vuloperator

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 31, 2023 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Overview

Package vuloperator provides primitives for working with Vul-operator toolkit.

Index

Constants

View Source
const (
	KeyVulnerabilityScannerEnabled  = "vulnerabilityScannerEnabled"
	KeyExposedSecretsScannerEnabled = "exposedSecretsScannerEnabled"
	KeyGenerateSbom                 = "generateSbomEnabled"

	KeyVulnerabilityScansInSameNamespace = "vulnerabilityReports.scanJobsInSameNamespace"

	KeyScanJobcompressLogs       = "scanJob.compressLogs"
	KeyNodeCollectorVolumes      = "nodeCollector.volumes"
	KeyNodeCollectorExcludeNodes = "nodeCollector.excludeNodes"
	KeyNodeCollectorVolumeMounts = "nodeCollector.volumeMounts"

	KeyScanJobContainerSecurityContext = "scanJob.podTemplateContainerSecurityContext"

	KeyScanJobPodPriorityClassName = "scanJob.podPriorityClassName"

	KeyReportResourceLabels         = "report.resourceLabels"
	KeyReportRecordFailedChecksOnly = "report.recordFailedChecksOnly"
	KeyMetricsResourceLabelsPrefix  = "metrics.resourceLabelsPrefix"
	KeyVulServerURL                 = "vul.serverURL"
	KeyNodeCollectorImageRef        = "node.collector.imageRef"
	KeyNodeCollectorImagePullSecret = "node.collector.imagePullSecret"
	KeyAdditionalReportLabels       = "report.additionalLabels"
)
View Source
const (
	// NamespaceName the name of the namespace in which Vul-operator stores its
	// configuration and where it runs scan jobs.
	NamespaceName = "vul-operator"

	// ConfigMapName the name of the ConfigMap where Vul-operator stores its
	// configuration.
	ConfigMapName = "vul-operator"

	// SecretName the name of the secret where Vul-operator stores is sensitive
	// configuration.
	SecretName = "vul-operator"

	// PoliciesConfigMapName the name of the ConfigMap used to store OPA Rego
	// policies.
	PoliciesConfigMapName = "vul-operator-policies-config"
)
View Source
const (
	LabelResourceKind      = "vul-operator.resource.kind"
	LabelResourceName      = "vul-operator.resource.name"
	LabelResourceNameHash  = "vul-operator.resource.name-hash"
	LabelResourceNamespace = "vul-operator.resource.namespace"
	LabelContainerName     = "vul-operator.container.name"
	LabelResourceSpecHash  = "resource-spec-hash"
	LabelPluginConfigHash  = "plugin-config-hash"

	LabelVulnerabilityReportScanner = "vulnerabilityReport.scanner"
	LabelNodeInfoCollector          = "node-info.collector"

	LabelK8SAppManagedBy = "app.kubernetes.io/managed-by"
	AppVulOperator       = "vul-operator"
)
View Source
const (
	AnnotationContainerImages = "vul-operator.container-images"
)

Variables

This section is empty.

Functions

func GetPluginConfigMapName

func GetPluginConfigMapName(pluginName string) string

GetPluginConfigMapName returns the name of a ConfigMap used to configure a plugin with the given name. TODO Rename to GetPluginConfigObjectName as this method is used to determine the name of ConfigMaps and Secrets.

func GetVersionFromImageRef

func GetVersionFromImageRef(imageRef string) (string, error)

GetVersionFromImageRef returns the image identifier for the specified image reference.

func LinuxNodeAffinity

func LinuxNodeAffinity() *corev1.Affinity

LinuxNodeAffinity constructs a new Affinity resource with linux supported nodes.

func NewScheme

func NewScheme() *runtime.Scheme

Types

type BuildInfo

type BuildInfo struct {
	Version    string
	Commit     string
	Date       string
	Executable string
}

BuildInfo holds build info such as Git revision, Git SHA-1, build datetime, and the name of the executable binary.

type ConfigData

type ConfigData map[string]string

ConfigData holds Vul-operator configuration settings as a set of key-value pairs.

func GetDefaultConfig

func GetDefaultConfig() ConfigData

GetDefaultConfig returns the default configuration settings.

func (ConfigData) ComplianceFailEntriesLimit

func (c ConfigData) ComplianceFailEntriesLimit() int

func (ConfigData) CompressLogs

func (c ConfigData) CompressLogs() bool

CompressLogs returns if scan job output should be compressed

func (ConfigData) ExposedSecretsScannerEnabled

func (c ConfigData) ExposedSecretsScannerEnabled() bool

ExposedSecretsScannerEnabled returns if the vulnerability scanners is enabled/disablsed

func (ConfigData) GeVulServerURL

func (c ConfigData) GeVulServerURL() string

func (ConfigData) GenerateSbomEnabled

func (c ConfigData) GenerateSbomEnabled() bool

GenerateSbomEnabled returns if the sbom generation is enabled

func (ConfigData) GetAdditionalReportLabels

func (c ConfigData) GetAdditionalReportLabels() (labels.Set, error)

func (ConfigData) GetConfigAuditReportsScanner

func (c ConfigData) GetConfigAuditReportsScanner() (Scanner, error)

func (ConfigData) GetGetNodeCollectorVolumeMounts

func (c ConfigData) GetGetNodeCollectorVolumeMounts() ([]corev1.VolumeMount, error)

func (ConfigData) GetMetricsResourceLabelsPrefix

func (c ConfigData) GetMetricsResourceLabelsPrefix() string

func (ConfigData) GetNodeCollectorExcludeNodes

func (c ConfigData) GetNodeCollectorExcludeNodes() (map[string]string, error)

func (ConfigData) GetNodeCollectorImagePullsecret

func (c ConfigData) GetNodeCollectorImagePullsecret() []corev1.LocalObjectReference

func (ConfigData) GetNodeCollectorVolumes

func (c ConfigData) GetNodeCollectorVolumes() ([]corev1.Volume, error)

func (ConfigData) GetReportResourceLabels

func (c ConfigData) GetReportResourceLabels() []string

func (ConfigData) GetRequiredData

func (c ConfigData) GetRequiredData(key string) (string, error)

func (ConfigData) GetScanJobAnnotations

func (c ConfigData) GetScanJobAnnotations() (map[string]string, error)

func (ConfigData) GetScanJobAutomountServiceAccountToken

func (c ConfigData) GetScanJobAutomountServiceAccountToken() bool

func (ConfigData) GetScanJobContainerSecurityContext

func (c ConfigData) GetScanJobContainerSecurityContext() (*corev1.SecurityContext, error)

func (ConfigData) GetScanJobNodeSelector

func (c ConfigData) GetScanJobNodeSelector() (map[string]string, error)

func (ConfigData) GetScanJobPodPriorityClassName

func (c ConfigData) GetScanJobPodPriorityClassName() (string, error)

func (ConfigData) GetScanJobPodSecurityContext

func (c ConfigData) GetScanJobPodSecurityContext() (*corev1.PodSecurityContext, error)

func (ConfigData) GetScanJobPodTemplateLabels

func (c ConfigData) GetScanJobPodTemplateLabels() (labels.Set, error)

func (ConfigData) GetScanJobTolerations

func (c ConfigData) GetScanJobTolerations() ([]corev1.Toleration, error)

func (ConfigData) GetSkipResourceByLabels

func (c ConfigData) GetSkipResourceByLabels() []string

func (ConfigData) GetVulnerabilityReportsScanner

func (c ConfigData) GetVulnerabilityReportsScanner() (Scanner, error)

func (ConfigData) NodeCollectorImageRef

func (c ConfigData) NodeCollectorImageRef() string

func (ConfigData) ReportRecordFailedChecksOnly

func (c ConfigData) ReportRecordFailedChecksOnly() bool

func (ConfigData) Set

func (c ConfigData) Set(key, value string)

Set sets a key on config data

func (ConfigData) VulnerabilityScanJobsInSameNamespace

func (c ConfigData) VulnerabilityScanJobsInSameNamespace() bool

func (ConfigData) VulnerabilityScannerEnabled

func (c ConfigData) VulnerabilityScannerEnabled() bool

VulnerabilityScannerEnabled returns if the vulnerability scanners is enabled/disablsed

type ConfigManager

type ConfigManager interface {
	EnsureDefault(ctx context.Context) error
	Read(ctx context.Context) (ConfigData, error)
	Delete(ctx context.Context) error
}

ConfigManager defines methods for managing ConfigData.

func NewConfigManager

func NewConfigManager(client kubernetes.Interface, namespace string) ConfigManager

NewConfigManager constructs a new ConfigManager that is using kubernetes.Interface to manage ConfigData backed by the ConfigMap stored in the specified namespace.

type PluginConfig

type PluginConfig struct {
	Data       map[string]string
	SecretData map[string][]byte
}

PluginConfig holds plugin configuration settings.

func (PluginConfig) GetRequiredData

func (c PluginConfig) GetRequiredData(key string) (string, error)

type PluginContext

type PluginContext interface {
	// GetName returns the name of the plugin.
	GetName() string
	// GetConfig returns the PluginConfig object that holds configuration settings of the plugin.
	GetConfig() (PluginConfig, error)
	// EnsureConfig ensures the PluginConfig, typically when a plugin is initialized.
	EnsureConfig(config PluginConfig) error
	// GetNamespace return the name of the K8s Namespace where Vul-operator creates Jobs
	// and other helper objects.
	GetNamespace() string
	// GetServiceAccountName return the name of the K8s Service Account used to run workloads
	// created by Vul-operator.
	GetServiceAccountName() string
	// GetVulOperatorConfig returns vuloperator configuration.
	GetVulOperatorConfig() ConfigData
}

PluginContext is plugin's execution context within the Vul-operator toolkit. The context is used to grant access to other methods so that this plugin can interact with the toolkit.

type PluginContextBuilder

type PluginContextBuilder struct {
	// contains filtered or unexported fields
}

func NewPluginContext

func NewPluginContext() *PluginContextBuilder

func (*PluginContextBuilder) Get

func (*PluginContextBuilder) WithClient

func (*PluginContextBuilder) WithName

func (*PluginContextBuilder) WithNamespace

func (b *PluginContextBuilder) WithNamespace(namespace string) *PluginContextBuilder

func (*PluginContextBuilder) WithServiceAccountName

func (b *PluginContextBuilder) WithServiceAccountName(name string) *PluginContextBuilder

func (*PluginContextBuilder) WithVulOperatorConfig

func (b *PluginContextBuilder) WithVulOperatorConfig(config ConfigData) *PluginContextBuilder

type Scanner

type Scanner string

Scanner represents unique, human-readable identifier of a security scanner.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL