opapolicy

package
v1.0.86 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 23, 2021 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const (
	PostureRestAPIPathV1   = "/v1/posture"
	PostureRedisPrefix     = "_postureReportv1"
	K8sPostureNotification = "/k8srestapi/v1/newPostureReport"
)

Variables

View Source
var (
	AMockCustomerGUID  = "5d817063-096f-4d91-b39b-8665240080af"
	AMockJobID         = "36b6f9e1-3b63-4628-994d-cbe16f81e9c7"
	AMockReportID      = "2c31e4da-c6fe-440d-9b8a-785b80c8576a"
	AMockClusterName   = "clusterA"
	AMockFrameworkName = "testFrameworkA"
	AMockControlName   = "testControlA"
	AMockRuleName      = "testRuleA"
	AMockPortalBase    = *armotypes.MockPortalBase(AMockCustomerGUID, "", nil)
)

Mock A

Functions

func GetRuntimePods

func GetRuntimePods() string

func MockExternalFacingService

func MockExternalFacingService() string

func MockRegoPrivilegedPods

func MockRegoPrivilegedPods() string

func MockTemp

func MockTemp() string

func StringInSlice added in v1.0.42

func StringInSlice(strSlice []string, str string) bool

Types

type AlertObject

type AlertObject struct {
	K8SApiObjects   []map[string]interface{} `json:"k8sApiObjects,omitempty"`
	ExternalObjects map[string]interface{}   `json:"externalObjects,omitempty"`
}

type AlertScore

type AlertScore float32

type Control

type Control struct {
	armotypes.PortalBase `json:",inline"`
	ControlID            string       `json:"id"`
	CreationTime         string       `json:"creationTime"`
	Description          string       `json:"description"`
	Remediation          string       `json:"remediation"`
	Rules                []PolicyRule `json:"rules"`
	// for new list of  rules in POST/UPADTE requests
	RulesIDs *[]string `json:"rulesIDs,omitempty"`
}

Control represents a collection of rules which are combined together to single purpose

type ControlReport

type ControlReport struct {
	armotypes.PortalBase `json:",inline"`
	ControlID            string       `json:"id"`
	Name                 string       `json:"name"`
	RuleReports          []RuleReport `json:"ruleReports"`
	Remediation          string       `json:"remediation"`
	Description          string       `json:"description"`
	Score                float32      `json:"score"`
	BaseScore            float32      `json:"baseScore,omitempty"`
	ARMOImprovement      float32      `json:"ARMOImprovement,omitempty"`
}

func (*ControlReport) Failed

func (controlReport *ControlReport) Failed() bool

func (*ControlReport) GetNumberOfFailedResources added in v1.0.37

func (controlReport *ControlReport) GetNumberOfFailedResources() int

func (*ControlReport) GetNumberOfResources

func (controlReport *ControlReport) GetNumberOfResources() int

func (*ControlReport) GetNumberOfWarningResources added in v1.0.37

func (controlReport *ControlReport) GetNumberOfWarningResources() int

func (*ControlReport) ListControlsInputKinds

func (controlReport *ControlReport) ListControlsInputKinds() []string

func (*ControlReport) Passed

func (controlReport *ControlReport) Passed() bool

func (*ControlReport) RemoveData added in v1.0.42

func (controlReport *ControlReport) RemoveData()

func (*ControlReport) Warning added in v1.0.36

func (controlReport *ControlReport) Warning() bool

type Framework

type Framework struct {
	armotypes.PortalBase `json:",inline"`
	CreationTime         string    `json:"creationTime"`
	Description          string    `json:"description"`
	Controls             []Control `json:"controls"`
	// for new list of  controls in POST/UPADTE requests
	ControlsIDs *[]string `json:"controlsIDs,omitempty"`
}

Framework represents a collection of controls which are combined together to expose comprehensive behavior

func MockFrameworkA

func MockFrameworkA() *Framework

type FrameworkReport

type FrameworkReport struct {
	Name            string          `json:"name"`
	ControlReports  []ControlReport `json:"controlReports"`
	Score           float32         `json:"score,omitempty"`
	ARMOImprovement float32         `json:"ARMOImprovement,omitempty"`
	WCSScore        float32         `json:"wcsScore,omitempty"`
}

func MockFrameworkReportA

func MockFrameworkReportA() *FrameworkReport

func (*FrameworkReport) RemoveData added in v1.0.42

func (frameworkReport *FrameworkReport) RemoveData()

type NotificationPolicyKind

type NotificationPolicyKind string
const (
	KindFramework NotificationPolicyKind = "Framework"
	KindControl   NotificationPolicyKind = "Control"
	KindRule      NotificationPolicyKind = "Rule"
)

Supported NotificationKinds

type NotificationPolicyType

type NotificationPolicyType string
const (
	TypeValidateRules   NotificationPolicyType = "validateRules"
	TypeExecPostureScan NotificationPolicyType = "execPostureScan"
	TypeUpdateRules     NotificationPolicyType = "updateRules"
)

Supported NotificationTypes

type PolicyIdentifier

type PolicyIdentifier struct {
	Kind NotificationPolicyKind `json:"kind"`
	Name string                 `json:"name"`
}

type PolicyNotification

type PolicyNotification struct {
	NotificationType NotificationPolicyType     `json:"notificationType"`
	Rules            []PolicyIdentifier         `json:"rules"`
	ReportID         string                     `json:"reportID"`
	JobID            string                     `json:"jobID"`
	Designators      armotypes.PortalDesignator `json:"designators"`
}

func MockPolicyNotificationA

func MockPolicyNotificationA() *PolicyNotification

func (*PolicyNotification) ToJSONBytesBuffer

func (pn *PolicyNotification) ToJSONBytesBuffer() (*bytes.Buffer, error)

type PolicyRule

type PolicyRule struct {
	armotypes.PortalBase `json:",inline"`
	CreationTime         string             `json:"creationTime"`
	Rule                 string             `json:"rule"` // multiline string!
	RuleLanguage         RuleLanguages      `json:"ruleLanguage"`
	Match                []RuleMatchObjects `json:"match"`
	RuleDependencies     []RuleDependency   `json:"ruleDependencies"`
	Description          string             `json:"description"`
	Remediation          string             `json:"remediation"`
	RuleQuery            string             `json:"ruleQuery"` // default "armo_builtins" - DEPRECATED
}

PolicyRule represents single rule, the fundamental executable block of policy

func MockRuleA

func MockRuleA() *PolicyRule

func MockRuleB

func MockRuleB() *PolicyRule

func MockRuleUntrustedRegistries

func MockRuleUntrustedRegistries() *PolicyRule

type PostureReport

type PostureReport struct {
	CustomerGUID         string            `json:"customerGUID"`
	ClusterName          string            `json:"clusterName"`
	ReportID             string            `json:"reportID"`
	JobID                string            `json:"jobID"`
	ReportGenerationTime time.Time         `json:"generationTime"`
	FrameworkReports     []FrameworkReport `json:"frameworks"`
}

PostureReport

func MockPostureReportA

func MockPostureReportA() *PostureReport

func (*PostureReport) NKeys

func (file *PostureReport) NKeys() int

func (*PostureReport) RemoveData added in v1.0.42

func (postureReport *PostureReport) RemoveData()

func (*PostureReport) UnmarshalJSONObject

func (r *PostureReport) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)
responsible on fast unmarshaling of various COMMON containerscan structures and substructures

UnmarshalJSONObject - File inside a pkg

type RuleDependency

type RuleDependency struct {
	PackageName string `json:"packageName"` // package name
}

RuleMatchObjects defines which objects this rule applied on

type RuleLanguages

type RuleLanguages string
const (
	RegoLanguage  RuleLanguages = "Rego"
	RegoLanguage2 RuleLanguages = "rego"
)

type RuleMatchObjects

type RuleMatchObjects struct {
	APIGroups   []string `json:"apiGroups"`   // apps
	APIVersions []string `json:"apiVersions"` // v1/ v1beta1 / *
	Resources   []string `json:"resources"`   // dep.., pods,
}

RuleMatchObjects defines which objects this rule applied on

type RuleReport

type RuleReport struct {
	Name               string                   `json:"name"`
	Remediation        string                   `json:"remediation"`
	RuleStatus         RuleStatus               `json:"ruleStatus"` // did we run the rule or not (if there where compile errors, the value will be failed)
	RuleResponses      []RuleResponse           `json:"ruleResponses"`
	ListInputResources []map[string]interface{} `json:"-"`
	ListInputKinds     []string                 `json:"-"`
}

func (*RuleReport) DeleteIfRedundantResponse added in v1.0.47

func (ruleReport *RuleReport) DeleteIfRedundantResponse(RuleResponse *RuleResponse, index int) bool

func (*RuleReport) GetNumberOfFailedResources added in v1.0.37

func (ruleReport *RuleReport) GetNumberOfFailedResources() int

func (*RuleReport) GetNumberOfResources added in v1.0.37

func (ruleReport *RuleReport) GetNumberOfResources() int

func (*RuleReport) GetNumberOfWarningResources added in v1.0.37

func (ruleReport *RuleReport) GetNumberOfWarningResources() int

func (*RuleReport) GetRuleStatus

func (ruleReport *RuleReport) GetRuleStatus() (string, []RuleResponse, []RuleResponse)

func (*RuleReport) IsDuplicateResponseOfResource added in v1.0.47

func (ruleReport *RuleReport) IsDuplicateResponseOfResource(RuleResponse *RuleResponse, index int) (bool, *RuleResponse)

func (*RuleReport) RemoveData added in v1.0.42

func (ruleReport *RuleReport) RemoveData()

type RuleResponse

type RuleResponse struct {
	AlertMessage  string                            `json:"alertMessage"`
	RuleStatus    string                            `json:"ruleStatus"`
	PackageName   string                            `json:"packagename"`
	AlertScore    AlertScore                        `json:"alertScore"`
	AlertObject   AlertObject                       `json:"alertObject"`
	Context       []string                          `json:"context,omitempty"`       // TODO - Remove
	Rulename      string                            `json:"rulename,omitempty"`      // TODO - Remove
	ExceptionName string                            `json:"exceptionName,omitempty"` // Not in use
	Exception     *armotypes.PostureExceptionPolicy `json:"exception,omitempty"`
}

RegoResponse the expected response of single run of rego policy

func MockRuleResponseA

func MockRuleResponseA() *RuleResponse

func (*RuleResponse) AddMessageToResponse added in v1.0.47

func (ruleResponse *RuleResponse) AddMessageToResponse(message string)

func (*RuleResponse) GetSingleResultStatus added in v1.0.36

func (RuleResponse *RuleResponse) GetSingleResultStatus() string

func (*RuleResponse) RemoveData added in v1.0.42

func (r *RuleResponse) RemoveData()

type RuleStatus

type RuleStatus struct {
	Status  string `json:"status"`
	Message string `json:"message"`
}

type UpdatedControl

type UpdatedControl struct {
	Control `json:",inline"`
	Rules   []interface{} `json:"rules"`
}

type UpdatedFramework

type UpdatedFramework struct {
	Framework `json:",inline"`
	Controls  []interface{} `json:"controls"`
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL