apis

package
v0.0.389 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 19 Imported by: 22

Documentation

Index

Constants

View Source 
const (
	VulnerabilityScanCommandVersion string = "v1"
	ContainerScanCommandPath        string = "scanImage"
	RegistryScanCommandPath         string = "scanRegistryImage"
	SBOMCalculationCommandPath      string = "generateSBOM"
	DBCommandPath                   string = "DBCommand"
	ServerReady                     string = "ready"
)

WebsocketScanCommand api

View Source 
const (
	CommandDeprecatedArgsJobParams string = "kubescapeJobParams"
)

Variables

This section is empty.

Functions

func BEHttpRequest 

func BEHttpRequest(loginobj *LoginObject, beURL,
	httpverb string,
	endpoint string,
	payload []byte,
	f HTTPReqFunc,
	qryData interface{}) ([]byte, error)

func BackendGetCVEExceptionByDEsignator 

func BackendGetCVEExceptionByDEsignator(baseURL string, cusGUID string, designators *identifiers.PortalDesignator) ([]armotypes.VulnerabilityExceptionPolicy, error)

func BasicBEQuery 

func BasicBEQuery(req *http.Request, qryData interface{})

func EmptyQuery 

func EmptyQuery(req *http.Request, qryData interface{})

func GetBEInfo 

func GetBEInfo(cfgFile string) string

func GetOauth2TokenURL 

func GetOauth2TokenURL() string

func LoginWithKeycloak 

func LoginWithKeycloak(loginDetails CustomerLoginDetails) ([]uuid.UUID, *oidc.IDToken, error)

func MapQuery 

func MapQuery(req *http.Request, qryData interface{})

func MapQueryWithoutSortKeys 

func MapQueryWithoutSortKeys(req *http.Request, qryData interface{})

func SIDFallback 

func SIDFallback(c *Command)

func ValidateBEConnectorMakerInput 

func ValidateBEConnectorMakerInput(client *http.Client, baseURL string, loginDetails *CustomerLoginDetails) error

func ValidatePublicBEConnectorMakerInput 

func ValidatePublicBEConnectorMakerInput(client *http.Client, baseURL string) error

Types

type AuthenticationCookie 

type AuthenticationCookie struct {
	Oauth2Claims  `json:",inline"`
	CustomerGUID  uuid.UUID `json:"customerGuid"`
	Expires       time.Time `json:"expires"`
	Version       int       `json:"version"`
	Authorization string    `json:"authorization,omitempty"`
}

AuthenticationCookie is what it is

type BELoginResponse 

type BELoginResponse struct {
	Name              string `json:"name"`
	PreferredUsername string `json:"preferred_username"`
	Email             string `json:"email"`
	CustomerGuid      string `json:"customerGuid"`
	Expires           string `json:"expires"`
	Authorization     string `json:"authorization"`
	Cookies           []*http.Cookie
}

func BELogin 

func BELogin(loginDetails *CustomerLoginDetails, login string, cfg string) (*BELoginResponse, error)

func (*BELoginResponse) ToLoginObject 

func (r *BELoginResponse) ToLoginObject() *LoginObject

type BackendConnector 

type BackendConnector struct {
	BaseURL         string
	BELoginResponse *BELoginResponse
	Credentials     *CustomerLoginDetails
	HTTPClient      *http.Client
}

func MakeBackendConnector 

func MakeBackendConnector(client *http.Client, baseURL string, loginDetails *CustomerLoginDetails) (*BackendConnector, error)

func MakePublicBackendConnector 

func MakePublicBackendConnector(baseURL string) (*BackendConnector, error)

func (*BackendConnector) GetBaseURL 

func (r *BackendConnector) GetBaseURL() string

func (*BackendConnector) GetClient 

func (r *BackendConnector) GetClient() *http.Client

func (*BackendConnector) GetLoginObj 

func (r *BackendConnector) GetLoginObj() *LoginObject

func (*BackendConnector) HTTPSend 

func (r *BackendConnector) HTTPSend(httpverb string,
	endpoint string,
	payload []byte,
	f HTTPReqFunc,
	login bool,
	qryData interface{}) ([]byte, error)

func (*BackendConnector) IsExpired 

func (r *BackendConnector) IsExpired() bool

func (*BackendConnector) Login 

func (r *BackendConnector) Login() error

type Command 

type Command struct {
	// Name of the command
	//
	// Example: updateRules
	CommandName NotificationPolicyType `json:"commandName"`
	// ID of the response
	//
	// Example: 49cfe0a0-9fab-4e54-a6e4-7b27e566d3cd
	ResponseID string `json:"responseID,omitempty"`

	// Designators for the command
	//
	// Designators select the targets to which the command applies.
	Designators []identifiers.PortalDesignator `json:"designators,omitempty"`
	Wlid        string                         `json:"wlid,omitempty"`
	WildWlid    string                         `json:"wildWlid,omitempty"`
	Sid         string                         `json:"sid,omitempty"`
	WildSid     string                         `json:"wildSid,omitempty"`
	// Job tracking context for
	JobTracking JobTracking `json:"jobTracking,omitempty"`

	// Arguments for the command
	Args map[string]interface{} `json:"args,omitempty"`
}

Command describes an individual command for the in-cluster components

func (*Command) DeepCopy 

func (c *Command) DeepCopy() *Command

func (*Command) GetArg 

func (c *Command) GetArg(key string) interface{}

func (*Command) GetCronJobParams 

func (c *Command) GetCronJobParams() *CronJobParams

func (*Command) GetFieldSelector 

func (c *Command) GetFieldSelector() map[string]string

func (*Command) GetID 

func (c *Command) GetID() string

func (*Command) GetLabels 

func (c *Command) GetLabels() map[string]string

func (*Command) Json 

func (c *Command) Json() string

func (*Command) SetArg 

func (c *Command) SetArg(key string, value interface{})

func (*Command) SetCronJobParams 

func (c *Command) SetCronJobParams(cjParams CronJobParams)

func (*Command) SetFieldSelector 

func (c *Command) SetFieldSelector(labels map[string]string)

func (*Command) SetLabels 

func (c *Command) SetLabels(labels map[string]string)

type Commands 

type Commands struct {
	// A list of commands to execute
	//
	// Example: [ { "CommandName": "scanRegistry", "args": { "registryInfo-v1": { "registryName": "quay.io/armosec" } } } ]
	Commands []Command `json:"commands"`
}

Commands contains a collection of commands for the in-cluster components

type Connector 

type Connector interface {

	//may used for a more generic httpsend interface based method
	GetBaseURL() string
	GetLoginObj() *LoginObject
	GetClient() *http.Client

	Login() error
	IsExpired() bool

	HTTPSend(httpverb string,
		endpoint string,
		payload []byte,
		f HTTPReqFunc,
		qryData interface{}) ([]byte, error)
}

Connector - interface for any connector (BE/Portal and so on)

type CronJobParams 

type CronJobParams struct {
	CronTabSchedule string `json:"cronTabSchedule"`
	JobName         string `json:"name,omitempty"`
}

CronJobParams parmas for cronJob

type CustomerLoginDetails 

type CustomerLoginDetails struct {
	Email        string    `json:"email"`
	Password     string    `json:"password"`
	CustomerName string    `json:"customer,omitempty"`
	CustomerGUID uuid.UUID `json:"customerGuid,omitempty"`
}

CustomerLoginDetails is what it is

type DBCommand 

type DBCommand struct {
	Commands map[string]interface{} `json:"commands"`
}

type HTTPReqFunc 

type HTTPReqFunc func(req *http.Request, qryData interface{})

HTTPReqFunc allows you to insert query params and more to aggregation message while using update aggregator

type ImageScanCommand added in v0.0.176 

type ImageScanCommand interface {
	GetWlid() string
	GetImageHash() string
	GetCreds() *registry.AuthConfig
	GetCredentialsList() []registry.AuthConfig
	SetCredentialsList([]registry.AuthConfig)
	GetArgs() map[string]interface{}
	SetArgs(map[string]interface{})
	GetSession() SessionChain
	SetSession(SessionChain)
	GetImageTag() string
	SetImageTag(string)
	GetJobID() string
	SetJobID(string)
	GetParentJobID() string
	SetParentJobID(string)
}

type ImageScanParams added in v0.0.176 

type ImageScanParams struct {
	// A list of credentials for private Container Registries that store images to be scanned
	Credentialslist []registry.AuthConfig `json:"credentialsList,omitempty"`
	// Arguments to pass to the scan command
	//
	// Example: {"useHTTP": true, "skipTLSVerify": true, "registryName": "", "repository": "", "tag": ""}
	Args map[string]interface{} `json:"args,omitempty"`
	// Current session context
	//
	// Used for correlating requests in the logs.
	Session SessionChain `json:"session,omitempty"`
	// Tag of the image to scan
	//
	// Example: nginx:latest
	ImageTag string `json:"imageTag"`
	// ID of the scanning Job
	//
	// Example: 7b04592b-665a-4e47-a9c9-65b2b3cabb49
	JobID string `json:"jobID,omitempty"`
	// ID of the Parent Job — a job that initiated the current job
	//
	// Example: 825f0a9e-34a9-4727-b81a-6e1bf3a63725
	ParentJobID string `json:"parentJobID,omitempty"`
}

type JobTracking 

type JobTracking struct {
	// ID of the current job
	//
	// Example: 0f2c8611-ba99-40e5-af21-2bc3823e3283
	JobID string `json:"jobID,omitempty"`
	// ID of the parent job
	//
	// Example: 6ecfe560-104c-4e7b-8cd3-ee3cbc3b58fb
	ParentID string `json:"parentAction,omitempty"`
	// Number of the last action
	//
	// Example: 2
	LastActionNumber int `json:"numSeq,omitempty"`
	// Timestamp of the latest action
	Timestamp time.Time `json:"timestamp,omitempty"`
}

JobTracking describes a context in which the job is executing It is used to track job execution source and context: what spawned it, when and under what circumstances.

type LoginAux 

type LoginAux struct {
	Referer string
	Url     string
}

func GetLoginStruct 

func GetLoginStruct() (LoginAux, error)

type LoginObject 

type LoginObject struct {
	Authorization string `json:"authorization"`
	GUID          string
	Cookies       []*http.Cookie
	Expires       string
}

func Login 

func Login(loginDetails CustomerLoginDetails) (*LoginObject, error)

func (*LoginObject) IsExpired 

func (r *LoginObject) IsExpired() bool

type NotificationPolicyType 

type NotificationPolicyType string

Supported NotificationTypes

swagger:enum NotificationPolicyType 

const (
	TypeValidateRules NotificationPolicyType = "validateRules"
	// Execute a posture scan
	TypeExecPostureScan NotificationPolicyType = "execPostureScan"
	TypeUpdateRules     NotificationPolicyType = "updateRules"
	TypeRunKubescapeJob NotificationPolicyType = "runKubescapeJob"
	// Trigger a Kubescape scan
	TypeRunKubescape NotificationPolicyType = "kubescapeScan"
	// Create a CronJob that runs a Kubescape scan
	TypeSetKubescapeCronJob NotificationPolicyType = "setKubescapeCronJob"
	// Update a CronJob that runs a Kubescape scan
	TypeUpdateKubescapeCronJob NotificationPolicyType = "updateKubescapeCronJob"
	// Delete a CronJob that runs a Kubescape scan
	TypeDeleteKubescapeCronJob NotificationPolicyType = "deleteKubescapeCronJob"
	// Create a CronJob that runs a Vulnerability Scan
	TypeSetVulnScanCronJob NotificationPolicyType = "setVulnScanCronJob"
	// Update a CronJob that runs a Vulnerability Scan
	TypeUpdateVulnScanCronJob NotificationPolicyType = "updateVulnScanCronJob"
	// Delete a CronJob that runs a Vulnerability Scan
	TypeDeleteVulnScanCronJob NotificationPolicyType = "deleteVulnScanCronJob"
	// Trigger an image scan
	TypeScanImages NotificationPolicyType = "scan"
	// Trigger a relevancy image scan
	TypeCalculateSBOM NotificationPolicyType = "calculateSBOM"
	// Trigger a registry scan
	TypeScanRegistry NotificationPolicyType = "scanRegistry"
	// Create a CronJob that runs registry scans
	TypeSetRegistryScanCronJob NotificationPolicyType = "setRegistryScanCronJob"
	// Update a CronJob that runs registry scans
	TypeUpdateRegistryScanCronJob NotificationPolicyType = "updateRegistryScanCronJob"
	// Delete a CronJob that runs registry scans
	TypeDeleteRegistryScanCronJob NotificationPolicyType = "deleteRegistryScanCronJob"
	TypeTestRegistryConnectivity  NotificationPolicyType = "testRegistryConnectivity"
)

type Oauth2Claims 

type Oauth2Claims struct {
	Sub               string   `json:"sub"`
	Name              string   `json:"name"`
	PreferredUserName string   `json:"preferred_username"`
	CAGroups          []string `json:"ca_groups"`
	Email             string   `json:"email"`
}

Oauth2Claims returns in claims section of Oauth2 verification process

type Oauth2Customer 

type Oauth2Customer struct {
	CustomerName string `json:"customerName"`
	CustomerGUID string `json:"customerGUID"`
}

Oauth2Customer returns inside the "ca_groups" field in claims section of Oauth2 verification process

type PaginationMarks 

type PaginationMarks struct {
	ReportNumber int  `json:"chunkNumber"` // serial number of report, used in pagination
	IsLastReport bool `json:"isLastChunk"` //specify this is the last report, used in pagination
}

PaginationMarks for split documents

func (*PaginationMarks) NKeys added in v0.0.220 

func (pm *PaginationMarks) NKeys() int

func (*PaginationMarks) UnmarshalJSONObject added in v0.0.220 

func (pm *PaginationMarks) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)

type RegistryScanCommand added in v0.0.176 

type RegistryScanCommand struct {
	ImageScanParams
}

func (*RegistryScanCommand) GetArgs added in v0.0.176 

func (r *RegistryScanCommand) GetArgs() map[string]interface{}

func (*RegistryScanCommand) GetCredentialsList added in v0.0.176 

func (r *RegistryScanCommand) GetCredentialsList() []registry.AuthConfig

func (*RegistryScanCommand) GetCreds added in v0.0.176 

func (r *RegistryScanCommand) GetCreds() *registry.AuthConfig

func (*RegistryScanCommand) GetImageHash added in v0.0.176 

func (r *RegistryScanCommand) GetImageHash() string

func (*RegistryScanCommand) GetImageTag added in v0.0.176 

func (r *RegistryScanCommand) GetImageTag() string

func (*RegistryScanCommand) GetJobID added in v0.0.176 

func (r *RegistryScanCommand) GetJobID() string

func (*RegistryScanCommand) GetParentJobID added in v0.0.176 

func (r *RegistryScanCommand) GetParentJobID() string

func (*RegistryScanCommand) GetSession added in v0.0.176 

func (r *RegistryScanCommand) GetSession() SessionChain

func (*RegistryScanCommand) GetWlid added in v0.0.176 

func (r *RegistryScanCommand) GetWlid() string

func (*RegistryScanCommand) SetArgs added in v0.0.176 

func (r *RegistryScanCommand) SetArgs(args map[string]interface{})

func (*RegistryScanCommand) SetCredentialsList added in v0.0.176 

func (r *RegistryScanCommand) SetCredentialsList(credentialslist []registry.AuthConfig)

func (*RegistryScanCommand) SetImageTag added in v0.0.176 

func (r *RegistryScanCommand) SetImageTag(imageTag string)

func (*RegistryScanCommand) SetJobID added in v0.0.176 

func (r *RegistryScanCommand) SetJobID(jobID string)

func (*RegistryScanCommand) SetParentJobID added in v0.0.176 

func (r *RegistryScanCommand) SetParentJobID(parentJobID string)

func (*RegistryScanCommand) SetSession added in v0.0.176 

func (r *RegistryScanCommand) SetSession(session SessionChain)

type SessionChain 

type SessionChain struct {
	// All related job IDs in order from the most distant to the closes relative.
	//
	// For instance: grandparent → parent → current.
	//
	// Example: ["825f0a9e-34a9-4727-b81a-6e1bf3a63725", "c188de09-c6ec-4814-b36a-722dcccea64b"]
	JobIDs []string `json:"jobIDs"`
	// The timestamp of the earliest job
	Timestamp time.Time `json:"timestamp"`
	// ID of the job that started this chain.
	//
	// Example: 825f0a9e-34a9-4727-b81a-6e1bf3a63725
	// swagger:strfmt uuid4
	RootJobID string `json:"rootJobID,omitempty"`
	// Title of the current action being performed
	//
	// Example: vulnerability-scan
	ActionTitle string `json:"action,omitempty"`
}

SessionChain provides the context of a given job.

The goal is to provide context for a given job: its parent jobs, a chain of how the jobs were spawned and some metadata.

Consider a vulnerability scan, for example:

  • The Backend or cluster sends a websocket request with a Job ID, e.g. jobID_1.
  • The Websocket takes all the cluster workloads and for each workload it creates a job with ID `jobID_i`.
  • Then, for each container in `workload_i` it creates a job with ID `jobID_j`.

