domain

package

v1.2.0 Latest Latest Go to latest Published: May 30, 2023 License: MPL-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/weaveworks/policy-agent

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func NewK8sEventFromPolicyValidation(result PolicyValidation) (*v1.Event, error)
type ConfigMatchApplication
type ConfigMatchResource
type EntitiesList
type EntitiesSource
type Entity
- func NewEntityFromSpec(entitySpec map[string]interface{}) Entity
- func (e *Entity) ObjectRef() *v1.ObjectReference
type IaCMetadata
type ListOptions
type MutationResult
- func NewMutationResult(entity Entity) (*MutationResult, error)
- func (m *MutationResult) Mutate(occurrences []Occurrence) ([]Occurrence, error)
- func (m *MutationResult) NewResource() ([]byte, error)
- func (m *MutationResult) OldResource() []byte
type Occurrence
type PoliciesSource
type Policy
- func (p *Policy) GetParametersMap() map[string]interface{}
- func (p *Policy) ObjectRef() *v1.ObjectReference
type PolicyConfig
type PolicyConfigConfig
type PolicyConfigMatch
type PolicyConfigParameter
type PolicyParameters
type PolicySet
- func (ps *PolicySet) Match(policy Policy) bool
type PolicySetFilters
type PolicyStandard
type PolicyTargets
type PolicyValidation
- func NewPolicyValidationFRomK8sEvent(event *v1.Event) (PolicyValidation, error)
type PolicyValidationSink
type PolicyValidationSummary
- func (v *PolicyValidationSummary) GetViolationMessages() []string
- func (v *PolicyValidationSummary) GetViolationOccurrencesMessages() []string

Constants ¶

View Source

const (
	PolicyValidationStatusViolating = "Violation"
	PolicyValidationStatusCompliant = "Compliance"
	EventActionAllowed              = "Allowed"
	EventActionRejected             = "Rejected"
	EventReasonPolicyViolation      = "PolicyViolation"
	EventReasonPolicyCompliance     = "PolicyCompliance"
	PolicyValidationTypeLabel       = "pac.weave.works/type"
	PolicyValidationIDLabel         = "pac.weave.works/id"
	PolicyValidationTriggerLabel    = "pac.weave.works/trigger"
)

Variables ¶

This section is empty.

Functions ¶

func NewK8sEventFromPolicyValidation ¶

func NewK8sEventFromPolicyValidation(result PolicyValidation) (*v1.Event, error)

NewK8sEventFromPolicyVlidation gets kubernetes event object from policy violation result object

Types ¶

type ConfigMatchApplication ¶

type ConfigMatchApplication struct {
	Kind      string `json:"kind"`
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
}

type ConfigMatchResource ¶

type ConfigMatchResource struct {
	Kind      string `json:"kind"`
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
}

type EntitiesList ¶

type EntitiesList struct {
	HasNext bool
	// KeySet used to fetch next batch of entities
	KeySet string
	Data   []Entity
}

EntitiesList a grouping of Entity objects

type EntitiesSource ¶

type EntitiesSource interface {
	// List returns entities
	List(ctx context.Context, listOptions *ListOptions) (*EntitiesList, error)
	// Kind returns kind of entities it retrieves
	Kind() string
}

EntitiesSource responsible for fetching entities of a spcific K8s kind

type Entity ¶

type Entity struct {
	ID              string                 `json:"id"`
	Name            string                 `json:"name"`
	APIVersion      string                 `json:"apiVersion"`
	Kind            string                 `json:"kind"`
	Namespace       string                 `json:"namespace"`
	Manifest        map[string]interface{} `json:"manifest"`
	ResourceVersion string                 `json:"resource_version"`
	Labels          map[string]string      `json:"-"`
	GitCommit       string                 `json:"-"`
	HasParent       bool                   `json:"has_parent"`
}

Entity represents a kubernetes resource

func NewEntityFromSpec ¶

func NewEntityFromSpec(entitySpec map[string]interface{}) Entity

NewEntityFromSpec takes map representing a Kubernetes entity and parses it into Entity struct

func (*Entity) ObjectRef ¶

func (e *Entity) ObjectRef() *v1.ObjectReference

ObjectRef returns the kubernetes object reference of the entity

type IaCMetadata ¶

type IaCMetadata struct {
	Branch        string                 `json:"branch" validate:"required"`
	Commit        string                 `json:"commit" validate:"required"`
	File          string                 `json:"file" validate:"required"`
	PlatformName  string                 `json:"platform_name"`
	PlatformInfo  map[string]interface{} `json:"platform"`
	Repository    string                 `json:"repository" validate:"required"`
	ResultUrl     string                 `json:"result_url"`
	Source        string                 `json:"source" validate:"required"`
	Type          string                 `json:"type" validate:"oneof=IaC Generic"`
	KubeGuardID   string                 `json:"kubeguard_id"`
	KubeGuardName string                 `json:"kubeguard_name"`
	Provider      string                 `json:"provider"`
	PullRequest   string                 `json:"pull_request"`
}

IaCMetadata defines the values of type iac for validation

type ListOptions ¶

type ListOptions struct {
	Limit  int
	KeySet string
}

ListOptions configures the wanted return of a list operation

type MutationResult ¶

type MutationResult struct {
	// contains filtered or unexported fields
}

func NewMutationResult ¶

func NewMutationResult(entity Entity) (*MutationResult, error)

NewMutationResult create new MutationResult object

func (*MutationResult) Mutate ¶

func (m *MutationResult) Mutate(occurrences []Occurrence) ([]Occurrence, error)

Mutate mutate resource by applying the recommended values of the given occurrences

func (*MutationResult) NewResource ¶

func (m *MutationResult) NewResource() ([]byte, error)

NewResource return mutated resource

func (*MutationResult) OldResource ¶

func (m *MutationResult) OldResource() []byte

OldResource return old resource before mutation

type Occurrence ¶

type Occurrence struct {
	Message          string      `json:"message"`
	ViolatingKey     *string     `json:"violating_key,omitempty"`
	RecommendedValue interface{} `json:"recommended_value,omitempty"`
	Mutated          bool        `json:"-"`
}

type PoliciesSource ¶

type PoliciesSource interface {
	// GetAll returns all available policies
	GetAll(ctx context.Context) ([]Policy, error)
	GetPolicyConfig(ctx context.Context, entity Entity) (*PolicyConfig, error)
}

PoliciesSource acts as a source for policies

type Policy ¶

type Policy struct {
	Name        string             `json:"name"`
	ID          string             `json:"id"`
	Code        string             `json:"code"`
	Enabled     bool               `json:"enabled"`
	Parameters  []PolicyParameters `json:"parameters"`
	Targets     PolicyTargets      `json:"targets"`
	Description string             `json:"description"`
	HowToSolve  string             `json:"how_to_solve"`
	Category    string             `json:"category"`
	Tags        []string           `json:"tags"`
	Severity    string             `json:"severity"`
	Standards   []PolicyStandard   `json:"standards"`
	Reference   interface{}        `json:"-"`
	GitCommit   string             `json:"git_commit,omitempty"`
	Modes       []string           `json:"modes"`
	Mutate      bool               `json:"mutate"`
}

Policy represents a policy

func (*Policy) GetParametersMap ¶

func (p *Policy) GetParametersMap() map[string]interface{}

GetParametersMap returns policy parameters as a map

func (*Policy) ObjectRef ¶

func (p *Policy) ObjectRef() *v1.ObjectReference

ObjectRef returns the kubernetes object reference of the policy

type PolicyConfig ¶

type PolicyConfig struct {
	Config map[string]PolicyConfigConfig `json:"config"`
	Match  PolicyConfigMatch             `json:"match"`
}

PolicyConfig represents a policy config

type PolicyConfigConfig ¶

type PolicyConfigConfig struct {
	Parameters map[string]PolicyConfigParameter `json:"parameters"`
}

type PolicyConfigMatch ¶

type PolicyConfigMatch struct {
	Namespaces   []string                 `json:"namespaces,omitempty"`
	Applications []ConfigMatchApplication `json:"apps,omitempty"`
	Resources    []ConfigMatchResource    `json:"resources,omitempty"`
}

type PolicyConfigParameter ¶

type PolicyConfigParameter struct {
	Value     interface{}
	ConfigRef string
}

type PolicyParameters ¶

type PolicyParameters struct {
	Name      string      `json:"name"`
	Type      string      `json:"type"`
	Value     interface{} `json:"value"`
	Required  bool        `json:"required"`
	ConfigRef string      `json:"config_ref,omitempty"`
}

PolicyParameters defines a needed input in a policy

type PolicySet ¶

type PolicySet struct {
	ID      string           `json:"id"`
	Name    string           `json:"name"`
	Mode    string           `json:"mode"`
	Filters PolicySetFilters `json:"filters"`
}

PolicySet represents a policy set

func (*PolicySet) Match ¶

func (ps *PolicySet) Match(policy Policy) bool

Match checks if the provided policy matches the policy set or not

type PolicySetFilters ¶

type PolicySetFilters struct {
	IDs        []string `json:"ids"`
	Categories []string `json:"categories"`
	Severities []string `json:"severities"`
	Standards  []string `json:"standards"`
	Tags       []string `json:"tags"`
}

PolicySetFilters defines a policy filters

type PolicyStandard ¶

type PolicyStandard struct {
	ID       string   `json:"id"`
	Controls []string `json:"controls"`
}

type PolicyTargets ¶

type PolicyTargets struct {
	Kinds      []string            `json:"kinds"`
	Labels     []map[string]string `json:"labels"`
	Namespaces []string            `json:"namespaces"`
}

PolicyTargets is used to match entities with the required fields specified by the policy

type PolicyValidation ¶

type PolicyValidation struct {
	ID          string       `json:"id"`
	AccountID   string       `json:"account_id"`
	ClusterID   string       `json:"cluster_id"`
	Policy      Policy       `json:"policy"`
	Entity      Entity       `json:"entity"`
	Status      string       `json:"status"`
	Message     string       `json:"message"`
	Occurrences []Occurrence `json:"occurrences"`
	Type        string       `json:"source"`
	Trigger     string       `json:"trigger"`
	CreatedAt   time.Time    `json:"created_at"`
	Metadata    interface{}  `json:"metadata"`
}

PolicyValidation defines the result of a policy validation result against an entity

func NewPolicyValidationFRomK8sEvent ¶

func NewPolicyValidationFRomK8sEvent(event *v1.Event) (PolicyValidation, error)

NewPolicyValidationFRomK8sEvent gets policy violation result object from kubernetes event object

type PolicyValidationSink ¶

type PolicyValidationSink interface {
	// Write saves the results
	Write(ctx context.Context, PolicyValidations []PolicyValidation) error
}

PolicyValidationSink acts as a sink to send the results of a validation to

type PolicyValidationSummary ¶

type PolicyValidationSummary struct {
	Violations  []PolicyValidation
	Compliances []PolicyValidation
	Mutation    *MutationResult
}

PolicyValidationSummary contains violation and compliance result of a validate operation

func (*PolicyValidationSummary) GetViolationMessages ¶

func (v *PolicyValidationSummary) GetViolationMessages() []string

GetViolationMessages get all violation messages from review results

func (*PolicyValidationSummary) GetViolationOccurrencesMessages ¶

func (v *PolicyValidationSummary) GetViolationOccurrencesMessages() []string

GetViolationOccurrencesMessages get all occurrences messages from review results

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mock Package mock is a generated GoMock package.	Package mock is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL