starboard

package
v0.15.22 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 30, 2024 License: Apache-2.0 Imports: 26 Imported by: 3

Documentation

Overview

Package starboard provides primitives for working with Starboard toolkit.

Index

Constants

View Source
const (
	// NamespaceName the name of the namespace in which Starboard stores its
	// configuration and where it runs scan jobs.
	NamespaceName = "starboard"

	// ServiceAccountName the name of the service account used to provide
	// identity for scan jobs run by Starboard.
	ServiceAccountName = "starboard"

	// ConfigMapName the name of the ConfigMap where Starboard stores its
	// configuration.
	ConfigMapName = "starboard"

	// SecretName the name of the secret where Starboard stores is sensitive
	// configuration.
	SecretName = "starboard"

	// PoliciesConfigMapName the name of the ConfigMap used to store OPA Rego
	// policies.
	PoliciesConfigMapName = "starboard-policies-config"
)
View Source
const (
	LabelResourceKind      = "starboard.resource.kind"
	LabelResourceName      = "starboard.resource.name"
	LabelResourceNameHash  = "starboard.resource.name-hash"
	LabelResourceNamespace = "starboard.resource.namespace"
	LabelContainerName     = "starboard.container.name"
	LabelResourceSpecHash  = "resource-spec-hash"
	LabelPluginConfigHash  = "plugin-config-hash"

	LabelConfigAuditReportScanner   = "configAuditReport.scanner"
	LabelVulnerabilityReportScanner = "vulnerabilityReport.scanner"
	LabelKubeBenchReportScanner     = "kubeBenchReport.scanner"

	LabelK8SAppManagedBy = "app.kubernetes.io/managed-by"
	AppStarboard         = "starboard"
)
View Source
const (
	AnnotationContainerImages = "starboard.container-images"
)
View Source
const (

)
View Source
const (
	KeyVulnerabilityScansInSameNamespace = "vulnerabilityReports.scanJobsInSameNamespace"
)

Variables

This section is empty.

Functions

func GetPluginConfigMapName added in v0.10.0

func GetPluginConfigMapName(pluginName string) string

GetPluginConfigMapName returns the name of a ConfigMap used to configure a plugin with the given name. TODO Rename to GetPluginConfigObjectName as this method is used to determine the name of ConfigMaps and Secrets.

func GetVersionFromImageRef

func GetVersionFromImageRef(imageRef string) (string, error)

GetVersionFromImageRef returns the image identifier for the specified image reference.

func LinuxNodeAffinity added in v0.9.0

func LinuxNodeAffinity() *corev1.Affinity

LinuxNodeAffinity constructs a new Affinity resource with linux supported nodes.

func NewScheme added in v0.7.0

func NewScheme() *runtime.Scheme

Types

type BuildInfo

type BuildInfo struct {
	Version    string
	Commit     string
	Date       string
	Executable string
}

BuildInfo holds build info such as Git revision, Git SHA-1, build datetime, and the name of the executable binary.

type ConfigData

type ConfigData map[string]string

ConfigData holds Starboard configuration settings as a set of key-value pairs.

func GetDefaultConfig

func GetDefaultConfig() ConfigData

GetDefaultConfig returns the default configuration settings.

func (ConfigData) ComplianceFailEntriesLimit added in v0.15.2

func (c ConfigData) ComplianceFailEntriesLimit() int

func (ConfigData) GetConfigAuditReportsScanner added in v0.10.0

func (c ConfigData) GetConfigAuditReportsScanner() (Scanner, error)

func (ConfigData) GetKubeBenchImageRef

func (c ConfigData) GetKubeBenchImageRef() (string, error)

func (ConfigData) GetKubeHunterImageRef added in v0.8.0

func (c ConfigData) GetKubeHunterImageRef() (string, error)

func (ConfigData) GetKubeHunterQuick added in v0.9.0

func (c ConfigData) GetKubeHunterQuick() (bool, error)

func (ConfigData) GetRequiredData added in v0.11.0

func (c ConfigData) GetRequiredData(key string) (string, error)

func (ConfigData) GetScanJobAnnotations added in v0.11.0

func (c ConfigData) GetScanJobAnnotations() (map[string]string, error)

func (ConfigData) GetScanJobPodTemplateLabels added in v0.14.0

func (c ConfigData) GetScanJobPodTemplateLabels() (labels.Set, error)

func (ConfigData) GetScanJobTolerations added in v0.11.0

func (c ConfigData) GetScanJobTolerations() ([]corev1.Toleration, error)

func (ConfigData) GetVulnerabilityReportsScanner added in v0.8.0

func (c ConfigData) GetVulnerabilityReportsScanner() (Scanner, error)

func (ConfigData) VulnerabilityScanJobsInSameNamespace added in v0.15.0

func (c ConfigData) VulnerabilityScanJobsInSameNamespace() bool

type ConfigManager added in v0.7.0

type ConfigManager interface {
	EnsureDefault(ctx context.Context) error
	Read(ctx context.Context) (ConfigData, error)
	Delete(ctx context.Context) error
}

ConfigManager defines methods for managing ConfigData.

func NewConfigManager added in v0.7.0

func NewConfigManager(client kubernetes.Interface, namespace string) ConfigManager

NewConfigManager constructs a new ConfigManager that is using kubernetes.Interface to manage ConfigData backed by the ConfigMap stored in the specified namespace.

type PluginConfig added in v0.11.0

type PluginConfig struct {
	Data       map[string]string
	SecretData map[string][]byte
}

PluginConfig holds plugin configuration settings.

func (PluginConfig) GetRequiredData added in v0.11.0

func (c PluginConfig) GetRequiredData(key string) (string, error)

type PluginContext added in v0.10.0

type PluginContext interface {
	// GetName returns the name of the plugin.
	GetName() string
	// GetConfig returns the PluginConfig object that holds configuration settings of the plugin.
	GetConfig() (PluginConfig, error)
	// EnsureConfig ensures the PluginConfig, typically when a plugin is initialized.
	EnsureConfig(config PluginConfig) error
	// GetNamespace return the name of the K8s Namespace where Starboard creates Jobs
	// and other helper objects.
	GetNamespace() string
	// GetServiceAccountName return the name of the K8s Service Account used to run workloads
	// created by Starboard.
	GetServiceAccountName() string
	// GetStarboardConfig returns starboard configuration.
	GetStarboardConfig() ConfigData
}

PluginContext is plugin's execution context within the Starboard toolkit. The context is used to grant access to other methods so that this plugin can interact with the toolkit.

type PluginContextBuilder added in v0.10.0

type PluginContextBuilder struct {
	// contains filtered or unexported fields
}

func NewPluginContext added in v0.10.0

func NewPluginContext() *PluginContextBuilder

func (*PluginContextBuilder) Get added in v0.10.2

func (*PluginContextBuilder) WithClient added in v0.10.0

func (b *PluginContextBuilder) WithClient(client client.Client) *PluginContextBuilder

func (*PluginContextBuilder) WithName added in v0.10.0

func (*PluginContextBuilder) WithNamespace added in v0.10.0

func (b *PluginContextBuilder) WithNamespace(namespace string) *PluginContextBuilder

func (*PluginContextBuilder) WithServiceAccountName added in v0.10.0

func (b *PluginContextBuilder) WithServiceAccountName(name string) *PluginContextBuilder

func (*PluginContextBuilder) WithStarboardConfig added in v0.15.0

func (b *PluginContextBuilder) WithStarboardConfig(config ConfigData) *PluginContextBuilder

type Scanner added in v0.8.0

type Scanner string

Scanner represents unique, human-readable identifier of a security scanner.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL