Documentation
¶
Index ¶
- func EqualSets(s1, s2 []string) bool
- func ExceedFilePermissions(filePermissions, filePermissionsMax string) (bool, error)
- func GetContainerID(pod corev1.Pod, containerName string) (string, error)
- func GetContainerMounts(ctx context.Context, podExecutorRootPath string, podExecutor pod.PodExecutor, ...) ([]config.Mount, error)
- func GetMountedFilesStats(ctx context.Context, podExecutorRootPath string, podExecutor pod.PodExecutor, ...) (map[string][]FileStats, error)
- func MatchFileOwnersCases(fileStats FileStats, expectedFileOwnerUsers, expectedFileOwnerGroups []string, ...) []rule.CheckResult
- func MatchLabels(m1, m2 map[string]string) bool
- func Subset(s1, s2 []string) bool
- type FileStats
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EqualSets ¶
EqualSets checks if two slices contain exactly the same elements independent of the ordering.
func ExceedFilePermissions ¶ added in v0.4.0
ExceedFilePermissions returns true if any of the user, group or other permissions exceed their counterparts in what is passed as max permissions.
Examples where filePermissions do not exceed filePermissionsMax:
filePermissions = "0003" filePermissionsMax = "0644" filePermissions = "0444" filePermissionsMax = "0644" filePermissions = "0600" filePermissionsMax = "0644" filePermissions = "0644" filePermissionsMax = "0644"
Examples where filePermissions exceed filePermissionsMax:
filePermissions = "0005" filePermissionsMax = "0644" filePermissions = "0050" filePermissionsMax = "0644" filePermissions = "0700" filePermissionsMax = "0644" filePermissions = "0755" filePermissionsMax = "0644"
func GetContainerID ¶ added in v0.5.0
GetContainerID returns the container ID specified in the container statust by container name
func GetContainerMounts ¶ added in v0.5.0
func GetContainerMounts( ctx context.Context, podExecutorRootPath string, podExecutor pod.PodExecutor, containerID string, ) ([]config.Mount, error)
GetContainerMounts returns the container mounts of a container
func GetMountedFilesStats ¶ added in v0.4.0
func GetMountedFilesStats( ctx context.Context, podExecutorRootPath string, podExecutor pod.PodExecutor, pod corev1.Pod, excludeSources []string, ) (map[string][]FileStats, error)
GetMountedFilesStats returns file stats grouped by container name for all mounted files in a pod with the exception of files mounted at `/dev/termination-log` destination. Host sources can be exluded by setting excludeSources.
func MatchFileOwnersCases ¶ added in v0.4.0
func MatchFileOwnersCases( fileStats FileStats, expectedFileOwnerUsers, expectedFileOwnerGroups []string, target rule.Target, ) []rule.CheckResult
MatchFileOwnersCases returns []rule.CheckResult for a given file and its owners for a select expected values.
func MatchLabels ¶
MatchLabels checks if all m2 keys and values are present in m1. If m1 or m2 is nil returns false.
Types ¶
type FileStats ¶ added in v0.4.0
type FileStats struct {
Path string
Permissions string
UserOwner, GroupOwner string
FileType string
}
FileStats contains single file stats
func GetFileStatsByDir ¶ added in v0.5.0
func GetFileStatsByDir( ctx context.Context, podExecutor pod.PodExecutor, dirPath string, ) ([]FileStats, error)
GetFileStatsByDir returns file stats for files in a specific directory
func GetSingleFileStats ¶ added in v0.5.0
func GetSingleFileStats( ctx context.Context, podExecutor pod.PodExecutor, filePath string, ) (FileStats, error)
GetSingleFileStats returns file stats for a specified file
func NewFileStats ¶ added in v0.4.0
NewFileStats creates a new FileStats object from the result of stat command called with `-c "%a %u %g %F %n"` flag and value
func (FileStats) Base ¶ added in v0.4.0
Base calls filepath.Base on [Path]
func (FileStats) Dir ¶ added in v0.4.0
Dir calls filepath.Dir on [Path]
Source Files