Skip to content

Commit

Permalink
feat: Set owner ref for ConfigAudit reports
Browse files Browse the repository at this point in the history 
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
  • Loading branch information
@danielpacak
danielpacak committed Sep 8, 2020
1 parent a727ac6 commit 394edff
Show file tree
Hide file tree
Showing 22 changed files with 124 additions and 364 deletions.
1 change: 1 addition & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ integration-tests: check-env get-ginkgo
github.com/aquasecurity/starboard/pkg/kubebench \
github.com/aquasecurity/starboard/pkg/kubehunter \
github.com/aquasecurity/starboard/pkg/polaris \
github.com/aquasecurity/starboard/pkg/polaris/crd \
github.com/aquasecurity/starboard/pkg/find/vulnerabilities/trivy \
github.com/aquasecurity/starboard/pkg/find/vulnerabilities/crd \
./itest
Expand Down
198 changes: 0 additions & 198 deletions itest/functionality_test.go
View file

This file was deleted.

10 changes: 0 additions & 10 deletions pkg/apis/aquasecurity/v1alpha1/common_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,3 @@ type Scanner struct {
Vendor string `json:"vendor"`
Version string `json:"version"`
}

type KubernetesResource struct {
Kind string `json:"kind"` // Pod, Deployment, Node, etc.
Name string `json:"name"` // my-pod, my-deployment, my-node, etc.
}

type KubernetesNamespacedResource struct {
Namespace string `json:"namespace"`
KubernetesResource
}
7 changes: 3 additions & 4 deletions pkg/apis/aquasecurity/v1alpha1/config_audit_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,9 @@ type ConfigAuditReportList struct {
// TODO by defining scope type (e.g. Pod, Container, Node) and the name of the scope (e.g. my-pod, my-container,
// TODO my-node)
type ConfigAudit struct {
Scanner Scanner `json:"scanner"`
Resource KubernetesNamespacedResource `json:"resource"`
PodChecks []Check `json:"podChecks"`
ContainerChecks map[string][]Check `json:"containerChecks"`
Scanner Scanner `json:"scanner"`
PodChecks []Check `json:"podChecks"`
ContainerChecks map[string][]Check `json:"containerChecks"`
}

type Check struct {
Expand Down
34 changes: 0 additions & 34 deletions pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

28 changes: 14 additions & 14 deletions pkg/cmd/commands.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,12 @@ package cmd

import (
"errors"
"k8s.io/apimachinery/pkg/api/meta"
"strings"
"time"

"k8s.io/apimachinery/pkg/api/meta"
"k8s.io/apimachinery/pkg/runtime/schema"

"k8s.io/client-go/kubernetes/scheme"

"k8s.io/apimachinery/pkg/runtime"
Expand All @@ -22,36 +24,34 @@ func SetGlobalFlags(cf *genericclioptions.ConfigFlags, cmd *cobra.Command) {
}
}

func WorkloadFromArgs(mapper meta.RESTMapper, namespace string, args []string) (workload kube.Object, err error) {
func WorkloadFromArgs(mapper meta.RESTMapper, namespace string, args []string) (workload kube.Object, gvk schema.GroupVersionKind, err error) {
if len(args) < 1 {
err = errors.New("required workload kind and name not specified")
return
}

var resource, resourceName string
parts := strings.SplitN(args[0], "/", 2)
if len(parts) == 1 {
workload = kube.Object{
Namespace: namespace,
Kind: kube.KindPod,
Name: parts[0],
}
return
resource = "pods"
resourceName = parts[0]
} else {
resource = parts[0]
resourceName = parts[1]
}
gvr, gvk, err := kube.GvkFromResource(mapper, parts[0])

_, gvk, err = kube.GVRForResource(mapper, resource)
if err != nil {
return
}
if "" == parts[1] {
if "" == resourceName {
err = errors.New("required workload name is blank")
return
}
workload = kube.Object{
Namespace: namespace,
Kind: kube.Kind(gvk.Kind),
Name: parts[1],
Version: gvk.Version,
Group: gvk.Group,
Resource: gvr.Resource,
Name: resourceName,
}
return
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/cmd/find_vulnerabilities.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ NAME is the name of a particular Kubernetes workload.
if err != nil {
return
}
workload, err := WorkloadFromArgs(mapper, ns, args)
workload, _, err := WorkloadFromArgs(mapper, ns, args)
if err != nil {
return
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/cmd/get_configaudit.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ NAME is the name of a particular Kubernetes workload.
if err != nil {
return
}
workload, err := WorkloadFromArgs(mapper, ns, args)
workload, _, err := WorkloadFromArgs(mapper, ns, args)
if err != nil {
return
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/cmd/get_report.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,12 @@ NAME is the name of a particular Kubernetes workload.
if err != nil {
return
}
workload, err := WorkloadFromArgs(mapper, ns, args)
workload, _, err := WorkloadFromArgs(mapper, ns, args)
if err != nil {
return
}

caReader := configAuditCrd.NewReadWriter(starboardClientset)
caReader := configAuditCrd.NewReadWriter(GetScheme(), starboardClientset)
vulnsReader := vulnsCrd.NewReadWriter(GetScheme(), starboardClientset)

reporter := report.NewHTMLReporter(caReader, vulnsReader, workload)
Expand Down
2 changes: 1 addition & 1 deletion pkg/cmd/get_vulnerabilities.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ NAME is the name of a particular Kubernetes workload.
if err != nil {
return
}
workload, err := WorkloadFromArgs(mapper, ns, args)
workload, _, err := WorkloadFromArgs(mapper, ns, args)
if err != nil {
return
}
Expand Down
Loading

0 comments on commit 394edff

Please sign in to comment.