Documentation ¶
Index ¶
- Constants
- Variables
- func CollectResources(ctx context.Context, rsrcHandler IResourceHandler, ...) error
- func ConvertMapListToMeta(resourceMap []map[string]interface{}) []workloadinterface.IMetadata
- func ScanRepository(command string, branchOptional string) ([]string, error)
- type EmptySelector
- type ExcludeSelector
- type FileResourceHandler
- type GitHubRepository
- type IFieldSelector
- type IRepository
- type IResourceHandler
- type IncludeSelector
- type K8sResourceHandler
- type QueryableResource
- type QueryableResources
Constants ¶
View Source
const ( FieldSelectorsSeparator = "," FieldSelectorsEqualsOperator = "==" FieldSelectorsNotEqualsOperator = "!=" )
Variables ¶
View Source
var ( ClusterDescribe = "ClusterDescribe" DescribeRepositories = "DescribeRepositories" ListEntitiesForPolicies = "ListEntitiesForPolicies" KubeletConfiguration = "KubeletConfiguration" OsReleaseFile = "OsReleaseFile" KernelVersion = "KernelVersion" LinuxSecurityHardeningStatus = "LinuxSecurityHardeningStatus" OpenPortsList = "OpenPortsList" LinuxKernelVariables = "LinuxKernelVariables" KubeletCommandLine = "KubeletCommandLine" ImageVulnerabilities = "ImageVulnerabilities" KubeletInfo = "KubeletInfo" KubeProxyInfo = "KubeProxyInfo" ControlPlaneInfo = "ControlPlaneInfo" CloudProviderInfo = "CloudProviderInfo" CNIInfo = "CNIInfo" MapResourceToApiGroup = map[string]string{ KubeletConfiguration: "hostdata.kubescape.cloud/v1beta0", OsReleaseFile: "hostdata.kubescape.cloud/v1beta0", KubeletCommandLine: "hostdata.kubescape.cloud/v1beta0", KernelVersion: "hostdata.kubescape.cloud/v1beta0", LinuxSecurityHardeningStatus: "hostdata.kubescape.cloud/v1beta0", OpenPortsList: "hostdata.kubescape.cloud/v1beta0", LinuxKernelVariables: "hostdata.kubescape.cloud/v1beta0", KubeletInfo: "hostdata.kubescape.cloud/v1beta0", KubeProxyInfo: "hostdata.kubescape.cloud/v1beta0", ControlPlaneInfo: "hostdata.kubescape.cloud/v1beta0", CloudProviderInfo: "hostdata.kubescape.cloud/v1beta0", CNIInfo: "hostdata.kubescape.cloud/v1beta0", } MapResourceToApiGroupVuln = map[string][]string{ ImageVulnerabilities: {"armo.vuln.images/v1", "image.vulnscan.com/v1"}} MapResourceToApiGroupCloud = map[string][]string{ ClusterDescribe: {"container.googleapis.com/v1", "eks.amazonaws.com/v1", "management.azure.com/v1"}, DescribeRepositories: {"eks.amazonaws.com/v1"}, ListEntitiesForPolicies: {"eks.amazonaws.com/v1"}, } )
Functions ¶
func CollectResources ¶ added in v2.3.8
func CollectResources(ctx context.Context, rsrcHandler IResourceHandler, policyIdentifier []cautils.PolicyIdentifier, opaSessionObj *cautils.OPASessionObj, progressListener opaprocessor.IJobProgressNotificationClient, scanInfo *cautils.ScanInfo) error
func ConvertMapListToMeta ¶
func ConvertMapListToMeta(resourceMap []map[string]interface{}) []workloadinterface.IMetadata
Types ¶
type EmptySelector ¶
type EmptySelector struct { }
func (*EmptySelector) GetClusterScope ¶
func (es *EmptySelector) GetClusterScope(*schema.GroupVersionResource) bool
func (*EmptySelector) GetNamespacesSelectors ¶
func (es *EmptySelector) GetNamespacesSelectors(resource *schema.GroupVersionResource) []string
type ExcludeSelector ¶
type ExcludeSelector struct {
// contains filtered or unexported fields
}
func NewExcludeSelector ¶
func NewExcludeSelector(ns string) *ExcludeSelector
func (*ExcludeSelector) GetClusterScope ¶
func (es *ExcludeSelector) GetClusterScope(resource *schema.GroupVersionResource) bool
func (*ExcludeSelector) GetNamespacesSelectors ¶
func (es *ExcludeSelector) GetNamespacesSelectors(resource *schema.GroupVersionResource) []string
type FileResourceHandler ¶
type FileResourceHandler struct{}
FileResourceHandler handle resources from files and URLs
func NewFileResourceHandler ¶
func NewFileResourceHandler() *FileResourceHandler
func (*FileResourceHandler) GetClusterAPIServerInfo ¶
func (fileHandler *FileResourceHandler) GetClusterAPIServerInfo(_ context.Context) *version.Info
func (*FileResourceHandler) GetResources ¶
func (fileHandler *FileResourceHandler) GetResources(ctx context.Context, sessionObj *cautils.OPASessionObj, progressListener opaprocessor.IJobProgressNotificationClient, scanInfo *cautils.ScanInfo) (cautils.K8SResources, map[string]workloadinterface.IMetadata, cautils.ExternalResources, map[string]bool, error)
type GitHubRepository ¶
type GitHubRepository struct {
// contains filtered or unexported fields
}
func NewGitHubRepository ¶
func NewGitHubRepository() *GitHubRepository
type IFieldSelector ¶
type IFieldSelector interface { GetNamespacesSelectors(*schema.GroupVersionResource) []string GetClusterScope(*schema.GroupVersionResource) bool }
type IRepository ¶
type IRepository interface {
// contains filtered or unexported methods
}
type IResourceHandler ¶
type IResourceHandler interface { GetResources(context.Context, *cautils.OPASessionObj, opaprocessor.IJobProgressNotificationClient, *cautils.ScanInfo) (cautils.K8SResources, map[string]workloadinterface.IMetadata, cautils.ExternalResources, map[string]bool, error) GetClusterAPIServerInfo(ctx context.Context) *version.Info }
type IncludeSelector ¶
type IncludeSelector struct {
// contains filtered or unexported fields
}
func NewIncludeSelector ¶
func NewIncludeSelector(ns string) *IncludeSelector
func (*IncludeSelector) GetClusterScope ¶
func (is *IncludeSelector) GetClusterScope(resource *schema.GroupVersionResource) bool
func (*IncludeSelector) GetNamespacesSelectors ¶
func (is *IncludeSelector) GetNamespacesSelectors(resource *schema.GroupVersionResource) []string
type K8sResourceHandler ¶
type K8sResourceHandler struct {
// contains filtered or unexported fields
}
func NewK8sResourceHandler ¶
func NewK8sResourceHandler(k8s *k8sinterface.KubernetesApi, hostSensorHandler hostsensorutils.IHostSensor, rbacObjects *cautils.RBACObjects, clusterName string) *K8sResourceHandler
func (*K8sResourceHandler) GetClusterAPIServerInfo ¶
func (k8sHandler *K8sResourceHandler) GetClusterAPIServerInfo(ctx context.Context) *version.Info
func (*K8sResourceHandler) GetResources ¶
func (k8sHandler *K8sResourceHandler) GetResources(ctx context.Context, sessionObj *cautils.OPASessionObj, progressListener opaprocessor.IJobProgressNotificationClient, scanInfo *cautils.ScanInfo) (cautils.K8SResources, map[string]workloadinterface.IMetadata, cautils.ExternalResources, map[string]bool, error)
type QueryableResource ¶ added in v2.9.0
type QueryableResource struct { // <api group/api version/resource> GroupVersionResourceTriplet string // metadata.name==<resource name>, metadata.namespace==<resource namespace> etc. FieldSelectors string }
QueryableResource is a struct that holds a representation of a resource we would like to query (from the K8S API, or from other sources)
func (*QueryableResource) AddFieldSelector ¶ added in v2.9.0
func (qr *QueryableResource) AddFieldSelector(fieldSelector string)
func (*QueryableResource) Copy ¶ added in v2.9.0
func (qr *QueryableResource) Copy() QueryableResource
func (*QueryableResource) String ¶ added in v2.9.0
func (qr *QueryableResource) String() string
type QueryableResources ¶ added in v2.9.0
type QueryableResources map[string]QueryableResource
func (QueryableResources) Add ¶ added in v2.9.0
func (qrm QueryableResources) Add(qr QueryableResource)
func (QueryableResources) ToK8sResourceMap ¶ added in v2.9.0
func (qrm QueryableResources) ToK8sResourceMap() cautils.K8SResources
Click to show internal directories.
Click to hide internal directories.