Documentation ¶
Overview ¶
Package conftest provides primitives for working with Conftest.
Index ¶
Constants ¶
const (
// Plugin the name of this plugin.
Plugin = "Conftest"
)
Variables ¶
This section is empty.
Functions ¶
func NewPlugin ¶
func NewPlugin(idGenerator ext.IDGenerator, clock ext.Clock) configauditreport.Plugin
NewPlugin constructs a new configauditreport.Plugin, which is using the upstream Conftest container image to audit K8s workloads.
Types ¶
type CheckResult ¶
type CheckResult struct { FileName string `json:"filename"` Namespace string `json:"namespace"` Successes int `json:"successes"` Warnings []Result `json:"warnings,omitempty"` Failures []Result `json:"failures,omitempty"` Exceptions []Result `json:"exceptions,omitempty"` Queries []QueryResult `json:"queries,omitempty"` }
CheckResult describes the result of a conftest policy evaluation. Errors produced by rego should be considered separate from other classes of exceptions.
type Config ¶
type Config struct {
starboard.PluginConfig
}
Config defines configuration params for this plugin.
func (Config) GetImageRef ¶ added in v0.11.0
GetImageRef returns upstream Conftest container image reference.
func (Config) GetPolicies ¶ added in v0.11.0
GetPolicies returns Config keys prefixed with `conftest.policy.` that define Rego policies.
func (Config) GetResourceRequirements ¶ added in v0.11.0
func (c Config) GetResourceRequirements() (corev1.ResourceRequirements, error)
GetResourceRequirements constructs ResourceRequirements from the Config.
type QueryResult ¶
type QueryResult struct { // Query is the fully qualified query that was used // to determine the result. Ex: (data.main.deny) Query string `json:"query"` // Results are the individual results of the query. // When querying data.main.deny, multiple deny rules can // exist, producing multiple results. Results []Result `json:"results"` // Traces represents a single trace of how the query was // evaluated. Each trace value is a trace line. Traces []string `json:"traces"` }
QueryResult describes the result of evaluting a query.