Documentation
¶
Index ¶
- Constants
- func NewK8sEventFromPolicyValidation(result PolicyValidation) (*v1.Event, error)
- type ConfigMatchApplication
- type ConfigMatchResource
- type EntitiesList
- type EntitiesSource
- type Entity
- type IaCMetadata
- type ListOptions
- type MutationResult
- type Occurrence
- type PoliciesSource
- type Policy
- type PolicyConfig
- type PolicyConfigConfig
- type PolicyConfigMatch
- type PolicyConfigParameter
- type PolicyParameters
- type PolicySet
- type PolicySetFilters
- type PolicyStandard
- type PolicyTargets
- type PolicyValidation
- type PolicyValidationSink
- type PolicyValidationSummary
Constants ¶
const ( PolicyValidationStatusViolating = "Violation" PolicyValidationStatusCompliant = "Compliance" EventActionAllowed = "Allowed" EventActionRejected = "Rejected" EventReasonPolicyViolation = "PolicyViolation" EventReasonPolicyCompliance = "PolicyCompliance" PolicyValidationTypeLabel = "pac.weave.works/type" PolicyValidationIDLabel = "pac.weave.works/id" PolicyValidationTriggerLabel = "pac.weave.works/trigger" )
Variables ¶
This section is empty.
Functions ¶
func NewK8sEventFromPolicyValidation ¶
func NewK8sEventFromPolicyValidation(result PolicyValidation) (*v1.Event, error)
NewK8sEventFromPolicyVlidation gets kubernetes event object from policy violation result object
Types ¶
type ConfigMatchApplication ¶
type ConfigMatchResource ¶
type EntitiesList ¶
type EntitiesList struct {
HasNext bool
// KeySet used to fetch next batch of entities
KeySet string
Data []Entity
}
EntitiesList a grouping of Entity objects
type EntitiesSource ¶
type EntitiesSource interface {
// List returns entities
List(ctx context.Context, listOptions *ListOptions) (*EntitiesList, error)
// Kind returns kind of entities it retrieves
Kind() string
}
EntitiesSource responsible for fetching entities of a spcific K8s kind
type Entity ¶
type Entity struct {
ID string `json:"id"`
Name string `json:"name"`
APIVersion string `json:"apiVersion"`
Kind string `json:"kind"`
Namespace string `json:"namespace"`
Manifest map[string]interface{} `json:"manifest"`
ResourceVersion string `json:"resource_version"`
Labels map[string]string `json:"-"`
GitCommit string `json:"-"`
HasParent bool `json:"has_parent"`
}
Entity represents a kubernetes resource
func NewEntityFromSpec ¶
NewEntityFromSpec takes map representing a Kubernetes entity and parses it into Entity struct
func (*Entity) ObjectRef ¶
func (e *Entity) ObjectRef() *v1.ObjectReference
ObjectRef returns the kubernetes object reference of the entity
type IaCMetadata ¶
type IaCMetadata struct {
Branch string `json:"branch" validate:"required"`
Commit string `json:"commit" validate:"required"`
File string `json:"file" validate:"required"`
PlatformName string `json:"platform_name"`
PlatformInfo map[string]interface{} `json:"platform"`
Repository string `json:"repository" validate:"required"`
ResultUrl string `json:"result_url"`
Source string `json:"source" validate:"required"`
Type string `json:"type" validate:"oneof=IaC Generic"`
KubeGuardID string `json:"kubeguard_id"`
KubeGuardName string `json:"kubeguard_name"`
Provider string `json:"provider"`
PullRequest string `json:"pull_request"`
}
IaCMetadata defines the values of type iac for validation
type ListOptions ¶
ListOptions configures the wanted return of a list operation
type MutationResult ¶
type MutationResult struct {
// contains filtered or unexported fields
}
func NewMutationResult ¶
func NewMutationResult(entity Entity) (*MutationResult, error)
NewMutationResult create new MutationResult object
func (*MutationResult) Mutate ¶
func (m *MutationResult) Mutate(occurrences []Occurrence) ([]Occurrence, error)
Mutate mutate resource by applying the recommended values of the given occurrences
func (*MutationResult) NewResource ¶
func (m *MutationResult) NewResource() ([]byte, error)
NewResource return mutated resource
func (*MutationResult) OldResource ¶
func (m *MutationResult) OldResource() []byte
OldResource return old resource before mutation
type Occurrence ¶
type PoliciesSource ¶
type PoliciesSource interface {
// GetAll returns all available policies
GetAll(ctx context.Context) ([]Policy, error)
GetPolicyConfig(ctx context.Context, entity Entity) (*PolicyConfig, error)
