eathar

package

v0.2.15 Latest Latest Go to latest Published: Nov 16, 2023 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/raesene/eathar

Links

Open Source Insights

Documentation ¶

Index ¶

func BindUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
func CreatePVUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
func CreateServiceAccountTokens(options *pflag.FlagSet) v1.ClusterRoleBindingList
func EscalateUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
func GetClusterAdminUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
func GetSecretsUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
func ImageList(options *pflag.FlagSet) []string
func ImpersonateUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
func MutatingWebhookUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
func PrincipalList(options *pflag.FlagSet, principal string) []string
func ReportImage(f []string, options *pflag.FlagSet, check string)
func ReportPSS(f []Finding, options *pflag.FlagSet, check string)
func ReportPrincipal(f []string, options *pflag.FlagSet, check string)
func ReportRBAC(f v1.ClusterRoleBindingList, options *pflag.FlagSet, check string)
func UpdateCSRApproval(options *pflag.FlagSet) v1.ClusterRoleBindingList
func ValidatingWebhookUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList
func WildcardAccess(options *pflag.FlagSet) v1.ClusterRoleBindingList
type Finding

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BindUsers ¶

func BindUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList

Function to list users with access to the bind verb

func CreatePVUsers ¶

func CreatePVUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList

func CreateServiceAccountTokens ¶ added in v0.2.3

func CreateServiceAccountTokens(options *pflag.FlagSet) v1.ClusterRoleBindingList

This function finds all clusterroles that allow for create rights to the token sub-resource of serviceaccounts and the clusterrolebindings that are associated with them

func EscalateUsers ¶

func EscalateUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList

Function to get a list of users with access to the escalate verb

func GetClusterAdminUsers ¶

func GetClusterAdminUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList

func GetSecretsUsers ¶

func GetSecretsUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList

func ImageList ¶

func ImageList(options *pflag.FlagSet) []string

Creates a list of images in use in the cluster

func ImpersonateUsers ¶

func ImpersonateUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList

Function to list users with access to the impersonate verb

func MutatingWebhookUsers ¶

func MutatingWebhookUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList

Function to list users who can create or modify mutatingadmissionwebhookconfigurations

func PrincipalList ¶ added in v0.2.8

func PrincipalList(options *pflag.FlagSet, principal string) []string

Creates a list of users defined in cluster role binding RBAC rules for the cluster

func ReportImage ¶

func ReportImage(f []string, options *pflag.FlagSet, check string)

func ReportPSS ¶

func ReportPSS(f []Finding, options *pflag.FlagSet, check string)

func ReportPrincipal ¶ added in v0.2.8

func ReportPrincipal(f []string, options *pflag.FlagSet, check string)

func ReportRBAC ¶

func ReportRBAC(f v1.ClusterRoleBindingList, options *pflag.FlagSet, check string)

func UpdateCSRApproval ¶ added in v0.2.3

func UpdateCSRApproval(options *pflag.FlagSet) v1.ClusterRoleBindingList

This function finds all clusterroles that can update the approval sub-resource of certificatesigningrequests and the clusterrolebindings that are associated with them

func ValidatingWebhookUsers ¶

func ValidatingWebhookUsers(options *pflag.FlagSet) v1.ClusterRoleBindingList

Function to list users who can create or modify validatingadmissionwebhookconfigurations

func WildcardAccess ¶ added in v0.2.3

func WildcardAccess(options *pflag.FlagSet) v1.ClusterRoleBindingList

This Function finds all clusterroles that allow wildcard access to all resources and the clusterrolebindings that are associated with them

Types ¶

type Finding ¶

type Finding struct {
	Check        string
	Namespace    string
	Pod          string
	Container    string   `json:",omitempty"`
	Capabilities []string `json:",omitempty"`
	Hostport     int      `json:",omitempty"`
	Volume       string   `json:",omitempty"`
	Path         string   `json:",omitempty"`
	Sysctl       string   `json:",omitempty"`
	Image        string   `json:",omitempty"`
}

This needs to be exported to work with the JSON marshalling omitempty thing is there as container won't always be relevant (e.g. hostPID)

func AddedCapabilities ¶

func AddedCapabilities(options *pflag.FlagSet) []Finding

func AllowPrivEsc ¶

func AllowPrivEsc(options *pflag.FlagSet) []Finding

func Apparmor ¶

func Apparmor(options *pflag.FlagSet) []Finding

func DroppedCapabilities ¶

func DroppedCapabilities(options *pflag.FlagSet) []Finding

func HostPath ¶

func HostPath(options *pflag.FlagSet) []Finding

func HostPorts ¶

func HostPorts(options *pflag.FlagSet) []Finding

func HostProcess ¶

func HostProcess(options *pflag.FlagSet) []Finding

func Hostipc ¶

func Hostipc(options *pflag.FlagSet) []Finding

func Hostnet ¶

func Hostnet(options *pflag.FlagSet) []Finding

func Hostpid ¶

func Hostpid(options *pflag.FlagSet) []Finding

func Privileged ¶

func Privileged(options *pflag.FlagSet) []Finding

func Procmount ¶

func Procmount(options *pflag.FlagSet) []Finding

func Seccomp ¶

func Seccomp(options *pflag.FlagSet) []Finding

func Sysctl ¶

func Sysctl(options *pflag.FlagSet) []Finding

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL