config

package
v4.0.0-rc.21 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 1, 2020 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Run this mode to create receive Manifests and create IndexReports.
	IndexerMode = "indexer"
	// Run this mode to retrieve IndexReports and create VulnerabilityReports.
	MatcherMode = "matcher"
	// Run this mode to run all modes in a single Clair instance.
	ComboMode = "combo"
	// Run this mode to listen for Updates and send notifications when they occur.
	NotifierMode = "notifier"
)

Clair Modes

View Source
const DefaultAddress = ":6060"

DefaultAddress is used if an http_listen_addr is not provided in the config.

Variables

This section is empty.

Functions

func Validate

func Validate(conf Config) error

Validate confirms the necessary values to support the desired Clair Mode exist

Types

type Auth

type Auth struct {
	PSK       *AuthPSK       `yaml:"psk,omitempty" json:"psk,omitempty"`
	Keyserver *AuthKeyserver `yaml:"keyserver,omitempty" json:"keyserver,omitempty"`
}

Auth holds the specific configs for different authentication methods.

These should be pointers to structs, so that it's possible to distinguish between "absent" and "present and misconfigured."

func (Auth) Any

func (a Auth) Any() bool

Any reports whether any sort of authentication is configured.

type AuthKeyserver

type AuthKeyserver struct {
	API          string `yaml:"api" json:"api"`
	Intraservice []byte `yaml:"intraservice" json:"intraservice"`
}

AuthKeyserver is the configuration for doing authentication with the Quay keyserver protocol.

The "Intraservice" key is only needed when the overall config mode is not "combo".

func (*AuthKeyserver) MarshalYAML

func (a *AuthKeyserver) MarshalYAML() (interface{}, error)

MarshalYAML implements yaml.Marshaler.

func (*AuthKeyserver) UnmarshalYAML

func (a *AuthKeyserver) UnmarshalYAML(f func(interface{}) error) error

UnmarshalYAML implements yaml.Unmarshaler.

type AuthPSK

type AuthPSK struct {
	Key    []byte   `yaml:"key" json:"key"`
	Issuer []string `yaml:"iss" json:"iss"`
}

AuthPSK is the configuration for doing pre-shared key based authentication.

The "Issuer" key is what the service expects to verify as the "issuer" claim.

func (*AuthPSK) MarshalYAML

func (a *AuthPSK) MarshalYAML() (interface{}, error)

MarshalYAML implements yaml.Marshaler.

func (*AuthPSK) UnmarshalYAML

func (a *AuthPSK) UnmarshalYAML(f func(interface{}) error) error

UnmarshalYAML implements yaml.Unmarshaler.

type Config

type Config struct {
	// One of the following strings
	// Sets which mode the clair instances will run in
	//
	// "indexer": runs just the indexer node
	// "matcher": runs just the matcher node
	// "combo":	will run both indexer and matcher on the same node.
	Mode string `yaml:"-" json:"-"`
	// A string in <host>:<port> format where <host> can be an empty string.
	//
	// exposes Clair node's functionality to the network.
	// see /openapi/v1 for api spec.
	HTTPListenAddr string `yaml:"http_listen_addr" json:"http_listen_addr"`
	// A string in <host>:<port> format where <host> can be an empty string.
	//
	// exposes Clair's metrics and health endpoints.
	IntrospectionAddr string `yaml:"introspection_addr" json:"introspection_addr"`
	// Set the logging level.
	//
	// One of the following strings:
	// "debug-color"
	// "debug"
	// "info"
	// "warn"
	// "error"
	// "fatal"
	// "panic"
	LogLevel string   `yaml:"log_level" json:"log_level"`
	Indexer  Indexer  `yaml:"indexer" json:"indexer"`
	Matcher  Matcher  `yaml:"matcher" json:"matcher"`
	Notifier Notifier `yaml:"notifier" json:"notifier"`
	Auth     Auth     `yaml:"auth" json:"auth"`
	Trace    Trace    `yaml:"trace" json:"trace"`
	Metrics  Metrics  `yaml:"metrics" json:"metrics"`
	Updaters Updaters `yaml:"updaters,omitempty" json:"updaters,omitempty"`
}

func (*Config) Client

func (cfg *Config) Client(next *http.Transport, cl jwt.Claims) (c *http.Client, authed bool, err error)

Client returns an http.Client configured according to the supplied configuration.

It returns an *http.Client and a boolean indicating whether the client is configured for authentication, or an error that occurred during construction.

type Dogstatsd

type Dogstatsd struct {
	URL string `yaml:"url" json:"url"`
}

type Indexer

type Indexer struct {
	// A Postgres connection string.
	//
	// formats
	// url: "postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full"
	// or
	// string: "user=pqgotest dbname=pqgotest sslmode=verify-full"
	ConnString string `yaml:"connstring" json:"connstring"`
	// A positive value representing seconds.
	//
	// Concurrent Indexers lock on manifest scans to avoid clobbering.
	// This value tunes how often a waiting Indexer will poll for the lock.
	// TODO: Move to async operating mode
	ScanLockRetry int `yaml:"scanlock_retry" json:"scanlock_retry"`
	// A positive values represeting quantity.
	//
	// Indexers will index a Manifest's layers concurrently.
	// This value tunes the number of layers an Indexer will scan in parallel.
	LayerScanConcurrency int `yaml:"layer_scan_concurrency" json:"layer_scan_concurrency"`
	// A "true" or "false" value
	//
	// Whether Indexer nodes handle migrations to their database.
	Migrations bool `yaml:"migrations" json:"migrations"`
	// Scanner allows for passing configuration options to layer scanners.
	Scanner ScannerConfig `yaml:"scanner" json:"scanner"`
	// Airgap disables scanners that have signaled they expect to talk to the
	// Internet.
	Airgap bool `yaml:"airgap" json:"airgap"`
}

Indexer provides Clair Indexer node configuration

type Jaeger

type Jaeger struct {
	Agent struct {
		Endpoint string `yaml:"endpoint" json:"endpoint"`
	} `yaml:"agent" json:"agent"`
	Collector struct {
		Endpoint string  `yaml:"endpoint" json:"endpoint"`
		Username *string `yaml:"username" json:"username"`
		Password *string `yaml:"password" json:"password"`
	} `yaml:"collector" json:"collector"`
	ServiceName string            `yaml:"service_name" json:"service_name"`
	Tags        map[string]string `yaml:"tags" json:"tags"`
	BufferMax   int               `yaml:"buffer_max" json:"buffer_max"`
}

type Matcher

type Matcher struct {
	// A Postgres connection string.
	//
	// Formats:
	// url: "postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full"
	// or
	// string: "user=pqgotest dbname=pqgotest sslmode=verify-full"
	ConnString string `yaml:"connstring" json:"connstring"`
	// A positive integer
	//
	// Clair allows for a custom connection pool size.
	// This number will directly set how many active sql
	// connections are allowed concurrently.
	MaxConnPool int `yaml:"max_conn_pool" json:"max_conn_pool"`
	// A string in <host>:<port> format where <host> can be an empty string.
	//
	// A Matcher contacts an Indexer to create a VulnerabilityReport.
	// The location of this Indexer is required.
	IndexerAddr string `yaml:"indexer_addr" json:"indexer_addr"`
	// A "true" or "false" value
	//
	// Whether Matcher nodes handle migrations to their databases.
	Migrations bool `yaml:"migrations" json:"migrations"`
	// Period controls how often updaters are run.
	//
	// The default is 30 minutes.
	Period *time.Duration `yaml:"period" json:"period"`
	// DisableUpdaters disables the updater's running of matchers.
	//
	// This should be toggled on if vulnerabilities are being provided by
	// another mechanism.
	DisableUpdaters bool `yaml:"disable_updaters" json:"disable_updaters"`
}

type Metrics

type Metrics struct {
	Name       string     `yaml:"name" json:"name"`
	Prometheus Prometheus `yaml:"prometheus" json:"prometheus"`
	Dogstatsd  Dogstatsd  `yaml:"dogstatsd" json:"dogstatsd"`
}

type Notifier

type Notifier struct {
	// A Postgres connection string.
	//
	// Formats:
	// url: "postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full"
	// or
	// string: "user=pqgotest dbname=pqgotest sslmode=verify-full"
	ConnString string `yaml:"connstring" json:"connstring"`
	// A "true" or "false" value
	//
	// Whether Notifier nodes handle migrations to their database.
	Migrations bool `yaml:"migrations" json:"migrations"`
	// A string in <host>:<port> format where <host> can be an empty string.
	//
	// A Notifier contacts an Indexer to create obtain manifests affected by vulnerabilities.
	// The location of this Indexer is required.
	IndexerAddr string `yaml:"indexer_addr" json:"indexer_addr"`
	// A string in <host>:<port> format where <host> can be an empty string.
	//
	// A Notifier contacts a Matcher to list update operations and acquire diffs.
	// The location of this Indexer is required.
	MatcherAddr string `yaml:"matcher_addr" json:"matcher_addr"`
	// A time.ParseDuration parsable string
	//
	// The frequency at which the notifier will query at Matcher for Update Operations.
	PollInterval string `yaml:"poll_interval" json:"poll_interval"`
	// A time.ParseDuration parsable string
	//
	// The frequency at which the notifier attempt delivery of created or previously failed
	// notifications
	DeliveryInterval string `yaml:"delivery_interval" json:"delivery_interval"`
	// DisableSummary disables summarizing vulnerabilities per-manifest.
	//
	// The default is to summarize any new vulnerabilities to the most severe
	// one, in the thought that any additional processing for end-user
	// notifications can have policies around severity and fetch a complete
	// VulnerabilityReport if it'd like.
	//
	// For a machine-consumption use case, it may be easier to instead have the
	// notifier push all the data.
	DisableSummary bool `yaml:"disable_summary" json:"disable_summary"`
	// Only one of the following should be provided in the configuration
	//
	// Configures the notifier for webhook delivery
	Webhook *webhook.Config `yaml:"webhook" json:"webhook"`
	// Configures the notifier for AMQP delivery.
	AMQP *amqp.Config `yaml:"amqp" json:"amqp"`
	// Configures the notifier for STOMP delivery.
	STOMP *stomp.Config `yaml:"stomp" json:"stomp"`
}

Notifier provides Clair Notifier node configuration

type Prometheus

type Prometheus struct {
	Endpoint *string `yaml:"endpoint" json:"endpoint"`
}

type ScannerConfig

type ScannerConfig struct {
	Package map[string]yaml.Node `yaml:"package" json:"package"`
	Dist    map[string]yaml.Node `yaml:"dist" json:"dist"`
	Repo    map[string]yaml.Node `yaml:"repo" json:"repo"`
}

type Trace

type Trace struct {
	Name        string   `yaml:"name" json:"name"`
	Probability *float64 `yaml:"probability" json:"probability"`
	Jaeger      Jaeger   `yaml:"jaeger" json:"jaeger"`
}

type Updaters

type Updaters struct {
	// A slice of strings representing which
	// updaters will be used.
	//
	// If nil all default UpdaterSets will be used
	//
	// The following sets are supported by default:
	// "alpine"
	// "aws"
	// "debian"
	// "oracle"
	// "photon"
	// "pyupio"
	// "rhel"
	// "suse"
	// "ubuntu"
	Sets []string `yaml:"sets,omitempty" json:"sets,omitempty"`
	// Config holds configuration blocks for UpdaterFactories and Updaters,
	// keyed by name.
	//
	// These are defined by the updater implementation and can't be documented
	// here. Improving the documentation for these is an open issue.
	Config map[string]yaml.Node `yaml:"config" json:"config"`
	// Filter is a regexp that disallows updaters that do not match from
	// running.
	Filter string `yaml:"filter" json:"filter"`
}

Updaters configures updater behavior.

func (*Updaters) FilterSets

func (u *Updaters) FilterSets(m map[string]driver.UpdaterSetFactory)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL