utils

package

v0.6.1 Latest Latest Go to latest Published: Apr 3, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gardener/diki

Links

Open Source Insights

Documentation ¶

Index ¶

func EqualSets(s1, s2 []string) bool
func ExceedFilePermissions(filePermissions, filePermissionsMax string) (bool, error)
func GetContainerID(pod corev1.Pod, containerName string) (string, error)
func GetContainerMounts(ctx context.Context, podExecutorRootPath string, podExecutor pod.PodExecutor, ...) ([]config.Mount, error)
func GetMountedFilesStats(ctx context.Context, podExecutorRootPath string, podExecutor pod.PodExecutor, ...) (map[string][]FileStats, error)
func MatchFileOwnersCases(fileStats FileStats, expectedFileOwnerUsers, expectedFileOwnerGroups []string, ...) []rule.CheckResult
func MatchLabels(m1, m2 map[string]string) bool
func Subset(s1, s2 []string) bool
type FileStats
- func (fs FileStats) Base() string
- func (fs FileStats) Dir() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func EqualSets ¶

func EqualSets(s1, s2 []string) bool

EqualSets checks if two slices contain exactly the same elements independent of the ordering.

func ExceedFilePermissions ¶ added in v0.4.0

func ExceedFilePermissions(filePermissions, filePermissionsMax string) (bool, error)

ExceedFilePermissions returns true if any of the user, group or other permissions exceed their counterparts in what is passed as max permissions.

Examples where filePermissions do not exceed filePermissionsMax:

filePermissions = "0003" filePermissionsMax = "0644"
filePermissions = "0444" filePermissionsMax = "0644"
filePermissions = "0600" filePermissionsMax = "0644"
filePermissions = "0644" filePermissionsMax = "0644"

Examples where filePermissions exceed filePermissionsMax:

filePermissions = "0005" filePermissionsMax = "0644"
filePermissions = "0050" filePermissionsMax = "0644"
filePermissions = "0700" filePermissionsMax = "0644"
filePermissions = "0755" filePermissionsMax = "0644"

func GetContainerID ¶ added in v0.5.0

func GetContainerID(pod corev1.Pod, containerName string) (string, error)

GetContainerID returns the container ID specified in the container statust by container name

func GetContainerMounts ¶ added in v0.5.0

func GetContainerMounts(
	ctx context.Context,
	podExecutorRootPath string,
	podExecutor pod.PodExecutor,
	containerID string,
) ([]config.Mount, error)

GetContainerMounts returns the container mounts of a container

func GetMountedFilesStats ¶ added in v0.4.0

func GetMountedFilesStats(
	ctx context.Context,
	podExecutorRootPath string,
	podExecutor pod.PodExecutor,
	pod corev1.Pod,
	excludeSources []string,
) (map[string][]FileStats, error)

GetMountedFilesStats returns file stats grouped by container name for all mounted files in a pod with the exception of files mounted at `/dev/termination-log` destination. Host sources can be exluded by setting excludeSources.

func MatchFileOwnersCases ¶ added in v0.4.0

func MatchFileOwnersCases(
	fileStats FileStats,
	expectedFileOwnerUsers,
	expectedFileOwnerGroups []string,
	target rule.Target,
) []rule.CheckResult

MatchFileOwnersCases returns []rule.CheckResult for a given file and its owners for a select expected values.

func MatchLabels ¶

func MatchLabels(m1, m2 map[string]string) bool

MatchLabels checks if all m2 keys and values are present in m1. If m1 or m2 is nil returns false.

func Subset ¶

func Subset(s1, s2 []string) bool

Subset checks if all elements of s1 are contained in s2. An empty s1 is always a subset of s2.

Types ¶

type FileStats ¶ added in v0.4.0

type FileStats struct {
	Path                  string
	Permissions           string
	UserOwner, GroupOwner string
	FileType              string
}

FileStats contains single file stats

func GetFileStatsByDir ¶ added in v0.5.0

func GetFileStatsByDir(
	ctx context.Context,
	podExecutor pod.PodExecutor,
	dirPath string,
) ([]FileStats, error)

GetFileStatsByDir returns file stats for files in a specific directory

func GetSingleFileStats ¶ added in v0.5.0

func GetSingleFileStats(
	ctx context.Context,
	podExecutor pod.PodExecutor,
	filePath string,
) (FileStats, error)

GetSingleFileStats returns file stats for a specified file

func NewFileStats ¶ added in v0.4.0

func NewFileStats(stats, delimiter string) (FileStats, error)

NewFileStats creates a new FileStats object from the result of stat command called with `-c "%a %u %g %F %n"` flag and value

func (FileStats) Base ¶ added in v0.4.0

func (fs FileStats) Base() string

Base calls filepath.Base on [Path]

func (FileStats) Dir ¶ added in v0.4.0

func (fs FileStats) Dir() string

Dir calls filepath.Dir on [Path]

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL