Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AbbreviatedPolicyResult ¶
type AbbreviatedPolicyResult struct { PolicyFile string `json:"policy"` Severity string `json:"severity,omitempty"` Description string `json:"description,omitempty"` Violations AbbreviatedViolations `json:"violations,omitempty"` }
Result of policy evaluation, abbreviated
type AbbreviatedPolicyResults ¶
type AbbreviatedPolicyResults struct { PolicyResults []AbbreviatedPolicyResult `json:"policyResults"` Summary Summary `json:"summary"` }
Abbreviated results for policies
func AbbreviateResults ¶
func AbbreviateResults(policyResults *PolicyResults) AbbreviatedPolicyResults
Returns a shortened version of @policyResults
type AbbreviatedViolations ¶
type AbbreviatedViolations struct { ServiceAccounts []string `json:"serviceAccounts,omitempty" mapstructure:"serviceAccounts"` Nodes []string `json:"nodes,omitempty"` Combined []CombinedViolation `json:"combined,omitempty"` Users []string `json:"users,omitempty"` Groups []string `json:"groups,omitempty"` }
Policy violations, abbreviated
type CombinedViolation ¶
type CombinedViolation struct { Node string `json:"node,omitempty"` ServiceAccounts []string `json:"serviceAccounts,omitempty" mapstructure:"serviceAccounts"` }
Violation from a node and its hosted serviceAccount
type DescribeRegoResult ¶
type DescribeRegoResult struct { Severity string `json:"severity,omitempty"` Description string `json:"desc,omitempty" mapstructure:"desc"` }
Output from the describe Rego rule
type EvalConfig ¶
type EvalConfig struct { SeverityThreshold string OnlySasOnAllNodes bool IgnoredNamespaces []string DebugMode bool SaViolations bool NodeViolations bool CombinedViolations bool UserViolations bool GroupViolations bool }
Configuration for Expand()
type EvalRegoResult ¶
type EvalRegoResult struct { ServiceAccounts []ServiceAccountViolation `json:"serviceAccounts,omitempty" mapstructure:"serviceAccounts"` Nodes []string `json:"nodes,omitempty"` Combined []CombinedViolation `json:"combined,omitempty"` Users []string `json:"users,omitempty"` Groups []string `json:"groups,omitempty"` }
Output from the main Rego rule
type PolicyResult ¶
type PolicyResult struct { PolicyFile string `json:"policy"` Severity string `json:"severity,omitempty"` Description string `json:"description,omitempty"` Violations Violations `json:"violations"` }
Result of policy evaluation
type PolicyResults ¶
type PolicyResults struct { PolicyResults []PolicyResult `json:"policyResults"` Summary Summary `json:"summary"` }
Evalaution results for policies
func Eval ¶
func Eval(policyPath string, collectResult collect.CollectResult, evalConfig EvalConfig) *PolicyResults
Evaluates RBAC permissions using Rego policies
type ServiceAccountViolation ¶
type ServiceAccountViolation struct { Name string `json:"name"` Namespace string `json:"namespace"` Nodes []map[string][]string `json:"nodes,omitempty"` ProviderIAM map[string]string `json:"providerIAM,omitempty" mapstructure:"providerIAM"` }
Violation from a serviceAccount
type Summary ¶
type Summary struct { Failed int `json:"failed"` Passed int `json:"passed"` Errors int `json:"errors"` Evaluated int `json:"evaluated"` }
Summary of results from all evaluated policies
type Violations ¶
type Violations struct { ServiceAccounts []ServiceAccountViolation `json:"serviceAccounts,omitempty" mapstructure:"serviceAccounts"` Nodes []string `json:"nodes,omitempty"` Combined []CombinedViolation `json:"combined,omitempty"` Users []string `json:"users,omitempty"` Groups []string `json:"groups,omitempty"` }
Policy violations
Click to show internal directories.
Click to hide internal directories.