capabilities

package

v0.22.1 Latest Latest Go to latest Published: Nov 27, 2023 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Shopify/kubeaudit

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func IsCapabilityInAddList(container *k8s.ContainerV1, capability string) bool
func IsDropAll(container *k8s.ContainerV1) bool
func SecurityContextOrCapabilities(container *k8s.ContainerV1) bool
type Capabilities
- func New(config Config) *Capabilities
- func (a *Capabilities) Audit(resource k8s.Resource, _ []k8s.Resource) ([]*kubeaudit.AuditResult, error)
type Config
- func (config *Config) GetAllowAddList() []string

Constants ¶

View Source

const (
	// CapabilityAdded occurs when a capability is in the capability add list of a container's security context
	CapabilityAdded = "CapabilityAdded"
	// CapabilityShouldDropAll occurs when there's a drop list instead of having drop "ALL"
	CapabilityShouldDropAll = "CapabilityShouldDropAll"
	// CapabilityOrSecurityContextMissing  occurs when either the Security Context or Capabilities are not specified
	CapabilityOrSecurityContextMissing = "CapabilityOrSecurityContextMissing"
)

View Source

const Name = "capabilities"

Variables ¶

View Source

var DefaultAllowAddList = []string{""}

View Source

var DefaultDropList = []string{"ALL"}

Functions ¶

func IsCapabilityInAddList ¶ added in v0.12.0

func IsCapabilityInAddList(container *k8s.ContainerV1, capability string) bool

func IsDropAll ¶ added in v0.12.0

func IsDropAll(container *k8s.ContainerV1) bool

func SecurityContextOrCapabilities ¶ added in v0.12.0

func SecurityContextOrCapabilities(container *k8s.ContainerV1) bool

Types ¶

type Capabilities ¶

type Capabilities struct {
	// contains filtered or unexported fields
}

Capabilities implements Auditable

func New ¶

func New(config Config) *Capabilities

func (*Capabilities) Audit ¶

func (a *Capabilities) Audit(resource k8s.Resource, _ []k8s.Resource) ([]*kubeaudit.AuditResult, error)

Audit checks that bad capabilities are dropped with ALL and no capabilities are added

type Config ¶

type Config struct {
	AllowAddList []string `yaml:"allowAddList"`
}

func (*Config) GetAllowAddList ¶ added in v0.12.0

func (config *Config) GetAllowAddList() []string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL