fixed tests

Dev

README.md

@@ -100,6 +100,7 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser
 | `--submit`                  | `false`                   | If set, Kubescape will send the scan results to Armo management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not sent | `true`/`false`                               |
 | `--keep-local`              | `false`                   | Kubescape will not send scan results to Armo management portal. Use this flag if you ran with the `--submit` flag in the past and you do not want to submit your current scan results                                                                                                                                | `true`/`false`                               |
 | `--account`                 |                           | Armo portal account ID. Default will load account ID from configMap or config file                                                                                                                                                                                                                                   |                                              |
+| `--kube-context`                 |        current-context               |  Cluster context to scan                                                                                                                                                                                                                              |                                              |
 | `--verbose`                 | `false`                   | Display all of the input resources and not only failed resources                                                                                                                                                                                                                                                     | `true`/`false`                               |
 
 

cautils/customerloader.go

@@ -76,7 +76,7 @@ type LocalConfig struct {
 	configObj  *ConfigObj
 }
 
-func NewLocalConfig(backendAPI getter.IBackend, customerGUID string) *LocalConfig {
+func NewLocalConfig(backendAPI getter.IBackend, customerGUID, clusterName string) *LocalConfig {
 	var configObj *ConfigObj
 
 	lc := &LocalConfig{
@@ -95,6 +95,9 @@ func NewLocalConfig(backendAPI getter.IBackend, customerGUID string) *LocalConfi
 	if customerGUID != "" {
 		lc.configObj.CustomerGUID = customerGUID // override config customerGUID
 	}
+	if clusterName != "" {
+		lc.configObj.ClusterName = AdoptClusterName(clusterName) // override config clusterName
+	}
 	if lc.configObj.CustomerGUID != "" {
 		if err := lc.SetTenant(); err != nil {
 			fmt.Println(err)
@@ -107,7 +110,7 @@ func NewLocalConfig(backendAPI getter.IBackend, customerGUID string) *LocalConfi
 func (lc *LocalConfig) GetConfigObj() *ConfigObj            { return lc.configObj }
 func (lc *LocalConfig) GetCustomerGUID() string             { return lc.configObj.CustomerGUID }
 func (lc *LocalConfig) SetCustomerGUID(customerGUID string) { lc.configObj.CustomerGUID = customerGUID }
-func (lc *LocalConfig) GetClusterName() string              { return "" }
+func (lc *LocalConfig) GetClusterName() string              { return lc.configObj.ClusterName }
 func (lc *LocalConfig) IsConfigFound() bool                 { return existsConfigFile() }
 func (lc *LocalConfig) SetTenant() error {
 	// ARMO tenant GUID
@@ -163,7 +166,7 @@ type ClusterConfig struct {
 	configObj          *ConfigObj
 }
 
-func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, customerGUID string) *ClusterConfig {
+func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, customerGUID, clusterName string) *ClusterConfig {
 	var configObj *ConfigObj
 	c := &ClusterConfig{
 		k8s:                k8s,
@@ -186,6 +189,9 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 	if customerGUID != "" {
 		c.configObj.CustomerGUID = customerGUID // override config customerGUID
 	}
+	if clusterName != "" {
+		c.configObj.ClusterName = AdoptClusterName(clusterName) // override config clusterName
+	}
 	if c.configObj.CustomerGUID != "" {
 		if err := c.SetTenant(); err != nil {
 			fmt.Println(err)

cautils/downloadinfo.go

@@ -1,8 +1,9 @@
 package cautils
 
 type DownloadInfo struct {
-	Path    string
-	Target  string
-	Name    string
-	Account string
+	Path     string // directory to save artifact. Default is "~/.kubescape/"
+	FileName string // can be empty
+	Target   string // type of artifact to download
+	Name     string // name of artifact to download
+	Account  string // customerGUID
 }

cautils/getter/armoapi.go

@@ -112,6 +112,21 @@ func (armoAPI *ArmoAPI) GetFramework(name string) (*reporthandling.Framework, er
 	return framework, err
 }
 
+func (armoAPI *ArmoAPI) GetFrameworks() ([]reporthandling.Framework, error) {
+	respStr, err := HttpGetter(armoAPI.httpClient, armoAPI.getListFrameworkURL(), nil)
+	if err != nil {
+		return nil, nil
+	}
+
+	frameworks := []reporthandling.Framework{}
+	if err = JSONDecoder(respStr).Decode(&frameworks); err != nil {
+		return nil, err
+	}
+	// SaveInFile(framework, GetDefaultPath(name+".json"))
+
+	return frameworks, err
+}
+
 func (armoAPI *ArmoAPI) GetControl(policyName string) (*reporthandling.Control, error) {
 	return nil, fmt.Errorf("control api is not public")
 }

cautils/getter/downloadreleasedpolicy.go

@@ -41,6 +41,14 @@ func (drp *DownloadReleasedPolicy) GetFramework(name string) (*reporthandling.Fr
 	return framework, err
 }
 
+func (drp *DownloadReleasedPolicy) GetFrameworks() ([]reporthandling.Framework, error) {
+	frameworks, err := drp.gs.GetOPAFrameworks()
+	if err != nil {
+		return nil, err
+	}
+	return frameworks, err
+}
+
 func (drp *DownloadReleasedPolicy) ListFrameworks() ([]string, error) {
 	return drp.gs.GetOPAFrameworksNamesList()
 }

cautils/getter/getpolicies.go

@@ -13,6 +13,7 @@ const ListName ListType = "name"
 
 type IPolicyGetter interface {
 	GetFramework(name string) (*reporthandling.Framework, error)
+	GetFrameworks() ([]reporthandling.Framework, error)
 	GetControl(name string) (*reporthandling.Control, error)
 
 	ListFrameworks() ([]string, error)

cautils/getter/loadpolicy.go

@@ -78,6 +78,12 @@ func (lp *LoadPolicy) GetFramework(frameworkName string) (*reporthandling.Framew
 	return framework, err
 }
 
+func (lp *LoadPolicy) GetFrameworks() ([]reporthandling.Framework, error) {
+	frameworks := []reporthandling.Framework{}
+	var err error
+	return frameworks, err
+}
+
 func (lp *LoadPolicy) ListFrameworks() ([]string, error) {
 	// TODO - Support
 	return []string{}, fmt.Errorf("loading frameworks list from file is not supported")

cautils/rbac.go

@@ -42,19 +42,31 @@ func (rbacObjects *RBACObjects) ListAllResources() (map[string]workloadinterface
 
 func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.RbacObjects) (map[string]workloadinterface.IMetadata, error) {
 	allresources := map[string]workloadinterface.IMetadata{}
-	// wrap rbac aggregated objects in IMetadata and add to allresources
-	// TODO - DEPRECATE SA2WLIDmap
-	SA2WLIDmapIMeta, err := rbacutils.SA2WLIDmapIMetadataWrapper(resources.SA2WLIDmap)
-	if err != nil {
-		return nil, err
-	}
-	allresources[SA2WLIDmapIMeta.GetID()] = SA2WLIDmapIMeta
 
-	SAID2WLIDmapIMeta, err := rbacutils.SAID2WLIDmapIMetadataWrapper(resources.SAID2WLIDmap)
-	if err != nil {
-		return nil, err
-	}
-	allresources[SAID2WLIDmapIMeta.GetID()] = SAID2WLIDmapIMeta
+	/*
+		************************************************************************************************************************
+			This code is adding a non valid ID ->
+				(github.com/armosec/rbac-utils v0.0.11): "//SA2WLIDmap/SA2WLIDmap"
+				(github.com/armosec/rbac-utils v0.0.12): "armo.rbac.com/v0beta1//SAID2WLIDmap/SAID2WLIDmap"
+
+			Should be investigated
+		************************************************************************************************************************
+
+			// wrap rbac aggregated objects in IMetadata and add to allresources
+			// TODO - DEPRECATE SA2WLIDmap
+			SA2WLIDmapIMeta, err := rbacutils.SA2WLIDmapIMetadataWrapper(resources.SA2WLIDmap)
+			if err != nil {
+				return nil, err
+			}
+			allresources[SA2WLIDmapIMeta.GetID()] = SA2WLIDmapIMeta
+
+			SAID2WLIDmapIMeta, err := rbacutils.SAID2WLIDmapIMetadataWrapper(resources.SAID2WLIDmap)
+			if err != nil {
+				return nil, err
+			}
+			allresources[SAID2WLIDmapIMeta.GetID()] = SAID2WLIDmapIMeta
+
+	*/
 
 	// convert rbac k8s resources to IMetadata and add to allresources
 	for _, cr := range resources.ClusterRoles.Items {
@@ -62,7 +74,7 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 		if err != nil {
 			return nil, err
 		}
-		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1"
+		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the the correct apiVersion?
 		crIMeta := workloadinterface.NewWorkloadObj(crmap)
 		crIMeta.SetKind("ClusterRole")
 		allresources[crIMeta.GetID()] = crIMeta
@@ -72,7 +84,7 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 		if err != nil {
 			return nil, err
 		}
-		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1"
+		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the the correct apiVersion?
 		crIMeta := workloadinterface.NewWorkloadObj(crmap)
 		crIMeta.SetKind("Role")
 		allresources[crIMeta.GetID()] = crIMeta
@@ -82,7 +94,7 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 		if err != nil {
 			return nil, err
 		}
-		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1"
+		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the the correct apiVersion?
 		crIMeta := workloadinterface.NewWorkloadObj(crmap)
 		crIMeta.SetKind("ClusterRoleBinding")
 		allresources[crIMeta.GetID()] = crIMeta
@@ -92,7 +104,7 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 		if err != nil {
 			return nil, err
 		}
-		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1"
+		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the the correct apiVersion?
 		crIMeta := workloadinterface.NewWorkloadObj(crmap)
 		crIMeta.SetKind("RoleBinding")
 		allresources[crIMeta.GetID()] = crIMeta

cautils/reportv2tov1.go

@@ -1,14 +1,17 @@
-package v1
+package cautils
 
 import (
-	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/k8s-interface/workloadinterface"
 	"github.com/armosec/opa-utils/reporthandling"
 	helpersv1 "github.com/armosec/opa-utils/reporthandling/helpers/v1"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
 	"github.com/armosec/opa-utils/score"
 )
 
-func reportV2ToV1(opaSessionObj *cautils.OPASessionObj) {
+func ReportV2ToV1(opaSessionObj *OPASessionObj) {
+	if len(opaSessionObj.PostureReport.FrameworkReports) > 0 {
+		return // report already converted
+	}
 
 	opaSessionObj.PostureReport.ClusterCloudProvider = opaSessionObj.Report.ClusterCloudProvider
 
@@ -33,9 +36,9 @@ func reportV2ToV1(opaSessionObj *cautils.OPASessionObj) {
 		frameworks = append(frameworks, fwv1)
 	}
 
-	// remove unused data
-	opaSessionObj.Report = nil
-	opaSessionObj.ResourcesResult = nil
+	// // remove unused data
+	// opaSessionObj.Report = nil
+	// opaSessionObj.ResourcesResult = nil
 
 	// setup counters and score
 	for f := range frameworks {
@@ -55,6 +58,7 @@ func reportV2ToV1(opaSessionObj *cautils.OPASessionObj) {
 
 	opaSessionObj.PostureReport.FrameworkReports = frameworks
 
+	// opaSessionObj.Report.SummaryDetails.Score = 0
 	// for i := range frameworks {
 	// 	for j := range frameworks[i].ControlReports {
 	// 		// frameworks[i].ControlReports[j].Score
@@ -72,17 +76,20 @@ func reportV2ToV1(opaSessionObj *cautils.OPASessionObj) {
 	// 			opaSessionObj.Report.SummaryDetails.Controls[frameworks[i].ControlReports[j].ControlID] = c
 	// 		}
 	// 	}
+	// 	opaSessionObj.Report.SummaryDetails.Score += opaSessionObj.PostureReport.FrameworkReports[i].Score
 	// }
+	// opaSessionObj.Report.SummaryDetails.Score /= float32(len(opaSessionObj.Report.SummaryDetails.Frameworks))
 }
 
-func controlReportV2ToV1(opaSessionObj *cautils.OPASessionObj, frameworkName string, controls map[string]reportsummary.ControlSummary) []reporthandling.ControlReport {
+func controlReportV2ToV1(opaSessionObj *OPASessionObj, frameworkName string, controls map[string]reportsummary.ControlSummary) []reporthandling.ControlReport {
 	controlRepors := []reporthandling.ControlReport{}
 	for controlID, crv2 := range controls {
 		crv1 := reporthandling.ControlReport{}
 		crv1.ControlID = controlID
 		crv1.BaseScore = crv2.ScoreFactor
 		crv1.Name = crv2.GetName()
-
+		crv1.Control_ID = controlID
+		// crv1.Attributes = crv2.
 		crv1.Score = crv2.GetScore()
 
 		// TODO - add fields
@@ -98,6 +105,9 @@ func controlReportV2ToV1(opaSessionObj *cautils.OPASessionObj, frameworkName str
 					if _, ok := rulesv1[rulev2.GetName()]; !ok {
 						rulesv1[rulev2.GetName()] = reporthandling.RuleReport{
 							Name: rulev2.GetName(),
+							RuleStatus: reporthandling.RuleStatus{
+								Status: "success",
+							},
 						}
 					}
 
@@ -118,10 +128,11 @@ func controlReportV2ToV1(opaSessionObj *cautils.OPASessionObj, frameworkName str
 						}
 
 						if fullRessource, ok := opaSessionObj.AllResources[resourceID]; ok {
-							ruleResponse.AlertObject.K8SApiObjects = append(ruleResponse.AlertObject.K8SApiObjects, fullRessource.GetObject())
+							tmp := fullRessource.GetObject()
+							workloadinterface.RemoveFromMap(tmp, "spec")
+							ruleResponse.AlertObject.K8SApiObjects = append(ruleResponse.AlertObject.K8SApiObjects, tmp)
 						}
 						rulev1.RuleResponses = append(rulev1.RuleResponses, ruleResponse)
-
 					}
 
 					rulev1.ListInputKinds = append(rulev1.ListInputKinds, resourceID)
@@ -134,6 +145,9 @@ func controlReportV2ToV1(opaSessionObj *cautils.OPASessionObj, frameworkName str
 				crv1.RuleReports = append(crv1.RuleReports, rulesv1[i])
 			}
 		}
+		if len(crv1.RuleReports) == 0 {
+			crv1.RuleReports = []reporthandling.RuleReport{}
+		}
 		controlRepors = append(controlRepors, crv1)
 	}
 	return controlRepors

cautils/scaninfo.go

@@ -64,8 +64,10 @@ type ScanInfo struct {
 	HostSensor         BoolPtrFlag // Deploy ARMO K8s host sensor to collect data from certain controls
 	Local              bool        // Do not submit results
 	Account            string      // account ID
-	FrameworkScan      bool        // false if scanning control
-	ScanAll            bool        // true if scan all frameworks
+	// ClusterName        string      // cluster name
+	KubeContext   string // context name
+	FrameworkScan bool   // false if scanning control
+	ScanAll       bool   // true if scan all frameworks
 }
 
 type Getters struct {

clihandler/clidownload.go

@@ -2,7 +2,10 @@ package clihandler
 
 import (
 	"fmt"
+	"path/filepath"
+	"strings"
 
+	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/getter"
 )
@@ -12,6 +15,7 @@ var downloadFunc = map[string]func(*cautils.DownloadInfo) error{
 	"exceptions":      downloadExceptions,
 	"control":         downloadControl,
 	"framework":       downloadFramework,
+	"artifacts":       downloadArtifacts,
 }
 
 func DownloadSupportCommands() []string {
@@ -23,92 +27,150 @@ func DownloadSupportCommands() []string {
 }
 
 func CliDownload(downloadInfo *cautils.DownloadInfo) error {
-	if f, ok := downloadFunc[downloadInfo.Target]; ok {
+	setPathandFilename(downloadInfo)
+	if err := downloadArtifact(downloadInfo, downloadFunc); err != nil {
+		return err
+	}
+	return nil
+}
+
+func downloadArtifact(downloadInfo *cautils.DownloadInfo, downloadArtifactFunc map[string]func(*cautils.DownloadInfo) error) error {
+	if f, ok := downloadArtifactFunc[downloadInfo.Target]; ok {
 		if err := f(downloadInfo); err != nil {
 			return err
 		}
-		fmt.Printf("'%s' downloaded successfully and saved at: '%s'\n", downloadInfo.Target, downloadInfo.Path)
 		return nil
 	}
 	return fmt.Errorf("unknown command to download")
 }
 
+func setPathandFilename(downloadInfo *cautils.DownloadInfo) {
+	if downloadInfo.Path == "" {
+		downloadInfo.Path = getter.GetDefaultPath("")
+	} else {
+		dir, file := filepath.Split(downloadInfo.Path)
+		if dir == "" {
+			downloadInfo.Path = file
+		} else {
+			downloadInfo.Path = dir
+			downloadInfo.FileName = file
+		}
+	}
+}
+
+func downloadArtifacts(downloadInfo *cautils.DownloadInfo) error {
+	downloadInfo.FileName = ""
+	var artifacts = map[string]func(*cautils.DownloadInfo) error{
+		"controls-inputs": downloadConfigInputs,
+		"exceptions":      downloadExceptions,
+		"framework":       downloadFramework,
+	}
+	for artifact := range artifacts {
+		if err := downloadArtifact(&cautils.DownloadInfo{Target: artifact, Path: downloadInfo.Path, FileName: fmt.Sprintf("%s.json", artifact)}, artifacts); err != nil {
+			fmt.Printf("error downloading %s, error: %s", artifact, err)
+		}
+	}
+	return nil
+}
+
 func downloadConfigInputs(downloadInfo *cautils.DownloadInfo) error {
-	tenant := getTenantConfig(downloadInfo.Account, getKubernetesApi()) // change k8sinterface
+	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())
 	controlsInputsGetter := getConfigInputsGetter(downloadInfo.Name, tenant.GetCustomerGUID(), nil)
 	controlInputs, err := controlsInputsGetter.GetControlsInputs(tenant.GetClusterName())
 	if err != nil {
 		return err
 	}
-	if downloadInfo.Path == "" {
-		downloadInfo.Path = getter.GetDefaultPath(fmt.Sprintf("%s.json", downloadInfo.Target))
+	if downloadInfo.FileName == "" {
+		downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Target)
 	}
 	// save in file
-	err = getter.SaveInFile(controlInputs, downloadInfo.Path)
+	err = getter.SaveInFile(controlInputs, filepath.Join(downloadInfo.Path, downloadInfo.FileName))
 	if err != nil {
 		return err
 	}
+	fmt.Printf("'%s' downloaded successfully and saved at: '%s'\n", downloadInfo.Target, filepath.Join(downloadInfo.Path, downloadInfo.FileName))
 	return nil
 }
 
 func downloadExceptions(downloadInfo *cautils.DownloadInfo) error {
-	tenant := getTenantConfig(downloadInfo.Account, getKubernetesApi()) // change k8sinterface
+	var err error
+	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())
 	exceptionsGetter := getExceptionsGetter("")
-	exceptions, err := exceptionsGetter.GetExceptions(tenant.GetClusterName())
-	if err != nil {
-		return err
+	exceptions := []armotypes.PostureExceptionPolicy{}
+	if tenant.GetCustomerGUID() != "" {
+		exceptions, err = exceptionsGetter.GetExceptions(tenant.GetClusterName())
+		if err != nil {
+			return err
+		}
 	}
-	if downloadInfo.Path == "" {
-		downloadInfo.Path = getter.GetDefaultPath(fmt.Sprintf("%s.json", downloadInfo.Target))
+	if downloadInfo.FileName == "" {
+		downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Target)
 	}
 	// save in file
-	err = getter.SaveInFile(exceptions, downloadInfo.Path)
+	err = getter.SaveInFile(exceptions, filepath.Join(downloadInfo.Path, downloadInfo.FileName))
 	if err != nil {
 		return err
 	}
+	fmt.Printf("'%s' downloaded successfully and saved at: '%s'\n", downloadInfo.Target, filepath.Join(downloadInfo.Path, downloadInfo.FileName))
 	return nil
 }
 
 func downloadFramework(downloadInfo *cautils.DownloadInfo) error {
-	tenant := getTenantConfig(downloadInfo.Account, getKubernetesApi()) // change k8sinterface
+
+	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())
 	g := getPolicyGetter(nil, tenant.GetCustomerGUID(), true, nil)
 
 	if downloadInfo.Name == "" {
-		// TODO - support
-		return fmt.Errorf("missing framework name")
-	}
-	if downloadInfo.Path == "" {
-		downloadInfo.Path = getter.GetDefaultPath(downloadInfo.Name + ".json")
-	}
-	frameworks, err := g.GetFramework(downloadInfo.Name)
-	if err != nil {
-		return err
-	}
-	err = getter.SaveInFile(frameworks, downloadInfo.Path)
-	if err != nil {
-		return err
+		// if framework name not specified - download all frameworks
+		frameworks, err := g.GetFrameworks()
+		if err != nil {
+			return err
+		}
+		for _, fw := range frameworks {
+			err = getter.SaveInFile(fw, filepath.Join(downloadInfo.Path, (strings.ToLower(fw.Name)+".json")))
+			if err != nil {
+				return err
+			}
+			fmt.Printf("'%s': '%s' downloaded successfully and saved at: '%s'\n", downloadInfo.Target, fw.Name, filepath.Join(downloadInfo.Path, (strings.ToLower(fw.Name)+".json")))
+		}
+		// return fmt.Errorf("missing framework name")
+	} else {
+		if downloadInfo.FileName == "" {
+			downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Name)
+		}
+		framework, err := g.GetFramework(downloadInfo.Name)
+		if err != nil {
+			return err
+		}
+		err = getter.SaveInFile(framework, filepath.Join(downloadInfo.Path, downloadInfo.FileName))
+		if err != nil {
+			return err
+		}
+		fmt.Printf("'%s' downloaded successfully and saved at: '%s'\n", downloadInfo.Target, filepath.Join(downloadInfo.Path, downloadInfo.FileName))
 	}
 	return nil
 }
 
 func downloadControl(downloadInfo *cautils.DownloadInfo) error {
-	tenant := getTenantConfig(downloadInfo.Account, getKubernetesApi()) // change k8sinterface
+
+	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())
 	g := getPolicyGetter(nil, tenant.GetCustomerGUID(), false, nil)
 
 	if downloadInfo.Name == "" {
 		// TODO - support
 		return fmt.Errorf("missing control name")
 	}
-	if downloadInfo.Path == "" {
-		downloadInfo.Path = getter.GetDefaultPath(downloadInfo.Name + ".json")
+	if downloadInfo.FileName == "" {
+		downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Name)
 	}
 	controls, err := g.GetControl(downloadInfo.Name)
 	if err != nil {
 		return err
 	}
-	err = getter.SaveInFile(controls, downloadInfo.Path)
+	err = getter.SaveInFile(controls, filepath.Join(downloadInfo.Path, downloadInfo.FileName))
 	if err != nil {
 		return err
 	}
+	fmt.Printf("'%s' downloaded successfully and saved at: '%s'\n", downloadInfo.Target, filepath.Join(downloadInfo.Path, downloadInfo.FileName))
 	return nil
 }

clihandler/clilist.go

@@ -41,14 +41,14 @@ func CliList(listPolicies *cautils.ListPolicies) error {
 }
 
 func listFrameworks(listPolicies *cautils.ListPolicies) ([]string, error) {
-	tenant := getTenantConfig(listPolicies.Account, getKubernetesApi()) // change k8sinterface
+	tenant := getTenantConfig(listPolicies.Account, "", getKubernetesApi()) // change k8sinterface
 	g := getPolicyGetter(nil, tenant.GetCustomerGUID(), true, nil)
 
 	return listFrameworksNames(g), nil
 }
 
 func listControls(listPolicies *cautils.ListPolicies) ([]string, error) {
-	tenant := getTenantConfig(listPolicies.Account, getKubernetesApi()) // change k8sinterface
+	tenant := getTenantConfig(listPolicies.Account, "", getKubernetesApi()) // change k8sinterface
 	g := getPolicyGetter(nil, tenant.GetCustomerGUID(), false, nil)
 	l := getter.ListName
 	if listPolicies.ListIDs {

clihandler/cmd/cluster_get.go

@@ -30,7 +30,7 @@ var getCmd = &cobra.Command{
 		key := keyValue[0]
 
 		k8s := k8sinterface.NewKubernetesApi()
-		clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account)
+		clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account, "")
 		val, err := clusterConfig.GetValueByKeyFromConfigMap(key)
 		if err != nil {
 			if err.Error() == "value does not exist." {

clihandler/cmd/cluster_set.go

@@ -30,7 +30,7 @@ var setCmd = &cobra.Command{
 		data := keyValue[1]
 
 		k8s := k8sinterface.NewKubernetesApi()
-		clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account)
+		clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account, "")
 		if err := clusterConfig.SetKeyValueInConfigmap(key, data); err != nil {
 			return err
 		}

clihandler/cmd/download.go

@@ -12,14 +12,40 @@ import (
 
 var downloadInfo = cautils.DownloadInfo{}
 
+var (
+	downloadExample = `
+  # Download all artifacts and save them in the default path (~/.kubescape)
+  kubescape download artifacts
+  
+  # Download all artifacts and save them in /tmp path
+  kubescape download artifacts --output /tmp
+  
+  # Download the NSA framework. Run 'kubescape list frameworks' for all frameworks names
+  kubescape download frameworks nsa
+
+  # Download the "Allowed hostPath" control. Run 'kubescape list controls' for all controls names
+  kubescape download control "Allowed hostPath"
+
+  # Download the "C-0001" control. Run 'kubescape list controls --id' for all controls ids
+  kubescape download control C-0001
+
+  # Download the configured exceptions
+  kubescape download exceptions 
+
+  # Download the configured controls-inputs 
+  kubescape download controls-inputs 
+
+`
+)
 var downloadCmd = &cobra.Command{
-	Use:   "download <policy> <policy name>",
-	Short: fmt.Sprintf("Download %s", strings.Join(clihandler.DownloadSupportCommands(), "/")),
-	Long:  ``,
+	Use:     "download <policy> <policy name>",
+	Short:   fmt.Sprintf("Download %s", strings.Join(clihandler.DownloadSupportCommands(), ",")),
+	Long:    ``,
+	Example: downloadExample,
 	Args: func(cmd *cobra.Command, args []string) error {
 		supported := strings.Join(clihandler.DownloadSupportCommands(), ",")
 		if len(args) < 1 {
-			return fmt.Errorf("policy type requeued, supported: %v", supported)
+			return fmt.Errorf("policy type required, supported: %v", supported)
 		}
 		if cautils.StringInSlice(clihandler.DownloadSupportCommands(), args[0]) == cautils.ValueNotFound {
 			return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
@@ -43,7 +69,7 @@ func init() {
 	// cobra.OnInitialize(initConfig)
 
 	rootCmd.AddCommand(downloadCmd)
-	downloadCmd.Flags().StringVarP(&downloadInfo.Path, "output", "o", "", "Output file. If specified, will store save to `~/.kubescape/<policy name>.json`")
+	downloadCmd.Flags().StringVarP(&downloadInfo.Path, "output", "o", "", "Output file. If not specified, will save in `~/.kubescape/<policy name>.json`")
 	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
 
 }

clihandler/cmd/list.go

@@ -21,7 +21,7 @@ var (
   # List all supported controls names
   kubescape list controls
 
-  # List all supported controls id's
+  # List all supported controls ids
   kubescape list controls --id 
   
   Control documentation:

clihandler/cmd/scan.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/kubescape/cautils"
 	"github.com/spf13/cobra"
 )
@@ -33,8 +34,15 @@ var scanCmd = &cobra.Command{
 	},
 }
 
+func frameworkInitConfig() {
+	k8sinterface.SetClusterContextName(scanInfo.KubeContext)
+}
+
 func init() {
+	cobra.OnInitialize(frameworkInitConfig)
+
 	rootCmd.AddCommand(scanCmd)
+	rootCmd.PersistentFlags().StringVarP(&scanInfo.KubeContext, "--kube-context", "", "", "Kube context. Default will use the current-context")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.ControlsInputs, "controls-config", "", "Path to an controls-config obj. If not set will download controls-config from ARMO management portal")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from ARMO management portal")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Recommended: kube-system,kube-public")

clihandler/cmd/submit.go

@@ -20,7 +20,7 @@ func init() {
 }
 
 func getSubmittedClusterConfig(k8s *k8sinterface.KubernetesApi) (*cautils.ClusterConfig, error) {
-	clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account) // TODO - support none cluster env submit
+	clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account, scanInfo.KubeContext) // TODO - support none cluster env submit
 	if clusterConfig.GetCustomerGUID() != "" {
 		if err := clusterConfig.SetTenant(); err != nil {
 			return clusterConfig, err

clihandler/initcli.go

@@ -5,6 +5,7 @@ import (
 	"io/fs"
 	"os"
 
+	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/kubescape/resultshandling/printer"
 	printerv1 "github.com/armosec/kubescape/resultshandling/printer/v1"
 
@@ -34,9 +35,16 @@ type componentInterfaces struct {
 
 func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 
-	k8s := getKubernetesApi()
+	var k8s *k8sinterface.KubernetesApi
+	if scanInfo.GetScanningEnvironment() == cautils.ScanCluster {
+		k8s = getKubernetesApi()
+		if k8s == nil {
+			fmt.Println("Failed connecting to Kubernetes cluster")
+			os.Exit(1)
+		}
+	}
 
-	tenantConfig := getTenantConfig(scanInfo.Account, k8s)
+	tenantConfig := getTenantConfig(scanInfo.Account, scanInfo.KubeContext, k8s)
 
 	// Set submit behavior AFTER loading tenant config
 	setSubmitBehavior(scanInfo, tenantConfig)

clihandler/initcliutils.go

@@ -11,22 +11,24 @@ import (
 	"github.com/armosec/kubescape/resourcehandler"
 	"github.com/armosec/kubescape/resultshandling/reporter"
 	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
+	reporterv2 "github.com/armosec/kubescape/resultshandling/reporter/v2"
+
 	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/rbac-utils/rbacscanner"
-	// reporterv2 "github.com/armosec/kubescape/resultshandling/reporter/v2"
 )
 
+// getKubernetesApi
 func getKubernetesApi() *k8sinterface.KubernetesApi {
 	if !k8sinterface.IsConnectedToCluster() {
 		return nil
 	}
 	return k8sinterface.NewKubernetesApi()
 }
-func getTenantConfig(Account string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
-	if !k8sinterface.IsConnectedToCluster() {
-		return cautils.NewLocalConfig(getter.GetArmoAPIConnector(), Account)
+func getTenantConfig(Account, clusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
+	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
+		return cautils.NewLocalConfig(getter.GetArmoAPIConnector(), Account, clusterName)
 	}
-	return cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), Account)
+	return cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), Account, clusterName)
 }
 
 func getExceptionsGetter(useExceptions string) getter.IExceptionsGetter {
@@ -47,12 +49,14 @@ func getRBACHandler(tenantConfig cautils.ITenantConfig, k8s *k8sinterface.Kubern
 
 func getReporter(tenantConfig cautils.ITenantConfig, submit bool) reporter.IReport {
 	if submit {
-		return reporterv1.NewReportEventReceiver(tenantConfig.GetConfigObj())
+		// return reporterv1.NewReportEventReceiver(tenantConfig.GetConfigObj())
+		return reporterv2.NewReportEventReceiver(tenantConfig.GetConfigObj())
 	}
 	return reporterv1.NewReportMock()
 }
+
 func getResourceHandler(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantConfig, k8s *k8sinterface.KubernetesApi, hostSensorHandler hostsensorutils.IHostSensor) resourcehandler.IResourceHandler {
-	if scanInfo.GetScanningEnvironment() == cautils.ScanLocalFiles {
+	if len(scanInfo.InputPatterns) > 0 || k8s == nil {
 		return resourcehandler.NewFileResourceHandler(scanInfo.InputPatterns)
 	}
 	rbacObjects := getRBACHandler(tenantConfig, k8s, scanInfo.Submit)
@@ -60,9 +64,10 @@ func getResourceHandler(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenant
 }
 
 func getHostSensorHandler(scanInfo *cautils.ScanInfo, k8s *k8sinterface.KubernetesApi) hostsensorutils.IHostSensor {
-	if scanInfo.GetScanningEnvironment() == cautils.ScanLocalFiles {
+	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
 		return &hostsensorutils.HostSensorHandlerMock{}
 	}
+
 	hasHostSensorControls := true
 	// we need to determined which controls needs host sensor
 	if scanInfo.HostSensor.Get() == nil && hasHostSensorControls {
@@ -125,12 +130,6 @@ func setSubmitBehavior(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantC
 		return
 	}
 
-	// do not submit yaml/url scanning
-	if scanInfo.GetScanningEnvironment() == cautils.ScanLocalFiles {
-		scanInfo.Submit = false
-		return
-	}
-
 	if tenantConfig.IsConfigFound() { // config found in cache (submitted)
 		if !scanInfo.Local {
 			// Submit report

docs/proposals/container-image-vulnerability-adaptor.md

@@ -1,4 +1,4 @@
-# Container image vulnerabilty adaptor interface proposal
+# Container image vulnerability adaptor interface proposal
 
 ## Rationale
 
@@ -6,7 +6,7 @@ source #287
 
 ### Big picture
 
-* Kubescape team planning to create controls which take into account image vulnerabilities, example: looking for public internet facing workloads with critical vulnerabilities. These are seriously effecting the security health of a cluster and therefore we think it is important to cover it. We think that most container registries are/will support image scanning like Harbor and therefore the ability to get information from them is important.
+* Kubescape team is planning to create controls which take into account image vulnerabilities, example: looking for public internet facing workloads with critical vulnerabilities. These are seriously effecting the security health of a cluster and therefore we think it is important to cover it. We think that most container registries are/will support image scanning like Harbor and therefore the ability to get information from them is important.
 * There are information in the image repository which is important for existing controls as well. They are incomplete without it, example see this issue: Non-root containers check is broken #19 . These are not necessarily image vulnerability related. Can be information in the image manifest (like the issue before), but it can be the image BOM related.
 
 ### Relation to this proposal
@@ -114,4 +114,63 @@ type IContainerImageVulnerabilityAdaptor interface {
 
 	GetImagesInformation(imageIDs []ContainerImageIdentifier) ([]ContainerImageInformation, error)
 }
+```
+
+
+
+# Integration
+
+# Input
+
+The objects received from the interface will be converted to an Imetadata compatible objects as following
+
+```
+{
+    "apiVersion": "image.vulnscan.com/v1",
+    "kind": "VulnScan",
+    "metadata": {
+        "name": "nginx:latest"
+    },
+    "data": {
+        // returned by the adaptor API (structure like our backend gives for an image 
+    }
+}
+```
+
+
+# Output
+
+The rego results will be a combination of the k8s artifact and the list of relevant CVEs for the control
+
+```
+{
+    "apiVersion": "result.vulnscan.com/v1",
+    "kind": "Pod",
+    "metadata": {
+        "name": "nginx"
+    },
+    "relatedObjects": [
+        {
+            "apiVersion": "v1",
+            "kind": "Pod",
+            "metadata": {
+                "name": "nginx"
+            },
+            "spec": {
+                // podSpec
+            },
+        },
+        {
+            "apiVersion": "container.vulnscan.com/v1",
+            "kind": "VulnScan",
+            "metadata": {
+                "name": "nginx:latest",
+            },
+            "data": {
+                
+                // returned by the adaptor API (structure like our backend gives for an image  
+            }
+        }
+    ]
+}
 ```

go.mod

@@ -3,10 +3,10 @@ module github.com/armosec/kubescape
 go 1.17
 
 require (
-	github.com/armosec/armoapi-go v0.0.40
-	github.com/armosec/k8s-interface v0.0.50
-	github.com/armosec/opa-utils v0.0.91
-	github.com/armosec/rbac-utils v0.0.11
+	github.com/armosec/armoapi-go v0.0.41
+	github.com/armosec/k8s-interface v0.0.54
+	github.com/armosec/opa-utils v0.0.97
+	github.com/armosec/rbac-utils v0.0.12
 	github.com/armosec/utils-go v0.0.3
 	github.com/briandowns/spinner v1.18.0
 	github.com/enescakir/emoji v1.0.0
@@ -35,6 +35,7 @@ require (
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
+	github.com/armosec/armo-interfaces v0.0.3 // indirect
 	github.com/armosec/utils-k8s-go v0.0.1 // indirect
 	github.com/aws/aws-sdk-go v1.41.11 // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible // indirect

go.sum

@@ -83,20 +83,23 @@ github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hC
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armosec/armo-interfaces v0.0.3 h1:kG4mJIPgWBJvQFDDy8JzdqX3ASbyl8t32IuJYqB31Pk=
+github.com/armosec/armo-interfaces v0.0.3/go.mod h1:7XYefhcBCFYoF5LflCZHWuUHu+JrSJbmzk0zoNv2WlU=
 github.com/armosec/armoapi-go v0.0.2/go.mod h1:vIK17yoKbJRQyZXWWLe3AqfqCRITxW8qmSkApyq5xFs=
 github.com/armosec/armoapi-go v0.0.23/go.mod h1:iaVVGyc23QGGzAdv4n+szGQg3Rbpixn9yQTU3qWRpaw=
-github.com/armosec/armoapi-go v0.0.40 h1:KQRJXFqw95s6cV7HoGgw1x8qrRZ9eNVze//yQbo24Lk=
-github.com/armosec/armoapi-go v0.0.40/go.mod h1:iaVVGyc23QGGzAdv4n+szGQg3Rbpixn9yQTU3qWRpaw=
+github.com/armosec/armoapi-go v0.0.41 h1:iMkaCsME+zhE6vnCOMaqfqc0cp7pste8QFHojeGKfGg=
+github.com/armosec/armoapi-go v0.0.41/go.mod h1:exk1O3rK6V+X8SSyxc06lwb0j9ILQuKAoIdz9hs6Ndw=
 github.com/armosec/k8s-interface v0.0.8/go.mod h1:xxS+V5QT3gVQTwZyAMMDrYLWGrfKOpiJ7Jfhfa0w9sM=
 github.com/armosec/k8s-interface v0.0.37/go.mod h1:vHxGWqD/uh6+GQb9Sqv7OGMs+Rvc2dsFVc0XtgRh1ZU=
-github.com/armosec/k8s-interface v0.0.50 h1:iLPGI0j85vwKANr9QDAnba4Efjg3DyIJg15jRJdvOnc=
 github.com/armosec/k8s-interface v0.0.50/go.mod h1:vHxGWqD/uh6+GQb9Sqv7OGMs+Rvc2dsFVc0XtgRh1ZU=
+github.com/armosec/k8s-interface v0.0.54 h1:1sQeoEZA5bgpXVibXhEiTSeLd3GKY5NkTOeewdgR0Bs=
+github.com/armosec/k8s-interface v0.0.54/go.mod h1:vHxGWqD/uh6+GQb9Sqv7OGMs+Rvc2dsFVc0XtgRh1ZU=
 github.com/armosec/opa-utils v0.0.64/go.mod h1:6tQP8UDq2EvEfSqh8vrUdr/9QVSCG4sJfju1SXQOn4c=
-github.com/armosec/opa-utils v0.0.91 h1:8nnkySKVBQ6EPobid8FZXJLzFbVq9GtVa93oUkgEpeI=
-github.com/armosec/opa-utils v0.0.91/go.mod h1:ZOXYVTtuyrV4TldcfbzgRqP6F9Drlf4hB0zr210OXgM=
+github.com/armosec/opa-utils v0.0.97 h1:KPjRZdsAC9EObo17QxiW+s5KWmF6vNFu+VQSOgFv5uk=
+github.com/armosec/opa-utils v0.0.97/go.mod h1:BNTjeianyXlflJMz3bZM0GimBWqmzirUf1whWR6Os04=
 github.com/armosec/rbac-utils v0.0.1/go.mod h1:pQ8CBiij8kSKV7aeZm9FMvtZN28VgA7LZcYyTWimq40=
-github.com/armosec/rbac-utils v0.0.11 h1:SCiVLqUeV+WGpUsWbOBt6jKkFAd62jztuzB6PIgHz7w=
-github.com/armosec/rbac-utils v0.0.11/go.mod h1:Ex/IdGWhGv9HZq6Hs8N/ApzCKSIvpNe/ETqDfnuyah0=
+github.com/armosec/rbac-utils v0.0.12 h1:uJpMGDyLAX129PrKHp6NPNB6lVRhE0OZIwV6ywzSDrs=
+github.com/armosec/rbac-utils v0.0.12/go.mod h1:Ex/IdGWhGv9HZq6Hs8N/ApzCKSIvpNe/ETqDfnuyah0=
 github.com/armosec/utils-go v0.0.2/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
 github.com/armosec/utils-go v0.0.3 h1:uyQI676yRciQM0sSN9uPoqHkbspTxHO0kmzXhBeE/xU=
 github.com/armosec/utils-go v0.0.3/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=

opaprocessor/processorhandlerutils.go

@@ -201,6 +201,7 @@ func removeSecretData(workload workloadinterface.IWorkload) {
 func removePodData(workload workloadinterface.IWorkload) {
 	workload.RemoveAnnotation("kubectl.kubernetes.io/last-applied-configuration")
 	workloadinterface.RemoveFromMap(workload.GetObject(), "metadata", "managedFields")
+	workloadinterface.RemoveFromMap(workload.GetObject(), "status")
 
 	containers, err := workload.GetContainers()
 	if err != nil || len(containers) == 0 {

resultshandling/printer/printresults.go

@@ -20,9 +20,6 @@ type IPrinter interface {
 	ActionPrint(opaSessionObj *cautils.OPASessionObj)
 	SetWriter(outputFile string)
 	Score(score float32)
-
-	// FinalizeData convert 'opaSessionObj' data to be ready for printing/reporting
-	FinalizeData(opaSessionObj *cautils.OPASessionObj)
 }
 
 func GetWriter(outputFile string) *os.File {

resultshandling/printer/v1/jsonprinter.go

@@ -26,6 +26,8 @@ func (jsonPrinter *JsonPrinter) Score(score float32) {
 }
 
 func (jsonPrinter *JsonPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+	cautils.ReportV2ToV1(opaSessionObj)
+
 	var postureReportStr []byte
 	var err error
 
@@ -41,6 +43,3 @@ func (jsonPrinter *JsonPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj
 	}
 	jsonPrinter.writer.Write(postureReportStr)
 }
-func (jsonPrinter *JsonPrinter) FinalizeData(opaSessionObj *cautils.OPASessionObj) {
-	reportV2ToV1(opaSessionObj)
-}

resultshandling/printer/v1/junit.go

@@ -26,11 +26,9 @@ func (junitPrinter *JunitPrinter) Score(score float32) {
 	fmt.Fprintf(os.Stderr, "\nOverall risk-score (0- Excellent, 100- All failed): %d\n", int(score))
 }
 
-func (junitPrinter *JunitPrinter) FinalizeData(opaSessionObj *cautils.OPASessionObj) {
-	reportV2ToV1(opaSessionObj)
-}
-
 func (junitPrinter *JunitPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+	cautils.ReportV2ToV1(opaSessionObj)
+
 	junitResult, err := convertPostureReportToJunitResult(opaSessionObj.PostureReport)
 	if err != nil {
 		fmt.Println("Failed to convert posture report object!")

resultshandling/printer/v1/prettyprinter.go

@@ -31,6 +31,8 @@ func NewPrettyPrinter(verboseMode bool) *PrettyPrinter {
 }
 
 func (prettyPrinter *PrettyPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+	cautils.ReportV2ToV1(opaSessionObj)
+
 	// score := calculatePostureScore(opaSessionObj.PostureReport)
 	failedResources := []string{}
 	warningResources := []string{}
@@ -67,9 +69,6 @@ func (prettyPrinter *PrettyPrinter) SetWriter(outputFile string) {
 	prettyPrinter.writer = printer.GetWriter(outputFile)
 }
 
-func (prettyPrinter *PrettyPrinter) FinalizeData(opaSessionObj *cautils.OPASessionObj) {
-	reportV2ToV1(opaSessionObj)
-}
 func (prettyPrinter *PrettyPrinter) Score(score float32) {
 }
 

resultshandling/printer/v1/printresults.go

@@ -1,6 +1,9 @@
 package v1
 
-import "github.com/armosec/kubescape/resultshandling/printer"
+import (
+	"github.com/armosec/kubescape/resultshandling/printer"
+	"github.com/armosec/kubescape/resultshandling/printer/v2/controlmapping"
+)
 
 var INDENT = "   "
 
@@ -13,6 +16,6 @@ func GetPrinter(printFormat string, verboseMode bool) printer.IPrinter {
 	case printer.PrometheusFormat:
 		return NewPrometheusPrinter(verboseMode)
 	default:
-		return NewPrettyPrinter(verboseMode)
+		return controlmapping.NewPrettyPrinter(verboseMode)
 	}
 }

resultshandling/printer/v1/prometheusprinter.go

@@ -29,10 +29,6 @@ func (prometheusPrinter *PrometheusPrinter) Score(score float32) {
 	fmt.Printf("\n# Overall risk-score (0- Excellent, 100- All failed)\nkubescape_score %d\n", int(score))
 }
 
-func (prometheusPrinter *PrometheusPrinter) FinalizeData(opaSessionObj *cautils.OPASessionObj) {
-	reportV2ToV1(opaSessionObj)
-}
-
 func (printer *PrometheusPrinter) printResources(allResources map[string]workloadinterface.IMetadata, resourcesIDs *reporthandling.ResourcesIDs, frameworkName, controlName string) {
 	printer.printDetails(allResources, resourcesIDs.GetFailedResources(), frameworkName, controlName, "failed")
 	printer.printDetails(allResources, resourcesIDs.GetWarningResources(), frameworkName, controlName, "excluded")
@@ -90,6 +86,8 @@ func (printer *PrometheusPrinter) printReports(allResources map[string]workloadi
 }
 
 func (printer *PrometheusPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+	cautils.ReportV2ToV1(opaSessionObj)
+
 	err := printer.printReports(opaSessionObj.AllResources, opaSessionObj.PostureReport.FrameworkReports)
 	if err != nil {
 		fmt.Println(err)

resultshandling/printer/v2/controlmapping/prettyprinter.go

@@ -0,0 +1,244 @@
+package controlmapping
+
+import (
+	"fmt"
+	"os"
+	"sort"
+	"strings"
+
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/resultshandling/printer"
+	"github.com/armosec/opa-utils/objectsenvelopes"
+	"github.com/armosec/opa-utils/reporthandling/apis"
+	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
+	"github.com/enescakir/emoji"
+	"github.com/olekukonko/tablewriter"
+)
+
+type PrettyPrinter struct {
+	writer             *os.File
+	verboseMode        bool
+	sortedControlNames []string
+}
+
+func NewPrettyPrinter(verboseMode bool) *PrettyPrinter {
+	return &PrettyPrinter{
+		verboseMode: verboseMode,
+	}
+}
+
+func (prettyPrinter *PrettyPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+	prettyPrinter.sortedControlNames = getSortedControlsNames(opaSessionObj.Report.SummaryDetails.Controls) // ListControls().All())
+
+	prettyPrinter.printResults(&opaSessionObj.Report.SummaryDetails.Controls, opaSessionObj.AllResources)
+	prettyPrinter.printSummaryTable(&opaSessionObj.Report.SummaryDetails)
+
+}
+
+func (prettyPrinter *PrettyPrinter) SetWriter(outputFile string) {
+	prettyPrinter.writer = printer.GetWriter(outputFile)
+}
+
+func (prettyPrinter *PrettyPrinter) Score(score float32) {
+}
+
+func (prettyPrinter *PrettyPrinter) printResults(controls *reportsummary.ControlSummaries, allResources map[string]workloadinterface.IMetadata) {
+	for i := 0; i < len(prettyPrinter.sortedControlNames); i++ {
+
+		controlSummary := controls.GetControl(reportsummary.EControlCriteriaName, prettyPrinter.sortedControlNames[i]) //  summaryDetails.Controls ListControls().All() Controls.GetControl(ca)
+		prettyPrinter.printTitle(controlSummary)
+		prettyPrinter.printResources(controlSummary, allResources)
+
+		if controlSummary.GetStatus().IsSkipped() {
+			prettyPrinter.printSummary(prettyPrinter.sortedControlNames[i], controlSummary)
+		}
+	}
+}
+
+func (prettyPrinter *PrettyPrinter) printSummary(controlName string, controlSummary reportsummary.IControlSummary) {
+	if controlSummary.GetStatus().IsSkipped() {
+		return
+	}
+	cautils.SimpleDisplay(prettyPrinter.writer, "Summary - ")
+	cautils.SuccessDisplay(prettyPrinter.writer, "Passed:%v   ", controlSummary.NumberOfResources().Passed())
+	cautils.WarningDisplay(prettyPrinter.writer, "Excluded:%v   ", controlSummary.NumberOfResources().Excluded())
+	cautils.FailureDisplay(prettyPrinter.writer, "Failed:%v   ", controlSummary.NumberOfResources().Failed())
+	cautils.InfoDisplay(prettyPrinter.writer, "Total:%v\n", controlSummary.NumberOfResources().All())
+	if controlSummary.GetStatus().IsFailed() {
+		cautils.DescriptionDisplay(prettyPrinter.writer, "Remediation: %v\n", controlSummary.GetRemediation())
+	}
+	cautils.DescriptionDisplay(prettyPrinter.writer, "\n")
+
+}
+func (prettyPrinter *PrettyPrinter) printTitle(controlSummary reportsummary.IControlSummary) {
+	cautils.InfoDisplay(prettyPrinter.writer, "[control: %s - %s] ", controlSummary.GetName(), getControlURL(controlSummary.GetID()))
+	switch controlSummary.GetStatus().Status() {
+	case apis.StatusSkipped:
+		cautils.InfoDisplay(prettyPrinter.writer, "skipped %v\n", emoji.ConfusedFace)
+	case apis.StatusFailed:
+		cautils.FailureDisplay(prettyPrinter.writer, "failed %v\n", emoji.SadButRelievedFace)
+	case apis.StatusExcluded:
+		cautils.WarningDisplay(prettyPrinter.writer, "excluded %v\n", emoji.NeutralFace)
+	default:
+		cautils.SuccessDisplay(prettyPrinter.writer, "passed %v\n", emoji.ThumbsUp)
+	}
+	cautils.DescriptionDisplay(prettyPrinter.writer, "Description: %s\n", controlSummary.GetDescription())
+}
+func (prettyPrinter *PrettyPrinter) printResources(controlSummary reportsummary.IControlSummary, allResources map[string]workloadinterface.IMetadata) {
+
+	workloadsSummary := listResultSummary(controlSummary, allResources)
+
+	failedWorkloads := groupByNamespaceOrKind(workloadsSummary, workloadSummaryFailed)
+	excludedWorkloads := groupByNamespaceOrKind(workloadsSummary, workloadSummaryExclude)
+
+	var passedWorkloads map[string][]WorkloadSummary
+	if prettyPrinter.verboseMode {
+		passedWorkloads = groupByNamespaceOrKind(workloadsSummary, workloadSummaryPassed)
+	}
+	if len(failedWorkloads) > 0 {
+		cautils.FailureDisplay(prettyPrinter.writer, "Failed:\n")
+		prettyPrinter.printGroupedResources(failedWorkloads)
+	}
+	if len(excludedWorkloads) > 0 {
+		cautils.WarningDisplay(prettyPrinter.writer, "Excluded:\n")
+		prettyPrinter.printGroupedResources(excludedWorkloads)
+	}
+	if len(passedWorkloads) > 0 {
+		cautils.SuccessDisplay(prettyPrinter.writer, "Passed:\n")
+		prettyPrinter.printGroupedResources(passedWorkloads)
+	}
+
+}
+
+func (prettyPrinter *PrettyPrinter) printGroupedResources(workloads map[string][]WorkloadSummary) {
+	indent := "  "
+	for title, rsc := range workloads {
+		prettyPrinter.printGroupedResource(indent, title, rsc)
+	}
+}
+
+func (prettyPrinter *PrettyPrinter) printGroupedResource(indent string, title string, rsc []WorkloadSummary) {
+	preIndent := indent
+	if title != "" {
+		cautils.SimpleDisplay(prettyPrinter.writer, "%s%s\n", indent, title)
+		indent += indent
+	}
+
+	resources := []string{}
+	for r := range rsc {
+		relatedObjectsStr := generateRelatedObjectsStr(rsc[r]) // TODO -
+		resources = append(resources, fmt.Sprintf("%s%s - %s %s", indent, rsc[r].resource.GetKind(), rsc[r].resource.GetName(), relatedObjectsStr))
+	}
+
+	sort.Strings(resources)
+	for i := range resources {
+		cautils.SimpleDisplay(prettyPrinter.writer, resources[i]+"\n")
+	}
+
+	indent = preIndent
+}
+
+func generateRelatedObjectsStr(workload WorkloadSummary) string {
+	relatedStr := ""
+	if workload.resource.GetObjectType() == workloadinterface.TypeWorkloadObject {
+		relatedObjects := objectsenvelopes.NewRegoResponseVectorObject(workload.resource.GetObject()).GetRelatedObjects()
+		for i, related := range relatedObjects {
+			if ns := related.GetNamespace(); i == 0 && ns != "" {
+				relatedStr += fmt.Sprintf("Namespace - %s, ", ns)
+			}
+			relatedStr += fmt.Sprintf("%s - %s, ", related.GetKind(), related.GetName())
+		}
+	}
+	if relatedStr != "" {
+		relatedStr = fmt.Sprintf(" [%s]", relatedStr[:len(relatedStr)-2])
+	}
+	return relatedStr
+}
+
+func generateRow(controlSummary reportsummary.IControlSummary) []string {
+	row := []string{controlSummary.GetName()}
+	row = append(row, fmt.Sprintf("%d", controlSummary.NumberOfResources().Failed()))
+	row = append(row, fmt.Sprintf("%d", controlSummary.NumberOfResources().Excluded()))
+	row = append(row, fmt.Sprintf("%d", controlSummary.NumberOfResources().All()))
+
+	if !controlSummary.GetStatus().IsSkipped() {
+		row = append(row, fmt.Sprintf("%d", int(controlSummary.GetScore()))+"%")
+	} else {
+		row = append(row, "skipped")
+	}
+	return row
+}
+
+func generateHeader() []string {
+	return []string{"Control Name", "Failed Resources", "Excluded Resources", "All Resources", "% risk-score"}
+}
+
+func generateFooter(summaryDetails *reportsummary.SummaryDetails) []string {
+	// Control name | # failed resources | all resources | % success
+	row := []string{}
+	row = append(row, "Resource Summary") //fmt.Sprintf(""%d", numControlers"))
+	row = append(row, fmt.Sprintf("%d", summaryDetails.NumberOfResources().Failed()))
+	row = append(row, fmt.Sprintf("%d", summaryDetails.NumberOfResources().Excluded()))
+	row = append(row, fmt.Sprintf("%d", summaryDetails.NumberOfResources().All()))
+	row = append(row, fmt.Sprintf("%.2f%s", summaryDetails.Score, "%"))
+
+	return row
+}
+func (prettyPrinter *PrettyPrinter) printSummaryTable(summaryDetails *reportsummary.SummaryDetails) {
+	// For control scan framework will be nil
+	prettyPrinter.printFramework(summaryDetails.ListFrameworks().All())
+
+	summaryTable := tablewriter.NewWriter(prettyPrinter.writer)
+	summaryTable.SetAutoWrapText(false)
+	summaryTable.SetHeader(generateHeader())
+	summaryTable.SetHeaderLine(true)
+	alignments := []int{tablewriter.ALIGN_LEFT, tablewriter.ALIGN_CENTER, tablewriter.ALIGN_CENTER, tablewriter.ALIGN_CENTER, tablewriter.ALIGN_CENTER}
+	summaryTable.SetColumnAlignment(alignments)
+
+	for i := 0; i < len(prettyPrinter.sortedControlNames); i++ {
+		summaryTable.Append(generateRow(summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaName, prettyPrinter.sortedControlNames[i])))
+	}
+
+	summaryTable.SetFooter(generateFooter(summaryDetails))
+
+	// summaryTable.SetFooter(generateFooter())
+	summaryTable.Render()
+}
+
+func (prettyPrinter *PrettyPrinter) printFramework(frameworks []reportsummary.IPolicies) {
+	if len(frameworks) == 1 {
+		if frameworks[0].GetName() != "" {
+			cautils.InfoTextDisplay(prettyPrinter.writer, fmt.Sprintf("FRAMEWORK %s\n", frameworks[0].GetName()))
+		}
+	} else if len(frameworks) > 1 {
+		p := "FRAMEWORKS: "
+		i := 0
+		for ; i < len(frameworks)-1; i++ {
+			p += fmt.Sprintf("%s (risk: %.2f), ", frameworks[i].GetName(), frameworks[i].GetScore())
+		}
+		p += fmt.Sprintf("%s (risk: %.2f)\n", frameworks[i].GetName(), frameworks[i].GetScore())
+		cautils.InfoTextDisplay(prettyPrinter.writer, p)
+	}
+}
+func getSortedControlsNames(controls reportsummary.ControlSummaries) []string {
+	controlNames := make([]string, 0, len(controls))
+	for k := range controls {
+		c := controls[k]
+		controlNames = append(controlNames, c.GetName())
+	}
+	sort.Strings(controlNames)
+	return controlNames
+}
+
+// func getSortedControlsNames(controls []reportsummary.IPolicies) []string {
+// 	controlNames := make([]string, 0, len(controls))
+// 	for k := range controls {
+// 		controlNames = append(controlNames, controls[k].Get())
+// 	}
+// 	sort.Strings(controlNames)
+// 	return controlNames
+// }
+func getControlURL(controlID string) string {
+	return fmt.Sprintf("https://hub.armo.cloud/docs/%s", strings.ToLower(controlID))
+}

resultshandling/printer/v2/controlmapping/summeryhelpers.go

@@ -0,0 +1,101 @@
+package controlmapping
+
+import (
+	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/opa-utils/objectsenvelopes"
+	"github.com/armosec/opa-utils/reporthandling/apis"
+	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
+)
+
+type WorkloadSummary struct {
+	resource workloadinterface.IMetadata
+	status   apis.ScanningStatus
+}
+
+func workloadSummaryFailed(workloadSummary *WorkloadSummary) bool {
+	return workloadSummary.status == apis.StatusFailed
+}
+
+func workloadSummaryExclude(workloadSummary *WorkloadSummary) bool {
+	return workloadSummary.status == apis.StatusExcluded
+}
+
+func workloadSummaryPassed(workloadSummary *WorkloadSummary) bool {
+	return workloadSummary.status == apis.StatusPassed
+}
+
+// Group workloads by namespace - return {"namespace": <[]WorkloadSummary>}
+func groupByNamespaceOrKind(resources []WorkloadSummary, status func(workloadSummary *WorkloadSummary) bool) map[string][]WorkloadSummary {
+	mapResources := make(map[string][]WorkloadSummary)
+	for i := range resources {
+		if !status(&resources[i]) {
+			continue
+		}
+		t := resources[i].resource.GetObjectType()
+		if t == objectsenvelopes.TypeRegoResponseVectorObject && !isKindToBeGrouped(resources[i].resource.GetKind()) {
+			t = workloadinterface.TypeWorkloadObject
+		}
+		switch t { // TODO - find a better way to defind the groups
+		case workloadinterface.TypeWorkloadObject:
+			ns := ""
+			if resources[i].resource.GetNamespace() != "" {
+				ns = "Namescape " + resources[i].resource.GetNamespace()
+			}
+			if r, ok := mapResources[ns]; ok {
+				r = append(r, resources[i])
+				mapResources[ns] = r
+			} else {
+				mapResources[ns] = []WorkloadSummary{resources[i]}
+			}
+		case objectsenvelopes.TypeRegoResponseVectorObject:
+			group := resources[i].resource.GetKind() + "s"
+			if r, ok := mapResources[group]; ok {
+				r = append(r, resources[i])
+				mapResources[group] = r
+			} else {
+				mapResources[group] = []WorkloadSummary{resources[i]}
+			}
+		default:
+			group, _ := k8sinterface.SplitApiVersion(resources[i].resource.GetApiVersion())
+			if r, ok := mapResources[group]; ok {
+				r = append(r, resources[i])
+				mapResources[group] = r
+			} else {
+				mapResources[group] = []WorkloadSummary{resources[i]}
+			}
+		}
+	}
+	return mapResources
+}
+
+func isKindToBeGrouped(kind string) bool {
+	if kind == "Group" || kind == "User" {
+		return true
+	}
+	return false
+}
+
+func listResultSummary(controlSummary reportsummary.IControlSummary, allResources map[string]workloadinterface.IMetadata) []WorkloadSummary {
+	workloadsSummary := []WorkloadSummary{}
+
+	workloadsSummary = append(workloadsSummary, newListWorkloadsSummary(allResources, controlSummary.ListResourcesIDs().Failed(), apis.StatusFailed)...)
+	workloadsSummary = append(workloadsSummary, newListWorkloadsSummary(allResources, controlSummary.ListResourcesIDs().Excluded(), apis.StatusExcluded)...)
+	workloadsSummary = append(workloadsSummary, newListWorkloadsSummary(allResources, controlSummary.ListResourcesIDs().Passed(), apis.StatusPassed)...)
+
+	return workloadsSummary
+}
+
+func newListWorkloadsSummary(allResources map[string]workloadinterface.IMetadata, resourcesIDs []string, status apis.ScanningStatus) []WorkloadSummary {
+	workloadsSummary := []WorkloadSummary{}
+
+	for _, i := range resourcesIDs {
+		if r, ok := allResources[i]; ok {
+			workloadsSummary = append(workloadsSummary, WorkloadSummary{
+				resource: r,
+				status:   status,
+			})
+		}
+	}
+	return workloadsSummary
+}

resultshandling/printer/v2/printresults.go

@@ -1,18 +1,21 @@
 package v2
 
-import "github.com/armosec/kubescape/resultshandling/printer"
+import (
+	"github.com/armosec/kubescape/resultshandling/printer"
+	"github.com/armosec/kubescape/resultshandling/printer/v2/resourcemapping"
+)
 
 var INDENT = "   "
 
 func GetPrinter(printFormat string, verboseMode bool) printer.IPrinter {
 	switch printFormat {
 	case printer.JsonFormat:
-		return NewJsonPrinter()
+		return resourcemapping.NewJsonPrinter()
 	case printer.JunitResultFormat:
 		return NewJunitPrinter()
 	// case printer.PrometheusFormat:
 	// 	return NewPrometheusPrinter(verboseMode)
 	default:
-		return NewPrettyPrinter(verboseMode)
+		return resourcemapping.NewPrettyPrinter(verboseMode)
 	}
 }

resultshandling/printer/v2/resourcemapping/jsonprinter.go

@@ -1,4 +1,4 @@
-package v2
+package resourcemapping
 
 import (
 	"encoding/json"
@@ -37,5 +37,5 @@ func (jsonPrinter *JsonPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj
 }
 
 func (jsonPrinter *JsonPrinter) FinalizeData(opaSessionObj *cautils.OPASessionObj) {
-	finalizeReport(opaSessionObj)
+	// finalizeReport(opaSessionObj)
 }

resultshandling/printer/v2/resourcemapping/prettyprinter.go

@@ -1,4 +1,4 @@
-package v2
+package resourcemapping
 
 import (
 	"fmt"
@@ -89,7 +89,7 @@ func (prettyPrinter *PrettyPrinter) SetWriter(outputFile string) {
 }
 
 func (prettyPrinter *PrettyPrinter) FinalizeData(opaSessionObj *cautils.OPASessionObj) {
-	finalizeReport(opaSessionObj)
+	// finalizeReport(opaSessionObj)
 }
 func (prettyPrinter *PrettyPrinter) Score(score float32) {
 }

resultshandling/printer/v2/utils.go

@@ -3,8 +3,8 @@ package v2
 import (
 	"github.com/armosec/k8s-interface/workloadinterface"
 	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
 )
 
 // finalizeV2Report finalize the results objects by copying data from map to lists
@@ -16,7 +16,7 @@ func finalizeReport(opaSessionObj *cautils.OPASessionObj) {
 	}
 
 	if len(opaSessionObj.Report.Resources) == 0 {
-		opaSessionObj.Report.Resources = make([]reporthandlingv2.Resource, len(opaSessionObj.AllResources))
+		opaSessionObj.Report.Resources = make([]reporthandling.Resource, len(opaSessionObj.AllResources))
 		finalizeResources(opaSessionObj.Report.Resources, opaSessionObj.AllResources)
 		opaSessionObj.AllResources = nil
 	}
@@ -30,13 +30,15 @@ func finalizeResults(results []resourcesresults.Result, resourcesResult map[stri
 	}
 }
 
-func finalizeResources(resources []reporthandlingv2.Resource, allResources map[string]workloadinterface.IMetadata) {
+func finalizeResources(resources []reporthandling.Resource, allResources map[string]workloadinterface.IMetadata) {
 	index := 0
 	for resourceID := range allResources {
-		resources[index] = reporthandlingv2.Resource{
-			ResourceID: resourceID,
-			Object:     allResources[resourceID],
+		if obj, ok := allResources[resourceID]; ok {
+			r := *reporthandling.NewResource(obj.GetObject())
+			r.ResourceID = resourceID
+			resources[index] = r
 		}
+
 		index++
 	}
 }

resultshandling/reporter/v1/reporteventreceiver.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"strings"
 
 	"github.com/armosec/k8s-interface/workloadinterface"
 	"github.com/armosec/kubescape/cautils"
@@ -23,6 +24,7 @@ type ReportEventReceiver struct {
 	eventReceiverURL   *url.URL
 	token              string
 	customerAdminEMail string
+	message            string
 }
 
 func NewReportEventReceiver(tenantConfig *cautils.ConfigObj) *ReportEventReceiver {
@@ -36,16 +38,24 @@ func NewReportEventReceiver(tenantConfig *cautils.ConfigObj) *ReportEventReceive
 }
 
 func (report *ReportEventReceiver) ActionSendReport(opaSessionObj *cautils.OPASessionObj) error {
+	cautils.ReportV2ToV1(opaSessionObj)
 
-	if report.customerGUID == "" || report.clusterName == "" {
-		return fmt.Errorf("missing account ID or cluster name. AccountID: '%s', Cluster name: '%s'", report.customerGUID, report.clusterName)
+	if report.customerGUID == "" {
+		report.message = "WARNING: Failed to publish results. Reason: Unknown accout ID. Run kubescape with the '--account <account ID>' flag. Contact ARMO team for more details"
+		return nil
 	}
+	if report.clusterName == "" {
+		report.message = "WARNING: Failed to publish results. Reason: Unknown cluster name. Run kubescape with the '--kube-context <cluster name>' flag"
+		return nil
+	}
+
 	opaSessionObj.PostureReport.ReportID = uuid.NewV4().String()
-	opaSessionObj.PostureReport.CustomerGUID = report.clusterName
-	opaSessionObj.PostureReport.ClusterName = report.customerGUID
+	opaSessionObj.PostureReport.CustomerGUID = report.customerGUID
+	opaSessionObj.PostureReport.ClusterName = report.clusterName
 
 	if err := report.prepareReport(opaSessionObj.PostureReport, opaSessionObj.AllResources); err != nil {
-		return err
+		report.message = err.Error()
+		return nil
 	}
 	return nil
 }
@@ -74,6 +84,8 @@ func (report *ReportEventReceiver) prepareReport(postureReport *reporthandling.P
 	if err := report.sendResources(host, postureReport, allResources); err != nil {
 		return err
 	}
+	report.generateMessage()
+
 	return nil
 }
 
@@ -112,14 +124,16 @@ func (report *ReportEventReceiver) sendReport(host string, postureReport *report
 	if err != nil {
 		return fmt.Errorf("in 'sendReport' failed to json.Marshal, reason: %v", err)
 	}
+	// fmt.Printf("\n\n%s\n\n", reqBody)
+
 	msg, err := getter.HttpPost(report.httpClient, host, nil, reqBody)
 	if err != nil {
 		return fmt.Errorf("%s, %v:%s", host, err, msg)
 	}
-	return err
+	return nil
 }
 
-func (report *ReportEventReceiver) DisplayReportURL() {
+func (report *ReportEventReceiver) generateMessage() {
 	message := "You can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more by registering here:"
 
 	u := url.URL{}
@@ -127,7 +141,7 @@ func (report *ReportEventReceiver) DisplayReportURL() {
 	u.Host = getter.GetArmoAPIConnector().GetFrontendURL()
 
 	if report.customerAdminEMail != "" {
-		cautils.InfoTextDisplay(os.Stderr, fmt.Sprintf("\n\n%s %s/risk/%s\n(Account: %s)\n\n", message, u.String(), report.clusterName, report.customerGUID))
+		report.message = fmt.Sprintf("%s %s/risk/%s\n(Account: %s)", message, u.String(), report.clusterName, maskID(report.customerGUID))
 		return
 	}
 	u.Path = "account/sign-up"
@@ -136,5 +150,27 @@ func (report *ReportEventReceiver) DisplayReportURL() {
 	q.Add("customerGUID", report.customerGUID)
 
 	u.RawQuery = q.Encode()
-	cautils.InfoTextDisplay(os.Stderr, fmt.Sprintf("\n\n%s %s\n\n", message, u.String()))
+	report.message = fmt.Sprintf("%s %s", message, u.String())
+}
+
+func (report *ReportEventReceiver) DisplayReportURL() {
+	cautils.InfoTextDisplay(os.Stderr, fmt.Sprintf("\n\n%s\n\n", report.message))
+}
+
+func maskID(id string) string {
+	sep := "-"
+	splitted := strings.Split(id, sep)
+	if len(splitted) != 5 {
+		return ""
+	}
+	str := splitted[0][:4]
+	splitted[0] = splitted[0][4:]
+	for i := range splitted {
+		for j := 0; j < len(splitted[i]); j++ {
+			str += "X"
+		}
+		str += sep
+	}
+
+	return strings.TrimSuffix(str, sep)
 }

resultshandling/reporter/v2/reporteventreceiver.go

@@ -11,6 +11,7 @@ import (
 	"github.com/armosec/kubescape/cautils/getter"
 	uuid "github.com/satori/go.uuid"
 
+	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
 	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
 )
@@ -24,6 +25,7 @@ type ReportEventReceiver struct {
 	eventReceiverURL   *url.URL
 	token              string
 	customerAdminEMail string
+	message            string
 }
 
 func NewReportEventReceiver(tenantConfig *cautils.ConfigObj) *ReportEventReceiver {
@@ -37,16 +39,24 @@ func NewReportEventReceiver(tenantConfig *cautils.ConfigObj) *ReportEventReceive
 }
 
 func (report *ReportEventReceiver) ActionSendReport(opaSessionObj *cautils.OPASessionObj) error {
+	finalizeReport(opaSessionObj)
 
-	if report.customerGUID == "" || report.clusterName == "" {
-		return fmt.Errorf("missing accout ID or cluster name. AccountID: '%s', Cluster name: '%s'", report.customerGUID, report.clusterName)
+	if report.customerGUID == "" {
+		report.message = "WARNING: Failed to publish results. Reason: Unknown accout ID. Run kubescape with the '--account <account ID>' flag. Contact ARMO team for more details"
+		return nil
+	}
+	if report.clusterName == "" {
+		report.message = "WARNING: Failed to publish results. Reason: Unknown cluster name. Run kubescape with the '--kube-context <cluster name>' flag"
+		return nil
 	}
 	opaSessionObj.Report.ReportID = uuid.NewV4().String()
-	opaSessionObj.Report.CustomerGUID = report.clusterName
-	opaSessionObj.Report.ClusterName = report.customerGUID
+	opaSessionObj.Report.CustomerGUID = report.customerGUID
+	opaSessionObj.Report.ClusterName = report.clusterName
 
 	if err := report.prepareReport(opaSessionObj.Report); err != nil {
-		return err
+		report.message = err.Error()
+	} else {
+		report.generateMessage()
 	}
 	return nil
 }
@@ -66,24 +76,23 @@ func (report *ReportEventReceiver) prepareReport(postureReport *reporthandlingv2
 	cautils.StartSpinner()
 	defer cautils.StopSpinner()
 
-	// send framework results
-	if err := report.sendReport(host, postureReport); err != nil {
+	reportCounter := 0
+
+	// send resources
+	if err := report.sendResources(host, postureReport, &reportCounter, false); err != nil {
+		return err
+	}
+	reportCounter++
+
+	// send results
+	if err := report.sendResults(host, postureReport, &reportCounter, true); err != nil {
 		return err
 	}
 
-	// send resources
-	if err := report.sendResults(host, postureReport); err != nil {
-		return err
-	}
-
-	// send resources
-	if err := report.sendResources(host, postureReport); err != nil {
-		return err
-	}
 	return nil
 }
 
-func (report *ReportEventReceiver) sendResources(host string, postureReport *reporthandlingv2.PostureReport) error {
+func (report *ReportEventReceiver) sendResources(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int, isLastReport bool) error {
 	splittedPostureReport := setSubReport(postureReport)
 	counter := 0
 
@@ -96,12 +105,13 @@ func (report *ReportEventReceiver) sendResources(host string, postureReport *rep
 		if counter+len(r) >= MAX_REPORT_SIZE && len(splittedPostureReport.Resources) > 0 {
 
 			// send report
-			if err := report.sendReport(host, splittedPostureReport); err != nil {
+			if err := report.sendReport(host, splittedPostureReport, *reportCounter, false); err != nil {
 				return err
 			}
+			*reportCounter++
 
 			// delete resources
-			splittedPostureReport.Resources = []reporthandlingv2.Resource{}
+			splittedPostureReport.Resources = []reporthandling.Resource{}
 
 			// restart counter
 			counter = 0
@@ -111,10 +121,10 @@ func (report *ReportEventReceiver) sendResources(host string, postureReport *rep
 		splittedPostureReport.Resources = append(splittedPostureReport.Resources, v)
 	}
 
-	return report.sendReport(host, splittedPostureReport)
+	return report.sendReport(host, splittedPostureReport, *reportCounter, isLastReport)
 }
 
-func (report *ReportEventReceiver) sendResults(host string, postureReport *reporthandlingv2.PostureReport) error {
+func (report *ReportEventReceiver) sendResults(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int, isLastReport bool) error {
 	splittedPostureReport := setSubReport(postureReport)
 	counter := 0
 
@@ -127,9 +137,10 @@ func (report *ReportEventReceiver) sendResults(host string, postureReport *repor
 		if counter+len(r) >= MAX_REPORT_SIZE && len(splittedPostureReport.Resources) > 0 {
 
 			// send report
-			if err := report.sendReport(host, splittedPostureReport); err != nil {
+			if err := report.sendReport(host, splittedPostureReport, *reportCounter, false); err != nil {
 				return err
 			}
+			*reportCounter++
 
 			// delete results
 			splittedPostureReport.Results = []resourcesresults.Result{}
@@ -142,12 +153,14 @@ func (report *ReportEventReceiver) sendResults(host string, postureReport *repor
 		splittedPostureReport.Results = append(splittedPostureReport.Results, v)
 	}
 
-	return report.sendReport(host, splittedPostureReport)
+	return report.sendReport(host, splittedPostureReport, *reportCounter, isLastReport)
 }
-func (report *ReportEventReceiver) sendReport(host string, postureReport *reporthandlingv2.PostureReport) error {
-	splittedPostureReport := setSubReport(postureReport)
-	splittedPostureReport.SummaryDetails = postureReport.SummaryDetails
 
+func (report *ReportEventReceiver) sendReport(host string, postureReport *reporthandlingv2.PostureReport, counter int, isLastReport bool) error {
+	postureReport.PaginationInfo = reporthandlingv2.PaginationMarks{
+		ReportNumber: counter,
+		IsLastReport: isLastReport,
+	}
 	reqBody, err := json.Marshal(postureReport)
 	if err != nil {
 		return fmt.Errorf("in 'sendReport' failed to json.Marshal, reason: %v", err)
@@ -159,7 +172,7 @@ func (report *ReportEventReceiver) sendReport(host string, postureReport *report
 	return err
 }
 
-func (report *ReportEventReceiver) DisplayReportURL() {
+func (report *ReportEventReceiver) generateMessage() {
 	message := "You can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more by registering here:"
 
 	u := url.URL{}
@@ -167,7 +180,7 @@ func (report *ReportEventReceiver) DisplayReportURL() {
 	u.Host = getter.GetArmoAPIConnector().GetFrontendURL()
 
 	if report.customerAdminEMail != "" {
-		cautils.InfoTextDisplay(os.Stderr, fmt.Sprintf("\n\n%s %s/risk/%s\n(Account: %s)\n\n", message, u.String(), report.clusterName, report.customerGUID))
+		report.message = fmt.Sprintf("%s %s/risk/%s\n(Account: %s)", message, u.String(), report.clusterName, maskID(report.customerGUID))
 		return
 	}
 	u.Path = "account/sign-up"
@@ -176,5 +189,9 @@ func (report *ReportEventReceiver) DisplayReportURL() {
 	q.Add("customerGUID", report.customerGUID)
 
 	u.RawQuery = q.Encode()
-	cautils.InfoTextDisplay(os.Stderr, fmt.Sprintf("\n\n%s %s\n\n", message, u.String()))
+	report.message = fmt.Sprintf("%s %s", message, u.String())
+}
+
+func (report *ReportEventReceiver) DisplayReportURL() {
+	cautils.InfoTextDisplay(os.Stderr, fmt.Sprintf("\n\n%s\n\n", report.message))
 }

resultshandling/reporter/v2/reporteventreceiverutils.go

@@ -15,7 +15,8 @@ func (report *ReportEventReceiver) initEventReceiverURL() {
 
 	urlObj.Scheme = "https"
 	urlObj.Host = getter.GetArmoAPIConnector().GetReportReceiverURL()
-	urlObj.Path = "/k8s/postureReport"
+	urlObj.Path = "/k8s/v2/postureReport"
+
 	q := urlObj.Query()
 	q.Add("customerGUID", uuid.FromStringOrNil(report.customerGUID).String())
 	q.Add("clusterName", report.clusterName)
@@ -27,7 +28,7 @@ func (report *ReportEventReceiver) initEventReceiverURL() {
 
 func hostToString(host *url.URL, reportID string) string {
 	q := host.Query()
-	q.Add("reportID", reportID) // TODO - do we add the reportID?
+	q.Add("reportGUID", reportID) // TODO - do we add the reportID?
 	host.RawQuery = q.Encode()
 	return host.String()
 }
@@ -38,6 +39,11 @@ func setSubReport(postureReport *reporthandlingv2.PostureReport) *reporthandling
 		ClusterName:          postureReport.ClusterName,
 		ReportID:             postureReport.ReportID,
 		ReportGenerationTime: postureReport.ReportGenerationTime,
+		SummaryDetails:       postureReport.SummaryDetails,
+		Attributes:           postureReport.Attributes,
+		ClusterCloudProvider: postureReport.ClusterCloudProvider,
+		JobID:                postureReport.JobID,
+		ClusterAPIServerInfo: postureReport.ClusterAPIServerInfo,
 	}
 }
 func iMetaToResource(obj workloadinterface.IMetadata) *reporthandling.Resource {

resultshandling/reporter/v2/reporteventreceiverutils_test.go

@@ -9,10 +9,10 @@ func TestHostToString(t *testing.T) {
 	host := url.URL{
 		Scheme:   "https",
 		Host:     "report.eudev3.cyberarmorsoft.com",
-		Path:     "k8srestapi/v1/postureReport",
+		Path:     "k8srestapi/v2/postureReport",
 		RawQuery: "cluster=openrasty_seal-7fvz&customerGUID=5d817063-096f-4d91-b39b-8665240080af",
 	}
-	expectedHost := "https://report.eudev3.cyberarmorsoft.com/k8srestapi/v1/postureReport?cluster=openrasty_seal-7fvz&customerGUID=5d817063-096f-4d91-b39b-8665240080af&reportID=ffdd2a00-4dc8-4bf3-b97a-a6d4fd198a41"
+	expectedHost := "https://report.eudev3.cyberarmorsoft.com/k8srestapi/v2/postureReport?cluster=openrasty_seal-7fvz&customerGUID=5d817063-096f-4d91-b39b-8665240080af&reportGUID=ffdd2a00-4dc8-4bf3-b97a-a6d4fd198a41"
 	receivedHost := hostToString(&host, "ffdd2a00-4dc8-4bf3-b97a-a6d4fd198a41")
 	if receivedHost != expectedHost {
 		t.Errorf("%s != %s", receivedHost, expectedHost)

resultshandling/reporter/v2/utils.go

@@ -0,0 +1,65 @@
+package v2
+
+import (
+	"strings"
+
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
+)
+
+// finalizeV2Report finalize the results objects by copying data from map to lists
+func finalizeReport(opaSessionObj *cautils.OPASessionObj) {
+	opaSessionObj.PostureReport = nil
+	if len(opaSessionObj.Report.Results) == 0 {
+		opaSessionObj.Report.Results = make([]resourcesresults.Result, len(opaSessionObj.ResourcesResult))
+		finalizeResults(opaSessionObj.Report.Results, opaSessionObj.ResourcesResult)
+		opaSessionObj.ResourcesResult = nil
+	}
+
+	if len(opaSessionObj.Report.Resources) == 0 {
+		opaSessionObj.Report.Resources = make([]reporthandling.Resource, len(opaSessionObj.AllResources))
+		finalizeResources(opaSessionObj.Report.Resources, opaSessionObj.AllResources)
+		opaSessionObj.AllResources = nil
+	}
+
+}
+func finalizeResults(results []resourcesresults.Result, resourcesResult map[string]resourcesresults.Result) {
+	index := 0
+	for resourceID := range resourcesResult {
+		results[index] = resourcesResult[resourceID]
+		index++
+	}
+}
+
+func finalizeResources(resources []reporthandling.Resource, allResources map[string]workloadinterface.IMetadata) {
+	index := 0
+	for resourceID := range allResources {
+		if obj, ok := allResources[resourceID]; ok {
+			r := *reporthandling.NewResource(obj.GetObject())
+			r.ResourceID = resourceID
+			resources[index] = r
+		}
+
+		index++
+	}
+}
+
+func maskID(id string) string {
+	sep := "-"
+	splitted := strings.Split(id, sep)
+	if len(splitted) != 5 {
+		return ""
+	}
+	str := splitted[0][:4]
+	splitted[0] = splitted[0][4:]
+	for i := range splitted {
+		for j := 0; j < len(splitted[i]); j++ {
+			str += "X"
+		}
+		str += sep
+	}
+
+	return strings.TrimSuffix(str, sep)
+}

resultshandling/results.go

@@ -27,7 +27,6 @@ func (resultsHandler *ResultsHandler) HandleResults(scanInfo *cautils.ScanInfo)
 
 	opaSessionObj := <-*resultsHandler.opaSessionObj
 
-	resultsHandler.printerObj.FinalizeData(opaSessionObj)
 	resultsHandler.printerObj.ActionPrint(opaSessionObj)
 
 	if err := resultsHandler.reporterObj.ActionSendReport(opaSessionObj); err != nil {
@@ -36,11 +35,13 @@ func (resultsHandler *ResultsHandler) HandleResults(scanInfo *cautils.ScanInfo)
 
 	// TODO - get score from table
 	var score float32 = 0
-	for i := range opaSessionObj.PostureReport.FrameworkReports {
-		score += opaSessionObj.PostureReport.FrameworkReports[i].Score
+	if opaSessionObj.PostureReport != nil {
+		for i := range opaSessionObj.PostureReport.FrameworkReports {
+			score += opaSessionObj.PostureReport.FrameworkReports[i].Score
+		}
+		score /= float32(len(opaSessionObj.PostureReport.FrameworkReports))
+		resultsHandler.printerObj.Score(score)
 	}
-	score /= float32(len(opaSessionObj.PostureReport.FrameworkReports))
-	resultsHandler.printerObj.Score(score)
 
 	return score
 }