configauditreport

package

v0.10.3 Latest Latest Go to latest Published: May 14, 2021 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aquasecurity/starboard

Links

Open Source Insights

Documentation ¶

Overview ¶

The configauditreport package provides primitives for working with Kubernetes workload configuration checkers.

Index ¶

func GetScanJobName(obj client.Object) string
type Plugin
type ReadWriter
- func NewReadWriter(client client.Client) ReadWriter
type Reader
type ReportBuilder
- func NewReportBuilder(scheme *runtime.Scheme) *ReportBuilder
type ScanJobBuilder
- func NewScanJob() *ScanJobBuilder
type Scanner
- func NewScanner(clientset kubernetes.Interface, client client.Client, opts kube.ScannerOpts, ...) *Scanner
- func (s *Scanner) Scan(ctx context.Context, workload kube.Object) (v1alpha1.ConfigAuditReport, error)
type Writer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetScanJobName ¶ added in v0.10.2

func GetScanJobName(obj client.Object) string

Types ¶

type Plugin ¶ added in v0.9.0

type Plugin interface {

	// GetScanJobSpec describes the pod that will be created by Starboard when
	// it schedules a Kubernetes job to scan the specified workload client.Object.
	// The plugin might return zero to many v1.Secret objects which will be
	// created by Starboard and associated with the scan job.
	GetScanJobSpec(ctx starboard.PluginContext, obj client.Object) (corev1.PodSpec, []*corev1.Secret, error)

	// ParseConfigAuditReportData is a callback to parse and convert logs of
	// the container in a pod controlled by the scan job to v1alpha1.ConfigAuditResult.
	ParseConfigAuditReportData(logsReader io.ReadCloser) (v1alpha1.ConfigAuditResult, error)

	// GetContainerName returns the name of the container in a pod created by a scan job
	// to read logs from.
	GetContainerName() string

	// GetConfigHash returns hash of the plugin's configuration settings. The computed hash
	// is used to invalidate v1alpha1.ConfigAuditReport object whenever configuration changes.
	GetConfigHash(ctx starboard.PluginContext) (string, error)
}

Plugin defines the interface between Starboard and Kubernetes workload configuration checkers / linters / sanitizers. Not a final version, rather first step to separate generic workloads discovery code and Polaris implementation details.

type ReadWriter ¶

type ReadWriter interface {
	Writer
	Reader
}

func NewReadWriter ¶

func NewReadWriter(client client.Client) ReadWriter

NewReadWriter constructs a new ReadWriter which is using the client package provided by the controller-runtime libraries for interacting with the Kubernetes API server.

type Reader ¶

type Reader interface {
	FindByOwner(ctx context.Context, owner kube.Object) (*v1alpha1.ConfigAuditReport, error)
	FindByOwnerInHierarchy(ctx context.Context, owner kube.Object) (*v1alpha1.ConfigAuditReport, error)
}

Reader is the interface that wraps methods for finding v1alpha1.ConfigAuditReport objects.

FindByOwner returns a v1alpha1.ConfigAuditReport owned by the given kube.Object or nil if the report is not found.

FindByOwnerInHierarchy is similar to FindByOwner except that it tries to lookup a v1alpha1.ConfigAuditReport object owned by related Kubernetes objects. For example, if the given owner is a Deployment, but a report is owned by the active ReplicaSet (current revision) this method will return the report.

type ReportBuilder ¶ added in v0.10.2

type ReportBuilder struct {
	// contains filtered or unexported fields
}

func NewReportBuilder ¶ added in v0.10.2

func NewReportBuilder(scheme *runtime.Scheme) *ReportBuilder

func (*ReportBuilder) Controller ¶ added in v0.10.2

func (b *ReportBuilder) Controller(controller metav1.Object) *ReportBuilder

func (*ReportBuilder) Data ¶ added in v0.10.2

func (b *ReportBuilder) Data(result v1alpha1.ConfigAuditResult) *ReportBuilder

func (*ReportBuilder) Get ¶ added in v0.10.2

func (b *ReportBuilder) Get() (v1alpha1.ConfigAuditReport, error)

func (*ReportBuilder) PluginConfigHash ¶ added in v0.10.2

func (b *ReportBuilder) PluginConfigHash(hash string) *ReportBuilder

func (*ReportBuilder) PodSpecHash ¶ added in v0.10.2

func (b *ReportBuilder) PodSpecHash(hash string) *ReportBuilder

type ScanJobBuilder ¶ added in v0.10.2

type ScanJobBuilder struct {
	// contains filtered or unexported fields
}

func NewScanJob ¶ added in v0.10.2

func NewScanJob() *ScanJobBuilder

func (*ScanJobBuilder) Get ¶ added in v0.10.2

func (s *ScanJobBuilder) Get() (*batchv1.Job, []*corev1.Secret, error)

func (*ScanJobBuilder) WithObject ¶ added in v0.10.2

func (s *ScanJobBuilder) WithObject(object client.Object) *ScanJobBuilder

func (*ScanJobBuilder) WithPlugin ¶ added in v0.10.2

func (s *ScanJobBuilder) WithPlugin(plugin Plugin) *ScanJobBuilder

func (*ScanJobBuilder) WithPluginContext ¶ added in v0.10.2

func (s *ScanJobBuilder) WithPluginContext(pluginContext starboard.PluginContext) *ScanJobBuilder

func (*ScanJobBuilder) WithTimeout ¶ added in v0.10.2

func (s *ScanJobBuilder) WithTimeout(timeout time.Duration) *ScanJobBuilder

type Scanner ¶ added in v0.9.0

type Scanner struct {
	// contains filtered or unexported fields
}

func NewScanner ¶ added in v0.9.0

func NewScanner(
	clientset kubernetes.Interface,
	client client.Client,
	opts kube.ScannerOpts,
	plugin Plugin,
	pluginContext starboard.PluginContext,
) *Scanner

func (*Scanner) Scan ¶ added in v0.9.0

func (s *Scanner) Scan(ctx context.Context, workload kube.Object) (v1alpha1.ConfigAuditReport, error)

type Writer ¶

type Writer interface {
	Write(ctx context.Context, report v1alpha1.ConfigAuditReport) error
}

Writer is the interface that wraps the basic Write method.

Write creates or updates the given v1alpha1.ConfigAuditReport instance.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL