Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AbbreviatedPolicyResult ¶
type AbbreviatedPolicyResult struct {
PolicyFile string `json:"policy"`
Severity string `json:"severity,omitempty"`
Description string `json:"description,omitempty"`
Violations AbbreviatedViolations `json:"violations,omitempty"`
}
Result of policy evaluation, abbreviated
type AbbreviatedPolicyResults ¶
type AbbreviatedPolicyResults struct {
PolicyResults []AbbreviatedPolicyResult `json:"policyResults"`
Summary Summary `json:"summary"`
}
Abbreviated results for policies
func AbbreviateResults ¶
func AbbreviateResults(policyResults *PolicyResults) AbbreviatedPolicyResults
Returns a shortened version of @policyResults
type AbbreviatedViolations ¶
type AbbreviatedViolations struct {
ServiceAccounts []string `json:"serviceAccounts,omitempty" mapstructure:"serviceAccounts"`
Nodes []string `json:"nodes,omitempty"`
Combined []CombinedViolation `json:"combined,omitempty"`
Users []string `json:"users,omitempty"`
Groups []string `json:"groups,omitempty"`
}
Policy violations, abbreviated
type CombinedViolation ¶
type CombinedViolation struct {
Node string `json:"node,omitempty"`
ServiceAccounts []string `json:"serviceAccounts,omitempty" mapstructure:"serviceAccounts"`
}
Violation from a node and its hosted serviceAccount
type DescribeRegoResult ¶
type DescribeRegoResult struct {
Severity string `json:"severity,omitempty"`
Description string `json:"desc,omitempty" mapstructure:"desc"`
}
Output from the describe Rego rule
type EvalConfig ¶
type EvalConfig struct {
SeverityThreshold string
OnlySasOnAllNodes bool
IgnoredNamespaces []string
DebugMode bool
SaViolations bool
NodeViolations bool
CombinedViolations bool
UserViolations bool
GroupViolations bool
}
Configuration for Expand()
type EvalRegoResult ¶
type EvalRegoResult struct {
ServiceAccounts []ServiceAccountViolation `json:"serviceAccounts,omitempty" mapstructure:"serviceAccounts"`
Nodes []string `json:"nodes,omitempty"`
Combined []CombinedViolation `json:"combined,omitempty"`
Users []string `json:"users,omitempty"`
Groups []string `json:"groups,omitempty"`
}
Output from the main Rego rule
type PolicyResult ¶
type PolicyResult struct {
PolicyFile string `json:"policy"`
Severity string `json:"severity,omitempty"`
Description string `json:"description,omitempty"`
Violations Violations `json:"violations"`
}
Result of policy evaluation
type PolicyResults ¶
type PolicyResults struct {
PolicyResults []PolicyResult `json:"policyResults"`
Summary Summary `json:"summary"`
}
Evalaution results for policies
func Eval ¶
func Eval(policyPath string, collectResult collect.CollectResult, evalConfig EvalConfig) *PolicyResults
Evaluates RBAC permissions using Rego policies
type ServiceAccountViolation ¶
type ServiceAccountViolation struct {
Name string `json:"name"`
Namespace string `json:"namespace"`
Nodes []map[string][]string `json:"nodes,omitempty"`
ProviderIAM map[string]string `json:"providerIAM,omitempty" mapstructure:"providerIAM"`
}
Violation from a serviceAccount
type Summary ¶
type Summary struct {
Failed int `json:"failed"`
Passed int `json:"passed"`
Errors int `json:"errors"`
Evaluated int `json:"evaluated"`
}
Summary of results from all evaluated policies
type Violations ¶
type Violations struct {
ServiceAccounts []ServiceAccountViolation `json:"serviceAccounts,omitempty" mapstructure:"serviceAccounts"`
Nodes []string `json:"nodes,omitempty"`
Combined []CombinedViolation `json:"combined,omitempty"`
Users []string `json:"users,omitempty"`
Groups []string `json:"groups,omitempty"`
}
Policy violations
Source Files
Click to show internal directories.
Click to hide internal directories.