config

package
v0.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package config defines all the configuration variables used across the falcoctl commands.

Index

Constants

View Source 
const (
	// EnvPrefix is the prefix for all the environment variables.
	EnvPrefix = "FALCOCTL"
	// ConfigPath is the path to the default config.
	ConfigPath = "/etc/falcoctl/falcoctl.yaml"
	// PluginsDir default path where plugins are installed.
	PluginsDir = "/usr/share/falco/plugins"
	// RulesfilesDir default path where rulesfiles are installed.
	RulesfilesDir = "/etc/falco"
	// AssetsDir default path where assets are installed.
	AssetsDir = "/etc/falco/assets"
	// FollowResync time interval how often it checks for newer version of the artifact.
	// Default values is set every 24 hours.
	FollowResync = time.Hour * 24

	// RegistryCredentialConfigKey is the Viper key for the credentials store path configuration.
	//#nosec G101 -- false positive
	RegistryCredentialConfigKey = "registry.creds.config"
	// RegistryAuthOauthKey is the Viper key for OAuth authentication configuration.
	RegistryAuthOauthKey = "registry.auth.oauth"
	// RegistryAuthBasicKey is the Viper key for basic authentication configuration.
	RegistryAuthBasicKey = "registry.auth.basic"
	// RegistryAuthGcpKey is the Viper key for gcp authentication configuration.
	RegistryAuthGcpKey = "registry.auth.gcp"

	// IndexesKey is the Viper key for indexes configuration.
	IndexesKey = "indexes"

	// ArtifactFollowEveryKey is the Viper key for follower "every" configuration.
	ArtifactFollowEveryKey = "artifact.follow.every"
	// ArtifactFollowCronKey is the Viper key for follower "cron" configuration.
	ArtifactFollowCronKey = "artifact.follow.cron"
	// ArtifactFollowRefsKey is the Viper key for follower "artifacts" configuration.
	ArtifactFollowRefsKey = "artifact.follow.refs"
	// ArtifactFollowFalcoVersionsKey is the Viper key for follower "falcoVersions" configuration.
	ArtifactFollowFalcoVersionsKey = "artifact.follow.falcoversions"
	// ArtifactFollowRulesfilesDirKey is the Viper key for follower "rulesFilesDir" configuration.
	ArtifactFollowRulesfilesDirKey = "artifact.follow.rulesfilesdir"
	// ArtifactFollowPluginsDirKey is the Viper key for follower "pluginsDir" configuration.
	ArtifactFollowPluginsDirKey = "artifact.follow.pluginsdir"
	// ArtifactFollowAssetsDirKey is the Viper key for follower "pluginsDir" configuration.
	ArtifactFollowAssetsDirKey = "artifact.follow.assetsdir"
	// ArtifactFollowTmpDirKey is the Viper key for follower "pluginsDir" configuration.
	ArtifactFollowTmpDirKey = "artifact.follow.tmpdir"

	// ArtifactInstallArtifactsKey is the Viper key for installer "artifacts" configuration.
	ArtifactInstallArtifactsKey = "artifact.install.refs"
	// ArtifactInstallRulesfilesDirKey is the Viper key for installer "rulesFilesDir" configuration.
	ArtifactInstallRulesfilesDirKey = "artifact.install.rulesfilesdir"
	// ArtifactInstallPluginsDirKey is the Viper key for installer "pluginsDir" configuration.
	ArtifactInstallPluginsDirKey = "artifact.install.pluginsdir"
	// ArtifactInstallAssetsDirKey is the Viper key for installer "pluginsDir" configuration.
	ArtifactInstallAssetsDirKey = "artifact.install.assetsdir"
	// ArtifactInstallResolveDepsKey is the Viper key for installer "resolveDeps" configuration.
	ArtifactInstallResolveDepsKey = "artifact.install.resolveDeps"

	// ArtifactAllowedTypesKey is the Viper key for the whitelist of artifacts to be installed in the system.
	ArtifactAllowedTypesKey = "artifact.allowedTypes"
	// ArtifactNoVerifyKey is the Viper key for skipping signature verification.
	ArtifactNoVerifyKey = "artifact.noVerify"

	// DriverKey is the Viper key for driver structure.
	DriverKey = "driver"
	// DriverTypeKey is the Viper key for the driver type.
	DriverTypeKey = "driver.type"
	// DriverVersionKey is the Viper key for the driver version.
	DriverVersionKey = "driver.version"
	// DriverReposKey is the Viper key for the driver repositories.
	DriverReposKey = "driver.repos"
	// DriverNameKey is the Viper key for the driver name.
	DriverNameKey = "driver.name"
	// DriverHostRootKey is the Viper key for the driver host root.
	DriverHostRootKey = "driver.hostRoot"
)

Variables

View Source 
var (
	// ConfigDir configuration directory for falcoctl.
	ConfigDir string
	// FalcoctlPath path inside the configuration directory where the falcoctl stores its config files.
	FalcoctlPath string
	// IndexesFile name of the file where the indexes info is stored. It lives under FalcoctlPath.
	IndexesFile string
	// IndexesDir is where the actual indexes are stored. It is a directory that lives under FalcoctlPath.
	IndexesDir string
	// ClientCredentialsFile name of the file where oauth client credentials are stored. It lives under FalcoctlPath.
	ClientCredentialsFile string
	// DefaultIndex is the default index for the falcosecurity organization.
	DefaultIndex Index
	// DefaultRegistryCredentialConfPath is the default path for the credential store configuration file.
	DefaultRegistryCredentialConfPath = filepath.Join(config.Dir(), "config.json")
	// DefaultDriver is the default config for the falcosecurity organization.
	DefaultDriver Driver

	// SemicolonSeparatedRegexp is a regexp matching semi-colon separated values, without trailing separator.
	SemicolonSeparatedRegexp = regexp.MustCompile(`^([^;]+)(;[^;]+)*$`)
	// CommaSeparatedRegexp is a regexp matching comma separated values, without trailing separator.
	CommaSeparatedRegexp = regexp.MustCompile(`^([^,]+)(,[^,]+)*$`)
)

Functions

func AddGcp added in v0.6.0 

func AddGcp(gcps []GcpAuth, configFile string) error

AddGcp appends the provided gcps to a configuration file if not present.

func AddIndexes 

func AddIndexes(indexes []Index, configFile string) error

AddIndexes appends the provided indexes to a configuration file if not present.

func ArtifactAllowedTypes added in v0.4.0 

func ArtifactAllowedTypes() (*oci.ArtifactTypeSlice, error)

ArtifactAllowedTypes retrieves the allowed types section of the config file.

func ClientCredentials added in v0.6.0 

func ClientCredentials(reg string) (*clientcredentials.Config, error)

ClientCredentials retrieves the client credentials for a specific registry.

func DriverRepos added in v0.7.0 

func DriverRepos() ([]string, error)

DriverRepos retrieves the driver repos of the config file.

func DriverTypes added in v0.8.0 

func DriverTypes() ([]string, error)

DriverTypes retrieves the driver types of the config file.

func Load 

func Load(path string) error

Load is used to load the config file.

func RegistryCredentialConfPath added in v0.6.0 

func RegistryCredentialConfPath() string

RegistryCredentialConfPath retrieves the path to the credential store configuration.

func RemoveIndexes 

func RemoveIndexes(names []string, configFile string) error

RemoveIndexes removes the index entries from a configuration file if any is found.

func StoreDriver added in v0.7.0 

func StoreDriver(driverCfg *Driver, configFile string) error

StoreDriver stores a driver conf in config file.

func UpdateConfigFile 

func UpdateConfigFile(key string, value interface{}, path string) error

UpdateConfigFile is used to update a section of the config file. We create a brand new viper instance for doing it so that we are sure that modifications are scoped to the passed key with no side effects (e.g user forgot to unset one env variable for another config setting, avoid to mistakenly update it).

func WriteClientCredentials added in v0.6.0 

func WriteClientCredentials(registry string, cred *clientcredentials.Config) error

WriteClientCredentials writes client credentials to config file.

Types

type BasicAuth 

type BasicAuth struct {
	Registry string `mapstructure:"registry"`
	User     string `mapstructure:"user"`
	Password string `mapstructure:"password"`
}

BasicAuth represents a Basic credential.

func BasicAuths 

func BasicAuths() ([]BasicAuth, error)

BasicAuths retrieves the basicAuths section of the config file.

type Driver added in v0.7.0 

type Driver struct {
	Type     []string `mapstructure:"type"`
	Name     string   `mapstructure:"name"`
	Repos    []string `mapstructure:"repos"`
	Version  string   `mapstructure:"version"`
	HostRoot string   `mapstructure:"hostRoot"`
}

Driver represents the internal driver configuration (with Type string).

type FalcoVersions 

type FalcoVersions map[string]string

FalcoVersions represent the map for Falco requirements In general, it should be a map[string]semver.Version, but given that we have fields like engine_version that are only numbers, we shoud be as muche generic as possible.

type Follow 

type Follow struct {
	Every         time.Duration `mapstructure:"every"`
	Artifacts     []string      `mapstructure:"artifacts"`
	FalcoVersions string        `mapstructure:"falcoVersions"`
	RulesfilesDir string        `mapstructure:"rulesFilesDir"`
	PluginsDir    string        `mapstructure:"pluginsDir"`
	TmpDir        string        `mapstructure:"pluginsDir"`
	NoVerify      bool          `mapstructure:"noVerify"`
}

Follow represents the follower configuration.

func Follower 

func Follower() (Follow, error)

Follower retrieves the follower section of the config file.

type GcpAuth added in v0.6.0 

type GcpAuth struct {
	Registry string `mapstructure:"registry"`
}

GcpAuth represents a Gcp activation setting.

func Gcps added in v0.6.0 

func Gcps() ([]GcpAuth, error)

Gcps retrieves the gcp auth section of the config file.

type Index 

type Index struct {
	Name    string `mapstructure:"name"`
	URL     string `mapstructure:"url"`
	Backend string `mapstructure:"backend"`
}

Index represents a configured index.

func Indexes 

func Indexes() ([]Index, error)

Indexes retrieves the indexes section of the config file.

type Install 

type Install struct {
	Artifacts     []string `mapstructure:"artifacts"`
	RulesfilesDir string   `mapstructure:"rulesFilesDir"`
	PluginsDir    string   `mapstructure:"pluginsDir"`
	ResolveDeps   bool     `mapstructure:"resolveDeps"`
	NoVerify      bool     `mapstructure:"noVerify"`
}

Install represents the installer configuration.

func Installer 

func Installer() (Install, error)

Installer retrieves the installer section of the config file.

type OauthAuth 

type OauthAuth struct {
	Registry     string `mapstructure:"registry"`
	ClientSecret string `mapstructure:"clientSecret"`
	ClientID     string `mapstructure:"clientID"`
	TokenURL     string `mapstructure:"tokenURL"`
}

OauthAuth represents an OAuth credential.

func OauthAuths 

func OauthAuths() ([]OauthAuth, error)

OauthAuths retrieves the oauthAuths section of the config file.

type RegistryClientCredentials added in v0.6.0 

type RegistryClientCredentials map[string]clientcredentials.Config

RegistryClientCredentials is used to store registry:clientCrendetials key value. This is done to be in accordance with the way Docker stores credentials, so that users will be able to store only one credential per registry.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.