Documentation ¶
Overview ¶
Package getter provides functionality to retrieve policy objects.
It comes with 3 implementations:
* KSCloudAPI is a client for the KS Cloud SaaS API * LoadPolicy exposes policy objects stored in a local repository * DownloadReleasedPolicy downloads policy objects from the policy library released on github: https://github.com/kubescape/regolibrary
Index ¶
- Variables
- func GetDefaultPath(name string) string
- func GetKSCloudAPIConnector() *v1.KSCloudAPI
- func HttpDelete(httpClient *http.Client, fullURL string, headers map[string]string) (string, error)deprecated
- func HttpGetter(httpClient *http.Client, fullURL string, headers map[string]string) (string, error)deprecated
- func HttpPost(httpClient *http.Client, fullURL string, headers map[string]string, ...) (string, error)deprecated
- func JSONDecoder(origin string) *jsoniter.Decoderdeprecated
- func SaveInFile(object interface{}, targetFile string) error
- func SetKSCloudAPIConnector(ksCloudAPI *v1.KSCloudAPI)
- type DownloadReleasedPolicy
- func (drp *DownloadReleasedPolicy) GetAttackTracks() ([]v1alpha1.AttackTrack, error)
- func (drp *DownloadReleasedPolicy) GetControl(ID string) (*reporthandling.Control, error)
- func (drp *DownloadReleasedPolicy) GetControlsInputs(clusterName string) (map[string][]string, error)
- func (drp *DownloadReleasedPolicy) GetExceptions(clusterName string) ([]armotypes.PostureExceptionPolicy, error)
- func (drp *DownloadReleasedPolicy) GetFramework(name string) (*reporthandling.Framework, error)
- func (drp *DownloadReleasedPolicy) GetFrameworks() ([]reporthandling.Framework, error)
- func (drp *DownloadReleasedPolicy) ListControls() ([]string, error)
- func (drp *DownloadReleasedPolicy) ListFrameworks() ([]string, error)
- func (drp *DownloadReleasedPolicy) SetRegoObjects() error
- type IAttackTracksGetter
- type IControlsInputsGetter
- type IExceptionsGetter
- type IPolicyGetter
- type LoadPolicy
- func (lp *LoadPolicy) GetAttackTracks() ([]v1alpha1.AttackTrack, error)
- func (lp *LoadPolicy) GetControl(controlID string) (*reporthandling.Control, error)
- func (lp *LoadPolicy) GetControlsInputs(_ string) (map[string][]string, error)
- func (lp *LoadPolicy) GetExceptions(_ string) ([]armotypes.PostureExceptionPolicy, error)
- func (lp *LoadPolicy) GetFramework(frameworkName string) (*reporthandling.Framework, error)
- func (lp *LoadPolicy) GetFrameworks() ([]reporthandling.Framework, error)
- func (lp *LoadPolicy) ListControls() ([]string, error)
- func (lp *LoadPolicy) ListFrameworks() ([]string, error)
Constants ¶
This section is empty.
Variables ¶
var ( DefaultLocalStore = getCacheDir() ErrNotImplemented = errors.New("feature is currently not supported") ErrNotFound = errors.New("name not found") ErrNameRequired = errors.New("missing required input framework name") ErrIDRequired = errors.New("missing required input control ID") ErrFrameworkNotMatching = errors.New("framework from file not matching") ErrControlNotMatching = errors.New("framework from file not matching") )
======================================================================================================================= ============================================== LoadPolicy ============================================================= =======================================================================================================================
var NativeFrameworks = []string{"allcontrols", "nsa", "mitre"}
NativeFrameworks identifies all pre-built, native frameworks.
Functions ¶
func GetDefaultPath ¶
GetDefaultPath returns a location under the local dot files for kubescape.
This is typically located under $HOME/.kubescape
func GetKSCloudAPIConnector ¶
func GetKSCloudAPIConnector() *v1.KSCloudAPI
GetKSCloudAPIConnector returns a shallow clone of the KS Cloud client registered for this package.
NOTE: cannot be used concurrently with SetKSCloudAPIConnector.
func HttpPost
deprecated
func JSONDecoder
deprecated
func SaveInFile ¶
SaveInFile serializes any object as a JSON file.
func SetKSCloudAPIConnector ¶
func SetKSCloudAPIConnector(ksCloudAPI *v1.KSCloudAPI)
SetKSCloudAPIConnector registers a global instance of the KS Cloud client.
NOTE: cannot be used concurrently.
Types ¶
type DownloadReleasedPolicy ¶
type DownloadReleasedPolicy struct {
// contains filtered or unexported fields
}
Use gitregostore to get policies from github release
func NewDownloadReleasedPolicy ¶
func NewDownloadReleasedPolicy() *DownloadReleasedPolicy
func (*DownloadReleasedPolicy) GetAttackTracks ¶
func (drp *DownloadReleasedPolicy) GetAttackTracks() ([]v1alpha1.AttackTrack, error)
func (*DownloadReleasedPolicy) GetControl ¶
func (drp *DownloadReleasedPolicy) GetControl(ID string) (*reporthandling.Control, error)
func (*DownloadReleasedPolicy) GetControlsInputs ¶
func (drp *DownloadReleasedPolicy) GetControlsInputs(clusterName string) (map[string][]string, error)
func (*DownloadReleasedPolicy) GetExceptions ¶
func (drp *DownloadReleasedPolicy) GetExceptions(clusterName string) ([]armotypes.PostureExceptionPolicy, error)
func (*DownloadReleasedPolicy) GetFramework ¶
func (drp *DownloadReleasedPolicy) GetFramework(name string) (*reporthandling.Framework, error)
func (*DownloadReleasedPolicy) GetFrameworks ¶
func (drp *DownloadReleasedPolicy) GetFrameworks() ([]reporthandling.Framework, error)
func (*DownloadReleasedPolicy) ListControls ¶
func (drp *DownloadReleasedPolicy) ListControls() ([]string, error)
func (*DownloadReleasedPolicy) ListFrameworks ¶
func (drp *DownloadReleasedPolicy) ListFrameworks() ([]string, error)
func (*DownloadReleasedPolicy) SetRegoObjects ¶
func (drp *DownloadReleasedPolicy) SetRegoObjects() error
type IAttackTracksGetter ¶
type IAttackTracksGetter interface {
GetAttackTracks() ([]v1alpha1.AttackTrack, error)
}
IAttackTracksGetter knows how to retrieve attack tracks.
type IControlsInputsGetter ¶
type IControlsInputsGetter interface {
GetControlsInputs(clusterName string) (map[string][]string, error)
}
IControlsInputsGetter knows how to retrieve controls inputs.
type IExceptionsGetter ¶
type IExceptionsGetter interface {
GetExceptions(clusterName string) ([]armotypes.PostureExceptionPolicy, error)
}
IExceptionsGetter knows how to retrieve exceptions.
type IPolicyGetter ¶
type IPolicyGetter interface { GetFramework(name string) (*reporthandling.Framework, error) GetFrameworks() ([]reporthandling.Framework, error) GetControl(ID string) (*reporthandling.Control, error) ListFrameworks() ([]string, error) ListControls() ([]string, error) }
IPolicyGetter knows how to retrieve policies, i.e. frameworks and their controls.
type LoadPolicy ¶
type LoadPolicy struct {
// contains filtered or unexported fields
}
LoadPolicy loads policies from a local repository.
func NewLoadPolicy ¶
func NewLoadPolicy(filePaths []string) *LoadPolicy
NewLoadPolicy builds a LoadPolicy.
func (*LoadPolicy) GetAttackTracks ¶
func (lp *LoadPolicy) GetAttackTracks() ([]v1alpha1.AttackTrack, error)
GetAttackTracks yields the attack tracks from a config file.
func (*LoadPolicy) GetControl ¶
func (lp *LoadPolicy) GetControl(controlID string) (*reporthandling.Control, error)
GetControl returns a control from the policy file.
func (*LoadPolicy) GetControlsInputs ¶
func (lp *LoadPolicy) GetControlsInputs(_ string) (map[string][]string, error)
GetControlsInputs retrieves the map of control configs.
NOTE: the cluster parameter is not used at this moment.
func (*LoadPolicy) GetExceptions ¶
func (lp *LoadPolicy) GetExceptions(_ string) ([]armotypes.PostureExceptionPolicy, error)
GetExceptions retrieves configured exceptions.
NOTE: the cluster parameter is not used at this moment.
func (*LoadPolicy) GetFramework ¶
func (lp *LoadPolicy) GetFramework(frameworkName string) (*reporthandling.Framework, error)
GetFramework retrieves a framework configuration from the policy paths.
func (*LoadPolicy) GetFrameworks ¶
func (lp *LoadPolicy) GetFrameworks() ([]reporthandling.Framework, error)
GetFrameworks returns all configured framework descriptors.
func (*LoadPolicy) ListControls ¶
func (lp *LoadPolicy) ListControls() ([]string, error)
ListControls returns the list of controls for this framework.
At this moment, controls are listed for one single configured framework.
func (*LoadPolicy) ListFrameworks ¶
func (lp *LoadPolicy) ListFrameworks() ([]string, error)
ListFrameworks lists the names of all configured frameworks in this policy.