checks

package
v0.0.0-...-c4caace Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 27, 2024 License: Apache-2.0 Imports: 56 Imported by: 0

Documentation

Overview

Package checks implements Compliance Agent checks

Index

Constants

View Source
const ExpireAtIntervalFactor = 3

ExpireAtIntervalFactor represents the amount of intervals between a check and its expiration

Variables

View Source
var (
	// ErrResourceKindNotSupported is returned in case resource kind is not supported by evaluator
	ErrResourceKindNotSupported = errors.New("resource kind not supported")

	// ErrResourceFallbackMissing is returned when a resource relies on fallback but no fallback is provided
	ErrResourceFallbackMissing = errors.New("resource fallback missing")

	// ErrResourceCannotUseFallback is returned when a resource cannot use fallback
	ErrResourceCannotUseFallback = errors.New("resource cannot use fallback")

	// ErrResourceFailedToResolve is returned when a resource failed to resolve to any instances for evaluation
	ErrResourceFailedToResolve = errors.New("failed to resolve resource")
)
View Source
var ErrGroupNotFound = errors.New("group not found")

ErrGroupNotFound is returned when a group cannot be found

View Source
var ErrInvalidIteration = errors.New("out of bounds iteration")

ErrInvalidIteration is returned when an invalid (out of bounds) iteration is performed

View Source
var ErrResourceNotSupported = errors.New("resource type not supported")

ErrResourceNotSupported is returned when resource type is not supported by Builder

View Source
var ErrRuleDoesNotApply = errors.New("rule does not apply to this environment")

ErrRuleDoesNotApply is returned when a rule cannot be applied to the current environment

View Source
var ErrRuleScopeNotSupported = errors.New("rule scope not supported")

ErrRuleScopeNotSupported is returned when resource scope is not supported

View Source
var (
	// ErrTruncatedResults is reported when the reports list is truncated
	ErrTruncatedResults = errors.New("truncated result")
)

Functions

func PrettyPrintJSON

func PrettyPrintJSON(data interface{}, tab string) ([]byte, error)

PrettyPrintJSON pretty prints a json

Types

type Builder

type Builder interface {
	ChecksFromFile(file string, onCheck compliance.CheckVisitor) error
	GetCheckStatus() compliance.CheckStatusList
	Close() error
}

Builder defines an interface to build checks from rules

func NewBuilder

func NewBuilder(reporter event.Reporter, options ...BuilderOption) (Builder, error)

NewBuilder constructs a check builder

type BuilderOption

type BuilderOption func(*builder) error

BuilderOption defines a configuration option for the builder

func MayFail

func MayFail(o BuilderOption) BuilderOption

MayFail configures a builder option to succeed on failures and logs an error

func WithAudit

func WithAudit() BuilderOption

WithAudit configures using audit checks

func WithAuditClient

func WithAuditClient(cli env.AuditClient) BuilderOption

WithAuditClient configures using specific audit client

func WithDocker

func WithDocker() BuilderOption

WithDocker configures using docker

func WithDockerClient

func WithDockerClient(cli env.DockerClient) BuilderOption

WithDockerClient configurs specific docker client

func WithHostRootMount

func WithHostRootMount(hostRootMount string) BuilderOption

WithHostRootMount defines host root filesystem mount location

func WithHostname

func WithHostname(hostname string) BuilderOption

WithHostname configures hostname used by checks

func WithInterval

func WithInterval(interval time.Duration) BuilderOption

WithInterval configures default check interval

func WithIsLeader

func WithIsLeader(isLeader func() bool) BuilderOption

WithIsLeader allows check runner to know if its a leader instance or not (DCA)

func WithKubernetesClient

func WithKubernetesClient(cli dynamic.Interface, clusterID string) BuilderOption

WithKubernetesClient allows specific Kubernetes client

func WithMatchRule

func WithMatchRule(matcher RuleMatcher) BuilderOption

WithMatchRule configures builder to use a suite matcher

func WithMatchSuite

func WithMatchSuite(matcher SuiteMatcher) BuilderOption

WithMatchSuite configures builder to use a suite matcher

func WithMaxEvents

func WithMaxEvents(max int) BuilderOption

WithMaxEvents configures default max events per run

func WithNodeLabels

func WithNodeLabels(nodeLabels map[string]string) BuilderOption

WithNodeLabels configures a builder to use specified Kubernetes node labels

func WithRegoInput

func WithRegoInput(regoInputPath string) BuilderOption

WithRegoInput configures a builder to provide rego input based on the content of a file instead of the current environment

func WithRegoInputDumpPath

func WithRegoInputDumpPath(regoInputDumpPath string) BuilderOption

WithRegoInputDumpPath configures a builder to dump the rego input to the provided file path

type RuleMatcher

type RuleMatcher func(*compliance.RuleCommon) bool

RuleMatcher checks if a compliance rule is included

func IsRuleID

func IsRuleID(ruleID string) RuleMatcher

IsRuleID matches a compliance rule by ID

type SuiteMatcher

type SuiteMatcher func(*compliance.SuiteMeta) bool

SuiteMatcher checks if a compliance suite is included

func IsFramework

func IsFramework(framework string) SuiteMatcher

IsFramework matches a compliance suite by the name of the framework

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL