Documentation ¶
Overview ¶
Package checks implements Compliance Agent checks
Index ¶
- Constants
- Variables
- func PrettyPrintJSON(data interface{}, tab string) ([]byte, error)
- type Builder
- type BuilderOption
- func MayFail(o BuilderOption) BuilderOption
- func WithAudit() BuilderOption
- func WithAuditClient(cli env.AuditClient) BuilderOption
- func WithDocker() BuilderOption
- func WithDockerClient(cli env.DockerClient) BuilderOption
- func WithHostRootMount(hostRootMount string) BuilderOption
- func WithHostname(hostname string) BuilderOption
- func WithInterval(interval time.Duration) BuilderOption
- func WithIsLeader(isLeader func() bool) BuilderOption
- func WithKubernetesClient(cli dynamic.Interface, clusterID string) BuilderOption
- func WithMatchRule(matcher RuleMatcher) BuilderOption
- func WithMatchSuite(matcher SuiteMatcher) BuilderOption
- func WithMaxEvents(max int) BuilderOption
- func WithNodeLabels(nodeLabels map[string]string) BuilderOption
- func WithRegoInput(regoInputPath string) BuilderOption
- func WithRegoInputDumpPath(regoInputDumpPath string) BuilderOption
- type RuleMatcher
- type SuiteMatcher
Constants ¶
const ExpireAtIntervalFactor = 3
ExpireAtIntervalFactor represents the amount of intervals between a check and its expiration
Variables ¶
var ( // ErrResourceKindNotSupported is returned in case resource kind is not supported by evaluator ErrResourceKindNotSupported = errors.New("resource kind not supported") // ErrResourceFallbackMissing is returned when a resource relies on fallback but no fallback is provided ErrResourceFallbackMissing = errors.New("resource fallback missing") // ErrResourceCannotUseFallback is returned when a resource cannot use fallback ErrResourceCannotUseFallback = errors.New("resource cannot use fallback") // ErrResourceFailedToResolve is returned when a resource failed to resolve to any instances for evaluation ErrResourceFailedToResolve = errors.New("failed to resolve resource") )
var ErrGroupNotFound = errors.New("group not found")
ErrGroupNotFound is returned when a group cannot be found
var ErrInvalidIteration = errors.New("out of bounds iteration")
ErrInvalidIteration is returned when an invalid (out of bounds) iteration is performed
var ErrResourceNotSupported = errors.New("resource type not supported")
ErrResourceNotSupported is returned when resource type is not supported by Builder
var ErrRuleDoesNotApply = errors.New("rule does not apply to this environment")
ErrRuleDoesNotApply is returned when a rule cannot be applied to the current environment
var ErrRuleScopeNotSupported = errors.New("rule scope not supported")
ErrRuleScopeNotSupported is returned when resource scope is not supported
var ( // ErrTruncatedResults is reported when the reports list is truncated ErrTruncatedResults = errors.New("truncated result") )
Functions ¶
func PrettyPrintJSON ¶
PrettyPrintJSON pretty prints a json
Types ¶
type Builder ¶
type Builder interface { ChecksFromFile(file string, onCheck compliance.CheckVisitor) error GetCheckStatus() compliance.CheckStatusList Close() error }
Builder defines an interface to build checks from rules
func NewBuilder ¶
func NewBuilder(reporter event.Reporter, options ...BuilderOption) (Builder, error)
NewBuilder constructs a check builder
type BuilderOption ¶
type BuilderOption func(*builder) error
BuilderOption defines a configuration option for the builder
func MayFail ¶
func MayFail(o BuilderOption) BuilderOption
MayFail configures a builder option to succeed on failures and logs an error
func WithAuditClient ¶
func WithAuditClient(cli env.AuditClient) BuilderOption
WithAuditClient configures using specific audit client
func WithDockerClient ¶
func WithDockerClient(cli env.DockerClient) BuilderOption
WithDockerClient configurs specific docker client
func WithHostRootMount ¶
func WithHostRootMount(hostRootMount string) BuilderOption
WithHostRootMount defines host root filesystem mount location
func WithHostname ¶
func WithHostname(hostname string) BuilderOption
WithHostname configures hostname used by checks
func WithInterval ¶
func WithInterval(interval time.Duration) BuilderOption
WithInterval configures default check interval
func WithIsLeader ¶
func WithIsLeader(isLeader func() bool) BuilderOption
WithIsLeader allows check runner to know if its a leader instance or not (DCA)
func WithKubernetesClient ¶
func WithKubernetesClient(cli dynamic.Interface, clusterID string) BuilderOption
WithKubernetesClient allows specific Kubernetes client
func WithMatchRule ¶
func WithMatchRule(matcher RuleMatcher) BuilderOption
WithMatchRule configures builder to use a suite matcher
func WithMatchSuite ¶
func WithMatchSuite(matcher SuiteMatcher) BuilderOption
WithMatchSuite configures builder to use a suite matcher
func WithMaxEvents ¶
func WithMaxEvents(max int) BuilderOption
WithMaxEvents configures default max events per run
func WithNodeLabels ¶
func WithNodeLabels(nodeLabels map[string]string) BuilderOption
WithNodeLabels configures a builder to use specified Kubernetes node labels
func WithRegoInput ¶
func WithRegoInput(regoInputPath string) BuilderOption
WithRegoInput configures a builder to provide rego input based on the content of a file instead of the current environment
func WithRegoInputDumpPath ¶
func WithRegoInputDumpPath(regoInputDumpPath string) BuilderOption
WithRegoInputDumpPath configures a builder to dump the rego input to the provided file path
type RuleMatcher ¶
type RuleMatcher func(*compliance.RuleCommon) bool
RuleMatcher checks if a compliance rule is included
type SuiteMatcher ¶
type SuiteMatcher func(*compliance.SuiteMeta) bool
SuiteMatcher checks if a compliance suite is included
func IsFramework ¶
func IsFramework(framework string) SuiteMatcher
IsFramework matches a compliance suite by the name of the framework
Source Files ¶
- audit.go
- audit_check.go
- builder.go
- check.go
- checkable.go
- command_check.go
- command_utils.go
- command_utils_unix.go
- constants_check.go
- custom_check.go
- docker_check.go
- file.go
- file_check.go
- file_utils.go
- global.go
- group_check.go
- helpers.go
- iterator.go
- kubeapiserver_check.go
- mock_checkable.go
- mock_iterator.go
- no_docker.go
- process_check.go
- process_utils.go
- rego_builtins.go
- rego_check.go
- resource_check.go
- status.go
- utils.go