opapolicy

package
v1.0.28 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 31, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	PostureRestAPIPathV1   = "/v1/posture"
	PostureRedisPrefix     = "_postureReportv1"
	K8sPostureNotification = "/k8srestapi/v1/newPostureReport"
)

Variables

View Source
var (
	AMockCustomerGUID  = "5d817063-096f-4d91-b39b-8665240080af"
	AMockJobID         = "36b6f9e1-3b63-4628-994d-cbe16f81e9c7"
	AMockReportID      = "2c31e4da-c6fe-440d-9b8a-785b80c8576a"
	AMockClusterName   = "clusterA"
	AMockFrameworkName = "testFrameworkA"
	AMockControlName   = "testControlA"
	AMockRuleName      = "testRuleA"
	AMockPortalBase    = *armotypes.MockPortalBase(AMockCustomerGUID, "", nil)
)

Mock A

Functions

func GetRuntimePods

func GetRuntimePods() string

func MockExternalFacingService

func MockExternalFacingService() string

func MockRegoPrivilegedPods

func MockRegoPrivilegedPods() string

func MockTemp

func MockTemp() string

Types

type AlertObject

type AlertObject struct {
	K8SApiObjects   []map[string]interface{} `json:"k8sApiObjects,omitempty"`
	ExternalObjects map[string]interface{}   `json:"externalObjects,omitempty"`
}

type AlertScore

type AlertScore float32

type Control

type Control struct {
	armotypes.PortalBase `json:",inline"`
	CreationTime         string       `json:"creationTime"`
	Description          string       `json:"description"`
	Remediation          string       `json:"remediation"`
	Rules                []PolicyRule `json:"rules"`
	// for new list of  rules in POST/UPADTE requests
	RulesIDs *[]string `json:"rulesIDs,omitempty"`
}

Control represents a collection of rules which are combined together to single purpose

type ControlReport

type ControlReport struct {
	Name        string       `json:"name"`
	RuleReports []RuleReport `json:"ruleReports"`
	Remediation string       `json:"remediation"`
	Description string       `json:"description"`
}

func (*ControlReport) Failed

func (controlReport *ControlReport) Failed() bool

func (*ControlReport) GetNumberOfResources

func (controlReport *ControlReport) GetNumberOfResources() int

func (*ControlReport) ListControlsInputKinds

func (controlReport *ControlReport) ListControlsInputKinds() []string

func (*ControlReport) Passed

func (controlReport *ControlReport) Passed() bool

type Framework

type Framework struct {
	armotypes.PortalBase `json:",inline"`
	CreationTime         string    `json:"creationTime"`
	Description          string    `json:"description"`
	Controls             []Control `json:"controls"`
	// for new list of  controls in POST/UPADTE requests
	ControlsIDs *[]string `json:"controlsIDs,omitempty"`
}

Framework represents a collection of controls which are combined together to expose comprehensive behavior

func MockFrameworkA

func MockFrameworkA() *Framework

type FrameworkReport

type FrameworkReport struct {
	Name           string          `json:"name"`
	ControlReports []ControlReport `json:"controlReports"`
}

func MockFrameworkReportA

func MockFrameworkReportA() *FrameworkReport

type NotificationPolicyKind

type NotificationPolicyKind string
const (
	KindFramework NotificationPolicyKind = "Framework"
	KindControl   NotificationPolicyKind = "Control"
	KindRule      NotificationPolicyKind = "Rule"
)

Supported NotificationKinds

type NotificationPolicyType

type NotificationPolicyType string
const (
	TypeValidateRules   NotificationPolicyType = "validateRules"
	TypeExecPostureScan NotificationPolicyType = "execPostureScan"
	TypeUpdateRules     NotificationPolicyType = "updateRules"
)

Supported NotificationTypes

type PolicyIdentifier

type PolicyIdentifier struct {
	Kind NotificationPolicyKind `json:"kind"`
	Name string                 `json:"name"`
}

type PolicyNotification

type PolicyNotification struct {
	NotificationType NotificationPolicyType     `json:"notificationType"`
	Rules            []PolicyIdentifier         `json:"rules"`
	ReportID         string                     `json:"reportID"`
	JobID            string                     `json:"jobID"`
	Designators      armotypes.PortalDesignator `json:"designators"`
}

func MockPolicyNotificationA

func MockPolicyNotificationA() *PolicyNotification

func (*PolicyNotification) ToJSONBytesBuffer

func (pn *PolicyNotification) ToJSONBytesBuffer() (*bytes.Buffer, error)

