conftest

package
v0.15.15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 9, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package conftest provides primitives for working with Conftest.

Index

Constants

View Source
const (
	// Plugin the name of this plugin.
	Plugin = "Conftest"
)

Variables

This section is empty.

Functions

func NewPlugin

func NewPlugin(idGenerator ext.IDGenerator, clock ext.Clock) configauditreport.Plugin

NewPlugin constructs a new configauditreport.Plugin, which is using the upstream Conftest container image to audit K8s workloads.

Types

type CheckResult

type CheckResult struct {
	FileName   string        `json:"filename"`
	Namespace  string        `json:"namespace"`
	Successes  int           `json:"successes"`
	Warnings   []Result      `json:"warnings,omitempty"`
	Failures   []Result      `json:"failures,omitempty"`
	Exceptions []Result      `json:"exceptions,omitempty"`
	Queries    []QueryResult `json:"queries,omitempty"`
}

CheckResult describes the result of a conftest policy evaluation. Errors produced by rego should be considered separate from other classes of exceptions.

type Config

type Config struct {
	starboard.PluginConfig
}

Config defines configuration params for this plugin.

func (Config) GetImageRef

func (c Config) GetImageRef() (string, error)

GetImageRef returns upstream Conftest container image reference.

func (Config) GetLibraries

func (c Config) GetLibraries() map[string]string

func (Config) GetPoliciesByKind

func (c Config) GetPoliciesByKind(kind string) (map[string]string, error)

func (Config) GetResourceRequirements

func (c Config) GetResourceRequirements() (corev1.ResourceRequirements, error)

GetResourceRequirements constructs ResourceRequirements from the Config.

type QueryResult

type QueryResult struct {

	// Query is the fully qualified query that was used
	// to determine the result. Ex: (data.main.deny)
	Query string `json:"query"`

	// Results are the individual results of the query.
	// When querying data.main.deny, multiple deny rules can
	// exist, producing multiple results.
	Results []Result `json:"results"`

	// Traces represents a single trace of how the query was
	// evaluated. Each trace value is a trace line.
	Traces []string `json:"traces"`
}

QueryResult describes the result of evaluting a query.

type Result

type Result struct {
	Message  string                 `json:"msg"`
	Metadata map[string]interface{} `json:"metadata,omitempty"`
}

Result describes the result of a single rule evaluation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL