diff --git a/core/cautils/datastructures.go b/core/cautils/datastructures.go index 9c8e9683..555e2f87 100644 --- a/core/cautils/datastructures.go +++ b/core/cautils/datastructures.go @@ -19,7 +19,7 @@ type OPASessionObj struct { Policies []reporthandling.Framework // list of frameworks to scan AllResources map[string]workloadinterface.IMetadata // all scanned resources, map[] ResourcesResult map[string]resourcesresults.Result // resources scan results, map[] - ResourceSource map[string]string // resources sources, map[] + ResourceSource map[string]reporthandling.Source // resources sources, map[] PostureReport *reporthandling.PostureReport // scan results v1 - Remove Report *reporthandlingv2.PostureReport // scan results v2 - Remove Exceptions []armotypes.PostureExceptionPolicy // list of exceptions to apply on scan results @@ -39,7 +39,7 @@ func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SRe ResourcesResult: make(map[string]resourcesresults.Result), InfoMap: make(map[string]apis.StatusInfo), ResourceToControlsMap: make(map[string][]string), - ResourceSource: make(map[string]string), + ResourceSource: make(map[string]reporthandling.Source), SessionID: scanInfo.ScanID, PostureReport: &reporthandling.PostureReport{ ClusterName: ClusterName, diff --git a/core/cautils/fileutils.go b/core/cautils/fileutils.go index dbed9393..57f4d318 100644 --- a/core/cautils/fileutils.go +++ b/core/cautils/fileutils.go @@ -27,7 +27,7 @@ const ( ) func LoadResourcesFromFiles(inputPatterns []string) (map[string][]workloadinterface.IMetadata, error) { - files, errs := listFiles(inputPatterns) + absPaths, files, errs := listFiles(inputPatterns) if len(errs) > 0 { logger.L().Error(fmt.Sprintf("%v", errs)) } @@ -35,14 +35,14 @@ func LoadResourcesFromFiles(inputPatterns []string) (map[string][]workloadinterf return nil, nil } - workloads, errs := loadFiles(files) + workloads, errs := loadFiles(absPaths, files) if len(errs) > 0 { logger.L().Error(fmt.Sprintf("%v", errs)) } return workloads, nil } -func loadFiles(filePaths []string) (map[string][]workloadinterface.IMetadata, []error) { +func loadFiles(absPaths, filePaths []string) (map[string][]workloadinterface.IMetadata, []error) { workloads := make(map[string][]workloadinterface.IMetadata, 0) errs := []error{} for i := range filePaths { @@ -54,12 +54,13 @@ func loadFiles(filePaths []string) (map[string][]workloadinterface.IMetadata, [] w, e := ReadFile(f, GetFileFormat(filePaths[i])) errs = append(errs, e...) if w != nil { - if _, ok := workloads[filePaths[i]]; !ok { - workloads[filePaths[i]] = []workloadinterface.IMetadata{} + path := strings.TrimPrefix(filePaths[i], absPaths[i]) + if _, ok := workloads[path]; !ok { + workloads[path] = []workloadinterface.IMetadata{} } - wSlice := workloads[filePaths[i]] + wSlice := workloads[path] wSlice = append(wSlice, w...) - workloads[filePaths[i]] = wSlice + workloads[path] = wSlice } } return workloads, errs @@ -80,8 +81,10 @@ func ReadFile(fileContent []byte, fileFromat FileFormat) ([]workloadinterface.IM } } -func listFiles(patterns []string) ([]string, []error) { - files := []string{} +// listFiles returns the list of absolute paths, full file path and list of errors. The list of abs paths and full path have the same length +func listFiles(patterns []string) ([]string, []string, []error) { + var absPaths []string + var files []string errs := []error{} for i := range patterns { if strings.HasPrefix(patterns[i], "http") { @@ -90,6 +93,7 @@ func listFiles(patterns []string) ([]string, []error) { if !filepath.IsAbs(patterns[i]) { o, _ := os.Getwd() patterns[i] = filepath.Join(o, patterns[i]) + absPaths = append(absPaths, o) } if IsFile(patterns[i]) { files = append(files, patterns[i]) @@ -102,7 +106,7 @@ func listFiles(patterns []string) ([]string, []error) { } } } - return files, errs + return absPaths, files, errs } func readYamlFile(yamlFile []byte) ([]workloadinterface.IMetadata, []error) { diff --git a/core/cautils/fileutils_test.go b/core/cautils/fileutils_test.go index 811e7dfb..769c556a 100644 --- a/core/cautils/fileutils_test.go +++ b/core/cautils/fileutils_test.go @@ -18,7 +18,7 @@ func TestListFiles(t *testing.T) { filesPath := onlineBoutiquePath() - files, errs := listFiles([]string{filesPath}) + _, files, errs := listFiles([]string{filesPath}) assert.Equal(t, 0, len(errs)) assert.Equal(t, 12, len(files)) } @@ -38,13 +38,13 @@ func TestLoadResourcesFromFiles(t *testing.T) { } } func TestLoadFiles(t *testing.T) { - files, _ := listFiles([]string{onlineBoutiquePath()}) - _, err := loadFiles(files) + absPaths, files, _ := listFiles([]string{onlineBoutiquePath()}) + _, err := loadFiles(absPaths, files) assert.Equal(t, 0, len(err)) } func TestLoadFile(t *testing.T) { - files, _ := listFiles([]string{strings.Replace(onlineBoutiquePath(), "*", "adservice.yaml", 1)}) + _, files, _ := listFiles([]string{strings.Replace(onlineBoutiquePath(), "*", "adservice.yaml", 1)}) assert.Equal(t, 1, len(files)) _, err := loadFile(files[0]) diff --git a/core/pkg/resourcehandler/localgitrepository.go b/core/cautils/localgitrepository.go similarity index 73% rename from core/pkg/resourcehandler/localgitrepository.go rename to core/cautils/localgitrepository.go index ce0c9390..04b7ca7d 100644 --- a/core/pkg/resourcehandler/localgitrepository.go +++ b/core/cautils/localgitrepository.go @@ -1,11 +1,11 @@ -package resourcehandler +package cautils import ( "fmt" "path" "strings" - "time" + "github.com/armosec/go-git-url/apis" gitv5 "github.com/go-git/go-git/v5" configv5 "github.com/go-git/go-git/v5/config" plumbingv5 "github.com/go-git/go-git/v5/plumbing" @@ -17,14 +17,6 @@ type LocalGitRepository struct { config *configv5.Config } -type GitCommit struct { - hash string - authorName string - authorEmail string - message string - date time.Time -} - func NewLocalGitRepository(path string) (*LocalGitRepository, error) { gitRepo, err := gitv5.PlainOpen(path) if err != nil { @@ -52,11 +44,13 @@ func NewLocalGitRepository(path string) (*LocalGitRepository, error) { }, nil } +// GetBranchName get current branch name func (g *LocalGitRepository) GetBranchName() string { return g.head.Name().Short() } -func (g *LocalGitRepository) GetOriginUrl() (string, error) { +// GetRemoteUrl get default remote URL +func (g *LocalGitRepository) GetRemoteUrl() (string, error) { branchName := g.GetBranchName() if branchRef, branchFound := g.config.Branches[branchName]; branchFound { remoteName := branchRef.Remote @@ -73,8 +67,9 @@ func (g *LocalGitRepository) GetOriginUrl() (string, error) { return g.config.Remotes[defaultRemoteName].URLs[0], nil } +// GetName get origin name without the .git suffix func (g *LocalGitRepository) GetName() (string, error) { - originUrl, err := g.GetOriginUrl() + originUrl, err := g.GetRemoteUrl() if err != nil { return "", err } @@ -83,11 +78,13 @@ func (g *LocalGitRepository) GetName() (string, error) { return strings.TrimSuffix(baseName, ".git"), nil } -func (g *LocalGitRepository) GetLastCommit() (*GitCommit, error) { +// GetLastCommit get latest commit object +func (g *LocalGitRepository) GetLastCommit() (*apis.Commit, error) { return g.GetFileLastCommit("") } -func (g *LocalGitRepository) GetFileLastCommit(filePath string) (*GitCommit, error) { +// GetFileLastCommit get file latest commit object, if empty will return latest commit +func (g *LocalGitRepository) GetFileLastCommit(filePath string) (*apis.Commit, error) { // By default, returns commit information from current HEAD logOptions := &gitv5.LogOptions{} @@ -107,11 +104,15 @@ func (g *LocalGitRepository) GetFileLastCommit(filePath string) (*GitCommit, err return nil, err } - return &GitCommit{ - message: commit.Message, - hash: commit.Hash.String(), - authorName: commit.Author.Name, - authorEmail: commit.Author.Email, - date: commit.Author.When, + return &apis.Commit{ + SHA: commit.Hash.String(), + Author: apis.Committer{ + Name: commit.Author.Name, + Email: commit.Author.Email, + Date: commit.Author.When, + }, + Message: commit.Message, + Committer: apis.Committer{}, + Files: []apis.Files{}, }, nil } diff --git a/core/pkg/resourcehandler/localgitrepository_test.go b/core/cautils/localgitrepository_test.go similarity index 78% rename from core/pkg/resourcehandler/localgitrepository_test.go rename to core/cautils/localgitrepository_test.go index d6a49551..f81b38c7 100644 --- a/core/pkg/resourcehandler/localgitrepository_test.go +++ b/core/cautils/localgitrepository_test.go @@ -1,4 +1,4 @@ -package resourcehandler +package cautils import ( "archive/zip" @@ -110,7 +110,7 @@ func (s *LocalGitRepositoryTestSuite) TestGetName() { func (s *LocalGitRepositoryTestSuite) TestGetOriginUrl() { if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) { - if url, err := localRepo.GetOriginUrl(); s.NoError(err) { + if url, err := localRepo.GetRemoteUrl(); s.NoError(err) { s.Equal("git@github.com:testuser/localrepo", url) } } @@ -119,11 +119,11 @@ func (s *LocalGitRepositoryTestSuite) TestGetOriginUrl() { func (s *LocalGitRepositoryTestSuite) TestGetLastCommit() { if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) { if commit, err := localRepo.GetLastCommit(); s.NoError(err) { - s.Equal("7e09312b8017695fadcd606882e3779f10a5c832", commit.hash) - s.Equal("Amir Malka", commit.authorName) - s.Equal("amirm@armosec.io", commit.authorEmail) - s.Equal("2022-05-22 19:11:57 +0300 +0300", commit.date.String()) - s.Equal("added file B\n", commit.message) + s.Equal("7e09312b8017695fadcd606882e3779f10a5c832", commit.SHA) + s.Equal("Amir Malka", commit.Author.Name) + s.Equal("amirm@armosec.io", commit.Author.Email) + s.Equal("2022-05-22 19:11:57 +0300 +0300", commit.Author.Date.String()) + s.Equal("added file B\n", commit.Message) } } } @@ -132,11 +132,11 @@ func (s *LocalGitRepositoryTestSuite) TestGetFileLastCommit() { s.Run("fileA", func() { if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) { if commit, err := localRepo.GetFileLastCommit("fileA"); s.NoError(err) { - s.Equal("9fae4be19624297947d2b605cefbff516628612d", commit.hash) - s.Equal("Amir Malka", commit.authorName) - s.Equal("amirm@armosec.io", commit.authorEmail) - s.Equal("2022-05-22 18:55:48 +0300 +0300", commit.date.String()) - s.Equal("added file A\n", commit.message) + s.Equal("9fae4be19624297947d2b605cefbff516628612d", commit.SHA) + s.Equal("Amir Malka", commit.Author.Name) + s.Equal("amirm@armosec.io", commit.Author.Email) + s.Equal("2022-05-22 18:55:48 +0300 +0300", commit.Author.Date.String()) + s.Equal("added file A\n", commit.Message) } } }) @@ -144,11 +144,11 @@ func (s *LocalGitRepositoryTestSuite) TestGetFileLastCommit() { s.Run("fileB", func() { if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) { if commit, err := localRepo.GetFileLastCommit("dirA/fileB"); s.NoError(err) { - s.Equal("7e09312b8017695fadcd606882e3779f10a5c832", commit.hash) - s.Equal("Amir Malka", commit.authorName) - s.Equal("amirm@armosec.io", commit.authorEmail) - s.Equal("2022-05-22 19:11:57 +0300 +0300", commit.date.String()) - s.Equal("added file B\n", commit.message) + s.Equal("7e09312b8017695fadcd606882e3779f10a5c832", commit.SHA) + s.Equal("Amir Malka", commit.Author.Name) + s.Equal("amirm@armosec.io", commit.Author.Email) + s.Equal("2022-05-22 19:11:57 +0300 +0300", commit.Author.Date.String()) + s.Equal("added file B\n", commit.Message) } } }) diff --git a/core/cautils/scaninfo.go b/core/cautils/scaninfo.go index 4a5c24fb..b17e87af 100644 --- a/core/cautils/scaninfo.go +++ b/core/cautils/scaninfo.go @@ -22,8 +22,8 @@ import ( ) const ( - ScanCluster string = "cluster" - ScanLocalFiles string = "yaml" + // ScanCluster