValueByKeyFromConfigMap ¶
func (c *ClusterConfig) GetValueByKeyFromConfigMap(key string) (string, error)
func (*ClusterConfig) IsConfigFound ¶
func (c *ClusterConfig) IsConfigFound() bool
func (*ClusterConfig) IsRegistered ¶
func (clusterConfig *ClusterConfig) IsRegistered() bool
Check if the customer is registered
func (*ClusterConfig) IsSubmitted ¶
func (clusterConfig *ClusterConfig) IsSubmitted() bool
Check if the customer is submitted
func (*ClusterConfig) SetKeyValueInConfigmap ¶
func (c *ClusterConfig) SetKeyValueInConfigmap(key string, value string) error
func (*ClusterConfig) SetTenant ¶
func (c *ClusterConfig) SetTenant() error
func (*ClusterConfig) ToMapString ¶
func (c *ClusterConfig) ToMapString() map[string]interface{}
func (*ClusterConfig) UpdateCachedConfig ¶
func (c *ClusterConfig) UpdateCachedConfig() error
type ComponentConfig ¶
type ComponentConfig struct {
Exceptions Exception `json:"exceptions"`
}
type ConfigObj ¶
type ConfigObj struct { AccountID string `json:"accountID,omitempty"` ClientID string `json:"clientID,omitempty"` SecretKey string `json:"secretKey,omitempty"` CustomerGUID string `json:"customerGUID,omitempty"` // Deprecated Token string `json:"invitationParam,omitempty"` CustomerAdminEMail string `json:"adminMail,omitempty"` ClusterName string `json:"clusterName,omitempty"` }
type Exception ¶
type Exception struct { Ignore *bool `json:"ignore"` // ignore test results MultipleScore *reporthandling.AlertScore `json:"multipleScore"` // MultipleScore number - float32 Namespaces []string `json:"namespaces"` Regex string `json:"regex"` // not supported }
type FileFormat ¶
type FileFormat string
const ( YAML_FILE_FORMAT FileFormat = "yaml" JSON_FILE_FORMAT FileFormat = "json" )
func GetFileFormat ¶
func GetFileFormat(filePath string) FileFormat
type Getters ¶
type Getters struct { ExceptionsGetter getter.IExceptionsGetter ControlsInputsGetter getter.IControlsInputsGetter PolicyGetter getter.IPolicyGetter }
type ITenantConfig ¶
type ITenantConfig interface { // set SetTenant() error UpdateCachedConfig() error DeleteCachedConfig() error // getters GetClusterName() string GetAccountID() string GetConfigObj() *ConfigObj IsConfigFound() bool }
====================================================================================== =============================== interface ============================================ ======================================================================================
type IVersionCheckHandler ¶
type IVersionCheckHandler interface {
CheckLatestVersion(*VersionCheckRequest) error
}
func NewIVersionCheckHandler ¶
func NewIVersionCheckHandler() IVersionCheckHandler
type K8SResources ¶
K8SResources map[<api group>/<api version>/<resource>][]<resourceID>
type LocalConfig ¶
type LocalConfig struct {
// contains filtered or unexported fields
}
====================================================================================== ============================ Local Config ============================================ ====================================================================================== Config when scanning YAML files or URL but not a Kubernetes cluster
func NewLocalConfig ¶
func NewLocalConfig( backendAPI getter.IBackend, customerGUID, clusterName string) *LocalConfig
func (*LocalConfig) DeleteCachedConfig ¶
func (lc *LocalConfig) DeleteCachedConfig() error
func (*LocalConfig) GetAccountID ¶
func (lc *LocalConfig) GetAccountID() string
func (*LocalConfig) GetClusterName ¶
func (lc *LocalConfig) GetClusterName() string
func (*LocalConfig) GetConfigObj ¶
func (lc *LocalConfig) GetConfigObj() *ConfigObj
func (*LocalConfig) IsConfigFound ¶
func (lc *LocalConfig) IsConfigFound() bool
func (*LocalConfig) SetTenant ¶
func (lc *LocalConfig) SetTenant() error
func (*LocalConfig) UpdateCachedConfig ¶
func (lc *LocalConfig) UpdateCachedConfig() error
type OPASessionObj ¶
type OPASessionObj struct { K8SResources *K8SResources // input k8s objects ArmoResource *ArmoResources // input ARMO objects Policies []reporthandling.Framework // list of frameworks to scan AllResources map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource> ResourcesResult map[string]resourcesresults.Result // resources scan results, map[<rtesource ID>]<resource result> ResourceSource map[string]string // resources sources, map[<rtesource ID>]<resource result> PostureReport *reporthandling.PostureReport // scan results v1 - Remove Report *reporthandlingv2.PostureReport // scan results v2 - Remove Exceptions []armotypes.PostureExceptionPolicy // list of exceptions to apply on scan results RegoInputData RegoInputData // input passed to rgo for scanning. map[<control name>][<input arguments>] Metadata *reporthandlingv2.Metadata InfoMap map[string]apis.StatusInfo // Map errors of resources to StatusInfo ResourceToControlsMap map[string][]string // map[<apigroup/apiversion/resource>] = [<control_IDs>] SessionID string // SessionID }
