Documentation
¶
Index ¶
- Constants
- func ValidateControllers(config *conf.PolarisConfiguration, kubeResources *kube.ResourceProvider, ...)
- type AuditData
- type CategorySummary
- type ClusterSummary
- type ContainerResult
- type ContainerValidation
- type ControllerResult
- type CountSummary
- type MessageType
- type NamespaceResult
- type NamespacedResults
- type PodResult
- type PodValidation
- type ResourceValidation
- type ResultMessage
- type ResultSummary
- type ScansMap
- type ScansSummary
Constants ¶
const (
// PolarisOutputVersion is the version of the current output structure
PolarisOutputVersion = "0.3"
)
Variables ¶
This section is empty.
Functions ¶
func ValidateControllers ¶
func ValidateControllers(config *conf.PolarisConfiguration, kubeResources *kube.ResourceProvider, nsResults *NamespacedResults, scans *ScansSummary)
ValidateControllers validates that each deployment conforms to the Polaris config, builds a list of ResourceResults organized by namespace.
Types ¶
type AuditData ¶
type AuditData struct {
PolarisOutputVersion string
AuditTime string
SourceType string
SourceName string
DisplayName string
ClusterSummary ClusterSummary
NamespacedResults NamespacedResults
ScanResults ScansSummary
}
AuditData contains all the data from a full Polaris audit
func ParseAudit ¶
ParseAudit decodes either a YAML or JSON file and returns AuditData.
func ReadAuditFromFile ¶
ReadAuditFromFile reads the data from a past audit stored in a JSON or YAML file.
func RunAudit ¶
func RunAudit(config *conf.PolarisConfiguration, kubeResources *kube.ResourceProvider, kubeScanner *scanner.ImageScanner) (AuditData, error)
RunAudit runs a full Polaris audit and returns an AuditData object
type CategorySummary ¶
type CategorySummary map[string]*CountSummary
CategorySummary provides a map from category name to a CountSummary
type ClusterSummary ¶
type ClusterSummary struct {
Results ResultSummary
Version string
Nodes int
Pods int
Namespaces int
Deployments int
StatefulSets int
DaemonSets int
Jobs int
CronJobs int
ReplicationControllers int
Score uint
}
ClusterSummary contains Polaris results as well as some high-level stats
type ContainerResult ¶
type ContainerResult struct {
Name string
Image string
Messages []*ResultMessage
Summary *ResultSummary
ScanSummary imagescanner.ImageScanResultSummary
}
ContainerResult provides a list of validation messages for each container.
func ValidateContainer ¶
func ValidateContainer(container *corev1.Container, parentPodResult *PodResult, conf *config.PolarisConfiguration, controllerName string, controllerType config.SupportedController, isInit bool, scans *ScansSummary) ContainerResult
ValidateContainer validates that each pod conforms to the Polaris config, returns a ResourceResult. FIXME When validating a container, there are some things in a container spec
that can be affected by the podSpec. This means we need a copy of the relevant podSpec in order to check certain aspects of a containerSpec. Perhaps there is a more ideal solution instead of attaching a parent podSpec to every container Validation struct...
type ContainerValidation ¶
type ContainerValidation struct {
*ResourceValidation
Container *corev1.Container
IsInitContainer bool
ScanSummary imagescanner.ImageScanResultSummary
// contains filtered or unexported fields
}
ContainerValidation tracks validation failures associated with a Container.
type ControllerResult ¶
ControllerResult provides a wrapper around a PodResult
func ValidateController ¶
func ValidateController(conf *conf.PolarisConfiguration, controller controller.Interface, scans *ScansSummary) ControllerResult
ValidateController validates a single controller, returns a ControllerResult.
type CountSummary ¶
CountSummary provides a high level overview of success, warnings, and errors.
func (*CountSummary) GetScore ¶
func (cs *CountSummary) GetScore() uint
GetScore returns an overall score in [0, 100] for the CountSummary
type MessageType ¶
type MessageType string
MessageType represents the type of Message
const ( // MessageTypeNoData indicates no validation data MessageTypeNoData MessageType = "nodata" // MessageTypeSuccess indicates a validation success MessageTypeSuccess MessageType = "success" // MessageTypeWarning indicates a validation warning MessageTypeWarning MessageType = "warning" // MessageTypeError indicates a validation error MessageTypeError MessageType = "error" )
type NamespaceResult ¶
type NamespaceResult struct {
Name string
Summary *ResultSummary
// TODO: This struct could use some love to reorganize it as just having "results"
// and then having methods to return filtered results by type
// (deploy, daemonset, etc)
// The way this is structured right now makes it difficult to add
// additional result types and potentially miss things in the metrics
// summary.
DeploymentResults []ControllerResult
StatefulSetResults []ControllerResult
DaemonSetResults []ControllerResult
JobResults []ControllerResult
CronJobResults []ControllerResult
ReplicationControllerResults []ControllerResult
}
NamespaceResult groups container results by parent resource.
func (*NamespaceResult) AddResult ¶
func (n *NamespaceResult) AddResult(resourceType config.SupportedController, result ControllerResult) error
AddResult adds a result to the result sets by leveraging the types supported by NamespaceResult
func (NamespaceResult) GetAllControllerResults ¶
func (n NamespaceResult) GetAllControllerResults() []ControllerResult
GetAllControllerResults grabs all the different types of controller results from the namespaced result as a single list for easier iteration
type NamespacedResults ¶
type NamespacedResults map[string]*NamespaceResult
NamespacedResults is a mapping of namespace name to the validation results.
func (NamespacedResults) GetAllControllerResults ¶
func (nsResults NamespacedResults) GetAllControllerResults() []ControllerResult
GetAllControllerResults aggregates all the namespaced results in the set together
type PodResult ¶
type PodResult struct {
Name string
Summary *ResultSummary
Messages []*ResultMessage
ContainerResults []ContainerResult
// contains filtered or unexported fields
}
PodResult provides a list of validation messages for each pod.
func ValidatePod ¶
func ValidatePod(conf *config.PolarisConfiguration, pod *corev1.PodSpec, controllerName string, controllerType config.SupportedController, scans *ScansSummary) PodResult
ValidatePod validates that each pod conforms to the Polaris config, returns a ResourceResult.
type PodValidation ¶
type PodValidation struct {
*ResourceValidation
Pod *corev1.PodSpec
}
PodValidation tracks validation failures associated with a Pod.
type ResourceValidation ¶
type ResourceValidation struct {
Errors []*ResultMessage
Warnings []*ResultMessage
Successes []*ResultMessage
}
ResourceValidation contains methods shared by PodValidation and ContainerValidation
type ResultMessage ¶
type ResultMessage struct {
ID string
Message string
Type MessageType
Category string
}
ResultMessage contains a message and a type indicator (success, warning, or error).
type ResultSummary ¶
type ResultSummary struct {
Totals CountSummary
ByCategory CategorySummary
}
ResultSummary provides a high level overview of success, warnings, and errors.
type ScansMap ¶
type ScansMap map[string]imagescanner.ImageScanResultSummary
ScansMap provides a map from image name to a scan result
type ScansSummary ¶
ScansSummary provides a high level overview of container images scan results.
func (*ScansSummary) GetScore ¶
func (summary *ScansSummary) GetScore() uint
GetScore returns an overall score in [0, 100] for the ScansSummary
Source Files
Directories