Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MockDataUploadServer ¶
MockDataUploadServer starts a server which mocks the CyberArk Discovery and Context API, and an HTTP client with the CA certs needed to connect to it.
The returned URL can be supplied to the `dataupload.New` function as the base URL for the discoverycontext API.
The returned HTTP client has a transport which logs requests and responses depending on log level of the logger supplied in the context.
The mock server will return a successful response when the cluster ID matches successClusterID. Other cluster IDs can be used to trigger various failure responses.
Types ¶
type CyberArkClient ¶
type CyberArkClient struct {
// contains filtered or unexported fields
}
func (*CyberArkClient) PutSnapshot ¶
func (c *CyberArkClient) PutSnapshot(ctx context.Context, snapshot Snapshot) error
PutSnapshot PUTs the supplied snapshot to an [AWS presigned URL] which it obtains via the CyberArk inventory API. [AWS presigned URL]: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
A SHA256 checksum header is included in the request, to verify that the payload has been received intact. Read [Checking object integrity for data uploads in Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity-upload.html), to learn more.
TODO(wallrj): There is a bug in the AWS backend: [S3 Presigned PutObjectCommand URLs ignore Sha256 Hash when uploading](https://github.com/aws/aws-sdk/issues/480) ...which means that the `x-amz-checksum-sha256` request header is optional. If you omit that header, it is possible to PUT any data. There is a work around listed in that issue which we have shared with the CyberArk API team.
type Snapshot ¶
type Snapshot struct {
// AgentVersion is the version of the Venafi Kubernetes Agent which is uploading this snapshot.
AgentVersion string `json:"agent_version"`
// ClusterID is the unique ID of the Kubernetes cluster which this snapshot was taken from.
ClusterID string `json:"cluster_id"`
// ClusterName is the name of the Kubernetes cluster which this snapshot was taken from.
ClusterName string `json:"cluster_name"`
// ClusterDescription is an optional description of the Kubernetes cluster which this snapshot was taken from.
ClusterDescription string `json:"cluster_description,omitempty"`
// K8SVersion is the version of Kubernetes which the cluster is running.
K8SVersion string `json:"k8s_version"`
// Secrets is a list of Secret resources in the cluster. Not all Secret
// types are included and only a subset of the Secret data is included.
Secrets []runtime.Object `json:"secrets"`
// ServiceAccounts is a list of ServiceAccount resources in the cluster.
ServiceAccounts []runtime.Object `json:"serviceaccounts"`
// Roles is a list of Role resources in the cluster.
Roles []runtime.Object `json:"roles"`
// ClusterRoles is a list of ClusterRole resources in the cluster.
ClusterRoles []runtime.Object `json:"clusterroles"`
// RoleBindings is a list of RoleBinding resources in the cluster.
RoleBindings []runtime.Object `json:"rolebindings"`
// ClusterRoleBindings is a list of ClusterRoleBinding resources in the cluster.
ClusterRoleBindings []runtime.Object `json:"clusterrolebindings"`
// Jobs is a list of Job resources in the cluster.
Jobs []runtime.Object `json:"jobs"`
// CronJobs is a list of CronJob resources in the cluster.
CronJobs []runtime.Object `json:"cronjobs"`
// Deployments is a list of Deployment resources in the cluster.
Deployments []runtime.Object `json:"deployments"`
// Statefulsets is a list of StatefulSet resources in the cluster.
Statefulsets []runtime.Object `json:"statefulsets"`
// Daemonsets is a list of DaemonSet resources in the cluster.
Daemonsets []runtime.Object `json:"daemonsets"`
// Pods is a list of Pod resources in the cluster.
Pods []runtime.Object `json:"pods"`
}
Snapshot is the JSON that the CyberArk Discovery and Context API expects to be uploaded to the AWS presigned URL.
Source Files