Documentation ¶
Overview ¶
Package trivyoperator provides primitives for working with Trivy-operator toolkit.
Index ¶
- Constants
- func GetPluginConfigMapName(pluginName string) string
- func GetVersionFromImageRef(imageRef string) (string, error)
- func LinuxNodeAffinity() *corev1.Affinity
- func NewScheme() *runtime.Scheme
- type BuildInfo
- type ConfigData
- func (c ConfigData) ComplianceFailEntriesLimit() int
- func (c ConfigData) GetConfigAuditReportsScanner() (Scanner, error)
- func (c ConfigData) GetKubeBenchImageRef() (string, error)
- func (c ConfigData) GetKubeHunterImageRef() (string, error)
- func (c ConfigData) GetKubeHunterQuick() (bool, error)
- func (c ConfigData) GetRequiredData(key string) (string, error)
- func (c ConfigData) GetScanJobAnnotations() (map[string]string, error)
- func (c ConfigData) GetScanJobPodTemplateLabels() (labels.Set, error)
- func (c ConfigData) GetScanJobTolerations() ([]corev1.Toleration, error)
- func (c ConfigData) GetVulnerabilityReportsScanner() (Scanner, error)
- func (c ConfigData) VulnerabilityScanJobsInSameNamespace() bool
- type ConfigManager
- type PluginConfig
- type PluginContext
- type PluginContextBuilder
- func (b *PluginContextBuilder) Get() PluginContext
- func (b *PluginContextBuilder) WithClient(client client.Client) *PluginContextBuilder
- func (b *PluginContextBuilder) WithName(name string) *PluginContextBuilder
- func (b *PluginContextBuilder) WithNamespace(namespace string) *PluginContextBuilder
- func (b *PluginContextBuilder) WithServiceAccountName(name string) *PluginContextBuilder
- func (b *PluginContextBuilder) WithTrivyOperatorConfig(config ConfigData) *PluginContextBuilder
- type Scanner
Constants ¶
const ( // NamespaceName the name of the namespace in which Trivy-operator stores its // configuration and where it runs scan jobs. NamespaceName = "trivy-operator" // ServiceAccountName the name of the service account used to provide // identity for scan jobs run by Trivy-operator. ServiceAccountName = "trivy-operator" // ConfigMapName the name of the ConfigMap where Trivy-operator stores its // configuration. ConfigMapName = "trivy-operator" // SecretName the name of the secret where Trivy-operator stores is sensitive // configuration. SecretName = "trivy-operator" // PoliciesConfigMapName the name of the ConfigMap used to store OPA Rego // policies. PoliciesConfigMapName = "trivy-operator-policies-config" )
const ( LabelResourceKind = "trivy-operator.resource.kind" LabelResourceName = "trivy-operator.resource.name" LabelResourceNameHash = "trivy-operator.resource.name-hash" LabelResourceNamespace = "trivy-operator.resource.namespace" LabelContainerName = "trivy-operator.container.name" LabelResourceSpecHash = "resource-spec-hash" LabelPluginConfigHash = "plugin-config-hash" LabelConfigAuditReportScanner = "configAuditReport.scanner" LabelVulnerabilityReportScanner = "vulnerabilityReport.scanner" LabelKubeBenchReportScanner = "kubeBenchReport.scanner" LabelK8SAppManagedBy = "app.kubernetes.io/managed-by" AppTrivyOperator = "trivy-operator" )
const (
AnnotationContainerImages = "trivy-operator.container-images"
)
const (
Banner = `` /* 162-byte string literal not displayed */
)
const (
KeyVulnerabilityScansInSameNamespace = "vulnerabilityReports.scanJobsInSameNamespace"
)
Variables ¶
This section is empty.
Functions ¶
func GetPluginConfigMapName ¶
GetPluginConfigMapName returns the name of a ConfigMap used to configure a plugin with the given name. TODO Rename to GetPluginConfigObjectName as this method is used to determine the name of ConfigMaps and Secrets.
func GetVersionFromImageRef ¶
GetVersionFromImageRef returns the image identifier for the specified image reference.
func LinuxNodeAffinity ¶
LinuxNodeAffinity constructs a new Affinity resource with linux supported nodes.
Types ¶
type BuildInfo ¶
BuildInfo holds build info such as Git revision, Git SHA-1, build datetime, and the name of the executable binary.
type ConfigData ¶
ConfigData holds Trivy-operator configuration settings as a set of key-value pairs.
func GetDefaultConfig ¶
func GetDefaultConfig() ConfigData
GetDefaultConfig returns the default configuration settings.
func (ConfigData) ComplianceFailEntriesLimit ¶
func (c ConfigData) ComplianceFailEntriesLimit() int
func (ConfigData) GetConfigAuditReportsScanner ¶
func (c ConfigData) GetConfigAuditReportsScanner() (Scanner, error)
func (ConfigData) GetKubeBenchImageRef ¶
func (c ConfigData) GetKubeBenchImageRef() (string, error)
func (ConfigData) GetKubeHunterImageRef ¶
func (c ConfigData) GetKubeHunterImageRef() (string, error)
func (ConfigData) GetKubeHunterQuick ¶
func (c ConfigData) GetKubeHunterQuick() (bool, error)
func (ConfigData) GetRequiredData ¶
func (c ConfigData) GetRequiredData(key string) (string, error)
func (ConfigData) GetScanJobAnnotations ¶
func (c ConfigData) GetScanJobAnnotations() (map[string]string, error)
func (ConfigData) GetScanJobPodTemplateLabels ¶
func (c ConfigData) GetScanJobPodTemplateLabels() (labels.Set, error)
func (ConfigData) GetScanJobTolerations ¶
func (c ConfigData) GetScanJobTolerations() ([]corev1.Toleration, error)
func (ConfigData) GetVulnerabilityReportsScanner ¶
func (c ConfigData) GetVulnerabilityReportsScanner() (Scanner, error)
func (ConfigData) VulnerabilityScanJobsInSameNamespace ¶
func (c ConfigData) VulnerabilityScanJobsInSameNamespace() bool
type ConfigManager ¶
type ConfigManager interface { EnsureDefault(ctx context.Context) error Read(ctx context.Context) (ConfigData, error) Delete(ctx context.Context) error }
ConfigManager defines methods for managing ConfigData.
func NewConfigManager ¶
func NewConfigManager(client kubernetes.Interface, namespace string) ConfigManager
NewConfigManager constructs a new ConfigManager that is using kubernetes.Interface to manage ConfigData backed by the ConfigMap stored in the specified namespace.
type PluginConfig ¶
PluginConfig holds plugin configuration settings.
func (PluginConfig) GetRequiredData ¶
func (c PluginConfig) GetRequiredData(key string) (string, error)
type PluginContext ¶
type PluginContext interface { // GetName returns the name of the plugin. GetName() string // GetConfig returns the PluginConfig object that holds configuration settings of the plugin. GetConfig() (PluginConfig, error) // EnsureConfig ensures the PluginConfig, typically when a plugin is initialized. EnsureConfig(config PluginConfig) error // GetNamespace return the name of the K8s Namespace where Trivy-operator creates Jobs // and other helper objects. GetNamespace() string // GetServiceAccountName return the name of the K8s Service Account used to run workloads // created by Trivy-operator. GetServiceAccountName() string // GetTrivyOperatorConfig returns trivyoperator configuration. GetTrivyOperatorConfig() ConfigData }
PluginContext is plugin's execution context within the Trivy-operator toolkit. The context is used to grant access to other methods so that this plugin can interact with the toolkit.
type PluginContextBuilder ¶
type PluginContextBuilder struct {
// contains filtered or unexported fields
}
func NewPluginContext ¶
func NewPluginContext() *PluginContextBuilder
func (*PluginContextBuilder) Get ¶
func (b *PluginContextBuilder) Get() PluginContext
func (*PluginContextBuilder) WithClient ¶
func (b *PluginContextBuilder) WithClient(client client.Client) *PluginContextBuilder
func (*PluginContextBuilder) WithName ¶
func (b *PluginContextBuilder) WithName(name string) *PluginContextBuilder
func (*PluginContextBuilder) WithNamespace ¶
func (b *PluginContextBuilder) WithNamespace(namespace string) *PluginContextBuilder
func (*PluginContextBuilder) WithServiceAccountName ¶
func (b *PluginContextBuilder) WithServiceAccountName(name string) *PluginContextBuilder
func (*PluginContextBuilder) WithTrivyOperatorConfig ¶
func (b *PluginContextBuilder) WithTrivyOperatorConfig(config ConfigData) *PluginContextBuilder