collector

package module
v0.9.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 25, 2019 License: Apache-2.0 Imports: 26 Imported by: 2

README

Banyan Collector: A framework to peek inside containers

Have you wondered what your container images really contain? If they have the very packages that are susceptible to all kinds of attacks? Or, if they have the configuration you expect when they are run? Banyan Collector provides a powerful, extensible framework to answer all these questions and more.

Banyan Collector is a light-weight, easy to use, and modular system that allows you to launch containers from a registry, run arbitrary scripts inside them, and gather useful information. This framework can be used to statically analyze images for several purposes including:

  • Collect specific information from all images (e.g., packages installed)
  • Enforce policies (e.g., no unauthorized user accounts, etc.)
  • Validate invariants (e.g., nginx.conf is present in the right directory, etc.)
  • and so on...

Getting started

The collector can be run in one of two modes: (a) as a standalone executable (b) in a container. The main requirement is to run the collector on a Docker Host (machine that has the Docker Daemon running). If you want to collect data from a private registry make sure you are logged into it (sudo docker login REGISTRY)

(a) To run it as a standalone executable, you need go in your environment (https://golang.org/doc/install). Once go is installed, just run the following on a Docker Host:

$ go get -u github.com/banyanops/collector/...
$ cd <COLLECTOR_SOURCE_DIR>; sudo COLLECTOR_DIR=$PWD $GOPATH/bin/collector <REGISTRY> <REPO>

where REGISTRY is either a private registry (e.g., http://reg.myorg.com) or Docker Hub (index.docker.io), and REPO is a repository for which you'd like to collect data. For a private registry (with search enabled), if no REPO is specified, data is collected from all the repositories. Collector also supports the Google Container Registry (*.gcr.io), quay.io, and collecting from local images instead of pulling from a registry (by specifying "local.host" as the REGISTRY).

(b) To run the collector in a container, please follow instructions on Docker Hub.

More generally, collector can be configured using several options (e.g., registry poll interval, remove images threshold, secure registry settings, etc.):

$ sudo collector [options] REGISTRY [REPO1 REPO2 ...]

For a list of all the options run:

$ collector -h

Why not just use shell scripts?

Shell scripts are great for quickly getting specific information from images. However, as we add more complexity, it becomes hard to write scripts that are easy to maintain, quickly extensible and portable to different environments.

For example, the complexity in managing registry connections, keeping track of repo/tag changes, cleaning up stale images, supporting arbitrary policies, etc. is too much to handle using simple scripts. Furthermore, packaging the collector in a container provides a portable framework that is not dependent on any particular host configuration, and can seamlessly run anywhere.

Tests

The go tests rely on write access to the Docker UNIX socket /var/run/docker.sock. One approach is to add the user to the "docker" group to enable write access to the socket. Alternatively, the tests can be run as "root", for example using "sudo", but this requires the root user to share the Go development environment ($GOPATH, etc.).

Another requirement to run the tests is to set environment variables $DOCKER_USER and $DOCKER_PASSWORD to the user's Docker Hub login credentials. Additionally, the tests emit a warning if $COLLECTOR_DIR is not set (but the warning can be safely ignored).

Once the environment has been correctly setup, go tests can be run using the standard command:

$ go test

More information

More details about Collector operation/architecture, etc. are available under docs.

For further details about how one might use this in an enterprise, please check out Banyan. This SAAS service offers deeper analysis of your data and provides a dashboard showing which of your images are compliant to your policies (e.g., which of your images have security vulnerabilities, etc.) along with real-time updates and email notifications.

Get involved

Collector is under active development. Fork the project and submit pull requests, or file issues or tweet us @banyanops.

License

Banyan Collector is distributed under Apache 2.0 License. More details in LICENSE.

Documentation

Overview

distro.go has functions for identifying Linux distribution type and version. Currently handles some CentOS, Ubuntu, and Debian versions.

imagedata.go has funcitons that deal with the contents of images, including Linux distribution identification and application package names, versions, and architectures.

metadata.go has functions to gather and save metadata about a Docker image, including its ID, Author, Parent, Creation time, etc.

registry.go deals with issuing requests to Docker registries.

registryauth.go has functions for Docker registry authentication and Docker Hub authentication and indexing.

Index

Constants

View Source 
const (

	// HTTPTIMEOUT is the time to wait for an HTTP request to complete before giving up.
	HTTPTIMEOUT = 32 * time.Second
	// TARGETCONTAINERDIR is the path in the target container where the exported binaries and scripts are located.
	TARGETCONTAINERDIR = "/banyancollector"
	// DockerTimeout specifies how long to wait for Docker daemon to finish a task, like pull image.
	DockerTimeout = time.Minute * 10
	// Prefix of container name for image scanning
	ScanContainerNamePrefix = "banyan-collector-image-scan-"
)
View Source 
const (
	PKGEXTRACTSCRIPT = "pkgextractscript.sh"
)

Variables

View Source 
var (
	// DockerClient is the http Client used to connect to the docker daemon endpoint
	DockerClient    *http.Client
	DockerTLSVerify = true
	DockerProto     = "unix"
	DockerAddr      = dummydomain
)
View Source 
var (
	ReposToProcess = make(map[RepoType]bool)
	ExcludeRepo    = func() map[RepoType]bool {
		excludeList := []RepoType{}
		m := make(map[RepoType]bool)
		for _, r := range excludeList {
			m[r] = true
		}
		return m
	}()
)
View Source 
var (
	// HubAPI indicates whether to use the Docker Hub API.
	HubAPI bool
	// LocalHost indicates whether to collect images from local host
	LocalHost     bool
	HTTPSRegistry = flag.Bool("registryhttps", true,
		"Set to false if registry does not need HTTPS (SSL/TLS)")
	AuthRegistry = flag.Bool("registryauth", true,
		"Set to false if registry does not need authentication")
	RegistryProto = flag.String("registryproto", "v2",
		"Select the registry protocol to use: v1, v2, quay")
	RegistryTokenAuthV1 = flag.Bool("registrytokenauthv1", false,
		"Registry uses v1 Token Auth, e.g., original v1 Docker Hub")
	RegistryTLSNoVerify = flag.Bool("registrytlsnoverify", false,
		"True to trust the registry without verifying certificate")
	// registryspec is the host.domainname of the registry
	RegistrySpec string
	// registryAPIURL is the http(s)://[user:password@]host.domainname of the registry
	RegistryAPIURL string
	// XRegistryAuth is the base64-encoded AuthConfig object (for X-Registry-Auth HTTP request header)
	XRegistryAuth string
	// BasicAuth is the base64-encoded Auth field read from $HOME/.dockercfg
	BasicAuth string
	// DockerConfig is the name of the config file containing registry authentication information.
	DockerConfig string
)
View Source 
var (
	//userScriptsDir    = flag.String([]string{"userscriptsdir"}, config.BANYANDIR()+"/hosttarget/userscripts", "Directory with all user-specified scripts")
	UserScriptStore   = flag.StringP("userscriptstore", "u", config.COLLECTORDIR()+"/data/userscripts", "Directory with all user-specified scripts")
	UserScriptsDir    = config.BANYANDIR() + "/hosttarget/userscripts"
	DefaultScriptsDir = config.BANYANDIR() + "/hosttarget/defaultscripts"
	BinDir            = config.BANYANDIR() + "/hosttarget/bin"
)
View Source 
var DistroMap = map[string]string{
	"Ubuntu 16.10": "UBUNTU-yakkety",
	"Ubuntu 16.04": "UBUNTU-xenial",
	"Ubuntu 15.10": "UBUNTU-wily",
	"Ubuntu 15.04": "UBUNTU-vivid",
	"Ubuntu 14.10": "UBUNTU-utopic",
	"Ubuntu Utopic Unicorn (development branch)": "UBUNTU-utopic",
	"Ubuntu 13.10":                 "UBUNTU-saucy",
	"Ubuntu 13.04":                 "UBUNTU-raring",
	"Ubuntu 12.10":                 "UBUNTU-quantal",
	"Ubuntu 11.10":                 "UBUNTU-oneiric",
	"Ubuntu 11.04":                 "UBUNTU-natty",
	"Ubuntu 10.10":                 "UBUNTU-maverick",
	"CentOS Linux 7 (Core)":        "REDHAT-7Server",
	"Debian GNU/Linux 7 (wheezy)":  "DEBIAN-wheezy",
	"Debian 6.0.10":                "DEBIAN-squeeze",
	"Debian GNU/Linux 8 (jessie)":  "DEBIAN-jessie",
	"Debian GNU/Linux jessie/sid":  "DEBIAN-jessie",
	"Debian GNU/Linux stretch/sid": "DEBIAN-stretch-sid",
}

DistroMap is a reference that maps each pretty name to the corresponding distribution name.

View Source 
var (
	WriterList []Writer
)

Functions

func AddRegistryRateLimiter added in v0.9.0 

func AddRegistryRateLimiter(numRequests int, period time.Duration) (err error)

AddRegistryRateLimiters sets up rate limiter. Each rate limiter makes collector issue at most numRequests requests to the registry every timePeriod.

func CheckRepoToProcess added in v0.5.7 

func CheckRepoToProcess(repo RepoType) bool

CheckRepoToProcess returns true if ReposToProcess is empty or if the given repo exists in ReposToProcess.

func CreateContainer added in v0.5.10 

func CreateContainer(containerSpec []byte) (containerID string, err error)

CreateContainer makes a docker remote API call to create a container.

func DelRegistryRateLimiters added in v0.9.0 

func DelRegistryRateLimiters()

DelRegistryRateLimiters removes all the rate limiters.

func DockerAPI added in v0.5.10 

func DockerAPI(client *http.Client, operation, apipath string, jsonString []byte,
	XRegistryAuth string) (resp []byte, e error)

DockerAPI performs an HTTP GET,POST,DELETE operation to the Docker daemon.

func DockerVersion added in v0.5.10 

func DockerVersion() (major, minor, revision int, err error)

func GetImageAllData 

func GetImageAllData(pulledImages ImageSet) (outMapMap map[string]map[string]interface{})

GetImageAllData extracts content info from each pulled image. Currently it gets system package info.

func GetImageMetadataTokenAuthV1 added in v0.5.4 

func GetImageMetadataTokenAuthV1(oldMetadataSet MetadataSet) (tagSlice []TagInfo, metadataSlice []ImageMetadataInfo)

GetImageMetadataTokenAuthV1 returns repositories/tags/image metadata from the Docker Hub or other registry using v1 token authorization. The user must have specified a set of repositories of interest. The function queries the index server, e.g., Docker Hub, to get the token and registry, and then uses the token to query the registry.

func GetImageToMDMap 

func GetImageToMDMap(imageMDs []ImageMetadataInfo) (imageToMDMap map[string][]ImageMetadataInfo)

GetImageToMDMap takes image metadata structs and produces a map of imageID to metadata struct.

func GetNewImageMetadata 

func GetNewImageMetadata(oldMetadataSet MetadataSet) (metadataSlice []ImageMetadataInfo, currentMetadataSet MetadataSet)

GetNewImageMetadata takes the set of existing images, queries the registry to find any changes, and then brings the Output Writer up to date by telling it the obsolete metadata to delete and the new metadata to add.

func GetRegistryURL 

func GetRegistryURL() (URL string, hubAPI bool, BasicAuth string, XRegistryAuth string)

GetRegistryURL determines the full URL, with or without HTTP Basic Auth, needed to access the registry or Docker Hub.

func InspectImage added in v0.5.10 

func InspectImage(imageID string) (resp []byte, err error)

func LogsContainer added in v0.5.10 

func LogsContainer(containerID string) (output []byte, err error)

LogsContainer makes a docker remote API call to get logs from a container.

func NeedRegistrySearch added in v0.5.7 

func NeedRegistrySearch() (searchTerm string)

NeedRegistrySearch checks ReposToProcess and returns the search term to use if the registry search API needs to be invoked, else "".

func NewDockerClient added in v0.9.0 

func NewDockerClient(proto, addr string) (client *http.Client, e error)

NewDockerClient creates an HTTP transport to the Docker unix/tcp socket.

func NewTLSTransport 

func NewTLSTransport(hostpath string, certfile, cafile, keyfile string) (transport *http.Transport, err error)

func PullImage 

func PullImage(metadata *ImageMetadataInfo) (err error)

PullImage performs a docker pull on an image specified by repo/tag.

func RegAuth 

func RegAuth(registry string) (basicAuth, fullRegistry, authConfig string)

RegAuth takes as input the name of a registry, and it parses the contents of $HOME/.dockercfg or $HOME/.docker/config.json to return the user authentication info and registry URL. TODO: Change this to return authConfig instead of user&password, and then use X-Registry-Auth in the HTTP request header.

