From 16073d68729a35f580b57b2640b843835aa6a6fc Mon Sep 17 00:00:00 2001 From: kooomix Date: Wed, 14 Dec 2022 13:06:04 +0200 Subject: [PATCH 1/8] download control only by id --- cmd/download/download.go | 9 ++++- core/cautils/getter/downloadreleasedpolicy.go | 4 +-- core/cautils/getter/getpolicies.go | 2 +- core/cautils/getter/kscloudapi.go | 2 +- core/cautils/getter/loadpolicy.go | 6 ++-- core/core/download.go | 35 ++++++++++++------- core/meta/datastructures/v1/download.go | 1 + 7 files changed, 38 insertions(+), 21 deletions(-) diff --git a/cmd/download/download.go b/cmd/download/download.go index ad730154..00ed0b99 100644 --- a/cmd/download/download.go +++ b/cmd/download/download.go @@ -70,7 +70,14 @@ func GeDownloadCmd(ks meta.IKubescape) *cobra.Command { } downloadInfo.Target = args[0] if len(args) >= 2 { - downloadInfo.Name = args[1] + + // downloading a control is supported only by id. + if downloadInfo.Target == core.TargetControl { + downloadInfo.ID = args[1] + } else { + downloadInfo.Name = args[1] + } + } if err := ks.Download(&downloadInfo); err != nil { logger.L().Fatal(err.Error()) diff --git a/core/cautils/getter/downloadreleasedpolicy.go b/core/cautils/getter/downloadreleasedpolicy.go index d70fbb95..e8e445c1 100644 --- a/core/cautils/getter/downloadreleasedpolicy.go +++ b/core/cautils/getter/downloadreleasedpolicy.go @@ -25,11 +25,11 @@ func NewDownloadReleasedPolicy() *DownloadReleasedPolicy { } } -func (drp *DownloadReleasedPolicy) GetControl(policyName string) (*reporthandling.Control, error) { +func (drp *DownloadReleasedPolicy) GetControl(ID string) (*reporthandling.Control, error) { var control *reporthandling.Control var err error - control, err = drp.gs.GetOPAControl(policyName) + control, err = drp.gs.GetOPAControlByID(ID) if err != nil { return nil, err } diff --git a/core/cautils/getter/getpolicies.go b/core/cautils/getter/getpolicies.go index 263ae8af..082349ec 100644 --- a/core/cautils/getter/getpolicies.go +++ b/core/cautils/getter/getpolicies.go @@ -9,7 +9,7 @@ import ( type IPolicyGetter interface { GetFramework(name string) (*reporthandling.Framework, error) GetFrameworks() ([]reporthandling.Framework, error) - GetControl(name string) (*reporthandling.Control, error) + GetControl(ID string) (*reporthandling.Control, error) ListFrameworks() ([]string, error) ListControls() ([]string, error) diff --git a/core/cautils/getter/kscloudapi.go b/core/cautils/getter/kscloudapi.go index c3672b3f..b01ab640 100644 --- a/core/cautils/getter/kscloudapi.go +++ b/core/cautils/getter/kscloudapi.go @@ -192,7 +192,7 @@ func (api *KSCloudAPI) GetFrameworks() ([]reporthandling.Framework, error) { return frameworks, err } -func (api *KSCloudAPI) GetControl(policyName string) (*reporthandling.Control, error) { +func (api *KSCloudAPI) GetControl(ID string) (*reporthandling.Control, error) { return nil, fmt.Errorf("control api is not public") } diff --git a/core/cautils/getter/loadpolicy.go b/core/cautils/getter/loadpolicy.go index 66700ab6..500a2ede 100644 --- a/core/cautils/getter/loadpolicy.go +++ b/core/cautils/getter/loadpolicy.go @@ -37,7 +37,7 @@ func NewLoadPolicy(filePaths []string) *LoadPolicy { } // Return control from file -func (lp *LoadPolicy) GetControl(controlName string) (*reporthandling.Control, error) { +func (lp *LoadPolicy) GetControl(controlID string) (*reporthandling.Control, error) { control := &reporthandling.Control{} filePath := lp.filePath() @@ -49,13 +49,13 @@ func (lp *LoadPolicy) GetControl(controlName string) (*reporthandling.Control, e if err = json.Unmarshal(f, control); err != nil { return control, err } - if controlName != "" && !strings.EqualFold(controlName, control.Name) && !strings.EqualFold(controlName, control.ControlID) { + if controlID != "" && !strings.EqualFold(controlID, control.ControlID) && !strings.EqualFold(controlID, control.ControlID) { framework, err := lp.GetFramework(control.Name) if err != nil { return nil, fmt.Errorf("control from file not matching") } else { for _, ctrl := range framework.Controls { - if strings.EqualFold(ctrl.Name, controlName) || strings.EqualFold(ctrl.ControlID, controlName) { + if strings.EqualFold(ctrl.ControlID, controlID) || strings.EqualFold(ctrl.ControlID, controlID) { control = &ctrl break } diff --git a/core/core/download.go b/core/core/download.go index 5c2ab233..a89af26d 100644 --- a/core/core/download.go +++ b/core/core/download.go @@ -13,13 +13,22 @@ import ( metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1" ) +const ( + TargetControlsInputs = "controls-inputs" + TargetExceptions = "exceptions" + TargetControl = "control" + TargetFramework = "framework" + TargetArtifacts = "artifacts" + TargetAttackTracks = "attack-tracks" +) + var downloadFunc = map[string]func(*metav1.DownloadInfo) error{ - "controls-inputs": downloadConfigInputs, - "exceptions": downloadExceptions, - "control": downloadControl, - "framework": downloadFramework, - "artifacts": downloadArtifacts, - "attack-tracks": downloadAttackTracks, + TargetControlsInputs: downloadConfigInputs, + TargetExceptions: downloadExceptions, + TargetControl: downloadControl, + TargetFramework: downloadFramework, + TargetArtifacts: downloadArtifacts, + TargetAttackTracks: downloadAttackTracks, } func DownloadSupportCommands() []string { @@ -200,25 +209,25 @@ func downloadControl(downloadInfo *metav1.DownloadInfo) error { g := getPolicyGetter(nil, tenant.GetTenantEmail(), false, nil) - if downloadInfo.Name == "" { + if downloadInfo.ID == "" { // TODO - support - return fmt.Errorf("missing control name") + return fmt.Errorf("missing control ID") } if downloadInfo.FileName == "" { - downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Name) + downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.ID) } - controls, err := g.GetControl(downloadInfo.Name) + controls, err := g.GetControl(downloadInfo.ID) if err != nil { - return err + return fmt.Errorf("failed to download control id '%s', %s", downloadInfo.ID, err.Error()) } if controls == nil { - return fmt.Errorf("failed to download control - received an empty objects") + return fmt.Errorf("failed to download control id '%s' - received an empty objects", downloadInfo.ID) } downloadTo := filepath.Join(downloadInfo.Path, downloadInfo.FileName) err = getter.SaveInFile(controls, downloadTo) if err != nil { return err } - logger.L().Success("Downloaded", helpers.String("artifact", downloadInfo.Target), helpers.String("name", downloadInfo.Name), helpers.String("path", downloadTo)) + logger.L().Success("Downloaded", helpers.String("artifact", downloadInfo.Target), helpers.String("ID", downloadInfo.ID), helpers.String("path", downloadTo)) return nil } diff --git a/core/meta/datastructures/v1/download.go b/core/meta/datastructures/v1/download.go index 6b44c323..26be2ba6 100644 --- a/core/meta/datastructures/v1/download.go +++ b/core/meta/datastructures/v1/download.go @@ -7,5 +7,6 @@ type DownloadInfo struct { FileName string // can be empty Target string // type of artifact to download Name string // name of artifact to download + ID string // ID of artifact to download (relevant only for controls) Credentials cautils.Credentials } From 3a404f29fa6973d5a3a5dd92a8749a670dada6a7 Mon Sep 17 00:00:00 2001 From: kooomix Date: Wed, 14 Dec 2022 13:42:52 +0200 Subject: [PATCH 2/8] control scan by id --- core/cautils/scaninfo.go | 11 +++++++++-- core/pkg/policyhandler/handlepullpolicies.go | 6 +++--- smoke_testing/test_scan.py | 6 +++--- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/core/cautils/scaninfo.go b/core/cautils/scaninfo.go index 2c5631e2..067e6469 100644 --- a/core/cautils/scaninfo.go +++ b/core/cautils/scaninfo.go @@ -94,7 +94,8 @@ const ( ) type PolicyIdentifier struct { - Name string // policy name e.g. nsa,mitre,c-0012 + ID string // policy ID e.g. c-0012 - relevant only to kind=control + Name string // policy name e.g. nsa,mitre Kind apisv1.NotificationPolicyKind // policy kind e.g. Framework,Control,Rule Designators armotypes.PortalDesignator } @@ -214,7 +215,13 @@ func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.No if !scanInfo.contains(policy) { newPolicy := PolicyIdentifier{} newPolicy.Kind = kind - newPolicy.Name = policy + // control can be identified only by it's id. + if kind == apisv1.KindControl { + newPolicy.ID = policy + } else { + newPolicy.Name = policy + } + scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy) } } diff --git a/core/pkg/policyhandler/handlepullpolicies.go b/core/pkg/policyhandler/handlepullpolicies.go index 9915e05f..63b57926 100644 --- a/core/pkg/policyhandler/handlepullpolicies.go +++ b/core/pkg/policyhandler/handlepullpolicies.go @@ -73,15 +73,15 @@ func (policyHandler *PolicyHandler) getScanPolicies(policyIdentifier []cautils.P f := reporthandling.Framework{} var receivedControl *reporthandling.Control var err error - for _, rule := range policyIdentifier { - receivedControl, err = policyHandler.getters.PolicyGetter.GetControl(rule.Name) + for _, policy := range policyIdentifier { + receivedControl, err = policyHandler.getters.PolicyGetter.GetControl(policy.ID) if err != nil { return frameworks, policyDownloadError(err) } if receivedControl != nil { f.Controls = append(f.Controls, *receivedControl) - cache := getter.GetDefaultPath(rule.Name + ".json") + cache := getter.GetDefaultPath(policy.ID + ".json") if err := getter.SaveInFile(receivedControl, cache); err != nil { logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err)) } diff --git a/smoke_testing/test_scan.py b/smoke_testing/test_scan.py index f890d8f8..f6b9774c 100644 --- a/smoke_testing/test_scan.py +++ b/smoke_testing/test_scan.py @@ -48,9 +48,9 @@ def run(kubescape_exec: str): # msg = scan_all(kubescape_exec=kubescape_exec) # smoke_utils.assertion(msg) - print("Testing scan control name") - msg = scan_control_name(kubescape_exec=kubescape_exec) - smoke_utils.assertion(msg) + # print("Testing scan control name") + # msg = scan_control_name(kubescape_exec=kubescape_exec) + # smoke_utils.assertion(msg) print("Testing scan control id") msg = scan_control_id(kubescape_exec=kubescape_exec) From ca5b3e626bf51f9977e29ea40414e6d497d9d3e4 Mon Sep 17 00:00:00 2001 From: kooomix Date: Wed, 14 Dec 2022 14:08:32 +0200 Subject: [PATCH 3/8] test fix --- httphandler/handlerequests/v1/datastructuremethods_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/httphandler/handlerequests/v1/datastructuremethods_test.go b/httphandler/handlerequests/v1/datastructuremethods_test.go index 05386650..a483c459 100644 --- a/httphandler/handlerequests/v1/datastructuremethods_test.go +++ b/httphandler/handlerequests/v1/datastructuremethods_test.go @@ -49,7 +49,7 @@ func TestToScanInfo(t *testing.T) { assert.Equal(t, "kube-system,kube-public", s.IncludeNamespaces) assert.Equal(t, "", s.ExcludedNamespaces) assert.Equal(t, 1, len(s.PolicyIdentifier)) - assert.Equal(t, "c-0001", s.PolicyIdentifier[0].Name) + assert.Equal(t, "c-0001", s.PolicyIdentifier[0].ID) assert.Equal(t, apisv1.KindControl, s.PolicyIdentifier[0].Kind) } { From 7e9b43034756fd684c3ba3f5f4039f4bf025f44c Mon Sep 17 00:00:00 2001 From: kooomix Date: Wed, 14 Dec 2022 14:22:46 +0200 Subject: [PATCH 4/8] test fix --- smoke_testing/test_scan.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smoke_testing/test_scan.py b/smoke_testing/test_scan.py index f6b9774c..d6902327 100644 --- a/smoke_testing/test_scan.py +++ b/smoke_testing/test_scan.py @@ -21,7 +21,7 @@ def scan_control_id(kubescape_exec: str): def scan_controls(kubescape_exec: str): - return smoke_utils.run_command(command=[kubescape_exec, "scan", "control", 'HostPath mount,Allow privilege escalation', all_files, "--enable-host-scan=false"]) + return smoke_utils.run_command(command=[kubescape_exec, "scan", "control", 'C-0048,C-0016', all_files, "--enable-host-scan=false"]) def scan_framework(kubescape_exec: str): From 134d8547228530c2afbae4b04c62a7cee76f58ba Mon Sep 17 00:00:00 2001 From: kooomix Date: Wed, 21 Dec 2022 15:29:58 +0200 Subject: [PATCH 5/8] opa-utils v0.0.216 --- go.mod | 2 +- go.sum | 6 +++--- httphandler/go.mod | 2 +- httphandler/go.sum | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index d3515518..5068f0e2 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/kubescape/go-git-url v0.0.17 github.com/kubescape/go-logger v0.0.6 github.com/kubescape/k8s-interface v0.0.89 - github.com/kubescape/opa-utils v0.0.204 + github.com/kubescape/opa-utils v0.0.216 github.com/kubescape/rbac-utils v0.0.19 github.com/libgit2/git2go/v33 v33.0.9 github.com/mattn/go-isatty v0.0.14 diff --git a/go.sum b/go.sum index 59ae3f2a..255d93e7 100644 --- a/go.sum +++ b/go.sum @@ -134,7 +134,7 @@ github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= -github.com/alecthomas/assert/v2 v2.0.3 h1:WKqJODfOiQG0nEJKFKzDIG3E29CN2/4zR9XGJzKIkbg= +github.com/alecthomas/assert/v2 v2.2.0 h1:f6L/b7KE2bfA+9O4FL3CM/xJccDEwPVYd5fALBiuwvw= github.com/alecthomas/participle/v2 v2.0.0-beta.5 h1:y6dsSYVb1G5eK6mgmy+BgI3Mw35a3WghArZ/Hbebrjo= github.com/alecthomas/participle/v2 v2.0.0-beta.5/go.mod h1:RC764t6n4L8D8ITAJv0qdokritYSNR3wV5cVwmIEaMM= github.com/alecthomas/repr v0.1.1 h1:87P60cSmareLAxMc4Hro0r2RBY4ROm0dYwkJNpS4pPs= @@ -589,8 +589,8 @@ github.com/kubescape/go-logger v0.0.6 h1:ynhAmwrz0O7Jtqq1CdmCZUrKveji25hVP+B/FAb github.com/kubescape/go-logger v0.0.6/go.mod h1:DnVWEvC90LFY1nNMaNo6nBVOcqkLMK3S0qzXP1fzRvI= github.com/kubescape/k8s-interface v0.0.89 h1:OtlvZosHpjlbHfsilfQk2wRbuBnxwF0e+WZX6GbkfLU= github.com/kubescape/k8s-interface v0.0.89/go.mod h1:pgFRs20mHiavf6+fFWY7h/f8HuKlwuZwirvjxiKJlu0= -github.com/kubescape/opa-utils v0.0.204 h1:9O9drjyzjOhI7Xi2S4Px0WKa66U5GFPQqeOLvhDqHnw= -github.com/kubescape/opa-utils v0.0.204/go.mod h1:rDC3PANuk8gU5lSDO/WPFTluypBQ+/6qiuZLye+slYg= +github.com/kubescape/opa-utils v0.0.216 h1:6kCsW1+UnYnVu8ee4spMReXNBWZ0Uo3LEC+SdCsz1OA= +github.com/kubescape/opa-utils v0.0.216/go.mod h1:sNCabe+qZmZLSs/T76fPewEZnl5TSzGq4vhmPd1tP3o= github.com/kubescape/rbac-utils v0.0.19 h1:7iydgVxlMLW15MgHORfMBMqNj9jHtFGACd744fdtrFs= github.com/kubescape/rbac-utils v0.0.19/go.mod h1:t57AhSrjuNGQ+mpZWQM/hBzrCOeKBDHegFoVo4tbikQ= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= diff --git a/httphandler/go.mod b/httphandler/go.mod index fea78cd7..0745d428 100644 --- a/httphandler/go.mod +++ b/httphandler/go.mod @@ -12,7 +12,7 @@ require ( github.com/gorilla/schema v1.2.0 github.com/kubescape/go-logger v0.0.6 github.com/kubescape/kubescape/v2 v2.0.0-00010101000000-000000000000 - github.com/kubescape/opa-utils v0.0.204 + github.com/kubescape/opa-utils v0.0.216 github.com/stretchr/testify v1.8.0 k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 ) diff --git a/httphandler/go.sum b/httphandler/go.sum index 30eb0f0d..395ebb5a 100644 --- a/httphandler/go.sum +++ b/httphandler/go.sum @@ -134,7 +134,7 @@ github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= -github.com/alecthomas/assert/v2 v2.0.3 h1:WKqJODfOiQG0nEJKFKzDIG3E29CN2/4zR9XGJzKIkbg= +github.com/alecthomas/assert/v2 v2.2.0 h1:f6L/b7KE2bfA+9O4FL3CM/xJccDEwPVYd5fALBiuwvw= github.com/alecthomas/participle/v2 v2.0.0-beta.5 h1:y6dsSYVb1G5eK6mgmy+BgI3Mw35a3WghArZ/Hbebrjo= github.com/alecthomas/participle/v2 v2.0.0-beta.5/go.mod h1:RC764t6n4L8D8ITAJv0qdokritYSNR3wV5cVwmIEaMM= github.com/alecthomas/repr v0.1.1 h1:87P60cSmareLAxMc4Hro0r2RBY4ROm0dYwkJNpS4pPs= @@ -645,8 +645,8 @@ github.com/kubescape/go-logger v0.0.6 h1:ynhAmwrz0O7Jtqq1CdmCZUrKveji25hVP+B/FAb github.com/kubescape/go-logger v0.0.6/go.mod h1:DnVWEvC90LFY1nNMaNo6nBVOcqkLMK3S0qzXP1fzRvI= github.com/kubescape/k8s-interface v0.0.89 h1:OtlvZosHpjlbHfsilfQk2wRbuBnxwF0e+WZX6GbkfLU= github.com/kubescape/k8s-interface v0.0.89/go.mod h1:pgFRs20mHiavf6+fFWY7h/f8HuKlwuZwirvjxiKJlu0= -github.com/kubescape/opa-utils v0.0.204 h1:9O9drjyzjOhI7Xi2S4Px0WKa66U5GFPQqeOLvhDqHnw= -github.com/kubescape/opa-utils v0.0.204/go.mod h1:rDC3PANuk8gU5lSDO/WPFTluypBQ+/6qiuZLye+slYg= +github.com/kubescape/opa-utils v0.0.216 h1:6kCsW1+UnYnVu8ee4spMReXNBWZ0Uo3LEC+SdCsz1OA= +github.com/kubescape/opa-utils v0.0.216/go.mod h1:sNCabe+qZmZLSs/T76fPewEZnl5TSzGq4vhmPd1tP3o= github.com/kubescape/rbac-utils v0.0.19 h1:7iydgVxlMLW15MgHORfMBMqNj9jHtFGACd744fdtrFs= github.com/kubescape/rbac-utils v0.0.19/go.mod h1:t57AhSrjuNGQ+mpZWQM/hBzrCOeKBDHegFoVo4tbikQ= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= From b547814dec53e077aa79e6a9aead9e12a894ccb4 Mon Sep 17 00:00:00 2001 From: kooomix Date: Wed, 21 Dec 2022 19:17:29 +0200 Subject: [PATCH 6/8] DownloadInfo, PolicyIdentifier add Identity, remove ID and Name --- cmd/download/download.go | 11 +++-------- core/cautils/scaninfo.go | 17 +++++------------ core/core/download.go | 20 ++++++++++---------- core/core/initutils.go | 14 +++++++------- core/core/scan.go | 2 +- core/meta/datastructures/v1/download.go | 3 +-- core/pkg/policyhandler/handlepullpolicies.go | 10 +++++----- 7 files changed, 32 insertions(+), 45 deletions(-) diff --git a/cmd/download/download.go b/cmd/download/download.go index 00ed0b99..3c1519ec 100644 --- a/cmd/download/download.go +++ b/cmd/download/download.go @@ -24,8 +24,8 @@ var ( # Download the NSA framework. Run 'kubescape list frameworks' for all frameworks names kubescape download framework nsa - # Download the "HostPath mount" control. Run 'kubescape list controls' for all controls names - kubescape download control "HostPath mount" + # Download the "C-0001" control. Run 'kubescape list controls --id' for all controls ids + kubescape download control "C-0001" # Download the "C-0001" control. Run 'kubescape list controls --id' for all controls ids kubescape download control C-0001 @@ -71,12 +71,7 @@ func GeDownloadCmd(ks meta.IKubescape) *cobra.Command { downloadInfo.Target = args[0] if len(args) >= 2 { - // downloading a control is supported only by id. - if downloadInfo.Target == core.TargetControl { - downloadInfo.ID = args[1] - } else { - downloadInfo.Name = args[1] - } + downloadInfo.Identifier = args[1] } if err := ks.Download(&downloadInfo); err != nil { diff --git a/core/cautils/scaninfo.go b/core/cautils/scaninfo.go index 067e6469..ea9b2b3e 100644 --- a/core/cautils/scaninfo.go +++ b/core/cautils/scaninfo.go @@ -94,8 +94,7 @@ const ( ) type PolicyIdentifier struct { - ID string // policy ID e.g. c-0012 - relevant only to kind=control - Name string // policy name e.g. nsa,mitre + Identifier string // policy Identifier e.g. c-0012 for control, nsa,mitre for frameworks Kind apisv1.NotificationPolicyKind // policy kind e.g. Framework,Control,Rule Designators armotypes.PortalDesignator } @@ -184,7 +183,7 @@ func (scanInfo *ScanInfo) setUseArtifactsFrom() { func (scanInfo *ScanInfo) setUseFrom() { if scanInfo.UseDefault { for _, policy := range scanInfo.PolicyIdentifier { - scanInfo.UseFrom = append(scanInfo.UseFrom, getter.GetDefaultPath(policy.Name+".json")) + scanInfo.UseFrom = append(scanInfo.UseFrom, getter.GetDefaultPath(policy.Identifier+".json")) } } } @@ -215,13 +214,7 @@ func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.No if !scanInfo.contains(policy) { newPolicy := PolicyIdentifier{} newPolicy.Kind = kind - // control can be identified only by it's id. - if kind == apisv1.KindControl { - newPolicy.ID = policy - } else { - newPolicy.Name = policy - } - + newPolicy.Identifier = policy scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy) } } @@ -229,7 +222,7 @@ func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.No func (scanInfo *ScanInfo) contains(policyName string) bool { for _, policy := range scanInfo.PolicyIdentifier { - if policy.Name == policyName { + if policy.Identifier == policyName { return true } } @@ -257,7 +250,7 @@ func scanInfoToScanMetadata(scanInfo *ScanInfo) *reporthandlingv2.Metadata { } // append frameworks for _, policy := range scanInfo.PolicyIdentifier { - metadata.ScanMetadata.TargetNames = append(metadata.ScanMetadata.TargetNames, policy.Name) + metadata.ScanMetadata.TargetNames = append(metadata.ScanMetadata.TargetNames, policy.Identifier) } metadata.ScanMetadata.KubescapeVersion = BuildNumber diff --git a/core/core/download.go b/core/core/download.go index a89af26d..49b355c2 100644 --- a/core/core/download.go +++ b/core/core/download.go @@ -93,7 +93,7 @@ func downloadArtifacts(downloadInfo *metav1.DownloadInfo) error { func downloadConfigInputs(downloadInfo *metav1.DownloadInfo) error { tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi()) - controlsInputsGetter := getConfigInputsGetter(downloadInfo.Name, tenant.GetAccountID(), nil) + controlsInputsGetter := getConfigInputsGetter(downloadInfo.Identifier, tenant.GetAccountID(), nil) controlInputs, err := controlsInputsGetter.GetControlsInputs(tenant.GetContextName()) if err != nil { return err @@ -167,7 +167,7 @@ func downloadFramework(downloadInfo *metav1.DownloadInfo) error { g := getPolicyGetter(nil, tenant.GetTenantEmail(), true, nil) - if downloadInfo.Name == "" { + if downloadInfo.Identifier == "" { // if framework name not specified - download all frameworks frameworks, err := g.GetFrameworks() if err != nil { @@ -184,9 +184,9 @@ func downloadFramework(downloadInfo *metav1.DownloadInfo) error { // return fmt.Errorf("missing framework name") } else { if downloadInfo.FileName == "" { - downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Name) + downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Identifier) } - framework, err := g.GetFramework(downloadInfo.Name) + framework, err := g.GetFramework(downloadInfo.Identifier) if err != nil { return err } @@ -209,25 +209,25 @@ func downloadControl(downloadInfo *metav1.DownloadInfo) error { g := getPolicyGetter(nil, tenant.GetTenantEmail(), false, nil) - if downloadInfo.ID == "" { + if downloadInfo.Identifier == "" { // TODO - support return fmt.Errorf("missing control ID") } if downloadInfo.FileName == "" { - downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.ID) + downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Identifier) } - controls, err := g.GetControl(downloadInfo.ID) + controls, err := g.GetControl(downloadInfo.Identifier) if err != nil { - return fmt.Errorf("failed to download control id '%s', %s", downloadInfo.ID, err.Error()) + return fmt.Errorf("failed to download control id '%s', %s", downloadInfo.Identifier, err.Error()) } if controls == nil { - return fmt.Errorf("failed to download control id '%s' - received an empty objects", downloadInfo.ID) + return fmt.Errorf("failed to download control id '%s' - received an empty objects", downloadInfo.Identifier) } downloadTo := filepath.Join(downloadInfo.Path, downloadInfo.FileName) err = getter.SaveInFile(controls, downloadTo) if err != nil { return err } - logger.L().Success("Downloaded", helpers.String("artifact", downloadInfo.Target), helpers.String("ID", downloadInfo.ID), helpers.String("path", downloadTo)) + logger.L().Success("Downloaded", helpers.String("artifact", downloadInfo.Target), helpers.String("ID", downloadInfo.Identifier), helpers.String("path", downloadTo)) return nil } diff --git a/core/core/initutils.go b/core/core/initutils.go index 66ae6272..79a36a50 100644 --- a/core/core/initutils.go +++ b/core/core/initutils.go @@ -122,18 +122,18 @@ func getFieldSelector(scanInfo *cautils.ScanInfo) resourcehandler.IFieldSelector return &resourcehandler.EmptySelector{} } -func policyIdentifierNames(pi []cautils.PolicyIdentifier) string { - policiesNames := "" +func policyIdentifierIdentities(pi []cautils.PolicyIdentifier) string { + policiesIdentities := "" for i := range pi { - policiesNames += pi[i].Name + policiesIdentities += pi[i].Identifier if i+1 < len(pi) { - policiesNames += "," + policiesIdentities += "," } } - if policiesNames == "" { - policiesNames = "all" + if policiesIdentities == "" { + policiesIdentities = "all" } - return policiesNames + return policiesIdentities } // setSubmitBehavior - Setup the desired cluster behavior regarding submitting to the Kubescape Cloud BE diff --git a/core/core/scan.go b/core/core/scan.go index f17405c0..61b985c4 100644 --- a/core/core/scan.go +++ b/core/core/scan.go @@ -63,7 +63,7 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces { // ================== version testing ====================================== v := cautils.NewIVersionCheckHandler() - v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, policyIdentifierNames(scanInfo.PolicyIdentifier), "", cautils.ScanningContextToScanningScope(scanInfo.GetScanningContext()))) + v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, policyIdentifierIdentities(scanInfo.PolicyIdentifier), "", cautils.ScanningContextToScanningScope(scanInfo.GetScanningContext()))) // ================== setup host scanner object ====================================== diff --git a/core/meta/datastructures/v1/download.go b/core/meta/datastructures/v1/download.go index 26be2ba6..b51a8342 100644 --- a/core/meta/datastructures/v1/download.go +++ b/core/meta/datastructures/v1/download.go @@ -6,7 +6,6 @@ type DownloadInfo struct { Path string // directory to save artifact. Default is "~/.kubescape/" FileName string // can be empty Target string // type of artifact to download - Name string // name of artifact to download - ID string // ID of artifact to download (relevant only for controls) + Identifier string // identifier of artifact to download Credentials cautils.Credentials } diff --git a/core/pkg/policyhandler/handlepullpolicies.go b/core/pkg/policyhandler/handlepullpolicies.go index 95a4df3b..2d12af99 100644 --- a/core/pkg/policyhandler/handlepullpolicies.go +++ b/core/pkg/policyhandler/handlepullpolicies.go @@ -56,7 +56,7 @@ func (policyHandler *PolicyHandler) getScanPolicies(policyIdentifier []cautils.P switch getScanKind(policyIdentifier) { case apisv1.KindFramework: // Download frameworks for _, rule := range policyIdentifier { - receivedFramework, err := policyHandler.getters.PolicyGetter.GetFramework(rule.Name) + receivedFramework, err := policyHandler.getters.PolicyGetter.GetFramework(rule.Identifier) if err != nil { return frameworks, policyDownloadError(err) } @@ -65,7 +65,7 @@ func (policyHandler *PolicyHandler) getScanPolicies(policyIdentifier []cautils.P } if receivedFramework != nil { frameworks = append(frameworks, *receivedFramework) - cache := getter.GetDefaultPath(rule.Name + ".json") + cache := getter.GetDefaultPath(rule.Identifier + ".json") if err := getter.SaveInFile(receivedFramework, cache); err != nil { logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err)) } @@ -76,14 +76,14 @@ func (policyHandler *PolicyHandler) getScanPolicies(policyIdentifier []cautils.P var receivedControl *reporthandling.Control var err error for _, policy := range policyIdentifier { - receivedControl, err = policyHandler.getters.PolicyGetter.GetControl(policy.ID) + receivedControl, err = policyHandler.getters.PolicyGetter.GetControl(policy.Identifier) if err != nil { return frameworks, policyDownloadError(err) } if receivedControl != nil { f.Controls = append(f.Controls, *receivedControl) - cache := getter.GetDefaultPath(policy.ID + ".json") + cache := getter.GetDefaultPath(policy.Identifier + ".json") if err := getter.SaveInFile(receivedControl, cache); err != nil { logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err)) } @@ -100,7 +100,7 @@ func (policyHandler *PolicyHandler) getScanPolicies(policyIdentifier []cautils.P func policyIdentifierToSlice(rules []cautils.PolicyIdentifier) []string { s := []string{} for i := range rules { - s = append(s, fmt.Sprintf("%s: %s", rules[i].Kind, rules[i].Name)) + s = append(s, fmt.Sprintf("%s: %s", rules[i].Kind, rules[i].Identifier)) } return s } From cf87c2d30b8c31880dc128389b651ca2230f98cc Mon Sep 17 00:00:00 2001 From: kooomix Date: Wed, 21 Dec 2022 19:25:22 +0200 Subject: [PATCH 7/8] Fixed test --- httphandler/handlerequests/v1/datastructuremethods_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/httphandler/handlerequests/v1/datastructuremethods_test.go b/httphandler/handlerequests/v1/datastructuremethods_test.go index a483c459..4365f7fe 100644 --- a/httphandler/handlerequests/v1/datastructuremethods_test.go +++ b/httphandler/handlerequests/v1/datastructuremethods_test.go @@ -32,9 +32,9 @@ func TestToScanInfo(t *testing.T) { assert.False(t, s.Submit) assert.False(t, s.ScanAll) assert.True(t, s.FrameworkScan) - assert.Equal(t, "nsa", s.PolicyIdentifier[0].Name) + assert.Equal(t, "nsa", s.PolicyIdentifier[0].Identifier) assert.Equal(t, apisv1.KindFramework, s.PolicyIdentifier[0].Kind) - assert.Equal(t, "mitre", s.PolicyIdentifier[1].Name) + assert.Equal(t, "mitre", s.PolicyIdentifier[1].Identifier) assert.Equal(t, apisv1.KindFramework, s.PolicyIdentifier[1].Kind) } { @@ -49,7 +49,7 @@ func TestToScanInfo(t *testing.T) { assert.Equal(t, "kube-system,kube-public", s.IncludeNamespaces) assert.Equal(t, "", s.ExcludedNamespaces) assert.Equal(t, 1, len(s.PolicyIdentifier)) - assert.Equal(t, "c-0001", s.PolicyIdentifier[0].ID) + assert.Equal(t, "c-0001", s.PolicyIdentifier[0].Identifier) assert.Equal(t, apisv1.KindControl, s.PolicyIdentifier[0].Kind) } { From de3408bf57ff8fe82d6fdeb380d14c3870c9639d Mon Sep 17 00:00:00 2001 From: kooomix Date: Thu, 22 Dec 2022 14:09:27 +0200 Subject: [PATCH 8/8] minor fix --- smoke_testing/test_scan.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/smoke_testing/test_scan.py b/smoke_testing/test_scan.py index d6902327..aba956e0 100644 --- a/smoke_testing/test_scan.py +++ b/smoke_testing/test_scan.py @@ -48,10 +48,6 @@ def run(kubescape_exec: str): # msg = scan_all(kubescape_exec=kubescape_exec) # smoke_utils.assertion(msg) - # print("Testing scan control name") - # msg = scan_control_name(kubescape_exec=kubescape_exec) - # smoke_utils.assertion(msg) - print("Testing scan control id") msg = scan_control_id(kubescape_exec=kubescape_exec) smoke_utils.assertion(msg)