Copyright © 2020 Red Hat Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.



View Source
const (
	OPENSCAP = iota


This section is empty.


func AnyMcfgPoolLabelMatches

func AnyMcfgPoolLabelMatches(nodeSelector map[string]string, poolList *mcfgv1.MachineConfigPoolList) bool

AnyMcfgPoolLabelMatches verifies if the given nodeSelector matches the nodeSelector in any of the given MachineConfigPools

func ComplianceOperatorRootCA

func ComplianceOperatorRootCA(certname string, expire int) ([]byte, []byte, error)

func DNSLengthName

func DNSLengthName(hashPrefix string, format string, a ...interface{}) string

func FindNewestPod

func FindNewestPod(pods []corev1.Pod) *corev1.Pod

FindNewestPod finds the newest pod in the given set

func GetComponentImage

func GetComponentImage(component ComplianceComponent) string

GetComponentImage returns a full image pull spec for a given component based on the component type

func GetFirstNodeRole

func GetFirstNodeRole(nodeSelector map[string]string) string

func GetFirstNodeRoleLabel

func GetFirstNodeRoleLabel(nodeSelector map[string]string) string

func GetNodeRoleSelector

func GetNodeRoleSelector(role string) map[string]string

func GetResultConfigMap

func GetResultConfigMap(owner metav1.Object, configMapName, filename, nodeName string, contents io.Reader, compressed bool, exitcode string, warnings string) *corev1.ConfigMap

GetResultConfigMap gets a configmap that reflects a result or an error for a scan

func HaveOutdatedRemediations

func HaveOutdatedRemediations(client runtimeclient.Client) (error, bool)

func IsMachineConfig

func IsMachineConfig(obj *unstructured.Unstructured) bool

IsMachineConfig checks if the specified object is a MachineConfig object

func LengthName

func LengthName(maxLen int, hashPrefix string, format string, a ...interface{}) (string, error)

LengthName creates a string of maximum defined length.

func McfgPoolLabelMatches

func McfgPoolLabelMatches(nodeSelector map[string]string, pool *mcfgv1.MachineConfigPool) bool

McfgPoolLabelMatches verifies if the given nodeSelector matches the given MachineConfigPool's nodeSelector

func NewClientCert

func NewClientCert(caCert, caKey []byte, certname string, expire int) ([]byte, []byte, error)

func NewServerCert

func NewServerCert(caCert, caKey []byte, certname string, expire int) ([]byte, []byte, error)

func ParseMachineConfig

ParseMachineConfig parses a Machineconfig object from an unstructured object for a specific remediation.


type ComplianceComponent

type ComplianceComponent uint

type Directory

type Directory struct {
	CreationTime time.Time
	Path         string

Directory is a holding struct used to sort directories by time

func NewDirectory

func NewDirectory(path string, info os.FileInfo) Directory

type ParseResult

type ParseResult struct {
	Id          string
	CheckResult *compv1alpha1.ComplianceCheckResult
	Remediation *compv1alpha1.ComplianceRemediation

func ParseResultsFromContentAndXccdf

func ParseResultsFromContentAndXccdf(scheme *runtime.Scheme, scanName string, namespace string,
	dsDom *XMLDocument, resultsReader io.Reader) ([]*ParseResult, error)

type ParseResultContext

type ParseResultContext struct {

	// contains filtered or unexported fields


ParseResultContext keeps track of items that are consistent across all "sources" in a ComplianceScan as well as items that are inconsistent

func NewParseResultContext

func NewParseResultContext() *ParseResultContext

func (*ParseResultContext) AddResults

func (prCtx *ParseResultContext) AddResults(source string, parsedResList []*ParseResult)

ParseResultContext.AddResults adds a batch of results coming from the parser and partitions them into either the consistent or the inconsistent list

func (*ParseResultContext) GetConsistentResults

func (prCtx *ParseResultContext) GetConsistentResults() []*ParseResultContextItem

type ParseResultContextItem

type ParseResultContextItem struct {

	Annotations map[string]string
	Labels      map[string]string

	// contains filtered or unexported fields


ParseResultContextItem wraps ParseResult with some metadata that need to be added to the created k8s object based on the processing result as well as which nodes the result comes from and whether it's been processed during a single loop that processes a single CM yet or not. The sources are used to keep track of which nodes differ from the "canonical" state of the check

type XMLDocument

type XMLDocument struct {

XMLDocument is a wrapper that keeps the interface XML-parser-agnostic

func ParseContent

func ParseContent(dsReader io.Reader) (*XMLDocument, error)

ParseContent parses the DataStream and returns the XML document