func RegistryLimiterWait added in v0.9.0 

func RegistryLimiterWait()

RegistryLimiterWait blocks until an event is received on each rate limiter.

func RegistryQueryV1 added in v0.9.0 

func RegistryQueryV1(client *http.Client, URL string) (response []byte, e error)

RegistryQueryV1 performs an HTTP GET operation from a V1 registry and returns the response.

func RegistryQueryV2 added in v0.9.0 

func RegistryQueryV2(client *http.Client, URL string) (response []byte, e error)

RegistryQueryV2 performs an HTTP GET operation from the registry and returns the response. If the initial response has status code 401 Unauthorized and includes WWW-Authenticate header, then we follow the directions in that header to get an access token, and finally re-issue the initial call to get the final response.

func RegistryRequestWithToken 

func RegistryRequestWithToken(client *http.Client, URL string, dockerToken string) (response []byte, e error)

RegistryRequestWithToken queries a Docker Registry that uses v1 Token Auth, e.g., Docker Hub V1.

func RemoveContainer added in v0.5.10 

func RemoveContainer(containerID string) (resp []byte, err error)

RemoveContainer makes a docker remote API call to remove a container.

func RemoveDanglingImages added in v0.5.11 

func RemoveDanglingImages() (e error)

RemoveDanglingImages deletes any dangling images (untagged and unreferenced intermediate layers).

func RemoveImageByID added in v0.5.11 

func RemoveImageByID(image ImageIDType) (resp []byte, err error)

RemoveImageByID calls Docker to remove an image specified by ID.

func RemoveImages 

func RemoveImages(PulledImages []ImageMetadataInfo)

RemoveImages removes least recently pulled docker images from the local docker host.

func RemoveObsoleteMetadata 

func RemoveObsoleteMetadata(obsolete []ImageMetadataInfo)

RemoveObsoleteMetadata removes obsolete metadata from the Banyan service.

func SaveImageAllData 

func SaveImageAllData(outMapMap map[string]map[string]interface{})

SaveImageAllData saves output of all the scripts.

func SaveImageMetadata 

func SaveImageMetadata(metadataSlice []ImageMetadataInfo)

SaveImageMetadata saves image metadata to selected storage location (standard output, Banyan service, etc.).

func StartContainer added in v0.5.10 

func StartContainer(containerID string) (jsonOut []byte, err error)

StartContainer makes a docker remote API call to start a container.

func ValidRepoName 

func ValidRepoName(name string) bool

ValidRepoName verifies that the name of a repo is in a legal format. A valid name can optionally include a wildcard "*" but only as the last character.

func WaitContainer added in v0.5.10 

func WaitContainer(containerID string) (statusCode int, err error)

WaitContainer makes a docker remote API call to wait for a container to finish running.

Types

type AuthConfig 

type AuthConfig struct {
	Username      string `json:"username,omitempty"`
	Password      string `json:"password,omitempty"`
	Auth          string `json:"auth"`
	Email         string `json:"email"`
	ServerAddress string `json:"serveraddress,omitempty"`
}

AuthConfig is a Registry auth info type copied from docker package cliconfig config.go and needed to generate the Authorization header for the Docker Remote API.

type ByDateTime 

type ByDateTime []ImageMetadataInfo

ByDateTime is used to sort ImageMetadataInfo slices by image age from newest to oldest.

func (ByDateTime) Len 

func (a ByDateTime) Len() int

func (ByDateTime) Less 

func (a ByDateTime) Less(i int, j int) bool

func (ByDateTime) Swap 

func (a ByDateTime) Swap(i int, j int)

type Container 

type Container struct {
	ContainerConfig
	HostConfig HostConfig
}

type ContainerConfig added in v0.5.10 

type ContainerConfig struct {
	User         string
	AttachStdin  bool
	AttachStdout bool
	AttachStderr bool
	Tty          bool
	Env          []string
	Cmd          []string
	Entrypoint   []string
	Image        string
	Labels       map[string]string
	WorkingDir   string
}

type ContainerInspection added in v0.5.10 

type ContainerInspection struct {
	Config     ContainerConfig
	HostConfig HostConfig
}

func InspectContainer added in v0.5.10 

func InspectContainer(containerID string) (containerSpec ContainerInspection, err error)

type DockerAuth 

type DockerAuth struct {
	Auth  string
	Email string
}

type DockerAuthSet 

type DockerAuthSet map[string]DockerAuth

DockerAuthSet contains authentication info parsed from $HOME/.dockercfg or $HOME/.docker/config.json

type DockerConfigJSON added in v0.5.2 

type DockerConfigJSON struct {
	Auths DockerAuthSet
}

DockerConfigJSON is used to decode $HOME/.docker/config.json

type FileWriter 

type FileWriter struct {
	// contains filtered or unexported fields
}

func (*FileWriter) AppendImageMetadata 

func (f *FileWriter) AppendImageMetadata(imageMetadata []ImageMetadataInfo)

AppendImageMetadata appends image metadata to file

func (*FileWriter) RemoveImageMetadata 

func (f *FileWriter) RemoveImageMetadata(imageMetadata []ImageMetadataInfo)

RemoveImageMetadata removes image metadata from file

func (*FileWriter) WriteImageAllData 

func (f *FileWriter) WriteImageAllData(outMapMap map[string]map[string]interface{})

WriteImageAllData writes image (pkg and other) data into file

type HTTPStatusCodeError 

type HTTPStatusCodeError struct {
	StatusCode int
	// contains filtered or unexported fields
}

func (*HTTPStatusCodeError) Error 

func (s *HTTPStatusCodeError) Error() string

type HostConfig 

type HostConfig struct {
	Binds       []string
	Links       []string
	Privileged  bool
	VolumesFrom []string
}

type ImageDataInfo 

type ImageDataInfo struct {
	Image        string //this has to be the first field (used in order by)
	DistroName   string //e.g., ubuntu 14.04.02 Trusty....
	DistroID     string //e.g., Trusty
	Pkg          string
	Version      string
	Architecture string
}

ImageDataInfo describes a package included in the contents of an image.

type ImageIDType 

type ImageIDType string

ImageIDType represents docker image IDs.

func ListDanglingImages added in v0.5.11 

func ListDanglingImages() (imageList []ImageIDType, err error)

ListDanglingImages calls Docker to get the list of dangling images, and returns a list of their image IDs.

type ImageMetadataAndAction 

type ImageMetadataAndAction struct {
	Action        string
	ImageMetadata []ImageMetadataInfo
}

type ImageMetadataInfo 

type ImageMetadataInfo struct {
	Image    string    //this has to be the first field (used in order by)
	Datetime time.Time //created at
	OtherMetadata
	ManifestHash string // we calculate a sha256 hex of JSON image manifest returned by a v2 registry
	Registry     string
}

ImageMetadataInfo records basic information about an image.

func GetImageMetadata 

func GetImageMetadata(oldMetadataSet MetadataSet) (metadataSlice []ImageMetadataInfo)

GetImageMetadata determines which image metadata is of interest and then calls either GetImageMetadataSpecifiedV1 or v1GetTagsMetadata to obtain and return the appropriate metadata, depending on whether the info needs to come from a local Docker daemon or a V1 or V2 Docker registry. If the user has specified the repositories to examine, then no other repositories are examined. If the user has not specified repositories, then the registry search API is used to get the list of all repositories in the registry.

func GetImageMetadataSpecifiedV1 added in v0.9.0 

func GetImageMetadataSpecifiedV1(imageMap map[ImageIDType][]RepoTagType,
	oldMetadataSet MetadataSet) (metadataSlice []ImageMetadataInfo, e error)

GetImageMetadataSpecified queries the local host, if LocalHost=true, or else a Docker V1 registry for info about each image specified in the imageMap argument.

func GetLocalImageMetadata added in v0.5.7 

func GetLocalImageMetadata(oldMetadataSet MetadataSet) (metadataSlice []ImageMetadataInfo)

GetLocalImageMetadata returns image metadata queried from a local Docker host. Query the local docker daemon to detect new image builds on the host and new images pulled from registry by users.

type ImageSet 

type ImageSet map[ImageIDType]bool

ImageSet is a set of image IDs.

func NewImageSet 

func NewImageSet() ImageSet

NewImageSet creates a new ImageSet.

func (ImageSet) Exists added in v0.5.5 

func (is ImageSet) Exists(imageID ImageIDType) bool

func (ImageSet) Insert added in v0.5.5 

func (is ImageSet) Insert(imageID ImageIDType)

type ImageStruct 

type ImageStruct struct {
	ID       string
	Parent   string
	Checksum string
	Created  string
	// Container string
	Author  string
	Size    uint64
	Comment string
}

ImageStruct records information returned by the registry to describe an image. This information gets copied to an object of type ImageMetadataInfo.

type ImageToMetadataMap 

type ImageToMetadataMap map[ImageIDType]ImageMetadataInfo

ImageToMetadataMap maps image IDs to ImageMetadataInfo structs.

func NewImageToMetadataMap 

func NewImageToMetadataMap(s MetadataSet) ImageToMetadataMap

NewImageToMetadataMap is a constructor for ImageToMetadataMap.

func (ImageToMetadataMap) Exists 

func (m ImageToMetadataMap) Exists(imageID ImageIDType) bool

Exists checks whether an image ID is present in an ImageToMetadataMap.

func (ImageToMetadataMap) Insert 

func (m ImageToMetadataMap) Insert(imageID ImageIDType, metadata ImageMetadataInfo)

Insert adds an image ID to an Image ID Map.

func (ImageToMetadataMap) Metadata 

func (m ImageToMetadataMap) Metadata(imageID ImageIDType) (metadata ImageMetadataInfo, e error)

Metadata returns the ImageMetadataInfo corresponding to an image ID if that image is present in the input ImageToMetadataMap.

type ImageToRepoTagMap added in v0.5.7 

type ImageToRepoTagMap map[ImageIDType][]RepoTagType

ImageToRepoTagMap maps image ID to all of its aliases (Repository+Tag).

func GetLocalImages added in v0.5.7 

func GetLocalImages(stripRegistry bool, checkRepo bool) (imageMap ImageToRepoTagMap, e error)

GetLocalImages queries the local Docker daemon for list of images. The registry name gets stripped from the repo nam if stripRegistry is set to true. The repo has to appear in the list of repos to check if checkRepo is set to true.

func (ImageToRepoTagMap) FilterRepoTag added in v0.5.10 

func (imageMap ImageToRepoTagMap) FilterRepoTag(repotag RepoTagType) (newImageMap ImageToRepoTagMap)

FilterRepoTag returns a new ImageToRepoTagMap that only has elements that match the given repo:tag.

func (ImageToRepoTagMap) Image added in v0.5.12 

func (imageMap ImageToRepoTagMap) Image(repo RepoType, tag TagType) (imageID ImageIDType, err error)

Image returns the imageID corresponding to a specified repo:tag.

func (ImageToRepoTagMap) Insert added in v0.5.7 

func (imageMap ImageToRepoTagMap) Insert(imageID ImageIDType, repotag RepoTagType)

Insert appends repotag to the slice of RepoTagTypes for imageID in ImageToRepoTagMap.

func (ImageToRepoTagMap) RepoTags added in v0.5.12 

func (imageMap ImageToRepoTagMap) RepoTags(imageID ImageIDType) []RepoTagType

RepoTags returns the repos and tags associated with imageID.

type IndexInfo added in v0.5.4 

type IndexInfo struct {
	Repo        RepoType
	DockerToken string
	RegistryURL string
}

IndexInfo records the index and auth information provided by Docker Hub to access a repository.

type IndexInfoMap added in v0.5.4 

type IndexInfoMap map[RepoType]IndexInfo

IndexInfoMap maps repository name to the corresponding Docker Hub auth/index info.

func NewIndexInfoMap added in v0.5.4 

func NewIndexInfoMap() IndexInfoMap

NewIndexInfoMap is a constructor for IndexInfoMap.

type LocalImageStruct added in v0.5.7 

type LocalImageStruct struct {
	ID       string   `json:"Id"`
	Parent   string   `json:"ParentId"`
	RepoTags []string `json:"RepoTags"`
}

LocalImageStruct records information returned by the local daemon to describe an image,ff in a response to List Image query.

type ManifestV2Schema1 added in v0.9.0 

type ManifestV2Schema1 struct {
	SchemaVersion int
	Name          string
	Tag           string
	Architecture  string
	FsLayers      []V2Schema1FSLayer
	History       []V1Compat
}

type MetadataSet 

type MetadataSet map[ImageMetadataInfo]bool

MetadataSet is a set of Image Metadata Info structures.

func NewMetadataSet 

func NewMetadataSet() MetadataSet

NewMetadataSet creates a new MetadataSet.

func (MetadataSet) Delete added in v0.5.11 

func (m MetadataSet) Delete(metadata ImageMetadataInfo)

Delete removes the metadata entry from the MetadataSet.

func (MetadataSet) Exists added in v0.5.10 

func (m MetadataSet) Exists(metadata ImageMetadataInfo) bool

Exists returns true if the metadata entry is in the MetadataSet. If there's no exact match, then a search is attempted for an entry in the set with non-contradictory values for Image and Metadata Hash (empty values are not considered contradictions) and match in all other fields.

func (MetadataSet) Insert added in v0.5.10 

func (m MetadataSet) Insert(metadata ImageMetadataInfo)

Insert adds a metadata entry to a MetadataSet.

func (MetadataSet) Replace added in v0.9.0 

func (m MetadataSet) Replace(metadata ImageMetadataInfo)

Replace removes matching metadata entry and replaces it with the updated version

func (MetadataSet) SameRepoTag added in v0.9.0 

func (m MetadataSet) SameRepoTag(metadata ImageMetadataInfo) (matches []ImageMetadataInfo)

SameRepoTag returns metadata entries from MetadataSet with the same repo & tag as metadata.

type OtherMetadata added in v0.9.0 

type OtherMetadata struct {
	Repo     string
	Tag      string
	Size     uint64
	Author   string
	Checksum string
	Comment  string
	Parent   string
}

type RepoTagType 

type RepoTagType struct {
	Repo     RepoType
	Tag      TagType
	Registry string
}

RepoTagType represents a docker repository and tag.

func ExtractRepoTag added in v0.5.7 

func ExtractRepoTag(regRepoTag string, stripReg bool) (repoTag RepoTagType, e error)

repoTag info of local images queried from local Docker daemon may include a registry name example: "localhost:5000/test/busybox:latest" in "localhost:5000" is a registry "test/busybox" is a repository "latest" is a tag ExtractRepoTag conditionally strips out registry and returns registry, repo and tag in RepoTagType

type RepoType 

type RepoType string

RepoType represents docker repositories.

type Script 

type Script interface {
	//We expect YAML output from scripts that needs parsing of output by Banyan service
	Run(imageID ImageIDType) ([]byte, error)
	Name() string
}

Script is the common interface to run sripts inside a container

type ScriptInfo 

type ScriptInfo struct {
	// contains filtered or unexported fields
}

Script info for all types (e.g., bash, python, etc.)

func (ScriptInfo) Name 

func (sh ScriptInfo) Name() string

Name gives the name of the script

func (ScriptInfo) Run 

func (sh ScriptInfo) Run(imageID ImageIDType) (b []byte, err error)

Run handles running of a script inside an image

type TagInfo 

type TagInfo struct {
	Repo   RepoType
	TagMap map[TagType]ImageIDType
}

TagInfo records the tag-to-image mappings for a single Docker repository.

type TagType 

type TagType string

TagType represents docker repository tags.

type V1Compat 

type V1Compat struct {
	V1Compatibility string
}

type V2Schema1FSLayer added in v0.9.0 

type V2Schema1FSLayer struct {
	BlobSum string
}

type V2Tag 

type V2Tag struct {
	Name string
	Tags []string
}

type Writer 

type Writer interface {
	// Write output obtained by all the scripts to the appropriate writer plugin
	// Note: outMapMap maps: ImageID -> Script -> Output
	WriteImageAllData(outMapMap map[string]map[string]interface{})

	// Append Image metadata to the appropriate writer plugin
	AppendImageMetadata(imageMetadata []ImageMetadataInfo)

	// Remoe Image metadta from the appropriate writer plugin
	RemoveImageMetadata(imageMetadata []ImageMetadataInfo)
}

This is a writer plugin interface. Currently supported plugins are: "fileWriter": writes to a file in desired format, and "banyanWriter": invokes banyan API to send data to SAAS dashboard

func NewFileWriter 

func NewFileWriter(format string, dir string) Writer

Source Files

View all Source files

Directories

Path Synopsis
cmd
collector
Package config has definitions about the overall configuration of Collector.
 Package config has definitions about the overall configuration of Collector.
Package except defines functions that log a warning or error message, and for fatal errors will quit program execution with an exit status.
 Package except defines functions that log a warning or error message, and for fatal errors will quit program execution with an exit status.
Package fsutil provides filesystem utilities."
 Package fsutil provides filesystem utilities."

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.