api

package
v5.0.0-preview.1+incom... Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2022 License: Apache-2.0 Imports: 2 Imported by: 43

Documentation

Index

Constants

View Source 
const (
	ServerCatAuth   string = "auth"
	ServerCatNotify string = "notify"
	ServerCatLog    string = "log"

	ServerTypeLDAP string = "ldap"
	ServerTypeSAML string = "saml"
	ServerTypeOIDC string = "oidc"

	ServerLDAPTypeOpenLDAP string = "OpenLDAP"
	ServerLDAPTypeMSAD     string = "MicrosoftAD"

	LDAPGroupMemberAttrOpenLDAP string = "memberUid"
	LDAPGroupMemberAttrMSAD     string = "member"

	LDAPUserNameAttrOpenLDAP string = "uid"
	LDAPUserNameAttrMSAD     string = "sAMAccountName"
)
View Source 
const (
	BenchCatalogDocker = "docker"
	BenchCatalogKube   = "kubernetes"
	BenchCatalogCustom = "custom"

	BenchTypeMaster    = "master"
	BenchTypeWorker    = "worker"
	BenchTypeHost      = "host"
	BenchTypeContainer = "container"
)
View Source 
const (
	SnifferStRunning string = "running"
	SnifferStStopped string = "stopped"
	SnifferStFailed  string = "failed"
)
View Source 
const (
	ScanVulStatusUnpatched  string = "unpatched"
	ScanVulStatusFixExists  string = "fix exists"
	ScanVulStatusWillNotFix string = "will not fix"
	ScanVulStatusUnaffected string = "unaffected"
)
View Source 
const (
	CfgTypeLearned     = "learned"
	CfgTypeUserCreated = "user_created"
	CfgTypeGround      = "ground"
	CfgTypeFederal     = "federal"
	CfgSystemDefined   = "system_defined"
)
View Source 
const (
	WireInline  string = share.WireInline
	WireDefault string = share.WireDefault
)
View Source 
const (
	WebhookDefaultName = "default"
	WebhookTypeSlack   = "Slack"
	WebhookTypeJSON    = "JSON"
)
View Source 
const (
	ScanSourceJenkins    string = "jenkins"
	ScanSourceServerless string = "serverless"
)
View Source 
const (
	ComplianceTemplateAll   = "all"
	ComplianceTemplatePCI   = "PCI"
	ComplianceTemplateGDPR  = "GDPR"
	ComplianceTemplateHIPAA = "HIPAA"
	ComplianceTemplateNIST  = "NIST" // NIST SP 800-190
)
View Source 
const (
	VulnerabilityNameRecent           = "_RecentVuln"
	VulnerabilityNameRecentWithoutFix = "_RecentVulnWithoutFix"
)
View Source 
const (
	RegistryStatusIdle     = "idle"
	RegistryStatusScanning = "scanning"

	RegistryImageSourceOpenShift = "openshift"
)
View Source 
const (
	ScanSchManual     = "manual"
	ScanSchAuto       = "auto"
	ScanSchPeriodical = "periodical"

	ScanIntervalMin = 5 * 60
	ScanIntervalMax = 7 * 24 * 60 * 60

	ScanPersistImageMax = 8192
)
View Source 
const (
	MatchSrcYaml  = "yaml"
	MatchSrcImage = "image"
	MatchSrcBoth  = "both"
)
View Source 
const (
	ValidatingDenyRuleType   = "deny"
	ValidatingExceptRuleType = "exception"
	ValidatingAllowRuleType  = "allow" // same meaning as ValidatingExceptRuleType
)
View Source 
const (
	FedRoleNone   = ""
	FedRoleMaster = "master"
	FedRoleJoint  = "joint"
)
View Source 
const (
	FedClusterStatusNone           = "active"
	FedClusterStatusCmdUnknown     = "unknown_cmd"
	FedClusterStatusCmdReceived    = "notified"
	FedClusterStatusCmdReqError    = "req_error"
	FedStatusMasterUpgradeRequired = "master_upgrade_required" // for describing master cluster only
	FedStatusJointUpgradeRequired  = "joint_upgrade_required"  // for describing joint cluster only
	FedStatusClusterUpgradeOngoing = "cluster_upgrade_ongoing" // could get this status only when rolling upgrade & polling fed rules on joint cluster are happenging
	FedStatusJointVersionTooNew    = "joint_version_too_new"   // for describing joint cluster only
	FedStatusClusterConnected      = "connected"               // for describing master cluster only
	FedStatusClusterDisconnected   = "disconnected"            // for describing master cluster only
	FedStatusClusterJoined         = "joined"                  // for describing joint cluster only. short-lived (between joining and the first polling)
	FedStatusClusterOutOfSync      = "out_of_sync"             // for describing joint cluster only
	FedStatusClusterSynced         = "synced"                  // for describing joint cluster only
	FedStatusClusterKicked         = "kicked"                  // for describing self on joint cluster only
	FedStatusClusterLeft           = "left"                    // for describing joint cluster only
	FedStatusLicenseDisallowed     = "license_disallow"        // for describing clusters in fed
	FedStatusClusterPinging        = "pinging"                 // for describing joint cluster only. short-lived (between license update and the immediate ping)
	FedStatusClusterSyncing        = "syncing"                 // for describing joint cluster only. short-lived (when joint cluster is applying fed rules)
)
View Source 
const (
	ProfilingCPU         string = "cpu"
	ProfilingMemory      string = "memory"
	ProfilingDurationMax uint32 = 60
)
View Source 
const (
	HTTPTestStepStage    = "stage"
	HTTPTestStepImage    = "images"
	HTTPTestStepURL      = "url"
	HTTPTestStepResponse = "response"
	HTTPTestStepError    = "error"
)
View Source 
const (
	CategoryEvent     = "event"
	CategoryViolation = "violation" // merged into CategoryRuntime in config, stil used in log category
	CategoryThreat    = "threat"    // merged into CategoryRuntime in config, stil used in log category
	CategoryIncident  = "incident"  // merged into CategoryRuntime in config, stil used in log category
	CategoryRuntime   = "security-event"
	CategoryAudit     = "audit"
)
View Source 
const (
	LogLevelEMERG   = "Emergency"
	LogLevelALERT   = "Alert"
	LogLevelCRIT    = "Critical"
	LogLevelERR     = "Error"
	LogLevelWARNING = "Warning"
	LogLevelNOTICE  = "Notice"
	LogLevelINFO    = "Info"
	LogLevelDEBUG   = "Debug"
)
View Source 
const (
	SeverityCritical = "Critical"
	SeverityHigh     = "High"
	SeverityMedium   = "Medium"
	SeverityLow      = "Low"
	SeverityInfo     = "Info"
)
View Source 
const (
	EventNameContainerStart              = "Container.Start"
	EventNameContainerStop               = "Container.Stop"
	EventNameContainerRemove             = "Container.Remove"
	EventNameContainerSecured            = "Container.Secured"
	EventNameContainerUnsecured          = "Container.Unsecured"
	EventNameAgentStart                  = "Enforcer.Start"
	EventNameAgentJoin                   = "Enforcer.Join"
	EventNameAgentStop                   = "Enforcer.Stop"
	EventNameAgentDisconnect             = "Enforcer.Disconnect"
	EventNameAgentConnect                = "Enforcer.Connect"
	EventNameAgentKicked                 = "Enforcer.Kicked"
	EventNameControllerStart             = "Controller.Start"
	EventNameControllerJoin              = "Controller.Join"
	EventNameControllerLeave             = "Controller.Leave"
	EventNameControllerStop              = "Controller.Stop"
	EventNameControllerDisconnect        = "Controller.Disconnect"
	EventNameControllerConnect           = "Controller.Connect"
	EventNameControllerLeadLost          = "Controller.Lead.Lost"
	EventNameControllerLeadElect         = "Controller.Lead.Elected"
	EventNameAuthLogin                   = "User.Login"
	EventNameAuthLogout                  = "User.Logout"
	EventNameAuthTimeout                 = "User.Timeout"
	EventNameAuthLoginFailed             = "User.Login.Failed"
	EventNameAuthLoginBlocked            = "User.Login.Blocked"
	EventNameAuthLoginUnblocked          = "User.Login.Unblocked"
	EventNameAuthUserPwdRestByAdmin      = "User.Password.Reset"
	EventNameAuthAccessDenied            = "User.Resource.Access.Denied"
	EventNameRESTWrite                   = "RESTful.Write"
	EventNameRESTRead                    = "RESTful.Read"
	EventNameScannerJoin                 = "Scanner.Join"
	EventNameScannerUpdate               = "Scanner.Update"
	EventNameScannerLeave                = "Scanner.Leave"
	EventNameScanFail                    = "Scan.Failed"
	EventNameScanSucceed                 = "Scan.Succeeded"
	EventNameBenchDockerFail             = "Docker.CIS.Benchmark.Failed"
	EventNameBenchKubeFail               = "Kubenetes.CIS.Benchmark.Failed"
	EventNameLicenseUpdate               = "License.Update"
	EventNameLicenseExpire               = "License.Expire"
	EventNameLicenseRemove               = "License.Remove"
	EventNameLicenseEnforcerLimitReached = "License.EnforcerLimitReached"
	EventNameAdmCtrlK8sConfigured        = "Admission.Control.Configured"   // for admission control
	EventNameAdmCtrlK8sConfigFailed      = "Admission.Control.ConfigFailed" // for admission control
	EventNameInitCfgMapDone              = "ConfigMap.Load"                 // for initial Config
	EventNameInitCfgMapError             = "ConfigMap.Failed"               // for initial Config failure
	EventNameCrdImported                 = "Crd.Import"                     // for crd Config import
	EventNameCrdRemoved                  = "Crd.Remove"                     // for crd Config remove due to k8s miss
	EventNameCrdErrDetected              = "Crd.Error"                      // for remove error crd
	EventNameFedPromote                  = "Federation.Promote"             // for multi-clusters
	EventNameFedDemote                   = "Federation.Demote"              // for multi-clusters
	EventNameFedJoin                     = "Federation.Join"                // for joint cluster in multi-clusters
	EventNameFedLeave                    = "Federation.Leave"               // for multi-clusters
	EventNameFedKick                     = "Federation.Kick"                // for multi-clusters
	EventNameFedPolicySync               = "Federation.Policy.Sync"         // for multi-clusters
	EventNameImport                      = "Configuration.Import"
	EventNameExport                      = "Configuration.Export"
	EventNameImportFail                  = "Configuration.Import.Failed"
	EventNameExportFail                  = "Configuration.Export.Failed"
	EventNameCloudScanNormal             = "Cloud.Scan.Normal" // for cloud scan nomal ret
	EventNameCloudScanAlert              = "Cloud.Scan.Alert"  // for cloud scan ret with alert
	EventNameCloudScanFail               = "Cloud.Scan.Fail"   // for cloud scan fail
	EventNameGroupAutoRemove             = "Group.Auto.Remove"
	EventNameMemoryPressureAgent         = "Agent.Memory.Pressure"
	EventNameMemoryPressureController    = "Controller.Memory.Pressure"
)
View Source 
const (
	EventNameHostPrivilEscalate           = "Host.Privilege.Escalation"
	EventNameContainerPrivilEscalate      = "Container.Privilege.Escalation"
	EventNameHostSuspiciousProcess        = "Host.Suspicious.Process"
	EventNameContainerSuspiciousProcess   = "Container.Suspicious.Process"
	EventNameContainerQuarantined         = "Container.Quarantined"
	EventNameContainerUnquarantined       = "Container.Unquarantined"
	EventNameHostFileAccessViolation      = "Host.FileAccess.Violation"
	EventNameContainerFileAccessViolation = "Container.FileAccess.Violation"
	EventNameHostPackageUpdated           = "Host.Package.Updated"
	EventNameContainerPackageUpdated      = "Container.Package.Updated"
	EventNameHostTunnelDetected           = "Host.Tunnel.Detected"
	EventNameContainerTunnelDetected      = "Container.Tunnel.Detected"
	EventNameProcessProfileViolation      = "Process.Profile.Violation" // container
	EventNameHostProcessProfileViolation  = "Host.Process.Violation"    // host
)

TODO: these are not events but incidents

View Source 
const (
	EventNameComplianceContainerBenchViolation       = "Compliance.Container.Violation"
	EventNameComplianceContainerFileBenchViolation   = "Compliance.ContainerFile.Violation"
	EventNameComplianceHostBenchViolation            = "Compliance.Host.Violation"
	EventNameComplianceImageBenchViolation           = "Compliance.Image.Violation"
	EventNameContainerScanReport                     = "Container.Scan.Report"
	EventNameHostScanReport                          = "Host.Scan.Report"
	EventNameRegistryScanReport                      = "Registry.Scan.Report"
	EventNamePlatformScanReport                      = "Platform.Scan.Report"
	EventNameAdmCtrlK8sReqAllowed                    = "Admission.Control.Allowed"   // for admission control
	EventNameAdmCtrlK8sReqViolation                  = "Admission.Control.Violation" // for admission control
	EventNameAdmCtrlK8sReqDenied                     = "Admission.Control.Denied"    // for admission control
	EventNameComplianceContainerCustomCheckViolation = "Compliance.ContainerCustomCheck.Violation"
	EventNameComplianceHostCustomCheckViolation      = "Compliance.HostCustomCheck.Violation"
	EventNameAwsLambdaScan                           = "AwsLambda.Scan"
)

TODO: these are audit related

View Source 
const (
	EventCatREST       = "RESTFUL"
	EventCatAuth       = "AUTH"
	EventCatWorkload   = "WORKLOAD"
	EventCatAgent      = "ENFORCER"
	EventCatController = "CONTROLLER"
	EventCatScan       = "SCANNER"
	EventCatBench      = "CIS.BENCHMARK"
	EventCatLicense    = "LICENSE"
	EventCatConfigMap  = "CONFIGMAP"
	EventCatCrd        = "CRD"
	EventCatAdmCtrl    = "ADMISSION.CONTROL"
	EventCatFed        = "FEDERATION"
	EventCatConfig     = "CONFIGURATION"
	EventCatCloud      = "CLOUD"
	EventCatGroup      = "GROUP"
)
View Source 
const (
	ThreatActionMonitor = "alert"
	ThreatActionAllow   = "allow"
	ThreatActionBlock   = "deny"
	ThreatActionReset   = "reset"
)
View Source 
const (
	TargetServer = "server"
	TargetClient = "client"
)
View Source 
const (
	IncidentActionAlert  = "Alert"
	IncidentActionDenied = "Denied"
)
View Source 
const AdmCtrlCrdRuleIDBase = 110000
View Source 
const AdmCtrlCrdRuleIDMax = 120000
View Source 
const AllContainerGroup string = "containers"
View Source 
const AllHostGroup string = "nodes"
View Source 
const AuthServerLocal string = "local"
View Source 
const AuthServerPlatform string = "_platform_"
View Source 
const BriefFlag string = "brief"
View Source 
const ConfSectionAll string = "all"
View Source 
const ConfSectionConfig string = "config"
View Source 
const ConfSectionPolicy string = "policy"
View Source 
const ConfSectionUser string = "user"
View Source 
const DefaultControllerRESTAPIPort = 10443
View Source 
const DlpRuleCommentMaxLen int = 256
View Source 
const DlpRuleNameMaxLen int = 256
View Source 
const DlpRulePatternMaxLen int = 512
View Source 
const DlpRulePatternMaxNum int = 16
View Source 
const DlpRulePatternTotalMaxLen int = 1024
View Source 
const DomainContainers string = "_containers"
View Source 
const DomainImages string = "_images"
View Source 
const DomainNodes string = "_nodes"
View Source 
const EndpointIngress string = "ingress"
View Source 
const EndpointKindAddrGroup string = "address"
View Source 
const EndpointKindContainer string = "container"
View Source 
const EndpointKindExternal string = "external"
View Source 
const EndpointKindHostIP string = "node_ip"
View Source 
const EndpointKindIPSvcGroup string = "ip_service"
View Source 
const EndpointKindService string = "nv_service" // Used in collapse view
View Source 
const EndpointKindWorkloadIP string = "workload_ip"
View Source 
const FederalGroupPrefix string = "fed."
View Source 
const FilterByAgent string = "enforcer"
View Source 
const FilterByDomain string = "domain"
View Source 
const FilterByGroup string = "group"
View Source 
const FilterByHost string = "node"
View Source 
const FilterByID string = "id"
View Source 
const FilterByPredefined string = "predefined"
View Source 
const FilterByWorkload string = "workload"
View Source 
const FilterPrefix string = "f_"
View Source 
const FilterServerCategory string = "category"
View Source 
const FilterServerType string = "type"
View Source 
const LearnedExternal string = "external"
View Source 
const LearnedGroupPrefix string = "nv."
View Source 
const LearnedHostPrefix string = "Host:"
View Source 
const LearnedSvcGroupPrefix string = "nv.ip."
View Source 
const LearnedWorkloadPrefix string = "Workload:"
View Source 
const LicenseIDTypeHost string = "host"
View Source 
const MaxDlpPredefinedRuleID = 40000
View Source 
const MaxFedAdmRespRuleID = 110000
View Source 
const MaxWafRuleID = 50000
View Source 
const MeterTypeICMPFlood string = "icmp_flood"
View Source 
const MeterTypeIPSrcSessionLimit string = "ip_src_session_limit"
View Source 
const MeterTypeSYNFlood string = "syn_flood"
View Source 
const MeterTypeTCPNoData string = "tcp_nodata"
View Source 
const MinDlpPredefinedRuleID = 30000
View Source 
const MinDlpRuleID = 20000
View Source 
const MinWafRuleID = 40000

waf

View Source 
const OPeq string = "eq"
View Source 
const OPgt string = "gt"
View Source 
const OPgte string = "gte"
View Source 
const OPin string = "in"
View Source 
const OPlt string = "lt"
View Source 
const OPlte string = "lte"
View Source 
const OPneq string = "neq"
View Source 
const OPprefix string = "prefix"
View Source 
const PageLimit string = "limit"
View Source 
const PageStart string = "start"
View Source 
const PlatformContainerAddon string = "addon"
View Source 
const PlatformContainerCore string = "core"
View Source 
const PolicyAppAny string = "any"
View Source 
const PolicyAutoID uint32 = 0
View Source 
const PolicyDomainNameMaxLen int = 256
View Source 
const PolicyFedRuleIDBase uint32 = share.PolicyFedRuleIDBase
View Source 
const PolicyFedRuleIDMax uint32 = share.PolicyFedRuleIDMax
View Source 
const PolicyGroundRuleIDBase uint32 = share.PolicyGroundRuleIDBase
View Source 
const PolicyGroundRuleIDMax uint32 = share.PolicyGroundRuleIDMax
View Source 
const PolicyLearnedIDBase uint32 = share.PolicyLearnedIDBase
View Source 
const PolicyPortAny string = "any"
View Source 
const QueryDuration string = "token_duration"
View Source 
const QueryKeySection string = "section"
View Source 
const QueryKeyShow string = "show"
View Source 
const QueryKeyView string = "view"
View Source 
const QueryScope string = "scope"
View Source 
const QueryValueShowAccepted string = "accepted"
View Source 
const QueryValueViewPod string = "pod"
View Source 
const QueryValueViewPodOnly string = "pod_only"
View Source 
const RESTErrAdmCtrlUnSupported int = 30
View Source 
const RESTErrAgentError int = 21
View Source 
const RESTErrCISBenchError int = 23
View Source 
const RESTErrClusterRPCError int = 24
View Source 
const RESTErrClusterRoleForAdmCtrl int = 31
View Source 
const RESTErrClusterTimeout int = 11
View Source 
const RESTErrClusterWrongData int = 10
View Source 
const RESTErrDuplicateName int = 13
View Source 
const RESTErrFailExport int = 17
View Source 
const RESTErrFailImport int = 18
View Source 
const RESTErrFailKubernetesApi int = 28
View Source 
const RESTErrFailLockCluster int = 19
View Source 
const RESTErrFailReadCluster int = 9
View Source 
const RESTErrFailRegistryScan int = 27
View Source 
const RESTErrFailRepoScan int = 26
View Source 
const RESTErrFailWriteCluster int = 8
View Source 
const RESTErrFedDuplicateName int = 41
View Source 
const RESTErrFedJointUnreachable int = 40
View Source 
const RESTErrFedOperationFailed int = 39
View Source 
const RESTErrIBMSABadDashboardURL int = 45
View Source 
const RESTErrIBMSATestFailed int = 44
View Source 
const RESTErrInvalidName int = 15
View Source 
const RESTErrInvalidRequest int = 6
View Source 
const RESTErrJointUpgradeRequired int = 43
View Source 
const RESTErrK8sApiSrvToWebhook int = 34
View Source 
const RESTErrLicenseFail int = 20
View Source 
const RESTErrMasterUpgradeRequired int = 42
View Source 
const RESTErrMethodNotAllowed int = 2
View Source 
const RESTErrNoUpdatePermission int = 33
View Source 
const RESTErrNotEnoughFilter int = 12
View Source 
const RESTErrNotFound int = 1

