policy

package
v1.19.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 18, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetDefaultIacType

func GetDefaultIacType(cloudType string) string

GetDefaultIacType returns the default IaC type for the given cloudType on the command line, the minimum arg required is the policy type (called cloudType here, so it's misleading) thus, for a given policy type, we need to specify a default IaC type

func GetDefaultPolicyPaths

func GetDefaultPolicyPaths(cloudTypes []string) []string

GetDefaultPolicyPaths returns the paths to default policies for the given cloud providers

func IsCloudProviderSupported

func IsCloudProviderSupported(cloudType string) bool

IsCloudProviderSupported returns whether a cloud provider is supported in terrascan

func RegisterCloudProvider

func RegisterCloudProvider(cloudType supportedCloudType, iacTypeDefault supportedIacType, iacVersionDefault supportedIacVersion)

RegisterCloudProvider registers a cloud provider with terrascan

func RegisterIndirectCloudProvider

func RegisterIndirectCloudProvider(cloudType supportedCloudType, iacTypeDefault supportedIacType, iacVersionDefault supportedIacVersion, getPolicyNames func() []string)

RegisterIndirectCloudProvider registers a cloud provider with terrascan

func SupportedPolicyTypes

func SupportedPolicyTypes(includeIndirect bool) []string

SupportedPolicyTypes returns the list of policies supported in terrascan

Types

type Engine

type Engine interface {
	//Init method to initialize engine with policy path, and a pre load filter
	Init(string, PreLoadFilter) error
	Configure() error
	Evaluate(EngineInput, PreScanFilter) (EngineOutput, error)
	GetResults() EngineOutput
	Release() error
}

Engine Policy Engine interface

type EngineInput

type EngineInput struct {
	InputData *output.AllResourceConfigs
}

EngineInput Contains data used as input to the engine

type EngineOutput

type EngineOutput struct {
	XMLName                 xml.Name `json:"-" yaml:"-" xml:"results"`
	*results.ViolationStore `json:"results" yaml:"results" xml:"results"`
}

EngineOutput Contains data output from the engine

func EngineOutputFromViolationStore

func EngineOutputFromViolationStore(store *results.ViolationStore) EngineOutput

EngineOutputFromViolationStore returns an EngineOutput initialized from ViolationStore

func (EngineOutput) AsViolationStore

func (me EngineOutput) AsViolationStore() results.ViolationStore

AsViolationStore returns EngineOutput as a ViolationStore

type FilterSpecification

type FilterSpecification interface {
	IsSatisfied(r *RegoMetadata) bool
}

FilterSpecification defines a function that RegoMetadata filter specifications should implement

type PreLoadFilter

type PreLoadFilter interface {
	IsAllowed(r *RegoMetadata) bool
	IsFiltered(r *RegoMetadata) bool
}

PreLoadFilter defines functions, that a pre load filter should implement

type PreScanFilter

type PreScanFilter interface {
	Filter(rmap map[string]*RegoData, input EngineInput) map[string]*RegoData
}

PreScanFilter defines function, that a pre scan filter should implement

type RegoData

type RegoData struct {
	Metadata      RegoMetadata
	RawRego       []byte
	PreparedQuery *rego.PreparedEvalQuery
}

RegoData Stores all information needed to evaluate and report on a rego rule

type RegoMetadata

type RegoMetadata struct {
	Name         string                 `json:"name"`
	File         string                 `json:"file"`
	PolicyType   string                 `json:"policy_type"`
	ResourceType string                 `json:"resource_type"`
	TemplateArgs map[string]interface{} `json:"template_args"`
	Severity     string                 `json:"severity"`
	Description  string                 `json:"description"`
	ReferenceID  string                 `json:"reference_id"`
	Category     string                 `json:"category"`
	Version      int                    `json:"version"`
	ID           string                 `json:"id"`
}

RegoMetadata The rego metadata struct which is read and saved from disk

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL