Documentation
¶
Index ¶
- Variables
- type Configuration
- type Exemption
- type SchemaCheck
- func (check SchemaCheck) CheckContainer(container *corev1.Container) (bool, error)
- func (check SchemaCheck) CheckObject(obj interface{}) (bool, error)
- func (check SchemaCheck) CheckPod(pod *corev1.PodSpec) (bool, error)
- func (check *SchemaCheck) Initialize(id string) error
- func (check SchemaCheck) IsActionable(target TargetKind, controllerType SupportedController, isInit bool) bool
- type Severity
- type SupportedController
- type TargetKind
Constants ¶
This section is empty.
Variables ¶
var ControllerStrings = []string{
"Unsupported",
"Deployment",
"StatefulSet",
"DaemonSet",
"Job",
"CronJob",
"ReplicationController",
"NakedPod",
}
ControllerStrings are strongly ordered to match the SupportedController enum
Functions ¶
This section is empty.
Types ¶
type Configuration ¶
type Configuration struct {
DisplayName string `json:"displayName"`
Checks map[string]Severity `json:"checks"`
ControllersToScan []SupportedController `json:"controllersToScan"`
CustomChecks map[string]SchemaCheck `json:"customChecks"`
Exemptions []Exemption `json:"exemptions"`
DisallowExemptions bool `json:"disallowExemptions"`
}
Configuration contains all of the config for the validation checks.
func Parse ¶
func Parse(rawBytes []byte) (Configuration, error)
Parse parses config from a byte array.
func ParseFile ¶
func ParseFile(path string) (*Configuration, error)
ParseFile parses config from a file.
func (Configuration) CheckIfKindIsConfiguredForValidation ¶
func (c Configuration) CheckIfKindIsConfiguredForValidation(kind string) bool
CheckIfKindIsConfiguredForValidation takes a kind (in string format) and checks if Polaris is configured to scan this type of controller
func (Configuration) IsActionable ¶
func (conf Configuration) IsActionable(ruleID, controllerName string) bool
IsActionable determines whether a check is actionable given the current configuration
type Exemption ¶
type Exemption struct {
Rules []string `json:"rules"`
ControllerNames []string `json:"controllerNames"`
}
Exemption represents an exemption to normal rules
type SchemaCheck ¶
type SchemaCheck struct {
ID string `yaml:"id"`
Category string `yaml:"category"`
SuccessMessage string `yaml:"successMessage"`
FailureMessage string `yaml:"failureMessage"`
Controllers includeExcludeList `yaml:"controllers"`
Containers includeExcludeList `yaml:"containers"`
Target TargetKind `yaml:"target"`
SchemaTarget TargetKind `yaml:"schemaTarget"`
Schema jsonschema.RootSchema `yaml:"schema"`
JSONSchema string `yaml:"jsonSchema"`
}
SchemaCheck is a Polaris check that runs using JSON Schema
func (SchemaCheck) CheckContainer ¶
func (check SchemaCheck) CheckContainer(container *corev1.Container) (bool, error)
CheckContainer checks a container spec against the schema
func (SchemaCheck) CheckObject ¶
func (check SchemaCheck) CheckObject(obj interface{}) (bool, error)
CheckObject checks arbitrary data against the schema
func (SchemaCheck) CheckPod ¶
func (check SchemaCheck) CheckPod(pod *corev1.PodSpec) (bool, error)
CheckPod checks a pod spec against the schema
func (*SchemaCheck) Initialize ¶
func (check *SchemaCheck) Initialize(id string) error
Initialize sets up the schema
func (SchemaCheck) IsActionable ¶
func (check SchemaCheck) IsActionable(target TargetKind, controllerType SupportedController, isInit bool) bool
IsActionable decides if this check applies to a particular target
type Severity ¶
type Severity string
Severity represents the severity of action to take (Ignore, Warning, Error).
func (*Severity) IsActionable ¶
IsActionable returns true if the severity level is warning or error
type SupportedController ¶
type SupportedController int
SupportedController is a constant item of a controller that is supported for scanning pod specs
const ( // Unsupported is the default enum for non-defined controller types Unsupported SupportedController = iota // Deployments are a supported controller for scanning pod specs Deployments // StatefulSets are a supported controller for scanning pod specs StatefulSets // DaemonSets are a supported controller for scanning pod specs DaemonSets // Jobs are a supported controller for scanning pod specs Jobs // CronJobs are a supported controller for scanning pod specs CronJobs // ReplicationControllers are supported controllers for scanning pod specs ReplicationControllers // NakedPods are a pseudo-controller for scanning pod specs NakedPods )
func GetSupportedControllerFromString ¶
func GetSupportedControllerFromString(str string) SupportedController
GetSupportedControllerFromString fuzzy matches a string with a SupportedController Enum
func (SupportedController) ListSupportedAPIVersions ¶
func (s SupportedController) ListSupportedAPIVersions() []runtime.Object
ListSupportedAPIVersions for SupportedController returns all the apimachinery object type supported
func (SupportedController) MarshalJSON ¶
func (s SupportedController) MarshalJSON() ([]byte, error)
MarshalJSON manages writing the enum into json data or error on unsupported value
func (SupportedController) String ¶
func (s SupportedController) String() string
String returns the string name for a given SupportedController enum
func (*SupportedController) UnmarshalJSON ¶
func (s *SupportedController) UnmarshalJSON(b []byte) error
UnmarshalJSON handles reading json data into enum
type TargetKind ¶
type TargetKind string
TargetKind represents the part of the config to be validated
const ( // TargetContainer points to the container spec TargetContainer TargetKind = "Container" // TargetPod points to the pod spec TargetPod TargetKind = "Pod" )
Source Files