-
Notifications
You must be signed in to change notification settings - Fork 25
/
integrations_ctr_reg.go
177 lines (157 loc) · 6.24 KB
/
integrations_ctr_reg.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
//
// Author:: Salim Afiune Maya (<afiune@lacework.net>)
// Copyright:: Copyright 2020, Lacework Inc.
// License:: Apache License, Version 2.0
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
package api
type registryType int
const (
// type that defines a non-existing registry
NoneRegistry registryType = iota
DockerHubRegistry
DockerV2Registry
EcrRegistry
GcrRegistry
)
// RegistryTypes is the list of available registry types
var RegistryTypes = map[registryType]string{
NoneRegistry: "NONE",
DockerHubRegistry: "DOCKERHUB",
DockerV2Registry: "V2_REGISTRY",
EcrRegistry: "AWS_ECR",
GcrRegistry: "GCP_GCR",
}
// String returns the string representation of an registry type
func (i registryType) String() string {
return RegistryTypes[i]
}
// NewContainerRegIntegration returns an instance of ContainerRegIntegration
// with the provided name and data.
//
// Basic usage: Create a Docker Hub integration
//
// client, err := api.NewClient("account")
// if err != nil {
// return err
// }
//
// docker := api.NewContainerRegIntegration("foo",
// api.ContainerRegData{
// Credentials: api.ContainerRegCreds {
// Username: "techally",
// Password: "secret",
// },
// RegistryType: api.DockerHubRegistry.String(),
// RegistryDomain: "index.docker.io",
// LimitByTag: "*",
// LimitByLabel: "*",
// LimitNumImg: "5",
// },
// )
//
// client.Integrations.CreateContainerRegistry(docker)
//
func NewContainerRegIntegration(name string, data ContainerRegData) ContainerRegIntegration {
return ContainerRegIntegration{
commonIntegrationData: commonIntegrationData{
Name: name,
Type: ContainerRegistryIntegration.String(),
Enabled: 1,
},
Data: data,
}
}
func NewDockerHubRegistryIntegration(name string, data ContainerRegData) ContainerRegIntegration {
data.RegistryType = DockerHubRegistry.String()
data.RegistryDomain = "index.docker.io"
return NewContainerRegIntegration(name, data)
}
func NewDockerV2RegistryIntegration(name string, data ContainerRegData) ContainerRegIntegration {
data.RegistryType = DockerV2Registry.String()
return NewContainerRegIntegration(name, data)
}
func NewGcrRegistryIntegration(name string, data ContainerRegData) ContainerRegIntegration {
data.RegistryType = GcrRegistry.String()
return NewContainerRegIntegration(name, data)
}
// CreateContainerRegistry creates a container registry integration on the Lacework Server
func (svc *IntegrationsService) CreateContainerRegistry(integration ContainerRegIntegration) (
response ContainerRegIntResponse,
err error,
) {
err = svc.create(integration, &response)
return
}
// GetContainerRegistry gets a container registry integration that matches with
// the provided integration guid on the Lacework Server
func (svc *IntegrationsService) GetContainerRegistry(guid string) (
response ContainerRegIntResponse,
err error,
) {
err = svc.get(guid, &response)
return
}
// UpdateContainerRegistry updates a single container registry integration
func (svc *IntegrationsService) UpdateContainerRegistry(integration ContainerRegIntegration) (
response ContainerRegIntResponse,
err error,
) {
err = svc.update(integration.IntgGuid, integration, &response)
return
}
// ListContainerRegistryIntegrations lists the CONT_VULN_CFG external integrations available on the Lacework Server
func (svc *IntegrationsService) ListContainerRegistryIntegrations() (response ContainerRegIntResponse, err error) {
err = svc.listByType(ContainerRegistryIntegration, &response)
return
}
type ContainerRegIntResponse struct {
Data []ContainerRegIntegration `json:"data"`
Ok bool `json:"ok"`
Message string `json:"message"`
}
type ContainerRegIntegration struct {
commonIntegrationData
Data ContainerRegData `json:"DATA"`
}
type ContainerRegData struct {
// @afiune the container registry schema contains a few different DATA types,
// and because of that we are adding ALL fields that we could possibly have
// for ALL container registry types (look at the variable RegistryTypes) with
// the exception of AWS_ECR, this integration has a different credentials field
// and because of that we have to define it separately
Credentials ContainerRegCreds `json:"CREDENTIALS" mapstructure:"CREDENTIALS"`
RegistryType string `json:"REGISTRY_TYPE" mapstructure:"REGISTRY_TYPE"`
// for GCP_GCR integrations, the registry domain has to be one of:
// => [ "gcr.io", "us.gcr.io", "eu.gcr.io", "asia.gcr.io" ]
RegistryDomain string `json:"REGISTRY_DOMAIN" mapstructure:"REGISTRY_DOMAIN"`
LimitByTag string `json:"LIMIT_BY_TAG" mapstructure:"LIMIT_BY_TAG"`
LimitByLabel string `json:"LIMIT_BY_LABEL" mapstructure:"LIMIT_BY_LABEL"`
LimitByRep string `json:"LIMIT_BY_REP,omitempty" mapstructure:"LIMIT_BY_REP"`
LimitNumImg int `json:"LIMIT_NUM_IMG,omitempty" mapstructure:"LIMIT_NUM_IMG"`
NonOSPackageEval bool `json:"NON_OS_PACKAGE_EVAL" mapstructure:"NON_OS_PACKAGE_EVAL"`
RegistryNotifications *bool `json:"REGISTRY_NOTIFICATIONS,omitempty" mapstructure:"REGISTRY_NOTIFICATIONS"`
}
type ContainerRegCreds struct {
// for docker hub registry (DOCKERHUB)
Username string `json:"USERNAME,omitempty" mapstructure:"USERNAME"`
Password string `json:"PASSWORD,omitempty" mapstructure:"PASSWORD"`
// for docker V2 registry (V2_REGISTRY)
SSL bool `json:"SSL,omitempty" mapstructure:"SSL"`
// for GCR registry (GCP_GCR)
ClientEmail string `json:"CLIENT_EMAIL,omitempty" mapstructure:"CLIENT_EMAIL"`
ClientID string `json:"CLIENT_ID,omitempty" mapstructure:"CLIENT_ID"`
PrivateKey string `json:"PRIVATE_KEY,omitempty" mapstructure:"PRIVATE_KEY"`
PrivateKeyID string `json:"PRIVATE_KEY_ID,omitempty" mapstructure:"PRIVATE_KEY_ID"`
}