models

package
v0.24.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 16, 2023 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

* Policy Engine I/O Formats * * Documentation for the input and output formats used in Policy Engine * * API version: 1.0.0 * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseControls

func ParseControls(data interface{}) ([]string, error)

Compatibility type to unmarshal controls in the old (map-based) as well as the new (array-based) format.

Types

type Edge

type Edge struct {
	Label  string `json:"label"`
	Source *Node  `json:"source"`
	Target *Node  `json:"target"`
}

A graph edge that describes a relationship between two resources

type Node

type Node struct {
	Id        string `json:"id,omitempty"`
	Type      string `json:"type,omitempty"`
	Namespace string `json:"namespace,omitempty"`
}

A graph node that describes a resource

type ResourceState

type ResourceState struct {
	// The identifier of the object. This can be a natural ID. It is assumed that this ID is unique within the namespace.
	Id string `json:"id"`
	// The type of the resource.
	ResourceType string `json:"resource_type"`
	// This field is a component of uniquely identifying a resource. It will resolve to different values depending on the input type and environment provider. For example, in a runtime AWS environment, this will be the region. For an IaC Terraform resource, this will be the module path. Customers of the API can set this to something that makes sense for them and parse it back.
	Namespace string `json:"namespace"`
	// Tags applied to the resource. Our goal is to extract tags into a uniform key->value format.
	Tags map[string]string `json:"tags,omitempty"`
	// This object is intended to hold any input type-specific or  environment-specific fields, e.g. provider, region, or source location.
	Meta map[string]interface{} `json:"meta"`
	// A map of resource attributes.
	Attributes map[string]interface{} `json:"attributes"`
}

The state of a single resource

type Result

type Result struct {
	Input State `json:"input"`
	// An array of rule results objects
	RuleResults []RuleResults `json:"rule_results"`
}

An object that relates an input with its rule results

type Results

type Results struct {
	Format        string `json:"format"`
	FormatVersion string `json:"format_version"`
	// Information about the rule bundles used in the evaluation
	RuleBundles []RuleBundleInfo `json:"rule_bundles,omitempty"`
	Results     []Result         `json:"results"`
}

This is the top-level output from the Policy Engine.

type RuleBundle

type RuleBundle struct {
	Name     string `json:"name,omitempty"`
	Source   string `json:"source"`
	Checksum string `json:"checksum,omitempty"`
}

Identifying information for a rule bundle

type RuleBundleInfo

type RuleBundleInfo struct {
	RuleBundle *RuleBundle `json:"rule_bundle,omitempty"`
	// Any errors that occurred while initializing this rule bundle
	Errors []string `json:"errors,omitempty"`
}

Information about a rule bundle that was used in the evaluation

type RuleResult

type RuleResult struct {
	// Whether or not this is a passing or failing result
	Passed bool `json:"passed"`
	// Whether or not this result is ignored
	Ignored bool `json:"ignored"`
	// An optional message that can be returned by a rule
	Message string `json:"message,omitempty"`
	// The ID of the primary resource (if any) associated with this result
	ResourceId string `json:"resource_id,omitempty"`
	// The namespace of the primary resource (if any) associated with this result
	ResourceNamespace string `json:"resource_namespace,omitempty"`
	// The type of resource (if any) associated with this result. This will typically be used with \"missing resource\" rules.
	ResourceType string `json:"resource_type,omitempty"`
	// A Markdown-formatted set of remediation steps to resolve the issue identified by the rule
	Remediation string `json:"remediation,omitempty"`
	// The severity of this rule result
	Severity string `json:"severity,omitempty"`
	// An arbitrary key-value map that a rule can return in its result.
	Context map[string]interface{} `json:"context,omitempty"`
	// A resource objects associated with this result.
	Resources []*RuleResultResource `json:"resources,omitempty"`
	// A list of graphs returned by the rule
	Graphs [][]Edge `json:"graphs,omitempty"`
}

A single rule result

type RuleResultResource

type RuleResultResource struct {
	// The ID of this resource
	Id string `json:"id,omitempty"`
	// The type of this resource
	Type string `json:"type,omitempty"`
	// The namespace of this resource
	Namespace string           `json:"namespace,omitempty"`
	Location  []SourceLocation `json:"location,omitempty"`
	// Attributes of the resource that were associated with a rule result.
	Attributes []RuleResultResourceAttribute `json:"attributes,omitempty"`
}

Identifying information for a resource and attributes associated with a rule result

type RuleResultResourceAttribute

type RuleResultResourceAttribute struct {
	// The path to an attribute associated with this resource and rule result
	Path     []interface{}   `json:"path,omitempty"`
	Location *SourceLocation `json:"location,omitempty"`
}

type RuleResults

type RuleResults struct {
	// The Rule ID, e.g. W3SECURITY_00503 or 608f97c3-a11a-4154-a88e-a2fcd18c75b0
	Id string `json:"id,omitempty"`
	// The kind of result that this rule produces, e.g \"vulnerability\"
	Kind       string      `json:"kind,omitempty"`
	RuleBundle *RuleBundle `json:"rule_bundle,omitempty"`
	// The rule title
	Title string `json:"title,omitempty"`
	// The platform describes the CSPs or other technology platform (e.g. Docker) that the rule checks for
	Platform []string `json:"platform,omitempty"`
	// The rule description
	Description string `json:"description,omitempty"`
	// Useful links relating to this rule results
	References []RuleResultsReference `json:"references,omitempty"`
	// The category of the policy
	Category string `json:"category,omitempty"`
	// An array of labels (value-less tags) associated with this policy
	Labels []string `json:"labels,omitempty"`
	// The service group of the primary resource associated with this policy (e.g. \"EBS\", \"EC2\")
	ServiceGroup string `json:"service_group,omitempty"`
	// A list of controls associated with this rule.
	Controls []string `json:"controls,omitempty"`
	// A list of resource types that the rule uses.
	ResourceTypes []string     `json:"resource_types,omitempty"`
	Results       []RuleResult `json:"results"`
	// Any errors that occurred while evaluating this rule.
	Errors []string `json:"errors,omitempty"`
	// The Rego package name that defines the rule, useful for debugging
	Package_ string `json:"package,omitempty"`
}

Container for all results associated with a single rule

func (*RuleResults) UnmarshalJSON

func (r *RuleResults) UnmarshalJSON(data []byte) error

type RuleResultsReference

type RuleResultsReference struct {
	// Reference to link to
	Url string `json:"url"`
	// Title for the link
	Title string `json:"title,omitempty"`
}

type SourceLocation

type SourceLocation struct {
	Filepath string `json:"filepath,omitempty"`
	Line     int    `json:"line,omitempty"`
	Column   int    `json:"column,omitempty"`
}

Points to a row and column within a source file

type State

type State struct {
	Format        string `json:"format"`
	FormatVersion string `json:"format_version"`
	// The type of input that this state was generated from. This value factors into which rules are run for this input.
	InputType string `json:"input_type"`
	// The type of environment that this state was generated from. This value factors into which rules are run for this input.
	EnvironmentProvider string `json:"environment_provider"`
	// This object is intended to hold any input type-specific or environment-specific fields, e.g. account_id or filepath.
	Meta map[string]interface{} `json:"meta,omitempty"`
	// Resources is a map of resource type to a map of a unique resource key to a resource object.
	Resources map[string]map[string]ResourceState `json:"resources"`
	// Describes the origin of the input, e.g. filepath + branch for IaC files, or account/region for cloud resources
	Scope map[string]interface{} `json:"scope,omitempty"`
}

The state format contains the state of all resources from some input. This format is intended to be used as both an input and output for the policy engine.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL