Documentation
¶
Index ¶
- Constants
- Variables
- func DigestAttributesDesignator(attributes map[string]string) (string, string, map[string]string)
- func DigestPortalDesignator(designator *PortalDesignator) (string, string, map[string]string)
- func GetInClusterSupportedNamespaces() []string
- func IsDesignatorsMatchContext(ctxSlice []ArmoContext, designator *PortalDesignator, designatorPrefix string) bool
- type Alert2Channel
- type AlertLevel
- type ApprovementState
- type ApprovementStatus
- type ArmoContext
- type AssociationStatus
- type AuthMethod
- type CollabAssignee
- type CollaborationConfig
- type CollaborationConfigOption
- type CollaborationConfigOptionType
- type CommonSummaryFields
- type ControlInfo
- type ControlInputs
- type CustomerConfig
- type DesignatorType
- type EnforcmentsRule
- type ExecutionPolicy
- type FixPath
- type GUID
- type HighlightsByControl
- type KPILogin
- type KPIPostureScan
- type Notifications
- type PortalBase
- type PortalCluster
- type PortalCustomer
- type PortalDesignator
- func (designator *PortalDesignator) DigestAttributesDesignator() attributesDesignators
- func (designator *PortalDesignator) DigestPortalDesignator() attributesDesignators
- func (designator *PortalDesignator) GetCluster() string
- func (designator *PortalDesignator) GetKind() string
- func (designator *PortalDesignator) GetLabels() map[string]string
- func (designator *PortalDesignator) GetName() string
- func (designator *PortalDesignator) GetNamespace() string
- func (designator *PortalDesignator) GetPath() string
- func (designator *PortalDesignator) NKeys() int
- func (designator *PortalDesignator) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)
- type PortalRepository
- type PostureAttributesList
- type PostureClusterOverTime
- type PostureClusterSummary
- type PostureContainerSummary
- type PostureControlSummary
- type PostureExceptionPolicy
- type PostureExceptionPolicyActions
- type PostureFrameworkOverTime
- type PostureFrameworkOverTimeCoord
- type PostureFrameworkSubsectionSummary
- type PostureFrameworkSummary
- type PostureFrameworksOverTime
- type PostureJobParams
- type PosturePaths
- type PosturePolicy
- type PostureReportResultRaw
- type PostureResource
- type PostureResourceSummary
- type PostureScanConfig
- type PostureSummary
- type RawResource
- type RecommendationAssociation
- type RecommendationSkeletonV1
- type RecordStatus
- type RegistryInfo
- type RegistryJobParams
- type RepoEntityKind
- type RepoEntitySummary
- type ScanFrequency
- type Settings
- type SlackChannel
- type SlackNotification
- type SlackSettings
- type UpdateAuditEntry
- type VulnerabilityExceptionPolicy
- type VulnerabilityExceptionPolicyActions
- type VulnerabilityJobParams
- type VulnerabilityPolicy
- type VulnerabilityScanConfig
Constants ¶
View Source
const ( // In-cluster namespaces ArmoSystemNamespace = "armo-system" // deprecated, kept for backward compatibility KubescapeNamespace = "kubescape" ArmoKollectorContainerName = "armo-collector" // deprecated, kept for backward compatibility KollectorContainerName = "kollector" // registry scan LowestHelmVersionSupportedRegistryScanAndTest = "v1.9" LowestHelmVersionSupportedRegistryScan = "v1.7.14" RegistryInfoArgKey = "registryInfo-v1" RegistryScanSecretName = "kubescape-registry-scan" // vulnerability scan LowestHelmVersionSupportedVulnerabilityScan = "v1.7.17" // cronjob template annotation and labels CronJobTemplateAnnotationArmoJobIDKeyDeprecated = "armo.jobid" // deprecated CronJobTemplateAnnotationArmoCloudJobIDKeyDeprecated = "armo.cloud/jobid" // deprecated CronJobTemplateAnnotationJobIDKey = "app.kubescape/job-id" CronJobTemplateAnnotationUpdateJobIDDeprecated = "armo.updatejobid" // deprecated CronJobTemplateAnnotationUpdateJobID = "app.kubescape/update-job-id" CronJobTemplateAnnotationNamespaceKeyDeprecated = "armo.namespace" // deprecated CronJobTemplateAnnotationNamespaceKey = "app.kubescape/namespace" CronJobTemplateAnnotationRegistryNameKey = "armo.cloud/registryname" CronJobTemplateAnnotationHostScannerKey = "armo.host-scanner" CronJobTemplateAnnotationFrameworkKey = "armo.framework" CronJobTemplateLabelKey = "armo.tier" CronJobTemplateLabelValueKubescape = "kubescape-scan" CronJobTemplateLabelValueVulnScan = "vuln-scan" CronJobTemplateLabelValueRegistryScan = "registry-scan" )
View Source
const ( K8sKindCluster = "Cluster" K8sKindNode = "Node" K8sKindNamespace = "Namespace" K8sApiVersionV1 = "v1" K8sApiVersionRBAC = "rbac.authorization.k8s.io" K8sApiVersionRBACV1 = K8sApiVersionRBAC + "/" + K8sApiVersionV1 K8SApiVersionAppsV1 = "apps/v1" K8SApiVersionBatchV1 = "batch/v1" )
View Source