Don't modify value or reorder

View Source 
const RESTErrNvPermission int = 35
View Source 
const RESTErrObjectAccessDenied int = 25
View Source 
const RESTErrObjectInuse int = 16
View Source 
const RESTErrObjectNotFound int = 7
View Source 
const RESTErrOpNotAllowed int = 4
View Source 
const RESTErrPasswordExpired int = 48
View Source 
const RESTErrPromoteFail int = 49
View Source 
const RESTErrProxyError int = 29 // Not used
View Source 
const RESTErrReadOnlyRules int = 46
View Source 
const RESTErrRemoteUnauthorized int = 37
View Source 
const RESTErrRemoterRequestFail int = 38
View Source 
const RESTErrTooManyLoginUser int = 5
View Source 
const RESTErrUnauthorized int = 3
View Source 
const RESTErrUserLoginBlocked int = 47
View Source 
const RESTErrWeakPassword int = 14
View Source 
const RESTErrWebhookIsDisabled int = 36
View Source 
const RESTErrWebhookSvcForAdmCtrl int = 32
View Source 
const RESTErrWorkloadNotRunning int = 22
View Source 
const RESTMaskedValue string = "The value is masked"
View Source 
const RESTNvPageDashboard string = "dashboard"
View Source 
const RESTNvPageHeader string = "X-Nv-Page"
View Source 
const RESTTokenHeader string = "X-Auth-Token"
View Source 
const RawFlag string = "raw"
View Source 
const ReservedUserNameIBMSA string = "nv.reserved.ibmsa"
View Source 
const ScanStatusFailed string = "failed"
View Source 
const ScanStatusFinished string = "finished"
View Source 
const ScanStatusIdle string = ""
View Source 
const ScanStatusScanning string = "scanning"
View Source 
const ScanStatusScheduled string = "scheduled"
View Source 
const ScanStatusUnsupported string = "unsupported"
View Source 
const SortAsc string = "asc"
View Source 
const SortDesc string = "desc"
View Source 
const SortPrefix string = "s_"
View Source 
const StartingFedAdmRespRuleID = 100000
View Source 
const StartingLocalAdmCtrlRuleID = 1000

Admission control

View Source 
const StartingLocalVulProfRuleID = 1000
View Source 
const StateLeft string = "stopped"
View Source 
const StateOffline string = "disconnected"
View Source 
const StateOnline string = "connected"
View Source 
const StateUnmanaged string = "unmanaged"
View Source 
const SupportFlag string = "support"
View Source 
const SyslogDefaultUDPPort uint16 = 514

syslog related

View Source 
const UserIdleTimeoutMax uint32 = 3600
View Source 
const UserIdleTimeoutMin uint32 = 30
View Source 
const UserRoleAdmin string = "admin"
View Source 
const UserRoleCIOps string = "ciops"
View Source 
const UserRoleFedAdmin string = "fedAdmin"

the following role can only be interactively assigned on master cluster in a federation

View Source 
const UserRoleFedReader string = "fedReader"
View Source 
const UserRoleIBMSA string = "ibmsa" // it's a hidden role. (no user has this role in kv)
View Source 
const UserRoleImportStatus string = "_hidden_import_status_#" // it's a hidden role. (no user has this role in kv)
View Source 
const UserRoleNone string = ""
View Source 
const UserRoleReader string = "reader"
View Source 
const VerboseFlag string = "verbose"
View Source 
const WithCapFlag string = "with_cap"
View Source 
const WorkloadStateDiscover string = "discover"
View Source 
const WorkloadStateExit string = "exit"
View Source 
const WorkloadStateMonitor string = "monitor"
View Source 
const WorkloadStateProtect string = "protect"
View Source 
const WorkloadStateQuarantine string = "quarantined"
View Source 
const WorkloadStateUnmanaged string = "unmanaged"
View Source 
const WorkloadTunnelIF string = "Workload:ingress"

Variables

View Source 
var LogLevelList []string = []string{
	LogLevelEMERG,
	LogLevelALERT,
	LogLevelCRIT,
	LogLevelERR,
	LogLevelWARNING,
	LogLevelNOTICE,
	LogLevelINFO,
	LogLevelDEBUG,
}
View Source 
var RESTTimeFomat string = time.RFC3339
View Source 
var ThreatLevelList []string = []string{
	LogLevelCRIT,
	LogLevelERR,
	LogLevelWARNING,
	LogLevelNOTICE,
	LogLevelINFO,
}

Functions

func RESTTimeString 

func RESTTimeString(t time.Time) string

func UpgradeLogLevel 

func UpgradeLogLevel(level string) string

Types

type AdmCtlTimeStamps 

type AdmCtlTimeStamps struct {
	Start      time.Time
	Parsed     time.Time
	GonnaFetch time.Time
	Fetched    time.Time
	Matched    time.Time
	Image      string // the original image specified in the admission request
}

type Audit 

type Audit struct {
	LogCommon
	WorkloadID      string   `json:"workload_id,omitempty"`
	WorkloadName    string   `json:"workload_name,omitempty"`
	WorkloadDomain  string   `json:"workload_domain,omitempty"`
	WorkloadImage   string   `json:"workload_image,omitempty"`
	WorkloadService string   `json:"workload_service,omitempty"`
	ImageID         string   `json:"image_id,omitempty"`
	Registry        string   `json:"registry,omitempty"`
	RegistryName    string   `json:"registry_name,omitempty"`
	Repository      string   `json:"repository,omitempty"`
	Tag             string   `json:"tag,omitempty"`
	BaseOS          string   `json:"base_os,omitempty"`
	HighCnt         int      `json:"high_vul_cnt"`
	MediumCnt       int      `json:"medium_vul_cnt"`
	HighVuls        []string `json:"high_vuls,omitempty"`
	MediumVuls      []string `json:"medium_vuls,omitempty"`
	CVEDBVersion    string   `json:"cvedb_version,omitempty"`
	Message         string   `json:"message"`
	User            string   `json:"user,omitempty"`
	Error           string   `json:"error,omitempty"`
	AggregationFrom int64    `json:"aggregation_from,omitempty"`
	Count           uint32   `json:"count,omitempty"`
	Items           []string `json:"items,omitempty"`
	Group           string   `json:"group,omitempty"`
	Platform        string   `json:"platform,omitempty"`
	PlatformVersion string   `json:"platform_version,omitempty"`
	Region          string   `json:"region,omitempty"`
	ProjectName     string   `json:"project_name,omitempty"`
}

func (*Audit) GetDomain 

func (o *Audit) GetDomain(f share.GetAccessObjectFunc) ([]string, []string)

type Event 

type Event struct {
	LogCommon
	ControllerID    string            `json:"controller_id"`
	ControllerName  string            `json:"controller_name"`
	WorkloadID      string            `json:"workload_id"`
	WorkloadName    string            `json:"workload_name"`
	WorkloadDomain  string            `json:"workload_domain"`
	WorkloadImage   string            `json:"workload_image"`
	WorkloadService string            `json:"workload_service"`
	Category        string            `json:"category"`
	User            string            `json:"user"`
	UserRoles       map[string]string `json:"user_roles"` // domain -> role
	UserAddr        string            `json:"user_addr"`
	UserSession     string            `json:"user_session"`
	RESTMethod      string            `json:"rest_method,omitempty"`
	RESTRequest     string            `json:"rest_request,omitempty"`
	RESTBody        string            `json:"rest_body,omitempty"`
	EnforcerLimit   int               `json:"enforcer_limit,omitempty"`
	LicenseExpire   string            `json:"license_expire,omitempty"`
	Msg             string            `json:"message"`
}

func (*Event) GetDomain 

func (o *Event) GetDomain(f share.GetAccessObjectFunc) ([]string, []string)

type IBMSAFinding 

type IBMSAFinding struct {
	ID          string
	Name        string
	Level       string
	EventType   string
	At          time.Time
	Protocol    uint8
	Direction   string
	ProtoName   string
	ClientIP    string
	ClientPort  uint16
	ClientPkts  int32
	ClientBytes int32
	ServerIP    string
	ServerPort  uint16
	ServerPkts  int32
	ServerBytes int32
}

type Incident 

type Incident struct {
	LogCommon
	ID              string   `json:"id"`
	WorkloadID      string   `json:"workload_id,omitempty"`
	WorkloadName    string   `json:"workload_name,omitempty"`
	WorkloadDomain  string   `json:"workload_domain,omitempty"`
	WorkloadImage   string   `json:"workload_image,omitempty"`
	WorkloadService string   `json:"workload_service,omitempty"`
	RemoteWL        string   `json:"remote_workload_id,omitempty"`
	RemoteWLName    string   `json:"remote_workload_name,omitempty"`
	RemoteWLDomain  string   `json:"remote_workload_domain,omitempty"`
	RemoteWLImage   string   `json:"remote_workload_image,omitempty"`
	RemoteWLService string   `json:"remote_workload_service,omitempty"`
	ProcName        string   `json:"proc_name,omitempty"`
	ProcPath        string   `json:"proc_path,omitempty"`
	ProcCmd         string   `json:"proc_cmd,omitempty"`
	ProcRealUID     int      `json:"proc_real_uid,omitempty"`
	ProcEffUID      int      `json:"proc_effective_uid,omitempty"`
	ProcRealUser    string   `json:"proc_real_user,omitempty"`
	ProcEffUser     string   `json:"proc_effective_user,omitempty"`
	FilePath        string   `json:"file_path,omitempty"`
	Files           []string `json:"file_name,omitempty"`
	ClientIP        string   `json:"client_ip,omitempty"`
	ServerIP        string   `json:"server_ip,omitempty"`
	ClientPort      uint16   `json:"client_port,omitempty"`
	ServerPort      uint16   `json:"server_port,omitempty"`
	ServerConnPort  uint16   `json:"server_conn_port,omitempty"`
	EtherType       uint16   `json:"ether_type,omitempty"`
	IPProto         uint8    `json:"ip_proto,omitempty"`
	ConnIngress     bool     `json:"conn_ingress,omitempty"`
	ProcPName       string   `json:"proc_parent_name,omitempty"`
	ProcPPath       string   `json:"proc_parent_path,omitempty"`
	Action          string   `json:"action"`
	Group           string   `json:"group,omitempty"`
	RuleID          string   `json:"rule_id"`
	AggregationFrom int64    `json:"aggregation_from,omitempty"`
	Count           int      `json:"count,omitempty"`
	Msg             string   `json:"message"`
}

func (*Incident) GetDomain 

func (o *Incident) GetDomain(f share.GetAccessObjectFunc) ([]string, []string)

type LogCommon 

type LogCommon struct {
	Name              string `json:"name,omitempty"`
	Level             string `json:"level"`
	ReportedTimeStamp int64  `json:"reported_timestamp"`
	ReportedAt        string `json:"reported_at"`
	ClusterName       string `json:"cluster_name"`
	ResponseRuleID    int    `json:"response_rule_id,omitempty"`
	HostID            string `json:"host_id"`
	HostName          string `json:"host_name"`
	AgentID           string `json:"enforcer_id"`
	AgentName         string `json:"enforcer_name"`
}

type RESTAWSAccountKey 

type RESTAWSAccountKey struct {
	ID              string `json:"id"`
	AccessKeyID     string `json:"access_key_id,cloak"`
	SecretAccessKey string `json:"secret_access_key,cloak"`
	Region          string `json:"region"`
}

type RESTAWSAccountKeyConfig 

type RESTAWSAccountKeyConfig struct {
	ID              *string `json:"id,omitempty"`
	AccessKeyID     *string `json:"access_key_id,omitempty,cloak"`
	SecretAccessKey *string `json:"secret_access_key,omitempty,cloak"`
	Region          *string `json:"region,omitempty"`
}

type RESTAdmCatOptions 

type RESTAdmCatOptions struct {
	K8sOptions *RESTAdmRuleOptions `json:"k8s_options,omitempty"`
}

type RESTAdmCtrlPromoteRequest 

type RESTAdmCtrlPromoteRequest struct {
	IDs []uint32 `json:"ids"`
}

type RESTAdmCtrlPromoteRequestData 

type RESTAdmCtrlPromoteRequestData struct {
	Request *RESTAdmCtrlPromoteRequest `json:"request"`
}

type RESTAdmCtrlRulesExport 

type RESTAdmCtrlRulesExport struct {
	ExportConfig bool     `json:"export_config"`
	IDs          []uint32 `json:"ids"` // used when ExportRules is true
}

type RESTAdmCtrlRulesTestResult 

type RESTAdmCtrlRulesTestResult struct {
	Index   int    `json:"index"`
	Name    string `json:"name"`
	Kind    string `json:"kind"`
	Message string `json:"message"`
	Allowed bool   `json:"allowed"`
}

type RESTAdmCtrlRulesTestResults 

type RESTAdmCtrlRulesTestResults struct {
	PropsUnavailable []string                      `json:"props_unavailable,omitempty"`
	Results          []*RESTAdmCtrlRulesTestResult `json:"results,omitempty"`
}

type RESTAdmRuleCriterion 

type RESTAdmRuleCriterion struct {
	Name        string                  `json:"name"`
	Op          string                  `json:"op"`
	Value       string                  `json:"value"`
	SubCriteria []*RESTAdmRuleCriterion `json:"sub_criteria,omitempty"`
}

type RESTAdmRuleOptions 

type RESTAdmRuleOptions struct {
	RuleOptions map[string]*RESTAdmissionRuleOption `json:"rule_options"` // key is criterion name
}

type RESTAdmRuleTypeOptions 

type RESTAdmRuleTypeOptions struct {
	DenyOptions      *RESTAdmCatOptions      `json:"deny_options"`
	ExceptionOptions *RESTAdmCatOptions      `json:"exception_options"`
	PspCollection    []*RESTAdmRuleCriterion `json:"psp_collection,omitempty"`
}

type RESTAdmissionConfigData 

type RESTAdmissionConfigData struct {
	State   *RESTAdmissionState     `json:"state,omitempty"`
	Options *RESTAdmRuleTypeOptions `json:"admission_options,omitempty"`
	K8sEnv  bool                    `json:"k8s_env"`
}

type RESTAdmissionRule 

type RESTAdmissionRule struct {
	ID       uint32                  `json:"id"`
	Category string                  `json:"category"`
	Comment  string                  `json:"comment"`
	Criteria []*RESTAdmRuleCriterion `json:"criteria"`
	Disable  bool                    `json:"disable"`
	Critical bool                    `json:"critical"`
	CfgType  string                  `json:"cfg_type"`  // CfgTypeLearned / CfgTypeUserCreated / CfgTypeGround / CfgTypeFederal (see above)
	RuleType string                  `json:"rule_type"` // ValidatingExceptRuleType / ValidatingDenyRuleType (see above)
}

type RESTAdmissionRuleConfig 

type RESTAdmissionRuleConfig struct {
	ID       uint32                  `json:"id"`
	Category *string                 `json:"category"`
	Comment  *string                 `json:"comment,omitempty"`
	Criteria []*RESTAdmRuleCriterion `json:"criteria,omitempty"`
	Disable  *bool                   `json:"disable,omitempty"`
	Actions  *[]string               `json:"actions,omitempty"`
	CfgType  string                  `json:"cfg_type"`  // CfgTypeLearned / CfgTypeUserCreated / CfgTypeGround / CfgTypeFederal (see above)
	RuleType string                  `json:"rule_type"` // ValidatingExceptRuleType / ValidatingDenyRuleType (see above)
}

Passed from manager to controller. Omit fields indicate that it's not modified.

type RESTAdmissionRuleConfigData 

type RESTAdmissionRuleConfigData struct {
	Config *RESTAdmissionRuleConfig `json:"config"`
}

type RESTAdmissionRuleData 

type RESTAdmissionRuleData struct {
	Rule *RESTAdmissionRule `json:"rule"`
}

type RESTAdmissionRuleOption 

type RESTAdmissionRuleOption struct {
	Name       string                              `json:"name"`
	Ops        []string                            `json:"ops"`
	Values     []string                            `json:"values,omitempty"`
	MatchSrc   string                              `json:"match_src,omitempty"` // "yaml", "image", "both"
	SubOptions map[string]*RESTAdmissionRuleOption `json:"sub_options,omitempty"`
}

type RESTAdmissionRulesData 

type RESTAdmissionRulesData struct {
	Rules []*RESTAdmissionRule `json:"rules"`
}

type RESTAdmissionState 

type RESTAdmissionState struct {
	Enable               *bool             `json:"enable,omitempty"`
	Mode                 *string           `json:"mode,omitempty"`
	DefaultAction        *string           `json:"default_action,omitempty"`
	AdmClientMode        *string           `json:"adm_client_mode,omitempty"`
	AdmSvcType           *string           `json:"adm_svc_type,omitempty"`
	FailurePolicy        *string           `json:"failure_policy,omitempty"`          // "ignore" / "fail"
	AdmClientModeOptions map[string]string `json:"adm_client_mode_options,omitempty"` // key is AdmClientModeSvc or AdmClientModeUrl
	CtrlStates           map[string]bool   `json:"ctrl_states,omitempty"`             // key is NvAdmValidateType
	CfgType              string            `json:"cfg_type"`                          // CfgTypeUserCreated / CfgTypeGround (see above)
}

type RESTAdmissionStats 

type RESTAdmissionStats struct {
	K8sAllowedRequests       uint64 `json:"k8s_allowed_requests"`
	K8sDeniedRequests        uint64 `json:"k8s_denied_requests"`
	K8sErroneousRequests     uint64 `json:"k8s_erroneous_requests"`
	K8sIgnoredRequests       uint64 `json:"k8s_ignored_requests"`
	K8sProcessingRequests    int64  `json:"k8s_processing_requests"`
	JenkinsAllowedRequests   uint64 `json:"jenkins_allowed_requests"`   // obsolete
	JenkinsDeniedRequests    uint64 `json:"jenkins_denied_requests"`    // obsolete
	JenkinsErroneousRequests uint64 `json:"jenkins_erroneous_requests"` // obsolete
}

type RESTAdmissionStatsData 

type RESTAdmissionStatsData struct {
	Stats *RESTAdmissionStats `json:"stats"`
}

type RESTAgent 

type RESTAgent struct {
	ID          string            `json:"id"`
	Name        string            `json:"name"`
	DisplayName string            `json:"display_name"`
	HostName    string            `json:"host_name"`
	HostID      string            `json:"host_id"`
	Ver         string            `json:"version"`
	Labels      map[string]string `json:"labels"`
	Domain      string            `json:"domain"`
	PidMode     string            `json:"pid_mode"`
	NetworkMode string            `json:"network_mode"`
	CreatedAt   string            `json:"created_at"`
	StartedAt   string            `json:"started_at"`
	JoinedAt    string            `json:"joined_at"`
	MemoryLimit int64             `json:"memory_limit"`
	CPUs        string            `json:"cpus"`
	ClusterIP   string            `json:"cluster_ip"`
	State       string            `json:"connection_state"`
	DisconnAt   string            `json:"disconnected_at"`
	NvProtect   bool              `json:"nv_protect"`
}

Although we can define shared fields in RESTAgent and RESTController in a common struct, it would make filter not working

type RESTAgentConfig 

type RESTAgentConfig struct {
	Debug            *[]string `json:"debug,omitempty"`
	DisableNvProtect *bool     `json:"disable_nvprotect,omitempty"`
	DisableKvCCtl    *bool     `json:"disable_kvcctl,omitempty"`
}

type RESTAgentConfigData 

type RESTAgentConfigData struct {
	Config *RESTAgentConfig `json:"config"`
}

type RESTAgentCounter 

type RESTAgentCounter struct {
	RXPackets           uint64   `json:"rx_packets"`
	RXDropPackets       uint64   `json:"rx_drop_packets"`
	TXPackets           uint64   `json:"tx_packets"`
	TXDropPackets       uint64   `json:"tx_drop_packets"`
	ErrorPackets        uint64   `json:"error_packets"`
	NoWorkloadPackets   uint64   `json:"no_workload_packets"`
	IPv4Packets         uint64   `json:"ipv4_packets"`
	IPv6Packets         uint64   `json:"ipv6_packets"`
	TCPPackets          uint64   `json:"tcp_packets"`
	TCPNoSessionPackets uint64   `json:"tcp_no_session_packets"`
	UDPPackets          uint64   `json:"udp_packets"`
	ICMPPackets         uint64   `json:"icmp_packets"`
	OtherPackets        uint64   `json:"other_packets"`
	Assemblys           uint64   `json:"total_assemblys"`
	FreedAssemblys      uint64   `json:"freed_assemblys"`
	Fragments           uint64   `json:"total_fragments"`
	FreedFragments      uint64   `json:"freed_fragments"`
	TimeoutFragments    uint64   `json:"timeout_fragments"`
	TotalSessions       uint64   `json:"total_sessions"`
	TCPSessions         uint64   `json:"tcp_sessions"`
	UDPSessions         uint64   `json:"udp_sessions"`
	ICMPSessions        uint64   `json:"icmp_sessions"`
	IPSessions          uint64   `json:"ip_sessions"`
	ParserSessions      []uint64 `json:"parser_sessions"`
	ParserPackets       []uint64 `json:"parser_packets"`
	DropMeters          uint64   `json:"drop_meters"`
	ProxyMeters         uint64   `json:"proxy_meters"`
	CurMeters           uint64   `json:"cur_meters"`
	CurLogCaches        uint64   `json:"cur_log_caches"`
	LimitDropConns      uint64   `json:"limit_drop_conns"`
	LimitPassConns      uint64   `json:"limit_pass_conns"`
	PolicyType1Rules    uint32   `json:"policy_type1_rules"`
	PolicyType2Rules    uint32   `json:"policy_type2_rules"`
	PolicyDomains       uint32   `json:"policy_domains"`
	PolicyDomainIPs     uint32   `json:"policy_domain_ips"`
	GoRoutines          uint32   `json:"goroutines"`
	LsofOutput          []string `json:"lsof"`
	PSOutput            []string `json:"ps"`
}

type RESTAgentCounterData 

type RESTAgentCounterData struct {
	Counter *RESTAgentCounter `json:"counter"`
}

type RESTAgentData 

type RESTAgentData struct {
	Agent *RESTAgent `json:"enforcer"`
}

type RESTAgentStatsData 

type RESTAgentStatsData struct {
	ID     string     `json:"id"`
	ReadAt string     `json:"read_at"`
	Stats  *RESTStats `json:"stats"`
}

type RESTAgentsData 

type RESTAgentsData struct {
	Agents []*RESTAgent `json:"enforcers"`
}

type RESTAllUserPermitOptions 

type RESTAllUserPermitOptions struct {
	Options RESTUserPermitOptions `json:"options"`
}

type RESTAuditsData 

type RESTAuditsData struct {
	Audits []*Audit `json:"audits"`
}

type RESTAuthData 

type RESTAuthData struct {
	ClientIP string            `json:"client_ip"`
	Password *RESTAuthPassword `json:"password,omitempty"`
	Token    *RESTAuthToken    `json:"Token,omitempty"`
}

type RESTAuthPassword 

type RESTAuthPassword struct {
	Username string `json:"username"`
	Password string `json:"password"`
}

type RESTAuthToken 

type RESTAuthToken struct {
	Token    string `json:"token"`
	State    string `json:"state"`
	Redirect string `json:"redirect_endpoint"`
}

type RESTAwsCloudRes 

type RESTAwsCloudRes struct {
	CloudType   string   `json:"cloud_type"`
	ProjectName string   `json:"project_name"`
	RegionList  []string `json:"region_list"`
	// any new resource add name need start with aws_xxx, other parameter can't use it as UI use aws_xxx to filter
	ResLambda *RESTAwsLambdaRes `json:"aws_lambda_resource"`
}

type RESTAwsFuncPermission 

type RESTAwsFuncPermission struct {
	AttachedPolicy bool                          `json:"aws_attached_policy"`
	PolicyLevel    string                        `json:"policy_permission_level"`
	PermitState    []string                      `json:"permission_state"`
	AllowedDetail  map[string][]RESTAwsResDetail `json:"allowed_detail"`
}

type RESTAwsFuncSummary 

type RESTAwsFuncSummary struct {
	FuncID          string `json:"function_id"`
	Version         string `json:"version"`
	FuncName        string `json:"function_name"`
	ScanResult      string `json:"scan_result"`
	HighVuls        int    `json:"high"`
	MedVuls         int    `json:"medium"`
	PermissionLevel string `json:"permission_level"`
	Status          string `json:"status"`
}

type RESTAwsFunction 

type RESTAwsFunction struct {
	FuncName string                  `json:"function_name"`
	Region   string                  `json:"region"`
	Report   []RESTScanAwsFuncReport `json:"report"`
}

type RESTAwsLambdaRes 

type RESTAwsLambdaRes struct {
	Status       string                             `json:"status"`
	RegionResMap map[string]*RESTAwsLambdaResDetail `json:"aws_region_resource"`
}

type RESTAwsLambdaResDetail 

type RESTAwsLambdaResDetail struct {
	Status     string               `json:"status"`
	LambdaFunc []RESTAwsFuncSummary `json:"func_list"`
}

type RESTAwsResDetail 

type RESTAwsResDetail struct {
	PermitLeve  string `json:"permission_level"`
	Resource    string `json:"resource"`
	PermitState string `json:"permission_state"`
}

type RESTAwsResource 

type RESTAwsResource struct {
	AccID       string            `json:"acc_id,cloak"`
	AccKey      string            `json:"acc_key,cloak"`
	ProjectName string            `json:"project_name"`
	RegionList  []string          `json:"region_list"`
	ResLambda   *RESTAwsLambdaRes `json:"aws_lambda_resource"`
}

type RESTAwsResourceConfig 

type RESTAwsResourceConfig struct {
	ProjectName string    `json:"project_name"`
	AccID       *string   `json:"acc_id,cloak,omitempty"`
	AccKey      *string   `json:"acc_key,cloak,omitempty"`
	RegionList  *[]string `json:"region_list,omitempty"`
}

type RESTAwsResourceCreate 

type RESTAwsResourceCreate struct {
	ProjectName string   `json:"project_name"`
	AccID       string   `json:"acc_id,cloak"`
	AccKey      string   `json:"acc_key,cloak"`
	RegionList  []string `json:"region_list,omitempty"`
}

type RESTBenchCheck 

type RESTBenchCheck struct {
	TestNum     string   `json:"test_number"`
	Catalog     string   `json:"catalog"`
	Type        string   `json:"type"`
	Profile     string   `json:"profile"`
	Scored      bool     `json:"scored"`
	Automated   bool     `json:"automated"`
	Description string   `json:"description"`
	Remediation string   `json:"remediation"`
	Tags        []string `json:"tags"`
}

type RESTBenchItem 

type RESTBenchItem struct {
	RESTBenchCheck
	Level    string   `json:"level"`
	Evidence string   `json:"evidence,omitempty"`
	Location string   `json:"location,omitempty"`
	Message  []string `json:"message"`
	Group    string   `json:"group,omitempty"`
}

type RESTBenchMeta 

type RESTBenchMeta struct {
	RESTBenchCheck
}

type RESTBenchReport 

type RESTBenchReport struct {
	RunAtTimeStamp int64            `json:"run_timestamp"`
	RunAt          string           `json:"run_at"`
	Version        string           `json:"cis_version"`
	Items          []*RESTBenchItem `json:"items"`
}

type RESTCloudResList 

type RESTCloudResList struct {
	AwsCloudRes []RESTAwsCloudRes `json:"cloud_resources"`
}

type RESTComplianceAsset 

type RESTComplianceAsset struct {
	Name        string       `json:"name"`
	Catalog     string       `json:"catalog"`
	Type        string       `json:"type"`
	Level       string       `json:"level"`
	Profile     string       `json:"profile"`
	Scored      bool         `json:"scored"`
	Description string       `json:"description"`
	Message     []string     `json:"message"`
	Remediation string       `json:"remediation"`
	Group       string       `json:"group"`
	Tags        []string     `json:"tags"`
	Workloads   []RESTIDName `json:"workloads"`
	Nodes       []RESTIDName `json:"nodes"`
	Images      []RESTIDName `json:"images"`
	Platforms   []RESTIDName `json:"platforms"`
}

type RESTComplianceAssetData 

type RESTComplianceAssetData struct {
	Compliances   []*RESTComplianceAsset `json:"compliances"`
	KubeCategory  string                 `json:"kubernetes_cis_category"`
	KubeVersion   string                 `json:"kubernetes_cis_version"`
	DockerVersion string                 `json:"docker_cis_version"`
}

type RESTComplianceData 

type RESTComplianceData struct {
	RunAtTimeStamp int64            `json:"run_timestamp"`
	RunAt          string           `json:"run_at"`
	KubeCategory   string           `json:"kubernetes_cis_category"`
	KubeVersion    string           `json:"kubernetes_cis_version"`
	DockerVersion  string           `json:"docker_cis_version"`
	Items          []*RESTBenchItem `json:"items"`
}

type RESTComplianceProfile 

type RESTComplianceProfile struct {
	Name          string                       `json:"name"`
	DisableSystem bool                         `json:"disable_system"`
	Entries       []RESTComplianceProfileEntry `json:"entries"`
}

type RESTComplianceProfileConfig 

type RESTComplianceProfileConfig struct {
	Name          string                         `json:"name"`
	DisableSystem *bool                          `json:"disable_system,omitempty"`
	Entries       *[]*RESTComplianceProfileEntry `json:"entries,omitempty"`
}

type RESTComplianceProfileConfigData 

type RESTComplianceProfileConfigData struct {
	Config *RESTComplianceProfileConfig `json:"config"`
}

type RESTComplianceProfileData 

type RESTComplianceProfileData struct {
	Profile *RESTComplianceProfile `json:"profile"`
}

type RESTComplianceProfileEntry 

type RESTComplianceProfileEntry struct {
	TestNum string   `json:"test_number"`
	Tags    []string `json:"tags"`
}

type RESTComplianceProfileEntryConfigData 

type RESTComplianceProfileEntryConfigData struct {
	Config *RESTComplianceProfileEntry `json:"config"`
}

type RESTComplianceProfilesData 

type RESTComplianceProfilesData struct {
	Profiles []*RESTComplianceProfile `json:"profiles"`
}

type RESTController 

type RESTController struct {
	ID                string            `json:"id"`
	Name              string            `json:"name"`
	DisplayName       string            `json:"display_name"`
	HostName          string            `json:"host_name"`
	HostID            string            `json:"host_id"`
	Ver               string            `json:"version"`
	Labels            map[string]string `json:"labels"`
	Domain            string            `json:"domain"`
	CreatedAt         string            `json:"created_at"`
	StartedAt         string            `json:"started_at"`
	JoinedAt          string            `json:"joined_at"`
	MemoryLimit       int64             `json:"memory_limit"`
	CPUs              string            `json:"cpus"`
	ClusterIP         string            `json:"cluster_ip"`
	Leader            bool              `json:"leader"`
	State             string            `json:"connection_state"`
	DisconnAt         string            `json:"disconnected_at"`
	OrchConnStatus    string            `json:"orch_conn_status"`
	OrchConnLastError string            `json:"orch_conn_last_error"`
}

type RESTControllerConfig 

type RESTControllerConfig struct {
	Debug *[]string `json:"debug,omitempty"`
}

type RESTControllerConfigData 

type RESTControllerConfigData struct {
	Config *RESTControllerConfig `json:"config"`
}

type RESTControllerCounter 

type RESTControllerCounter struct {
	GraphNodes uint32   `json:"graph_nodes"`
	GoRoutines uint32   `json:"goroutines"`
	ScanTasks  uint32   `json:"scan_tasks"`
	LsofOutput []string `json:"lsof"`
	PSOutput   []string `json:"ps"`
}

type RESTControllerCounterData 

type RESTControllerCounterData struct {
	Counter *RESTControllerCounter `json:"counter"`
}

type RESTControllerData 

type RESTControllerData struct {
	Controller *RESTController `json:"controller"`
}

type RESTControllersData 

type RESTControllersData struct {
	Controllers []*RESTController `json:"controllers"`
}

type RESTConversation 

type RESTConversation struct {
	From *RESTConversationEndpoint `json:"from"`
	To   *RESTConversationEndpoint `json:"to"`
	*RESTConversationReport
}

func (*RESTConversation) GetDomain 

func (o *RESTConversation) GetDomain(f share.GetAccessObjectFunc) ([]string, []string)

type RESTConversationCompact 

type RESTConversationCompact struct {
	From string `json:"from"`
	To   string `json:"to"`
	*RESTConversationReport
}

type RESTConversationDetail 

type RESTConversationDetail struct {
	*RESTConversation
	Entries []*RESTConversationEntry `json:"entries"`
}

type RESTConversationEndpoint 

type RESTConversationEndpoint struct {
	Kind string `json:"kind"`
	RESTWorkloadBrief
}

The difference between Endpoint list and Workload Brief list is, endpoint list container nv.host, nv.workload and nv.external.

func (*RESTConversationEndpoint) GetDomain 

func (o *RESTConversationEndpoint) GetDomain(f share.GetAccessObjectFunc) ([]string, []string)

type RESTConversationEndpointConfig 

type RESTConversationEndpointConfig struct {
	ID          string  `json:"id"`
	DisplayName *string `json:"display_name,omitempty"` // Add an alias, empty string to reset to original DisplayName
}

type RESTConversationEndpointConfigData 

type RESTConversationEndpointConfigData struct {
	Config *RESTConversationEndpointConfig `json:"config"`
}

type RESTConversationEndpointData 

type RESTConversationEndpointData struct {
	Endpoints []*RESTConversationEndpoint `json:"endpoints"`
}

type RESTConversationEntry 

type RESTConversationEntry struct {
	Bytes        uint64 `json:"bytes"`
	Sessions     uint32 `json:"sessions"`
	Port         string `json:"port"`
	MappedPort   string `json:"mapped_port"`
	Application  string `json:"application"`
	Server       string `json:"Server"`
	ThreatName   string `json:"threat_name"`
	Severity     string `json:"severity"`
	PolicyAction string `json:"policy_action"`
	PolicyID     uint32 `json:"policy_id"`
	LastSeenAt   string `json:"last_seen_at"`
	CIP          string `json:"client_ip"`
	SIP          string `json:"server_ip"`
	Xff          bool   `json:"xff"`
	ToSidecar    bool   `json:"to_sidecar"`
}

type RESTConversationQuery 

type RESTConversationQuery struct {
	From []string `json:"from"`
	To   []string `json:"to"`
}

type RESTConversationQueryData 

type RESTConversationQueryData struct {
	Query *RESTConversationQuery `json:"query"`
}

type RESTConversationReport 

type RESTConversationReport struct {
	Bytes        uint64   `json:"bytes"`
	Sessions     uint32   `json:"sessions"`
	Severity     string   `json:"severity"`
	PolicyAction string   `json:"policy_action"`
	Protos       []string `json:"protocols,omitempty"`
	Apps         []string `json:"applications,omitempty"`
	Ports        []string `json:"ports,omitempty"`
	SidecarProxy bool     `json:"sidecar_proxy,omitempty"`
	EventType    []string `json:"event_type,omitempty"`
	XffEntry     bool     `json:"xff_entry,omitempty"` //has xff entry
}

type RESTConversationsData 

type RESTConversationsData struct {
	Endpoints []*RESTConversationEndpoint `json:"endpoints"`
	Convers   []*RESTConversationCompact  `json:"conversations"`
}

type RESTConversationsDetailData 

type RESTConversationsDetailData struct {
	Conver *RESTConversationDetail `json:"conversation"`
}

type RESTConversationsVerboseData 

type RESTConversationsVerboseData struct {
	Endpoints []*RESTConversationEndpoint `json:"endpoints"`
	Convers   []*RESTConversation         `json:"conversations"`
}

type RESTCrdGroupConfig 

type RESTCrdGroupConfig struct {
	OriginalName string               `json:"original_name"`
	Name         string               `json:"name"`
	Comment      string               `json:"comment"`
	Criteria     *[]RESTCriteriaEntry `json:"criteria,omitempty"`
}

type RESTCrdWafGroupConfig 

type RESTCrdWafGroupConfig struct {
	Name       string                    `json:"name"`
	Status     *bool                     `json:"status,omitempty"`
	RepSensors *[]RESTCrdWafGroupSetting `json:"replace,omitempty"` //replace list used by GUI
}

type RESTCrdWafGroupSetting 

type RESTCrdWafGroupSetting struct {
	Name   string `json:"name"`
	Action string `json:"action"`
}

type RESTCriteriaEntry 

type RESTCriteriaEntry struct {
	Key   string `json:"key"`
	Value string `json:"value"`
	Op    string `json:"op"`
}

type RESTCustomCheck 

type RESTCustomCheck struct {
	Name   string `json:"name"`
	Script string `json:"script"`
}

Custom check

type RESTCustomCheckConfig 

type RESTCustomCheckConfig struct {
	Add    *RESTCustomChecks `json:"add"`
	Del    *RESTCustomChecks `json:"delete"`
	Update *RESTCustomChecks `json:"update"`
}

type RESTCustomCheckConfigData 

type RESTCustomCheckConfigData struct {
	Config *RESTCustomCheckConfig `json:"config"`
}

type RESTCustomCheckData 

type RESTCustomCheckData struct {
	Config *RESTCustomChecks `json:"config"`
}

type RESTCustomCheckListData 

type RESTCustomCheckListData struct {
	Configs []*RESTCustomChecks `json:"configs"`
}

type RESTCustomChecks 

type RESTCustomChecks struct {
	Group   string             `json:"group"`
	Scripts []*RESTCustomCheck `json:"scripts"`
}

type RESTDebugIP2Workload 

type RESTDebugIP2Workload struct {
	IP       string             `json:"ip"`
	Workload *RESTWorkloadBrief `json:"workload"`
}

type RESTDebugIP2WorkloadData 

type RESTDebugIP2WorkloadData struct {
	IP2Workloads []*RESTDebugIP2Workload `json:"ip_2_workloads"`
}

type RESTDebugSyncInfo 

type RESTDebugSyncInfo struct {
	ClusterIP      string                `json:"cluster_ip"`
	Leader         bool                  `json:"leader"`
	SyncErrorFound bool                  `json:"sync_error_found"`
	LearnedRuleMax uint32                `json:"learned_rule_max"`
	GraphNodeCount uint32                `json:"graph_node_count"`
	PolicyError    []*RESTPolicyMismatch `json:"policy_error,omitempty"`
}

type RESTDebugSyncInfoData 

type RESTDebugSyncInfoData struct {
	Sync []*RESTDebugSyncInfo `json:"sync"`
}

type RESTDeployFedRulesReq 

type RESTDeployFedRulesReq struct {
	Force bool     `json:"force"` // true means deploying all federal rules. false means only deploying the newly changed federal rules.
	IDs   []string `json:"ids"`   // empty means deploy to all clusters
}

for deploying fed settings to joint clusters

type RESTDeployFedRulesResp 

type RESTDeployFedRulesResp struct {
	Results map[string]int `json:"results"` // value: _fedSuccess/....
}

type RESTDerivedDlpRule 

type RESTDerivedDlpRule struct {
	Name     string   `json:"name"`
	ID       uint32   `json:"id"`
	Patterns []string `json:"patterns"`
}

type RESTDerivedDlpRuleData 

type RESTDerivedDlpRuleData struct {
	Rules []*RESTDerivedDlpRule `json:"rules"`
}

type RESTDerivedDlpRuleMac 

type RESTDerivedDlpRuleMac struct {
	Mac string `json:"mac"`
}

type RESTDerivedDlpRuleMacData 

type RESTDerivedDlpRuleMacData struct {
	Macs []*RESTDerivedDlpRuleMac `json:"macs"`
}

type RESTDerivedPolicyRule 

type RESTDerivedPolicyRule struct {
	ID          uint32 `json:"policy_id"`
	SrcIP       string `json:"from"`
	DstIP       string `json:"to"`
	Port        string `json:"port"`
	Action      string `json:"action"`
	Ingress     bool   `json:"ingress"`
	Application string `json:"application"`
	Domain      string `json:"domain,omitempty"`
}

type RESTDerivedPolicyRuleData 

type RESTDerivedPolicyRuleData struct {
	WorkloadRules []*RESTDerivedWorkloadPolicyRule `json:"workload_rules"`
}

type RESTDerivedWorkloadDlpRule 

type RESTDerivedWorkloadDlpRule struct {
	DlpWorkload *RESTWorkloadBrief `json:"dlp_workload"`
	Mode        string             `json:"mode,omitempty"`
	DefAct      uint32             `json:"defact,omitempty"`
	ApplyDir    int32              `json:"applydir,omitempty"`
	DlpMacs     []string           `json:"dlp_macs"`
	DlpRules    []*RESTDlpSetting  `json:"dlp_rules"`
	WafRules    []*RESTDlpSetting  `json:"waf_rules"`
	Rids        []uint32           `json:"rids"`
	Wafrids     []uint32           `json:"wafrids"`
	RuleType    string             `json:"ruletype"`
}

type RESTDerivedWorkloadDlpRuleData 

type RESTDerivedWorkloadDlpRuleData struct {
	Rules []*RESTDerivedWorkloadDlpRule `json:"rules"`
}

type RESTDerivedWorkloadPolicyRule 

type RESTDerivedWorkloadPolicyRule struct {
	Workload *RESTWorkloadBrief       `json:"workload"`
	Rules    []*RESTDerivedPolicyRule `json:"rules"`
}

type RESTDlpCriteriaEntry 

type RESTDlpCriteriaEntry struct {
	Key     string `json:"key"`
	Value   string `json:"value"`
	Op      string `json:"op"`
	Context string `json:"context,omitempty"`
}

type RESTDlpGroup 

type RESTDlpGroup struct {
	Name    string            `json:"name"`
	Status  bool              `json:"status"`
	Sensors []*RESTDlpSetting `json:"sensors"`
}

type RESTDlpGroupConfig 

type RESTDlpGroupConfig struct {
	Name       string            `json:"name"`
	Status     *bool             `json:"status,omitempty"`
	DelSensors *[]string         `json:"delete,omitempty"`  //delete list used by CLI
	Sensors    *[]RESTDlpSetting `json:"sensors,omitempty"` //change list used by CLI
	RepSensors *[]RESTDlpSetting `json:"replace,omitempty"` //replace list used by GUI
}

type RESTDlpGroupConfigData 

type RESTDlpGroupConfigData struct {
	Config *RESTDlpGroupConfig `json:"config"`
}

type RESTDlpGroupData 

type RESTDlpGroupData struct {
	DlpGroup *RESTDlpGroup `json:"dlp_group"`
}

type RESTDlpGroupsData 

type RESTDlpGroupsData struct {
	DlpGroups []*RESTDlpGroup `json:"dlp_groups"`
}

type RESTDlpRule 

type RESTDlpRule struct {
	Name     string                 `json:"name"`
	ID       uint32                 `json:"id"`
	Patterns []RESTDlpCriteriaEntry `json:"patterns"`
}

type RESTDlpRuleConfig 

type RESTDlpRuleConfig struct {
	Name     string                 `json:"name"`
	Patterns []RESTDlpCriteriaEntry `json:"patterns"`
}

type RESTDlpRuleConfigData 

type RESTDlpRuleConfigData struct {
	Config *RESTDlpRuleConfig `json:"config"`
}

type RESTDlpRuleData 

type RESTDlpRuleData struct {
	Rule *RESTDlpRuleDetail `json:"rule"`
}

type RESTDlpRuleDetail 

type RESTDlpRuleDetail struct {
	Sensors []string       `json:"sensors"`
	Rules   []*RESTDlpRule `json:"rules"`
}

type RESTDlpRulesData 

type RESTDlpRulesData struct {
	Rules []*RESTDlpRule `json:"rules"`
}

type RESTDlpSensor 

type RESTDlpSensor struct {
	Name      string         `json:"name"`
	GroupList []string       `json:"groups"`
	RuleList  []*RESTDlpRule `json:"rules"`
	Comment   string         `json:"comment"`
	Predefine bool           `json:"predefine"`
}

type RESTDlpSensorConfig 

type RESTDlpSensorConfig struct {
	Name        string         `json:"name"`
	RuleChgList *[]RESTDlpRule `json:"change,omitempty"` //change list used by CLI
	RuleDelList *[]RESTDlpRule `json:"delete,omitempty"` //delete list used by CLI
	Rules       *[]RESTDlpRule `json:"rules,omitempty"`  //replace list used by GUI
	Comment     *string        `json:"comment,omitempty"`
}

type RESTDlpSensorConfigData 

type RESTDlpSensorConfigData struct {
	Config *RESTDlpSensorConfig `json:"config"`
}

type RESTDlpSensorData 

type RESTDlpSensorData struct {
	Sensor *RESTDlpSensor `json:"sensor"`
}

type RESTDlpSensorsData 

type RESTDlpSensorsData struct {
	Sensors []*RESTDlpSensor `json:"sensors"`
}

type RESTDlpSetting 

type RESTDlpSetting struct {
	Name    string `json:"name"`
	Action  string `json:"action"`
	Comment string `json:"comment,omitempty"`
}

type RESTDomain 

type RESTDomain struct {
	Name             string   `json:"name"`
	Workloads        int      `json:"workloads"`
	RunningWorkloads int      `json:"running_workloads"`
	RunningPods      int      `json:"running_pods"`
	Services         int      `json:"services"`
	Tags             []string `json:"tags"`
}

type RESTDomainConfig 

type RESTDomainConfig struct {
	TagPerDomain *bool `json:"tag_per_domain,omitempty"`
}

type RESTDomainConfigData 

type RESTDomainConfigData struct {
	Config *RESTDomainConfig `json:"config"`
}

type RESTDomainEntryConfig 

type RESTDomainEntryConfig struct {
	Name string    `json:"name"`
	Tags *[]string `json:"tags,omitempty"`
}

type RESTDomainEntryConfigData 

type RESTDomainEntryConfigData struct {
	Config *RESTDomainEntryConfig `json:"config"`
}

type RESTDomainsData 

type RESTDomainsData struct {
	Domains      []*RESTDomain `json:"domains"`
	TagPerDomain bool          `json:"tag_per_domain"`
}

type RESTEULA 

type RESTEULA struct {
	Accepted bool `json:"accepted"`
}

type RESTEULAData 

type RESTEULAData struct {
	EULA *RESTEULA `json:"eula"`
}

type RESTError 

type RESTError struct {
	Code            int                  `json:"code"`
	Error           string               `json:"error"`
	Message         string               `json:"message"`
	PwdProfileBasic *RESTPwdProfileBasic `json:"password_profile_basic,omitempty"`
	ImportTaskData  *RESTImportTaskData  `json:"import_task_data,omitempty"`
}

type RESTErrorReadOnlyRules 

type RESTErrorReadOnlyRules struct {
	RESTError
	ReadOnlyRuleIDs []uint32 `json:"read_only_rule_ids"`
}

type RESTEventsData 

type RESTEventsData struct {
	Events []*Event `json:"events"`
}

type RESTExposedEndpoint 

type RESTExposedEndpoint struct {
	ID           string   `json:"id"`
	Name         string   `json:"name"`
	DisplayName  string   `json:"display_name"`
	PodName      string   `json:"pod_name"`
	Service      string   `json:"service"`
	Severity     string   `json:"severity"`
	PolicyMode   string   `json:"policy_mode"`
	PolicyAction string   `json:"policy_action"`
	Protos       []string `json:"protocols,omitempty"`
	Apps         []string `json:"applications,omitempty"`
	Ports        []string `json:"ports,omitempty"`
}

type RESTFedAuthData 

type RESTFedAuthData struct {
	ClientIP       string `json:"client_ip"`
	MasterUsername string `json:"master_username"`
	JointUsername  string `json:"joint_username"`
	MasterToken    string `json:"master_token"`
}

type RESTFedConfigData 

type RESTFedConfigData struct {
	PingInterval *uint32                   `json:"ping_interval,omitempty"` // in minute
	PollInterval *uint32                   `json:"poll_interval,omitempty"` // in minute
	Name         *string                   `json:"name,omitempty"`          // cluster name
	RestInfo     *share.CLUSRestServerInfo `json:"rest_info,omitempty"`
	UseProxy     *string                   `json:"use_proxy,omitempty"` // http / https
}

type RESTFedInternalCommandReq 

type RESTFedInternalCommandReq struct {
	FedKvVersion string            `json:"fed_kv_version"` // kv version in the code of master cluster
	Command      string            `json:"command"`        // currently supported commands: _cmdPollFedRules / _cmdForcePullFedRules
	User         string            `json:"user"`           // current operating user
	Revisions    map[string]uint64 `json:"revisions"`      // key is fed rules type, value is the revision of current fed rules
}

type RESTFedInternalCommandResp 

type RESTFedInternalCommandResp struct {
	Result int `json:"result"` // value: _fedCmdReceived/....
}

type RESTFedJoinReq 

type RESTFedJoinReq struct {
	Name          string                    `json:"name"`                      // cluster name
	Server        string                    `json:"server"`                    // server of master cluster
	Port          uint                      `json:"port"`                      // port of master cluster
	JoinToken     string                    `json:"join_token"`                // generated by the master cluster, i.e. RESTFedJoinToken.JoinToken
	JointRestInfo *share.CLUSRestServerInfo `json:"joint_rest_info,omitempty"` // rest info about this joint cluster
	UseProxy      *string                   `json:"use_proxy,omitempty"`
}

type RESTFedJoinReqInternal 

type RESTFedJoinReqInternal struct {
	User         string                  `json:"user"`           // current operating user
	Remote       string                  `json:"remote"`         // current operating user's remote info
	UserRoles    map[string]string       `json:"user_roles"`     // current operating user's roles
	FedKvVersion string                  `json:"fed_kv_version"` // kv version in the code of the joining cluster
	JoinTicket   string                  `json:"join_ticket"`    // generated by the master cluster, not containing master's server/port
	JointCluster RESTFedJointClusterInfo `json:"joint_cluster"`  // info about joint cluster
}

type RESTFedJoinRespInternal 

type RESTFedJoinRespInternal struct {
	PollInterval  uint32                    `json:"poll_interval"`  // in minute
	CACert        string                    `json:"ca_cert"`        // ca cert for the federated rest server in master cluster
	ClientKey     string                    `json:"client_key"`     // client key for the joint cluster
	ClientCert    string                    `json:"client_cert"`    // client cert for the joint cluster
	MasterCluster *RESTFedMasterClusterInfo `json:"master_cluster"` // info about the master cluster
}

type RESTFedJoinToken 

type RESTFedJoinToken struct {
	JoinToken string `json:"join_token"`
}

type RESTFedJointClusterInfo 

type RESTFedJointClusterInfo struct {
	Disabled      bool                     `json:"disabled"`
	Name          string                   `json:"name"` // cluster name
	ID            string                   `json:"id"`
	Secret        string                   `json:"secret"`
	User          string                   `json:"user"`   // the user who joins this cluster to federation
	Status        string                   `json:"status"` // ex: FedStatusClusterSynced/FedStatusClusterOutOfSync (see above)
	RestInfo      share.CLUSRestServerInfo `json:"rest_info"`
	ProxyRequired bool                     `json:"proxy_required"` // a joint cluster may be reachable without proxy even master cluster is configured to use proxy. decided when it joins fed.
}

type RESTFedLeaveReq 

type RESTFedLeaveReq struct {
	Force bool `json:"force"` // true means leave federation no matter master cluster succeeds or not
}

type RESTFedLeaveReqInternal 

type RESTFedLeaveReqInternal struct {
	ID          string            `json:"id"`           // id of the joint cluster to leave federation
	JointTicket string            `json:"joint_ticket"` // generated using joint cluster's secret
	User        string            `json:"user"`         // current operating user
	Remote      string            `json:"remote"`       // current operating user's remote info
	UserRoles   map[string]string `json:"user_roles"`   // current operating user's roles
}

for leaving federation request from joint clusters to master cluster

type RESTFedMasterClusterInfo 

type RESTFedMasterClusterInfo struct {
	Disabled bool                     `json:"disabled"`
	Name     string                   `json:"name"` // cluster name
	ID       string                   `json:"id"`
	Secret   string                   `json:"secret"` // used for encryoting/decrypting join_ticket issued by the master cluster. never export
	User     string                   `json:"user"`   // the user who promoets this cluster to master cluster in federation
	Status   string                   `json:"status"` // ex: FedStatusClusterSynced/FedStatusClusterOutOfSync (see above)
	RestInfo share.CLUSRestServerInfo `json:"rest_info"`
}

master cluster: a promoted cluster. One per-federation joint cluster: the other non-master clusters that join the federation 1. A cluster becomes master cluster after it's promoted (providing the ip/port for other clusters to join) 2. A cluster can join one federation at most 3. A master cluster with joint cluster(s) cannot join other federation 4. A master cluster without any joint cluster can join another federation. At the same time it becomes joint cluster of another federation.

type RESTFedMembereshipData 

type RESTFedMembereshipData struct {
	FedRole       string                     `json:"fed_role"`                 // FedRoleMaster / FedRoleJoint / FedRoleNone (see above)
	LocalRestInfo share.CLUSRestServerInfo   `json:"local_rest_info"`          //
	MasterCluster *RESTFedMasterClusterInfo  `json:"master_cluster,omitempty"` // master cluster
	JointClusters []*RESTFedJointClusterInfo `json:"joint_clusters"`           // all non-master clusters in the federation
	UseProxy      string                     `json:"use_proxy"`                // http / https
}

type RESTFedPingReq 

type RESTFedPingReq struct {
	Token        string `json:"token"`
	FedKvVersion string `json:"fed_kv_version"` // kv version in the code of the master cluster
}

type RESTFedPingResp 

type RESTFedPingResp struct {
	Result int `json:"result"` // value: _fedSuccess/....
}

type RESTFedPromoteReqData 

type RESTFedPromoteReqData struct {
	Name           string                    `json:"name,omitempty"`             // cluster name
	PingInterval   uint32                    `json:"ping_interval"`              // in minute
	PollInterval   uint32                    `json:"poll_interval"`              // in minute
	MasterRestInfo *share.CLUSRestServerInfo `json:"master_rest_info,omitempty"` // rest info about this master cluster
	UseProxy       *string                   `json:"use_proxy,omitempty"`        // http / https
}

type RESTFedPromoteRespData 

type RESTFedPromoteRespData struct {
	FedRole       string                   `json:"fed_role"`
	MasterCluster RESTFedMasterClusterInfo `json:"master_cluster"`      // info about this master cluster
	UseProxy      string                   `json:"use_proxy,omitempty"` // http / https
}

type RESTFedRemovedReqInternal 

type RESTFedRemovedReqInternal struct {
	User string `json:"user"` // current operating user
}

type RESTFedRulesSettings 

type RESTFedRulesSettings struct {
	AdmCtrlRulesData    *share.CLUSFedAdmCtrlRulesData   `json:"admctrl_rules_data,omitempty"`
	NetworkRulesData    *share.CLUSFedNetworkRulesData   `json:"network_rules_data,omitempty"`
	ResponseRulesData   *share.CLUSFedResponseRulesData  `json:"response_rules_data,omitempty"`
	GroupsData          *share.CLUSFedGroupsData         `json:"groups_data,omitempty"`
	FileMonitorData     *share.CLUSFedFileMonitorData    `json:"file_monitor_data,omitempty"`
	ProcessProfilesData *share.CLUSFedProcessProfileData `json:"process_profiles_data,omitempty"`
	SystemConfigData    *share.CLUSFedSystemConfigData   `json:"system_config_data,omitempty"`
}

type RESTFedSystemConfig 

type RESTFedSystemConfig struct {
	Webhooks []RESTWebhook `json:"webhooks"`
}

fed system config

type RESTFedTokenResp 

type RESTFedTokenResp struct {
	Token string `json:"token"` // for issued by remote joint cluster
}

type RESTFileMonitorConfig 

type RESTFileMonitorConfig struct {
	AddFilters    []*RESTFileMonitorFilterConfig `json:"add_filters,omitempty"`
	DelFilters    []*RESTFileMonitorFilterConfig `json:"delete_filters,omitempty"`
	UpdateFilters []*RESTFileMonitorFilterConfig `json:"update_filters,omitempty"`
}

type RESTFileMonitorConfigData 

type RESTFileMonitorConfigData struct {
	Config *RESTFileMonitorConfig `json:"config"`
}

type RESTFileMonitorFile 

type RESTFileMonitorFile struct {
	Path    string   `json:"path"`
	Mask    uint64   `json:"mask"`
	IsDir   bool     `json:"is_dir"`
	Protect bool     `json:"protect"`
	Files   []string `json:"files"`
}

type RESTFileMonitorFileData 

type RESTFileMonitorFileData struct {
	Files []*RESTFileMonitorFile `json:"files"`
}

type RESTFileMonitorFilter 

type RESTFileMonitorFilter struct {
	Filter           string   `json:"filter"`
	Recursive        bool     `json:"recursive"`
	Behavior         string   `json:"behavior"`
	Apps             []string `json:"applications"`
	CfgType          string   `json:"cfg_type"`
	Group            string   `json:"group,omitempty"`
	CreatedTimeStamp int64    `json:"created_timestamp"`
	UpdatedTimeStamp int64    `json:"last_modified_timestamp"`
}

type RESTFileMonitorFilterConfig 

type RESTFileMonitorFilterConfig struct {
	Filter    string   `json:"filter"`
	Recursive bool     `json:"recursive"`
	Behavior  string   `json:"behavior"`
	Apps      []string `json:"applications"`
	Group     string   `json:"group"`
}

type RESTFileMonitorProfile 

type RESTFileMonitorProfile struct {
	Group   string                   `json:"group"`
	Filters []*RESTFileMonitorFilter `json:"filters"`
}

type RESTFileMonitorProfileData 

type RESTFileMonitorProfileData struct {
	Profile *RESTFileMonitorProfile `json:"profile"`
}

type RESTFileMonitorProfilesData 

type RESTFileMonitorProfilesData struct {
	Profiles []*RESTFileMonitorProfile `json:"profiles"`
}

type RESTGCRKey 

type RESTGCRKey struct {
	JsonKey string `json:"json_key,cloak"`
}

type RESTGCRKeyConfig 

type RESTGCRKeyConfig struct {
	JsonKey *string `json:"json_key,omitempty,cloak"`
}

type RESTGroup 

type RESTGroup struct {
	RESTGroupBrief
	Criteria      []RESTCriteriaEntry  `json:"criteria"`
	Members       []*RESTWorkloadBrief `json:"members"`
	PolicyRules   []uint32             `json:"policy_rules"`
	ResponseRules []uint32             `json:"response_rules"`
}

type RESTGroupBatchDelete 

type RESTGroupBatchDelete struct {
	Groups []string `json:"groups"`
}

type RESTGroupBrief 

type RESTGroupBrief struct {
	Name           string   `json:"name"`
	Comment        string   `json:"comment"`
	Learned        bool     `json:"learned"`
	Reserved       bool     `json:"reserved"`
	PolicyMode     string   `json:"policy_mode,omitempty"`
	ProfileMode    string   `json:"profile_mode,omitempty"`
	NotScored      bool     `json:"not_scored"`
	Domain         string   `json:"domain"`
	CreaterDomains []string `json:"creater_domains"`
	Kind           string   `json:"kind"`
	PlatformRole   string   `json:"platform_role"`
	CfgType        string   `json:"cfg_type"` // CfgTypeLearned / CfgTypeUserCreated / CfgTypeGround / CfgTypeFederal (see above)
	RESTGroupCaps
}

type RESTGroupCaps 

type RESTGroupCaps struct {
	// use * and omitempty to make sure 'false' value is returned if requested
	CapChgMode  *bool `json:"cap_change_mode,omitempty"`
	CapScorable *bool `json:"cap_scorable,omitempty"`
}

type RESTGroupConfig 

type RESTGroupConfig struct {
	Name     string               `json:"name"`
	Comment  *string              `json:"comment"`
	Criteria *[]RESTCriteriaEntry `json:"criteria,omitempty"`
	CfgType  string               `json:"cfg_type"` // CfgTypeLearned / CfgTypeUserCreated / CfgTypeGround / CfgTypeFederal (see above)
}

type RESTGroupConfigData 

type RESTGroupConfigData struct {
	Config *RESTGroupConfig `json:"config"`
}

type RESTGroupData 

type RESTGroupData struct {
	Group *RESTGroupDetail `json:"group"`
}

type RESTGroupDetail 

type RESTGroupDetail struct {
	RESTGroupBrief
	Criteria      []RESTCriteriaEntry  `json:"criteria"`
	Members       []*RESTWorkloadBrief `json:"members"`
	PolicyRules   []*RESTPolicyRule    `json:"policy_rules"`
	ResponseRules []*RESTResponseRule  `json:"response_rules"`
}

type RESTGroupExport 

type RESTGroupExport struct {
	Groups     []string `json:"groups"`
	PolicyMode string   `json:"policy_mode,omitempty"`
}

type RESTGroupsBriefData 

type RESTGroupsBriefData struct {
	Groups []*RESTGroupBrief `json:"groups"`
}

type RESTGroupsData 

type RESTGroupsData struct {
	Groups []*RESTGroup `json:"groups"`
}

type RESTHost 

type RESTHost struct {
	Name              string                   `json:"name"`
	ID                string                   `json:"id"`
	Runtime           string                   `json:"runtime"`
	RuntimeVer        string                   `json:"runtime_version"`
	RuntimeAPIVer     string                   `json:"runtime_api_version"`
	Platform          string                   `json:"platform"`
	OS                string                   `json:"os"`
	Kernel            string                   `json:"kernel"`
	CPUs              int64                    `json:"cpus"`
	Memory            int64                    `json:"memory"`
	CGroupVersion     int                      `json:"cgroup_version"`
	Containers        int                      `json:"containers"`
	Ifaces            map[string][]*RESTIPAddr `json:"interfaces"`
	State             string                   `json:"state"`
	CapDockerBench    bool                     `json:"cap_docker_bench"`
	CapKubeBench      bool                     `json:"cap_kube_bench"`
	DockerBenchStatus string                   `json:"docker_bench_status,omitempty"`
	KubeBenchStatus   string                   `json:"kube_bench_status,omitempty"`
	PolicyMode        string                   `json:"policy_mode"`
	ProfileMode       string                   `json:"profile_mode"`
	ScanSummary       *RESTScanBrief           `json:"scan_summary"`
	StorageDriver     string                   `json:"storage_driver"`
	Labels            map[string]string        `json:"labels"`
	Annotations       map[string]string        `json:"annotations"`
}

type RESTHostData 

type RESTHostData struct {
	Host *RESTHost `json:"host"`
}

type RESTHostsData 

type RESTHostsData struct {
	Hosts []*RESTHost `json:"hosts"`
}

type RESTIBMSAConfig 

type RESTIBMSAConfig struct {
	AccountID         string `json:"account_id"`
	APIKey            string `json:"apikey"`
	ProviderID        string `json:"provider_id"` // service-id
	FindingsURL       string `json:"findings_url"`
	TokenURL          string `json:"token_url"`
	OnboardNoteName   string `json:"onboard_note_name"`
	OnboardID         string `json:"onboard_id"`
	OnboardProviderID string `json:"onboard_provider_id"`
}

type RESTIBMSASetupToken 

type RESTIBMSASetupToken struct {
	AccessToken string `json:"access_token"`
}

type RESTIBMSASetupUrl 

type RESTIBMSASetupUrl struct {
	URL string `json:"url"`
}

type RESTIDName 

type RESTIDName struct {
	ID          string   `json:"id"`
	DisplayName string   `json:"display_name"`
	PolicyMode  string   `json:"policy_mode"`
	Domains     []string `json:"domains"`
}

type RESTIPAddr 

type RESTIPAddr struct {
	IP       string `json:"ip"`
	IPPrefix int    `json:"ip_prefix"`
	Gateway  string `json:"gateway"`
}

type RESTIPPort 

type RESTIPPort struct {
	IP   string `json:"ip"`
	Port uint16 `json:"port"`
}

type RESTImportTask 

type RESTImportTask struct {
	TID            string    `json:"tid"`
	CtrlerID       string    `json:"ctrler_id"`
	LastUpdateTime time.Time `json:"last_update_time,omitempty"`
	Percentage     int       `json:"percentage"`
	TriggeredBy    string    `json:"triggered_by,omitempty"` // fullname of the user who triggers import
	Status         string    `json:"status,omitempty"`
	TempToken      string    `json:"temp_token,omitempty"`
}

Import task

type RESTImportTaskData 

type RESTImportTaskData struct {
	Data *RESTImportTask `json:"data"`
}

type RESTIncidentsData 

type RESTIncidentsData struct {
	Incidents []*Incident `json:"incidents"`
}

type RESTInternalSubnets 

type RESTInternalSubnets struct {
	ConfiguredInternalSubnets []string `json:"configured_internal_subnets,omitempty"`
	LearnedInternalSubnets    []string `json:"learned_internal_subnets,omitempty"`
	EffectiveInternalSubnets  []string `json:"effective_internal_subnets,omitempty"`
}

type RESTInternalSubnetsData 

type RESTInternalSubnetsData struct {
	InternalSubnets *RESTInternalSubnets `json:"internal_subnets"`
}

type RESTInternalSystemData 

type RESTInternalSystemData struct {
	Metrics *RESTRiskScoreMetrics  `json:"metrics"`
	Ingress []*RESTExposedEndpoint `json:"ingress"`
	Egress  []*RESTExposedEndpoint `json:"egress"`
}

type RESTLicenseCode 

type RESTLicenseCode struct {
	LicenseCode string `json:"license_code"`
}

type RESTLicenseInfo 

type RESTLicenseInfo struct {
	Name           string `json:"name"`
	Email          string `json:"email"`
	Phone          string `json:"phone"`
	ID             string `json:"id,omitempty"`
	IDType         string `json:"id_type,omitempty"`
	InstallationID string `json:"installation_id"` // nv installation id
}

func (*RESTLicenseInfo) GetDomain 

func (o *RESTLicenseInfo) GetDomain(f share.GetAccessObjectFunc) ([]string, []string)

type RESTLicenseKey 

type RESTLicenseKey struct {
	LicenseKey string `json:"license_key,cloak"`
}

type RESTLicenseKeyCfgMap 

type RESTLicenseKeyCfgMap struct {
	RESTLicenseKey
	AlwaysReload bool `json:"always_reload"`
}

type RESTLicenseRequest 

type RESTLicenseRequest struct {
	Name  string `json:"name"`
	Email string `json:"email"`
	Phone string `json:"phone"`
}

type RESTLicenseRequestData 

type RESTLicenseRequestData struct {
	Request *RESTLicenseRequest `json:"license_request"`
}

type RESTLicenseShow 

type RESTLicenseShow struct {
	Info *RESTLicenseInfo `json:"info"`
}

type RESTLicenseShowData 

type RESTLicenseShowData struct {
	License *RESTLicenseShow `json:"license"`
}

type RESTList 

type RESTList struct {
	Application  []string        `json:"application,omitempty"`
	RegistryType []string        `json:"registry_type,omitempty"`
	Compliance   []RESTBenchMeta `json:"compliance,omitempty"`
}

type RESTListData 

type RESTListData struct {
	List *RESTList `json:"list"`
}

type RESTMappableRoles 

type RESTMappableRoles struct {
	DefaultRoles     []string `json:"default_roles"`
	GroupRoles       []string `json:"group_roles"`        // mappable roles for group's global domain
	GroupDomainRoles []string `json:"group_domain_roles"` // mappable roles for group's namespaces
}

type RESTMeter 

type RESTMeter struct {
	Type       string `json:"type"`
	Workload   string `json:"workload_id"`
	PeerIP     string `json:"peer_ip"`
	Count      uint32 `json:"cur_count"`
	SpanCount  uint32 `json:"span_count"`
	Span       uint8  `json:"span"`
	Tap        bool   `json:"tap"`
	Idle       uint16 `json:"idle"`
	UpperLimit uint32 `json:"upper_limit"`
	LowerLimit uint32 `json:"lower_limit"`
}

type RESTMeterList 

type RESTMeterList struct {
	Meters []*RESTMeter `json:"meters"`
}

type RESTMetry 

type RESTMetry struct {
	CPU           float64 `json:"cpu"`
	Memory        uint64  `json:"memory"`
	SessionIn     uint32  `json:"session_in"`
	SessionOut    uint32  `json:"session_out"`
	SessionCurIn  uint32  `json:"cur_session_in,omitempty"`
	SessionCurOut uint32  `json:"cur_session_out,omitempty"`
	PacketIn      uint64  `json:"packet_in"`
	PacketOut     uint64  `json:"packet_out"`
	ByteIn        uint64  `json:"byte_in"`
	ByteOut       uint64  `json:"byte_out"`
}

type RESTModuleCve 

type RESTModuleCve struct {
	Name   string `json:"name"`
	Status string `json:"status"`
}

type RESTPolicyMismatch 

type RESTPolicyMismatch struct {
	ClusterRule *RESTPolicyRule `json:"cluster_rule"`
	LearnedRule *RESTPolicyRule `json:"learned_rule"`
}

type RESTPolicyPromoteRequest 

type RESTPolicyPromoteRequest struct {
	IDs []uint32 `json:"ids"`
}

type RESTPolicyPromoteRequestData 

type RESTPolicyPromoteRequestData struct {
	Request *RESTPolicyPromoteRequest `json:"request"`
}

type RESTPolicyRule 

type RESTPolicyRule struct {
	ID           uint32   `json:"id"`
	Comment      string   `json:"comment"`
	From         string   `json:"from"`  // group name
	To           string   `json:"to"`    // group name
	Ports        string   `json:"ports"` // free-style port list
	Action       string   `json:"action"`
	Applications []string `json:"applications"`
	Learned      bool     `json:"learned"`
	Disable      bool     `json:"disable"`
	CreatedTS    int64    `json:"created_timestamp"`
	LastModTS    int64    `json:"last_modified_timestamp"`
	CfgType      string   `json:"cfg_type"` // CfgTypeLearned / CfgTypeUserCreated / CfgTypeGround / CfgTypeFederal (see above)
	Priority     uint32   `json:"priority"`
}

type RESTPolicyRuleActionData 

type RESTPolicyRuleActionData struct {
	Move   *RESTPolicyRuleMove   `json:"move,omitempty"`
	Insert *RESTPolicyRuleInsert `json:"insert,omitempty"`
	Rules  *[]*RESTPolicyRule    `json:"rules,omitempty"`
	Delete *[]uint32             `json:"delete,omitempty"`
}

type RESTPolicyRuleConfig 

type RESTPolicyRuleConfig struct {
	ID           uint32    `json:"id"`
	Comment      *string   `json:"comment,omitempty"`
	From         *string   `json:"from,omitempty"`  // group name
	To           *string   `json:"to,omitempty"`    // group name
	Ports        *string   `json:"ports,omitempty"` // free-style port list
	Action       *string   `json:"action,omitempty"`
	Applications *[]string `json:"applications,omitempty"`
	Disable      *bool     `json:"disable,omitempty"`
	CfgType      string    `json:"cfg_type"` // CfgTypeLearned / CfgTypeUserCreated / CfgTypeGround / CfgTypeFederal (see above)
	Priority     uint32    `json:"priority,omitempty"`
}

Omit fields indicate that it's not modified.

type RESTPolicyRuleConfigData 

type RESTPolicyRuleConfigData struct {
	Config    *RESTPolicyRuleConfig `json:"config"`
	Replicate bool                  `json:"replicate,omitempty"`
}

type RESTPolicyRuleData 

type RESTPolicyRuleData struct {
	Rule *RESTPolicyRule `json:"rule"`
}

type RESTPolicyRuleInsert 

type RESTPolicyRuleInsert struct {
	// nil: last; 0: first; +id: after rule 'id'; -id: before rule 'id'
	After *int              `json:"after,omitempty"`
	Rules []*RESTPolicyRule `json:"rules"`
}

type RESTPolicyRuleMove 

type RESTPolicyRuleMove struct {
	// nil: last; 0: first; +id: after rule 'id'; -id: before rule 'id'
	After *int   `json:"after,omitempty"`
	ID    uint32 `json:"id"`
}

type RESTPolicyRulesData 

type RESTPolicyRulesData struct {
	Rules []*RESTPolicyRule `json:"rules"`
}

type RESTPolicyViolationsData 

type RESTPolicyViolationsData struct {
	Violations []*Violation `json:"violations"`
}

type RESTPolicyViolationsWLData 

type RESTPolicyViolationsWLData struct {
	ViolationWorkloads []*RESTViolationWorkload `json:"violation_workloads"`
}

type RESTPollFedRulesReq 

type RESTPollFedRulesReq struct {
	ID           string            `json:"id"`             // id of joint cluster
	Name         string            `json:"name"`           // name of joint cluster
	JointTicket  string            `json:"joint_ticket"`   // generated using joint cluster's secret
	FedKvVersion string            `json:"fed_kv_version"` // kv version in the code of joint cluster
	Revisions    map[string]uint64 `json:"revisions"`      // key is fed rules type, value is the revision
}

for polling fed rules/settings from joint clusters to master cluster

type RESTPollFedRulesResp 

type RESTPollFedRulesResp struct {
	Result       int               `json:"result"`        // value: _fedSuccess/....
	PollInterval uint32            `json:"poll_interval"` // in minute
	Settings     []byte            `json:"settings"`      // marshall of RESTFedRulesSettings
	Revisions    map[string]uint64 `json:"revisions"`     // key is fed rules type, value is the revision
}

type RESTProbeContainer 

type RESTProbeContainer struct {
	Id       string  `json:"id"`
	Pid      int32   `json:"pid"`
	Children []int32 `json:"children"`
	PortsMap string  `json:"port_map"`
}

type RESTProbeContainersData 

type RESTProbeContainersData struct {
	Containers []*RESTProbeContainer `json:"containers"`
}

type RESTProbeProcess 

type RESTProbeProcess struct {
	Pid       int32  `json:"pid"`
	Ppid      int32  `json:"ppid"`
	Name      string `json:"name"`
	Ruid      uint32 `json:"ruid"`
	Euid      uint32 `json:"euid"`
	ScanTimes uint32 `json:"scan_times"`
	StartTime uint64 `json:"start_times"`
	Reported  uint32 `json:"reported"`
	Container string `json:"container"`
}

type RESTProbeProcessesData 

type RESTProbeProcessesData struct {
	Processes []*RESTProbeProcess `json:"processes"`
}

type RESTProbeSummary 

type RESTProbeSummary struct {
	ContainerMap    uint32 `json:"containers"`
	PidContainerMap uint32 `json:"pid_containers"`
	PidProcMap      uint32 `json:"pid_procs"`
	NewProcesses    uint32 `json:"new_procs"`
	NewSuspicProc   uint32 `json:"new_suspicious_procs"`
	ContainerStops  uint32 `json:"stopped_container"`
	PidSet          uint32 `json:"pids"`
	SessionTable    uint32 `json:"host_sessions"`
}

type RESTProbeSummaryData 

type RESTProbeSummaryData struct {
	Summary *RESTProbeSummary `json:"summary"`
}

type RESTProcessInfo 

type RESTProcessInfo struct {
	Name             string `json:"name"`
	Pid              uint32 `json:"pid"`
	Parent           uint32 `json:"parent"`
	Group            uint32 `json:"group"`
	Session          uint32 `json:"session"`
	Cmdline          string `json:"cmdline"`
	Root             bool   `json:"root"`
	User             string `json:"user"`
	Status           string `json:"status"`
	StartAtTimeStamp int64  `json:"start_timestamp"`
	Action           string `json:"action"`
}

type RESTProcessList 

type RESTProcessList struct {
	Processes []*RESTProcessInfo `json:"processes"`
}

type RESTProcessProfile 

type RESTProcessProfile struct {
	Group        string                     `json:"group"`
	AlertDisable bool                       `json:"alert_disabled,omitempty"`
	HashEnable   bool                       `json:"hash_enabled,omitempty"`
	Baseline     string                     `json:"baseline"`
	Mode         string                     `json:"mode"`
	ProcessList  []*RESTProcessProfileEntry `json:"process_list"`
}

type RESTProcessProfileConfig 

type RESTProcessProfileConfig struct {
	Group          string                           `json:"group"`
	AlertDisable   *bool                            `json:"alert_disabled,omitempty"`
	HashEnable     *bool                            `json:"hash_enabled,omitempty"`
	Baseline       *string                          `json:"baseline,omitempty"`
	ProcessChgList *[]RESTProcessProfileEntryConfig `json:"process_change_list,omitempty"`
	ProcessDelList *[]RESTProcessProfileEntryConfig `json:"process_delete_list,omitempty"`
	ProcessRepList *[]RESTProcessProfileEntryConfig `json:"process_replace_list,omitempty"`
}

type RESTProcessProfileConfigData 

type RESTProcessProfileConfigData struct {
	Config *RESTProcessProfileConfig `json:"process_profile_config"`
}

type RESTProcessProfileData 

type RESTProcessProfileData struct {
	Profile *RESTProcessProfile `json:"process_profile"`
}

type RESTProcessProfileEntry 

type RESTProcessProfileEntry struct {
	Name             string `json:"name"`
	Path             string `json:"path,omitempty"`
	User             string `json:"user,omitempty"`
	Uid              int32  `json:"uid,omitempty"`
	Action           string `json:"action"`
	CfgType          string `json:"cfg_type"`
	Uuid             string `json:"uuid"`
	Group            string `json:"group,omitempty"`
	AllowFileUpdate  bool   `json:"allow_update"`
	CreatedTimeStamp int64  `json:"created_timestamp"`
	UpdatedTimeStamp int64  `json:"last_modified_timestamp"`
}

type RESTProcessProfileEntryConfig 

type RESTProcessProfileEntryConfig struct {
	Name            string `json:"name"`
	Path            string `json:"path"`
	Action          string `json:"action"`
	Group           string `json:"group"`
	AllowFileUpdate bool   `json:"allow_update"`
}

type RESTProcessProfilesData 

type RESTProcessProfilesData struct {
	Profiles []*RESTProcessProfile `json:"process_profiles"`
}

type RESTProcessRuleResp 

type RESTProcessRuleResp struct {
	Entry *RESTProcessUuidEntry `json:"process_rule"`
}

type RESTProcessRulesResp 

type RESTProcessRulesResp struct {
	Entries []RESTProcessUuidEntry `json:"process_rules"`
}

type RESTProcessUuidEntry 

type RESTProcessUuidEntry struct {
	Active int                     `json:"active"`
	Group  string                  `json:"group"`
	Rule   RESTProcessProfileEntry `json:"rule"`
}

uuid for process rules

type RESTProfiling 

type RESTProfiling struct {
	Methods  []string `json:"methods"`
	Duration uint32   `json:"duration"`
}

type RESTProfilingData 

type RESTProfilingData struct {
	Profiling *RESTProfiling `json:"profiling"`
}

type RESTProtoPort 

type RESTProtoPort struct {
	IPProto uint8  `json:"ip_proto"`
	Port    uint16 `json:"port"`
}

type RESTProxy 

type RESTProxy struct {
	URL      string `json:"url"`
	Username string `json:"username"`
	Password string `json:"password,cloak"`
}

type RESTPwdProfile 

type RESTPwdProfile struct {
	Name                        string `json:"name"`
	Comment                     string `json:"comment"`
	MinLen                      int    `json:"min_len"`
	MinUpperCount               int    `json:"min_uppercase_count"` // for alphabet characters
	MinLowerCount               int    `json:"min_lowercase_count"` // for alphabet characters
	MinDigitCount               int    `json:"min_digit_count"`
	MinSpecialCount             int    `json:"min_special_count"`
	EnablePwdExpiration         bool   `json:"enable_password_expiration"`
	PwdExpireAfterDays          int    `json:"password_expire_after_days"` // must be > 0 when EnablePwdExpiration is true
	EnablePwdHistory            bool   `json:"enable_password_history"`
	PwdHistoryCount             int    `json:"password_keep_history_count"`
	EnableBlockAfterFailedLogin bool   `json:"enable_block_after_failed_login"` // for "Block X minutes after N times consecutive failed attempts"
	BlockAfterFailedCount       int    `json:"block_after_failed_login_count"`  // must be > 0 when EnableBlockAfterFailedLogin is true
	BlockMinutes                int    `json:"block_minutes"`                   // must be > 0 when EnableBlockAfterFailedLogin is true
}

password profile

type RESTPwdProfileBasic 

type RESTPwdProfileBasic struct {
	MinLen          int `json:"min_len"`
	MinUpperCount   int `json:"min_uppercase_count"` // for alphabet characters
	MinLowerCount   int `json:"min_lowercase_count"` // for alphabet characters
	MinDigitCount   int `json:"min_digit_count"`
	MinSpecialCount int `json:"min_special_count"`
}

type RESTPwdProfileConditional 

type RESTPwdProfileConditional struct {
	Name                        *string `json:"name,omitempty"`
	Comment                     *string `json:"comment,omitempty"`
	MinLen                      int     `json:"min_len"`
	MinUpperCount               int     `json:"min_uppercase_count"` // for alphabet characters
	MinLowerCount               int     `json:"min_lowercase_count"` // for alphabet characters
	MinDigitCount               int     `json:"min_digit_count"`
	MinSpecialCount             int     `json:"min_special_count"`
	EnablePwdExpiration         *bool   `json:"enable_password_expiration,omitempty"`
	PwdExpireAfterDays          *int    `json:"password_expire_after_days,omitempty"` // must be > 0 when EnablePwdExpiration is true
	EnablePwdHistory            *bool   `json:"enable_password_history,omitempty"`
	PwdHistoryCount             *int    `json:"password_keep_history_count,omitempty"`
	EnableBlockAfterFailedLogin *bool   `json:"enable_block_after_failed_login,omitempty"` // for "Block X minutes after N times consecutive failed attempts"
	BlockAfterFailedCount       *int    `json:"block_after_failed_login_count,omitempty"`  // must be > 0 when EnableBlockAfterFailedLogin is true
	BlockMinutes                *int    `json:"block_minutes,omitempty"`                   // must be > 0 when EnableBlockAfterFailedLogin is true
}

type RESTPwdProfileConfig 

type RESTPwdProfileConfig struct {
	Name                        string  `json:"name"`
	Active                      *bool   `json:"active,omitempty"`
	Comment                     *string `json:"comment,omitempty"`
	MinLen                      *int    `json:"min_len,omitempty"`
	MinUpperCount               *int    `json:"min_uppercase_count,omitempty"` // for alphabet characters
	MinLowerCount               *int    `json:"min_lowercase_count,omitempty"` // for alphabet characters
	MinDigitCount               *int    `json:"min_digit_count,omitempty"`     // for 0 ~ 9
	MinSpecialCount             *int    `json:"min_special_count,omitempty"`   // !”#$%&'()*+,-./:;<=>?@[\]^_`{|}~
	EnablePwdExpiration         *bool   `json:"enable_password_expiration,omitempty"`
	PwdExpireAfterDays          *int    `json:"password_expire_after_days,omitempty"` // must be > 0 when EnablePwdExpiration is true
	EnablePwdHistory            *bool   `json:"enable_password_history,omitempty"`
	PwdHistoryCount             *int    `json:"password_keep_history_count,omitempty"`
	EnableBlockAfterFailedLogin *bool   `json:"enable_block_after_failed_login,omitempty"` // for "Block X minutes after N times consecutive failed attempts"
	BlockAfterFailedCount       *int    `json:"block_after_failed_login_count,omitempty"`  // must be > 0 when EnableBlockAfterFailedLogin is true
	BlockMinutes                *int    `json:"block_minutes,omitempty"`                   // must be > 0 when EnableBlockAfterFailedLogin is true
}

type RESTPwdProfileConfigData 

type RESTPwdProfileConfigData struct {
	Config *RESTPwdProfileConfig `json:"config"`
}

type RESTPwdProfileData 

type RESTPwdProfileData struct {
	PwdProfile *RESTPwdProfile `json:"pwd_profile"`
}

type RESTPwdProfileDataConditional 

type RESTPwdProfileDataConditional struct {
	PwdProfile *RESTPwdProfileConditional `json:"pwd_profile"`
}

type RESTPwdProfilesData 

type RESTPwdProfilesData struct {
	PwdProfiles       []*RESTPwdProfile `json:"pwd_profiles"`
	ActiveProfileName string            `json:"active_profile_name"`
}

type RESTPwdProfilesDataCfgMap 

type RESTPwdProfilesDataCfgMap struct {
	RESTPwdProfilesData
	AlwaysReload bool `json:"always_reload"`
}

type RESTRegistry 

type RESTRegistry struct {
	Name               string             `json:"name"`
	Type               string             `json:"registry_type"`
	Registry           string             `json:"registry"`
	Username           string             `json:"username"`
	Password           string             `json:"password,cloak"`
	AuthToken          string             `json:"auth_token,cloak"`
	AuthWithToken      bool               `json:"auth_with_token"`
	Domains            []string           `json:"domains"`
	Filters            []string           `json:"filters"`
	RescanImage        bool               `json:"rescan_after_db_update"`
	ScanLayers         bool               `json:"scan_layers"`
	RepoLimit          int                `json:"repo_limit"`
	TagLimit           int                `json:"tag_limit"`
	Schedule           RESTScanSchedule   `json:"schedule"`
	AwsKey             *RESTAWSAccountKey `json:"aws_key,omitempty"`
	GcrKey             *RESTGCRKey        `json:"gcr_key,omitempty"`
	JfrogMode          string             `json:"jfrog_mode"`
	JfrogAQL           bool               `json:"jfrog_aql"`
	GitlabApiUrl       string             `json:"gitlab_external_url"`
	GitlabPrivateToken string             `json:"gitlab_private_token,cloak"`
	IBMCloudTokenURL   string             `json:"ibm_cloud_token_url"`
	IBMCloudAccount    string             `json:"ibm_cloud_account"`
}

type RESTRegistryConfig 

type RESTRegistryConfig struct {
	Name               string                   `json:"name"`
	Type               string                   `json:"registry_type"`
	Registry           *string                  `json:"registry,omitempty"`
	Domains            *[]string                `json:"domains,omitempty"`
	Filters            *[]string                `json:"filters,omitempty"`
	Username           *string                  `json:"username,omitempty"`
	Password           *string                  `json:"password,omitempty,cloak"`
	AuthToken          *string                  `json:"auth_token,omitempty,cloak"`
	AuthWithToken      *bool                    `json:"auth_with_token,omitempty"`
	RescanImage        *bool                    `json:"rescan_after_db_update,omitempty"`
	ScanLayers         *bool                    `json:"scan_layers,omitempty"`
	RepoLimit          *int                     `json:"repo_limit,omitempty"`
	TagLimit           *int                     `json:"tag_limit,omitempty"`
	Schedule           *RESTScanSchedule        `json:"schedule,omitempty"`
	AwsKey             *RESTAWSAccountKeyConfig `json:"aws_key,omitempty"`
	GcrKey             *RESTGCRKeyConfig        `json:"gcr_key,omitempty"`
	JfrogMode          *string                  `json:"jfrog_mode,omitempty"`
	JfrogAQL           *bool                    `json:"jfrog_aql,omitempty"`
	GitlabApiUrl       *string                  `json:"gitlab_external_url,omitempty"`
	GitlabPrivateToken *string                  `json:"gitlab_private_token,omitempty,cloak"`
	IBMCloudTokenURL   *string                  `json:"ibm_cloud_token_url,omitempty"`
	IBMCloudAccount    *string                  `json:"ibm_cloud_account,omitempty"`
}

type RESTRegistryConfigData 

type RESTRegistryConfigData struct {
	Config *RESTRegistryConfig `json:"config"`
}

type RESTRegistryDebugImage 

type RESTRegistryDebugImage struct {
	Domain     string                       `json:"domain"`
	Repository string                       `json:"repository"`
	Tags       []*RESTRegistryDebugImageTag `json:"tags"`
}

type RESTRegistryDebugImageData 

type RESTRegistryDebugImageData struct {
	Images []*RESTRegistryDebugImage `json:"images"`
}

type RESTRegistryDebugImageTag 

type RESTRegistryDebugImageTag struct {
	Tag    string `json:"tag"`
	Serial string `json:"serial"`
}

type RESTRegistryImageSummary 

type RESTRegistryImageSummary struct {
	Domain     string            `json:"domain"`
	Repository string            `json:"repository"`
	Tag        string            `json:"tag"`
	ImageID    string            `json:"image_id"`
	Digest     string            `json:"digest"`
	Size       int64             `json:"size"`
	Author     string            `json:"author"`
	RunAsRoot  bool              `json:"run_as_root"`
	Envs       []string          `json:"envs"`
	Labels     map[string]string `json:"labels"`
	Layers     []string          `json:"layers"`
	RESTScanBrief
}

type RESTRegistryImageSummaryData 

type RESTRegistryImageSummaryData struct {
	Images []*RESTRegistryImageSummary `json:"images"`
}

type RESTRegistrySummary 

type RESTRegistrySummary struct {
	RESTRegistry
	Status    string `json:"status"`
	ErrMsg    string `json:"error_message"`
	ErrDetail string `json:"error_detail"`
	StartedAt string `json:"started_at"`
	RESTScanStatus
}

type RESTRegistrySummaryData 

type RESTRegistrySummaryData struct {
	Summary *RESTRegistrySummary `json:"summary"`
}

type RESTRegistrySummaryListData 

type RESTRegistrySummaryListData struct {
	Summarys []*RESTRegistrySummary `json:"summarys"`
}

type RESTRegistryTestData 

type RESTRegistryTestData struct {
	Config *RESTRegistry `json:"config"`
}

type RESTRegistryTestStep 

type RESTRegistryTestStep struct {
	Step    string `json:"step_type"`
	Content string `json:"step_content"`
}

type RESTRegistryTestStepData 

type RESTRegistryTestStepData struct {
	Steps []*RESTRegistryTestStep `json:"steps"`
}

type RESTResponseRule 

type RESTResponseRule struct {
	ID         uint32                     `json:"id"`
	Event      string                     `json:"event"`
	Comment    string                     `json:"comment"`
	Group      string                     `json:"group"`
	Conditions []share.CLUSEventCondition `json:"conditions"`
	Actions    []string                   `json:"actions"`
	Webhooks   []string                   `json:"webhooks"`
	Disable    bool                       `json:"disable"`
	CfgType    string                     `json:"cfg_type"` // CfgTypeLearned / CfgTypeUserCreated / CfgTypeGround / CfgTypeFederal (see above)
}

type RESTResponseRuleActionData 

type RESTResponseRuleActionData struct {
	Insert *RESTResponseRuleInsert `json:"insert,omitempty"`
}

type RESTResponseRuleConfig 

type RESTResponseRuleConfig struct {
	ID         uint32                      `json:"id"`
	Comment    *string                     `json:"comment,omitempty"`
	Group      *string                     `json:"group,omitempty"`
	Event      *string                     `json:"event,omitempty"`
	Conditions *[]share.CLUSEventCondition `json:"conditions,omitempty"`
	Actions    *[]string                   `json:"actions,omitempty"`
	Webhooks   *[]string                   `json:"webhooks,omitempty"`
	Disable    *bool                       `json:"disable,omitempty"`
	CfgType    string                      `json:"cfg_type"` // CfgTypeLearned / CfgTypeUserCreated / CfgTypeGround / CfgTypeFederal (see above)
}

Omit fields indicate that it's not modified.

type RESTResponseRuleConfigData 

type RESTResponseRuleConfigData struct {
	Config *RESTResponseRuleConfig `json:"config"`
}

type RESTResponseRuleData 

type RESTResponseRuleData struct {
	Rule *RESTResponseRule `json:"rule"`
}

type RESTResponseRuleInsert 

type RESTResponseRuleInsert struct {
	// nil: last; 0: first; +id: after rule 'id'; -id: before rule 'id'
	After *int                `json:"after,omitempty"`
	Rules []*RESTResponseRule `json:"rules"`
}

type RESTResponseRuleOptionData 

type RESTResponseRuleOptionData struct {
	Options  map[string]*RESTResponseRuleOptions `json:"response_rule_options"`
	Webhooks []string                            `json:"webhooks"`
}

type RESTResponseRuleOptions 

type RESTResponseRuleOptions struct {
	Types         []string            `json:"types"`
	Name          []string            `json:"name,omitempty"`
	Level         []string            `json:"level,omitempty"`
	DisabledProps map[string][]string `json:"disabled_props,omitempty"`
}

type RESTResponseRulesData 

type RESTResponseRulesData struct {
	Rules []*RESTResponseRule `json:"rules"`
}

type RESTRiskScoreMetrics 

type RESTRiskScoreMetrics struct {
	Platform         string `json:"platform"`
	K8sVersion       string `json:"kube_version"`
	OCVersion        string `json:"openshift_version"`
	NewServiceMode   string `json:"new_service_policy_mode"`
	DiscoverGroups   int    `json:"discover_groups"`
	MonitorGroups    int    `json:"monitor_groups"`
	ProtectGroups    int    `json:"protect_groups"`
	Groups           int    `json:"groups"`
	RunningPods      int    `json:"running_pods"`
	PrivilegedWLs    int    `json:"privileged_wls"`
	RootWLs          int    `json:"root_wls"`
	DenyAdmCtrlRules int    `json:"deny_adm_ctrl_rules"`
	DiscoverCVEs     int    `json:"discover_cves"`
	MonitorCVEs      int    `json:"monitor_cves"`
	ProtectCVEs      int    `json:"protect_cves"`
	PlatformCVEs     int    `json:"platform_cves"`
	HostCVEs         int    `json:"host_cves"`
	Hosts            int    `json:"hosts"`
	DiscoverExtEPs   int    `json:"discover_ext_eps"`
	MonitorExtEPs    int    `json:"monitor_ext_eps"`
	ProtectExtEPs    int    `json:"protect_ext_eps"`
	ThrtExtEPs       int    `json:"threat_ext_eps"`
	VioExtEPs        int    `json:"violate_ext_eps"`
}

type RESTRolePermission 

type RESTRolePermission struct {
	ID    string `json:"id"`
	Read  bool   `json:"read"`
	Write bool   `json:"write"`
}

type RESTRolePermitOptionInternal 

type RESTRolePermitOptionInternal struct {
	ID             string
	Value          uint64
	SupportScope   byte // 1: support global scope, 2: support domain scope, 3: support both scopes
	ReadSupported  bool
	WriteSupported bool

	// non-nil only for complex permissions like PERM_RUNTIME_POLICIES. PERM_RUNTIME_POLICIES is visible to client but in controller it's PERM_NETWORK_POLICY + PERM_SYSTEM_POLICY
	ComplexPermits []*RESTRolePermitOptionInternal
}

type RESTScanAppPackage 

type RESTScanAppPackage struct {
	AppName    string `json:"app_name"`
	ModuleName string `json:"module_name"`
	Version    string `json:"version"`
	FileName   string `json:"file_name"`
}

type RESTScanAwsFuncDetail 

type RESTScanAwsFuncDetail struct {
	RESTScanBrief  `json:"scan_brief"`
	RESTScanReport `json:"scan_report"`
}

type RESTScanAwsFuncReport 

type RESTScanAwsFuncReport struct {
	FuncID     string                           `json:"function_id"`
	NvSecID    string                           `json:"nv_sec_id"`
	Version    string                           `json:"version"`
	ScanResult RESTScanAwsFuncDetail            `json:"scan_result"`
	AllowedRes map[string]RESTAwsFuncPermission `json:"allowed_resources"` // key: resource_name value: list of func in res
	ReqRes     map[string]RESTAwsFuncPermission `json:"req_resources"`     // key: resource_name value: list of func in res
}

type RESTScanBrief 

type RESTScanBrief struct {
	Status           string `json:"status"`
	HighVuls         int    `json:"high"`
	MedVuls          int    `json:"medium"`
	Result           string `json:"result"`
	ScannedTimeStamp int64  `json:"scanned_timestamp"`
	ScannedAt        string `json:"scanned_at"`
	BaseOS           string `json:"base_os"`
	CVEDBVersion     string `json:"scanner_version"`
	CVEDBCreateTime  string `json:"cvedb_create_time"`
}

type RESTScanConfig 

type RESTScanConfig struct {
	AutoScan bool `json:"auto_scan"`
}

type RESTScanConfigData 

type RESTScanConfigData struct {
	Config *RESTScanConfig `json:"config"`
}

type RESTScanImageSummary 

type RESTScanImageSummary struct {
	Image   string `json:"image"`
	ImageID string `json:"image_id"`
	Author  string `json:"author"`
	RESTScanBrief
}

type RESTScanImageSummaryData 

type RESTScanImageSummaryData struct {
	Summary []*RESTScanImageSummary `json:"images"`
}

type RESTScanLayer 

type RESTScanLayer struct {
	Digest string               `json:"digest"`
	Cmds   string               `json:"cmds"`
	Vuls   []*RESTVulnerability `json:"vulnerabilities"`
	Size   int64                `json:"size"`
}

type RESTScanLayersReport 

type RESTScanLayersReport struct {
	Layers []*RESTScanLayer `json:"layers"`
}

type RESTScanLayersReportData 

type RESTScanLayersReportData struct {
	Report *RESTScanLayersReport `json:"report"`
}

type RESTScanMeta 

type RESTScanMeta struct {
	Source    string `json:"source"`
	User      string `json:"user"`
	Job       string `json:"job"`       // jenkins: job; serverless: service
	Workspace string `json:"workspace"` // jenkins
	Function  string `json:"function"`  // serverless
	Region    string `json:"region"`    // serverless
}

type RESTScanModule 

type RESTScanModule struct {
	Name    string           `json:"name"`
	Version string           `json:"version"`
	Source  string           `json:"source"`
	CVEs    []*RESTModuleCve `json:"cves,omitempty"`
	CPEs    []string         `json:"cpes,omitempty"`
}

type RESTScanPackageReqData 

type RESTScanPackageReqData struct {
	ProjectName  string               `json:"project_name"`
	FunctionName string               `json:"function_name"`
	Region       string               `json:"region"`
	AppPkgs      []RESTScanAppPackage `json:"application_packages"`
}

type RESTScanPkgReport 

type RESTScanPkgReport struct {
	Verdict         string               `json:"verdict,omitempty"`
	NvSecId         string               `json:"nv_sec_id"`
	CVEDBVersion    string               `json:"cvedb_version"`
	CVEDBCreateTime string               `json:"cvedb_create_time"`
	Vuls            []*RESTVulnerability `json:"vulnerabilities"`
}

type RESTScanPkgReportData 

type RESTScanPkgReportData struct {
	Report *RESTScanPkgReport `json:"report"`
}

type RESTScanPlatformSummary 

type RESTScanPlatformSummary struct {
	Platform   string `json:"platform"`
	K8sVersion string `json:"kube_version"`
	OCVersion  string `json:"openshift_version"`
	RESTScanBrief
}

type RESTScanPlatformSummaryData 

type RESTScanPlatformSummaryData struct {
	Summary []*RESTScanPlatformSummary `json:"platforms"`
}

type RESTScanRepoReport 

type RESTScanRepoReport struct {
	Verdict         string           `json:"verdict,omitempty"`
	ImageID         string           `json:"image_id"`
	Registry        string           `json:"registry"`
	Repository      string           `json:"repository"`
	Tag             string           `json:"tag"`
	Digest          string           `json:"digest"`
	Size            int64            `json:"size"`
	Author          string           `json:"author"`
	BaseOS          string           `json:"base_os"`
	CVEDBVersion    string           `json:"cvedb_version"`
	CVEDBCreateTime string           `json:"cvedb_create_time"`
	Layers          []*RESTScanLayer `json:"layers"`
	RESTScanReport
}

type RESTScanRepoReportData 

type RESTScanRepoReportData struct {
	Report *RESTScanRepoReport `json:"report"`
}

type RESTScanRepoReq 

type RESTScanRepoReq struct {
	Metadata   RESTScanMeta `json:"metadata"`
	Registry   string       `json:"registry"`
	Username   string       `json:"username,omitempty"`
	Password   string       `json:"password,omitempty"`
	Repository string       `json:"repository"`
	Tag        string       `json:"tag"`
	ScanLayers bool         `json:"scan_layers"`
	BaseImage  string       `json:"base_image"`
}

type RESTScanRepoReqData 

type RESTScanRepoReqData struct {
	Request *RESTScanRepoReq `json:"request"`
}

type RESTScanRepoSubmitData 

type RESTScanRepoSubmitData struct {
	Result *share.ScanResult `json:"result"`
}

This is for scanner to summit the scan result

type RESTScanReport 

type RESTScanReport struct {
	Vuls    []*RESTVulnerability `json:"vulnerabilities"`
	Modules []*RESTScanModule    `json:"modules,omitempty"`
	Checks  []*RESTBenchItem     `json:"checks,omitempty"`
	Secrets []*RESTScanSecret    `json:"secrets,omitempty"`
	SetIDs  []*RESTScanSetIdPerm `json:"setid_perms,omitempty"`
	Envs    []string             `json:"envs,omitempty"`
	Labels  map[string]string    `json:"labels,omitempty"`
	Cmds    []string             `json:"cmds,omitempty"`
}

type RESTScanReportData 

type RESTScanReportData struct {
	Report *RESTScanReport `json:"report"`
}

type RESTScanSchedule 

type RESTScanSchedule struct {
	Schedule string `json:"schedule"`
	Interval int    `json:"interval"`
}

type RESTScanSecret 

type RESTScanSecret struct {
	Type       string `json:"type"`       // the secret description
	Evidence   string `json:"evidence"`   // found in a cloaked string
	File       string `json:"path"`       // file path
	Suggestion string `json:"suggestion"` // Todo:
}

type RESTScanSetIdPerm 

type RESTScanSetIdPerm struct {
	Type     string `json:"type"`     // the set id descriptions
	Evidence string `json:"evidence"` // file atributes
	File     string `json:"path"`     // file path
}

type RESTScanStatus 

type RESTScanStatus struct {
	Scanned         int    `json:"scanned"`
	Scheduled       int    `json:"scheduled"`
	Scanning        int    `json:"scanning"`
	Failed          int    `json:"failed"`
	CVEDBVersion    string `json:"cvedb_version"`
	CVEDBCreateTime string `json:"cvedb_create_time"`
}

func (*RESTScanStatus) GetDomain 

func (o *RESTScanStatus) GetDomain(f share.GetAccessObjectFunc) ([]string, []string)

type RESTScanStatusData 

type RESTScanStatusData struct {
	Status *RESTScanStatus `json:"status"`
}

type RESTScanner 

type RESTScanner struct {
	ID              string `json:"id"`
	CVEDBVersion    string `json:"cvedb_version"`
	CVEDBCreateTime string `json:"cvedb_create_time"`
	JoinedTS        int64  `json:"joined_timestamp"`
	RPCServer       string `json:"server"`
	RPCServerPort   uint16 `json:"port"`
	Containers      int    `json:"scanned_containers"`
	Hosts           int    `json:"scanned_hosts"`
	Images          int    `json:"scanned_images"`
	Serverless      int    `json:"scanned_serverless"`
}

type RESTScannerData 

type RESTScannerData struct {
	Scanners []*RESTScanner `json:"scanners"`
}

type RESTSecurityData 

type RESTSecurityData struct {
	Threats    []*Threat    `json:"threats"`
	Incidents  []*Incident  `json:"incidents"`
	Violations []*Violation `json:"violations"`
}

type RESTSelfUserData 

type RESTSelfUserData struct {
	User                *RESTUser `json:"user"`
	PwdDaysUntilExpire  int       `json:"password_days_until_expire"`  // negative means password never expires
	PwdHoursUntilExpire int       `json:"password_hours_until_expire"` // the hours part beyond PwdDaysUntilExpire, 0 ~ 23
}

type RESTServer 

type RESTServer struct {
	Name string          `json:"server_name"`
	Type string          `json:"server_type"`
	LDAP *RESTServerLDAP `json:"ldap,omitempty"`
	SAML *RESTServerSAML `json:"saml,omitempty"`
	OIDC *RESTServerOIDC `json:"oidc,omitempty"`
}

type RESTServerConfig 

type RESTServerConfig struct {
	Name string                `json:"name"`
	LDAP *RESTServerLDAPConfig `json:"ldap,omitempty"`
	SAML *RESTServerSAMLConfig `json:"saml,omitempty"`
	OIDC *RESTServerOIDCConfig `json:"oidc,omitempty"`
}

type RESTServerConfigData 

type RESTServerConfigData struct {
	Config *RESTServerConfig `json:"config"`
}

type RESTServerData 

type RESTServerData struct {
	Server *RESTServer `json:"server"`
}

type RESTServerGroupRoleConfigData 

type RESTServerGroupRoleConfigData struct {
	Groups []string `json:"groups"`
}

type RESTServerGroupRoleDomainsConfig 

type RESTServerGroupRoleDomainsConfig struct {
	Name             string                  `json:"name"` // server name
	GroupRoleMapping *share.GroupRoleMapping `json:"mapped_roles,omitempty"`
}

Used by CLI to set one group's role mapping at a time.

type RESTServerGroupRoleDomainsConfigData 

type RESTServerGroupRoleDomainsConfigData struct {
	Config *RESTServerGroupRoleDomainsConfig `json:"config"`
}

type RESTServerGroupsOrderConfig 

type RESTServerGroupsOrderConfig struct {
	Name   string   `json:"name"`   // server name
	Groups []string `json:"groups"` // groups in mapping order
}

Used by CLI to set mapped groups order.

type RESTServerGroupsOrderConfigData 

type RESTServerGroupsOrderConfigData struct {
	Config *RESTServerGroupsOrderConfig `json:"config"`
}

type RESTServerLDAP 

type RESTServerLDAP struct {
	Type            string `json:"directory"`
	Hostname        string `json:"hostname"`
	Port            uint16 `json:"port"`
	SSL             bool   `json:"ssl"`
	BaseDN          string `json:"base_dn"`
	BindDN          string `json:"bind_dn"`
	BindPasswd      string `json:"bind_password,cloak"`
	GroupMemberAttr string `json:"group_member_attr"`
	UserNameAttr    string `json:"username_attr"`

	Enable           bool                      `json:"enable"`
	DefaultRole      string                    `json:"default_role"`
	RoleGroups       map[string][]string       `json:"role_groups,omitempty"`        // role -> groups
	GroupMappedRoles []*share.GroupRoleMapping `json:"group_mapped_roles,omitempty"` // group -> (role -> domains)
}

type RESTServerLDAPConfig 

type RESTServerLDAPConfig struct {
	Type            *string `json:"directory,omitempty"`
	Hostname        *string `json:"hostname,omitempty"`
	Port            *uint16 `json:"port,omitempty"`
	SSL             *bool   `json:"ssl,omitempty"`
	BaseDN          *string `json:"base_dn,omitempty"`
	BindDN          *string `json:"bind_dn,omitempty"`
	BindPasswd      *string `json:"bind_password,cloak,omitempty"`
	GroupMemberAttr *string `json:"group_member_attr,omitempty"`
	UserNameAttr    *string `json:"username_attr,omitempty"`

	Enable           *bool                      `json:"enable,omitempty"`
	DefaultRole      *string                    `json:"default_role,omitempty"`
	RoleGroups       *map[string][]string       `json:"role_groups,omitempty"`        // role -> groups. deprecated since 4.2
	GroupMappedRoles *[]*share.GroupRoleMapping `json:"group_mapped_roles,omitempty"` // group -> (role -> domains)
}

type RESTServerLDAPConfigCfgMap 

type RESTServerLDAPConfigCfgMap struct {
	RESTServerLDAPConfig
	AlwaysReload bool `json:"always_reload"`
}

type RESTServerLDAPTest 

type RESTServerLDAPTest struct {
	Username string `json:"username"`
	Password string `json:"password,cloak"`
}

type RESTServerOIDC 

type RESTServerOIDC struct {
	Issuer       string   `json:"issuer"`
	AuthURL      string   `json:"authorization_endpoint"`
	TokenURL     string   `json:"token_endpoint"`
	UserInfoURL  string   `json:"user_info_endpoint"`
	ClientID     string   `json:"client_id"`
	ClientSecret string   `json:"client_secret,cloak"`
	GroupClaim   string   `json:"group_claim"`
	Scopes       []string `json:"scopes"`

	Enable           bool                      `json:"enable"`
	DefaultRole      string                    `json:"default_role"`
	RoleGroups       map[string][]string       `json:"role_groups,omitempty"`        // role -> groups
	GroupMappedRoles []*share.GroupRoleMapping `json:"group_mapped_roles,omitempty"` // group -> (role -> domains)
}

type RESTServerOIDCConfig 

type RESTServerOIDCConfig struct {
	Issuer       *string   `json:"issuer"`
	ClientID     *string   `json:"client_id"`
	ClientSecret *string   `json:"client_secret,cloak"`
	GroupClaim   *string   `json:"group_claim"`
	Scopes       *[]string `json:"scopes,omitempty"`

	Enable           *bool                      `json:"enable"`
	DefaultRole      *string                    `json:"default_role"`
	RoleGroups       *map[string][]string       `json:"role_groups,omitempty"`        // role -> groups. deprecated since 4.2
	GroupMappedRoles *[]*share.GroupRoleMapping `json:"group_mapped_roles,omitempty"` // group -> (role -> domains)
}

type RESTServerOIDCConfigCfgMap 

type RESTServerOIDCConfigCfgMap struct {
	RESTServerOIDCConfig
	AlwaysReload bool `json:"always_reload"`
}

type RESTServerRoleGroupsConfig 

type RESTServerRoleGroupsConfig struct {
	Name   string   `json:"name"`
	Role   string   `json:"role"`
	Groups []string `json:"groups"`
}

Used by CLI to set one role mapping at a time.

type RESTServerRoleGroupsConfigData 

type RESTServerRoleGroupsConfigData struct {
	Config *RESTServerRoleGroupsConfig `json:"config"`
}

type RESTServerSAML 

type RESTServerSAML struct {
	SSOURL     string `json:"sso_url"`
	Issuer     string `json:"issuer"`
	X509Cert   string `json:"x509_cert,cloak"`
	GroupClaim string `json:"group_claim"`

	Enable           bool                      `json:"enable"`
	DefaultRole      string                    `json:"default_role"`
	RoleGroups       map[string][]string       `json:"role_groups,omitempty"`        // role -> groups
	GroupMappedRoles []*share.GroupRoleMapping `json:"group_mapped_roles,omitempty"` // group -> (role -> domains)
}

type RESTServerSAMLConfig 

type RESTServerSAMLConfig struct {
	SSOURL     *string `json:"sso_url"`
	Issuer     *string `json:"issuer"`
	X509Cert   *string `json:"x509_cert,cloak"`
	GroupClaim *string `json:"group_claim"`

	Enable           *bool                      `json:"enable,omitempty"`
	DefaultRole      *string                    `json:"default_role,omitempty"`
	RoleGroups       *map[string][]string       `json:"role_groups,omitempty"`        // role -> groups. deprecated since 4.2
	GroupMappedRoles *[]*share.GroupRoleMapping `json:"group_mapped_roles,omitempty"` // group -> (role -> domains)
}

type RESTServerSAMLConfigCfgMap 

type RESTServerSAMLConfigCfgMap struct {
	RESTServerSAMLConfig
	AlwaysReload bool `json:"always_reload"`
}

type RESTServerTest 

type RESTServerTest struct {
	Name     string                `json:"name,omitempty"` // either name or one of server configs must present
	LDAP     *RESTServerLDAPConfig `json:"ldap,omitempty"`
	TestLDAP *RESTServerLDAPTest   `json:"test_ldap,omitempty"`
}

type RESTServerTestData 

type RESTServerTestData struct {
	Test *RESTServerTest `json:"test"`
}

type RESTServerTestResult 

type RESTServerTestResult struct {
	Groups []string `json:"groups"`
}

type RESTServerTestResultData 

type RESTServerTestResultData struct {
	Result *RESTServerTestResult `json:"result"`
}

type RESTServersData 

type RESTServersData struct {
	Servers       []*RESTServer      `json:"servers"`
	MappableRoles *RESTMappableRoles `json:"mappable_roles"`
}

type RESTService 

type RESTService struct {
	Name            string               `json:"name"`
	Comment         string               `json:"comment"`
	PolicyMode      string               `json:"policy_mode"`
	ProfileMode     string               `json:"profile_mode"`
	NotScored       bool                 `json:"not_scored"`
	Domain          string               `json:"domain"`
	PlatformRole    string               `json:"platform_role"`
	Members         []*RESTWorkloadBrief `json:"members"`
	PolicyRules     []*RESTPolicyRule    `json:"policy_rules"`
	ResponseRules   []*RESTResponseRule  `json:"response_rules"`
	ServiceAddr     *RESTIPPort          `json:"service_addr,omitempty"`
	IngressExposure bool                 `json:"ingress_exposure"`
	EgressExposure  bool                 `json:"egress_exposure"`
	RESTGroupCaps
}

type RESTServiceBatchConfig 

type RESTServiceBatchConfig struct {
	Services   []string `json:"services,omitempty"`
	PolicyMode *string  `json:"policy_mode,omitempty"`
	NotScored  *bool    `json:"not_scored,omitempty"`
}

type RESTServiceBatchConfigData 

type RESTServiceBatchConfigData struct {
	Config *RESTServiceBatchConfig `json:"config"`
}

type RESTServiceConfig 

type RESTServiceConfig struct {
	Name       string  `json:"name"`
	Domain     string  `json:"domain"`
	Comment    *string `json:"comment"`
	PolicyMode *string `json:"policy_mode,omitempty"`
	NotScored  *bool   `json:"not_scored,omitempty"`
}

type RESTServiceConfigData 

type RESTServiceConfigData struct {
	Config *RESTServiceConfig `json:"config"`
}

type RESTServiceData 

type RESTServiceData struct {
	Service *RESTService `json:"service"`
}

type RESTServicesData 

type RESTServicesData struct {
	Services []*RESTService `json:"services"`
}

type RESTSession 

type RESTSession struct {
	ID             uint64 `json:"id"`
	Workload       string `json:"workload_id"`
	EtherType      uint16 `json:"ether_type"`
	Application    string `json:"application"`
	ClientMAC      string `json:"client_mac"`
	ServerMAC      string `json:"server_mac"`
	ClientIP       string `json:"client_ip"`
	ServerIP       string `json:"server_ip"`
	ClientPort     uint16 `json:"client_port"`
	ServerPort     uint16 `json:"server_port"`
	ICMPCode       uint8  `json:"icmp_code"`
	ICMPType       uint8  `json:"icmp_type"`
	IPProto        uint8  `json:"ip_proto"`
	ClientState    string `json:"client_state"`
	ServerState    string `json:"server_state"`
	ClientPkts     uint32 `json:"client_pkts"`
	ServerPkts     uint32 `json:"server_pkts"`
	ClientBytes    uint64 `json:"client_bytes"`
	ServerBytes    uint64 `json:"server_bytes"`
	ClientAsmPkts  uint32 `json:"client_asm_pkts"`
	ServerAsmPkts  uint32 `json:"server_asm_pkts"`
	ClientAsmBytes uint64 `json:"client_asm_bytes"`
	ServerAsmBytes uint64 `json:"server_asm_bytes"`
	Age            uint32 `json:"age"`
	Idle           uint32 `json:"idle"`
	Life           uint32 `json:"life"`
	Ingress        bool   `json:"ingress"`
	Tap            bool   `json:"tap"`
	MidStream      bool   `json:"mid_stream"`
	PolicyID       uint32 `json:"policy_id"`
	PolicyAction   string `json:"policy_action"`
	XffIP          string `json:"xff_ip"`
	XffApp         string `json:"xff_app"`
	XffPort        uint16 `json:"xff_port"`
}

type RESTSessionList 

type RESTSessionList struct {
	Sessions []*RESTSession `json:"sessions"`
}

type RESTSessionSummary 

type RESTSessionSummary struct {
	CurSessions     uint32 `json:"cur_sessions"`
	CurTCPSessions  uint32 `json:"cur_tcp_sessions"`
	CurUDPSessions  uint32 `json:"cur_udp_sessions"`
	CurICMPSessions uint32 `json:"cur_icmp_sessions"`
	CurIPSessions   uint32 `json:"cur_ip_sessions"`
}

type RESTSessionSummaryData 

type RESTSessionSummaryData struct {
	Summary *RESTSessionSummary `json:"summary"`
}

type RESTSnifferArgs 

type RESTSnifferArgs struct {
	FileNumber *uint32 `json:"file_number,omitempty"`
	Duration   *uint32 `json:"duration,omitempty"`
	Filter     *string `json:"filter,omitempty"`
}

type RESTSnifferArgsData 

type RESTSnifferArgsData struct {
	Sniffer *RESTSnifferArgs `json:"sniffer"`
}

type RESTSnifferData 

type RESTSnifferData struct {
	Sniffer *RESTSnifferInfo `json:"sniffer"`
}

type RESTSnifferInfo 

type RESTSnifferInfo struct {
	ID         string `json:"id"`
	AgentID    string `json:"enforcer_id"`
	WorkloadID string `json:"container_id"`
	FileNumber uint32 `json:"file_number"`
	Size       int64  `json:"size"`
	Status     string `json:"status"`
	Args       string `json:"args"`
	StartTime  int64  `json:"start_time"`
	StopTime   int64  `json:"stop_time"`
}

type RESTSnifferResult 

type RESTSnifferResult struct {
	ID string `json:"id"`
}

type RESTSnifferResultData 

type RESTSnifferResultData struct {
	Result *RESTSnifferResult `json:"result"`
}

type RESTSniffersData 

type RESTSniffersData struct {
	Sniffers []*RESTSnifferInfo `json:"sniffers"`
}

type RESTStats 

type RESTStats struct {
	Interval uint32    `json:"interval"`
	Total    RESTMetry `json:"total"`
	Span1    RESTMetry `json:"span_1"`
	Span12   RESTMetry `json:"span_12"`
	Span60   RESTMetry `json:"span_60"`
}

type RESTSystemConfig 

type RESTSystemConfig struct {
	NewServicePolicyMode      string        `json:"new_service_policy_mode"`
	NewServiceProfileBaseline string        `json:"new_service_profile_baseline"`
	UnusedGroupAging          uint8         `json:"unused_group_aging"`
	SyslogServer              string        `json:"syslog_ip"`
	SyslogIPProto             uint8         `json:"syslog_ip_proto"`
	SyslogPort                uint16        `json:"syslog_port"`
	SyslogLevel               string        `json:"syslog_level"`
	SyslogEnable              bool          `json:"syslog_status"`
	SyslogCategories          []string      `json:"syslog_categories"`
	SyslogInJSON              bool          `json:"syslog_in_json"`
	SingleCVEPerSyslog        bool          `json:"single_cve_per_syslog"`
	AuthOrder                 []string      `json:"auth_order"`
	AuthByPlatform            bool          `json:"auth_by_platform"`
	InternalSubnets           []string      `json:"configured_internal_subnets,omitempty"`
	Webhooks                  []RESTWebhook `json:"webhooks"`
	ClusterName               string        `json:"cluster_name"`
	ControllerDebug           []string      `json:"controller_debug"`
	MonitorServiceMesh        bool          `json:"monitor_service_mesh"`
	RegistryHttpProxyEnable   bool          `json:"registry_http_proxy_status"`
	RegistryHttpsProxyEnable  bool          `json:"registry_https_proxy_status"`
	RegistryHttpProxy         RESTProxy     `json:"registry_http_proxy"`
	RegistryHttpsProxy        RESTProxy     `json:"registry_https_proxy"`
	IBMSAEpEnabled            bool          `json:"ibmsa_ep_enabled"`
	IBMSAEpStart              uint32        `json:"ibmsa_ep_start"`
	IBMSAEpDashboardURL       string        `json:"ibmsa_ep_dashboard_url"`
	IBMSAEpConnectedAt        string        `json:"ibmsa_ep_connected_at"`
	XffEnabled                bool          `json:"xff_enabled"`
}

If more log servers needed, they can be defined as servers.

type RESTSystemConfigConfig 

type RESTSystemConfigConfig struct {
	NewServicePolicyMode      *string         `json:"new_service_policy_mode,omitempty"`
	NewServiceProfileBaseline *string         `json:"new_service_profile_baseline,omitempty"`
	UnusedGroupAging          *uint8          `json:"unused_group_aging,omitempty"`
	SyslogServer              *string         `json:"syslog_ip,omitempty"`
	SyslogIPProto             *uint8          `json:"syslog_ip_proto,omitempty"`
	SyslogPort                *uint16         `json:"syslog_port,omitempty"`
	SyslogLevel               *string         `json:"syslog_level,omitempty"`
	SyslogEnable              *bool           `json:"syslog_status,omitempty"`
	SyslogCategories          *[]string       `json:"syslog_categories,omitempty"`
	SyslogInJSON              *bool           `json:"syslog_in_json,omitempty"`
	SingleCVEPerSyslog        *bool           `json:"single_cve_per_syslog"`
	AuthOrder                 *[]string       `json:"auth_order,omitempty"`
	AuthByPlatform            *bool           `json:"auth_by_platform,omitempty"`
	WebhookEnable             *bool           `json:"webhook_status,omitempty"` // deprecated, kept for backward-compatibility, skip docs
	WebhookUrl                *string         `json:"webhook_url,omitempty"`    // deprecated, kept for backward-compatibility, skip docs
	Webhooks                  *[]*RESTWebhook `json:"webhooks,omitempty"`
	ClusterName               *string         `json:"cluster_name,omitempty"`
	ControllerDebug           *[]string       `json:"controller_debug,omitempty"`
	MonitorServiceMesh        *bool           `json:"monitor_service_mesh,omitempty"`
	RegistryHttpProxyEnable   *bool           `json:"registry_http_proxy_status,omitempty"`
	RegistryHttpsProxyEnable  *bool           `json:"registry_https_proxy_status,omitempty"`
	RegistryHttpProxy         *RESTProxy      `json:"registry_http_proxy,omitempty"`
	RegistryHttpsProxy        *RESTProxy      `json:"registry_https_proxy,omitempty"`
	IBMSAEpEnabled            *bool           `json:"ibmsa_ep_enabled,omitempty"`
	IBMSAEpDashboardURL       *string         `json:"ibmsa_ep_dashboard_url,omitempty"`
	XffEnabled                *bool           `json:"xff_enabled,omitempty"`
}

type RESTSystemConfigConfigCfgMap 

type RESTSystemConfigConfigCfgMap struct {
	RESTSystemConfigConfig
	AlwaysReload bool `json:"always_reload"`
}

type RESTSystemConfigConfigData 

type RESTSystemConfigConfigData struct {
	Config    *RESTSystemConfigConfig `json:"config"`
	FedConfig *RESTSystemConfigConfig `json:"fed_config"`
}

type RESTSystemConfigData 

type RESTSystemConfigData struct {
	Config    *RESTSystemConfig    `json:"config"`
	FedConfig *RESTFedSystemConfig `json:"fed_config"`
}

type RESTSystemRequest 

type RESTSystemRequest struct {
	PolicyMode *string        `json:"policy_mode,omitempty"`
	Unquar     *RESTUnquarReq `json:"unquarantine,omitempty"`
}

type RESTSystemRequestData 

type RESTSystemRequestData struct {
	Request *RESTSystemRequest `json:"request"`
}

type RESTSystemStats 

type RESTSystemStats struct {
	ExpiredTokens int `json:"expired_tokens"`
	ScanStateKeys int `json:"scan_state_keys"`
	ScanDataKeys  int `json:"scan_data_keys"`
}

func (*RESTSystemStats) GetDomain 

func (o *RESTSystemStats) GetDomain(f share.GetAccessObjectFunc) ([]string, []string)

type RESTSystemStatsData 

type RESTSystemStatsData struct {
	Stats *RESTSystemStats `json:"stats"`
}

type RESTSystemSummary 

type RESTSystemSummary struct {
	Hosts            int      `json:"hosts"`
	Controllers      int      `json:"controllers"`
	Agents           int      `json:"enforcers"`
	OfflineAgents    int      `json:"disconnected_enforcers"`
	Domains          int      `json:"domains"`
	Workloads        int      `json:"workloads"`
	RunningWorkloads int      `json:"running_workloads"`
	RunningPods      int      `json:"running_pods"`
	Services         int      `json:"services"`
	PolicyRules      int      `json:"policy_rules"`
	Scanners         int      `json:"scanners"`
	Platform         string   `json:"platform"`
	K8sVersion       string   `json:"kube_version"`
	OCVersion        string   `json:"openshift_version"`
	CVEDBVersion     string   `json:"cvedb_version"`
	CVEDBCreateTime  string   `json:"cvedb_create_time"`
	CompoVersions    []string `json:"component_versions"`
}

type RESTSystemSummaryData 

type RESTSystemSummaryData struct {
	Summary *RESTSystemSummary `json:"summary"`
}

type RESTSystemUsageReport 

type RESTSystemUsageReport struct {
	Signature      string `json:"signature"`
	ReportedTS     int64  `json:"reported_timestamp"`
	ReportedAt     string `json:"reported_at"`
	Platform       string `json:"platform"`
	Hosts          int    `json:"hosts"`
	CPUCores       int    `json:"cores"`
	Controllers    int    `json:"controllers"`
	Agents         int    `json:"enforcers"`
	Scanners       int    `json:"scanners"`
	CVEDBVersion   string `json:"cvedb_version"`
	Registries     int    `json:"registries"`
	Domains        int    `json:"domains"`
	RunningPods    int    `json:"running_pods"`
	Groups         int    `json:"groups"`
	MonitorGroups  int    `json:"monitor_groups"`
	ProtectGroups  int    `json:"protect_groups"`
	PolicyRules    int    `json:"policy_rules"`
	AdmCtrlRules   int    `json:"adm_ctrl_rules"`
	RespRules      int    `json:"response_rules"`
	CRDRules       int    `json:"crd_rules"`
	Clusters       int    `json:"clusters"`
	SLessProjs     int    `json:"sl_projs"`
	InstallationID string `json:"installation_id"`
}

func (*RESTSystemUsageReport) GetDomain 

func (o *RESTSystemUsageReport) GetDomain(f share.GetAccessObjectFunc) ([]string, []string)

type RESTSystemUsageReportData 

type RESTSystemUsageReportData struct {
	Usage []*RESTSystemUsageReport `json:"usage"`
}

type RESTSystemWebhookConfigData 

type RESTSystemWebhookConfigData struct {
	Config *RESTWebhook `json:"config"`
}

type RESTThreatData 

type RESTThreatData struct {
	Threat *Threat `json:"threat"`
}

type RESTThreatsData 

type RESTThreatsData struct {
	Threats []*Threat `json:"threats"`
}

type RESTToken 

type RESTToken struct {
	Token         string                           `json:"token"`
	GlobalPermits []*RESTRolePermission            `json:"global_permissions"`
	DomainPermits map[string][]*RESTRolePermission `json:"domain_permissions"` // domain -> permissions
	RESTUser
}

type RESTTokenAuthServer 

type RESTTokenAuthServer struct {
	Name string `json:"server_name"`
	Type string `json:"server_type"`
}

type RESTTokenAuthServerRedirect 

type RESTTokenAuthServerRedirect struct {
	Name        string `json:"server_name"`
	Type        string `json:"server_type"`
	RedirectURL string `json:"redirect_url"`
}

type RESTTokenAuthServersData 

type RESTTokenAuthServersData struct {
	Servers []*RESTTokenAuthServer `json:"servers"`
}

type RESTTokenAuthServersRedirectData 

type RESTTokenAuthServersRedirectData struct {
	Redirect *RESTTokenAuthServerRedirect `json:"redirect"`
}

type RESTTokenData 

type RESTTokenData struct {
	Token               *RESTToken `json:"token"`
	PwdDaysUntilExpire  int        `json:"password_days_until_expire"`  // negative means we don't know it (for ldap/saml/oidc login).
	PwdHoursUntilExpire int        `json:"password_hours_until_expire"` // the hours part beyond PwdDaysUntilExpire, 0 ~ 23

}

type RESTTokenRedirect 

type RESTTokenRedirect struct {
	Redirect string `json:"redirect_endpoint"`
}

type RESTUnquarReq 

type RESTUnquarReq struct {
	RuleID uint32 `json:"response_rule,omitempty"`
	Group  string `json:"group,omitempty"`
}

type RESTUser 

type RESTUser struct {
	Fullname              string              `json:"fullname"`
	Server                string              `json:"server"`
	Username              string              `json:"username"`
	Password              string              `json:"password,cloak"`
	EMail                 string              `json:"email"`
	Role                  string              `json:"role"`
	Timeout               uint32              `json:"timeout"`
	Locale                string              `json:"locale"`
	DefaultPWD            bool                `json:"default_password"`       // If the user is using default password
	ModifyPWD             bool                `json:"modify_password"`        // if the password should be modified
	RoleDomains           map[string][]string `json:"role_domains,omitempty"` // role -> domains
	LastLoginTimeStamp    int64               `json:"last_login_timestamp"`
	LastLoginAt           string              `json:"last_login_at"`
	LoginCount            uint32              `json:"login_count"`
	BlockedForFailedLogin bool                `json:"blocked_for_failed_login"`     // if the user is blocked for too mnay failed login
	BlockedForPwdExpired  bool                `json:"blocked_for_password_expired"` // if the user is blocked for expired password
}

type RESTUserConfig 

type RESTUserConfig struct {
	Fullname    string               `json:"fullname"`
	Password    *string              `json:"password,omitempty,cloak"`
	NewPassword *string              `json:"new_password,omitempty,cloak"`
	PwdProfile  *string              `json:"pwd_profile"`
	EMail       *string              `json:"email,omitempty"`
	Role        *string              `json:"role,omitempty"`
	Timeout     *uint32              `json:"timeout,omitempty"`
	Locale      *string              `json:"locale,omitempty"`
	RoleDomains *map[string][]string `json:"role_domains,omitempty"` // role -> domains
}

type RESTUserConfigData 

type RESTUserConfigData struct {
	Config *RESTUserConfig `json:"config"`
}

type RESTUserData 

type RESTUserData struct {
	User *RESTUser `json:"user"`
}

type RESTUserPermitOption 

type RESTUserPermitOption struct {
	ID             string `json:"id"`
	ReadSupported  bool   `json:"read_supported"`
	WriteSupported bool   `json:"write_supported"`
}

custom role

type RESTUserPermitOptions 

type RESTUserPermitOptions struct {
	GlobalOptions []*RESTUserPermitOption `json:"global_options"`
	DomainOptions []*RESTUserPermitOption `json:"domain_options"`
}

type RESTUserPwdConfig 

type RESTUserPwdConfig struct {
	Fullname         string  `json:"fullname"`
	ClearFailedLogin *bool   `json:"clear_failed_login,omitempty"`
	NewPassword      *string `json:"new_password,omitempty,cloak"`
}

type RESTUserPwdConfigData 

type RESTUserPwdConfigData struct {
	Config *RESTUserPwdConfig `json:"config"`
}

type RESTUserRole 

type RESTUserRole struct {
	Name        string                `json:"name"`
	Comment     string                `json:"comment"`
	Reserved    bool                  `json:"reserved"` // true for pre-defined roles
	Permissions []*RESTRolePermission `json:"permissions"`
}

type RESTUserRoleConfig 

type RESTUserRoleConfig struct {
	Name        string                `json:"name"`
	Comment     string                `json:"comment"`
	Permissions []*RESTRolePermission `json:"permissions"`
}

type RESTUserRoleConfigData 

type RESTUserRoleConfigData struct {
	Config *RESTUserRoleConfig `json:"config"`
}

type RESTUserRoleData 

type RESTUserRoleData struct {
	Role *RESTUserRole `json:"role"`
}

type RESTUserRoleDomainsConfig 

type RESTUserRoleDomainsConfig struct {
	Fullname string   `json:"fullname"`
	Role     string   `json:"role"`
	Domains  []string `json:"domains"`
}

Used by CLI to set one role domain at a time.

type RESTUserRoleDomainsConfigData 

type RESTUserRoleDomainsConfigData struct {
	Config *RESTUserRoleDomainsConfig `json:"config"`
}

type RESTUserRolesData 

type RESTUserRolesData struct {
	Roles []*RESTUserRole `json:"roles"`
}

type RESTUserRolesDataCfgMap 

type RESTUserRolesDataCfgMap struct {
	RESTUserRolesData
	AlwaysReload bool `json:"always_reload"`
}

type RESTUsersData 

type RESTUsersData struct {
	Users       []*RESTUser `json:"users"`
	GlobalRoles []string    `json:"global_roles"`
	DomainRoles []string    `json:"domain_roles"`
}

type RESTUsersDataCfgMap 

type RESTUsersDataCfgMap struct {
	RESTUsersData
	AlwaysReload bool `json:"always_reload"`
}

type RESTViolationWorkload 

type RESTViolationWorkload struct {
	Workload *RESTWorkloadBrief `json:"workload"`
	Count    int                `json:"count"`
}

type RESTVulnPackageVersion 

type RESTVulnPackageVersion struct {
	PackageVersion string `json:"package_version"`
	FixedVersion   string `json:"fixed_version"`
}

type RESTVulnerability 

type RESTVulnerability struct {
	Name           string   `json:"name"`
	Score          float32  `json:"score"`
	Severity       string   `json:"severity"`
	Vectors        string   `json:"vectors"`
	Description    string   `json:"description"`
	PackageName    string   `json:"package_name"`
	PackageVersion string   `json:"package_version"`
	FixedVersion   string   `json:"fixed_version"`
	Link           string   `json:"link"`
	ScoreV3        float32  `json:"score_v3"`
	VectorsV3      string   `json:"vectors_v3"`
	PublishedTS    int64    `json:"published_timestamp"`
	LastModTS      int64    `json:"last_modified_timestamp"`
	CPEs           []string `json:"cpes,omitempty"`
	CVEs           []string `json:"cves,omitempty"`
	FeedRating     string   `json:"feed_rating"`
	InBaseImage    bool     `json:"in_base_image"`
	Tags           []string `json:"tags,omitempty"`
}

type RESTVulnerabilityAsset 

type RESTVulnerabilityAsset struct {
	Name            string                              `json:"name"`
	Severity        string                              `json:"severity"`
	Description     string                              `json:"description"`
	Packages        map[string][]RESTVulnPackageVersion `json:"packages`
	PackageName     string                              `json:"package_name"` // deprecated in 4.3.3
	Link            string                              `json:"link"`
	Score           float32                             `json:"score"`
	Vectors         string                              `json:"vectors"`
	ScoreV3         float32                             `json:"score_v3"`
	VectorsV3       string                              `json:"vectors_v3"`
	PublishedTS     int64                               `json:"published_timestamp"`
	LastModTS       int64                               `json:"last_modified_timestamp"`
	PackageVersions []RESTVulnPackageVersion            `json:"package_versions"` // deprecated in 4.3.3
	Workloads       []RESTIDName                        `json:"workloads"`
	Nodes           []RESTIDName                        `json:"nodes"`
	Images          []RESTIDName                        `json:"images"`
	Platforms       []RESTIDName                        `json:"platforms"`
}

type RESTVulnerabilityAssetData 

type RESTVulnerabilityAssetData struct {
	Vuls []*RESTVulnerabilityAsset `json:"vulnerabilities"`
}

type RESTVulnerabilityProfile 

type RESTVulnerabilityProfile struct {
	Name    string                          `json:"name"`
	Entries []RESTVulnerabilityProfileEntry `json:"entries"`
}

type RESTVulnerabilityProfileConfig 

type RESTVulnerabilityProfileConfig struct {
	Name    string                            `json:"name"`
	Entries *[]*RESTVulnerabilityProfileEntry `json:"entries,omitempty"`
}

type RESTVulnerabilityProfileConfigData 

type RESTVulnerabilityProfileConfigData struct {
	Config *RESTVulnerabilityProfileConfig `json:"config"`
}

type RESTVulnerabilityProfileData 

type RESTVulnerabilityProfileData struct {
	Profile *RESTVulnerabilityProfile `json:"profile"`
}

type RESTVulnerabilityProfileEntry 

type RESTVulnerabilityProfileEntry struct {
	ID      uint32   `json:"id"`
	Name    string   `json:"name"`
	Comment string   `json:"comment"`
	Days    uint     `json:"days"` // Only used for 'recent' vuln entries
	Domains []string `json:"domains"`
	Images  []string `json:"images"`
}

type RESTVulnerabilityProfileEntryConfigData 

type RESTVulnerabilityProfileEntryConfigData struct {
	Config *RESTVulnerabilityProfileEntry `json:"config"`
}

type RESTVulnerabilityProfilesData 

type RESTVulnerabilityProfilesData struct {
	Profiles []*RESTVulnerabilityProfile `json:"profiles"`
}

type RESTWafConfig 

type RESTWafConfig struct {
	Name    string `json:"name"`
	Action  string `json:"action"`
	Comment string `json:"comment,omitempty"`
}

type RESTWafCriteriaEntry 

type RESTWafCriteriaEntry struct {
	Key     string `json:"key"`
	Value   string `json:"value"`
	Op      string `json:"op"`
	Context string `json:"context,omitempty"`
}

type RESTWafGroup 

type RESTWafGroup struct {
	Name    string            `json:"name"`
	Status  bool              `json:"status"`
	Sensors []*RESTWafSetting `json:"sensors"`
	CfgType string            `json:"cfg_type"` // CfgTypeUserCreated / CfgTypeGround
}

type RESTWafGroupConfig 

type RESTWafGroupConfig struct {
	Name       string           `json:"name"`
	Status     *bool            `json:"status,omitempty"`
	DelSensors *[]string        `json:"delete,omitempty"`  //delete list used by CLI
	Sensors    *[]RESTWafConfig `json:"sensors,omitempty"` //change list used by CLI
	RepSensors *[]RESTWafConfig `json:"replace,omitempty"` //replace list used by GUI
}

type RESTWafGroupConfigData 

type RESTWafGroupConfigData struct {
	Config *RESTWafGroupConfig `json:"config"`
}

type RESTWafGroupData 

type RESTWafGroupData struct {
	WafGroup *RESTWafGroup `json:"waf_group"`
}

type RESTWafGroupsData 

type RESTWafGroupsData struct {
	WafGroups []*RESTWafGroup `json:"waf_groups"`
}

type RESTWafRule 

type RESTWafRule struct {
	Name     string                 `json:"name"` // simple rule anme
	ID       uint32                 `json:"id"`
	Patterns []RESTWafCriteriaEntry `json:"patterns"`
	CfgType  string                 `json:"cfg_type"`
}

type RESTWafRuleData 

type RESTWafRuleData struct {
	Rule *RESTWafRuleDetail `json:"rule"`
}

type RESTWafRuleDetail 

type RESTWafRuleDetail struct {
	Sensors []string       `json:"sensors"`
	Rules   []*RESTWafRule `json:"rules"`
}

type RESTWafRulesData 

type RESTWafRulesData struct {
	Rules []*RESTWafRule `json:"rules"`
}

type RESTWafSensor 

type RESTWafSensor struct {
	Name      string         `json:"name"`
	GroupList []string       `json:"groups"`
	RuleList  []*RESTWafRule `json:"rules"`
	Comment   string         `json:"comment"`
	Predefine bool           `json:"predefine"`
	CfgType   string         `json:"cfg_type"` // CfgTypeUserCreated / CfgTypeGround
}

type RESTWafSensorConfig 

type RESTWafSensorConfig struct {
	Name        string         `json:"name"`
	RuleChgList *[]RESTWafRule `json:"change,omitempty"` //change list used by CLI
	RuleDelList *[]RESTWafRule `json:"delete,omitempty"` //delete list used by CLI
	Rules       *[]RESTWafRule `json:"rules,omitempty"`  //replace list used by GUI
	Comment     *string        `json:"comment,omitempty"`
}

type RESTWafSensorConfigData 

type RESTWafSensorConfigData struct {
	Config *RESTWafSensorConfig `json:"config"`
}

type RESTWafSensorData 

type RESTWafSensorData struct {
	Sensor *RESTWafSensor `json:"sensor"`
}

type RESTWafSensorExport 

type RESTWafSensorExport struct {
	Names []string `json:"names"`
}

type RESTWafSensorsData 

type RESTWafSensorsData struct {
	Sensors []*RESTWafSensor `json:"sensors"`
}

type RESTWafSetting 

type RESTWafSetting struct {
	Name    string `json:"name"`
	Action  string `json:"action"`
	Exist   bool   `json:"exist"`
	Comment string `json:"comment,omitempty"`
	CfgType string `json:"cfg_type"` // CfgTypeUserCreated / CfgTypeGround
}

type RESTWebhook 

type RESTWebhook struct {
	Name    string `json:"name"`
	Url     string `json:"url"`
	Enable  bool   `json:"enable"`
	Type    string `json:"type"`
	CfgType string `json:"cfg_type"` // CfgTypeUserCreated / CfgTypeFederal (see above)
}

type RESTWorkload 

type RESTWorkload struct {
	RESTWorkloadBrief
	AgentID      string                   `json:"enforcer_id"`
	NetworkMode  string                   `json:"network_mode"`
	CreatedAt    string                   `json:"created_at"`
	StartedAt    string                   `json:"started_at"`
	FinishedAt   string                   `json:"finished_at"`
	Running      bool                     `json:"running"`
	SecuredAt    string                   `json:"secured_at"`
	ExitCode     int                      `json:"exit_code"`
	Ifaces       map[string][]*RESTIPAddr `json:"interfaces"`
	Ports        []*RESTWorkloadPorts     `json:"ports"`
	Labels       map[string]string        `json:"labels"`
	Applications []string                 `json:"applications"`
	MemoryLimit  int64                    `json:"memory_limit"`
	CPUs         string                   `json:"cpus"`
	Children     []*RESTWorkload          `json:"children"`
}

type RESTWorkloadBrief 

type RESTWorkloadBrief struct {
	ID                 string               `json:"id"`
	Name               string               `json:"name"`
	DisplayName        string               `json:"display_name"`
	PodName            string               `json:"pod_name"`
	HostName           string               `json:"host_name"`
	HostID             string               `json:"host_id"`
	Image              string               `json:"image"`
	ImageID            string               `json:"image_id"`
	PlatformRole       string               `json:"platform_role"`
	Domain             string               `json:"domain"`
	State              string               `json:"state"`
	Service            string               `json:"service"`
	Author             string               `json:"author"`
	ServiceGroup       string               `json:"service_group"`
	ShareNSWith        string               `json:"share_ns_with,omitempty"`
	CapSniff           bool                 `json:"cap_sniff"`
	CapQuar            bool                 `json:"cap_quarantine"`
	CapChgMode         bool                 `json:"cap_change_mode"`
	PolicyMode         string               `json:"policy_mode"`
	ProfileMode        string               `json:"profile_mode"`
	ScanSummary        *RESTScanBrief       `json:"scan_summary"`
	Children           []*RESTWorkloadBrief `json:"children"`
	QuarReason         string               `json:"quarantine_reason,omitempty"`
	ServiceMesh        bool                 `json:"service_mesh"`
	ServiceMeshSidecar bool                 `json:"service_mesh_sidecar"`
	Privileged         bool                 `json:"privileged"`
	RunAsRoot          bool                 `json:"run_as_root"`
}

func (*RESTWorkloadBrief) GetDomain 

func (o *RESTWorkloadBrief) GetDomain(f share.GetAccessObjectFunc) ([]string, []string)

NOTE: This is a special case. Only read is authorized, but there is no data structure associated 

with the write action. We use this object to authorize again.

type RESTWorkloadConfig 

type RESTWorkloadConfig struct {
	Wire       string `json:"wire,omitempty"`
	Quarantine bool   `json:"quarantine"`
	QuarReason string `json:"quarantine_reason,omitempty"`
}

type RESTWorkloadConfigCfg 

type RESTWorkloadConfigCfg struct {
	Wire       *string `json:"wire,omitempty"`
	Quarantine *bool   `json:"quarantine,omitempty"`
}

Omit fields indicate that it's not modified.

type RESTWorkloadConfigCfgData 

type RESTWorkloadConfigCfgData struct {
	Config *RESTWorkloadConfigCfg `json:"config"`
}

type RESTWorkloadConfigData 

type RESTWorkloadConfigData struct {
	Config *RESTWorkloadConfig `json:"config"`
}

type RESTWorkloadDetail 

type RESTWorkloadDetail struct {
	RESTWorkload
	Groups   []string              `json:"groups"`
	AppPorts map[string]string     `json:"app_ports"`
	Children []*RESTWorkloadDetail `json:"children"`
}

type RESTWorkloadDetailData 

type RESTWorkloadDetailData struct {
	Workload *RESTWorkloadDetail `json:"workload"`
}

type RESTWorkloadIntercept 

type RESTWorkloadIntercept struct {
	ID         string                       `json:"id"`
	Inline     bool                         `json:"inline"`
	Quarantine bool                         `json:"quarantine"`
	Ports      []*RESTWorkloadInterceptPort `json:"ports"`
}

type RESTWorkloadInterceptData 

type RESTWorkloadInterceptData struct {
	Intercept *RESTWorkloadIntercept `json:"intercept"`
}

type RESTWorkloadInterceptPort 

type RESTWorkloadInterceptPort struct {
	Port          string `json:"port"`
	Peer          string `json:"peer"`
	MAC           string `json:"mac"`
	UCMAC         string `json:"uc_mac"`
	BCMAC         string `json:"bc_mac"`
	InPort        string `json:"in_port"`
	ExPort        string `json:"ex_port"`
	InPortRules   string `json:"in_rules"`
	ExPortRules   string `json:"ex_rules"`
	EnforcerRules string `json:"enforcer_rules"`
}

type RESTWorkloadPorts 

type RESTWorkloadPorts struct {
	RESTProtoPort
	HostIP   string `json:"host_ip"`
	HostPort uint16 `json:"host_port"`
}

type RESTWorkloadRequest 

type RESTWorkloadRequest struct {
	Command string `json:"command,omitempty"`
}

type RESTWorkloadRequestData 

type RESTWorkloadRequestData struct {
	Request RESTWorkloadRequest `json:"request"`
}

type RESTWorkloadStatsData 

type RESTWorkloadStatsData struct {
	ID     string     `json:"id"`
	ReadAt string     `json:"read_at"`
	Stats  *RESTStats `json:"stats"`
}

type RESTWorkloadsBriefData 

type RESTWorkloadsBriefData struct {
	Workloads []*RESTWorkloadBrief `json:"workloads"`
}

type RESTWorkloadsData 

type RESTWorkloadsData struct {
	Workloads []*RESTWorkload `json:"workloads"`
}

type Threat 

type Threat struct {
	LogCommon
	ID              string `json:"id"`
	ThreatID        uint32 `json:"threat_id"`
	ClientWL        string `json:"client_workload_id"`
	ClientWLName    string `json:"client_workload_name"`
	ClientWLDomain  string `json:"client_workload_domain,omitempty"`
	ClientWLImage   string `json:"client_workload_image,omitempty"`
	ClientWLService string `json:"client_workload_service,omitempty"`
	ServerWL        string `json:"server_workload_id"`
	ServerWLName    string `json:"server_workload_name"`
	ServerWLDomain  string `json:"server_workload_domain,omitempty"`
	ServerWLImage   string `json:"server_workload_image,omitempty"`
	ServerWLService string `json:"server_workload_service,omitempty"`
	Severity        string `json:"severity"`
	Action          string `json:"action"`
	Count           uint32 `json:"count"`
	EtherType       uint16 `json:"ether_type"`
	ClientPort      uint16 `json:"client_port"`
	ServerPort      uint16 `json:"server_port"`
	ServerConnPort  uint16 `json:"server_conn_port"`
	ICMPCode        uint8  `json:"icmp_code"`
	ICMPType        uint8  `json:"icmp_type"`
	IPProto         uint8  `json:"ip_proto"`
	ClientIP        string `json:"client_ip"`
	ServerIP        string `json:"server_ip"`
	Application     string `json:"application"`
	Sensor          string `json:"sensor"`
	Group           string `json:"group"`
	Target          string `json:"target"`
	Monitor         bool   `json:"monitor"`
	CapLen          uint16 `json:"cap_len,omitempty"`
	Packet          string `json:"packet,omitempty"`
	Msg             string `json:"message"`
}

func (*Threat) GetDomain 

func (o *Threat) GetDomain(f share.GetAccessObjectFunc) ([]string, []string)

type Violation 

type Violation struct {
	LogCommon
	ID            string   `json:"id"`
	ClientWL      string   `json:"client_id"`
	ClientName    string   `json:"client_name"`
	ClientDomain  string   `json:"client_domain,omitempty"`
	ClientImage   string   `json:"client_image,omitempty"`
	ClientService string   `json:"client_service,omitempty"`
	ServerWL      string   `json:"server_id"`
	ServerName    string   `json:"server_name"`
	ServerDomain  string   `json:"server_domain,omitempty"`
	ServerImage   string   `json:"server_image,omitempty"`
	ServerService string   `json:"server_service,omitempty"`
	ServerPort    uint16   `json:"server_port"`
	IPProto       uint8    `json:"ip_proto"`
	Applications  []string `json:"applications"`
	Servers       []string `json:"servers"`
	Sessions      uint32   `json:"sessions"`
	PolicyAction  string   `json:"policy_action"`
	PolicyID      uint32   `json:"policy_id"`
	ClientIP      string   `json:"client_ip"`
	ServerIP      string   `json:"server_ip"`
	Xff           bool     `json:"xff"`
}

func (*Violation) GetDomain 

func (o *Violation) GetDomain(f share.GetAccessObjectFunc) ([]string, []string)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.