Documentation
¶
Overview ¶
Copyright © 2020 Red Hat Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright © 2020 Red Hat Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright © 2024 Red Hat Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright © 2020 Red Hat Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright © 2019 Red Hat Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright © 2019 Red Hat Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright © 2020 Red Hat Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- Variables
- func DBG(format string, a ...interface{})
- func FATAL(format string, a ...interface{})
- func GenerateServiceMonitor(s *corev1.Service) *monitoringv1.ServiceMonitor
- func LOG(format string, a ...interface{})
- func RerunSuite(cmd *cobra.Command, args []string)
- func ResourceExists(dc discovery.DiscoveryInterface, apiGroupVersion, kind string) (bool, error)
- func RunOperator(cmd *cobra.Command, args []string)
- type CelScanner
- type ComplianceFetcherAdapter
- type ComplianceLogger
- type PlatformType
- type ResourceFetcher
- type ServiceMonitorUpdater
Constants ¶
const ( // CelExitCodeCompliant indicates all checks passed (matches OpenSCAP exit code 0) CelExitCodeCompliant = 0 // CelExitCodeError indicates an error occurred during scanning CelExitCodeError = 1 // CelExitCodeNonCompliant indicates at least one check failed (matches OpenSCAP exit code 2) CelExitCodeNonCompliant = 2 )
Exit codes for CEL scanner - matching OpenSCAP conventions
Variables ¶
var ( MoreThanOneObjErr = errors.New("more than one object returned from the filter") NullValErr = errors.New("no value was returned from the filter") )
var AggregatorCmd = &cobra.Command{
Use: "aggregator",
Short: "Aggregate configMaps complianceRemediations",
Long: "A tool to aggregate configMaps with scan results to complianceRemediation types",
Run: aggregator,
}
var ApiResourceCollectorCmd = &cobra.Command{
Use: "api-resource-collector",
Short: "Stages cluster resources for OpenSCAP scanning.",
Long: "Stages cluster resources for OpenSCAP scanning.",
Run: runAPIResourceCollector,
}
var CelScannerCmd = &cobra.Command{
Use: "cel-scanner",
Short: "CEL based scanner tool",
Long: "CEL based scanner tool for Kubernetes resources",
Run: runCelScanner,
}
var ErrServiceMonitorNotPresent = fmt.Errorf("no ServiceMonitor registered with the API")
var OperatorCmd = &cobra.Command{ Use: "operator", Short: "The compliance-operator command", Long: `An operator that issues compliance checks and their lifecycle.`, Run: RunOperator, }
var ProfileparserCmd = &cobra.Command{
Use: "profileparser",
Short: "Runs the profile parser",
Long: `The profileparser reads a data stream file and generates profile objects from it.`,
Run: runProfileParser,
}
var RerunnerCmd = &cobra.Command{ Use: "suitererunner", Short: "Re-runs a ComplianceSuite", Long: `makes sure that a ComplianceSuite's scans get re-run.`, Run: RerunSuite, }
var ResultServerCmd = &cobra.Command{ Use: "resultserver", Short: "A tool to receive raw SCAP scan results.", Long: "A tool to receive raw SCAP scan results.", Run: func(cmd *cobra.Command, args []string) { server(parseResultServerConfig(cmd)) }, }
var ResultcollectorCmd = &cobra.Command{
Use: "resultscollector",
Short: "A tool to do an OpenSCAP scan from a pod.",
Long: "A tool to do an OpenSCAP scan from a pod.",
Run: resultCollectorMain,
}
Functions ¶
func GenerateServiceMonitor ¶
func GenerateServiceMonitor(s *corev1.Service) *monitoringv1.ServiceMonitor
GenerateServiceMonitor generates a prometheus-operator ServiceMonitor object based on the passed Service object.
func RerunSuite ¶
func ResourceExists ¶
func ResourceExists(dc discovery.DiscoveryInterface, apiGroupVersion, kind string) (bool, error)
ResourceExists returns true if the given resource kind exists in the given api groupversion
func RunOperator ¶
Types ¶
type CelScanner ¶ added in v1.8.0
type CelScanner struct {
// contains filtered or unexported fields
}
func NewCelScanner ¶ added in v1.8.0
func NewCelScanner(scheme *runtime.Scheme, client runtimeclient.Client, clientSet *kubernetes.Clientset, config celConfig) CelScanner
type ComplianceFetcherAdapter ¶ added in v1.8.0
type ComplianceFetcherAdapter struct {
// contains filtered or unexported fields
}
ComplianceFetcherAdapter adapts the SDK fetcher to work with compliance-operator resources
func (*ComplianceFetcherAdapter) FetchResources ¶ added in v1.8.0
func (a *ComplianceFetcherAdapter) FetchResources(ctx context.Context, rule scanner.Rule, variables []scanner.CelVariable) (map[string]interface{}, []string, error)
type ComplianceLogger ¶ added in v1.8.0
type ComplianceLogger struct {
// contains filtered or unexported fields
}
ComplianceLogger adapts controller-runtime logging for SDK
func (ComplianceLogger) Debug ¶ added in v1.8.0
func (l ComplianceLogger) Debug(msg string, args ...interface{})
func (ComplianceLogger) Error ¶ added in v1.8.0
func (l ComplianceLogger) Error(msg string, args ...interface{})
func (ComplianceLogger) Info ¶ added in v1.8.0
func (l ComplianceLogger) Info(msg string, args ...interface{})
func (ComplianceLogger) Warn ¶ added in v1.8.0
func (l ComplianceLogger) Warn(msg string, args ...interface{})
type PlatformType ¶
type PlatformType string
const ( PlatformOpenShift PlatformType = "OpenShift" PlatformEKS PlatformType = "EKS" PlatformROSA PlatformType = "ROSA" PlatformGeneric PlatformType = "Generic" PlatformHyperShift PlatformType = "HyperShift" PlatformOpenShiftOnPower PlatformType = "OpenShiftOnPower" PlatformOpenShiftOnZ PlatformType = "OpenShiftOnZ" PlatformUnknown PlatformType = "Unknown" )
type ResourceFetcher ¶
type ResourceFetcher interface {
// Load from a source path, including the decoding step.
LoadSource(path string) error
// Load from a tailoring path, including the decoding step.
LoadTailoring(path string) error
// Search the decoded data for the resources we need under a particular profile.
FigureResources(profile string) error
// Fetch the resources.
FetchResources() ([]string, error)
// Save warnings
SaveWarningsIfAny([]string, string) error
// Save the resources.
SaveResources(to string) error
}
ResourceFetcher sources content for resource paths to gather, and then saves the path contents. This interface is provided primarily for code organization.
func NewDataStreamResourceFetcher ¶
func NewDataStreamResourceFetcher(scheme *runtime.Scheme, client runtimeclient.Client, clientSet *kubernetes.Clientset) ResourceFetcher
type ServiceMonitorUpdater ¶
type ServiceMonitorUpdater func(*monitoringv1.ServiceMonitor) error
Source Files