string = "cluster" + // ScanLocalFiles string = "yaml" localControlInputsFilename string = "controls-inputs.json" localExceptionsFilename string = "exceptions.json" ) @@ -190,12 +190,12 @@ func (scanInfo *ScanInfo) setOutputFile() { } } -func (scanInfo *ScanInfo) GetScanningEnvironment() string { - if len(scanInfo.InputPatterns) != 0 { - return ScanLocalFiles - } - return ScanCluster -} +// func (scanInfo *ScanInfo) GetScanningEnvironment() string { +// if len(scanInfo.InputPatterns) != 0 { +// return ScanLocalFiles +// } +// return ScanCluster +// } func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.NotificationPolicyKind) { for _, policy := range policies { @@ -248,71 +248,191 @@ func scanInfoToScanMetadata(scanInfo *ScanInfo) *reporthandlingv2.Metadata { metadata.ScanMetadata.VerboseMode = scanInfo.VerboseMode metadata.ScanMetadata.ControlsInputs = scanInfo.ControlsInputs - metadata.ScanMetadata.ScanningTarget = reporthandlingv2.Cluster - if scanInfo.GetScanningEnvironment() == ScanLocalFiles { - metadata.ScanMetadata.ScanningTarget = reporthandlingv2.File - } - inputFiles := "" if len(scanInfo.InputPatterns) > 0 { inputFiles = scanInfo.InputPatterns[0] } + + metadata.ScanMetadata.ScanningTarget = reporthandlingv2.Cluster + if GetScanningContext(inputFiles) != ContextCluster { + metadata.ScanMetadata.ScanningTarget = reporthandlingv2.File + } + setContextMetadata(&metadata.ContextMetadata, inputFiles) return metadata } -func setContextMetadata(contextMetadata *reporthandlingv2.ContextMetadata, input string) { +type ScanningContext string + +const ( + ContextCluster ScanningContext = "cluster" + ContextFile ScanningContext = "single-file" + ContextDir ScanningContext = "local-dir" + ContextGitURL ScanningContext = "git-url" + ContextGitLocal ScanningContext = "git-local" +) + +const ( // deprecated + ScopeCluster = "cluster" + ScopeYAML = "yaml" +) + +func (scanInfo *ScanInfo) GetScanningContext() ScanningContext { + input := "" + if len(scanInfo.InputPatterns) > 0 { + input = scanInfo.InputPatterns[0] + } + return GetScanningContext(input) +} + +// GetScanningContext get scanning context from the input param +func GetScanningContext(input string) ScanningContext { // cluster if input == "" { - contextMetadata.ClusterContextMetadata = &reporthandlingv2.ClusterMetadata{ - ContextName: k8sinterface.GetContextName(), - } - return + return ContextCluster } // url - if gitParser, err := giturl.NewGitURL(input); err == nil { - if gitParser.GetBranch() == "" { - gitParser.SetDefaultBranch() - } - contextMetadata.RepoContextMetadata = &reporthandlingv2.RepoContextMetadata{ - Repo: gitParser.GetRepo(), - Owner: gitParser.GetOwner(), - Branch: gitParser.GetBranch(), - } - return + if _, err := giturl.NewGitURL(input); err == nil { + return ContextGitURL } - if !filepath.IsAbs(input) { + if !filepath.IsAbs(input) { // parse path if o, err := os.Getwd(); err == nil { input = filepath.Join(o, input) } } + // local git repo + if _, err := NewLocalGitRepository(input); err == nil { + return ContextGitLocal + } + // single file if IsFile(input) { - contextMetadata.FileContextMetadata = &reporthandlingv2.FileContextMetadata{ - FilePath: input, - HostName: getHostname(), - } - return + return ContextFile } // dir/glob - if !IsFile(input) { + return ContextDir +} +func setContextMetadata(contextMetadata *reporthandlingv2.ContextMetadata, input string) { + switch GetScanningContext(input) { + case ContextCluster: + contextMetadata.ClusterContextMetadata = &reporthandlingv2.ClusterMetadata{ + ContextName: k8sinterface.GetContextName(), + } + case ContextGitURL: + // url + context, err := metadataGitURL(input) + if err != nil { + logger.L().Warning("in setContextMetadata", helpers.Interface("case", ContextGitURL), helpers.Error(err)) + } + contextMetadata.RepoContextMetadata = context + case ContextDir: contextMetadata.DirectoryContextMetadata = &reporthandlingv2.DirectoryContextMetadata{ - BasePath: input, + BasePath: getAbsPath(input), HostName: getHostname(), } - return + case ContextFile: + contextMetadata.FileContextMetadata = &reporthandlingv2.FileContextMetadata{ + FilePath: getAbsPath(input), + HostName: getHostname(), + } + case ContextGitLocal: + // local + context, err := metadataGitLocal(input) + if err != nil { + logger.L().Warning("in setContextMetadata", helpers.Interface("case", ContextGitURL), helpers.Error(err)) + } + contextMetadata.RepoContextMetadata = context } - } +func metadataGitURL(input string) (*reporthandlingv2.RepoContextMetadata, error) { + context := &reporthandlingv2.RepoContextMetadata{} + gitParser, err := giturl.NewGitURL(input) + if err != nil { + return context, fmt.Errorf("%w", err) + } + if gitParser.GetBranchName() == "" { + gitParser.SetDefaultBranchName() + } + context.Provider = gitParser.GetProvider() + context.Repo = gitParser.GetRepoName() + context.Owner = gitParser.GetOwnerName() + context.Branch = gitParser.GetBranchName() + context.RemoteURL = gitParser.GetURL().String() + + commit, err := gitParser.GetLatestCommit() + if err != nil { + return context, fmt.Errorf("%w", err) + } + + context.LastCommit = reporthandling.LastCommit{ + Hash: commit.SHA, + Date: commit.Committer.Date, + CommitterName: commit.Committer.Name, + } + + return context, nil +} + +func metadataGitLocal(input string) (*reporthandlingv2.RepoContextMetadata, error) { + gitParser, err := NewLocalGitRepository(input) + if err != nil { + return nil, fmt.Errorf("%w", err) + } + remoteURL, err := gitParser.GetRemoteUrl() + if err != nil { + return nil, fmt.Errorf("%w", err) + } + context := &reporthandlingv2.RepoContextMetadata{} + gitParserURL, err := giturl.NewGitURL(remoteURL) + if err != nil { + return context, fmt.Errorf("%w", err) + } + gitParserURL.SetBranchName(gitParser.GetBranchName()) + + context.Provider = gitParserURL.GetProvider() + context.Repo = gitParserURL.GetRepoName() + context.Owner = gitParserURL.GetOwnerName() + context.Branch = gitParserURL.GetBranchName() + context.RemoteURL = gitParserURL.GetURL().String() + + commit, err := gitParser.GetLastCommit() + if err != nil { + return context, fmt.Errorf("%w", err) + } + context.LastCommit = reporthandling.LastCommit{ + Hash: commit.SHA, + Date: commit.Committer.Date, + CommitterName: commit.Committer.Name, + } + + return context, nil +} func getHostname() string { if h, e := os.Hostname(); e == nil { return h } return "" } + +func getAbsPath(p string) string { + if !filepath.IsAbs(p) { // parse path + if o, err := os.Getwd(); err == nil { + return filepath.Join(o, p) + } + } + return p +} + +// ScanningContextToScanningScope convert the context to the deprecated scope +func ScanningContextToScanningScope(scanningContext ScanningContext) string { + if scanningContext == ContextCluster { + return ScopeCluster + } + return ScopeYAML +} diff --git a/core/cautils/scaninfo_test.go b/core/cautils/scaninfo_test.go index c1d6323d..4eb1e8c5 100644 --- a/core/cautils/scaninfo_test.go +++ b/core/cautils/scaninfo_test.go @@ -1,6 +1,7 @@ package cautils import ( + "path" "testing" reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2" @@ -65,3 +66,11 @@ func TestSetContextMetadata(t *testing.T) { func TestGetHostname(t *testing.T) { assert.NotEqual(t, "", getHostname()) } + +func TestGetScanningContext(t *testing.T) { + assert.Equal(t, ContextCluster, GetScanningContext("")) + assert.Equal(t, ContextDir, GetScanningContext(".")) + assert.Equal(t, ContextFile, GetScanningContext(path.Join(".", "testdata", "localrepo.git"))) + assert.Equal(t, ContextGitURL, GetScanningContext("https://github.com/armosec/kubescpae")) + // assert.Equal(t, ContextGitLocal, GetScanningContext(path.Join(".", "testdata"))) +} diff --git a/core/core/initutils.go b/core/core/initutils.go index 433f4b20..9a2d2274 100644 --- a/core/core/initutils.go +++ b/core/core/initutils.go @@ -122,7 +122,6 @@ func policyIdentifierNames(pi []cautils.PolicyIdentifier) string { func setSubmitBehavior(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantConfig) { /* - If "First run (local config not found)" - Default/keep-local - Do not send report Submit - Create tenant & Submit report @@ -139,6 +138,12 @@ func setSubmitBehavior(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantC return } + scanningContext := scanInfo.GetScanningContext() + if scanningContext == cautils.ContextFile || scanningContext == cautils.ContextDir { + scanInfo.Submit = false + return + } + if tenantConfig.IsConfigFound() { // config found in cache (submitted) if !scanInfo.Local { // Submit report @@ -164,20 +169,6 @@ func getPolicyGetter(loadPoliciesFromFile []string, tennatEmail string, framewor } -// func setGetArmoAPIConnector(scanInfo *cautils.ScanInfo, customerGUID string) { -// g := getter.GetArmoAPIConnector() // download policy from ARMO backend -// g.SetCustomerGUID(customerGUID) -// scanInfo.PolicyGetter = g -// if scanInfo.ScanAll { -// frameworks, err := g.ListCustomFrameworks(customerGUID) -// if err != nil { -// glog.Error("failed to get custom frameworks") // handle error -// return -// } -// scanInfo.SetPolicyIdentifiers(frameworks, reporthandling.KindFramework) -// } -// } - // setConfigInputsGetter sets the config input getter - local file/github release/ArmoAPI func getConfigInputsGetter(ControlsInputs string, accountID string, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IControlsInputsGetter { if len(ControlsInputs) > 0 { diff --git a/core/core/scan.go b/core/core/scan.go index 1bb640b9..bdce5c41 100644 --- a/core/core/scan.go +++ b/core/core/scan.go @@ -34,7 +34,7 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces { // ================== setup k8s interface object ====================================== var k8s *k8sinterface.KubernetesApi - if scanInfo.GetScanningEnvironment() == cautils.ScanCluster { + if scanInfo.GetScanningContext() == cautils.ContextCluster { k8s = getKubernetesApi() if k8s == nil { logger.L().Fatal("failed connecting to Kubernetes cluster") @@ -48,11 +48,6 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces { // Set submit behavior AFTER loading tenant config setSubmitBehavior(scanInfo, tenantConfig) - // Do not submit yaml scanning - if len(scanInfo.InputPatterns) > 0 { - scanInfo.Submit = false - } - if scanInfo.Submit { // submit - Create tenant & Submit report if err := tenantConfig.SetTenant(); err != nil { @@ -63,7 +58,7 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces { // ================== version testing ====================================== v := cautils.NewIVersionCheckHandler() - v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, policyIdentifierNames(scanInfo.PolicyIdentifier), "", scanInfo.GetScanningEnvironment())) + v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, policyIdentifierNames(scanInfo.PolicyIdentifier), "", cautils.ScanningContextToScanningScope(scanInfo.GetScanningContext()))) // ================== setup host scanner object ====================================== @@ -154,7 +149,7 @@ func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsH reportResults := opaprocessor.NewOPAProcessor(scanData, deps) if err := reportResults.ProcessRulesListenner(); err != nil { // TODO - do something - return resultsHandling, err + return resultsHandling, fmt.Errorf("%w", err) } // ========================= results handling ===================== @@ -166,25 +161,3 @@ func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsH return resultsHandling, nil } - -// func askUserForHostSensor() bool { -// return false - -// if !isatty.IsTerminal(os.Stdin.Fd()) { -// return false -// } -// if ssss, err := os.Stdin.Stat(); err == nil { -// // fmt.Printf("Found stdin type: %s\n", ssss.Mode().Type()) -// if ssss.Mode().Type()&(fs.ModeDevice|fs.ModeCharDevice) > 0 { //has TTY -// fmt.Fprintf(os.Stderr, "Would you like to scan K8s nodes? [y/N]. This is required to collect valuable data for certain controls\n") -// fmt.Fprintf(os.Stderr, "Use --enable-host-scan flag to suppress this message\n") -// var b []byte = make([]byte, 1) -// if n, err := os.Stdin.Read(b); err == nil { -// if n > 0 && len(b) > 0 && (b[0] == 'y' || b[0] == 'Y') { -// return true -// } -// } -// } -// } -// return false -// } diff --git a/core/pkg/resourcehandler/filesloader.go b/core/pkg/resourcehandler/filesloader.go index e99ee6fa..301c397c 100644 --- a/core/pkg/resourcehandler/filesloader.go +++ b/core/pkg/resourcehandler/filesloader.go @@ -5,6 +5,7 @@ import ( "github.com/armosec/armoapi-go/armotypes" "github.com/armosec/k8s-interface/workloadinterface" + "github.com/armosec/opa-utils/reporthandling" "k8s.io/apimachinery/pkg/version" "github.com/armosec/k8s-interface/k8sinterface" @@ -33,7 +34,7 @@ func (fileHandler *FileResourceHandler) GetResources(sessionObj *cautils.OPASess // map resources based on framework required resources: map["/group/version/kind"][] k8sResources := setK8sResourceMap(sessionObj.Policies) allResources := map[string]workloadinterface.IMetadata{} - workloadIDToSource := make(map[string]string, 0) + workloadIDToSource := make(map[string]reporthandling.Source, 0) armoResources := &cautils.ArmoResources{} workloads := []workloadinterface.IMetadata{} @@ -46,7 +47,7 @@ func (fileHandler *FileResourceHandler) GetResources(sessionObj *cautils.OPASess for source, ws := range sourceToWorkloads { workloads = append(workloads, ws...) for i := range ws { - workloadIDToSource[ws[i].GetID()] = source + workloadIDToSource[ws[i].GetID()] = reporthandling.Source{RelativePath: source} } } logger.L().Debug("files found in local storage", helpers.Int("files", len(sourceToWorkloads)), helpers.Int("workloads", len(workloads))) @@ -59,7 +60,7 @@ func (fileHandler *FileResourceHandler) GetResources(sessionObj *cautils.OPASess for source, ws := range sourceToWorkloads { workloads = append(workloads, ws...) for i := range ws { - workloadIDToSource[ws[i].GetID()] = source + workloadIDToSource[ws[i].GetID()] = reporthandling.Source{RelativePath: source} } } diff --git a/core/pkg/resultshandling/printer/v2/utils.go b/core/pkg/resultshandling/printer/v2/utils.go index d3a20af8..1c18c60d 100644 --- a/core/pkg/resultshandling/printer/v2/utils.go +++ b/core/pkg/resultshandling/printer/v2/utils.go @@ -62,13 +62,13 @@ func mapInfoToPrintInfo(controls reportsummary.ControlSummaries) []infoStars { return infoToPrintInfo } -func finalizeResources(results []resourcesresults.Result, allResources map[string]workloadinterface.IMetadata, resourcesSource map[string]string) []reporthandling.Resource { +func finalizeResources(results []resourcesresults.Result, allResources map[string]workloadinterface.IMetadata, resourcesSource map[string]reporthandling.Source) []reporthandling.Resource { resources := make([]reporthandling.Resource, 0) for i := range results { if obj, ok := allResources[results[i].ResourceID]; ok { resource := *reporthandling.NewResourceIMetadata(obj) if r, ok := resourcesSource[results[i].ResourceID]; ok { - resource.SetSource(&reporthandling.Source{Path: r}) + resource.SetSource(&r) } resources = append(resources, resource) } diff --git a/core/pkg/resultshandling/reporter/v2/reporteventreceiver.go b/core/pkg/resultshandling/reporter/v2/reporteventreceiver.go index 96bca9a2..29018b1b 100644 --- a/core/pkg/resultshandling/reporter/v2/reporteventreceiver.go +++ b/core/pkg/resultshandling/reporter/v2/reporteventreceiver.go @@ -151,11 +151,11 @@ func (report *ReportEventReceiver) setResults(reportObj *reporthandlingv2.Postur return nil } -func (report *ReportEventReceiver) setResources(reportObj *reporthandlingv2.PostureReport, allResources map[string]workloadinterface.IMetadata, resourcesSource map[string]string, counter, reportCounter *int, host string) error { +func (report *ReportEventReceiver) setResources(reportObj *reporthandlingv2.PostureReport, allResources map[string]workloadinterface.IMetadata, resourcesSource map[string]reporthandling.Source, counter, reportCounter *int, host string) error { for resourceID, v := range allResources { resource := reporthandling.NewResourceIMetadata(v) if r, ok := resourcesSource[resourceID]; ok { - resource.SetSource(&reporthandling.Source{Path: r}) + resource.SetSource(&r) } r, err := json.Marshal(resource) if err != nil { diff --git a/core/pkg/resultshandling/reporter/v2/reporteventreceiverutils.go b/core/pkg/resultshandling/reporter/v2/reporteventreceiverutils.go index 43ee689c..3d9b926b 100644 --- a/core/pkg/resultshandling/reporter/v2/reporteventreceiverutils.go +++ b/core/pkg/resultshandling/reporter/v2/reporteventreceiverutils.go @@ -16,7 +16,8 @@ func (report *ReportEventReceiver) initEventReceiverURL() { urlObj.Path = "/k8s/v2/postureReport" q := urlObj.Query() q.Add("customerGUID", uuid.MustParse(report.customerGUID).String()) - q.Add("clusterName", report.clusterName) + q.Add("contextName", report.clusterName) + q.Add("clusterName", report.clusterName) // deprecated urlObj.RawQuery = q.Encode() diff --git a/go.mod b/go.mod index 85b2735f..5fd2eff2 100644 --- a/go.mod +++ b/go.mod @@ -4,9 +4,9 @@ go 1.17 require ( github.com/armosec/armoapi-go v0.0.73 - github.com/armosec/go-git-url v0.0.4 + github.com/armosec/go-git-url v0.0.6 github.com/armosec/k8s-interface v0.0.76 - github.com/armosec/opa-utils v0.0.140 + github.com/armosec/opa-utils v0.0.144 github.com/armosec/rbac-utils v0.0.14 github.com/armosec/utils-go v0.0.5 github.com/armosec/utils-k8s-go v0.0.6 diff --git a/go.sum b/go.sum index 49cae5a0..21d8b497 100644 --- a/go.sum +++ b/go.sum @@ -125,15 +125,15 @@ github.com/armosec/armoapi-go v0.0.2/go.mod h1:vIK17yoKbJRQyZXWWLe3AqfqCRITxW8qm github.com/armosec/armoapi-go v0.0.23/go.mod h1:iaVVGyc23QGGzAdv4n+szGQg3Rbpixn9yQTU3qWRpaw= github.com/armosec/armoapi-go v0.0.73 h1:LMf+eCkkf+W9NVvOzHKFgVUEpBMvh27M7//UQP3aiO8= github.com/armosec/armoapi-go v0.0.73/go.mod h1:/9SQAgtLbYkfFneRRm/zkIn3zz+4Y2xv6N3vtFcyF8s= -github.com/armosec/go-git-url v0.0.4 h1:emG9Yfl53rHpuX41fXLD92ehzhRoNSSnGT6Pr7ogWMY= -github.com/armosec/go-git-url v0.0.4/go.mod h1:PJqdEyJyFxTQvawBcyOM0Ies6+uezire5gpwfr1XX5M= +github.com/armosec/go-git-url v0.0.6 h1:kF/IF2ripfbzCcpM62mTltwxNpjpZByiBg2MywRNC/o= +github.com/armosec/go-git-url v0.0.6/go.mod h1:GzfssG3IW9KiURSpK7c/bySBRTlghpObQ7NQ1O4hcMI= github.com/armosec/k8s-interface v0.0.8/go.mod h1:xxS+V5QT3gVQTwZyAMMDrYLWGrfKOpiJ7Jfhfa0w9sM= github.com/armosec/k8s-interface v0.0.37/go.mod h1:vHxGWqD/uh6+GQb9Sqv7OGMs+Rvc2dsFVc0XtgRh1ZU= github.com/armosec/k8s-interface v0.0.76 h1:pQaF+8BcNMm6GTYTjdG7vCM1l4BIk7oALXoT6v5gCAk= github.com/armosec/k8s-interface v0.0.76/go.mod h1:8NX4xWXh8mwW7QyZdZea1czNdM2azCK9BbUNmiZYXW0= github.com/armosec/opa-utils v0.0.64/go.mod h1:6tQP8UDq2EvEfSqh8vrUdr/9QVSCG4sJfju1SXQOn4c= -github.com/armosec/opa-utils v0.0.140 h1:iv6inb6+D0qgeVkv7f+ZIHpy239IUpAwg6Dau0JAWzg= -github.com/armosec/opa-utils v0.0.140/go.mod h1:Hwm9ZkcW87mB2567WT6mBuSBEzaKowBNfrl3Q0IVsV8= +github.com/armosec/opa-utils v0.0.144 h1:acGbcIyl/kCZ6CBCnMQgjXftJWWeatr3zGDTDx/K+7w= +github.com/armosec/opa-utils v0.0.144/go.mod h1:Hwm9ZkcW87mB2567WT6mBuSBEzaKowBNfrl3Q0IVsV8= github.com/armosec/rbac-utils v0.0.1/go.mod h1:pQ8CBiij8kSKV7aeZm9FMvtZN28VgA7LZcYyTWimq40= github.com/armosec/rbac-utils v0.0.14 h1:CKYKcgqJEXWF2Hen/B1pVGtS3nDAG1wp9dDv6oNtq90= github.com/armosec/rbac-utils v0.0.14/go.mod h1:Ex/IdGWhGv9HZq6Hs8N/ApzCKSIvpNe/ETqDfnuyah0=