audit

package

v1.12.2 Latest Latest Go to latest Published: Apr 20, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openserbia/watchtower

Links

Open Source Insights

Documentation ¶

Overview ¶

Package audit exposes the HTTP handler for the /v1/audit endpoint.

Unlike the log-based `--audit-unmanaged` warning (which tracks silent exclusions over time), this endpoint returns the full watch status of every container the Docker daemon currently reports: managed (label set to true), excluded (label set to false), and unmanaged (label absent). Intended as a pull-model alternative for operators who want to script post-deploy verification or dashboards without parsing logs.

Index ¶

Constants
type Entry
type Handler
- func New(client container.Client, scope string) *Handler
- func (h *Handler) Handle(w http.ResponseWriter, _ *http.Request)
type Report
type Status
type Summary

Constants ¶

View Source

const Path = "/v1/audit"

Path is the HTTP path the audit endpoint is served at.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Entry ¶

type Entry struct {
	Name   string `json:"name"`
	Image  string `json:"image"`
	Status Status `json:"status"`
}

Entry is a single container's audit line.

type Handler ¶

type Handler struct {
	Path string
	// contains filtered or unexported fields
}

Handler serves the /v1/audit endpoint.

func New ¶

func New(client container.Client, scope string) *Handler

New returns a handler wired to the given Docker client and scope. Scope is propagated to the list filter so multi-scope operators only see their own containers when hitting the endpoint.

func (*Handler) Handle ¶

func (h *Handler) Handle(w http.ResponseWriter, _ *http.Request)

Handle responds with the audit report as JSON. Errors during container enumeration return 500 with a short plain-text message so operators can distinguish "Docker socket unreachable" from "actually no containers".

type Report ¶

type Report struct {
	GeneratedAt time.Time `json:"generated_at"`
	Scope       string    `json:"scope,omitempty"`
	Summary     Summary   `json:"summary"`
	Containers  []Entry   `json:"containers"`
}

Report is the /v1/audit response envelope.

type Status ¶

type Status string

Status captures how --label-enable treats a single container.

const (
	// StatusManaged — operator set the enable label to true.
	StatusManaged Status = "managed"
	// StatusExcluded — operator set the enable label to false (intentional opt-out).
	StatusExcluded Status = "excluded"
	// StatusUnmanaged — no enable label at all. With --label-enable active,
	// these are silently skipped unless the operator notices them via
	// --audit-unmanaged or this endpoint.
	StatusUnmanaged Status = "unmanaged"
	// StatusInfrastructure — a Docker-managed scaffolding container (buildx
	// builder, Docker Desktop internals). Not a user workload; tracked as a
	// distinct bucket so it doesn't inflate the unmanaged count every
	// `docker buildx build` run.
	StatusInfrastructure Status = "infrastructure"
)

type Summary ¶

type Summary struct {
	Managed        int `json:"managed"`
	Excluded       int `json:"excluded"`
	Unmanaged      int `json:"unmanaged"`
	Infrastructure int `json:"infrastructure"`
	Total          int `json:"total"`
}

Summary is a count-by-status digest returned alongside the full listing.

Source Files ¶

View all Source files

audit.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL