README
¶
twistlock-client-go
Twistlock API Client for golang
Summary
import tw "github.com/bsycorp/twistlock-client-go"
...
client, err = tw.NewClient("http://localhost:8081/api/v1/")
if err != nil {
log.Fatalln("error creating twistlock client: ", err)
}
err = client.Login("twadmin", "great_password")
if err != nil {
log.Fatalln("failed to log into twistlock console: ", err)
}
...
Testing
To run the live integration tests, you need an access token and license. The integration tests will spin up a temporary console container, initialize it and then run a few basic tests.
export TW_ACCESS_TOKEN=<your-access-token>
export TW_LICENSE=<your-license-key>
go test -v -tags integration ./test/integration/
twistlock-controller
The twistlock-controller is a helper for automated twistlock provisioning and configuration management.
It can be used as a "one shot" configurator during the twistlock provisioning process, or as a running controller to continuously manage twistlock console configuration.
An example configuration file can be found at: cmd/twistlock-controller/sample.yml
Command-line and environment variables
Usage of ./twistlock-controller:
-api string
API URL for Twistlock API (TWISTLOCK_API) (default "http://twistlock-console:8081/api/v1/")
-config string
Path to configuration file (default "twistlock.yml")
-license string
Twistlock console license (TWISTLOCK_LICENSE)
-pass string
Twistlock console password (TWISTLOCK_PASS)
-user string
Twistlock console username (TWISTLOCK_USER)
Environment variables take precedence over command-line arguments.
Configuration
Init block
If the SAML configuration includes block like:
init:
enabled: true
The controller will check whether twistlock is initialized (via
/api/v1/settings/initialized). If the console is not initialized yet, the
controller will initialize it. This performs the following steps:
- Create a local account in the console for admin/superuser
- Credentials for the account will be taken from the
-userand-passarguments or the correspondingTWISTLOCK_USERandTWISTLOCK_PASSenvironment variables.
- Credentials for the account will be taken from the
- Install a license into the console.
- The license is taken from the
-licenseargument or theTWISTLOCK_LICENSEenvironment variable.
- The license is taken from the
If the init: block is not specified and the controller is not initialized,
the controller will wait for manual initialization of the twistlock console
before applying any further configuration.
SAML
Valid SAML provider types are ADFS, Azure, GSuite, Okta, Ping, Shibboleth.
Documentation
¶
Index ¶
- func NewClientError(err string) error
- func NewServerError(statusCode int, err string) error
- func NewServerErrorFromResponse(statusCode int, body []byte) error
- type Client
- func (c *Client) GetContainerList(params map[string]string) ([]ContainerVulnerabilityResponse, error)
- func (c *Client) GetContainerVulnerabilityPolicy() (*ContainerVulnerabilityPolicy, error)
- func (c *Client) GetIntelligenceSettings() (*IntelligenceSettings, error)
- func (c *Client) GetLatestVersion() (string, error)
- func (c *Client) GetLicense() (*LicenseSettings, error)
- func (c *Client) GetProxy() (*ProxySettings, error)
- func (c *Client) GetSAMLSettings() (*SAMLSettings, error)
- func (c *Client) GetStatsVulnerabilities() (VulnerabilityResponses, error)
- func (c *Client) GetStatsVulnerabilitiesImpactedResources(cve string) (ImpactedResources, error)
- func (c *Client) IsInitialized() (bool, error)
- func (c *Client) Login(username, password string) error
- func (c *Client) Logout() error
- func (c *Client) Ping() error
- func (c *Client) SetContainerVulnerabilityPolicy(policy *ContainerVulnerabilityPolicy) error
- func (c *Client) SetIntelligenceSettings(settings *IntelligenceSettings) error
- func (c *Client) SetLicense(licenseKey string) error
- func (c *Client) SetProxy(r *ProxySettings) error
- func (c *Client) SetSAMLSettings(settings *SAMLSettings) error
- func (c *Client) Signup(username, password string) error
- type ClientError
- type ContainerVulnerabilityPolicy
- type ContainerVulnerabilityResponse
- type Credentials
- type HighestRiskFactors
- type ImpactedResources
- type Impacts
- type IntelligenceSettings
- type IsInitialized
- type LatestVersion
- type LicenseSettings
- type ProxySettings
- type RiskTree
- type RiskTrees
- type SAMLSettings
- type SecretValue
- type ServerError
- type TokenResponse
- type Vulnerability
- type VulnerabilityResponse
- type VulnerabilityResponses
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewClientError ¶
func NewServerError ¶
Types ¶
type Client ¶
type Client struct {
BaseURL *url.URL
UserAgent string
Token string
// contains filtered or unexported fields
}
func (*Client) GetContainerList ¶
func (c *Client) GetContainerList(params map[string]string) ([]ContainerVulnerabilityResponse, error)
GetContainerList will gather a list of containers, and their attached vulns the params argument turns into queryparams with their values.
Even though params is a map[string]string, and some values can be integers, this seems to not matter ( I'm guessing this is a freebie from the http protocol )
func (*Client) GetContainerVulnerabilityPolicy ¶
func (c *Client) GetContainerVulnerabilityPolicy() (*ContainerVulnerabilityPolicy, error)
func (*Client) GetIntelligenceSettings ¶
func (c *Client) GetIntelligenceSettings() (*IntelligenceSettings, error)
func (*Client) GetLatestVersion ¶
func (*Client) GetLicense ¶
func (c *Client) GetLicense() (*LicenseSettings, error)
func (*Client) GetProxy ¶
func (c *Client) GetProxy() (*ProxySettings, error)
func (*Client) GetSAMLSettings ¶
func (c *Client) GetSAMLSettings() (*SAMLSettings, error)
func (*Client) GetStatsVulnerabilities ¶
func (c *Client) GetStatsVulnerabilities() (VulnerabilityResponses, error)
func (*Client) GetStatsVulnerabilitiesImpactedResources ¶
func (c *Client) GetStatsVulnerabilitiesImpactedResources(cve string) (ImpactedResources, error)
func (*Client) IsInitialized ¶
func (*Client) SetContainerVulnerabilityPolicy ¶
func (c *Client) SetContainerVulnerabilityPolicy(policy *ContainerVulnerabilityPolicy) error
func (*Client) SetIntelligenceSettings ¶
func (c *Client) SetIntelligenceSettings(settings *IntelligenceSettings) error
func (*Client) SetLicense ¶
func (*Client) SetProxy ¶
func (c *Client) SetProxy(r *ProxySettings) error
func (*Client) SetSAMLSettings ¶
func (c *Client) SetSAMLSettings(settings *SAMLSettings) error
type ClientError ¶
type ClientError struct {
Err string
}
func (ClientError) Error ¶
func (err ClientError) Error() string
type ContainerVulnerabilityPolicy ¶
type ContainerVulnerabilityPolicy struct {
Rules []struct {
Modified time.Time `json:"modified"`
Owner string `json:"owner"`
Name string `json:"name"`
PreviousName string `json:"previousName"`
Effect string `json:"effect"`
Resources struct {
Containers []string `json:"containers"`
Functions []string `json:"functions"`
Hosts []string `json:"hosts"`
Images []string `json:"images"`
Labels []string `json:"labels"`
Namespaces []string `json:"namespaces"`
Services []string `json:"services"`
} `json:"resources"`
Action []string `json:"action,omitempty"`
Condition struct {
Readonly bool `json:"readonly"`
Device string `json:"device"`
Vulnerabilities []interface{} `json:"vulnerabilities"`
} `json:"condition"`
Group []string `json:"group,omitempty"`
AlertThreshold struct {
Disabled bool `json:"disabled"`
Value int `json:"value"`
} `json:"alertThreshold"`
BlockThreshold struct {
Enabled bool `json:"enabled"`
Value int `json:"value"`
} `json:"blockThreshold"`
CveRules []struct {
Effect string `json:"effect"`
ID string `json:"id"`
Description string `json:"description"`
Expiration struct {
Enabled bool `json:"enabled"`
Date time.Time `json:"date"`
} `json:"expiration"`
} `json:"cveRules,omitempty"`
GraceDays int `json:"graceDays"`
} `json:"rules"`
PolicyType string `json:"policyType"`
ID string `json:"_id"`
}
type ContainerVulnerabilityResponse ¶
type ContainerVulnerabilityResponse struct {
ID string `json:"_id"`
Collections []string `json:"collections"`
FirewallProtected bool `json:"firewallProtected"`
Hostname string `json:"hostname"`
Info struct {
AllCompliance struct {
} `json:"allCompliance"`
App string `json:"app"`
ComplianceDistribution struct {
Critical int `json:"critical"`
High int `json:"high"`
Low int `json:"low"`
Medium int `json:"medium"`
Total int `json:"total"`
} `json:"complianceDistribution"`
ComplianceRiskScore int `json:"complianceRiskScore"`
ComplianceVulnerabilities []struct {
Cause string `json:"cause"`
Cve string `json:"cve"`
Cvss int `json:"cvss"`
Description string `json:"description"`
Discovered time.Time `json:"discovered"`
Exploit string `json:"exploit"`
ID int `json:"id"`
LayerTime int `json:"layerTime"`
Link string `json:"link"`
PackageName string `json:"packageName"`
PackageVersion string `json:"packageVersion"`
Published int `json:"published"`
RiskFactors interface{} `json:"riskFactors"`
Severity string `json:"severity"`
Status string `json:"status"`
Templates []interface{} `json:"templates"`
Text string `json:"text"`
Title string `json:"title"`
Twistlock bool `json:"twistlock"`
Type string `json:"type"`
VecStr string `json:"vecStr"`
} `json:"complianceIssues"`
ComplianceVulnerabilitiesCnt int `json:"complianceVulnerabilitiesCnt"`
ID string `json:"id"`
Image string `json:"image"`
ImageID string `json:"imageID"`
ImageName string `json:"imageName"`
Infra bool `json:"infra"`
InstalledProducts struct {
Docker string `json:"docker"`
} `json:"installedProducts"`
Labels []string `json:"labels"`
Name string `json:"name"`
Namespace string `json:"namespace"`
Network struct {
Ports []interface{} `json:"ports"`
} `json:"network"`
NetworkSettings struct {
} `json:"networkSettings"`
Processes []struct {
Name string `json:"name"`
} `json:"processes"`
ProfileID string `json:"profileID"`
} `json:"info"`
ScanTime time.Time `json:"scanTime"`
}
ContainerVulnerabilityResponse is for getting the vulnerabilities identified on container images
type Credentials ¶
type HighestRiskFactors ¶
type ImpactedResources ¶
type IntelligenceSettings ¶
type IsInitialized ¶
type IsInitialized struct {
Initialized bool `json:"initialized"`
}
type LatestVersion ¶
type LatestVersion struct {
LatestVersion string `json:"latestVersion"`
}
type LicenseSettings ¶
type LicenseSettings struct {
CustomerID string `json:"customer_id"`
CustomerEmail string `json:"customer_email"`
ContractID string `json:"contract_id"`
AccessToken string `json:"access_token"`
Type string `json:"type"`
Defenders int `json:"defenders"`
DefenderDetails []struct {
Category string `json:"category"`
Count int `json:"count"`
} `json:"defender_details"`
IssueDate time.Time `json:"issue_date"`
ExpirationDate time.Time `json:"expiration_date"`
}
type ProxySettings ¶
type ProxySettings struct {
Ca string `json:"ca"`
HttpProxy string `json:"httpProxy"`
NoProxy string `json:"noProxy"`
User string `json:"user"`
Password SecretValue `json:"password"`
}
type RiskTree ¶
type RiskTree struct {
Container string `json:"container,omitempty"`
Factors struct {
Network bool `json:"network"`
NoSecurityProfile bool `json:"noSecurityProfile"`
RootPrivilege bool `json:"rootPrivilege"`
} `json:"factors"`
Host string `json:"host,omitempty"`
Image string `json:"image,omitempty"`
Namespace string `json:"namespace,omitempty"`
}
type SAMLSettings ¶
type SAMLSettings struct {
AppID string `json:"appId"`
AppSecret SecretValue `json:"appSecret"`
Audience string `json:"audience"`
Cert string `json:"cert"`
ConsoleURL string `json:"consoleURL"`
Enabled bool `json:"enabled"`
Issuer string `json:"issuer"`
TenantID string `json:"tenantId"`
Type string `json:"type"`
URL string `json:"url"`
}
type SecretValue ¶
type ServerError ¶
func (ServerError) Error ¶
func (err ServerError) Error() string
type TokenResponse ¶
type TokenResponse struct {
Token string `json:"token"`
}
type Vulnerability ¶
type Vulnerability struct {
Cve string `json:"cve,omitempty"`
Description string `json:"description,omitempty"`
HighestRiskFactors HighestRiskFactors `json:"highestRiskFactors,omitempty"`
ImpactedPackages []string `json:"impactedPkgs,omitempty"`
ImpactedResourcesCount int `json:"impactedResourcesCnt,omitempty"`
Link string `json:"link,omitempty"`
RiskFactors struct {
AttackComplexityLow struct {
} `json:"Attack complexity: low,omitempty"`
AttackVectorNetwork struct {
} `json:"Attack vector: network,omitempty"`
MediumSeverity struct {
} `json:"Medium severity,omitempty"`
CriticalSeverity struct {
} `json:"Critical severity,omitempty"`
DoS struct {
} `json:"DoS,omitempty"`
HasFix struct {
} `json:"Has fix,omitempty"`
RecentVulnerability struct {
} `json:"Recent vulnerability,omitempty"`
RemoteExecution struct {
} `json:"Remote execution,omitempty"`
} `json:"riskFactors,omitempty"`
RiskScore int `json:"riskScore,omitempty"`
Status string `json:"status"`
}
type VulnerabilityResponse ¶
type VulnerabilityResponse struct {
ID string `json:"_id"`
Modified time.Time `json:"modified"`
Images struct {
Impacted Impacts `json:"impacted"`
Cves Impacts `json:"cves"`
Vulnerabilities []Vulnerability `json:"vulnerabilities,omitempty"`
} `json:"images,omitempty"`
Hosts struct {
Impacted Impacts `json:"impacted"`
Cves Impacts `json:"cves"`
Vulnerabilities []Vulnerability `json:"vulnerabilities,omitempty"`
} `json:"hosts,omitempty"`
Functions struct {
Impacted Impacts `json:"impacted"`
Cves Impacts `json:"cves"`
Vulnerabilities []Vulnerability `json:"vulnerabilities,omitempty"`
} `json:"functions,omitempty"`
Containers struct {
Impacted Impacts `json:"impacted"`
Cves Impacts `json:"cves"`
Vulnerabilities []Vulnerability `json:"vulnerabilities,omitempty"`
} `json:"containers,omitempty"`
}
type VulnerabilityResponses ¶
type VulnerabilityResponses []VulnerabilityResponse
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.