cmd

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2026 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func StartCargoWall 

func StartCargoWall(cmd *StartCmd, hooks *StartHooks) error

Types

type CLI 

type CLI struct {
	Globals
	Start   StartCmd   `cmd:"" help:"Start the Cargowall eBPF firewall"`
	Summary SummaryCmd `cmd:"" help:"Generate audit summary correlating events with GitHub Actions steps"`
}

type ExecuteFn 

type ExecuteFn func(cmd *StartCmd, hooks *StartHooks) error

type GitHubActionsHandler 

type GitHubActionsHandler struct {
	// contains filtered or unexported fields
}

GitHubActionsHandler is a slog.Handler that formats logs for GitHub Actions. It uses GitHub's workflow commands for annotations: - ::debug::message - ::notice::message - ::warning::message - ::error::message

func NewGitHubActionsHandler 

func NewGitHubActionsHandler(debug bool) *GitHubActionsHandler

NewGitHubActionsHandler creates a new GitHub Actions compatible log handler.

func (*GitHubActionsHandler) Enabled 

func (h *GitHubActionsHandler) Enabled(_ context.Context, level slog.Level) bool

func (*GitHubActionsHandler) Handle 

func (h *GitHubActionsHandler) Handle(_ context.Context, r slog.Record) error

func (*GitHubActionsHandler) WithAttrs 

func (h *GitHubActionsHandler) WithAttrs(attrs []slog.Attr) slog.Handler

func (*GitHubActionsHandler) WithGroup 

func (h *GitHubActionsHandler) WithGroup(_ string) slog.Handler

type GitHubStep 

type GitHubStep struct {
	Name        string    `json:"name"`
	Number      int       `json:"number"`
	StartedAt   time.Time `json:"started_at"`
	CompletedAt time.Time `json:"completed_at"`
}

GitHubStep represents a step from the GitHub API

type Globals 

type Globals struct {
	Version VersionFlag `name:"version" help:"Print version information and quit"`
	Debug   bool        `name:"debug" help:"Enable debug mode"`
}

type StartCmd 

type StartCmd struct {
	Execute        ExecuteFn                   `kong:"-"`
	Logger         *slog.Logger                `kong:"-"`
	LoggerShutdown func(context.Context) error `kong:"-"`
	Version        string                      `kong:"-"` // Version passed from main
	Hooks          *StartHooks                 `kong:"-"`

	// Configuration
	Config    string `help:"Path to configuration file" default:"/etc/cargowall/config.json" env:"CARGOWALL_CONFIG"`
	Interface string `help:"Network interface to attach to (auto-detect if empty)" env:"CARGOWALL_INTERFACE"`

	Token  string `help:"codecargo token" env:"CODECARGO_AUTH_TOKEN"`
	ApiUrl string `help:"CodeCargo API URL to fetch policy from" name:"api-url" env:"CARGOWALL_API_URL"`
	JobKey string `help:"GitHub Actions job key for job-level policy resolution" name:"job-key" env:"CARGOWALL_JOB_KEY"`

	// Runtime options
	DisableDNSTracking bool   `help:"Disable DNS tracking and hostname resolution" default:"false"`
	DNSUpstream        string `help:"Upstream DNS server to forward queries to" required:"" env:"CARGOWALL_DNS_UPSTREAM"`

	// GitHub Actions mode
	GithubAction bool `help:"Run in GitHub Actions mode" default:"false" env:"CARGOWALL_GITHUB_ACTION"`

	// Sudo lockdown (GitHub Actions security hardening)
	SudoLockdown      bool   `help:"Enable sudo lockdown to prevent firewall bypass" default:"false" env:"CARGOWALL_SUDO_LOCKDOWN"`
	SudoAllowCommands string `` /* 174-byte string literal not displayed */

	// Audit mode and logging
	AuditMode bool   `help:"Monitor and log connections without blocking (audit only)" default:"false" env:"CARGOWALL_AUDIT_MODE"`
	AuditLog  string `help:"Path to write JSON audit log for step correlation" env:"CARGOWALL_AUDIT_LOG"`

	// Pre-existing connection handling
	AllowExistingConnections bool `` /* 157-byte string literal not displayed */
}

func (*StartCmd) AfterApply 

func (c *StartCmd) AfterApply() error

func (*StartCmd) Run 

func (c *StartCmd) Run(globals *Globals) error

type StartHooks 

type StartHooks struct {
	Ready      func() error
	LoadPolicy func(ctx context.Context, cmd *StartCmd) (*cargowallv1pb.CargoWallPolicy, events.StateMachineClient, func(), error)
	InitLogger func(ctx context.Context, version string, debug bool) (slog.Handler, func(context.Context) error, error)
}

type StepEvents 

type StepEvents struct {
	Step   GitHubStep
	Events []events.AuditEvent
}

StepEvents groups events by step

type SummaryCmd 

type SummaryCmd struct {
	AuditLog string `help:"Path to audit log JSON file" required:""`
	Steps    string `help:"JSON array of step timing from GitHub API" required:""`

	// API push flags (optional — skip API push if api-url is not set)
	ApiUrl        string `help:"CodeCargo API URL for pushing results" name:"api-url"`
	Token         string `help:"OIDC bearer token for API authentication"`
	JobName       string `help:"GitHub Actions job name" name:"job-name"`
	JobKey        string `help:"GitHub Actions job key (github.job)" name:"job-key"`
	Mode          string `help:"CargoWall mode (enforce/audit)"`
	DefaultAction string `help:"Default action type (allow/deny)" name:"default-action"`
	JobRunId      uint64 `help:"GitHub Actions job run ID" name:"job-run-id"`
	JobStatus     string `help:"GitHub Actions job status (success/failure/canceled/cancelled/timed_out)" name:"job-status"`
	// contains filtered or unexported fields
}

SummaryCmd generates a markdown summary correlating audit events with GitHub Actions steps

func (*SummaryCmd) Run 

func (c *SummaryCmd) Run() error

type VersionFlag 

type VersionFlag string

func (VersionFlag) BeforeApply 

func (v VersionFlag) BeforeApply(app *kong.Kong, vars kong.Vars) error

func (VersionFlag) Decode 

func (v VersionFlag) Decode(ctx *kong.DecodeContext) error

func (VersionFlag) IsBool 

func (v VersionFlag) IsBool() bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.