utils

package

v0.13.0 Latest Latest Go to latest Published: Dec 9, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/gardener/diki

Links

Open Source Insights

Documentation ¶

Index ¶

func EqualSets(s1, s2 []string) bool
func ExceedFilePermissions(filePermissions, filePermissionsMax string) (bool, error)
func GetContainerID(pod corev1.Pod, containerNames ...string) (string, error)
func GetContainerMounts(ctx context.Context, podExecutorRootPath string, podExecutor pod.PodExecutor, ...) ([]config.Mount, error)
func GetMountedFilesStats(ctx context.Context, podExecutorRootPath string, podExecutor pod.PodExecutor, ...) (map[string][]FileStats, error)
func Intersect(s1, s2 []string) bool
func MatchFileOwnersCases(fileStats FileStats, expectedFileOwnerUsers, expectedFileOwnerGroups []string, ...) []rule.CheckResult
func MatchLabels(m1, m2 map[string]string) bool
func StartsWith(s1 []string, s2 ...string) bool
func Subset(s1, s2 []string) bool
type FileStats
- func (fs FileStats) Base() string
- func (fs FileStats) Dir() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func EqualSets ¶

func EqualSets(s1, s2 []string) bool

EqualSets checks if two slices contain exactly the same elements independent of the ordering.

func ExceedFilePermissions ¶ added in v0.4.0

func ExceedFilePermissions(filePermissions, filePermissionsMax string) (bool, error)

ExceedFilePermissions returns true if any of the user, group or other permissions exceed their counterparts in what is passed as max permissions.

Examples where filePermissions do not exceed filePermissionsMax:

filePermissions = "0004" filePermissionsMax = "0644"
filePermissions = "0444" filePermissionsMax = "0644"
filePermissions = "0600" filePermissionsMax = "0644"
filePermissions = "0644" filePermissionsMax = "0644"

Examples where filePermissions exceed filePermissionsMax:

filePermissions = "0003" filePermissionsMax = "0644"
filePermissions = "0050" filePermissionsMax = "0644"
filePermissions = "0700" filePermissionsMax = "0644"
filePermissions = "0755" filePermissionsMax = "0644"

func GetContainerID ¶ added in v0.5.0

func GetContainerID(pod corev1.Pod, containerNames ...string) (string, error)

GetContainerID iterates over the passed container names and tries to find a match in the pod container status. It returns the container ID of the first match.

func GetContainerMounts ¶ added in v0.5.0

func GetContainerMounts(
	ctx context.Context,
	podExecutorRootPath string,
	podExecutor pod.PodExecutor,
	containerID string,
) ([]config.Mount, error)

GetContainerMounts returns the container mounts of a container

func GetMountedFilesStats ¶ added in v0.4.0

func GetMountedFilesStats(
	ctx context.Context,
	podExecutorRootPath string,
	podExecutor pod.PodExecutor,
	pod corev1.Pod,
	excludeSources []string,
) (map[string][]FileStats, error)

GetMountedFilesStats returns file stats grouped by container name for all mounted files in a pod with the exception of files mounted at `/dev/termination-log` destination. Host sources can be exluded by setting excludeSources.

func Intersect ¶ added in v0.13.0

func Intersect(s1, s2 []string) bool

Intersect checks if s1 and s2 intersect. Empty sets do not intersect.

func MatchFileOwnersCases ¶ added in v0.4.0

func MatchFileOwnersCases(
	fileStats FileStats,
	expectedFileOwnerUsers,
	expectedFileOwnerGroups []string,
	target rule.Target,
) []rule.CheckResult

MatchFileOwnersCases returns []rule.CheckResult for a given file and its owners for a select expected values.

func MatchLabels ¶

func MatchLabels(m1, m2 map[string]string) bool

MatchLabels checks if all m2 keys and values are present in m1. If m1 or m2 is nil returns false.

func StartsWith ¶ added in v0.12.0

func StartsWith(s1 []string, s2 ...string) bool

StartsWith checks if all ordered elements of s2 are the first elements that occur in s1. If s2 is empty, the function returns true.

func Subset ¶

func Subset(s1, s2 []string) bool

Subset checks if all elements of s1 are contained in s2. An empty s1 is always a subset of s2.

Types ¶

type FileStats ¶ added in v0.4.0

type FileStats struct {
	Path                  string
	Permissions           string
	UserOwner, GroupOwner string
	FileType              string
}

FileStats contains single file stats

func GetFileStatsByDir ¶ added in v0.5.0

func GetFileStatsByDir(
	ctx context.Context,
	podExecutor pod.PodExecutor,
	dirPath string,
) ([]FileStats, error)

GetFileStatsByDir returns file stats for files in a specific directory

func GetSingleFileStats ¶ added in v0.5.0

func GetSingleFileStats(
	ctx context.Context,
	podExecutor pod.PodExecutor,
	filePath string,
) (FileStats, error)

GetSingleFileStats returns file stats for a specified file

func NewFileStats ¶ added in v0.4.0

func NewFileStats(stats, delimiter string) (FileStats, error)

NewFileStats creates a new FileStats object from the result of stat command called with `-c "%a %u %g %F %n"` flag and value

func (FileStats) Base ¶ added in v0.4.0

func (fs FileStats) Base() string

Base calls filepath.Base on [Path]

func (FileStats) Dir ¶ added in v0.4.0

func (fs FileStats) Dir() string

Dir calls filepath.Dir on [Path]

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL