insight

package
v0.5.9-alpha.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source
const (
	PodStatusRunning    = "Running"
	PodStatusTerminated = "Terminated"
	PodStatusUnknown    = "Unknown"
	PodStatusWaiting    = "Waiting"
)

Variables

This section is empty.

Functions

func CalculateResourceScore

func CalculateResourceScore(issues scanner.IssueList) (float64, map[string]int)

CalculateResourceScore calculates the resource score and severity statistics based on the provided issues.

func CalculateScore

func CalculateScore(p, s int) float64

CalculateScore calculates the score based on the number of issues and their severity sum (in the range of 1-5). P is the number of issues, and S is the sum of the severity (range 1-5) of the issue S will not be less than P.

Example: - When there is one high-level issue, P=1 and S=3. - When there are three high-level issues, P=3 and S=9. - When there are ten low-level issues, P=10 and S=10.

func GetPodStatus

func GetPodStatus(obj map[string]any) string

GetPodStatus returns the status of a pod

func GetTopResultsFromMap

func GetTopResultsFromMap(m map[string]int) map[string]int

GetTopResultsFromMap returns the top 5 results from the map sorted by value If map does not have 5 elements, return the full map

Types

type ClusterDetail

type ClusterDetail struct {
	NodeCount     int    `json:"nodeCount"`
	ServerVersion string `json:"serverVersion"`
	ReadyNodes    int    `json:"readyNodes"`
	NotReadyNodes int    `json:"notReadyNodes"`

	MemoryCapacity int64   `json:"memoryCapacity"`
	MemoryUsage    float64 `json:"memoryUsage"`
	CPUCapacity    int64   `json:"cpuCapacity"`
	CPUUsage       float64 `json:"cpuUsage"`
	PodsCapacity   int64   `json:"podsCapacity"`
	PodsUsage      int64   `json:"podsUsage"`

	MetricsEnabled bool `json:"metricsEnabled"`

	CPUMetrics    ResourceMetrics `json:"cpuMetrics"`
	MemoryMetrics ResourceMetrics `json:"memoryMetrics"`
}

type ClusterTopology

type ClusterTopology struct {
	ResourceGroup entity.ResourceGroup `json:"resourceGroup"`
	Count         int                  `json:"count"`
	Relationship  map[string]string    `json:"relationship"`
}

type FakeCoreV1 added in v0.4.10

type FakeCoreV1 struct {
	v1.CoreV1Interface
}

func (FakeCoreV1) Nodes added in v0.4.10

func (FakeCoreV1) Nodes() v1.NodeInterface

func (FakeCoreV1) Pods added in v0.5.8

func (FakeCoreV1) Pods(namespace string) v1.PodInterface

type FakeNode added in v0.4.10

type FakeNode struct {
	v1.NodeInterface
}

func (*FakeNode) List added in v0.4.10

func (f *FakeNode) List(ctx context.Context, opts metav1.ListOptions) (*coreV1.NodeList, error)

type FakePod added in v0.5.8

type FakePod struct {
	v1.PodInterface
}

func (*FakePod) List added in v0.5.8

func (f *FakePod) List(ctx context.Context, opts metav1.ListOptions) (*coreV1.PodList, error)

type GVKSummary

type GVKSummary struct {
	Cluster string `json:"cluster"`
	Group   string `json:"group"`
	Version string `json:"version"`
	Kind    string `json:"kind"`
	Count   int    `json:"count"`
}

GVK-related

type InsightManager

type InsightManager struct {
	// contains filtered or unexported fields
}

func NewInsightManager

func NewInsightManager(
	searchStorage storage.SearchStorage,
	resourceStorage storage.ResourceStorage,
	resourceGroupRuleStorage storage.ResourceGroupRuleStorage,
	genericConfig *genericapiserver.CompletedConfig,
) (*InsightManager, error)

NewInsightManager returns a new InsightManager object

func (*InsightManager) Audit

func (i *InsightManager) Audit(ctx context.Context, resourceGroup entity.ResourceGroup, noCache bool) (scanner.ScanResult, error)

Audit performs the audit on Kubernetes manifests with the specified resourceGroup and returns the issues found during the audit.

func (*InsightManager) ConvertGraphToMap

func (i *InsightManager) ConvertGraphToMap(rg *topology.RelationshipGraph, resourceGroup *entity.ResourceGroup) map[string]ClusterTopology

ConvertGraphToMap returns a map[string]ClusterTopology for a given relationship.RelationshipGraph

func (*InsightManager) ConvertResourceGraphToMap

func (i *InsightManager) ConvertResourceGraphToMap(g graph.Graph[string, topology.ResourceGraphNode], resourceGroup entity.ResourceGroup) map[string]ResourceTopology

ConvertResourceGraphToMap converts a resource graph to a map of ResourceTopology based on the given graph and resourceGroup.

func (*InsightManager) CountByResourceGroup

func (i *InsightManager) CountByResourceGroup(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup) (map[string]int, error)

CountResourcesByGVK returns a map from string to int

func (*InsightManager) CountResourcesByGVK

func (i *InsightManager) CountResourcesByGVK(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup) (int, error)

CountResourcesByGVK returns an int that corresponds to the count of a resource GVK defined using entity.ResourceGroup

func (*InsightManager) GetClusterEvents

func (i *InsightManager) GetClusterEvents(
	ctx context.Context,
	client *multicluster.MultiClusterClient,
	resourceGroup *entity.ResourceGroup,
) ([]unstructured.Unstructured, error)

GetClusterEvents returns the complete list of events in a cluster

func (*InsightManager) GetDetailsForCluster

func (i *InsightManager) GetDetailsForCluster(ctx context.Context, client *multicluster.MultiClusterClient, name string) (*ClusterDetail, error)

GetDetailsForCluster returns ClusterDetail object for a given cluster

func (*InsightManager) GetGVKEvents

func (i *InsightManager) GetGVKEvents(
	ctx context.Context,
	client *multicluster.MultiClusterClient,
	resourceGroup *entity.ResourceGroup,
) ([]unstructured.Unstructured, error)

GetGVKEvents returns the complete list of events for a GVK

func (*InsightManager) GetGVKSummary

func (i *InsightManager) GetGVKSummary(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup) (*GVKSummary, error)

GetGVKSummary returns the unstructured cluster object summary for a given GVK. Possibly will add more metrics to it in the future.

func (*InsightManager) GetNamespaceEvents

func (i *InsightManager) GetNamespaceEvents(
	ctx context.Context,
	client *multicluster.MultiClusterClient,
	resourceGroup *entity.ResourceGroup,
) ([]unstructured.Unstructured, error)

GetNamespaceEvents returns the complete list of events in a namespace

func (*InsightManager) GetNamespaceGVKEvents

func (i *InsightManager) GetNamespaceGVKEvents(
	ctx context.Context,
	client *multicluster.MultiClusterClient,
	resourceGroup *entity.ResourceGroup,
) ([]unstructured.Unstructured, error)

GetNamespaceEvents returns the complete list of events in a namespace

func (*InsightManager) GetNamespaceSummary

func (i *InsightManager) GetNamespaceSummary(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup) (*NamespaceSummary, error)

GetNamespaceSummary returns the unstructured cluster object summary for a given namespace. Possibly will add more metrics to it in the future.

func (*InsightManager) GetResource

GetResource returns the unstructured cluster object for a given cluster.

func (*InsightManager) GetResourceEvents

func (i *InsightManager) GetResourceEvents(
	ctx context.Context,
	client *multicluster.MultiClusterClient,
	resourceGroup *entity.ResourceGroup,
) ([]unstructured.Unstructured, error)

GetResourceEvents returns the list of events specified by entity.ResourceGroup.

func (*InsightManager) GetResourceGroupSummary

func (i *InsightManager) GetResourceGroupSummary(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup) (*ResourceGroupSummary, error)

GetResourceGroupSummary returns a summary of a resource group, including details about its resources and their distribution.

func (*InsightManager) GetResourceRelationship

GetResourceRelationship returns a full graph that contains all the resources that are related to obj

func (*InsightManager) GetResourceSummary

func (i *InsightManager) GetResourceSummary(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup) (*ResourceSummary, error)

GetResourceSummary returns the unstructured cluster object summary for a given cluster. Possibly will add more metrics to it in the future.

func (*InsightManager) GetTopologyForCluster

func (i *InsightManager) GetTopologyForCluster(ctx context.Context, client *multicluster.MultiClusterClient, name string, noCache bool) (map[string]ClusterTopology, error)

GetTopologyForCluster returns a map that describes topology for a given cluster

func (*InsightManager) GetTopologyForClusterNamespace

func (i *InsightManager) GetTopologyForClusterNamespace(ctx context.Context, client *multicluster.MultiClusterClient, cluster, namespace string, noCache bool) (map[string]ClusterTopology, error)

GetTopologyForClusterNamespace returns a map that describes topology for a given namespace in a given cluster

func (*InsightManager) GetTopologyForCustomResourceGroup

func (i *InsightManager) GetTopologyForCustomResourceGroup(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, clusters []string, noCache bool) (map[string]map[string]ClusterTopology, error)

GetTopologyForCustomResourceGroup returns a map that describes topology for custom resource group

func (*InsightManager) GetTopologyForCustomResourceGroupSingleCluster

func (i *InsightManager) GetTopologyForCustomResourceGroupSingleCluster(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, cluster string, noCache bool) (map[string]ClusterTopology, error)

GetTopologyForCustomResourceGroupSingleCluster returns a map that describes topology for single cluster custom resource group

func (*InsightManager) GetTopologyForResource

func (i *InsightManager) GetTopologyForResource(ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup, noCache bool) (map[string]ResourceTopology, error)

GetTopologyForResource returns a map that describes topology for a given cluster

func (*InsightManager) GetYAMLForResource

func (i *InsightManager) GetYAMLForResource(
	ctx context.Context, client *multicluster.MultiClusterClient, resourceGroup *entity.ResourceGroup,
) ([]byte, error)

GetYAMLForResource returns the yaml byte array for a given cluster

func (*InsightManager) SanitizeSecret

func (i *InsightManager) SanitizeSecret(original *unstructured.Unstructured) (*unstructured.Unstructured, error)

SanitizeSecret redact the data field in the secret object

func (*InsightManager) Score

func (i *InsightManager) Score(ctx context.Context, resourceGroup entity.ResourceGroup, noCache bool) (*ScoreData, error)

Score calculates a score based on the severity and total number of issues identified during the audit. It aggregates statistics on different severity levels and generates a cumulative score.

func (*InsightManager) Statistics

func (i *InsightManager) Statistics(ctx context.Context) (*Statistics, error)

Statistics is a method of the InsightManager struct which provides statistical information.

Parameters: - ctx (context.Context): The context object for managing the lifecycle of the request.

Returns: - *Statistics: A pointer to a Statistics struct containing the aggregated statistics. - error: An error if one occurred during the retrieval of statistics.

type KeyValuePair

type KeyValuePair struct {
	// contains filtered or unexported fields
}

type MetricPoint added in v0.5.8

type MetricPoint struct {
	Timestamp metav1.Time `json:"timestamp"`
	Value     float64     `json:"value"`
}

type NamespaceSummary

type NamespaceSummary struct {
	Cluster    string         `json:"cluster"`
	Namespace  string         `json:"namespace"`
	CountByGVK map[string]int `json:"countByGVK"`
}

Namespace-related

type ResourceEvents

type ResourceEvents struct {
	Resource       entity.ResourceGroup `json:"resource"`
	Count          int                  `json:"count"`
	Reason         string               `json:"reason"`
	Source         string               `json:"source"`
	Type           string               `json:"type"`
	LastTimestamp  metav1.Time          `json:"lastTimestamp"`
	FirstTimestamp metav1.Time          `json:"firstTimestamp"`
}

type ResourceGroupSummary

type ResourceGroupSummary struct {
	*entity.ResourceGroup
	CountByGVK map[string]int `json:"countByGVK"`
}

ResourceGroup-related

type ResourceMetrics added in v0.5.8

type ResourceMetrics struct {
	Points []MetricPoint `json:"points"`
}

type ResourceSummary

type ResourceSummary struct {
	Resource          entity.ResourceGroup `json:"resource"`
	CreationTimestamp metav1.Time          `json:"creationTimestamp"`
	ResourceVersion   string               `json:"resourceVersion"`
	UID               types.UID            `json:"uid"`
}

type ResourceTopology

type ResourceTopology struct {
	ResourceGroup entity.ResourceGroup `json:"resourceGroup"`
	Parents       []string             `json:"parents"`
	Children      []string             `json:"children"`
}

type ScoreData

type ScoreData struct {
	// Score represents the calculated score of the audited manifest based on
	// the number and severity of issues. It provides a quantitative measure
	// of the security posture of the resources in the manifest.
	Score float64 `json:"score"`

	// ResourceTotal is the count of unique resources audited during the scan.
	ResourceTotal int `json:"resourceTotal"`

	// IssuesTotal is the total count of all issues found during the audit.
	// This count can be used to understand the overall number of problems
	// that need to be addressed.
	IssuesTotal int `json:"issuesTotal"`

	// SeverityStatistic is a mapping of severity levels to their respective
	// number of occurrences. It allows for a quick overview of the distribution
	// of issues across different severity categories.
	SeverityStatistic map[string]int `json:"severityStatistic"`
}

ScoreData encapsulates the results of scoring an audited manifest. It provides a numerical score along with statistics about the total number of issues and their severities.

type Statistics

type Statistics struct {
	ClusterCount           int `json:"clusterCount"`
	ResourceCount          int `json:"resourceCount"`
	ResourceGroupRuleCount int `json:"resourceGroupRuleCount"`
}

Global-related

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL