The highest tagged major version is
Documentation
¶
Index ¶
- Constants
- Variables
- func FindAllTables(root string) ([]string, error)
- func FindAllTestCases(root string) ([]string, error)
- func GenerateExecutionResultFile(result *ExecutionResult, outputDir string) diag.Diagnostics
- func OpenAndParse(filePath string) ([][]string, error)
- func Prune(ctx context.Context, sta *state.Client, pruneBefore time.Time) diag.Diagnostics
- func RestoreSnapshot(ctx context.Context, conn LowLevelQueryExecer, log hclog.Logger, source string) error
- func Snapshot(ctx context.Context, sta *state.Client, storage database.Storage, ...) error
- func StoreOutput(ctx context.Context, e *Executor, pol *Policy, destination string) (err error)
- func StoreSnapshot(ctx context.Context, e *Executor, outputPath string, tables []string) error
- func Validate(ctx context.Context, storage database.Storage, req *ValidateRequest) diag.Diagnostics
- type Analytic
- type Check
- type Configuration
- type ExecuteRequest
- type ExecutionResult
- type Executor
- type LowLevelQueryExecer
- type Meta
- type Policies
- type Policy
- func (p Policy) Analytic(dbPersistence bool) Analytic
- func (p Policy) Filter(path string) Policy
- func (p Policy) HasChecks() bool
- func (p Policy) HasMeta() bool
- func (p Policy) Sha256Hash() string
- func (p Policy) SourceType() string
- func (p Policy) String() string
- func (p Policy) SubPolicy() string
- func (p *Policy) Test(ctx context.Context, e *Executor, _, snapshotDirectory, tempDirectory string) error
- func (p Policy) TotalQueries() int
- func (p Policy) Version() string
- type Provider
- type QueryResult
- type QueryType
- type Row
- type Rows
- type RunRequest
- type RunResponse
- type Update
- type UpdateCallback
- type ValidateRequest
- type View
Constants ¶
View Source
const (
CloudQueryOrg = "cloudquery-policies"
)
Variables ¶
View Source
var ErrPolicyOrQueryNotFound = errors.New("selected policy/query not found")
Functions ¶
func FindAllTables ¶ added in v0.21.0
func FindAllTestCases ¶ added in v0.21.0
func GenerateExecutionResultFile ¶ added in v0.16.0
func GenerateExecutionResultFile(result *ExecutionResult, outputDir string) diag.Diagnostics
func OpenAndParse ¶ added in v0.21.0
func RestoreSnapshot ¶ added in v0.21.0
func RestoreSnapshot(ctx context.Context, conn LowLevelQueryExecer, log hclog.Logger, source string) error
func StoreOutput ¶ added in v0.21.0
func StoreSnapshot ¶ added in v0.21.0
func Validate ¶ added in v0.23.3
func Validate(ctx context.Context, storage database.Storage, req *ValidateRequest) diag.Diagnostics
Types ¶
type Analytic ¶ added in v0.24.11
type Analytic struct {
// Whether policy will persist in database
Persistence bool
// Name of the policy
Name string
// Type of the policy i.e S3/Hub/Git
Type string
// The selector used for the policy
Selector string
// Whether policy is private
Private bool
}
func (Analytic) Properties ¶ added in v0.24.11
type Configuration ¶ added in v0.16.0
type Configuration struct {
Providers []*Provider `hcl:"provider,block"`
}
type ExecuteRequest ¶
type ExecuteRequest struct {
// Policy is the policy that should be executed.
Policy *Policy
// StopOnFailure if true policy execution will stop on first failure
StopOnFailure bool
// UpdateCallback is the console ui update callback
UpdateCallback UpdateCallback
// PolicyExecution represents the current policy execution
PolicyExecution *state.PolicyExecution
// DBPersistence defines weather or not to store run results
DBPersistence bool
}
ExecuteRequest is a request that triggers policy execution.
type ExecutionResult ¶
type ExecutionResult struct {
// PolicyName is the running policy name
PolicyName string
// ExecutionTime is when the policy has been started
ExecutionTime time.Time
// True if all policies have passed
Passed bool
// List of all query result sets
Results []*QueryResult
// Error is the reason the execution failed
Error string
}
ExecutionResult contains all policy execution results.
type Executor ¶
type Executor struct {
PolicyPath []string
// contains filtered or unexported fields
}
Executor implements the execution framework.
func NewExecutor ¶
func NewExecutor(conn LowLevelQueryExecer, sta *state.Client, progressUpdate UpdateCallback) *Executor
NewExecutor creates a new executor.
func (*Executor) Execute ¶ added in v0.19.0
func (e *Executor) Execute(ctx context.Context, req *ExecuteRequest, policy *Policy, identifiers []string) (*ExecutionResult, diag.Diagnostics)
Execute executes given policy and the related sub queries/views.
type LowLevelQueryExecer ¶ added in v0.21.0
type LowLevelQueryExecer interface {
execution.Copier
execution.QueryExecer
}
type Meta ¶ added in v0.19.0
type Policy ¶
type Policy struct {
// Name of the policy
Name string `hcl:"name,label"`
// Short human-readable title about the policy
Title string `hcl:"title,optional"`
// Full documentation about the policy, this will be shown in the hub
Doc string `hcl:"doc,optional"`
Config *Configuration `hcl:"configuration,block"`
Policies Policies `hcl:"policy,block"`
Checks []*Check `hcl:"check,block"`
Views []*View `hcl:"view,block"`
// Link to policy in filesystem/hub/git etc' to use, if source flag is set, all other attributes aren't allowed.
Source string `hcl:"source,optional"`
// List of identifiers that all checks and sub-policies must have, unless sub-policy overrides.
Identifiers []string
// contains filtered or unexported fields
}
func DecodePolicyBlock ¶ added in v0.19.0
func DecodePolicyBlock(b *hcl.Block, ctx *hcl.EvalContext) (*Policy, hcl.Diagnostics)
func DetectPolicy ¶ added in v0.19.0
func (Policy) Sha256Hash ¶ added in v0.24.1
func (Policy) SourceType ¶ added in v0.24.1
func (Policy) TotalQueries ¶ added in v0.19.0
type QueryResult ¶
type QueryResult struct {
Name string `json:"name"`
Description string `json:"description"`
QueryColumns []string `json:"-"`
Columns []string `json:"result_header"`
Rows Rows `json:"result_rows"`
Type QueryType `json:"type"`
Passed bool `json:"check_passed"`
}
QueryResult contains the result information from an executed query.
type Row ¶ added in v0.23.3
type Row struct {
// AdditionalData is any extra information that was returned from the result set
AdditionalData map[string]interface{} `json:"additional_data,omitempty"`
// Identifiers is a map of identifiers as defined by the policy
Identifiers map[string]interface{} `json:"identifiers,omitempty"`
// Reason is a user readable explanation returned by the query, or interpolated from check defined reason.
Reason string `json:"reason,omitempty"`
// Status is user defined status of the row i.e OK, ALERT etc'
Status string `json:"status,omitempty"`
}
type RunRequest ¶ added in v0.23.0
type RunRequest struct {
// Policies to run
Policies Policies
// Directory to load / save policies to
Directory string
// OutputDir is the output dir for policy execution output.
OutputDir string
// RunCallback is the callback method that is called after every policy execution.
RunCallback UpdateCallback
// DBPersistence defines weather or not to store run results
DBPersistence bool
}
RunRequest is the request used to run one or more policy.
type RunResponse ¶ added in v0.23.0
type RunResponse struct {
Policies Policies
Executions []*ExecutionResult
}
func Run ¶ added in v0.23.0
func Run(ctx context.Context, sta *state.Client, storage database.Storage, req *RunRequest) (*RunResponse, diag.Diagnostics)
type Update ¶ added in v0.16.0
type Update struct {
// PolicyID is the name of the policy that is being updated.
PolicyName string
// Version is the policy version.
Version string
// Source policy was fetched from
Source string
// FinishedQueries is the number queries that have finished evaluating
FinishedQueries int
// QueriesCount is the amount of queries collected so far
QueriesCount int
// Error if any returned by the provider
Error string
}
type UpdateCallback ¶ added in v0.16.0
type UpdateCallback func(update Update)
type ValidateRequest ¶ added in v0.23.3
Source Files
Click to show internal directories.
Click to hide internal directories.