func NewOPASessionObj ¶
func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources, scanInfo *ScanInfo) *OPASessionObj
func NewOPASessionObjMock ¶
func NewOPASessionObjMock() *OPASessionObj
type Policies ¶
type Policies struct { Frameworks []string Controls map[string]reporthandling.Control // map[<control ID>]<control> }
func NewPolicies ¶
func NewPolicies() *Policies
type RBACObjects ¶
type RBACObjects struct {
// contains filtered or unexported fields
}
func NewRBACObjects ¶
func NewRBACObjects(scanner *rbacscanner.RbacScannerFromK8sAPI) *RBACObjects
func (*RBACObjects) ListAllResources ¶
func (rbacObjects *RBACObjects) ListAllResources() (map[string]workloadinterface.IMetadata, error)
func (*RBACObjects) SetResourcesReport ¶
func (rbacObjects *RBACObjects) SetResourcesReport() (*reporthandling.PostureReport, error)
type RegoInputData ¶
type ScanInfo ¶
type ScanInfo struct { Getters // TODO - remove from object PolicyIdentifier []reporthandling.PolicyIdentifier // TODO - remove from object UseExceptions string // Load file with exceptions configuration ControlsInputs string // Load file with inputs for controls UseFrom []string // Load framework from local file (instead of download). Use when running offline UseDefault bool // Load framework from cached file (instead of download). Use when running offline UseArtifactsFrom string // Load artifacts from local path. Use when running offline VerboseMode bool // Display all of the input resources and not only failed resources Format string // Format results (table, json, junit ...) Output string // Store results in an output file, Output file name FormatVersion string // Output object can be differnet between versions, this is for testing and backward compatibility ExcludedNamespaces string // used for host scanner namespace IncludeNamespaces string // DEPRECATED? InputPatterns []string // Yaml files input patterns Silent bool // Silent mode - Do not print progress logs FailThreshold float32 // Failure score threshold Submit bool // Submit results to Armo BE ScanID string // Report id of the current scan HostSensorEnabled BoolPtrFlag // Deploy ARMO K8s host scanner to collect data from certain controls HostSensorYamlPath string // Path to hostsensor file Local bool // Do not submit results Account string // account ID KubeContext string // context name FrameworkScan bool // false if scanning control ScanAll bool // true if scan all frameworks }
TODO - UPDATE
func (*ScanInfo) GetScanningEnvironment ¶
func (*ScanInfo) SetPolicyIdentifiers ¶
func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind reporthandling.NotificationPolicyKind)
type VersionCheckHandler ¶
type VersionCheckHandler struct {
// contains filtered or unexported fields
}
func NewVersionCheckHandler ¶
func NewVersionCheckHandler() *VersionCheckHandler
func (*VersionCheckHandler) CheckLatestVersion ¶
func (v *VersionCheckHandler) CheckLatestVersion(versionData *VersionCheckRequest) error
type VersionCheckHandlerMock ¶
type VersionCheckHandlerMock struct { }
func NewVersionCheckHandlerMock ¶
func NewVersionCheckHandlerMock() *VersionCheckHandlerMock
func (*VersionCheckHandlerMock) CheckLatestVersion ¶
func (v *VersionCheckHandlerMock) CheckLatestVersion(versionData *VersionCheckRequest) error
type VersionCheckRequest ¶
type VersionCheckRequest struct { Client string `json:"client"` // kubescape ClientVersion string `json:"clientVersion"` // kubescape version Framework string `json:"framework"` // framework name FrameworkVersion string `json:"frameworkVersion"` // framework version ScanningTarget string `json:"target"` // scanning target- cluster/yaml }
func NewVersionCheckRequest ¶
func NewVersionCheckRequest(buildNumber, frameworkName, frameworkVersion, scanningTarget string) *VersionCheckRequest
type VersionCheckResponse ¶
type VersionCheckResponse struct { Client string `json:"client"` // kubescape ClientUpdate string `json:"clientUpdate"` // kubescape latest version Framework string `json:"framework"` // framework name FrameworkUpdate string `json:"frameworkUpdate"` // framework latest version Message string `json:"message"` // alert message }