Documentation ¶
Overview ¶
Package audit contains types and functions to summarize the features used in a configuration and to emit recommendations and comments when executing a check
Index ¶
Examples ¶
Constants ¶
const ( SeverityCritical = "CRITICAL" SeverityHigh = "HIGH" SeverityMedium = "MEDIUM" SeverityLow = "LOW" )
const ( BitEndpointWildcard int = 0 BitEndpointQueryStringWildcard = 1 BitEndpointHeaderStringWildcard = 2 BitEndpointCatchAll = 3 )
const ( ServicePlugin = iota ServiceSequentialStart ServiceDebug ServiceAllowInsecureConnections ServiceDisableStrictREST ServiceHasTLS ServiceTLSEnabled ServiceTLSEnableMTLS ServiceTLSDisableSystemCaPool ServiceTLSCaCerts ServiceEcho ServiceUseH2C )
const ( EncodingNOOP = iota EncodingJSON EncodingSAFEJSON EncodingSTRING EncodingRSS EncodingXML EncodingOther )
const ( BackendAllow = iota + EncodingOther + 1 BackendDeny BackendMapping BackendGroup BackendTarget BackendIsCollection BackendHeadersToPass BackendQuery )
const ( RouterErrorBody = iota RouterDisableHealth RouterDisableAccessLog RouterHealthPath RouterErrorMsg RouterDisableRedirectTrailingSlash RouterDisableRedirectFixedPath RouterExtraSlash RouterHandleMethodNotAllowed RouterPathDecoding RouterAutoOptions RouterForwardedByClientIp RouterRemoteIpHeaders RouterTrustedProxies RouterAppEngine RouterMaxMultipartMemory RouterLoggerSkipPaths RouterHideVersionHeader RouterUseH2C )
const ( BackendComponentHTTPClient = iota BackendComponentHTTPClientAllowInsecureConnections BackendComponentHTTPClientCerts )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Agent ¶
type Agent struct { Details []int `json:"d"` Backends []Backend `json:"b"` Components Component `json:"c"` }
Agent captures details of the AsyncAgents present at the configuration
type AuditResult ¶
type AuditResult struct { Recommendations []Recommendation `json:"recommendations"` Stats Stats `json:"stats"` }
AuditResult contains all the recommendations and stats generated by the audit process
func Audit ¶
func Audit(cfg *config.ServiceConfig, ignore, severities []string) (AuditResult, error)
Audit audits the received configuration and generates an AuditResult with all the Recommendations
Example ¶
cfg, err := config.NewParser().Parse("./tests/example1.json") if err != nil { fmt.Println(err.Error()) return } cfg.Normalize() exclude := []string{"1.1.1", "1.1.2"} levels := []string{SeverityCritical, SeverityHigh, SeverityMedium} result, err := Audit(&cfg, exclude, levels) if err != nil { fmt.Println(err) return } for i, r := range result.Recommendations { fmt.Printf("%02d: %s %s \t%s\n", i, r.Rule, r.Severity, r.Message) }
Output: 00: 2.1.3 CRITICAL TLS is configured but its disable flag prevents from using it. 01: 2.1.7 HIGH Enable HTTP security header checks (security/http). 02: 2.1.8 HIGH Avoid clear text communication (h2c). 03: 2.2.1 MEDIUM Hide the version banner in runtime. 04: 2.2.2 HIGH Enable CORS. 05: 2.2.3 HIGH Avoid passing all input headers to the backend. 06: 2.2.4 HIGH Avoid passing all input query strings to the backend. 07: 3.1.2 HIGH Implement a rate-limiting strategy and avoid having an All-You-Can-Eat API. 08: 3.1.3 HIGH Protect your backends with a circuit breaker. 09: 3.3.2 MEDIUM Set timeouts to below 5 seconds for improved performance. 10: 3.3.3 HIGH Set timeouts to below 30 seconds for improved performance. 11: 3.3.4 CRITICAL Set timeouts to below 1 minute for improved performance. 12: 4.1.1 MEDIUM Implement a telemetry system for collecting metrics for monitoring and troubleshooting. 13: 4.2.1 MEDIUM Implement a telemetry system for tracing for monitoring and troubleshooting. 14: 4.3.1 MEDIUM Use the improved logging component for better log parsing. 15: 5.1.5 MEDIUM Declare explicit endpoints instead of using /__catchall. 16: 5.1.6 MEDIUM Avoid using multiple write methods in endpoint definitions. 17: 5.1.7 MEDIUM Avoid using sequential proxy.
type Endpoint ¶
type Endpoint struct { Details []int `json:"d"` Backends []Backend `json:"b"` Components Component `json:"c"` }
Endpoint captures details of the endpoints present at the configuration
type Recommendation ¶
type Recommendation struct { Rule string `json:"rule"` Severity string `json:"severity"` Message string `json:"message"` }
Recommendation maps a rule id with a severity and a message
type Rule ¶
type Rule struct { Recommendation Recommendation Evaluate func(*Service) bool }
Rule encapsulates a recommendation and an evaluation function that determines if the recommendation applies for a given service definition
type Service ¶
type Service struct { Details []int `json:"d"` Agents []Agent `json:"a"` Endpoints []Endpoint `json:"e"` Components Component `json:"c"` }
Service represents a KrakenD configuration as a tree of bitsets representing which components and flags are enabled at the KrakenD configuration
func Parse ¶
func Parse(cfg *config.ServiceConfig) Service
Parse creates a Service capturing the details of the received configuration
Example ¶
cfg, err := config.NewParser().Parse("./tests/example1.json") if err != nil { fmt.Println(err.Error()) return } cfg.Normalize() result := Parse(&cfg) fmt.Println("details:", result.Details) fmt.Println("agents:", result.Agents) fmt.Println("endpoints:", result.Endpoints) fmt.Println("components:", result.Components)
Output: details: [3124] agents: [] endpoints: [{[2 0 0 140000 0 0] [{[64] map[]}] map[github.com/devopsfaith/krakend-jose/validator:[]]} {[2 1 1 10000 7 0] [{[64] map[backend/http/client:[3]]}] map[]} {[2 0 0 10000 8 2] [{[64] map[]} {[64] map[]} {[64] map[]}] map[github.com/devopsfaith/krakend/proxy:[1]]}] components: map[auth/api-keys:[] github_com/devopsfaith/krakend/transport/http/server/handler:[4] github_com/luraproject/lura/router/gin:[262144]]