cautils

package
v0.0.0-...-cb424ea Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 27, 2022 License: Apache-2.0 Imports: 34 Imported by: 6

Documentation

Index

Constants

View Source 
const (
	ScanCluster    string = "cluster"
	ScanLocalFiles string = "yaml"
)
View Source 
const SKIP_VERSION_CHECK = "KS_SKIP_UPDATE_CHECK"
View Source 
const SKIP_VERSION_CHECK_DEPRECATED = "KUBESCAPE_SKIP_UPDATE_CHECK"
View Source 
const UnknownBuildNumber = "unknown"
View Source 
const ValueNotFound = -1

Variables

View Source 
var (
	CustomerGUID = ""
	ClusterName  = ""
)

CA environment vars

View Source 
var (
	YAML_PREFIX = []string{".yaml", ".yml"}
	JSON_PREFIX = []string{".json"}
)
View Source 
var (
	ImageVulnResources  = []string{"ImageVulnerabilities"}
	HostSensorResources = []string{"KubeletConfiguration",
		"KubeletCommandLine",
		"OsReleaseFile",
		"KernelVersion",
		"LinuxSecurityHardeningStatus",
		"OpenPortsList",
		"LinuxKernelVariables"}
	CloudResources = []string{"ClusterDescribe"}
)
View Source 
var BuildNumber string
View Source 
var DescriptionDisplay = color.New(color.Faint, color.FgWhite).FprintfFunc()
View Source 
var FailureDisplay = color.New(color.Bold, color.FgHiRed).FprintfFunc()
View Source 
var FailureTextDisplay = color.New(color.Faint, color.FgHiRed).FprintfFunc()
View Source 
var InfoDisplay = color.New(color.Bold, color.FgCyan).FprintfFunc()
View Source 
var InfoTextDisplay = color.New(color.Bold, color.FgHiYellow).FprintfFunc()
View Source 
var SimpleDisplay = color.New().FprintfFunc()
View Source 
var SuccessDisplay = color.New(color.Bold, color.FgHiGreen).FprintfFunc()
View Source 
var WarningDisplay = color.New(color.Bold, color.FgHiYellow).FprintfFunc()

Functions

func AdoptClusterName 

func AdoptClusterName(clusterName string) string

func ConfigFileFullPath 

func ConfigFileFullPath() string

func ConvertLabelsToString 

func ConvertLabelsToString(labels map[string]string) string

func ConvertStringToLabels 

func ConvertStringToLabels(labelsStr string) map[string]string

ConvertStringToLabels convert a string "a=b;c=d" to map: {"a":"b", "c":"d"}

func DeleteConfigFile 

func DeleteConfigFile() error

func GetValueFromConfigJson 

func GetValueFromConfigJson(key string) (string, error)

func IsFile 

func IsFile(name string) bool

func IsJson 

func IsJson(filePath string) bool

func IsYaml 

func IsYaml(filePath string) bool

func LoadResourcesFromFiles 

func LoadResourcesFromFiles(inputPatterns []string) (map[string][]workloadinterface.IMetadata, error)

func MapArmoResource 

func MapArmoResource(armoResourceMap *ArmoResources, resources []string) []string

func MapCloudResources 

func MapCloudResources(armoResourceMap *ArmoResources) []string

func MapHostResources 

func MapHostResources(armoResourceMap *ArmoResources) []string

func MapImageVulnResources 

func MapImageVulnResources(armoResourceMap *ArmoResources) []string

func PrettyJson 

func PrettyJson(data interface{}) ([]byte, error)

func ReadFile 

func ReadFile(fileContent []byte, fileFromat FileFormat) ([]workloadinterface.IMetadata, []error)

func ReportV2ToV1 

func ReportV2ToV1(opaSessionObj *OPASessionObj)

func SetInfoMapForResources 

func SetInfoMapForResources(info string, resources []string, errorMap map[string]apis.StatusInfo)

func StartSpinner 

func StartSpinner()

func StopSpinner 

func StopSpinner()

func StringInSlice 

func StringInSlice(strSlice []string, str string) int

Types

type ArmoResources 

type ArmoResources map[string][]string

type BoolPtrFlag 

type BoolPtrFlag struct {
	// contains filtered or unexported fields
}

func (*BoolPtrFlag) Get 

func (bpf *BoolPtrFlag) Get() *bool

func (*BoolPtrFlag) GetBool 

func (bpf *BoolPtrFlag) GetBool() bool

func (*BoolPtrFlag) Set 

func (bpf *BoolPtrFlag) Set(val string) error

func (*BoolPtrFlag) SetBool 

func (bpf *BoolPtrFlag) SetBool(val bool)

func (*BoolPtrFlag) String 

func (bpf *BoolPtrFlag) String() string

func (*BoolPtrFlag) Type 

func (bpf *BoolPtrFlag) Type() string

type ClusterConfig 

type ClusterConfig struct {
	// contains filtered or unexported fields
}

ClusterConfig configuration of specific cluster

Supported environments variables: KS_DEFAULT_CONFIGMAP_NAME // name of configmap, if not set default is 'kubescape' KS_DEFAULT_CONFIGMAP_NAMESPACE // configmap namespace, if not set default is 'default'

KS_ACCOUNT_ID KS_CLIENT_ID KS_SECRET_KEY

TODO - supprot: KS_CACHE // path to cached files

func NewClusterConfig 

func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, customerGUID, clusterName string) *ClusterConfig

func (*ClusterConfig) DeleteCachedConfig 

func (c *ClusterConfig) DeleteCachedConfig() error

func (*ClusterConfig) GetAccountID 

func (c *ClusterConfig) GetAccountID() string

func (*ClusterConfig) GetClusterName 

func (c *ClusterConfig) GetClusterName() string

func (*ClusterConfig) GetConfigObj 

func (c *ClusterConfig) GetConfigObj() *ConfigObj

func (*ClusterConfig) GetDefaultNS 

func (c *ClusterConfig) GetDefaultNS() string

func (*ClusterConfig) GetValueByKeyFromConfigMap 

func (c *ClusterConfig) GetValueByKeyFromConfigMap(key string) (string, error)

func (*ClusterConfig) IsConfigFound 

func (c *ClusterConfig) IsConfigFound() bool

func (*ClusterConfig) IsRegistered 

func (clusterConfig *ClusterConfig) IsRegistered() bool

Check if the customer is registered

func (*ClusterConfig) IsSubmitted 

func (clusterConfig *ClusterConfig) IsSubmitted() bool

Check if the customer is submitted

func (*ClusterConfig) SetKeyValueInConfigmap 

func (c *ClusterConfig) SetKeyValueInConfigmap(key string, value string) error

func (*ClusterConfig) SetTenant 

func (c *ClusterConfig) SetTenant() error

func (*ClusterConfig) ToMapString 

func (c *ClusterConfig) ToMapString() map[string]interface{}

func (*ClusterConfig) UpdateCachedConfig 

func (c *ClusterConfig) UpdateCachedConfig() error

type ComponentConfig 

type ComponentConfig struct {
	Exceptions Exception `json:"exceptions"`
}

type ConfigObj 

type ConfigObj struct {
	AccountID          string `json:"accountID,omitempty"`
	ClientID           string `json:"clientID,omitempty"`
	SecretKey          string `json:"secretKey,omitempty"`
	CustomerGUID       string `json:"customerGUID,omitempty"` // Deprecated
	Token              string `json:"invitationParam,omitempty"`
	CustomerAdminEMail string `json:"adminMail,omitempty"`
	ClusterName        string `json:"clusterName,omitempty"`
}

func (*ConfigObj) Config 

func (co *ConfigObj) Config() []byte

Config - convert ConfigObj to config file

type Exception 

type Exception struct {
	Ignore        *bool                      `json:"ignore"`        // ignore test results
	MultipleScore *reporthandling.AlertScore `json:"multipleScore"` // MultipleScore number - float32
	Namespaces    []string                   `json:"namespaces"`
	Regex         string                     `json:"regex"` // not supported
}

type FileFormat 

type FileFormat string
const (
	YAML_FILE_FORMAT FileFormat = "yaml"
	JSON_FILE_FORMAT FileFormat = "json"
)

func GetFileFormat 

func GetFileFormat(filePath string) FileFormat

type Getters 

type Getters struct {
	ExceptionsGetter     getter.IExceptionsGetter
	ControlsInputsGetter getter.IControlsInputsGetter
	PolicyGetter         getter.IPolicyGetter
}

type ITenantConfig 

type ITenantConfig interface {
	// set
	SetTenant() error
	UpdateCachedConfig() error
	DeleteCachedConfig() error

	// getters
	GetClusterName() string
	GetAccountID() string
	GetConfigObj() *ConfigObj

	IsConfigFound() bool
}

====================================================================================== =============================== interface ============================================ ======================================================================================

type IVersionCheckHandler 

type IVersionCheckHandler interface {
	CheckLatestVersion(*VersionCheckRequest) error
}

func NewIVersionCheckHandler 

func NewIVersionCheckHandler() IVersionCheckHandler

type K8SResources 

type K8SResources map[string][]string

K8SResources map[<api group>/<api version>/<resource>][]<resourceID>

type LocalConfig 

type LocalConfig struct {
	// contains filtered or unexported fields
}

====================================================================================== ============================ Local Config ============================================ ====================================================================================== Config when scanning YAML files or URL but not a Kubernetes cluster

func NewLocalConfig 

func NewLocalConfig(
	backendAPI getter.IBackend, customerGUID, clusterName string) *LocalConfig

func (*LocalConfig) DeleteCachedConfig 

func (lc *LocalConfig) DeleteCachedConfig() error

func (*LocalConfig) GetAccountID 

func (lc *LocalConfig) GetAccountID() string

func (*LocalConfig) GetClusterName 

func (lc *LocalConfig) GetClusterName() string

func (*LocalConfig) GetConfigObj 

func (lc *LocalConfig) GetConfigObj() *ConfigObj

func (*LocalConfig) IsConfigFound 

func (lc *LocalConfig) IsConfigFound() bool

func (*LocalConfig) SetTenant 

func (lc *LocalConfig) SetTenant() error

func (*LocalConfig) UpdateCachedConfig 

func (lc *LocalConfig) UpdateCachedConfig() error

type OPASessionObj 

type OPASessionObj struct {
	K8SResources          *K8SResources                          // input k8s objects
	ArmoResource          *ArmoResources                         // input ARMO objects
	Policies              []reporthandling.Framework             // list of frameworks to scan
	AllResources          map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource>
	ResourcesResult       map[string]resourcesresults.Result     // resources scan results, map[<rtesource ID>]<resource result>
	ResourceSource        map[string]string                      // resources sources, map[<rtesource ID>]<resource result>
	PostureReport         *reporthandling.PostureReport          // scan results v1 - Remove
	Report                *reporthandlingv2.PostureReport        // scan results v2 - Remove
	Exceptions            []armotypes.PostureExceptionPolicy     // list of exceptions to apply on scan results
	RegoInputData         RegoInputData                          // input passed to rgo for scanning. map[<control name>][<input arguments>]
	Metadata              *reporthandlingv2.Metadata
	InfoMap               map[string]apis.StatusInfo // Map errors of resources to StatusInfo
	ResourceToControlsMap map[string][]string        // map[<apigroup/apiversion/resource>] = [<control_IDs>]
	SessionID             string                     // SessionID
}

func NewOPASessionObj 

func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources, scanInfo *ScanInfo) *OPASessionObj

func NewOPASessionObjMock 

func NewOPASessionObjMock() *OPASessionObj

type Policies 

type Policies struct {
	Frameworks []string
	Controls   map[string]reporthandling.Control // map[<control ID>]<control>
}

func NewPolicies 

func NewPolicies() *Policies

func (*Policies) Set 

func (policies *Policies) Set(frameworks []reporthandling.Framework, version string)

type RBACObjects 

type RBACObjects struct {
	// contains filtered or unexported fields
}

func NewRBACObjects 

func NewRBACObjects(scanner *rbacscanner.RbacScannerFromK8sAPI) *RBACObjects

func (*RBACObjects) ListAllResources 

func (rbacObjects *RBACObjects) ListAllResources() (map[string]workloadinterface.IMetadata, error)

func (*RBACObjects) SetResourcesReport 

func (rbacObjects *RBACObjects) SetResourcesReport() (*reporthandling.PostureReport, error)

type RegoInputData 

type RegoInputData struct {
	PostureControlInputs map[string][]string `json:"postureControlInputs"`
}

type RootInfo 

type RootInfo struct {
	Logger       string // logger level
	LoggerName   string // logger name ("pretty"/"zap"/"none")
	CacheDir     string // cached dir
	DisableColor bool   // Disable Color

	ArmoBEURLs    string // armo url
	ArmoBEURLsDep string // armo url
}

type ScanInfo 

type ScanInfo struct {
	Getters                                              // TODO - remove from object
	PolicyIdentifier   []reporthandling.PolicyIdentifier // TODO - remove from object
	UseExceptions      string                            // Load file with exceptions configuration
	ControlsInputs     string                            // Load file with inputs for controls
	UseFrom            []string                          // Load framework from local file (instead of download). Use when running offline
	UseDefault         bool                              // Load framework from cached file (instead of download). Use when running offline
	UseArtifactsFrom   string                            // Load artifacts from local path. Use when running offline
	VerboseMode        bool                              // Display all of the input resources and not only failed resources
	Format             string                            // Format results (table, json, junit ...)
	Output             string                            // Store results in an output file, Output file name
	FormatVersion      string                            // Output object can be differnet between versions, this is for testing and backward compatibility
	ExcludedNamespaces string                            // used for host scanner namespace
	IncludeNamespaces  string                            // DEPRECATED?
	InputPatterns      []string                          // Yaml files input patterns
	Silent             bool                              // Silent mode - Do not print progress logs
	FailThreshold      float32                           // Failure score threshold
	Submit             bool                              // Submit results to Armo BE
	ScanID             string                            // Report id of the current scan
	HostSensorEnabled  BoolPtrFlag                       // Deploy ARMO K8s host scanner to collect data from certain controls
	HostSensorYamlPath string                            // Path to hostsensor file
	Local              bool                              // Do not submit results
	Account            string                            // account ID
	KubeContext        string                            // context name
	FrameworkScan      bool                              // false if scanning control
	ScanAll            bool                              // true if scan all frameworks
}

TODO - UPDATE

func (*ScanInfo) GetScanningEnvironment 

func (scanInfo *ScanInfo) GetScanningEnvironment() string

func (*ScanInfo) Init 

func (scanInfo *ScanInfo) Init()

func (*ScanInfo) SetPolicyIdentifiers 

func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind reporthandling.NotificationPolicyKind)

type VersionCheckHandler 

type VersionCheckHandler struct {
	// contains filtered or unexported fields
}

func NewVersionCheckHandler 

func NewVersionCheckHandler() *VersionCheckHandler

func (*VersionCheckHandler) CheckLatestVersion 

func (v *VersionCheckHandler) CheckLatestVersion(versionData *VersionCheckRequest) error

type VersionCheckHandlerMock 

type VersionCheckHandlerMock struct {
}

func NewVersionCheckHandlerMock 

func NewVersionCheckHandlerMock() *VersionCheckHandlerMock

func (*VersionCheckHandlerMock) CheckLatestVersion 

func (v *VersionCheckHandlerMock) CheckLatestVersion(versionData *VersionCheckRequest) error

type VersionCheckRequest 

type VersionCheckRequest struct {
	Client           string `json:"client"`           // kubescape
	ClientVersion    string `json:"clientVersion"`    // kubescape version
	Framework        string `json:"framework"`        // framework name
	FrameworkVersion string `json:"frameworkVersion"` // framework version
	ScanningTarget   string `json:"target"`           // scanning target- cluster/yaml
}

func NewVersionCheckRequest 

func NewVersionCheckRequest(buildNumber, frameworkName, frameworkVersion, scanningTarget string) *VersionCheckRequest

type VersionCheckResponse 

type VersionCheckResponse struct {
	Client          string `json:"client"`          // kubescape
	ClientUpdate    string `json:"clientUpdate"`    // kubescape latest version
	Framework       string `json:"framework"`       // framework name
	FrameworkUpdate string `json:"frameworkUpdate"` // framework latest version
	Message         string `json:"message"`         // alert message
}

Source Files

View all Source files

Directories

Path Synopsis
helpers
nonelogger
prettylogger
zaplogger

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.