const ( CustomerGuidQuery = "customerGUID" ClusterNameQuery = "cluster" DatacenterNameQuery = "datacenter" NamespaceQuery = "namespace" ProjectQuery = "project" WlidQuery = "wlid" SidQuery = "sid" )
View Source
const ( DesignatorsToken = "designators" AttributeCustomerGUID = "customerGUID" AttributeRegistryName = "registryName" AttributeRepository = "repository" AttributeTag = "tag" AttributeCluster = "cluster" AttributeNamespace = "namespace" AttributeKind = "kind" AttributeName = "name" AttributeContainerName = "containerName" AttributeApiVersion = "apiVersion" AttributeWorkloadHash = "workloadHash" AttributeIsIncomplete = "isIncomplete" AttributeSensor = "sensor" AttributePath = "path" )
attributes
View Source
const ( AttributeRepoName = "repoName" AttributeRepoOwner = "repoOwner" AttributeRepoHash = "repoHash" AttributeBranchName = "branch" AttributeDefaultBranch = "defaultBranch" AttributeProvider = "provider" AttributeRemoteURL = "remoteURL" AttributeLastCommitHash = "lastCommitHash" AttributeLastCommitterName = "lastCommitterName" AttributeLastCommitterEmail = "lastCommitterEmail" AttributeLastCommitTime = "lastCommitTime" AttributeFilePath = "filePath" AttributeFileType = "fileType" AttributeFileDir = "fileDirectory" AttributeFileUrl = "fileUrl" AttributeFileHelmChartName = "fileHelmChartName" AttributeLastFileCommitHash = "lastFileCommitHash" AttributeLastFileCommitterName = "lastFileCommitterName" AttributeLastFileCommitterEmail = "LastFileCommitterEmail" AttributeLastFileCommitTime = "lastFileCommitTime" AttributeUseHTTP = "useHTTP" AttributeSkipTLSVerify = "skipTLSVerify" )
Repository scan related attributes
View Source
const ( AttributeImageScanRelated = "imageScanRelated" AttributeImageRelatedControls = "imageRelatedControls" AttributeHostSensorRule = "hostSensorRule" AttributeHostSensor = "hostSensor" )
rego-library attributes
View Source
const ( AttributeWorkerNodes = "workerNodes" WorkerNodesmax = "max" WorkerNodeslastReported = "lastReported" WorkerNodeslastReportDate = "lastReportDate" WorkerNodesmaxPerMonth = "maxPerMonth" WorkerNodesmaxReportGUID = "maxReportGUID" WorkerNodesmaxPerMonthReportGUID = "maxPerMonthReportGUID" WorkerNodeslastReportGUID = "lastReportGUID" )
Worker nodes attribute related consts
View Source
const ( PostureControlStatusUnknown = 0 PostureControlStatusPassed = 1 PostureControlStatusWarning = 2 PostureControlStatusFailed = 3 PostureControlStatusSkipped = 4 PostureControlStatusIrrelevant = 5 PostureControlStatusError = 6 PostureResourceMaxCtrls = 6 )
Variables ¶
View Source
var IgnoreLabels = []string{AttributeCluster, AttributeNamespace}
Functions ¶
func DigestPortalDesignator ¶
func DigestPortalDesignator(designator *PortalDesignator) (string, string, map[string]string)
DigestPortalDesignator DEPRECATED. use designator.DigestPortalDesignator() - get cluster namespace and labels from designator
func GetInClusterSupportedNamespaces ¶ added in v0.0.114
func GetInClusterSupportedNamespaces() []string
func IsDesignatorsMatchContext ¶
func IsDesignatorsMatchContext(ctxSlice []ArmoContext, designator *PortalDesignator, designatorPrefix string) bool
checks if all the context values match in designators
Types ¶
type Alert2Channel ¶
type Alert2Channel struct {
Critical []SlackChannel `json:"criticalChannels,omitempty" bson:"criticalChannels,omitempty"`
Error []SlackChannel `json:"errorChannels,omitempty" bson:"errorChannels,omitempty"`
Info []SlackChannel `json:"infoChannels,omitempty" bson:"infoChannels,omitempty"`
}
type AlertLevel ¶
type AlertLevel string
const ( AlertInfo AlertLevel = "info" AlertCritical AlertLevel = "critical" AlertError AlertLevel = "error" )
type ApprovementState ¶
type ApprovementState struct {
UpdateAuditEntry `json:",inline"`
Status ApprovementStatus `json:"status"`
}
type ApprovementStatus ¶
type ApprovementStatus int
const ( ApprovementStatusApprove ApprovementStatus = iota + 1 ApprovementStatusDecline ApprovementStatusPending )
type ArmoContext ¶
type ArmoContext struct {
Attribute string `json:"attribute"`
Value string `json:"value"`
Source string `json:"source"`
}
context attributes based structure to get more flexible and searchable options
func DesignatorToArmoContext ¶
func DesignatorToArmoContext(designator *PortalDesignator, designatorPrefix string) []ArmoContext
type AssociationStatus ¶
type AssociationStatus int
const ( AssociationStatusAssigned AssociationStatus = iota + 1 AssociationStatusShown AssociationStatusDeclineByUser AssociationStatusHandled // the user took this recommendation into account AssociationStatusFixed // the user fixed the issue in some another way )
type AuthMethod ¶ added in v0.0.125
type CollabAssignee ¶
type CollabAssignee struct {
//example: can be channelID(slack) "C02HD5MU9G8" and etc.
AssgineeID string `json:"assigneeID"`
//example: #abuse(slack)
AssigneeName string `json:"assigneeName"`
//put here properties of the assignee, ad
AdditionalInfo []ArmoContext `json:"additionalInfo"`
}
type CollaborationConfig ¶
type CollaborationConfig struct {
PortalBase `json:",inline"`
// Provider name
// Example: jira
Provider string `json:"provider"`
// Host name for private hosting
// Example: http://example.com
HostName string `json:"hostName,omitempty"`
// The context of sharing (for example in jira it will be cloud, project, etc)
Context map[string]CollaborationConfigOption `json:"context"`
// Icon url for the option. Optional
// Example: https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/triangle.png
IconURL string `json:"iconURL,omitempty"`
// Icon for the option encoded in base64. Optional
IconBase64 string `json:"iconBase64,omitempty"`
}
swagger:model CollaborationConfig
type CollaborationConfigOption ¶
type CollaborationConfigOption struct {
// Type of the option
// Example: Project
Type *CollaborationConfigOptionType `json:"type,omitempty"`
// Name of the option
// Example: jira-main-project
Name string `json:"name"`
// ID of the option
// Example: 8313c5a0-bee1-4a3c-8f4f-71ce698259876
ID string `json:"id"`
// Icon url for the option. Optional
// Example: https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/triangle.png
IconURL string `json:"iconURL,omitempty"`
// Icon for the option encoded in base64. Optional
IconBase64 string `json:"iconBase64,omitempty"`
}
Collaboration provider config option swagger:model CollaborationConfigOption
type CollaborationConfigOptionType ¶
type CollaborationConfigOptionType struct {
// Name of the type
// Example: project
Name string `json:"name"`
// Indicates if this option is a mandatory for collaboration configuration
// Example: false
ConfigRequired bool `json:"required"`
// Example: true
ShareRequired bool `json:"-"`
// Custom input available or not
// Example: false
CustomInput bool `json:"customInput"`
}
Config option type swagger:model CollaborationConfigOptionType
type CommonSummaryFields ¶
type CommonSummaryFields struct {
// The unique id of the report this summary belongs to
ReportID GUID `json:"reportGUID"`
// The designators of this summary
Designators *PortalDesignator `json:"designators"`
// Time of the scan that produced this summary
Timestamp time.Time `json:"timestamp"`
// swagger:ignore
// Indication if this summary is marked for deletetion
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
}
swagger:model
type ControlInfo ¶
type ControlInfo struct {
// ID of the control
// Example: C-0034
ID string `json:"id"`
// How much this control is critical
// Example: 6
BaseScore float32 `json:"baseScore"`
// How many failed resources for this control
// Example: 3
FailedResources int `json:"failedResources"`
}
ControlInfo Basic information about a control
type ControlInputs ¶
type ControlInputs struct {
Rulename string
Inputs []PostureAttributesList // Attribute = input list name, Values = list values
}
type CustomerConfig ¶
type CustomerConfig struct {
Name string `json:"name" bson:"name"`
Attributes map[string]interface{} `json:"attributes,omitempty" bson:"attributes,omitempty"` // could be string
Scope PortalDesignator `json:"scope" bson:"scope"`
Settings Settings `json:"settings" bson:"settings"`
}
func MockCustomerConfig ¶
func MockCustomerConfig() *CustomerConfig
type DesignatorType ¶
type DesignatorType string
Type of the designator
swagger:enum DesignatorType
const ( DesignatorAttributes DesignatorType = "Attributes" DesignatorAttribute DesignatorType = "Attribute" // Deprecated // WorkloadID format. // // Has two formats: // 1. Kubernetes format: wlid://cluster-<cluster>/namespace-<namespace>/<kind>-<name> // 2. Native format: wlid://datacenter-<datacenter>/project-<project>/native-<name> DesignatorWlid DesignatorType = "Wlid" // A WorkloadID wildcard expression. // // A wildcard expression that includes a cluster: // // wlid://cluster-<cluster>/ // // An expression that includes a cluster and namespace (filters out all other namespaces): // // wlid://cluster-<cluster>/namespace-<namespace>/ DesignatorWildWlid DesignatorType = "WildWlid" DesignatorWlidContainer DesignatorType = "WlidContainer" DesignatorWlidProcess DesignatorType = "WlidProcess" DesignatorSid DesignatorType = "Sid" // secret id )
Supported designators
func (DesignatorType) ToLower ¶
func (dt DesignatorType) ToLower() DesignatorType
type EnforcmentsRule ¶
type ExecutionPolicy ¶
type ExecutionPolicy struct {
PortalBase `json:",inline"`
Designators []PortalDesignator `json:"designators"`
PolicyType string `json:"policyType"`
CreationTime string `json:"creation_time"`
ExecutionEnforcmentsRules []EnforcmentsRule `json:"enforcementRules"`
}
type HighlightsByControl ¶
type KPIPostureScan ¶
type KPIPostureScan struct {
Client string `json:"client"`
ClientVersion string `json:"clientVersion"`
Framework string `json:"framework"`
FrameworkVersion string `json:"frameworkVersion"`
Timestamp time.Time `json:"timestamp"`
