Documentation ¶
Overview ¶
Package vuloperator provides primitives for working with Vul-operator toolkit.
Index ¶
- Constants
- func GetPluginConfigMapName(pluginName string) string
- func GetVersionFromImageRef(imageRef string) (string, error)
- func LinuxNodeAffinity() *corev1.Affinity
- func NewScheme() *runtime.Scheme
- type BuildInfo
- type ConfigData
- func (c ConfigData) ComplianceFailEntriesLimit() int
- func (c ConfigData) CompressLogs() bool
- func (c ConfigData) ExposedSecretsScannerEnabled() bool
- func (c ConfigData) GeVulServerURL() string
- func (c ConfigData) GenerateSbomEnabled() bool
- func (c ConfigData) GetAdditionalReportLabels() (labels.Set, error)
- func (c ConfigData) GetConfigAuditReportsScanner() (Scanner, error)
- func (c ConfigData) GetGetNodeCollectorVolumeMounts() ([]corev1.VolumeMount, error)
- func (c ConfigData) GetMetricsResourceLabelsPrefix() string
- func (c ConfigData) GetNodeCollectorExcludeNodes() (map[string]string, error)
- func (c ConfigData) GetNodeCollectorImagePullsecret() []corev1.LocalObjectReference
- func (c ConfigData) GetNodeCollectorVolumes() ([]corev1.Volume, error)
- func (c ConfigData) GetReportResourceLabels() []string
- func (c ConfigData) GetRequiredData(key string) (string, error)
- func (c ConfigData) GetScanJobAnnotations() (map[string]string, error)
- func (c ConfigData) GetScanJobAutomountServiceAccountToken() bool
- func (c ConfigData) GetScanJobContainerSecurityContext() (*corev1.SecurityContext, error)
- func (c ConfigData) GetScanJobNodeSelector() (map[string]string, error)
- func (c ConfigData) GetScanJobPodPriorityClassName() (string, error)
- func (c ConfigData) GetScanJobPodSecurityContext() (*corev1.PodSecurityContext, error)
- func (c ConfigData) GetScanJobPodTemplateLabels() (labels.Set, error)
- func (c ConfigData) GetScanJobTolerations() ([]corev1.Toleration, error)
- func (c ConfigData) GetSkipResourceByLabels() []string
- func (c ConfigData) GetVulnerabilityReportsScanner() (Scanner, error)
- func (c ConfigData) NodeCollectorImageRef() string
- func (c ConfigData) ReportRecordFailedChecksOnly() bool
- func (c ConfigData) Set(key, value string)
- func (c ConfigData) VulnerabilityScanJobsInSameNamespace() bool
- func (c ConfigData) VulnerabilityScannerEnabled() bool
- type ConfigManager
- type PluginConfig
- type PluginContext
- type PluginContextBuilder
- func (b *PluginContextBuilder) Get() PluginContext
- func (b *PluginContextBuilder) WithClient(c client.Client) *PluginContextBuilder
- func (b *PluginContextBuilder) WithName(name string) *PluginContextBuilder
- func (b *PluginContextBuilder) WithNamespace(namespace string) *PluginContextBuilder
- func (b *PluginContextBuilder) WithServiceAccountName(name string) *PluginContextBuilder
- func (b *PluginContextBuilder) WithVulOperatorConfig(config ConfigData) *PluginContextBuilder
- type Scanner
Constants ¶
const ( KeyVulnerabilityScannerEnabled = "vulnerabilityScannerEnabled" KeyExposedSecretsScannerEnabled = "exposedSecretsScannerEnabled" KeyGenerateSbom = "generateSbomEnabled" KeyVulnerabilityScansInSameNamespace = "vulnerabilityReports.scanJobsInSameNamespace" KeyScanJobcompressLogs = "scanJob.compressLogs" KeyNodeCollectorVolumes = "nodeCollector.volumes" KeyNodeCollectorExcludeNodes = "nodeCollector.excludeNodes" KeyNodeCollectorVolumeMounts = "nodeCollector.volumeMounts" KeyScanJobContainerSecurityContext = "scanJob.podTemplateContainerSecurityContext" KeyScanJobPodPriorityClassName = "scanJob.podPriorityClassName" KeyReportResourceLabels = "report.resourceLabels" KeyReportRecordFailedChecksOnly = "report.recordFailedChecksOnly" KeyMetricsResourceLabelsPrefix = "metrics.resourceLabelsPrefix" KeyVulServerURL = "vul.serverURL" KeyNodeCollectorImageRef = "node.collector.imageRef" KeyNodeCollectorImagePullSecret = "node.collector.imagePullSecret" KeyAdditionalReportLabels = "report.additionalLabels" )
const ( // NamespaceName the name of the namespace in which Vul-operator stores its // configuration and where it runs scan jobs. NamespaceName = "vul-operator" // ConfigMapName the name of the ConfigMap where Vul-operator stores its // configuration. ConfigMapName = "vul-operator" // SecretName the name of the secret where Vul-operator stores is sensitive // configuration. SecretName = "vul-operator" // PoliciesConfigMapName the name of the ConfigMap used to store OPA Rego // policies. PoliciesConfigMapName = "vul-operator-policies-config" )
const ( LabelResourceKind = "vul-operator.resource.kind" LabelResourceName = "vul-operator.resource.name" LabelResourceNameHash = "vul-operator.resource.name-hash" LabelResourceNamespace = "vul-operator.resource.namespace" LabelContainerName = "vul-operator.container.name" LabelResourceSpecHash = "resource-spec-hash" LabelPluginConfigHash = "plugin-config-hash" LabelVulnerabilityReportScanner = "vulnerabilityReport.scanner" LabelNodeInfoCollector = "node-info.collector" LabelK8SAppManagedBy = "app.kubernetes.io/managed-by" AppVulOperator = "vul-operator" )
const (
AnnotationContainerImages = "vul-operator.container-images"
)
Variables ¶
This section is empty.
Functions ¶
func GetPluginConfigMapName ¶
GetPluginConfigMapName returns the name of a ConfigMap used to configure a plugin with the given name. TODO Rename to GetPluginConfigObjectName as this method is used to determine the name of ConfigMaps and Secrets.
func GetVersionFromImageRef ¶
GetVersionFromImageRef returns the image identifier for the specified image reference.
func LinuxNodeAffinity ¶
LinuxNodeAffinity constructs a new Affinity resource with linux supported nodes.
Types ¶
type BuildInfo ¶
BuildInfo holds build info such as Git revision, Git SHA-1, build datetime, and the name of the executable binary.
type ConfigData ¶
ConfigData holds Vul-operator configuration settings as a set of key-value pairs.
func GetDefaultConfig ¶
func GetDefaultConfig() ConfigData
GetDefaultConfig returns the default configuration settings.
func (ConfigData) ComplianceFailEntriesLimit ¶
func (c ConfigData) ComplianceFailEntriesLimit() int
func (ConfigData) CompressLogs ¶
func (c ConfigData) CompressLogs() bool
CompressLogs returns if scan job output should be compressed
func (ConfigData) ExposedSecretsScannerEnabled ¶
func (c ConfigData) ExposedSecretsScannerEnabled() bool
ExposedSecretsScannerEnabled returns if the vulnerability scanners is enabled/disablsed
func (ConfigData) GeVulServerURL ¶
func (c ConfigData) GeVulServerURL() string
func (ConfigData) GenerateSbomEnabled ¶
func (c ConfigData) GenerateSbomEnabled() bool
GenerateSbomEnabled returns if the sbom generation is enabled
func (ConfigData) GetAdditionalReportLabels ¶
func (c ConfigData) GetAdditionalReportLabels() (labels.Set, error)
func (ConfigData) GetConfigAuditReportsScanner ¶
func (c ConfigData) GetConfigAuditReportsScanner() (Scanner, error)
func (ConfigData) GetGetNodeCollectorVolumeMounts ¶
func (c ConfigData) GetGetNodeCollectorVolumeMounts() ([]corev1.VolumeMount, error)
func (ConfigData) GetMetricsResourceLabelsPrefix ¶
func (c ConfigData) GetMetricsResourceLabelsPrefix() string
func (ConfigData) GetNodeCollectorExcludeNodes ¶
func (c ConfigData) GetNodeCollectorExcludeNodes() (map[string]string, error)
func (ConfigData) GetNodeCollectorImagePullsecret ¶
func (c ConfigData) GetNodeCollectorImagePullsecret() []corev1.LocalObjectReference
func (ConfigData) GetNodeCollectorVolumes ¶
func (c ConfigData) GetNodeCollectorVolumes() ([]corev1.Volume, error)
func (ConfigData) GetReportResourceLabels ¶
func (c ConfigData) GetReportResourceLabels() []string
func (ConfigData) GetRequiredData ¶
func (c ConfigData) GetRequiredData(key string) (string, error)
func (ConfigData) GetScanJobAnnotations ¶
func (c ConfigData) GetScanJobAnnotations() (map[string]string, error)
func (ConfigData) GetScanJobAutomountServiceAccountToken ¶
func (c ConfigData) GetScanJobAutomountServiceAccountToken() bool
func (ConfigData) GetScanJobContainerSecurityContext ¶
func (c ConfigData) GetScanJobContainerSecurityContext() (*corev1.SecurityContext, error)
func (ConfigData) GetScanJobNodeSelector ¶
func (c ConfigData) GetScanJobNodeSelector() (map[string]string, error)
func (ConfigData) GetScanJobPodPriorityClassName ¶
func (c ConfigData) GetScanJobPodPriorityClassName() (string, error)
func (ConfigData) GetScanJobPodSecurityContext ¶
func (c ConfigData) GetScanJobPodSecurityContext() (*corev1.PodSecurityContext, error)
func (ConfigData) GetScanJobPodTemplateLabels ¶
func (c ConfigData) GetScanJobPodTemplateLabels() (labels.Set, error)
func (ConfigData) GetScanJobTolerations ¶
func (c ConfigData) GetScanJobTolerations() ([]corev1.Toleration, error)
func (ConfigData) GetSkipResourceByLabels ¶
func (c ConfigData) GetSkipResourceByLabels() []string
func (ConfigData) GetVulnerabilityReportsScanner ¶
func (c ConfigData) GetVulnerabilityReportsScanner() (Scanner, error)
func (ConfigData) NodeCollectorImageRef ¶
func (c ConfigData) NodeCollectorImageRef() string
func (ConfigData) ReportRecordFailedChecksOnly ¶
func (c ConfigData) ReportRecordFailedChecksOnly() bool
func (ConfigData) VulnerabilityScanJobsInSameNamespace ¶
func (c ConfigData) VulnerabilityScanJobsInSameNamespace() bool
func (ConfigData) VulnerabilityScannerEnabled ¶
func (c ConfigData) VulnerabilityScannerEnabled() bool
VulnerabilityScannerEnabled returns if the vulnerability scanners is enabled/disablsed
type ConfigManager ¶
type ConfigManager interface { EnsureDefault(ctx context.Context) error Read(ctx context.Context) (ConfigData, error) Delete(ctx context.Context) error }
ConfigManager defines methods for managing ConfigData.
func NewConfigManager ¶
func NewConfigManager(client kubernetes.Interface, namespace string) ConfigManager
NewConfigManager constructs a new ConfigManager that is using kubernetes.Interface to manage ConfigData backed by the ConfigMap stored in the specified namespace.
type PluginConfig ¶
PluginConfig holds plugin configuration settings.
func (PluginConfig) GetRequiredData ¶
func (c PluginConfig) GetRequiredData(key string) (string, error)
type PluginContext ¶
type PluginContext interface { // GetName returns the name of the plugin. GetName() string // GetConfig returns the PluginConfig object that holds configuration settings of the plugin. GetConfig() (PluginConfig, error) // EnsureConfig ensures the PluginConfig, typically when a plugin is initialized. EnsureConfig(config PluginConfig) error // GetNamespace return the name of the K8s Namespace where Vul-operator creates Jobs // and other helper objects. GetNamespace() string // GetServiceAccountName return the name of the K8s Service Account used to run workloads // created by Vul-operator. GetServiceAccountName() string // GetVulOperatorConfig returns vuloperator configuration. GetVulOperatorConfig() ConfigData }
PluginContext is plugin's execution context within the Vul-operator toolkit. The context is used to grant access to other methods so that this plugin can interact with the toolkit.
type PluginContextBuilder ¶
type PluginContextBuilder struct {
// contains filtered or unexported fields
}
func NewPluginContext ¶
func NewPluginContext() *PluginContextBuilder
func (*PluginContextBuilder) Get ¶
func (b *PluginContextBuilder) Get() PluginContext
func (*PluginContextBuilder) WithClient ¶
func (b *PluginContextBuilder) WithClient(c client.Client) *PluginContextBuilder
func (*PluginContextBuilder) WithName ¶
func (b *PluginContextBuilder) WithName(name string) *PluginContextBuilder
func (*PluginContextBuilder) WithNamespace ¶
func (b *PluginContextBuilder) WithNamespace(namespace string) *PluginContextBuilder
func (*PluginContextBuilder) WithServiceAccountName ¶
func (b *PluginContextBuilder) WithServiceAccountName(name string) *PluginContextBuilder
func (*PluginContextBuilder) WithVulOperatorConfig ¶
func (b *PluginContextBuilder) WithVulOperatorConfig(config ConfigData) *PluginContextBuilder