observer

package
v0.0.0-...-70b66e7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 20, 2022 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const AnnotationKeyDomain = "integrityshield.io"
View Source 
const ImageRefAnnotationKeyShield = "integrityshield.io/signature"
View Source 
const SignatureResourceLabel = "integrityshield.io/signatureResource"
View Source 
const VerifyResourceIgnoredLabel = "integrityshield.io/verifyResourceIgnored"
View Source 
const VerifyResourceViolationLabel = "integrityshield.io/verifyResourceViolation"

Variables

View Source 
var IgnoredKinds = []string{"Event", "Lease", "Endpoints", "TokenReview", "SubjectAccessReview", "SelfSubjectAccessReview", "LocalSubjectAccessReview"}

Functions

func Contains 

func Contains(pattern []string, value string) bool

func ObserveImage 

func ObserveImage(resource unstructured.Unstructured, profile config.ImageProfile) (bool, string)

Types

type ConstraintResult 

type ConstraintResult struct {
	ConstraintName  string               `json:"constraintName"`
	Violation       bool                 `json:"violation"`
	TotalViolations int                  `json:"totalViolations"`
	Results         []VerifyResultDetail `json:"results"`
	Constraint      ConstraintSpec       `json:"constraint"`
}

type ConstraintSpec 

type ConstraintSpec struct {
	Match      gkmatch.Match          `json:"match,omitempty"`
	Parameters config.ParameterObject `json:"parameters,omitempty"`
}

type Kinds 

type Kinds struct {
	Kinds     []string `json:"kinds,omitempty"`
	ApiGroups []string `json:"apiGroups,omitempty"`
}

type ObservationDetailResults 

type ObservationDetailResults struct {
	Time              string             `json:"time"`
	ConstraintResults []ConstraintResult `json:"constraintResults"`
}

type Observer 

type Observer struct {
	APIResources     []groupResource
	Namespaces       []string
	DynamicClient    dynamic.Interface
	MidClient        *midclient.ApisV1Client
	MisClient        *misclient.ApisV1Client
	Clientset        *kubeclient.Clientset
	IShiledNamespace string
}

func NewObserver 

func NewObserver() *Observer

func (*Observer) Init 

func (self *Observer) Init() error

func (*Observer) Run 

func (self *Observer) Run()

type VerifyResultDetail 

type VerifyResultDetail struct {
	Time                 string                            `json:"time"`
	Namespace            string                            `json:"namespace"`
	Name                 string                            `json:"name"`
	Kind                 string                            `json:"kind"`
	ApiGroup             string                            `json:"apiGroup"`
	ApiVersion           string                            `json:"apiVersion"`
	Error                bool                              `json:"error"`
	Message              string                            `json:"message"`
	Violation            bool                              `json:"violation"`
	VerifyResourceResult *k8smanifest.VerifyResourceResult `json:"verifyResourceResult"`
}

Observer Result Detail

func ObserveResource 

func ObserveResource(resource unstructured.Unstructured, paramObj config.ParameterObject, ignoreFields k8smanifest.ObjectFieldBindingList, skipObjects k8smanifest.ObjectReferenceList, secrets []config.KeyConfig) VerifyResultDetail

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.