So when the Websocket sends the scan command, it sends the normal command object (pre Session Chain) to the Vulnerability Scanner 

session: {
  "jobIDs": ["jobID_1", "jobID_i", "jobID_j"],
  "timestamp": "<jobID#1 timestamp>",
  "rootJobID": "jobID_1"
}

This Session Chain is needed so that:

  • each scan will hold it's own unique sessionChain.
  • `rootJobID` will allow customers to find their latest scans issues by cluster/other.
  • `jobID`s will allow customers to take all specific workload related for that specific scan.

type SessionChainWrapper 

type SessionChainWrapper struct {
	SessionChain `json:",inline"`
	Designators  identifiers.PortalDesignator `json:"designators"`
}

type WebsocketScanCommand 

type WebsocketScanCommand struct {
	ImageScanParams
	// ID of a workload that is running the image you want to scan
	//
	// Example: wlid://cluster-marina/namespace-default/deployment-nginx
	Wlid string `json:"wlid"`
	// Has the provided image been previously scanned or not?
	//
	// An image will only be scanned if it has not been scanned previously (value is `false`).
	// If an image has been previously scanned (value is `true`), it will not be scanned again.
	//
	// Example: false
	IsScanned bool `json:"isScanned"`
	// Name of the container that contains an image to be scanned
	//
	// Example: nginx
	ContainerName string `json:"containerName"`
	// The last action received from the Websocket
	//
	// Example: 2
	LastAction int `json:"actionIDN"`
	// Hash of the image to scan
	//
	// Example: bcae378eacedab83da66079d9366c8f5df542d7ed9ab23bf487e3e1a8481375d
	ImageHash string `json:"imageHash"`
	// InstanceID for relevancy scan
	// namespace-<namespace>/<kind>-<name>/<resourceVersion>
	// Example: namespace-default/pod-nginx/75641
	InstanceID *string `json:"instanceID,omitempty"`
	// Deprecated: Credentials to the Container Registry that holds the image to be scanned
	//
	// Kept for backward compatibility
	Credentials *registry.AuthConfig `json:"credentials,omitempty"`
}

WebsocketScanCommand is a command that triggers a scan for vulnerabilities.

func (*WebsocketScanCommand) GetArgs added in v0.0.176 

func (c *WebsocketScanCommand) GetArgs() map[string]interface{}

func (*WebsocketScanCommand) GetCredentialsList added in v0.0.176 

func (c *WebsocketScanCommand) GetCredentialsList() []registry.AuthConfig

func (*WebsocketScanCommand) GetCreds added in v0.0.176 

func (c *WebsocketScanCommand) GetCreds() *registry.AuthConfig

func (*WebsocketScanCommand) GetImageHash added in v0.0.176 

func (c *WebsocketScanCommand) GetImageHash() string

func (*WebsocketScanCommand) GetImageTag added in v0.0.176 

func (c *WebsocketScanCommand) GetImageTag() string

func (*WebsocketScanCommand) GetJobID added in v0.0.176 

func (c *WebsocketScanCommand) GetJobID() string

func (*WebsocketScanCommand) GetParentJobID added in v0.0.176 

func (c *WebsocketScanCommand) GetParentJobID() string

func (*WebsocketScanCommand) GetSession added in v0.0.176 

func (c *WebsocketScanCommand) GetSession() SessionChain

func (*WebsocketScanCommand) GetWlid added in v0.0.176 

func (c *WebsocketScanCommand) GetWlid() string

func (*WebsocketScanCommand) SetArgs added in v0.0.176 

func (c *WebsocketScanCommand) SetArgs(args map[string]interface{})

func (*WebsocketScanCommand) SetCredentialsList added in v0.0.176 

func (c *WebsocketScanCommand) SetCredentialsList(credentialslist []registry.AuthConfig)

func (*WebsocketScanCommand) SetImageTag added in v0.0.176 

func (c *WebsocketScanCommand) SetImageTag(imageTag string)

func (*WebsocketScanCommand) SetJobID added in v0.0.176 

func (c *WebsocketScanCommand) SetJobID(jobID string)

func (*WebsocketScanCommand) SetParentJobID added in v0.0.176 

func (c *WebsocketScanCommand) SetParentJobID(parentJobID string)

func (*WebsocketScanCommand) SetSession added in v0.0.176 

func (c *WebsocketScanCommand) SetSession(session SessionChain)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.