cautils

package
v2.0.347 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 21, 2022 License: Apache-2.0 Imports: 48 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ScopeCluster = "cluster"
	ScopeYAML    = "yaml"
)
View Source 
const SKIP_VERSION_CHECK = "KS_SKIP_UPDATE_CHECK"
View Source 
const SKIP_VERSION_CHECK_DEPRECATED = "KUBESCAPE_SKIP_UPDATE_CHECK"
View Source 
const UnknownBuildNumber = "unknown"
View Source 
const ValueNotFound = -1

Variables

View Source 
var (
	CustomerGUID = ""
	ClusterName  = ""
)

Kubescape Cloud environment vars

View Source 
var (
	YAML_PREFIX = []string{"yaml", "yml"}
	JSON_PREFIX = []string{"json"}
)
View Source 
var (
	ImageVulnResources  = []string{"ImageVulnerabilities"}
	HostSensorResources = []string{"KubeletConfiguration",
		"KubeletCommandLine",
		"OsReleaseFile",
		"KernelVersion",
		"LinuxSecurityHardeningStatus",
		"OpenPortsList",
		"LinuxKernelVariables",
		"KubeletInfo",
		"KubeProxyInfo",
	}
	CloudResources = []string{"ClusterDescribe"}
)
View Source 
var BuildNumber string
View Source 
var Client string
View Source 
var DescriptionDisplay = color.New(color.Faint, color.FgWhite).FprintfFunc()
View Source 
var FailureDisplay = color.New(color.Bold, color.FgHiRed).FprintfFunc()
View Source 
var FailureTextDisplay = color.New(color.Faint, color.FgHiRed).FprintfFunc()
View Source 
var InfoDisplay = color.New(color.Bold, color.FgCyan).FprintfFunc()
View Source 
var InfoTextDisplay = color.New(color.Bold, color.FgHiYellow).FprintfFunc()
View Source 
var SimpleDisplay = color.New().FprintfFunc()
View Source 
var SuccessDisplay = color.New(color.Bold, color.FgHiGreen).FprintfFunc()
View Source 
var WarningDisplay = color.New(color.Bold, color.FgHiYellow).FprintfFunc()

Functions

func AdoptClusterName 

func AdoptClusterName(clusterName string) string

func ConfigFileFullPath 

func ConfigFileFullPath() string

func ConvertLabelsToString 

func ConvertLabelsToString(labels map[string]string) string

func ConvertStringToLabels 

func ConvertStringToLabels(labelsStr string) map[string]string

ConvertStringToLabels convert a string "a=b;c=d" to map: {"a":"b", "c":"d"}

func DeleteConfigFile 

func DeleteConfigFile() error

func Float16ToInt 

func Float16ToInt(x float32) int

Float16ToInt convert float16 to int

func Float32ToInt 

func Float32ToInt(x float32) int

Float32ToInt convert float32 to int

func Float64ToInt 

func Float64ToInt(x float64) int

Float64ToInt convert float64 to int

func GetValueFromConfigJson 

func GetValueFromConfigJson(key string) (string, error)

func IsDir added in v2.0.159 

func IsDir(name string) bool

IsDir checks if a given path is a directory

func IsFile 

func IsFile(name string) bool

IsFile checks if a given path is a file

func IsHelmDirectory added in v2.0.161 

func IsHelmDirectory(path string) (bool, error)

func IsJson 

func IsJson(filePath string) bool

func IsYaml 

func IsYaml(filePath string) bool

func LoadResourcesFromFiles 

func LoadResourcesFromFiles(input, rootPath string) map[string][]workloadinterface.IMetadata

func LoadResourcesFromHelmCharts added in v2.0.161 

func LoadResourcesFromHelmCharts(basePath string) (map[string][]workloadinterface.IMetadata, map[string]string)

LoadResourcesFromHelmCharts scans a given path (recuresively) for helm charts, renders the templates and returns a map of workloads and a map of chart names

func MapCloudResources 

func MapCloudResources(ksResourceMap *KSResources) []string

func MapHostResources 

func MapHostResources(ksResourceMap *KSResources) []string

func MapImageVulnResources 

func MapImageVulnResources(ksResourceMap *KSResources) []string

func MapKSResource added in v2.0.345 

func MapKSResource(ksResourceMap *KSResources, resources []string) []string

func PrettyJson 

func PrettyJson(data interface{}) ([]byte, error)

func ReadFile 

func ReadFile(fileContent []byte, fileFormat FileFormat) ([]workloadinterface.IMetadata, error)

func ReportV2ToV1 

func ReportV2ToV1(opaSessionObj *OPASessionObj) *reporthandling.PostureReport

func ScanningContextToScanningScope added in v2.0.159 

func ScanningContextToScanningScope(scanningContext ScanningContext) string

ScanningContextToScanningScope convert the context to the deprecated scope

func SetInfoMapForResources 

func SetInfoMapForResources(info string, resources []string, errorMap map[string]apis.StatusInfo)

func StartSpinner 

func StartSpinner()

func StopSpinner 

func StopSpinner()

func StringInSlice 

func StringInSlice(strSlice []string, str string) int

Types

type BoolPtrFlag 

type BoolPtrFlag struct {
	// contains filtered or unexported fields
}

func NewBoolPtr added in v2.0.153 

func NewBoolPtr(b *bool) BoolPtrFlag

func (*BoolPtrFlag) Get 

func (bpf *BoolPtrFlag) Get() *bool

func (*BoolPtrFlag) GetBool 

func (bpf *BoolPtrFlag) GetBool() bool

func (*BoolPtrFlag) Set 

func (bpf *BoolPtrFlag) Set(val string) error

func (*BoolPtrFlag) SetBool 

func (bpf *BoolPtrFlag) SetBool(val bool)

func (*BoolPtrFlag) String 

func (bpf *BoolPtrFlag) String() string

func (*BoolPtrFlag) Type 

func (bpf *BoolPtrFlag) Type() string

type ClusterConfig 

type ClusterConfig struct {
	// contains filtered or unexported fields
}

ClusterConfig configuration of specific cluster

Supported environments variables: KS_DEFAULT_CONFIGMAP_NAME // name of configmap, if not set default is 'kubescape' KS_DEFAULT_CONFIGMAP_NAMESPACE // configmap namespace, if not set default is 'default'

KS_ACCOUNT_ID KS_CLIENT_ID KS_SECRET_KEY

TODO - supprot: KS_CACHE // path to cached files

func NewClusterConfig 

func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, credentials *Credentials, clusterName string) *ClusterConfig

func (*ClusterConfig) DeleteCachedConfig 

func (c *ClusterConfig) DeleteCachedConfig() error

func (*ClusterConfig) GetAccountID 

func (c *ClusterConfig) GetAccountID() string

func (*ClusterConfig) GetClientID added in v2.0.155 

func (c *ClusterConfig) GetClientID() string

func (*ClusterConfig) GetConfigObj 

func (c *ClusterConfig) GetConfigObj() *ConfigObj

func (*ClusterConfig) GetContextName 

func (c *ClusterConfig) GetContextName() string

func (*ClusterConfig) GetDefaultNS 

func (c *ClusterConfig) GetDefaultNS() string

func (*ClusterConfig) GetSecretKey added in v2.0.155 

func (c *ClusterConfig) GetSecretKey() string

func (*ClusterConfig) GetTenantEmail added in v2.0.155 

func (c *ClusterConfig) GetTenantEmail() string

func (*ClusterConfig) GetToken added in v2.0.155 

func (c *ClusterConfig) GetToken() string

func (*ClusterConfig) GetValueByKeyFromConfigMap 

func (c *ClusterConfig) GetValueByKeyFromConfigMap(key string) (string, error)

func (*ClusterConfig) IsConfigFound 

func (c *ClusterConfig) IsConfigFound() bool

func (*ClusterConfig) IsRegistered 

func (clusterConfig *ClusterConfig) IsRegistered() bool

Check if the customer is registered

func (*ClusterConfig) IsSubmitted 

func (clusterConfig *ClusterConfig) IsSubmitted() bool

Check if the customer is submitted

func (*ClusterConfig) SetKeyValueInConfigmap 

func (c *ClusterConfig) SetKeyValueInConfigmap(key string, value string) error

func (*ClusterConfig) SetTenant 

func (c *ClusterConfig) SetTenant() error

func (*ClusterConfig) ToMapString 

func (c *ClusterConfig) ToMapString() map[string]interface{}

func (*ClusterConfig) UpdateCachedConfig 

func (c *ClusterConfig) UpdateCachedConfig() error

type ComponentConfig 

type ComponentConfig struct {
	Exceptions Exception `json:"exceptions"`
}

type ConfigObj 

type ConfigObj struct {
	AccountID          string `json:"accountID,omitempty"`
	ClientID           string `json:"clientID,omitempty"`
	SecretKey          string `json:"secretKey,omitempty"`
	CustomerGUID       string `json:"customerGUID,omitempty"` // Deprecated
	Token              string `json:"invitationParam,omitempty"`
	CustomerAdminEMail string `json:"adminMail,omitempty"`
	ClusterName        string `json:"clusterName,omitempty"`
}

func (*ConfigObj) Config 

func (co *ConfigObj) Config() []byte

Config - convert ConfigObj to config file

type Credentials added in v2.0.156 

type Credentials struct {
	Account   string
	ClientID  string
	SecretKey string
}

type Exception 

type Exception struct {
	Ignore        *bool                      `json:"ignore"`        // ignore test results
	MultipleScore *reporthandling.AlertScore `json:"multipleScore"` // MultipleScore number - float32
	Namespaces    []string                   `json:"namespaces"`
	Regex         string                     `json:"regex"` // not supported
}

type FileFormat 

type FileFormat string
const (
	YAML_FILE_FORMAT FileFormat = "yaml"
	JSON_FILE_FORMAT FileFormat = "json"
)

func GetFileFormat 

func GetFileFormat(filePath string) FileFormat

type Getters 

type Getters struct {
	ExceptionsGetter     getter.IExceptionsGetter
	ControlsInputsGetter getter.IControlsInputsGetter
	PolicyGetter         getter.IPolicyGetter
}

type HelmChart added in v2.0.161 

type HelmChart struct {
	// contains filtered or unexported fields
}

func NewHelmChart added in v2.0.161 

func NewHelmChart(path string) (*HelmChart, error)

func (*HelmChart) GetDefaultValues added in v2.0.161 

func (hc *HelmChart) GetDefaultValues() map[string]interface{}

func (*HelmChart) GetName added in v2.0.161 

func (hc *HelmChart) GetName() string

func (*HelmChart) GetWorkloads added in v2.0.161 

func (hc *HelmChart) GetWorkloads(values map[string]interface{}) (map[string][]workloadinterface.IMetadata, []error)

GetWorkloads renders chart template using the provided values and returns a map of source (absolute) file path to its workloads

func (*HelmChart) GetWorkloadsWithDefaultValues added in v2.0.161 

func (hc *HelmChart) GetWorkloadsWithDefaultValues() (map[string][]workloadinterface.IMetadata, []error)

GetWorkloads renders chart template using the default values and returns a map of source file to its workloads

type ITenantConfig 

type ITenantConfig interface {
	// set
	SetTenant() error
	UpdateCachedConfig() error
	DeleteCachedConfig() error

	// getters
	GetContextName() string
	GetAccountID() string
	GetTenantEmail() string
	GetToken() string
	GetClientID() string
	GetSecretKey() string
	GetConfigObj() *ConfigObj

	IsConfigFound() bool
}

====================================================================================== =============================== interface ============================================ ======================================================================================

type IVersionCheckHandler 

type IVersionCheckHandler interface {
	CheckLatestVersion(*VersionCheckRequest) error
}

func NewIVersionCheckHandler 

func NewIVersionCheckHandler() IVersionCheckHandler

type K8SResources 

type K8SResources map[string][]string

K8SResources map[<api group>/<api version>/<resource>][]<resourceID>

type KSResources added in v2.0.345 

type KSResources map[string][]string

type LocalConfig 

type LocalConfig struct {
	// contains filtered or unexported fields
}

====================================================================================== ============================ Local Config ============================================ ====================================================================================== Config when scanning YAML files or URL but not a Kubernetes cluster

func NewLocalConfig 

func NewLocalConfig(
	backendAPI getter.IBackend, credentials *Credentials, clusterName string) *LocalConfig

func (*LocalConfig) DeleteCachedConfig 

func (lc *LocalConfig) DeleteCachedConfig() error

func (*LocalConfig) GetAccountID 

func (lc *LocalConfig) GetAccountID() string

func (*LocalConfig) GetClientID added in v2.0.155 

func (lc *LocalConfig) GetClientID() string

func (*LocalConfig) GetConfigObj 

func (lc *LocalConfig) GetConfigObj() *ConfigObj

func (*LocalConfig) GetContextName 

func (lc *LocalConfig) GetContextName() string

func (*LocalConfig) GetSecretKey added in v2.0.155 

func (lc *LocalConfig) GetSecretKey() string

func (*LocalConfig) GetTenantEmail added in v2.0.155 

func (lc *LocalConfig) GetTenantEmail() string

func (*LocalConfig) GetToken added in v2.0.155 

func (lc *LocalConfig) GetToken() string

func (*LocalConfig) IsConfigFound 

func (lc *LocalConfig) IsConfigFound() bool

func (*LocalConfig) SetTenant 

func (lc *LocalConfig) SetTenant() error

func (*LocalConfig) UpdateCachedConfig 

func (lc *LocalConfig) UpdateCachedConfig() error

type LocalGitRepository added in v2.0.159 

type LocalGitRepository struct {
	// contains filtered or unexported fields
}

func NewLocalGitRepository added in v2.0.159 

func NewLocalGitRepository(path string) (*LocalGitRepository, error)

func (*LocalGitRepository) GetBranchName added in v2.0.159 

func (g *LocalGitRepository) GetBranchName() string

GetBranchName get current branch name

func (*LocalGitRepository) GetFileLastCommit added in v2.0.159 

func (g *LocalGitRepository) GetFileLastCommit(filePath string) (*apis.Commit, error)

func (*LocalGitRepository) GetLastCommit added in v2.0.159 

func (g *LocalGitRepository) GetLastCommit() (*apis.Commit, error)

GetLastCommit get latest commit object

func (*LocalGitRepository) GetName added in v2.0.159 

func (g *LocalGitRepository) GetName() (string, error)

GetName get origin name without the .git suffix

func (*LocalGitRepository) GetRemoteUrl added in v2.0.159 

func (g *LocalGitRepository) GetRemoteUrl() (string, error)

GetRemoteUrl get default remote URL

func (*LocalGitRepository) GetRootDir added in v2.0.159 

func (g *LocalGitRepository) GetRootDir() (string, error)

type OPASessionObj 

type OPASessionObj struct {
	K8SResources          *K8SResources                          // input k8s objects
	ArmoResource          *KSResources                           // input ARMO objects
	Policies              []reporthandling.Framework             // list of frameworks to scan
	AllResources          map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource>
	ResourcesResult       map[string]resourcesresults.Result     // resources scan results, map[<rtesource ID>]<resource result>
	ResourceSource        map[string]reporthandling.Source       // resources sources, map[<rtesource ID>]<resource result>
	Report                *reporthandlingv2.PostureReport        // scan results v2 - Remove
	Exceptions            []armotypes.PostureExceptionPolicy     // list of exceptions to apply on scan results
	RegoInputData         RegoInputData                          // input passed to rgo for scanning. map[<control name>][<input arguments>]
	Metadata              *reporthandlingv2.Metadata
	InfoMap               map[string]apis.StatusInfo // Map errors of resources to StatusInfo
	ResourceToControlsMap map[string][]string        // map[<apigroup/apiversion/resource>] = [<control_IDs>]
	SessionID             string                     // SessionID
}

func NewOPASessionObj 

func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources, scanInfo *ScanInfo) *OPASessionObj

func NewOPASessionObjMock 

func NewOPASessionObjMock() *OPASessionObj

type Policies 

type Policies struct {
	Frameworks []string
	Controls   map[string]reporthandling.Control // map[<control ID>]<control>
}

func NewPolicies 

func NewPolicies() *Policies

func (*Policies) Set 

func (policies *Policies) Set(frameworks []reporthandling.Framework, version string)

type PolicyIdentifier added in v2.0.155 

type PolicyIdentifier struct {
	Name        string                        // policy name e.g. nsa,mitre,c-0012
	Kind        apisv1.NotificationPolicyKind // policy kind e.g. Framework,Control,Rule
	Designators armotypes.PortalDesignator
}

type RBACObjects 

type RBACObjects struct {
	// contains filtered or unexported fields
}

func NewRBACObjects 

func NewRBACObjects(scanner *rbacscanner.RbacScannerFromK8sAPI) *RBACObjects

func (*RBACObjects) ListAllResources 

func (rbacObjects *RBACObjects) ListAllResources() (map[string]workloadinterface.IMetadata, error)

func (*RBACObjects) SetResourcesReport 

func (rbacObjects *RBACObjects) SetResourcesReport() (*reporthandlingv2.PostureReport, error)

type RegoInputData 

type RegoInputData struct {
	PostureControlInputs map[string][]string `json:"postureControlInputs"`
}

type RootInfo 

type RootInfo struct {
	Logger       string // logger level
	LoggerName   string // logger name ("pretty"/"zap"/"none")
	CacheDir     string // cached dir
	DisableColor bool   // Disable Color

	KSCloudBEURLs    string // Kubescape Cloud URL
	KSCloudBEURLsDep string // Kubescape Cloud URL

}

type ScanInfo 

type ScanInfo struct {
	Getters                               // TODO - remove from object
	PolicyIdentifier   []PolicyIdentifier // TODO - remove from object
	UseExceptions      string             // Load file with exceptions configuration
	ControlsInputs     string             // Load file with inputs for controls
	UseFrom            []string           // Load framework from local file (instead of download). Use when running offline
	UseDefault         bool               // Load framework from cached file (instead of download). Use when running offline
	UseArtifactsFrom   string             // Load artifacts from local path. Use when running offline
	VerboseMode        bool               // Display all of the input resources and not only failed resources
	View               string             // Display all of the input resources and not only failed resources
	Format             string             // Format results (table, json, junit ...)
	Output             string             // Store results in an output file, Output file name
	FormatVersion      string             // Output object can be differnet between versions, this is for testing and backward compatibility
	ExcludedNamespaces string             // used for host scanner namespace
	IncludeNamespaces  string             //
	InputPatterns      []string           // Yaml files input patterns
	Silent             bool               // Silent mode - Do not print progress logs
	FailThreshold      float32            // Failure score threshold
	Submit             bool               // Submit results to Kubescape Cloud BE
	ScanID             string             // Report id of the current scan
	HostSensorEnabled  BoolPtrFlag        // Deploy Kubescape K8s host scanner to collect data from certain controls
	HostSensorYamlPath string             // Path to hostsensor file
	Local              bool               // Do not submit results
	Credentials        Credentials        // account ID
	KubeContext        string             // context name
	FrameworkScan      bool               // false if scanning control
	ScanAll            bool               // true if scan all frameworks
}

func (*ScanInfo) GetScanningContext added in v2.0.159 

func (scanInfo *ScanInfo) GetScanningContext() ScanningContext

func (*ScanInfo) Init 

func (scanInfo *ScanInfo) Init()

func (*ScanInfo) SetPolicyIdentifiers 

func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.NotificationPolicyKind)

type ScanningContext added in v2.0.159 

type ScanningContext string
const (
	ContextCluster  ScanningContext = "cluster"
	ContextFile     ScanningContext = "single-file"
	ContextDir      ScanningContext = "local-dir"
	ContextGitURL   ScanningContext = "git-url"
	ContextGitLocal ScanningContext = "git-local"
)

func GetScanningContext added in v2.0.159 

func GetScanningContext(input string) ScanningContext

GetScanningContext get scanning context from the input param

type VersionCheckHandler 

type VersionCheckHandler struct {
	// contains filtered or unexported fields
}

func NewVersionCheckHandler 

func NewVersionCheckHandler() *VersionCheckHandler

func (*VersionCheckHandler) CheckLatestVersion 

func (v *VersionCheckHandler) CheckLatestVersion(versionData *VersionCheckRequest) error

type VersionCheckHandlerMock 

type VersionCheckHandlerMock struct {
}

func NewVersionCheckHandlerMock 

func NewVersionCheckHandlerMock() *VersionCheckHandlerMock

func (*VersionCheckHandlerMock) CheckLatestVersion 

func (v *VersionCheckHandlerMock) CheckLatestVersion(versionData *VersionCheckRequest) error

type VersionCheckRequest 

type VersionCheckRequest struct {
	Client           string `json:"client"`           // kubescape
	ClientBuild      string `json:"clientBuild"`      // client build environment
	ClientVersion    string `json:"clientVersion"`    // kubescape version
	Framework        string `json:"framework"`        // framework name
	FrameworkVersion string `json:"frameworkVersion"` // framework version
	ScanningTarget   string `json:"target"`           // Deprecated
	ScanningContext  string `json:"context"`          // scanning context- cluster/file/gitURL/localGit/dir
}

func NewVersionCheckRequest 

func NewVersionCheckRequest(buildNumber, frameworkName, frameworkVersion, scanningTarget string) *VersionCheckRequest

type VersionCheckResponse 

type VersionCheckResponse struct {
	Client          string `json:"client"`          // kubescape
	ClientUpdate    string `json:"clientUpdate"`    // kubescape latest version
	Framework       string `json:"framework"`       // framework name
	FrameworkUpdate string `json:"frameworkUpdate"` // framework latest version
	Message         string `json:"message"`         // alert message
}

type ViewTypes added in v2.0.154 

type ViewTypes string

TODO - UPDATE 

const (
	ResourceViewType ViewTypes = "resource"
	ControlViewType  ViewTypes = "control"
)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.