security

package

v0.0.3 Latest Latest Go to latest Published: Aug 1, 2025 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Azure/aks-mcp

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type SecurityConfig
- func NewSecurityConfig() *SecurityConfig
- func (s *SecurityConfig) IsNamespaceAllowed(namespace string) bool
type ValidationError
- func (e *ValidationError) Error() string
type Validator
- func NewValidator(secConfig *SecurityConfig) *Validator
- func (v *Validator) ValidateCommand(command, commandType string) error

Constants ¶

View Source

const (
	CommandTypeAz = "az"
)

Command type constants

Variables ¶

View Source

var (
	// AzReadOperations defines az operations that don't modify state
	AzReadOperations = []string{

		"az aks show",
		"az aks list",
		"az aks get-versions",
		"az aks get-upgrades",
		"az aks check-acr",
		"az aks check-network outbound",
		"az aks browse",

		"az aks addon list",
		"az aks addon show",

		"az aks nodepool list",
		"az aks nodepool show",
		"az aks nodepool get-upgrades",

		"az aks operation",
		"az aks snapshot list",
		"az aks snapshot show",

		"az aks trustedaccess rolebinding list",
		"az aks trustedaccess rolebinding show",

		"az aks install-cli",

		"az account list",
		"az account set",
		"az login",

		"az advisor recommendation list",
		"az advisor recommendation show",

		"az monitor metrics list",
		"az monitor metrics list-definitions",
		"az monitor metrics list-namespaces",
		"az monitor activity-log list",
		"az monitor app-insights query",
		"az monitor log-analytics query",

		"az fleet list",
		"az fleet show",
		"az fleet member list",
		"az fleet member show",
		"az fleet updaterun list",
		"az fleet updaterun show",
		"az fleet updatestrategy list",
		"az fleet updatestrategy show",

		"az find",
		"az version",
		"az help",
		"az config",
		"az group list",
		"az group show",
		"az resource list",
		"az resource show",
	}
)

Functions ¶

This section is empty.

Types ¶

type SecurityConfig ¶

type SecurityConfig struct {
	// AccessLevel controls the level of operations allowed (readonly, readwrite, admin)
	AccessLevel string
	// AllowedNamespaces is a comma-separated list of allowed Kubernetes namespaces
	AllowedNamespaces string
}

SecurityConfig holds security-related configuration

func NewSecurityConfig ¶

func NewSecurityConfig() *SecurityConfig

NewSecurityConfig creates a new SecurityConfig instance

func (*SecurityConfig) IsNamespaceAllowed ¶ added in v0.0.3

func (s *SecurityConfig) IsNamespaceAllowed(namespace string) bool

IsNamespaceAllowed checks if a namespace is allowed to be accessed

type ValidationError ¶

type ValidationError struct {
	Message string
}

ValidationError represents a security validation error

func (*ValidationError) Error ¶

func (e *ValidationError) Error() string

type Validator ¶

type Validator struct {
	// contains filtered or unexported fields
}

Validator handles validation of commands against security configuration

func NewValidator ¶

func NewValidator(secConfig *SecurityConfig) *Validator

NewValidator creates a new Validator instance with the given security configuration

func (*Validator) ValidateCommand ¶

func (v *Validator) ValidateCommand(command, commandType string) error

ValidateCommand validates a command against all security settings The command parameter should be the full command string (e.g., "az aks show --name myCluster") AzReadOperations should now contain full command prefixes with "az" included

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL