Documentation
¶
Index ¶
- Constants
- Variables
- func DNSLengthName(hashPrefix string, format string, a ...interface{}) string
- func DaemonSetIsReady(ds *appsv1.DaemonSet) bool
- func DaemonSetIsUpdating(ds *appsv1.DaemonSet) bool
- func DaemonSetName(name string) string
- func GenerateServiceMonitor(s *corev1.Service) *monitoringv1.ServiceMonitor
- func GetAideErrorMessage(rv int) string
- func GetAideExitCode(runCmdError error) int
- func GetComponentImage(override string, component FileIntegrityComponent) string
- func GetConfigMapNodeName(cm *corev1.ConfigMap) (string, error)
- func GetConfigMapOwnerName(cm *corev1.ConfigMap) (string, error)
- func GetOperatorNamespace() (string, error)
- func GetScriptName(fiName string) string
- func GetWatchNamespace() (string, error)
- func IgnoreAlreadyExists(err error) error
- func IsAideConfig(labels map[string]string) bool
- func IsIntegrityLog(labels map[string]string) bool
- func IsIntegrityLogAFailure(cm *corev1.ConfigMap) bool
- func IsIntegrityLogAnError(cm *corev1.ConfigMap) bool
- func LengthName(maxLen int, hashPrefix string, format string, a ...interface{}) (string, error)
- func ReinitDaemonSetName(name string) string
- func ReinitDaemonSetNodeName(name, node string) string
- func ResourceExists(dc discovery.DiscoveryInterface, apiGroupVersion, kind string) (bool, error)
- func RestartFileIntegrityDs(c client.Client, dsName string) error
- type FileIntegrityComponent
- type ServiceMonitorUpdater
Constants ¶
const ( // AideConfigLabelKey tells us if a specific ConfigMap is an AIDE config AideConfigLabelKey = "file-integrity.openshift.io/aide-conf" // AideConfigUpdatedAnnotationKey tells us if an aide config needs updating AideConfigUpdatedAnnotationKey = "file-integrity.openshift.io/updated" // AideDatabaseReinitAnnotationKey tells us if an aide config needs updating AideDatabaseReinitAnnotationKey = "file-integrity.openshift.io/re-init" // IntegrityLogLabelKey tells us that a log was generated by the log collector IntegrityLogLabelKey = "file-integrity.openshift.io/log" // IntegrityPodLabelKey tells us that a pod is owned by the file integrity operator IntegrityPodLabelKey = "file-integrity.openshift.io/pod" // IntegrityCMLabelKey tells us that a ConfigMap is owned by the file integrity operator IntegrityCMLabelKey = "file-integrity.openshift.io/cm" // IntegrityLogResultLabelKey tells us that the configMap represents a result log (a log we decided to keep) IntegrityLogResultLabelKey = "file-integrity.openshift.io/result-log" // IntegrityOwnerLabelKey tells us what FileIntegrity object owns a specific ConfigMap IntegrityOwnerLabelKey = "file-integrity.openshift.io/owner" // IntegrityReinitOwnerLabelKey tells us what FileIntegrity object owns a re-init daemonSet IntegrityReinitOwnerLabelKey = "file-integrity.openshift.io/reinit-owner" // IntegrityConfigMapNodeLabelKey tells us from which node did the configmap come from IntegrityConfigMapNodeLabelKey = "file-integrity.openshift.io/node" // IntegrityLogContentKey is the key in the configmap where the logs are stored IntegrityLogContentKey = "integritylog" // IntegrityLogErrorAnnotationKey indicates that there was an error in the logcollector IntegrityLogErrorAnnotationKey = "file-integrity.openshift.io/log-errormsg" // CompressedLogsIndicatorLabelKey indicates the log has been compressed CompressedLogsIndicatorLabelKey = "file-integrity.openshift.io/compressed" IntegrityLogFilesAddedAnnotation = "file-integrity.openshift.io/files-added" IntegrityLogFilesRemovedAnnotation = "file-integrity.openshift.io/files-removed" IntegrityLogFilesChangedAnnotation = "file-integrity.openshift.io/files-changed" AideInitScriptConfigMapName = "aide-init" AideReinitScriptConfigMapName = "aide-reinit" AideScriptConfigMapName = "aide-script" PauseConfigMapName = "aide-pause" PausePath = "/scripts/pause.sh" AideScriptConfigMapPrefix = "aide-script" AideScriptPath = "/scripts/aide.sh" DaemonSetPrefix = "aide" DefaultConfDataKey = "aide.conf" AideScriptKey = "aide.sh" AidePauseScriptKey = "pause.sh" OperatorServiceAccountName = "file-integrity-operator" DaemonServiceAccountName = "file-integrity-daemon" ReinitDaemonSetPrefix = "aide-ini" // IntegrityCheckHoldoffFilePath specified the path to the file that tells // the AIDE check to hold off IntegrityCheckHoldoffFilePath = "/hostroot/etc/kubernetes/holdoff" // IntegrityHoldoffAnnotationKey indicates that there was an error in the logcollector IntegrityHoldoffAnnotationKey = "file-integrity.openshift.io/holdoff" // The default gracePeriod DefaultGracePeriod = 900 )
const AIDE_IO_ERROR = 18
const AIDE_RETFAIL = 255
const (
OPERATOR = iota
)
Variables ¶
var ErrNoNamespace = fmt.Errorf("namespace not found for current environment")
ErrNoNamespace indicates that a namespace could not be found for the current environment
var ErrServiceMonitorNotPresent = fmt.Errorf("no ServiceMonitor registered with the API")
var FileIntegrityNamespace = "openshift-file-integrity"
FileIntegrityNamespace defines the namespace in which the operator is active on. When this package is imported, the namespace will be determined. If it can't be determined, it'll default to this set value.
Functions ¶
func DNSLengthName ¶
func DaemonSetIsReady ¶
func DaemonSetIsUpdating ¶
func DaemonSetName ¶
DaemonSetName returns a friendly name for the AIDE daemonSet
func GenerateServiceMonitor ¶
func GenerateServiceMonitor(s *corev1.Service) *monitoringv1.ServiceMonitor
GenerateServiceMonitor generates a prometheus-operator ServiceMonitor object based on the passed Service object.
func GetAideErrorMessage ¶
func GetAideExitCode ¶
func GetComponentImage ¶
func GetComponentImage(override string, component FileIntegrityComponent) string
GetComponentImage returns a full image pull spec for a given component based on the component type, if override is set then we always use that.
func GetConfigMapNodeName ¶
GetConfigMapNodeName gets the name of the node where the config map was generated from
func GetConfigMapOwnerName ¶
GetConfigMapOwnerName gets the name of the FileIntegrity that owns the config map from the Labels
func GetOperatorNamespace ¶
GetOperatorNamespace returns the namespace the operator should be running in from the associated service account secret.
func GetScriptName ¶
GetScriptName returns the name of a configMap for a FI object with a given name
func GetWatchNamespace ¶
GetWatchNamespace returns the Namespace the operator should be watching for changes. Eventually the watch namespace will not be used when OLM begins to support only the AllNamespaces install type. To support AllNamespaces initially, GetWatchNamespace will return the operator namespace if WATCH_NAMESPACE is empty.
func IgnoreAlreadyExists ¶
IgnoreAlreadyExists will not return an error if the error is that the resource already exists.
func IsAideConfig ¶
IsAideConfig returns whether the given map contains a label that indicates that this is an AIDE config.
func IsIntegrityLog ¶
IsIntegrityLog returns whether the given map contains a log from the integrity check
func IsIntegrityLogAFailure ¶
IsIntegrityLogAFailure returns whether the given map coming from an integrity check logcollector contains an failure
func IsIntegrityLogAnError ¶
IsIntegrityLogAnError returns whether the given map coming from an integrity check logcollector contains an error
func LengthName ¶
LengthName creates a string of maximum defined length.
func ReinitDaemonSetName ¶
ReinitDaemonSetName returns a friendly name for the re-init daemonSet
func ReinitDaemonSetNodeName ¶
ReinitDaemonSetNodeName returns a friendly name for the re-init daemonSet for one node.
func ResourceExists ¶
func ResourceExists(dc discovery.DiscoveryInterface, apiGroupVersion, kind string) (bool, error)
ResourceExists returns true if the given resource kind exists in the given api groupversion
Types ¶
type FileIntegrityComponent ¶
type FileIntegrityComponent uint
type ServiceMonitorUpdater ¶
type ServiceMonitorUpdater func(*monitoringv1.ServiceMonitor) error
Source Files