Documentation ¶
Index ¶
- Constants
- func BEHttpRequest(loginobj *LoginObject, beURL, httpverb string, endpoint string, payload []byte, ...) ([]byte, error)
- func BackendGetCVEExceptionByDEsignator(baseURL string, cusGUID string, designators *armotypes.PortalDesignator) ([]armotypes.VulnerabilityExceptionPolicy, error)
- func BasicBEQuery(req *http.Request, qryData interface{})
- func EmptyQuery(req *http.Request, qryData interface{})
- func GetBEInfo(cfgFile string) string
- func GetOauth2TokenURL() string
- func LoginWithKeycloak(loginDetails CustomerLoginDetails) ([]uuid.UUID, *oidc.IDToken, error)
- func MapQuery(req *http.Request, qryData interface{})
- func MapQueryWithoutSortKeys(req *http.Request, qryData interface{})
- func SIDFallback(c *Command)
- func ValidateBEConnectorMakerInput(client *http.Client, baseURL string, loginDetails *CustomerLoginDetails) error
- func ValidatePublicBEConnectorMakerInput(client *http.Client, baseURL string) error
- type AuthenticationCookie
- type BELoginResponse
- type BackendConnector
- func (r *BackendConnector) GetBaseURL() string
- func (r *BackendConnector) GetClient() *http.Client
- func (r *BackendConnector) GetLoginObj() *LoginObject
- func (r *BackendConnector) HTTPSend(httpverb string, endpoint string, payload []byte, f HTTPReqFunc, login bool, ...) ([]byte, error)
- func (r *BackendConnector) IsExpired() bool
- func (r *BackendConnector) Login() error
- type Command
- func (c *Command) DeepCopy() *Command
- func (c *Command) GetArg(key string) interface{}
- func (c *Command) GetCronJobParams() *CronJobParams
- func (c *Command) GetFieldSelector() map[string]string
- func (c *Command) GetID() string
- func (c *Command) GetLabels() map[string]string
- func (c *Command) Json() string
- func (c *Command) SetArg(key string, value interface{})
- func (c *Command) SetCronJobParams(cjParams CronJobParams)
- func (c *Command) SetFieldSelector(labels map[string]string)
- func (c *Command) SetLabels(labels map[string]string)
- type Commands
- type Connector
- type CronJobParams
- type CustomerLoginDetails
- type DBCommand
- type ElasticRespTotal
- type HTTPReqFunc
- type JobTracking
- type LoginAux
- type LoginObject
- type NotificationPolicyType
- type Oauth2Claims
- type Oauth2Customer
- type PaginationMarks
- type SessionChain
- type SessionChainWrapper
- type V2ListResponse
- type WebsocketScanCommand
Constants ¶
const ( WebsocketScanCommandVersion string = "v1" WebsocketScanCommandPath string = "scanImage" DBCommandPath string = "DBCommand" ServerReady string = "ready" )
WebsocketScanCommand api
const (
CommandDeprecatedArgsJobParams string = "kubescapeJobParams"
)
Variables ¶
This section is empty.
Functions ¶
func BEHttpRequest ¶
func BEHttpRequest(loginobj *LoginObject, beURL, httpverb string, endpoint string, payload []byte, f HTTPReqFunc, qryData interface{}) ([]byte, error)
func BackendGetCVEExceptionByDEsignator ¶
func BackendGetCVEExceptionByDEsignator(baseURL string, cusGUID string, designators *armotypes.PortalDesignator) ([]armotypes.VulnerabilityExceptionPolicy, error)
func BasicBEQuery ¶
func EmptyQuery ¶
func GetOauth2TokenURL ¶
func GetOauth2TokenURL() string
func LoginWithKeycloak ¶
func MapQueryWithoutSortKeys ¶
func SIDFallback ¶
func SIDFallback(c *Command)
func ValidateBEConnectorMakerInput ¶
func ValidateBEConnectorMakerInput(client *http.Client, baseURL string, loginDetails *CustomerLoginDetails) error
Types ¶
type AuthenticationCookie ¶
type AuthenticationCookie struct { Oauth2Claims `json:",inline"` CustomerGUID uuid.UUID `json:"customerGuid"` Expires time.Time `json:"expires"` Version int `json:"version"` Authorization string `json:"authorization,omitempty"` }
AuthenticationCookie is what it is
type BELoginResponse ¶
type BELoginResponse struct { Name string `json:"name"` PreferredUsername string `json:"preferred_username"` Email string `json:"email"` CustomerGuid string `json:"customerGuid"` Expires string `json:"expires"` Authorization string `json:"authorization"` Cookies []*http.Cookie }
func BELogin ¶
func BELogin(loginDetails *CustomerLoginDetails, login string, cfg string) (*BELoginResponse, error)
func (*BELoginResponse) ToLoginObject ¶
func (r *BELoginResponse) ToLoginObject() *LoginObject
type BackendConnector ¶
type BackendConnector struct { BaseURL string BELoginResponse *BELoginResponse Credentials *CustomerLoginDetails HTTPClient *http.Client }
func MakeBackendConnector ¶
func MakeBackendConnector(client *http.Client, baseURL string, loginDetails *CustomerLoginDetails) (*BackendConnector, error)
func MakePublicBackendConnector ¶
func MakePublicBackendConnector(baseURL string) (*BackendConnector, error)
func (*BackendConnector) GetBaseURL ¶
func (r *BackendConnector) GetBaseURL() string
func (*BackendConnector) GetClient ¶
func (r *BackendConnector) GetClient() *http.Client
func (*BackendConnector) GetLoginObj ¶
func (r *BackendConnector) GetLoginObj() *LoginObject
func (*BackendConnector) HTTPSend ¶
func (r *BackendConnector) HTTPSend(httpverb string, endpoint string, payload []byte, f HTTPReqFunc, login bool, qryData interface{}) ([]byte, error)
func (*BackendConnector) IsExpired ¶
func (r *BackendConnector) IsExpired() bool
func (*BackendConnector) Login ¶
func (r *BackendConnector) Login() error
type Command ¶
type Command struct { // Name of the command // // Example: updateRules CommandName NotificationPolicyType `json:"commandName"` // ID of the response // // Example: 49cfe0a0-9fab-4e54-a6e4-7b27e566d3cd ResponseID string `json:"responseID,omitempty"` // Designators for the command // // Designators select the targets to which the command applies. Designators []armotypes.PortalDesignator `json:"designators,omitempty"` Wlid string `json:"wlid,omitempty"` WildWlid string `json:"wildWlid,omitempty"` Sid string `json:"sid,omitempty"` WildSid string `json:"wildSid,omitempty"` // Job tracking context for JobTracking JobTracking `json:"jobTracking,omitempty"` // Arguments for the command Args map[string]interface{} `json:"args,omitempty"` }
Command describes an individual command for the in-cluster components
func (*Command) GetCronJobParams ¶
func (c *Command) GetCronJobParams() *CronJobParams
func (*Command) GetFieldSelector ¶
func (*Command) SetCronJobParams ¶
func (c *Command) SetCronJobParams(cjParams CronJobParams)
func (*Command) SetFieldSelector ¶
type Commands ¶
type Commands struct { // A list of commands to execute // // Example: [ { "CommandName": "scanRegistry", "args": { "registryInfo-v1": { "registryName": "quay.io/armosec" } } } ] Commands []Command `json:"commands"` }
Commands contains a collection of commands for the in-cluster components
type Connector ¶
type Connector interface { //may used for a more generic httpsend interface based method GetBaseURL() string GetLoginObj() *LoginObject GetClient() *http.Client Login() error IsExpired() bool HTTPSend(httpverb string, endpoint string, payload []byte, f HTTPReqFunc, qryData interface{}) ([]byte, error) }
Connector - interface for any connector (BE/Portal and so on)
type CronJobParams ¶
type CronJobParams struct { CronTabSchedule string `json:"cronTabSchedule"` JobName string `json:"name,omitempty"` }
CronJobParams parmas for cronJob
type CustomerLoginDetails ¶
type CustomerLoginDetails struct { Email string `json:"email"` Password string `json:"password"` CustomerName string `json:"customer,omitempty"` CustomerGUID uuid.UUID `json:"customerGuid,omitempty"` }
CustomerLoginDetails is what it is
type ElasticRespTotal ¶
taken from BE ElasticRespTotal holds the total struct in Elastic array response
type HTTPReqFunc ¶
HTTPReqFunc allows you to insert query params and more to aggregation message while using update aggregator
type JobTracking ¶
type JobTracking struct { // ID of the current job // // Example: 0f2c8611-ba99-40e5-af21-2bc3823e3283 JobID string `json:"jobID,omitempty"` // ID of the parent job // // Example: 6ecfe560-104c-4e7b-8cd3-ee3cbc3b58fb ParentID string `json:"parentAction,omitempty"` // Number of the last action // // Example: 2 LastActionNumber int `json:"numSeq,omitempty"` // Timestamp of the latest action Timestamp time.Time `json:"timestamp,omitempty"` }
JobTracking describes a context in which the job is executing It is used to track job execution source and context: what spawned it, when and under what circumstances.
type LoginAux ¶
func GetLoginStruct ¶
type LoginObject ¶
type LoginObject struct { Authorization string `json:"authorization"` GUID string Cookies []*http.Cookie Expires string }
func Login ¶
func Login(loginDetails CustomerLoginDetails) (*LoginObject, error)
func (*LoginObject) IsExpired ¶
func (r *LoginObject) IsExpired() bool
type NotificationPolicyType ¶
type NotificationPolicyType string
Supported NotificationTypes
swagger:enum NotificationPolicyType
const ( TypeValidateRules NotificationPolicyType = "validateRules" // Execute a posture scan TypeExecPostureScan NotificationPolicyType = "execPostureScan" TypeUpdateRules NotificationPolicyType = "updateRules" TypeRunKubescapeJob NotificationPolicyType = "runKubescapeJob" // Trigger a Kubescape scan TypeRunKubescape NotificationPolicyType = "kubescapeScan" // Create a CronJob that runs a Kubescape scan TypeSetKubescapeCronJob NotificationPolicyType = "setKubescapeCronJob" // Update a CronJob that runs a Kubescape scan TypeUpdateKubescapeCronJob NotificationPolicyType = "updateKubescapeCronJob" // Delete a CronJob that runs a Kubescape scan TypeDeleteKubescapeCronJob NotificationPolicyType = "deleteKubescapeCronJob" // Create a CronJob that runs a Vulnerability Scan TypeSetVulnScanCronJob NotificationPolicyType = "setVulnScanCronJob" // Update a CronJob that runs a Vulnerability Scan TypeUpdateVulnScanCronJob NotificationPolicyType = "updateVulnScanCronJob" // Delete a CronJob that runs a Vulnerability Scan TypeDeleteVulnScanCronJob NotificationPolicyType = "deleteVulnScanCronJob" // Trigger an image scan TypeScanImages NotificationPolicyType = "scan" // Trigger a registry scan TypeScanRegistry NotificationPolicyType = "scanRegistry" // Create a CronJob that runs registry scans TypeSetRegistryScanCronJob NotificationPolicyType = "setRegistryScanCronJob" // Update a CronJob that runs registry scans TypeUpdateRegistryScanCronJob NotificationPolicyType = "updateRegistryScanCronJob" // Delete a CronJob that runs registry scans TypeDeleteRegistryScanCronJob NotificationPolicyType = "deleteRegistryScanCronJob" )
type Oauth2Claims ¶
type Oauth2Claims struct { Sub string `json:"sub"` Name string `json:"name"` PreferredUserName string `json:"preferred_username"` CAGroups []string `json:"ca_groups"` Email string `json:"email"` }
Oauth2Claims returns in claims section of Oauth2 verification process
type Oauth2Customer ¶
type Oauth2Customer struct { CustomerName string `json:"customerName"` CustomerGUID string `json:"customerGUID"` }
Oauth2Customer returns inside the "ca_groups" field in claims section of Oauth2 verification process
type PaginationMarks ¶
type PaginationMarks struct { ReportNumber int `json:"chunkNumber"` // serial number of report, used in pagination IsLastReport bool `json:"isLastChunk"` //specify this is the last report, used in pagination }
PaginationMarks for split documents
type SessionChain ¶
type SessionChain struct { // All related job IDs in order from the most distant to the closes relative. // // For instance: grandparent → parent → current. // // Example: ["825f0a9e-34a9-4727-b81a-6e1bf3a63725", "c188de09-c6ec-4814-b36a-722dcccea64b"] JobIDs []string `json:"jobIDs"` // The timestamp of the earliest job Timestamp time.Time `json:"timestamp"` // ID of the job that started this chain. // // Example: 825f0a9e-34a9-4727-b81a-6e1bf3a63725 // swagger:strfmt uuid4 RootJobID string `json:"rootJobID,omitempty"` // Title of the current action being performed // // Example: vulnerability-scan ActionTitle string `json:"action,omitempty"` }
SessionChain provides the context of a given job.
The goal is to provide context for a given job: its parent jobs, a chain of how the jobs were spawned and some metadata.
Consider a vulnerability scan, for example:
- The Backend or cluster sends a websocket request with a Job ID, e.g. jobID_1.
- The Websocket takes all the cluster workloads and for each workload it creates a job with ID `jobID_i`.
- Then, for each container in `workload_i` it creates a job with ID `jobID_j`.
So when the Websocket sends the scan command, it sends the normal command object (pre Session Chain) to the Vulnerability Scanner
session: { "jobIDs": ["jobID_1", "jobID_i", "jobID_j"], "timestamp": "<jobID#1 timestamp>", "rootJobID": "jobID_1" }
This Session Chain is needed so that:
- each scan will hold it's own unique sessionChain.
- `rootJobID` will allow customers to find their latest scans issues by cluster/other.
- `jobID`s will allow customers to take all specific workload related for that specific scan.
type SessionChainWrapper ¶
type SessionChainWrapper struct { SessionChain `json:",inline"` Designators armotypes.PortalDesignator `json:"designators"` }
type V2ListResponse ¶
type V2ListResponse struct { Total ElasticRespTotal `json:"total"` Response interface{} `json:"response"` // Cursor for quick access to the next page. Not supported yet Cursor string `json:"cursor"` }
V2ListResponse holds the response of some list request with some metadata
type WebsocketScanCommand ¶
type WebsocketScanCommand struct { // Current session context // // Used for correlating requests in the logs. Session SessionChain `json:"session,omitempty"` // Tag of the image to scan // // Example: nginx:latest ImageTag string `json:"imageTag"` // ID of a workload that is running the image you want to scan // // Example: wlid://cluster-marina/namespace-default/deployment-nginx Wlid string `json:"wlid"` // Has the provided image been previously scanned or not? // // An image will only be scanned if it has not been scanned previously (value is `false`). // If an image has been previously scanned (value is `true`), it will not be scanned again. // // Example: false IsScanned bool `json:"isScanned"` // Name of the container that contains an image to be scanned // // Example: nginx ContainerName string `json:"containerName"` // ID of the scanning Job // // Example: 7b04592b-665a-4e47-a9c9-65b2b3cabb49 JobID string `json:"jobID,omitempty"` // ID of the Parent Job — a job that initiated the current job // // Example: 825f0a9e-34a9-4727-b81a-6e1bf3a63725 ParentJobID string `json:"parentJobID,omitempty"` // The last action received from the Websocket // // Example: 2 LastAction int `json:"actionIDN"` // Hash of the image to scan // // Example: bcae378eacedab83da66079d9366c8f5df542d7ed9ab23bf487e3e1a8481375d ImageHash string `json:"imageHash"` // Deprecated: Credentials to the Container Registry that holds the image to be scanned // // Kept for backward compatibility Credentials *types.AuthConfig `json:"credentials,omitempty"` // A list of credentials for private Container Registries that store images to be scanned Credentialslist []types.AuthConfig `json:"credentialsList,omitempty"` // Arguments to pass to the scan command // // Example: {"useHTTP": true, "skipTLSVerify": true, "registryName": "", "repository": "", "tag": ""} Args map[string]interface{} `json:"args,omitempty"` }
WebsocketScanCommand is a command that triggers a scan for vulnerabilities.