common

package
v1.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 13, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// AideConfigLabelKey tells us if a specific ConfigMap is an AIDE config
	AideConfigLabelKey = "file-integrity.openshift.io/aide-conf"
	// AideConfigUpdatedAnnotationKey tells us if an aide config needs updating
	AideConfigUpdatedAnnotationKey = "file-integrity.openshift.io/updated"
	// AideDatabaseReinitAnnotationKey tells us if an aide config needs updating
	AideDatabaseReinitAnnotationKey = "file-integrity.openshift.io/re-init"
	// AideDatabaseReinitOnFailedAnnotationKey tells us to re-init failed nodes
	AideDatabaseReinitOnFailedAnnotationKey = "file-integrity.openshift.io/re-init-on-failed"
	// IntegrityLogLabelKey tells us that a log was generated by the log collector
	IntegrityLogLabelKey = "file-integrity.openshift.io/log"
	// IntegrityPodLabelKey tells us that a pod is owned by the file integrity operator
	IntegrityPodLabelKey = "file-integrity.openshift.io/pod"
	// IntegrityCMLabelKey tells us that a ConfigMap is owned by the file integrity operator
	IntegrityCMLabelKey = "file-integrity.openshift.io/cm"
	// IntegrityLogResultLabelKey tells us that the configMap represents a result log (a log we decided to keep)
	IntegrityLogResultLabelKey = "file-integrity.openshift.io/result-log"
	// IntegrityOwnerLabelKey tells us what FileIntegrity object owns a specific ConfigMap
	IntegrityOwnerLabelKey = "file-integrity.openshift.io/owner"
	// IntegrityReinitOwnerLabelKey tells us what FileIntegrity object owns a re-init daemonSet
	IntegrityReinitOwnerLabelKey = "file-integrity.openshift.io/reinit-owner"
	// IntegrityConfigMapNodeLabelKey tells us from which node did the configmap come from
	IntegrityConfigMapNodeLabelKey = "file-integrity.openshift.io/node"
	// IntegrityLogContentKey is the key in the configmap where the logs are stored
	IntegrityLogContentKey = "integritylog"
	// IntegrityLogErrorAnnotationKey indicates that there was an error in the logcollector
	IntegrityLogErrorAnnotationKey = "file-integrity.openshift.io/log-errormsg"
	// CompressedLogsIndicatorLabelKey indicates the log has been compressed
	CompressedLogsIndicatorLabelKey    = "file-integrity.openshift.io/compressed"
	IntegrityLogFilesAddedAnnotation   = "file-integrity.openshift.io/files-added"
	IntegrityLogFilesRemovedAnnotation = "file-integrity.openshift.io/files-removed"
	IntegrityLogFilesChangedAnnotation = "file-integrity.openshift.io/files-changed"
	AideInitScriptConfigMapName        = "aide-init"
	AideReinitScriptConfigMapName      = "aide-reinit"
	AideScriptConfigMapName            = "aide-script"
	PauseConfigMapName                 = "aide-pause"
	PausePath                          = "/scripts/pause.sh"
	AideScriptConfigMapPrefix          = "aide-script"
	AideScriptPath                     = "/scripts/aide.sh"
	DaemonSetPrefix                    = "aide"
	DefaultConfDataKey                 = "aide.conf"
	AideScriptKey                      = "aide.sh"
	AidePauseScriptKey                 = "pause.sh"
	OperatorServiceAccountName         = "file-integrity-operator"
	DaemonServiceAccountName           = "file-integrity-daemon"
	ReinitDaemonSetPrefix              = "aide-ini"
	// IntegrityCheckHoldoffFilePath specified the path to the file that tells
	// the AIDE check to hold off
	IntegrityCheckHoldoffFilePath = "/hostroot/etc/kubernetes/holdoff"
	// IntegrityHoldoffAnnotationKey indicates that there is a holdoff on the AIDE check
	IntegrityHoldoffAnnotationKey = "file-integrity.openshift.io/holdoff"
	// The default gracePeriod
	DefaultGracePeriod = 900
)
View Source 
const AIDE_IO_ERROR = 18
View Source 
const AIDE_RETFAIL = 255
View Source 
const (
	OPERATOR = iota
)

Variables

View Source 
var ErrNoNamespace = fmt.Errorf("namespace not found for current environment")

ErrNoNamespace indicates that a namespace could not be found for the current environment

View Source 
var ErrServiceMonitorNotPresent = fmt.Errorf("no ServiceMonitor registered with the API")
View Source 
var FileIntegrityNamespace = "openshift-file-integrity"

FileIntegrityNamespace defines the namespace in which the operator is active on. When this package is imported, the namespace will be determined. If it can't be determined, it'll default to this set value.

Functions

func DNSLengthName 

func DNSLengthName(hashPrefix string, format string, a ...interface{}) string

func DaemonSetIsReady 

func DaemonSetIsReady(ds *appsv1.DaemonSet) bool

func DaemonSetIsUpdating 

func DaemonSetIsUpdating(ds *appsv1.DaemonSet) bool

func DaemonSetName 

func DaemonSetName(name string) string

DaemonSetName returns a friendly name for the AIDE daemonSet

func GenerateServiceMonitor 

func GenerateServiceMonitor(s *corev1.Service) *monitoringv1.ServiceMonitor

GenerateServiceMonitor generates a prometheus-operator ServiceMonitor object based on the passed Service object.

func GetAddedNodeHoldoffAnnotation added in v1.3.0 

func GetAddedNodeHoldoffAnnotation(fi *v1alpha1.FileIntegrity, nodeName string) (map[string]string, bool)

GetAddedNodeHoldoffAnnotation returns the annotation value for the added node holdoff annotation, and a boolean indicating whether the annotation was changed.

func GetAddedNodeReinitAnnotation added in v1.3.0 

func GetAddedNodeReinitAnnotation(fi *v1alpha1.FileIntegrity, nodeName []string) (map[string]string, bool)

GetAddedNodeReinitAnnotation returns the annotation value for the added node reinit annotation, and a boolean indicating whether the annotation was changed.

func GetAideErrorMessage 

func GetAideErrorMessage(rv int) string

func GetAideExitCode 

func GetAideExitCode(runCmdError error) int

func GetComponentImage 

func GetComponentImage(override string, component FileIntegrityComponent) string

GetComponentImage returns a full image pull spec for a given component based on the component type, if override is set then we always use that.

func GetConfigMapNodeName 

func GetConfigMapNodeName(cm *corev1.ConfigMap) (string, error)

GetConfigMapNodeName gets the name of the node where the config map was generated from

func GetConfigMapOwnerName 

func GetConfigMapOwnerName(cm *corev1.ConfigMap) (string, error)

GetConfigMapOwnerName gets the name of the FileIntegrity that owns the config map from the Labels

func GetOperatorNamespace 

func GetOperatorNamespace() (string, error)

GetOperatorNamespace returns the namespace the operator should be running in from the associated service account secret.

func GetRemovedNodeHoldoffAnnotation added in v1.3.0 

func GetRemovedNodeHoldoffAnnotation(fi *v1alpha1.FileIntegrity, nodeName string) (map[string]string, bool)

GetRemovedNodeHoldoffAnnotation returns the annotation value for the removed node holdoff annotation, and a boolean indicating whether the annotation was changed.

func GetRemovedNodeReinitAnnotation added in v1.3.0 

func GetRemovedNodeReinitAnnotation(fi *v1alpha1.FileIntegrity, nodeName string) (map[string]string, bool)

GetRemovedNodeReinitAnnotation returns the annotation value for the removed node reinit annotation, and a boolean indicating whether the annotation was changed.

func GetScriptName 

func GetScriptName(fiName string) string

GetScriptName returns the name of a configMap for a FI object with a given name

func GetWatchNamespace 

func GetWatchNamespace() (string, error)

GetWatchNamespace returns the Namespace the operator should be watching for changes. Eventually the watch namespace will not be used when OLM begins to support only the AllNamespaces install type. To support AllNamespaces initially, GetWatchNamespace will return the operator namespace if WATCH_NAMESPACE is empty.

func HasReinitAnnotation added in v1.3.0 

func HasReinitAnnotation(fi *v1alpha1.FileIntegrity) (nodes []string, annotationExists bool, allNodesInReinit bool)

HasReinitAnnotation returns the list of nodes that are in reinit or empty list if all nodes are in reinit. The second return value is true if the annotation exists, and the third is true if all nodes are in reinit.

func IgnoreAlreadyExists 

func IgnoreAlreadyExists(err error) error

IgnoreAlreadyExists will not return an error if the error is that the resource already exists.

func IsAideConfig 

func IsAideConfig(labels map[string]string) bool

IsAideConfig returns whether the given map contains a label that indicates that this is an AIDE config.

func IsIntegrityLog 

func IsIntegrityLog(labels map[string]string) bool

IsIntegrityLog returns whether the given map contains a log from the integrity check

func IsIntegrityLogAFailure 

func IsIntegrityLogAFailure(cm *corev1.ConfigMap) bool

IsIntegrityLogAFailure returns whether the given map coming from an integrity check logcollector contains an failure

func IsIntegrityLogAnError 

func IsIntegrityLogAnError(cm *corev1.ConfigMap) bool

IsIntegrityLogAnError returns whether the given map coming from an integrity check logcollector contains an error

func IsNodeIn added in v1.3.0 

func IsNodeIn(fi *v1alpha1.FileIntegrity, nodeName string, annotation string) bool

IsNodeIn returns whether the given node is in the annotation provided

func IsNodeInHoldoff added in v1.3.0 

func IsNodeInHoldoff(fi *v1alpha1.FileIntegrity, nodeName string) bool

IsNodeInHoldoff returns whether the given node is in holdoff

func IsNodeInReinit added in v1.3.0 

func IsNodeInReinit(fi *v1alpha1.FileIntegrity, nodeName string) bool

IsNodeInReinit returns whether the given node is in reinit

func LengthName 

func LengthName(maxLen int, hashPrefix string, format string, a ...interface{}) (string, error)

LengthName creates a string of maximum defined length.

func ReinitDaemonSetName 

func ReinitDaemonSetName(name string) string

ReinitDaemonSetName returns a friendly name for the re-init daemonSet

func ReinitDaemonSetNodeName 

func ReinitDaemonSetNodeName(name, node string) string

ReinitDaemonSetNodeName returns a friendly name for the re-init daemonSet for one node.

func ResourceExists 

func ResourceExists(dc discovery.DiscoveryInterface, apiGroupVersion, kind string) (bool, error)

ResourceExists returns true if the given resource kind exists in the given api groupversion

func RestartFileIntegrityDs 

func RestartFileIntegrityDs(c client.Client, dsName string) error

RestartFileIntegrityDs restarts all pods that belong to a given DaemonSet. This can be used to e.g. remount a configMap after it had changed or restart a FI DS after a re-init had happened

Types

type FileIntegrityComponent 

type FileIntegrityComponent uint

type ServiceMonitorUpdater 

type ServiceMonitorUpdater func(*monitoringv1.ServiceMonitor) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.