Target string `json:"target"` //yaml,helm,running - what we actually scanned
ClientIP string `json:"clientIP"`
}
type Notifications ¶
type Notifications struct {
PostureScan []string `json:"postureScan,omitempty" bson:"postureScan,omitempty"` // bad approach kept till i see if can do something with mongo and old data
PostureScoreAboveLastScan []string `json:"postureScoreAboveLastScan,omitempty" bson:"postureScoreAboveLastScan,omitempty"`
PostureScanV1 []SlackNotification `json:"postureScanV1" bson:"postureScanV1"`
PostureScanAboveLastScanV1 []SlackNotification `json:"postureScoreAboveLastScanV1" bson:"postureScoreAboveLastScanV1"`
}
type PortalBase ¶
type PortalBase struct {
GUID string `json:"guid" bson:"guid"`
Name string `json:"name" bson:"name"`
Attributes map[string]interface{} `json:"attributes,omitempty" bson:"attributes,omitempty"` // could be string
}
PortalBase holds basic items data from portal BE
func MockPortalBase ¶
func MockPortalBase(customerGUID, name string, attributes map[string]interface{}) *PortalBase
func (*PortalBase) GetAttributes ¶ added in v0.0.128
func (p *PortalBase) GetAttributes() map[string]interface{}
func (*PortalBase) GetGUID ¶ added in v0.0.128
func (p *PortalBase) GetGUID() string
Getters & Setter used by derived types for interfaces implementation
func (*PortalBase) GetName ¶ added in v0.0.128
func (p *PortalBase) GetName() string
func (*PortalBase) SetAttributes ¶ added in v0.0.128
func (p *PortalBase) SetAttributes(attributes map[string]interface{})
func (*PortalBase) SetGUID ¶ added in v0.0.128
func (p *PortalBase) SetGUID(guid string)
func (*PortalBase) SetName ¶ added in v0.0.128
func (p *PortalBase) SetName(name string)
type PortalCluster ¶ added in v0.0.120
type PortalCluster struct {
PortalBase `json:",inline" bson:"inline"`
SubscriptionDate string `json:"subscription_date" bson:"subscription_date"`
LastLoginDate string `json:"last_login_date" bson:"last_login_date"`
}
PortalCluster holds cluster data from portal BE
type PortalCustomer ¶ added in v0.0.126
type PortalCustomer struct {
PortalBase `json:",inline" bson:"inline"`
Description string `json:"description" bson:"description"`
SubscriptionDate string `json:"subscription_date" bson:"subscription_date"`
LastLoginDate string `json:"last_login_date" bson:"last_login_date"`
Email string `json:"email" bson:"email"`
//License
LicenseType string `json:"license_type" bson:"license_type"`
SubscriptionExpiration string `json:"subscription_expiration" bson:"subscription_expiration"`
InitialLicenseType string `json:"initial_license_type" bson:"initial_license_type"`
}
type PortalDesignator ¶
type PortalDesignator struct {
DesignatorType DesignatorType `json:"designatorType" bson:"designatorType"`
// A specific Workload ID
WLID string `json:"wlid,omitempty" bson:"wlid,omitempty"`
// An expression that describes applicable workload IDs
WildWLID string `json:"wildwlid,omitempty" bson:"wildwlid,omitempty"`
// A specific Secret ID
SID string `json:"sid,omitempty" bson:"sid,omitempty"`
// Attributes that describe the targets
Attributes map[string]string `json:"attributes" bson:"attributes"`
}
PortalDesignator represents a single designation option
func AttributesDesignatorsFromImageTag ¶
func AttributesDesignatorsFromImageTag(imageTag string) *PortalDesignator
func AttributesDesignatorsFromWLID ¶
func AttributesDesignatorsFromWLID(wlid string) *PortalDesignator
func MockPortalDesignator ¶
func MockPortalDesignator() *PortalDesignator
func (*PortalDesignator) DigestAttributesDesignator ¶
func (designator *PortalDesignator) DigestAttributesDesignator() attributesDesignators
func (*PortalDesignator) DigestPortalDesignator ¶
func (designator *PortalDesignator) DigestPortalDesignator() attributesDesignators
DigestPortalDesignator - get cluster namespace and labels from designator
func (*PortalDesignator) GetCluster ¶
func (designator *PortalDesignator) GetCluster() string
func (*PortalDesignator) GetKind ¶
func (designator *PortalDesignator) GetKind() string
func (*PortalDesignator) GetLabels ¶
func (designator *PortalDesignator) GetLabels() map[string]string
func (*PortalDesignator) GetName ¶
func (designator *PortalDesignator) GetName() string
func (*PortalDesignator) GetNamespace ¶
func (designator *PortalDesignator) GetNamespace() string
func (*PortalDesignator) GetPath ¶ added in v0.0.118
func (designator *PortalDesignator) GetPath() string
func (*PortalDesignator) NKeys ¶
func (designator *PortalDesignator) NKeys() int
func (*PortalDesignator) UnmarshalJSONObject ¶
func (designator *PortalDesignator) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)
type PortalRepository ¶ added in v0.0.128
type PortalRepository struct {
PortalBase `json:",inline" bson:"inline"`
CreationDate string `json:"creationDate" bson:"creationDate"`
Provider string `json:"provider" bson:"provider"`
Owner string `json:"owner" bson:"owner"`
RepoName string `json:"repoName" bson:"repoName"`
BranchName string `json:"branchName" bson:"branchName"`
}
type PostureAttributesList ¶
type PostureClusterOverTime ¶
type PostureClusterOverTime struct {
Designators PortalDesignator `json:"designators,omitempty"`
ClusterName string `json:"clusterName"`
Frameworks []PostureFrameworkOverTime `json:"frameworks"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
}
-------- /api/v1/posture/clustersOvertime response datastructures
type PostureClusterSummary ¶ added in v0.0.122
type PostureClusterSummary struct {
Score float32 `json:"score"`
TotalControls int `json:"totalControls"`
FailedControls int `json:"failedControls"`
WarningControls int `json:"warningControls"`
ReportID string `json:"reportGUID"`
Designators PortalDesignator `json:"designators"`
Timestamp time.Time `json:"timestamp"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
Frameworks []string `json:"frameworks"`
// Counters - Failed resources by severity
CriticalSeverityResources int `json:"criticalSeverityResources"`
HighSeverityResources int `json:"highSeverityResources"`
MediumSeverityResources int `json:"mediumSeverityResources"`
LowSeverityResources int `json:"lowSeverityResources"`
// Counters - Failed controls by severity
CriticalSeverityControls int `json:"criticalSeverityControls"`
HighSeverityControls int `json:"highSeverityControls"`
MediumSeverityControls int `json:"mediumSeverityControls"`
LowSeverityControls int `json:"lowSeverityControls"`
// Counters - Resources by status
PassedResources int `json:"passedResources"`
FailedResources int `json:"failedResources"`
ExcludedResources int `json:"excludedResources"`
// Metadata
KubescapeVersion string `json:"kubescapeVersion"`
KubernetesVersion string `json:"kubernetesVersion"`
WorkerNodeCount int `json:"workerNodeCount"`
Location string `json:"location"`
CloudProvider string `json:"cloudProvider"`
// Information about the controls that were run on this entity
// The key is the status of the control (`failed`, `passed`, etc)
ControlsInfo map[string][]ControlInfo `json:"controlsInfo"`
}
type PostureContainerSummary ¶
type PostureControlSummary ¶
type PostureControlSummary struct {
Designators PortalDesignator `json:"designators"`
ControlID string `json:"id"` // "C0001"
ControlGUID string `json:"guid"`
Name string `json:"name"`
AffectedResourcesCount int `json:"affectedResourcesCount"`
FailedResourcesCount int `json:"failedResourcesCount"`
WarningResourcesCount int `json:"warningResourcesCount"`
PreviousAffectedResourcesCount int `json:"previousAffectedResourcesCount"`
PreviousFailedResourcesCount int `json:"previousFailedResourcesCount"`
PreviousWarningResourcesCount int `json:"previousWarningResourcesCount"`
Framework string `json:"frameworkName"`
FrameworkSubSectionID []string `json:"frameworkSubsectionID,omitempty"`
Remediation string `json:"remediation"`
Status int `json:"status"`
StatusText string `json:"statusText"`
Description string `json:"description"`
Section string `json:"section"`
Timestamp time.Time `json:"timestamp"`
ReportID string `json:"reportGUID"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
Score float32 `json:"score"`
ScoreFactor float32 `json:"baseScore"`
ScoreWeight float32 `json:"scoreWeight"`
ARMOImprovement float32 `json:"ARMOimprovement"`
RelevantCloudProvides []string `json:"relevantCloudProvides"`
ControlInputs []ControlInputs `json:"controlInputs"`
IsLastScan int `json:"isLastScan"`
HighlightPathsCount int64 `json:"highlightPathsCount"`
}
----/api/v1/posture/controls
type PostureExceptionPolicy ¶
type PostureExceptionPolicy struct {
PortalBase `json:",inline" bson:"inline"`
PolicyType string `json:"policyType" bson:"policyType"`
CreationTime string `json:"creationTime" bson:"creationTime"`
Actions []PostureExceptionPolicyActions `json:"actions" bson:"actions"`
Resources []PortalDesignator `json:"resources" bson:"resources"`
PosturePolicies []PosturePolicy `json:"posturePolicies" bson:"posturePolicies"`
}
func (*PostureExceptionPolicy) IsAlertOnly ¶
func (exceptionPolicy *PostureExceptionPolicy) IsAlertOnly() bool
func (*PostureExceptionPolicy) IsDisable ¶
func (exceptionPolicy *PostureExceptionPolicy) IsDisable() bool
type PostureExceptionPolicyActions ¶
type PostureExceptionPolicyActions string
const AlertOnly PostureExceptionPolicyActions = "alertOnly"
const Disable PostureExceptionPolicyActions = "disable"
type PostureFrameworkOverTime ¶
type PostureFrameworkOverTime struct {
// "frameworkName": "MITRE",
// "riskScore": 54,
RiskScore float32 `json:"riskScore"`
Framework string `json:"frameworkName"`
Coords []PostureFrameworkOverTimeCoord `json:"cords"`
}
PostureFrameworkOverTime - the response structure
type PostureFrameworkSubsectionSummary ¶
type PostureFrameworkSubsectionSummary struct {
// The name (title) of the subsection
// Example: General Policies
Name string `json:"name"`
// The name of the framework this subsection belongs to
// Example: CIS
Framework string `json:"framework"`
// Unique id of the subsection inside its framework
// Example: 5.7
ID string `json:"id"`
// Statistics about the controls that were run
// The key is the status of the control (`failed`, `passed`, etc).
// The value is the number of controls
// Example: {"failed": 3, "passed": 4}
ControlsStats map[string]uint `json:"controlsStats"`
}
type PostureFrameworkSummary ¶
type PostureFrameworkSummary struct {
Name string `json:"name"`
Score float32 `json:"value"`
ImprovementScore float32 `json:"improvementScore"`
TotalControls int `json:"totalControls"`
FailedControls int `json:"failedControls"`
WarningControls int `json:"warningControls"`
ReportID string `json:"reportGUID"`
Designators PortalDesignator `json:"designators"`
Timestamp time.Time `json:"timestamp"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
}
type PostureFrameworksOverTime ¶
type PostureFrameworksOverTime struct {
ClusterName string `json:"clusterName"`
ScoreValue float32 `json:"value"`
ReportID string `json:"reportGUID"`
Timestamp time.Time `json:"timestamp"`
Framework string `json:"frameworkName"`
}
Used for elastic
type PostureJobParams ¶
type PosturePaths ¶
type PosturePolicy ¶
type PosturePolicy struct {
FrameworkName string `json:"frameworkName" bson:"frameworkName"`
ControlName string `json:"controlName,omitempty" bson:"controlName,omitempty"`
ControlID string `json:"controlID,omitempty" bson:"controlID,omitempty"`
RuleName string `json:"ruleName,omitempty" bson:"ruleName,omitempty"`
}
type PostureReportResultRaw ¶
type PostureReportResultRaw struct {
Designators PortalDesignator `json:"designators"`
Timestamp time.Time `json:"timestamp"`
ReportID string `json:"reportGUID"`
ResourceID string `json:"resourceID"`
ControlID string `json:"controlID"`
ControlConfigurations []ControlInputs `json:"controlConfigurations,omitempty"`
HighlightsPaths []PosturePaths `json:"highlightsPaths"`
}
type PostureResource ¶
type PostureResource struct {
UniqueResourceResult string `json:"uniqueResourceResult"` // FNV(customerGUID + cluster+resourceID+frameworkName + resource.ReportID) to allow fast search for aggregation
Designators PortalDesignator `json:"designators"`
Name string `json:"name"` // wlid/sid and etc.
ResourceID string `json:"resourceID"` //as given by kscape
ControlName string `json:"controlName"`
HighlightPaths []string `json:"highlightPaths"` // specifies "failedPath" - where exactly in the raw resources the control failed
FixPaths []FixPath `json:"fixPaths"` // specifies "fixPaths" - what in the raw resources needs to be added by user
ControlID string `json:"controlID"`
FrameworkName string `json:"frameworkName"`
ControlStatus int `json:"controlStatus"` // it's rather resource status within the control, control might fail but on this specific resource it might be warning
ControlStatusText string `json:"controlStatusText"`
RelatedExceptions []PostureExceptionPolicy `json:"relatedExceptions"` // configured in portal
ExceptionApplied []PostureExceptionPolicy `json:"exceptionApplied"` //actual ruleResponse
ResourceKind string `json:"kind"`
ResourceNamespace string `json:"namespace"`
Remediation string `json:"remediation"`
Images []PostureContainerSummary `json:"containers,omitempty"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
Recommendations []RecommendationAssociation `json:"recommendations"`
Timestamp time.Time `json:"timestamp"`
ReportID string `json:"reportGUID"`
}
1 resource per 1 control
type PostureResourceSummary ¶
type PostureResourceSummary struct {
Designators PortalDesignator `json:"designators"`
Name string `json:"name"` // wlid/sid and etc.
ResourceID string `json:"resourceID"` //as given by kscape
//gives upto PostureResourceMaxCtrls controls as an example
FailedControl []string `json:"failedControls"` // failed+warning controls
WarningControls []string `json:"warningControls"`
//maps statusText 2 list of controlIDs
StatusToControls map[string][]string `json:"statusToControls"`
HighlightsPerCtrl []HighlightsByControl `json:"highlightsPerControl"`
//totalcount (including the failed/warning controls slices)
FailedControlCount int `json:"failedControlsCount"`
WarningControlCount int `json:"warningControlsCount"`
Status int `json:"status"`
StatusText string `json:"statusText"`
Remediation []string `json:"remediation"`
ResourceKind string `json:"resourceKind"`
FrameworkName string `json:"frameworkName"`
ExceptionRecommendaion string `json:"exceptionRecommendaion"`
RelatedExceptions []PostureExceptionPolicy `json:"relatedExceptions"` // configured in portal
ExceptionApplied []PostureExceptionPolicy `json:"exceptionApplied"` //actual ruleResponse
Images []PostureContainerSummary `json:"containers,omitempty"`
Recommendations []RecommendationAssociation `json:"recommendations"`
Timestamp time.Time `json:"timestamp"`
ReportID string `json:"reportGUID"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
ArmoBestScore int64 `json:"armoBestScore"`
}
type PostureScanConfig ¶
type PostureScanConfig struct {
ScanFrequency ScanFrequency `json:"scanFrequency,omitempty" bson:"scanFrequency,omitempty"`
}
type PostureSummary ¶
type PostureSummary struct {
RuntimeImprovementPercentage float32 `json:"runtimeImprovementPercentage"`
LastRun time.Time `json:"lastRun"`
ReportID string `json:"reportGUID"`
Designators PortalDesignator `json:"designators"`
PostureAttributes PostureAttributesList `json:"postureAttributes"`
ClusterCloudProvider string `json:"clusterCloudProvider"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
}
--------/api/v1/posture/summary
type RawResource ¶
type RawResource struct {
Designators PortalDesignator `json:"designators"`
Timestamp time.Time `json:"timestamp"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
ResourceID string `json:"resourceID"`
PostureReportID string `json:"postureReportID,omitempty"`
SPIFFE string `json:"spiffe"`
Containers []PostureContainerSummary `json:"containers,omitempty"`
RelatedResourcesIDs []string `json:"relatedResourcesID,omitempty"`
RAW json.RawMessage `json:"object"`
}
type RecommendationAssociation ¶
type RecommendationAssociation struct {
PortalBase `json:",inline"`
// audit for user actions taken for this recommendation
UpdatesAudit []UpdateAuditEntry `json:"updatesAudit"`
// the context to show this recommendation to this customer
Context []ArmoContext `json:"context"`
// designator object as we have in current resources represntaion
// this is about to be useless
Designators PortalDesignator `json:"designators"`
// guid of the recommendation in recommendation DB
RecommendationPrototypeGUID string `json:"recommendationPrototypeGUID"`
RecommendationDetails RecommendationSkeletonV1 `json:"recommendationDetails"`
// current status of this recommendation for the given resource
Status AssociationStatus `json:"status"`
}
this structure is dedicated to connect between recommendation and specific resource and trace the user actions taken due to this recommendation
type RecommendationSkeletonV1 ¶
type RecommendationSkeletonV1 struct {
PortalBase `json:",inline"`
// audit for manual changes made in this recommendation
UpdatesAudit []UpdateAuditEntry `json:"updatesAudit"`
// the action the user should take
Action string `json:"action"`
Description string `json:"description"`
// link to some well explained description of this recommendation
DescriptionLink string `json:"descriptionLink"`
// the context to show this recommendation in
Context []ArmoContext `json:"context"`
// the approvement status. Do we should show this recommendation to users?
Approvement ApprovementState `json:"approvement"`
}
type RecordStatus ¶
type RecordStatus int
const ( RecordAlive RecordStatus = 0 RecordShouldDelete RecordStatus = 1 )
type RegistryInfo ¶ added in v0.0.125
type RegistryInfo struct {
RegistryName string `json:"registryName,omitempty"`
RegistryProvider string `json:"registryProvider,omitempty"`
RegistryToken string `json:"registryToken,omitempty"`
Depth int `json:"depth,omitempty"`
Include []string `json:"include,omitempty"`
Exclude []string `json:"exclude,omitempty"`
Kind string `json:"kind,omitempty"`
IsHTTPs bool `json:"isHTTPs,omitempty"`
SkipTLS bool `json:"skipTLS,omitempty"`
AuthMethod AuthMethod `json:"authMethod,omitempty"`
}
type RegistryJobParams ¶
type RepoEntityKind ¶
type RepoEntityKind string
Kind of an entity. Can only be one of the following: `file` or `repo` Example: repo
const ( RepoEntityFile RepoEntityKind = "file" RepoEntityRepo RepoEntityKind = "repo" )
type RepoEntitySummary ¶
type RepoEntitySummary struct {
Designators PortalDesignator `json:"designators"`
// Name of this entity
// Example: "my-repo"
Name string `json:"name"`
Kind RepoEntityKind `json:"kind"`
// Number of children of the entity. For `file`s entity it would be
// the amount of the resources inside this file, and for `repo`s -
// the amount of scanned files
// Example: 13
ChildCount uint64 `json:"childCount"`
// Status of the entity
// Example: failed
StatusText string `json:"statusText"`
// Information about the controls that were run on this entity
// The key is the status of the control (`failed`, `passed`, etc)
ControlsInfo map[string][]ControlInfo `json:"controlsInfo"`
// Statistics about the controls that were run
// The key is the status of the control (`failed`, `passed`, etc).
// The value is the number of controls
// Example: {"failed": 3, "passed": 4}
ControlsStats map[string]int `json:"controlsStats"`
// Frameworks that were run.
// In multi-frameworks-summary, this property is
// taking the place of the `framework` property
// Example: ["ArmoBest", "MITRE"]
Frameworks []string `json:"frameworks,omitempty"`
// Single framework this summary is for.
// Example: ArmoBest
Framework string `json:"framework,omitempty"`
// Time of the scan that produced this result
Timestamp time.Time `json:"timestamp"`
ReportID string `json:"reportGUID"`
// swagger:ignore
// This record is marked for deletion or not
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
}
RepoEntitySummary summary of repo scanning entity.
type ScanFrequency ¶
type ScanFrequency string
type Settings ¶
type Settings struct {
PostureControlInputs map[string][]string `json:"postureControlInputs" bson:"postureControlInputs"`
PostureScanConfig PostureScanConfig `json:"postureScanConfig" bson:"postureScanConfig"`
VulnerabilityScanConfig VulnerabilityScanConfig `json:"vulnerabilityScanConfig" bson:"vulnerabilityScanConfig"`
SlackConfigurations SlackSettings `json:"slackConfigurations,omitempty" bson:"slackConfigurations,omitempty"`
}
func MockSettings ¶
func MockSettings() *Settings
type SlackChannel ¶
type SlackChannel struct {
ChannelID string `json:"channelID" bson:"channelID"`
ChannelName string `json:"channelName" bson:"channelName"`
AlertLevel AlertLevel `json:"alertLevel" bson:"alertLevel"`
}
type SlackNotification ¶
type SlackNotification struct {
IsActive bool `json:"isActive" bson:"isActive"`
Channels []SlackChannel `json:"channels" bson:"channels"`
Attributes map[string]interface{} `json:"attributes" bson:"attributes"`
}
type SlackSettings ¶
type SlackSettings struct {
Token string `json:"token" bson:"token"`
Alert2Channel `json:",inline,omitempty" bson:"inline,omitempty"`
Notifications `json:"notifications,omitempty" bson:"notifications,omitempty"`
}
type UpdateAuditEntry ¶
type VulnerabilityExceptionPolicy ¶
type VulnerabilityExceptionPolicy struct {
PortalBase `json:",inline" bson:"inline"`
// Policy type. Must be 'vulnerabilityExceptionPolicy'
// required: true
// Example: vulnerabilityExceptionPolicy
PolicyType string `json:"policyType" bson:"policyType"`
// Creation time of the policy
// Example: 2022-03-31T08:57:58.048014
CreationTime string `json:"creationTime" bson:"creationTime"`
// Actions to apply (currently only 'ignore' is available)
// required: true
// min: 1
// Example: ["ignore"]
Actions []VulnerabilityExceptionPolicyActions `json:"actions" bson:"actions"`
// Items to apply the actions on
// required: true
// min: 1
Designatores []PortalDesignator `json:"designators" bson:"designators"`
// Vulnerabilities to take the actions on
// required: true
// min: 1
VulnerabilityPolicies []VulnerabilityPolicy `json:"vulnerabilities" bson:"vulnerabilities"`
}
func MockVulnerabilityException ¶
func MockVulnerabilityException() *VulnerabilityExceptionPolicy
func (*VulnerabilityExceptionPolicy) IsAlertOnly ¶
func (exceptionPolicy *VulnerabilityExceptionPolicy) IsAlertOnly() bool
type VulnerabilityExceptionPolicyActions ¶
type VulnerabilityExceptionPolicyActions string
const Ignore VulnerabilityExceptionPolicyActions = "ignore"
type VulnerabilityJobParams ¶
type VulnerabilityPolicy ¶
type VulnerabilityPolicy struct {
// The name of the vulnerability
// Example: CVE-2022-28128
Name string `json:"name" bson:"name"`
}
type VulnerabilityScanConfig ¶
type VulnerabilityScanConfig struct {
ScanFrequency ScanFrequency `json:"scanFrequency,omitempty" bson:"scanFrequency,omitempty"`
CriticalPriorityThreshold int `json:"criticalPriorityThreshold,omitempty" bson:"criticalPriorityThreshold,omitempty"`
HighPriorityThreshold int `json:"highPriorityThreshold,omitempty" bson:"highPriorityThreshold,omitempty"`
MediumPriorityThreshold int `json:"mediumPriorityThreshold,omitempty" bson:"mediumPriorityThreshold,omitempty"`
ScanNewDeployment bool `json:"scanNewDeployment,omitempty" bson:"scanNewDeployment,omitempty"`
AllowlistRegistries []string `json:"AllowlistRegistries,omitempty" bson:"AllowlistRegistries,omitempty"`
BlocklistRegistries []string `json:"BlocklistRegistries,omitempty" bson:"BlocklistRegistries,omitempty"`
}
Source Files
¶
- armocontext.go
- collaborationconfig.go
- collaborations.go
- common.go
- configtypes.go
- configtypes_mock.go
- customerslackconfigurations.go
- executionpolicytypes.go
- helmconsts.go
- k8stypes.go
- kpitypes.go
- portaltypes.go
- portaltypes_mock.go
- portaltypesutils.go
- postureexceptionpolicytypes.go
- postureexceptionpolicytypes_mock.go
- postureexceptionpolicytypesutils.go
- posturerecommendations.go
- posturetypes.go
- recordstatus.go
- registrytypes.go
- reposcanning.go
- vulnerabilityexceptionpolicytypes.go
- vulnerabilityexceptionpolicytypes_mock.go
- vulnerabilitytypes.go
Click to show internal directories.
Click to hide internal directories.