Documentation ¶
Index ¶
- func BindUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
- func CreatePVUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
- func CreateServiceAccountTokens(options *pflag.FlagSet) v1.ClusterRoleBindingList
- func EscalateUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
- func GetClusterAdminUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
- func GetSecretsUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
- func ImageList(options *pflag.FlagSet) []string
- func ImpersonateUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
- func MutatingWebhookUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
- func PrincipalList(options *pflag.FlagSet, principal string) []string
- func ReportImage(f []string, options *pflag.FlagSet, check string)
- func ReportPSS(f []Finding, options *pflag.FlagSet, check string)
- func ReportPrincipal(f []string, options *pflag.FlagSet, check string)
- func ReportRBAC(f v1.ClusterRoleBindingList, options *pflag.FlagSet, check string)
- func UpdateCSRApproval(options *pflag.FlagSet) v1.ClusterRoleBindingList
- func ValidatingWebhookUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
- func WildcardAccess(options *pflag.FlagSet) v1.ClusterRoleBindingList
- type Finding
- func AddedCapabilities(options *pflag.FlagSet) []Finding
- func AllowPrivEsc(options *pflag.FlagSet) []Finding
- func Apparmor(options *pflag.FlagSet) []Finding
- func DroppedCapabilities(options *pflag.FlagSet) []Finding
- func HostPath(options *pflag.FlagSet) []Finding
- func HostPorts(options *pflag.FlagSet) []Finding
- func HostProcess(options *pflag.FlagSet) []Finding
- func Hostipc(options *pflag.FlagSet) []Finding
- func Hostnet(options *pflag.FlagSet) []Finding
- func Hostpid(options *pflag.FlagSet) []Finding
- func Privileged(options *pflag.FlagSet) []Finding
- func Procmount(options *pflag.FlagSet) []Finding
- func Seccomp(options *pflag.FlagSet) []Finding
- func Sysctl(options *pflag.FlagSet) []Finding
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BindUsers ¶
func BindUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
Function to list users with access to the bind verb
func CreatePVUsers ¶
func CreatePVUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
func CreateServiceAccountTokens ¶ added in v0.2.3
func CreateServiceAccountTokens(options *pflag.FlagSet) v1.ClusterRoleBindingList
This function finds all clusterroles that allow for create rights to the token sub-resource of serviceaccounts and the clusterrolebindings that are associated with them
func EscalateUsers ¶
func EscalateUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
Function to get a list of users with access to the escalate verb
func GetClusterAdminUsers ¶
func GetClusterAdminUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
func GetSecretsUsers ¶
func GetSecretsUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
func ImpersonateUsers ¶
func ImpersonateUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
Function to list users with access to the impersonate verb
func MutatingWebhookUsers ¶
func MutatingWebhookUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
Function to list users who can create or modify mutatingadmissionwebhookconfigurations
func PrincipalList ¶ added in v0.2.8
Creates a list of users defined in cluster role binding RBAC rules for the cluster
func ReportPrincipal ¶ added in v0.2.8
func ReportRBAC ¶
func ReportRBAC(f v1.ClusterRoleBindingList, options *pflag.FlagSet, check string)
func UpdateCSRApproval ¶ added in v0.2.3
func UpdateCSRApproval(options *pflag.FlagSet) v1.ClusterRoleBindingList
This function finds all clusterroles that can update the approval sub-resource of certificatesigningrequests and the clusterrolebindings that are associated with them
func ValidatingWebhookUsers ¶
func ValidatingWebhookUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
Function to list users who can create or modify validatingadmissionwebhookconfigurations
func WildcardAccess ¶ added in v0.2.3
func WildcardAccess(options *pflag.FlagSet) v1.ClusterRoleBindingList
This Function finds all clusterroles that allow wildcard access to all resources and the clusterrolebindings that are associated with them
Types ¶
type Finding ¶
type Finding struct { Check string Namespace string Pod string Container string `json:",omitempty"` Capabilities []string `json:",omitempty"` Hostport int `json:",omitempty"` Volume string `json:",omitempty"` Path string `json:",omitempty"` Sysctl string `json:",omitempty"` Image string `json:",omitempty"` }
This needs to be exported to work with the JSON marshalling omitempty thing is there as container won't always be relevant (e.g. hostPID)