Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewCmdEvidence ¶
NewCmdEvidence returns the evidence command group
Types ¶
type CloudTrailData ¶
type CloudTrailData struct {
ErrorEvents []CloudTrailError `yaml:"errorEvents,omitempty"`
WriteEvents []CloudTrailEvent `yaml:"writeEvents,omitempty"`
}
CloudTrailData contains CloudTrail event information
type CloudTrailError ¶
type CloudTrailError struct {
EventTime string `yaml:"eventTime"`
EventName string `yaml:"eventName"`
ErrorCode string `yaml:"errorCode"`
ErrorMsg string `yaml:"errorMessage,omitempty"`
Username string `yaml:"username,omitempty"`
Region string `yaml:"region"`
ConsoleLink string `yaml:"consoleLink,omitempty"`
}
CloudTrailError represents an AWS error event
type CloudTrailEvent ¶
type CloudTrailEvent struct {
EventTime string `yaml:"eventTime"`
EventName string `yaml:"eventName"`
Username string `yaml:"username,omitempty"`
Region string `yaml:"region"`
}
CloudTrailEvent represents an AWS API event
type ClusterState ¶
type ClusterState struct {
Nodes []NodeInfo `yaml:"nodes,omitempty"`
Operators []OperatorInfo `yaml:"operators,omitempty"`
MachineConfigs []MachineConfigInfo `yaml:"machineConfigs,omitempty"`
Events []EventInfo `yaml:"events,omitempty"`
}
ClusterState captures cluster resource states
type CollectionMetadata ¶
type CollectionMetadata struct {
ClusterID string `yaml:"clusterId"`
ClusterName string `yaml:"clusterName"`
CollectionTime time.Time `yaml:"collectionTime"`
CollectorUser string `yaml:"collectorUser,omitempty"`
TimeWindowStart time.Time `yaml:"timeWindowStart"`
Platform string `yaml:"platform"`
IsHCP bool `yaml:"isHCP"`
}
CollectionMetadata contains information about the evidence collection
type DiagnosticData ¶
type DiagnosticData struct {
MustGatherPath string `yaml:"mustGatherPath,omitempty"`
CustomCommands map[string]string `yaml:"customCommands,omitempty"`
}
DiagnosticData contains diagnostic commands output
type EventInfo ¶
type EventInfo struct {
Type string `yaml:"type"`
Reason string `yaml:"reason"`
Message string `yaml:"message"`
Namespace string `yaml:"namespace"`
Object string `yaml:"object"`
Timestamp string `yaml:"timestamp"`
}
EventInfo represents Kubernetes events
type EvidenceCollection ¶
type EvidenceCollection struct {
Metadata CollectionMetadata `yaml:"metadata"`
ClusterState *ClusterState `yaml:"clusterState,omitempty"`
CloudTrailData *CloudTrailData `yaml:"cloudTrailData,omitempty"`
Diagnostics *DiagnosticData `yaml:"diagnostics,omitempty"`
}
EvidenceCollection represents all collected evidence
type MachineConfigInfo ¶
MachineConfigInfo represents MachineConfig state
type NodeInfo ¶
type NodeInfo struct {
Name string `yaml:"name"`
Status string `yaml:"status"`
Roles []string `yaml:"roles"`
Conditions []string `yaml:"conditions,omitempty"`
}
NodeInfo represents node state
type OperatorInfo ¶
type OperatorInfo struct {
Name string `yaml:"name"`
Available bool `yaml:"available"`
Progressing bool `yaml:"progressing"`
Degraded bool `yaml:"degraded"`
Version string `yaml:"version,omitempty"`
}
OperatorInfo represents ClusterOperator state
type RawEventDetails ¶
type RawEventDetails struct {
EventVersion string `json:"eventVersion"`
UserIdentity struct {
AccountId string `json:"accountId"`
SessionContext struct {
SessionIssuer struct {
Type string `json:"type"`
UserName string `json:"userName"`
Arn string `json:"arn"`
} `json:"sessionIssuer"`
} `json:"sessionContext"`
} `json:"userIdentity"`
EventRegion string `json:"awsRegion"`
EventId string `json:"eventID"`
ErrorCode string `json:"errorCode"`
ErrorMessage string `json:"errorMessage"`
}
RawEventDetails represents CloudTrail event structure
Source Files
Click to show internal directories.
Click to hide internal directories.