}
PoliciesSource acts as a source for policies
type Policy ¶
type Policy struct {
Name string `json:"name"`
ID string `json:"id"`
Code string `json:"code"`
Enabled bool `json:"enabled"`
Parameters []PolicyParameters `json:"parameters"`
Targets PolicyTargets `json:"targets"`
Description string `json:"description"`
HowToSolve string `json:"how_to_solve"`
Category string `json:"category"`
Tags []string `json:"tags"`
Severity string `json:"severity"`
Standards []PolicyStandard `json:"standards"`
Reference interface{} `json:"-"`
GitCommit string `json:"git_commit,omitempty"`
Modes []string `json:"modes"`
Mutate bool `json:"mutate"`
}
Policy represents a policy
func (*Policy) GetParametersMap ¶
GetParametersMap returns policy parameters as a map
func (*Policy) ObjectRef ¶
func (p *Policy) ObjectRef() *v1.ObjectReference
ObjectRef returns the kubernetes object reference of the policy
type PolicyConfig ¶
type PolicyConfig struct {
Config map[string]PolicyConfigConfig `json:"config"`
Match PolicyConfigMatch `json:"match"`
}
PolicyConfig represents a policy config
type PolicyConfigConfig ¶
type PolicyConfigConfig struct {
Parameters map[string]PolicyConfigParameter `json:"parameters"`
}
type PolicyConfigMatch ¶
type PolicyConfigMatch struct {
Namespaces []string `json:"namespaces,omitempty"`
Applications []ConfigMatchApplication `json:"apps,omitempty"`
Resources []ConfigMatchResource `json:"resources,omitempty"`
}
type PolicyConfigParameter ¶
type PolicyConfigParameter struct {
Value interface{}
ConfigRef string
}
type PolicyParameters ¶
type PolicyParameters struct {
Name string `json:"name"`
Type string `json:"type"`
Value interface{} `json:"value"`
Required bool `json:"required"`
ConfigRef string `json:"config_ref,omitempty"`
}
PolicyParameters defines a needed input in a policy
type PolicySet ¶
type PolicySet struct {
ID string `json:"id"`
Name string `json:"name"`
Mode string `json:"mode"`
Filters PolicySetFilters `json:"filters"`
}
PolicySet represents a policy set
type PolicySetFilters ¶
type PolicySetFilters struct {
IDs []string `json:"ids"`
Categories []string `json:"categories"`
Severities []string `json:"severities"`
Standards []string `json:"standards"`
Tags []string `json:"tags"`
}
PolicySetFilters defines a policy filters
type PolicyStandard ¶
type PolicyTargets ¶
type PolicyTargets struct {
Kinds []string `json:"kinds"`
Labels []map[string]string `json:"labels"`
Namespaces []string `json:"namespaces"`
}
PolicyTargets is used to match entities with the required fields specified by the policy
type PolicyValidation ¶
type PolicyValidation struct {
ID string `json:"id"`
AccountID string `json:"account_id"`
ClusterID string `json:"cluster_id"`
Policy Policy `json:"policy"`
Entity Entity `json:"entity"`
Status string `json:"status"`
Message string `json:"message"`
Occurrences []Occurrence `json:"occurrences"`
Type string `json:"source"`
Trigger string `json:"trigger"`
CreatedAt time.Time `json:"created_at"`
Metadata interface{} `json:"metadata"`
}
PolicyValidation defines the result of a policy validation result against an entity
func NewPolicyValidationFRomK8sEvent ¶
func NewPolicyValidationFRomK8sEvent(event *v1.Event) (PolicyValidation, error)
NewPolicyValidationFRomK8sEvent gets policy violation result object from kubernetes event object
type PolicyValidationSink ¶
type PolicyValidationSink interface {
// Write saves the results
Write(ctx context.Context, PolicyValidations []PolicyValidation) error
}
PolicyValidationSink acts as a sink to send the results of a validation to
type PolicyValidationSummary ¶
type PolicyValidationSummary struct {
Violations []PolicyValidation
Compliances []PolicyValidation
Mutation *MutationResult
}
PolicyValidationSummary contains violation and compliance result of a validate operation
func (*PolicyValidationSummary) GetViolationMessages ¶
func (v *PolicyValidationSummary) GetViolationMessages() []string
GetViolationMessages get all violation messages from review results
func (*PolicyValidationSummary) GetViolationOccurrencesMessages ¶
func (v *PolicyValidationSummary) GetViolationOccurrencesMessages() []string
GetViolationOccurrencesMessages get all occurrences messages from review results
Source Files
Directories