Documentation ¶
Index ¶
- Constants
- func CalculateResourceScore(issues scanner.IssueList) (float64, map[string]int)
- func CalculateScore(p, s int) float64
- func GetPodStatus(obj map[string]any) string
- func GetTopResultsFromMap(m map[string]int) map[string]int
- type ClusterDetail
- type ClusterTopology
- type FakeCoreV1
- type FakeNode
- type FakePod
- type GVKSummary
- type InsightManager
- func (i *InsightManager) Audit(ctx context.Context, resourceGroup entity.ResourceGroup, noCache bool) (scanner.ScanResult, error)
- func (i *InsightManager) ConvertGraphToMap(rg *topology.RelationshipGraph, resourceGroup *entity.ResourceGroup) map[string]ClusterTopology
- func (i *InsightManager) ConvertResourceGraphToMap(g graph.Graph[string, topology.ResourceGraphNode], ...) map[string]ResourceTopology
- func (i *InsightManager) CountByResourceGroup(ctx context.Context, client *multicluster.MultiClusterClient, ...) (map[string]int, error)
- func (i *InsightManager) CountResourcesByGVK(ctx context.Context, client *multicluster.MultiClusterClient, ...) (int, error)
- func (i *InsightManager) GetClusterEvents(ctx context.Context, client *multicluster.MultiClusterClient, ...) ([]unstructured.Unstructured, error)
- func (i *InsightManager) GetDetailsForCluster(ctx context.Context, client *multicluster.MultiClusterClient, name string) (*ClusterDetail, error)
- func (i *InsightManager) GetGVKEvents(ctx context.Context, client *multicluster.MultiClusterClient, ...) ([]unstructured.Unstructured, error)
- func (i *InsightManager) GetGVKSummary(ctx context.Context, client *multicluster.MultiClusterClient, ...) (*GVKSummary, error)
- func (i *InsightManager) GetNamespaceEvents(ctx context.Context, client *multicluster.MultiClusterClient, ...) ([]unstructured.Unstructured, error)
- func (i *InsightManager) GetNamespaceGVKEvents(ctx context.Context, client *multicluster.MultiClusterClient, ...) ([]unstructured.Unstructured, error)
- func (i *InsightManager) GetNamespaceSummary(ctx context.Context, client *multicluster.MultiClusterClient, ...) (*NamespaceSummary, error)
- func (i *InsightManager) GetResource(ctx context.Context, client *multicluster.MultiClusterClient, ...) (*unstructured.Unstructured, error)
- func (i *InsightManager) GetResourceEvents(ctx context.Context, client *multicluster.MultiClusterClient, ...) ([]unstructured.Unstructured, error)
- func (i *InsightManager) GetResourceGroupSummary(ctx context.Context, client *multicluster.MultiClusterClient, ...) (*ResourceGroupSummary, error)
- func (i *InsightManager) GetResourceRelationship(ctx context.Context, client *multicluster.MultiClusterClient, ...) (graph.Graph[string, topology.ResourceGraphNode], error)
- func (i *InsightManager) GetResourceSummary(ctx context.Context, client *multicluster.MultiClusterClient, ...) (*ResourceSummary, error)
- func (i *InsightManager) GetTopologyForCluster(ctx context.Context, client *multicluster.MultiClusterClient, name string, ...) (map[string]ClusterTopology, error)
- func (i *InsightManager) GetTopologyForClusterNamespace(ctx context.Context, client *multicluster.MultiClusterClient, ...) (map[string]ClusterTopology, error)
- func (i *InsightManager) GetTopologyForCustomResourceGroup(ctx context.Context, client *multicluster.MultiClusterClient, ...) (map[string]map[string]ClusterTopology, error)
- func (i *InsightManager) GetTopologyForCustomResourceGroupSingleCluster(ctx context.Context, client *multicluster.MultiClusterClient, ...) (map[string]ClusterTopology, error)
- func (i *InsightManager) GetTopologyForResource(ctx context.Context, client *multicluster.MultiClusterClient, ...) (map[string]ResourceTopology, error)
- func (i *InsightManager) GetYAMLForResource(ctx context.Context, client *multicluster.MultiClusterClient, ...) ([]byte, error)
- func (i *InsightManager) SanitizeSecret(original *unstructured.Unstructured) (*unstructured.Unstructured, error)
- func (i *InsightManager) Score(ctx context.Context, resourceGroup entity.ResourceGroup, noCache bool) (*ScoreData, error)
- func (i *InsightManager) Statistics(ctx context.Context) (*Statistics, error)
- type KeyValuePair
- type MetricPoint
- type NamespaceSummary
- type ResourceEvents
- type ResourceGroupSummary
- type ResourceMetrics
- type ResourceSummary
- type ResourceTopology
- type ScoreData
- type Statistics
Constants ¶
const ( PodStatusRunning = "Running" PodStatusTerminated = "Terminated" PodStatusUnknown = "Unknown" PodStatusWaiting = "Waiting" )
Variables ¶
This section is empty.
Functions ¶
func CalculateResourceScore ¶
CalculateResourceScore calculates the resource score and severity statistics based on the provided issues.
func CalculateScore ¶
CalculateScore calculates the score based on the number of issues and their severity sum (in the range of 1-5). P is the number of issues, and S is the sum of the severity (range 1-5) of the issue S will not be less than P.
Example: - When there is one high-level issue, P=1 and S=3. - When there are three high-level issues, P=3 and S=9. - When there are ten low-level issues, P=10 and S=10.
func GetPodStatus ¶
GetPodStatus returns the status of a pod
Types ¶
type ClusterDetail ¶
type ClusterDetail struct { NodeCount int `json:"nodeCount"` ServerVersion string `json:"serverVersion"` ReadyNodes int `json:"readyNodes"` NotReadyNodes int `json:"notReadyNodes"` MemoryCapacity int64 `json:"memoryCapacity"` MemoryUsage float64 `json:"memoryUsage"` CPUCapacity int64 `json:"cpuCapacity"` CPUUsage float64 `json:"cpuUsage"` PodsCapacity int64 `json:"podsCapacity"` PodsUsage int64 `json:"podsUsage"` MetricsEnabled bool `json:"metricsEnabled"` CPUMetrics ResourceMetrics `json:"cpuMetrics"` MemoryMetrics ResourceMetrics `json:"memoryMetrics"` }
type ClusterTopology ¶
type ClusterTopology struct { ResourceGroup entity.ResourceGroup `json:"resourceGroup"` Count int `json:"count"` Relationship map[string]string `json:"relationship"` }
type FakeCoreV1 ¶ added in v0.4.10
type FakeCoreV1 struct {
v1.CoreV1Interface
}
func (FakeCoreV1) Nodes ¶ added in v0.4.10
func (FakeCoreV1) Nodes() v1.NodeInterface
func (FakeCoreV1) Pods ¶ added in v0.5.8
func (FakeCoreV1) Pods(namespace string) v1.PodInterface
type FakeNode ¶ added in v0.4.10
type FakeNode struct {
v1.NodeInterface
}
type FakePod ¶ added in v0.5.8
type FakePod struct {
v1.PodInterface
}
type GVKSummary ¶
type GVKSummary struct { Cluster string `json:"cluster"` Group string `json:"group"` Version string `json:"version"` Kind string `json:"kind"` Count int `json:"count"` }
GVK-related
type InsightManager ¶
type InsightManager struct {
// contains filtered or unexported fields
}
func NewInsightManager ¶
func NewInsightManager( searchStorage storage.SearchStorage, resourceStorage storage.ResourceStorage, resourceGroupRuleStorage storage.ResourceGroupRuleStorage, genericConfig *genericapiserver.CompletedConfig, ) (*InsightManager, error)
NewInsightManager returns a new InsightManager object
func (*InsightManager) Audit ¶
func (i *InsightManager) Audit(ctx context.Context, resourceGroup entity.ResourceGroup, noCache bool) (scanner.ScanResult, error)
Audit performs the audit on Kubernetes manifests with the specified resourceGroup and returns the issues found during the audit.
func (*InsightManager) ConvertGraphToMap ¶
func (i *InsightManager) ConvertGraphToMap(rg *topology.RelationshipGraph, resourceGroup *entity.ResourceGroup) map[string]ClusterTopology
ConvertGraphToMap returns a map[string]ClusterTopology for a given relationship.RelationshipGraph
func (*InsightManager) ConvertResourceGraphToMap ¶
func (i *InsightManager) ConvertResourceGraphToMap(g graph.Graph[string, topology.ResourceGraphNode], resourceGroup entity.ResourceGroup) map[string]ResourceTopology
ConvertResourceGraphToMap converts a resource graph to a map of ResourceTopology based on the given graph and resourceGroup.
func (*InsightManager) CountByResourceGroup ¶
func (i *InsightManager) CountByResourceGroup(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup) (map[string]int, error)
CountResourcesByGVK returns a map from string to int
func (*InsightManager) CountResourcesByGVK ¶
func (i *InsightManager) CountResourcesByGVK(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup) (int, error)
CountResourcesByGVK returns an int that corresponds to the count of a resource GVK defined using entity.ResourceGroup
func (*InsightManager) GetClusterEvents ¶
func (i *InsightManager) GetClusterEvents( ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, ) ([]unstructured.Unstructured, error)
GetClusterEvents returns the complete list of events in a cluster
func (*InsightManager) GetDetailsForCluster ¶
func (i *InsightManager) GetDetailsForCluster(ctx context.Context, client *multicluster.MultiClusterClient, name string) (*ClusterDetail, error)
GetDetailsForCluster returns ClusterDetail object for a given cluster
func (*InsightManager) GetGVKEvents ¶
func (i *InsightManager) GetGVKEvents( ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, ) ([]unstructured.Unstructured, error)
GetGVKEvents returns the complete list of events for a GVK
func (*InsightManager) GetGVKSummary ¶
func (i *InsightManager) GetGVKSummary(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup) (*GVKSummary, error)
GetGVKSummary returns the unstructured cluster object summary for a given GVK. Possibly will add more metrics to it in the future.
func (*InsightManager) GetNamespaceEvents ¶
func (i *InsightManager) GetNamespaceEvents( ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, ) ([]unstructured.Unstructured, error)
GetNamespaceEvents returns the complete list of events in a namespace
func (*InsightManager) GetNamespaceGVKEvents ¶
func (i *InsightManager) GetNamespaceGVKEvents( ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, ) ([]unstructured.Unstructured, error)
GetNamespaceEvents returns the complete list of events in a namespace
func (*InsightManager) GetNamespaceSummary ¶
func (i *InsightManager) GetNamespaceSummary(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup) (*NamespaceSummary, error)
GetNamespaceSummary returns the unstructured cluster object summary for a given namespace. Possibly will add more metrics to it in the future.
func (*InsightManager) GetResource ¶
func (i *InsightManager) GetResource( ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, ) (*unstructured.Unstructured, error)
GetResource returns the unstructured cluster object for a given cluster.
func (*InsightManager) GetResourceEvents ¶
func (i *InsightManager) GetResourceEvents( ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, ) ([]unstructured.Unstructured, error)
GetResourceEvents returns the list of events specified by entity.ResourceGroup.
func (*InsightManager) GetResourceGroupSummary ¶
func (i *InsightManager) GetResourceGroupSummary(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup) (*ResourceGroupSummary, error)
GetResourceGroupSummary returns a summary of a resource group, including details about its resources and their distribution.
func (*InsightManager) GetResourceRelationship ¶
func (i *InsightManager) GetResourceRelationship(ctx context.Context, client *multicluster.MultiClusterClient, obj unstructured.Unstructured, relationshipGraph graph.Graph[string, topology.RelationshipGraphNode], resourceGraph graph.Graph[string, topology.ResourceGraphNode]) (graph.Graph[string, topology.ResourceGraphNode], error)
GetResourceRelationship returns a full graph that contains all the resources that are related to obj
func (*InsightManager) GetResourceSummary ¶
func (i *InsightManager) GetResourceSummary(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup) (*ResourceSummary, error)
GetResourceSummary returns the unstructured cluster object summary for a given cluster. Possibly will add more metrics to it in the future.
func (*InsightManager) GetTopologyForCluster ¶
func (i *InsightManager) GetTopologyForCluster(ctx context.Context, client *multicluster.MultiClusterClient, name string, noCache bool) (map[string]ClusterTopology, error)
GetTopologyForCluster returns a map that describes topology for a given cluster
func (*InsightManager) GetTopologyForClusterNamespace ¶
func (i *InsightManager) GetTopologyForClusterNamespace(ctx context.Context, client *multicluster.MultiClusterClient, cluster, namespace string, noCache bool) (map[string]ClusterTopology, error)
GetTopologyForClusterNamespace returns a map that describes topology for a given namespace in a given cluster
func (*InsightManager) GetTopologyForCustomResourceGroup ¶
func (i *InsightManager) GetTopologyForCustomResourceGroup(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, clusters []string, noCache bool) (map[string]map[string]ClusterTopology, error)
GetTopologyForCustomResourceGroup returns a map that describes topology for custom resource group
func (*InsightManager) GetTopologyForCustomResourceGroupSingleCluster ¶
func (i *InsightManager) GetTopologyForCustomResourceGroupSingleCluster(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, cluster string, noCache bool) (map[string]ClusterTopology, error)
GetTopologyForCustomResourceGroupSingleCluster returns a map that describes topology for single cluster custom resource group
func (*InsightManager) GetTopologyForResource ¶
func (i *InsightManager) GetTopologyForResource(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, noCache bool) (map[string]ResourceTopology, error)
GetTopologyForResource returns a map that describes topology for a given cluster
func (*InsightManager) GetYAMLForResource ¶
func (i *InsightManager) GetYAMLForResource( ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, ) ([]byte, error)
GetYAMLForResource returns the yaml byte array for a given cluster
func (*InsightManager) SanitizeSecret ¶
func (i *InsightManager) SanitizeSecret(original *unstructured.Unstructured) (*unstructured.Unstructured, error)
SanitizeSecret redact the data field in the secret object
func (*InsightManager) Score ¶
func (i *InsightManager) Score(ctx context.Context, resourceGroup entity.ResourceGroup, noCache bool) (*ScoreData, error)
Score calculates a score based on the severity and total number of issues identified during the audit. It aggregates statistics on different severity levels and generates a cumulative score.
func (*InsightManager) Statistics ¶
func (i *InsightManager) Statistics(ctx context.Context) (*Statistics, error)
Statistics is a method of the InsightManager struct which provides statistical information.
Parameters: - ctx (context.Context): The context object for managing the lifecycle of the request.
Returns: - *Statistics: A pointer to a Statistics struct containing the aggregated statistics. - error: An error if one occurred during the retrieval of statistics.
type KeyValuePair ¶
type KeyValuePair struct {
// contains filtered or unexported fields
}
type MetricPoint ¶ added in v0.5.8
type NamespaceSummary ¶
type NamespaceSummary struct { Cluster string `json:"cluster"` Namespace string `json:"namespace"` CountByGVK map[string]int `json:"countByGVK"` }
Namespace-related
type ResourceEvents ¶
type ResourceGroupSummary ¶
type ResourceGroupSummary struct { *entity.ResourceGroup CountByGVK map[string]int `json:"countByGVK"` }
ResourceGroup-related
type ResourceMetrics ¶ added in v0.5.8
type ResourceMetrics struct {
Points []MetricPoint `json:"points"`
}
type ResourceSummary ¶
type ResourceTopology ¶
type ResourceTopology struct { ResourceGroup entity.ResourceGroup `json:"resourceGroup"` Parents []string `json:"parents"` Children []string `json:"children"` }
type ScoreData ¶
type ScoreData struct { // Score represents the calculated score of the audited manifest based on // the number and severity of issues. It provides a quantitative measure // of the security posture of the resources in the manifest. Score float64 `json:"score"` // ResourceTotal is the count of unique resources audited during the scan. ResourceTotal int `json:"resourceTotal"` // IssuesTotal is the total count of all issues found during the audit. // This count can be used to understand the overall number of problems // that need to be addressed. IssuesTotal int `json:"issuesTotal"` // SeverityStatistic is a mapping of severity levels to their respective // number of occurrences. It allows for a quick overview of the distribution // of issues across different severity categories. SeverityStatistic map[string]int `json:"severityStatistic"` }
ScoreData encapsulates the results of scoring an audited manifest. It provides a numerical score along with statistics about the total number of issues and their severities.
type Statistics ¶
type Statistics struct { ClusterCount int `json:"clusterCount"` ResourceCount int `json:"resourceCount"` ResourceGroupRuleCount int `json:"resourceGroupRuleCount"` }
Global-related