compliance

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 23, 2020 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package compliance defines common interfaces and types for Compliance Agent

Index

Constants

View Source 
const (
	// KindInvalid is set in case resource is invalid
	KindInvalid = ResourceKind("invalid")
	// KindFile is used for a file resource
	KindFile = ResourceKind("file")
	// KindProcess is used for a Process resource
	KindProcess = ResourceKind("process")
	// KindGroup is used for a Group resource
	KindGroup = ResourceKind("group")
	// KindCommand is used for a Command resource
	KindCommand = ResourceKind("command")
	// KindDocker is used for a DockerResource resource
	KindDocker = ResourceKind("docker")
	// KindAudit is used for an Audit resource
	KindAudit = ResourceKind("audit")
	// KindKubernetes is used for a KubernetesResource
	KindKubernetes = ResourceKind("kubernetes")
)
View Source 
const (
	// DockerScope const
	DockerScope string = "docker"
	// KubernetesNodeScope const
	KubernetesNodeScope string = "kubernetesNode"
	// KubernetesClusterScope const
	KubernetesClusterScope string = "kubernetesCluster"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Audit 

type Audit struct {
	Path string `yaml:"path"`
}

Audit describes an audited file resource

func (*Audit) Validate 

func (a *Audit) Validate() error

Validate validates audit resource

type BinaryCmd 

type BinaryCmd struct {
	Name string   `yaml:"name"`
	Args []string `yaml:"args,omitempty"`
}

BinaryCmd describes a command in form of a name + args

func (*BinaryCmd) String 

func (c *BinaryCmd) String() string

type CheckVisitor 

type CheckVisitor func(check.Check) error

CheckVisitor defines a visitor func for compliance checks

type Command 

type Command struct {
	BinaryCmd      *BinaryCmd `yaml:"binary,omitempty"`
	ShellCmd       *ShellCmd  `yaml:"shell,omitempty"`
	TimeoutSeconds int        `yaml:"timeout,omitempty"`
}

Command describes a command resource usually reporting exit code or output

func (*Command) String 

func (c *Command) String() string

type DockerResource 

type DockerResource struct {
	Kind string `yaml:"kind"`
}

DockerResource describes a resource from docker daemon

type File 

type File struct {
	Path string `yaml:"path"`
}

File describes a file resource

type Group 

type Group struct {
	Name string `yaml:"name"`
}

Group describes a group membership resource

type HostSelector 

type HostSelector struct {
	KubernetesNodeLabels []KubeNodeSelector `yaml:"kubernetesRole,omitempty"`
	KubernetesNodeRole   string             `yaml:"kubernetesNodeRole,omitempty"`
}

HostSelector allows to activate/deactivate dynamically based on host properties

type KubeNodeSelector 

type KubeNodeSelector struct {
	Label string `yaml:"label,omitempty"`
	Value string `yaml:"value,omitempty"`
}

KubeNodeSelector defines selector for a Kubernetes node

type KubernetesAPIRequest 

type KubernetesAPIRequest struct {
	Verb         string `yaml:"verb"`
	ResourceName string `yaml:"resourceName,omitempty"`
}

KubernetesAPIRequest defines it check applies to a single object or a list

type KubernetesResource 

type KubernetesResource struct {
	Kind      string `yaml:"kind"`
	Version   string `yaml:"version,omitempty"`
	Group     string `yaml:"group"`
	Namespace string `yaml:"namespace,omitempty"`

	// A selector to restrict the list of returned objects by their labels.
	// Defaults to everything.
	LabelSelector string `yaml:"labelSelector,omitempty"`
	// A selector to restrict the list of returned objects by their fields.
	// Defaults to everything.
	FieldSelector string `yaml:"fieldSelector,omitempty"`

	APIRequest KubernetesAPIRequest `yaml:"apiRequest"`
}

KubernetesResource describes any object in Kubernetes (incl. CRDs)

func (*KubernetesResource) String 

func (kr *KubernetesResource) String() string

String returns human-friendly information string about the KubernetesResource

type Process 

type Process struct {
	Name string `yaml:"name"`
}

Process describes a process resource

type Resource 

type Resource struct {
	File          *File               `yaml:"file,omitempty"`
	Process       *Process            `yaml:"process,omitempty"`
	Group         *Group              `yaml:"group,omitempty"`
	Command       *Command            `yaml:"command,omitempty"`
	Audit         *Audit              `yaml:"audit,omitempty"`
	Docker        *DockerResource     `yaml:"docker,omitempty"`
	KubeApiserver *KubernetesResource `yaml:"kubeApiserver,omitempty"`
	Condition     string              `yaml:"condition"`
}

Resource describes supported resource types observed by a Rule

func (*Resource) Kind 

func (r *Resource) Kind() ResourceKind

Kind returns ResourceKind of the resource

type ResourceKind 

type ResourceKind string

ResourceKind represents resource kind

type Rule 

type Rule struct {
	ID           string        `yaml:"id"`
	Scope        Scope         `yaml:"scope"`
	HostSelector *HostSelector `yaml:"hostSelector,omitempty"`
	Resources    []Resource    `yaml:"resources,omitempty"`
}

Rule defines a rule in a compliance config

type Scope 

type Scope struct {
	Docker            bool `yaml:"docker,omitempty"`
	KubernetesNode    bool `yaml:"kubernetesNode,omitempty"`
	KubernetesCluster bool `yaml:"kubernetesCluster,omitempty"`
}

Scope defines when a rule can be run based on observed properties of the environment

type ShellCmd 

type ShellCmd struct {
	Run   string     `yaml:"run"`
	Shell *BinaryCmd `yaml:"shell,omitempty"`
}

ShellCmd describes a command to be run through a shell

func (*ShellCmd) String 

func (c *ShellCmd) String() string

type Suite 

type Suite struct {
	Meta  SuiteMeta `yaml:",inline"`
	Rules []Rule    `yaml:"rules,omitempty"`
}

Suite represents a set of compliance checks reporting events

func ParseSuite 

func ParseSuite(config string) (*Suite, error)

ParseSuite loads a single compliance suite

type SuiteMeta 

type SuiteMeta struct {
	Name      string   `yaml:"name,omitempty"`
	Framework string   `yaml:"framework,omitempty"`
	Version   string   `yaml:"version,omitempty"`
	Tags      []string `yaml:"tags,omitempty"`
}

SuiteMeta contains metadata for a compliance suite

Source Files

View all Source files

Directories

Path Synopsis
Package agent implements the Compliance Agent entrypoint
 Package agent implements the Compliance Agent entrypoint
Package checks implements Compliance Agent checks
 Package checks implements Compliance Agent checks
env

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.