v1

package
v0.0.40 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2026 License: Apache-2.0 Imports: 41 Imported by: 12

Documentation

Index

Constants

View Source 
const (
	DefaultGRPCPort  = 50051 // Non-secure gRPC
	DefaultGRPCSPort = 50052 // Secure gRPC
)

Default gRPC ports

Variables

View Source 
var (
	MAX_RETRIES int           = 3
	RETRY_DELAY time.Duration = time.Second * 5
)
View Source 
var (
	ErrAPINotPublic = errors.New("control api is not public")
)

Functions

func GetCVEExceptionByDesignator 

func GetCVEExceptionByDesignator(backendURL, customerGUID string, designators *identifiers.PortalDesignator, headers map[string]string) ([]armotypes.VulnerabilityExceptionPolicy, error)

func GetCVEExceptionByRawQuery added in v0.0.21 

func GetCVEExceptionByRawQuery(backendURL, customerGUID string, rawQuery *url.Values, headers map[string]string) ([]armotypes.VulnerabilityExceptionPolicy, error)

func GetPostureReportUrl 

func GetPostureReportUrl(eventReceiverRestUrl, customerGUID, contextName, reportID string) (*url.URL, error)

func GetRegistryRepositoriesUrl 

func GetRegistryRepositoriesUrl(eventReceiverRestUrl, customerGUID, registryName, jobID string) (*url.URL, error)

func GetReporterClusterReportsWebsocketUrl 

func GetReporterClusterReportsWebsocketUrl(eventReceiverWebsocketUrl, accountID, clusterName string) (*url.URL, error)

func GetRootGatewayUrl 

func GetRootGatewayUrl(gatewayUrl string) (*url.URL, error)

func GetSystemReportURL 

func GetSystemReportURL(eventReceiverUrl, customerGUID string) (*url.URL, error)

func GetVulnerabilitiesReportURL 

func GetVulnerabilitiesReportURL(eventReceiverUrl, customerGUID string) (*url.URL, error)

func MockAPIServer 

func MockAPIServer(t testing.TB, opts ...mockAPIOption) *testServer

func TestFrameworkFile 

func TestFrameworkFile(framework string) string

Types

type AttackTrack 

type AttackTrack = v1alpha1.AttackTrack

AttackTrack is an alias to the API type definition for attack tracks.

type BaseReportSender 

type BaseReportSender struct {
	// contains filtered or unexported fields
}

func NewBaseReportSender 

func NewBaseReportSender(eventReceiverUrl string, httpClient httputils.IHttpClient, headers map[string]string, report *systemreports.BaseReport) *BaseReportSender

func (*BaseReportSender) AddError 

func (sender *BaseReportSender) AddError(errorString string)

func (*BaseReportSender) GetActionID 

func (sender *BaseReportSender) GetActionID() string

func (*BaseReportSender) GetActionIDN 

func (sender *BaseReportSender) GetActionIDN() int

func (*BaseReportSender) GetActionName 

func (sender *BaseReportSender) GetActionName() string

func (*BaseReportSender) GetBaseReport 

func (sender *BaseReportSender) GetBaseReport() *systemreports.BaseReport

func (*BaseReportSender) GetCustomerGUID 

func (sender *BaseReportSender) GetCustomerGUID() string

func (*BaseReportSender) GetDetails 

func (sender *BaseReportSender) GetDetails() string

func (*BaseReportSender) GetErrorList 

func (sender *BaseReportSender) GetErrorList() []string

func (*BaseReportSender) GetJobID 

func (sender *BaseReportSender) GetJobID() string

func (*BaseReportSender) GetNextActionId 

func (sender *BaseReportSender) GetNextActionId() string

func (*BaseReportSender) GetParentAction 

func (sender *BaseReportSender) GetParentAction() string

func (*BaseReportSender) GetReportID 

func (sender *BaseReportSender) GetReportID() string

func (*BaseReportSender) GetReporter 

func (sender *BaseReportSender) GetReporter() string

func (*BaseReportSender) GetStatus 

func (sender *BaseReportSender) GetStatus() string

func (*BaseReportSender) GetTarget 

func (sender *BaseReportSender) GetTarget() string

func (*BaseReportSender) GetTimestamp 

func (sender *BaseReportSender) GetTimestamp() time.Time

func (*BaseReportSender) NextActionID 

func (sender *BaseReportSender) NextActionID()

func (*BaseReportSender) Send 

func (s *BaseReportSender) Send() (int, string, error)

Send - send http request. returns-> http status code, return message (jobID/OK), http/go error

func (*BaseReportSender) SendAction 

func (sender *BaseReportSender) SendAction(actionName string, sendReport bool)

func (*BaseReportSender) SendAsRoutine 

func (sender *BaseReportSender) SendAsRoutine(progressNext bool)

The caller must read the errChan, to prevent the goroutine from waiting in memory forever

func (*BaseReportSender) SendDetails 

func (sender *BaseReportSender) SendDetails(details string, sendReport bool)

func (*BaseReportSender) SendError 

func (sender *BaseReportSender) SendError(err error, sendReport bool, initErrors bool)

func (*BaseReportSender) SendStatus 

func (sender *BaseReportSender) SendStatus(status string, sendReport bool)

func (*BaseReportSender) SendWarning 

func (sender *BaseReportSender) SendWarning(warnMsg string, sendReport bool, initWarnings bool)

func (*BaseReportSender) SetActionID 

func (sender *BaseReportSender) SetActionID(val string)

func (*BaseReportSender) SetActionIDN 

func (sender *BaseReportSender) SetActionIDN(val int)

func (*BaseReportSender) SetActionName 

func (sender *BaseReportSender) SetActionName(val string)

func (*BaseReportSender) SetCustomerGUID 

func (sender *BaseReportSender) SetCustomerGUID(val string)

func (*BaseReportSender) SetDetails 

func (sender *BaseReportSender) SetDetails(val string)

func (*BaseReportSender) SetJobID 

func (sender *BaseReportSender) SetJobID(val string)

func (*BaseReportSender) SetParentAction 

func (sender *BaseReportSender) SetParentAction(val string)

func (*BaseReportSender) SetReporter 

func (sender *BaseReportSender) SetReporter(val string)

func (*BaseReportSender) SetStatus 

func (sender *BaseReportSender) SetStatus(val string)

func (*BaseReportSender) SetTarget 

func (sender *BaseReportSender) SetTarget(val string)

func (*BaseReportSender) SetTimestamp 

func (sender *BaseReportSender) SetTimestamp(val time.Time)

func (*BaseReportSender) SimpleReportAnnotations 

func (sender *BaseReportSender) SimpleReportAnnotations(setParent bool, setCurrent bool) (string, string)

type Control 

type Control = reporthandling.Control

Control is an alias to the API type definition for a control.

type CustomerConfig 

type CustomerConfig = armotypes.CustomerConfig

CustomerConfig is an alias to the API type definition for a customer configuration.

type Framework 

type Framework = reporthandling.Framework

Framework is an alias to the API type definition for a framework.

type GRPCConfig added in v0.0.33 

type GRPCConfig struct {
	IsSecure bool
	Host     string
	Port     int
	URL      string
}

GRPCConfig represents the parsed gRPC connection configuration

func ParseGRPCURL added in v0.0.33 

func ParseGRPCURL(grpcURL string) (*GRPCConfig, error)

ParseGRPCURL parses a gRPC URL and returns the configuration

func (*GRPCConfig) String added in v0.0.33 

func (c *GRPCConfig) String() string

String returns a string representation of the config

type HttpReportSender added in v0.0.3 

type HttpReportSender struct {
	// contains filtered or unexported fields
}

func (*HttpReportSender) Send added in v0.0.3 

func (s *HttpReportSender) Send(serverURL string, headers map[string]string, reqBody []byte) (int, string, error)

Send sends an HTTP request to a server and returns the HTTP status code, return message, and any errors.

type HttpReportSenderMock added in v0.0.3 

type HttpReportSenderMock struct {
}

func (*HttpReportSenderMock) Send added in v0.0.3 

func (sm *HttpReportSenderMock) Send(serverURL string, headers map[string]string, reqBody []byte) (int, string, error)

type IHttpSender added in v0.0.3 

type IHttpSender interface {
	Send(serverURL string, headers map[string]string, reqBody []byte) (int, string, error)
}

type IReportSender 

type IReportSender interface {
	systemreports.IReporter

	Send() (int, string, error) //send logic here

	/*
		SendAsRoutine
		@input:
		collector []string - leave as empty (a way to hold all previous failed reports and send them in bulk)
		progressNext bool - increase actionID, sometimes u send parallel jobs that have the same order - (vuln scanning a cluster for eg. all wl scans have the same order)
		errChan - chan to allow the goroutine to return the errors inside
	*/
	SendAsRoutine(bool) //goroutine wrapper

	// set methods
	SendAction(action string, sendReport bool)
	SendError(err error, sendReport bool, initErrors bool)
	SendStatus(status string, sendReport bool)
	SendDetails(details string, sendReport bool)
	SendWarning(warning string, sendReport bool, initWarnings bool)
}

type KSCloudAPI 

type KSCloudAPI struct {
	*KsCloudOptions
	// contains filtered or unexported fields
}

KSCloudAPI allows to access the API of the Kubescape Cloud offering.

func NewEmptyKSCloudAPI 

func NewEmptyKSCloudAPI(opts ...KSCloudOption) *KSCloudAPI

NewEmptyKSCloudAPI creates a new KSCloudAPI without any hosts set.

func NewKSCloudAPI 

func NewKSCloudAPI(apiURL, reportURL, accountID, accessKey string, opts ...KSCloudOption) (*KSCloudAPI, error)

func (*KSCloudAPI) GetAccessKey added in v0.0.10 

func (api *KSCloudAPI) GetAccessKey() string

func (*KSCloudAPI) GetAccountConfig 

func (api *KSCloudAPI) GetAccountConfig(clusterName string) (*CustomerConfig, error)

GetAccountConfig yields the account configuration.

func (*KSCloudAPI) GetAccountID 

func (api *KSCloudAPI) GetAccountID() string

GetAccountID returns the customer account's GUID.

func (*KSCloudAPI) GetAttackTracks 

func (api *KSCloudAPI) GetAttackTracks() ([]AttackTrack, error)

func (*KSCloudAPI) GetCloudAPIURL 

func (api *KSCloudAPI) GetCloudAPIURL() string

func (*KSCloudAPI) GetCloudReportURL 

func (api *KSCloudAPI) GetCloudReportURL() string

func (*KSCloudAPI) GetControl 

func (api *KSCloudAPI) GetControl(ID string) (*Control, error)

GetControl is currently not exposed as a public API endpoint.

func (*KSCloudAPI) GetControlsInputs 

func (api *KSCloudAPI) GetControlsInputs(clusterName string) (map[string][]string, error)

GetControlsInputs returns the controls inputs configured in the account configuration.

func (*KSCloudAPI) GetExceptions 

func (api *KSCloudAPI) GetExceptions(clusterName string) ([]PostureExceptionPolicy, error)

GetExceptions returns exception policies.

func (*KSCloudAPI) GetFramework 

func (api *KSCloudAPI) GetFramework(frameworkName string) (*Framework, error)

GetFramework retrieves a framework by name.

func (*KSCloudAPI) GetFrameworks 

func (api *KSCloudAPI) GetFrameworks() ([]Framework, error)

GetFrameworks returns all registered frameworks.

func (*KSCloudAPI) ListControls 

func (api *KSCloudAPI) ListControls() ([]string, error)

ListControls is currently not exposed as a public API endpoint.

func (*KSCloudAPI) ListCustomFrameworks 

func (api *KSCloudAPI) ListCustomFrameworks() ([]string, error)

ListCustomFrameworks lists the names of all non-native frameworks that have been registered for this account.

func (*KSCloudAPI) ListFrameworks 

func (api *KSCloudAPI) ListFrameworks() ([]string, error)

ListFrameworks list the names of all registered frameworks.

func (*KSCloudAPI) SetAccessKey added in v0.0.11 

func (api *KSCloudAPI) SetAccessKey(value string)

func (*KSCloudAPI) SetAccountID added in v0.0.11 

func (api *KSCloudAPI) SetAccountID(value string)

func (*KSCloudAPI) SetCloudAPIURL added in v0.0.11 

func (api *KSCloudAPI) SetCloudAPIURL(cloudAPIURL string) (err error)

func (*KSCloudAPI) SetCloudReportURL added in v0.0.11 

func (api *KSCloudAPI) SetCloudReportURL(cloudReportURL string) (err error)

func (*KSCloudAPI) SubmitReport 

func (api *KSCloudAPI) SubmitReport(report *PostureReport) (string, error)

SubmitReport uploads a posture report.

type KSCloudOption 

type KSCloudOption func(*KsCloudOptions)

KSCloudOption allows to configure the behavior of the KS Cloud client.

func WithHTTPClient 

func WithHTTPClient(client *http.Client) KSCloudOption

WithHTTPClient overrides the default http.Client used by the KS Cloud client.

func WithTimeout 

func WithTimeout(timeout time.Duration) KSCloudOption

WithTimeout sets a global timeout on a operations performed by the KS Cloud client.

A value of 0 means no timeout.

The default is 61s.

func WithTrace 

func WithTrace(enabled bool) KSCloudOption

WithTrace toggles requests dump for inspection & debugging.

type KsCloudOptions 

type KsCloudOptions struct {
	// contains filtered or unexported fields
}

ksCloudOptions holds all the configurable parts of the KS Cloud client.

type PostureExceptionPolicy 

type PostureExceptionPolicy = armotypes.PostureExceptionPolicy

PostureExceptionPolicy is an alias to the API type definition for posture exception policy.

type PostureReport 

type PostureReport = reporthandlingv2.PostureReport

PostureReport is an alias to the API type definition for a posture report.

type ProfileOption added in v0.0.39 

type ProfileOption func(*ProfileOptions)

ProfileOption allows to configure profile queries

func WithProfileCloudAccountIdentifier added in v0.0.39 

func WithProfileCloudAccountIdentifier(cloudAccountIdentifier string) ProfileOption

WithProfileCloudAccountIdentifier sets the cloud account identifier for non-k8s scoped resources (e.g. AWS account ID, GCP project ID)

func WithProfileRegion added in v0.0.39 

func WithProfileRegion(region string) ProfileOption

WithProfileRegion sets the region for non-k8s scoped resources

type ProfileOptions added in v0.0.39 

type ProfileOptions struct {
	Region                 string
	CloudAccountIdentifier string
}

ProfileOptions holds configuration for profile queries

type RequestOption added in v0.0.7 

type RequestOption func(*RequestOptions)

request option instructs post/get/delete to alter the outgoing request

func WithContentJSON added in v0.0.7 

func WithContentJSON(enabled bool) RequestOption

WithContentJSON sets JSON content type for a request

func WithHeaders added in v0.0.7 

func WithHeaders(headers map[string]string) RequestOption

WithContentJSON sets JSON content type for a request

type RequestOptions added in v0.0.7 

type RequestOptions struct {
	// contains filtered or unexported fields
}

RequestOptions knows how to enrich a request with headers

type StorageClient added in v0.0.33 

type StorageClient struct {
	*StorageClientOptions
	// contains filtered or unexported fields
}

StorageClient provides a gRPC client for the Kubescape storage server

func NewStorageClient added in v0.0.33 

func NewStorageClient(grpcURL, accountID, accessKey, cluster string, opts ...StorageClientOption) (*StorageClient, error)

NewStorageClient creates a new StorageClient instance from a gRPC URL grpcURL is the full gRPC URL with scheme (e.g., "grpc://storage-server:50051" or "grpcs://storage.example.com:443") accountID is the customer GUID accessKey is the API access token cluster is the cluster name opts allow configuring optional parameters like hostType, hostID, timeout, etc.

func (*StorageClient) Close added in v0.0.33 

func (c *StorageClient) Close() error

Close closes the gRPC connection

func (*StorageClient) Connect added in v0.0.33 

func (c *StorageClient) Connect() error

Connect establishes a gRPC connection to the storage server

func (*StorageClient) GetAccessKey added in v0.0.33 

func (c *StorageClient) GetAccessKey() string

GetAccessKey returns the API access key

func (*StorageClient) GetAccountID added in v0.0.33 

func (c *StorageClient) GetAccountID() string

GetAccountID returns the customer account GUID

func (*StorageClient) GetAddress added in v0.0.33 

func (c *StorageClient) GetAddress() string

GetAddress returns the storage server address

func (*StorageClient) GetApplicationProfile added in v0.0.33 

func (c *StorageClient) GetApplicationProfile(ctx context.Context, namespace, name string, opts ...ProfileOption) (*v1beta1.ApplicationProfile, error)

GetApplicationProfile retrieves an aggregated ApplicationProfile from the storage server For backward compatibility, region and cloudAccountIdentifier can be provided via ProfileOption Old way: GetApplicationProfile(ctx, "ns", "name") New way: GetApplicationProfile(ctx, "ns", "name", WithProfileRegion("us-east-1"), WithProfileCloudAccountIdentifier("123"))

func (*StorageClient) GetCluster added in v0.0.34 

func (c *StorageClient) GetCluster() string

GetCluster returns the cluster name

func (*StorageClient) GetGRPCConfig added in v0.0.33 

func (c *StorageClient) GetGRPCConfig() *GRPCConfig

GetGRPCConfig returns the parsed gRPC configuration (if created from URL)

func (*StorageClient) GetNetworkNeighborhood added in v0.0.33 

func (c *StorageClient) GetNetworkNeighborhood(ctx context.Context, namespace, name string, opts ...ProfileOption) (*v1beta1.NetworkNeighborhood, error)

GetNetworkNeighborhood retrieves an aggregated NetworkNeighborhood from the storage server For backward compatibility, region and cloudAccountIdentifier can be provided via ProfileOption Old way: GetNetworkNeighborhood(ctx, "ns", "name") New way: GetNetworkNeighborhood(ctx, "ns", "name", WithProfileRegion("us-east-1"), WithProfileCloudAccountIdentifier("123"))

func (*StorageClient) IsConnected added in v0.0.33 

func (c *StorageClient) IsConnected() bool

IsConnected returns true if the client is connected to the server

func (*StorageClient) ListApplicationProfiles added in v0.0.33 

func (c *StorageClient) ListApplicationProfiles(ctx context.Context, namespace string, limit int64, cont string, opts ...ProfileOption) (*v1beta1.ApplicationProfileList, error)

ListApplicationProfiles lists all ApplicationProfiles in a namespace (returns metadata only, nil Spec) For backward compatibility, region and cloudAccountIdentifier can be provided via ProfileOption Old way: ListApplicationProfiles(ctx, "ns", 100, "") New way: ListApplicationProfiles(ctx, "ns", 100, "", WithProfileRegion("us-east-1"), WithProfileCloudAccountIdentifier("123"))

func (*StorageClient) ListNetworkNeighborhoods added in v0.0.33 

func (c *StorageClient) ListNetworkNeighborhoods(ctx context.Context, namespace string, limit int64, cont string, opts ...ProfileOption) (*v1beta1.NetworkNeighborhoodList, error)

ListNetworkNeighborhoods lists all NetworkNeighborhoods in a namespace (returns metadata only, nil Spec) For backward compatibility, region and cloudAccountIdentifier can be provided via ProfileOption Old way: ListNetworkNeighborhoods(ctx, "ns", 100, "") New way: ListNetworkNeighborhoods(ctx, "ns", 100, "", WithProfileRegion("us-east-1"), WithProfileCloudAccountIdentifier("123"))

func (*StorageClient) SendContainerProfile added in v0.0.33 

func (c *StorageClient) SendContainerProfile(ctx context.Context, profile *v1beta1.ContainerProfile) (*proto.SendContainerProfileResponse, error)

SendContainerProfile sends a container profile to the storage server

func (*StorageClient) SetAccessKey added in v0.0.33 

func (c *StorageClient) SetAccessKey(value string)

SetAccessKey sets the API access key

func (*StorageClient) SetAccountID added in v0.0.33 

func (c *StorageClient) SetAccountID(value string)

SetAccountID sets the customer account GUID

func (*StorageClient) SetCluster added in v0.0.34 

func (c *StorageClient) SetCluster(value string)

SetCluster sets the cluster name

type StorageClientOption added in v0.0.33 

type StorageClientOption func(*StorageClientOptions)

StorageClientOption allows to configure the behavior of the Storage client

func WithCallTimeout added in v0.0.33 

func WithCallTimeout(timeout time.Duration) StorageClientOption

WithCallTimeout sets the timeout for individual gRPC calls A value of 0 means no timeout. The default is 30 seconds.

func WithHostID added in v0.0.39 

func WithHostID(hostID string) StorageClientOption

WithHostID sets the host ID (e.g., EC2 instance ID) Required for non-cluster-based host types

func WithHostType added in v0.0.39 

func WithHostType(hostType string) StorageClientOption

WithHostType sets the host type (e.g., "kubernetes", "ec2", "ecs") If not set, defaults to "kubernetes" on the server side

func WithStorageTrace added in v0.0.33 

func WithStorageTrace(enabled bool) StorageClientOption

WithStorageTrace toggles request/response tracing for debugging

type StorageClientOptions added in v0.0.33 

type StorageClientOptions struct {
	// contains filtered or unexported fields
}

StorageClientOptions holds all the configurable parts of the Storage client

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.