Documentation
¶
Index ¶
- func GetDefaultIacType(cloudType string) string
- func GetDefaultPolicyPaths(cloudTypes []string) []string
- func IsCloudProviderSupported(cloudType string) bool
- func RegisterCloudProvider(cloudType supportedCloudType, iacTypeDefault supportedIacType, ...)
- func RegisterIndirectCloudProvider(cloudType supportedCloudType, iacTypeDefault supportedIacType, ...)
- func SupportedPolicyTypes(includeIndirect bool) []string
- type Engine
- type EngineInput
- type EngineOutput
- type FilterSpecification
- type PreLoadFilter
- type PreScanFilter
- type RegoData
- type RegoMetadata
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetDefaultIacType ¶
GetDefaultIacType returns the default IaC type for the given cloudType on the command line, the minimum arg required is the policy type (called cloudType here, so it's misleading) thus, for a given policy type, we need to specify a default IaC type
func GetDefaultPolicyPaths ¶
GetDefaultPolicyPaths returns the paths to default policies for the given cloud providers
func IsCloudProviderSupported ¶
IsCloudProviderSupported returns whether a cloud provider is supported in terrascan
func RegisterCloudProvider ¶
func RegisterCloudProvider(cloudType supportedCloudType, iacTypeDefault supportedIacType, iacVersionDefault supportedIacVersion)
RegisterCloudProvider registers a cloud provider with terrascan
func RegisterIndirectCloudProvider ¶
func RegisterIndirectCloudProvider(cloudType supportedCloudType, iacTypeDefault supportedIacType, iacVersionDefault supportedIacVersion, getPolicyNames func() []string)
RegisterIndirectCloudProvider registers a cloud provider with terrascan
func SupportedPolicyTypes ¶
SupportedPolicyTypes returns the list of policies supported in terrascan
Types ¶
type Engine ¶
type Engine interface {
//Init method to initialize engine with policy path, and a pre load filter
Init(string, PreLoadFilter) error
Configure() error
Evaluate(EngineInput, PreScanFilter) (EngineOutput, error)
GetResults() EngineOutput
Release() error
}
Engine Policy Engine interface
type EngineInput ¶
type EngineInput struct {
InputData *output.AllResourceConfigs
}
EngineInput Contains data used as input to the engine
type EngineOutput ¶
type EngineOutput struct {
XMLName xml.Name `json:"-" yaml:"-" xml:"results"`
*results.ViolationStore `json:"results" yaml:"results" xml:"results"`
}
EngineOutput Contains data output from the engine
func EngineOutputFromViolationStore ¶
func EngineOutputFromViolationStore(store *results.ViolationStore) EngineOutput
EngineOutputFromViolationStore returns an EngineOutput initialized from ViolationStore
func (EngineOutput) AsViolationStore ¶
func (me EngineOutput) AsViolationStore() results.ViolationStore
AsViolationStore returns EngineOutput as a ViolationStore
type FilterSpecification ¶
type FilterSpecification interface {
IsSatisfied(r *RegoMetadata) bool
}
FilterSpecification defines a function that RegoMetadata filter specifications should implement
type PreLoadFilter ¶
type PreLoadFilter interface {
IsAllowed(r *RegoMetadata) bool
IsFiltered(r *RegoMetadata) bool
}
PreLoadFilter defines functions, that a pre load filter should implement
type PreScanFilter ¶
type PreScanFilter interface {
Filter(rmap map[string]*RegoData, input EngineInput) map[string]*RegoData
}
PreScanFilter defines function, that a pre scan filter should implement
type RegoData ¶
type RegoData struct {
Metadata RegoMetadata
RawRego []byte
PreparedQuery *rego.PreparedEvalQuery
}
RegoData Stores all information needed to evaluate and report on a rego rule
type RegoMetadata ¶
type RegoMetadata struct {
Name string `json:"name"`
File string `json:"file"`
PolicyType string `json:"policy_type"`
ResourceType string `json:"resource_type"`
TemplateArgs map[string]interface{} `json:"template_args"`
Severity string `json:"severity"`
Description string `json:"description"`
ReferenceID string `json:"reference_id"`
Category string `json:"category"`
Version int `json:"version"`
ID string `json:"id"`
}
RegoMetadata The rego metadata struct which is read and saved from disk
Source Files
Directories