config

package
v0.20.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 21, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

* © 2023 Snyk Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License.

Index

Constants

View Source 
const (
	// HTTPClientDefaultTimeout is the default value for the HTTPClientTimeout setting.
	HTTPClientDefaultTimeout = 5 * time.Second

	// SnykAPIDefaultBaseURL is the default endpoint that the scanner will talk to.
	SnykAPIDefaultBaseURL = "https://api.snyk.io"
)

default values for config settings

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	Scanning       Scan   `json:"scanning"`
	MetricsAddress string `json:"metricsAddress"`
	// MetricsNamespace defines the namespace that will be used for the prometheus metrics.
	MetricsNamespace string `json:"metricsNamespace"`
	ProbeAddress     string `json:"probeAddress"`

	// Routes contain configuration resources from which namespaces are routed for which organization
	Routes []Route `json:"routes"`

	// Egress contains configuration for everything that's related to sending data to Snyk's
	// backend.
	Egress *Egress `json:"egress"`

	// ClusterName should be the "friendly" name of the cluster where the scanner is running in.
	// For example, "prod-us" or "dev-eu."
	ClusterName string `json:"clusterName"`

	Scheme     *runtime.Scheme `json:"-"`
	RestConfig *rest.Config    `json:"-"`
}

func Read 

func Read(configFile string) (*Config, error)

Read reads the config file from the specificied flag "-config" and returns a struct that contains all options, including other flags.

func (*Config) Discovery 

func (c *Config) Discovery() (Discovery, error)

func (*Config) Organizations added in v0.20.5 

func (c *Config) Organizations() []string

Organizations retrieves a list of unique Snyk Organization IDs present in this configuration.

type Discovery 

type Discovery interface {
	// contains filtered or unexported methods
}

type Egress 

type Egress struct {
	// HTTPClientTimeout sets the timeout for the HTTP client that is being used for connections to
	// the Snyk backend.
	HTTPClientTimeout metav1.Duration `json:"httpClientTimeout"`

	// SnykAPIBaseURL defines the endpoint where the scanner will send data to.
	SnykAPIBaseURL string `json:"snykAPIBaseURL"`

	// SnykServiceAccountToken is the token of the Snyk Service Account. Is not read from the config
	// file, can only be set through the environment variable.
	SnykServiceAccountToken string `json:"-" env:"SNYK_SERVICE_ACCOUNT_TOKEN"`
}

type GroupVersionKind added in v0.6.0 

type GroupVersionKind struct {
	schema.GroupVersionKind
	PreferredVersion string
}

type Route added in v0.16.0 

type Route struct {
	// OrganizationID is the snyk organization ID where data should be routed to.
	OrganizationID string `json:"organizationID"`
	// ClusterScopedResources defines if cluster-scoped resources should be sent to the API.
	ClusterScopedResources bool `json:"clusterScopedResources"`
	// Namespaces from which resources will be sent to the API.
	// If empty, namespaced resources will not be sent at all.
	// Supports "*" to match all namespaces
	Namespaces []string `json:"namespaces"`
}

type Scan 

type Scan struct {
	Types []ScanType `json:"types"`
	// RequeueAfter defines the duration after which an object is requeued when we've visited it.
	// Note that due to the event handlers, objects that are being changed will be requeued earlier
	// in such cases.
	RequeueAfter metav1.Duration `json:"requeueAfter"`
}

type ScanType 

type ScanType struct {
	// TODO: The "*" group / resource specifier isn't implemented yet (and maybe never will).
	APIGroups []string `json:"apiGroups"`
	Resources []string `json:"resources"`
	// Versions is an optional field to specify which exact versions should be scanned. If unset,
	// the scanner will use the API Server's preferred version.
	Versions []string `json:"versions"`
	// Namespaces allows to restrict scanning to specific namespaces. An empty list means no
	// namespaces. Omit to scan resources in all namespaces. Does not affect the scanning of
	// cluster-scoped resources.
	Namespaces []string `json:"namespaces,omitempty"`

	// These are dot-separated address for nested values, in the same format as
	// arguments to `kubectl explain`.
	// For example, the expr "spec.containers.env" will cause Kubernetes Pod
	// container environment variables to be removed. "containers" is an array,
	// and each element of this array is removed.
	PathsToRemove []string `json:"attributeRemovals"`
}

func (ScanType) GetGVKs 

func (st ScanType) GetGVKs(d Discovery, log logr.Logger) ([]GroupVersionKind, error)

GetGVKs returns all the GVKs that are defined in the ScanType and are available on the server.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.