security

package
v0.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 5, 2025 License: MIT Imports: 2 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CommandTypeKubectl = "kubectl"
	CommandTypeHelm    = "helm"
	CommandTypeCilium  = "cilium"
	CommandTypeHubble  = "hubble"
)

Command type constants

Variables

View Source 
var (
	// KubectlReadOperations defines kubectl operations that don't modify state
	KubectlReadOperations = []string{
		"get", "describe", "explain", "logs", "top", "auth", "config",
		"cluster-info", "api-resources", "api-versions", "version", "diff",
		"completion", "help", "kustomize", "options", "plugin", "proxy", "wait", "events",
	}

	// KubectlReadWriteOperations defines kubectl operations that modify state but are not admin operations
	KubectlReadWriteOperations = []string{
		"create", "delete", "apply", "expose", "run", "set", "rollout", "scale",
		"autoscale", "label", "annotate", "patch", "replace", "cp", "exec",
	}

	// KubectlAdminOperations defines kubectl operations that require admin privileges
	KubectlAdminOperations = []string{
		"cordon", "uncordon", "drain", "taint", "certificate",
	}

	// HelmReadOperations defines helm operations that don't modify state
	HelmReadOperations = []string{
		"get", "history", "list", "show", "status", "search", "repo",
		"env", "version", "verify", "completion", "help",
	}

	// CiliumReadOperations defines cilium operations that don't modify state
	CiliumReadOperations = []string{
		"status", "version", "config", "help", "context", "connectivity",
		"endpoint", "identity", "ip", "map", "metrics", "monitor", "policy",
		"hubble", "bpf", "list", "observe", "service",
	}

	// HubbleReadOperations defines hubble operations that don't modify state
	HubbleReadOperations = []string{
		"status", "version", "help", "observe", "status", "list", "config",
	}
)

Functions

This section is empty.

Types

type AccessLevel added in v0.0.4 

type AccessLevel string

AccessLevel defines the level of access allowed 

const (
	AccessLevelReadOnly  AccessLevel = "readonly"
	AccessLevelReadWrite AccessLevel = "readwrite"
	AccessLevelAdmin     AccessLevel = "admin"
)

type SecurityConfig 

type SecurityConfig struct {
	// AccessLevel defines the level of access allowed (readonly, readwrite, admin)
	AccessLevel AccessLevel
	// contains filtered or unexported fields
}

SecurityConfig holds security-related configuration

func NewSecurityConfig 

func NewSecurityConfig() *SecurityConfig

NewSecurityConfig creates a new SecurityConfig instance

func (*SecurityConfig) IsNamespaceAllowed 

func (s *SecurityConfig) IsNamespaceAllowed(namespace string) bool

IsNamespaceAllowed checks if a namespace is allowed to be accessed

func (*SecurityConfig) SetAllowedNamespaces 

func (s *SecurityConfig) SetAllowedNamespaces(namespaces string)

SetAllowedNamespaces sets the list of allowed namespaces

type ValidationError 

type ValidationError struct {
	Message string
}

ValidationError represents a security validation error

func (*ValidationError) Error 

func (e *ValidationError) Error() string

type Validator 

type Validator struct {
	// contains filtered or unexported fields
}

Validator handles validation of commands against security configuration

func NewValidator 

func NewValidator(secConfig *SecurityConfig) *Validator

NewValidator creates a new Validator instance with the given security configuration

func (*Validator) ValidateCommand 

func (v *Validator) ValidateCommand(command, commandType string) error

ValidateCommand validates a command against all security settings

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.