From 3df3b7766cd73766259f013383196e95b0f55c55 Mon Sep 17 00:00:00 2001 From: David Wertenteil Date: Sun, 10 Apr 2022 09:33:44 +0300 Subject: [PATCH] save policy in file --- README.md | 2 +- core/cautils/getter/armoapi.go | 1 - core/core/initutils.go | 3 +-- core/pkg/opaprocessor/processorhandlerutils.go | 3 +-- core/pkg/policyhandler/handlepullpolicies.go | 12 ++++++++++++ core/pkg/resourcehandler/filesloader.go | 5 +++-- install.sh | 2 +- 7 files changed, 19 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index bf158a18..2fae7f31 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | ## Run: ``` -kubescape scan --submit --enable-host-scan +kubescape scan --submit --enable-host-scan --format-version v2 --verbose ``` diff --git a/core/cautils/getter/armoapi.go b/core/cautils/getter/armoapi.go index fcddfd59..641182f8 100644 --- a/core/cautils/getter/armoapi.go +++ b/core/cautils/getter/armoapi.go @@ -163,7 +163,6 @@ func (armoAPI *ArmoAPI) GetFramework(name string) (*reporthandling.Framework, er if err = JSONDecoder(respStr).Decode(framework); err != nil { return nil, err } - SaveInFile(framework, GetDefaultPath(name+".json")) return framework, err } diff --git a/core/core/initutils.go b/core/core/initutils.go index 7cc08cd9..ec725e01 100644 --- a/core/core/initutils.go +++ b/core/core/initutils.go @@ -2,7 +2,6 @@ package core import ( "fmt" - "os" "github.com/armosec/k8s-interface/k8sinterface" "github.com/armosec/kubescape/core/cautils" @@ -193,7 +192,7 @@ func getConfigInputsGetter(ControlsInputs string, accountID string, downloadRele downloadReleasedPolicy = getter.NewDownloadReleasedPolicy() } if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull config inputs, fallback to BE - cautils.WarningDisplay(os.Stderr, "Warning: failed to get config inputs from github release, this may affect the scanning results\n") + logger.L().Warning("failed to get config inputs from github release, this may affect the scanning results", helpers.Error(err)) } return downloadReleasedPolicy } diff --git a/core/pkg/opaprocessor/processorhandlerutils.go b/core/pkg/opaprocessor/processorhandlerutils.go index 9d3ecf9d..3444d675 100644 --- a/core/pkg/opaprocessor/processorhandlerutils.go +++ b/core/pkg/opaprocessor/processorhandlerutils.go @@ -3,7 +3,6 @@ package opaprocessor import ( "github.com/armosec/kubescape/core/cautils" "github.com/armosec/kubescape/core/cautils/logger" - "github.com/armosec/kubescape/core/cautils/logger/helpers" "github.com/armosec/k8s-interface/k8sinterface" "github.com/armosec/k8s-interface/workloadinterface" @@ -116,7 +115,7 @@ func getKubernetesObjects(k8sResources *cautils.K8SResources, allResources map[s for _, groupResource := range groupResources { if k8sObj, ok := (*k8sResources)[groupResource]; ok { if k8sObj == nil { - logger.L().Debug("skipping", helpers.String("resource", groupResource)) + // logger.L().Debug("skipping", helpers.String("resource", groupResource)) } for i := range k8sObj { k8sObjects = append(k8sObjects, allResources[k8sObj[i]]) diff --git a/core/pkg/policyhandler/handlepullpolicies.go b/core/pkg/policyhandler/handlepullpolicies.go index 7d903789..19303fda 100644 --- a/core/pkg/policyhandler/handlepullpolicies.go +++ b/core/pkg/policyhandler/handlepullpolicies.go @@ -5,7 +5,9 @@ import ( "strings" "github.com/armosec/kubescape/core/cautils" + "github.com/armosec/kubescape/core/cautils/getter" "github.com/armosec/kubescape/core/cautils/logger" + "github.com/armosec/kubescape/core/cautils/logger/helpers" "github.com/armosec/opa-utils/reporthandling" ) @@ -54,6 +56,11 @@ func (policyHandler *PolicyHandler) getScanPolicies(notification *reporthandling } if receivedFramework != nil { frameworks = append(frameworks, *receivedFramework) + + cache := getter.GetDefaultPath(rule.Name + ".json") + if err := getter.SaveInFile(receivedFramework, cache); err != nil { + logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err)) + } } } case reporthandling.KindControl: // Download controls @@ -67,6 +74,11 @@ func (policyHandler *PolicyHandler) getScanPolicies(notification *reporthandling } if receivedControl != nil { f.Controls = append(f.Controls, *receivedControl) + + cache := getter.GetDefaultPath(rule.Name + ".json") + if err := getter.SaveInFile(receivedControl, cache); err != nil { + logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err)) + } } } frameworks = append(frameworks, f) diff --git a/core/pkg/resourcehandler/filesloader.go b/core/pkg/resourcehandler/filesloader.go index 64a8f4d5..698644d8 100644 --- a/core/pkg/resourcehandler/filesloader.go +++ b/core/pkg/resourcehandler/filesloader.go @@ -2,7 +2,6 @@ package resourcehandler import ( "fmt" - "os" "github.com/armosec/armoapi-go/armotypes" "github.com/armosec/k8s-interface/workloadinterface" @@ -10,6 +9,8 @@ import ( "github.com/armosec/k8s-interface/k8sinterface" "github.com/armosec/kubescape/core/cautils" + "github.com/armosec/kubescape/core/cautils/logger" + "github.com/armosec/kubescape/core/cautils/logger/helpers" ) // FileResourceHandler handle resources from files and URLs @@ -82,7 +83,7 @@ func (fileHandler *FileResourceHandler) GetResources(sessionObj *cautils.OPASess } if err := fileHandler.registryAdaptors.collectImagesVulnerabilities(k8sResources, allResources, armoResources); err != nil { - cautils.WarningDisplay(os.Stderr, "Warning: failed to collect images vulnerabilities: %s\n", err.Error()) + logger.L().Warning("failed to collect images vulnerabilities", helpers.Error(err)) } return k8sResources, allResources, armoResources, nil diff --git a/install.sh b/install.sh index ba010b33..533475f4 100755 --- a/install.sh +++ b/install.sh @@ -54,6 +54,6 @@ echo -e "\033[0m" $KUBESCAPE_EXEC version echo -echo -e "\033[35mUsage: $ $KUBESCAPE_EXEC scan --submit --enable-host-scan --verbose" +echo -e "\033[35mUsage: $ $KUBESCAPE_EXEC scan --submit --enable-host-scan --format-version v2 --verbose" echo -e "\033[0m"