Set ownerReference for configauditreports resource

[danielpacak]

No description provided.

[rbren]

Just to clarify - the ConfigAuditReport would get an ownerReference pointing back to the resource it audited?

[danielpacak]

Yes. So If we have a ConfigAuditReport for Deployment B, and the Deployment B is removed we can take advantage of Kubernetes Garbage Collector to remove orphaned audit reports.

[krisctl]

Hi @danielpacak,

I have been trying to solve this issue for some time but probably need some guidance. Where in the starboard codebase can I find references to the parent resources for which the audit reports are created? I played around polaris/crd/writer.go to no avail and also tried updating KubernetesResource like so:
type KubernetesResource struct {
Kind string json:"kind"
Name string json:"name"
UID types.UID json:"uid" protobuf:"bytes,4,opt,name=uid,casttype=k8s.io/apimachinery/pkg/types.UID"
ApiVersion string json:"apiVersion"
}
in /pkg/apis/aquasecurity/v1alpha1/common_types.go but could not get any further. I would really appreciate some pointers here. Thanks!

[danielpacak]

Hey @krisctl !

It's going to be easier to resolve this issue once we implement #29

Currently we do run Polaris checker for all workloads accessible in a cluster, and then we convert the Polaris model to Starboard model in https://github.com/aquasecurity/starboard/blob/master/pkg/polaris/converter.go#L76

IIRC Polaris does not return UUID of Kubernetes workloads so we have to structure and refactor in a way to get somehow ObjectPartialMetadata just before we set the ownerReference