type PolicyRule

type PolicyRule struct {
	armotypes.PortalBase `json:",inline"`
	CreationTime         string             `json:"creationTime"`
	Rule                 string             `json:"rule"` // multiline string!
	RuleLanguage         RuleLanguages      `json:"ruleLanguage"`
	Match                []RuleMatchObjects `json:"match"`
	RuleDependencies     []RuleDependency   `json:"ruleDependencies"`
	Description          string             `json:"description"`
	Remediation          string             `json:"remediation"`
	RuleQuery            string             `json:"ruleQuery"` // default "armo_builtins" - DEPRECATED
}

PolicyRule represents single rule, the fundamental executable block of policy

func MockRuleA

func MockRuleA() *PolicyRule

func MockRuleB

func MockRuleB() *PolicyRule

func MockRuleUntrustedRegistries

func MockRuleUntrustedRegistries() *PolicyRule

type PostureReport

type PostureReport struct {
	CustomerGUID         string            `json:"customerGUID"`
	ClusterName          string            `json:"clusterName"`
	ReportID             string            `json:"reportID"`
	JobID                string            `json:"jobID"`
	ReportGenerationTime time.Time         `json:"generationTime"`
	FrameworkReports     []FrameworkReport `json:"frameworks"`
}

PostureReport

func MockPostureReportA

func MockPostureReportA() *PostureReport

func (*PostureReport) NKeys

func (file *PostureReport) NKeys() int

func (*PostureReport) UnmarshalJSONObject

func (r *PostureReport) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)
responsible on fast unmarshaling of various COMMON containerscan structures and substructures

UnmarshalJSONObject - File inside a pkg

type RuleDependency

type RuleDependency struct {
	PackageName string `json:"packageName"` // package name
}

RuleMatchObjects defines which objects this rule applied on

type RuleLanguages

type RuleLanguages string
const (
	RegoLanguage  RuleLanguages = "Rego"
	RegoLanguage2 RuleLanguages = "rego"
)

type RuleMatchObjects

type RuleMatchObjects struct {
	APIGroups   []string `json:"apiGroups"`   // apps
	APIVersions []string `json:"apiVersions"` // v1/ v1beta1 / *
	Resources   []string `json:"resources"`   // dep.., pods,
}

RuleMatchObjects defines which objects this rule applied on

type RuleReport

type RuleReport struct {
	Name               string                   `json:"name"`
	Remediation        string                   `json:"remediation"`
	RuleStatus         RuleStatus               `json:"ruleStatus"`
	RuleResponses      []RuleResponse           `json:"ruleResponses"`
	ListInputResources []map[string]interface{} `json:"-"`
	ListInputKinds     []string                 `json:"-"`
}

func (*RuleReport) GetRuleStatus

func (ruleReport *RuleReport) GetRuleStatus() (string, []RuleResponse, []RuleResponse)

type RuleResponse

type RuleResponse struct {
	AlertMessage string     `json:"alertMessage"`
	PackageName  string     `json:"packagename"`
	AlertScore   AlertScore `json:"alertScore"`
	// AlertObject   AlertObject `json:"alertObject"`
	AlertObject   AlertObject `json:"alertObject"` // TODO - replace interface to AlertObject
	Context       []string    `json:"context"`     // TODO - Remove
	Rulename      string      `json:"rulename"`    // TODO - Remove
	ExceptionName string      `json:"exceptionName"`
}

RegoResponse the expected response of single run of rego policy

func MockRuleResponseA

func MockRuleResponseA() *RuleResponse

func ParseRegoResult

func ParseRegoResult(regoResult *rego.ResultSet) ([]RuleResponse, error)

type RuleStatus

type RuleStatus struct {
	Status  string `json:"status"`
	Message string `json:"message"`
}

type ScanInfo

type ScanInfo struct {
	PolicyIdentifier   PolicyIdentifier
	Format             string
	Output             string
	ExcludedNamespaces string
	InputPatterns      []string
	Silent             bool
}

func (*ScanInfo) Init

func (scanInfo *ScanInfo) Init()

type UpdatedControl

type UpdatedControl struct {
	Control `json:",inline"`
	Rules   []interface{} `json:"rules"`
}

type UpdatedFramework

type UpdatedFramework struct {
	Framework `json:",inline"`
	Controls  []interface{} `json:"controls"`
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL