swap result and resource

README.md

@@ -100,7 +100,7 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser
 | `--submit`                  | `false`                   | If set, Kubescape will send the scan results to Armo management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not sent | `true`/`false`                               |
 | `--keep-local`              | `false`                   | Kubescape will not send scan results to Armo management portal. Use this flag if you ran with the `--submit` flag in the past and you do not want to submit your current scan results                                                                                                                                | `true`/`false`                               |
 | `--account`                 |                           | Armo portal account ID. Default will load account ID from configMap or config file                                                                                                                                                                                                                                   |                                              |
-| `--cluster`                 |        current-context               |  Cluster context to scan                                                                                                                                                                                                                              |                                              |
+| `--kube-context`                 |        current-context               |  Cluster context to scan                                                                                                                                                                                                                              |                                              |
 | `--verbose`                 | `false`                   | Display all of the input resources and not only failed resources                                                                                                                                                                                                                                                     | `true`/`false`                               |
 
 

cautils/rbac.go

@@ -42,19 +42,31 @@ func (rbacObjects *RBACObjects) ListAllResources() (map[string]workloadinterface
 
 func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.RbacObjects) (map[string]workloadinterface.IMetadata, error) {
 	allresources := map[string]workloadinterface.IMetadata{}
-	// wrap rbac aggregated objects in IMetadata and add to allresources
-	// TODO - DEPRECATE SA2WLIDmap
-	SA2WLIDmapIMeta, err := rbacutils.SA2WLIDmapIMetadataWrapper(resources.SA2WLIDmap)
-	if err != nil {
-		return nil, err
-	}
-	allresources[SA2WLIDmapIMeta.GetID()] = SA2WLIDmapIMeta
 
-	SAID2WLIDmapIMeta, err := rbacutils.SAID2WLIDmapIMetadataWrapper(resources.SAID2WLIDmap)
-	if err != nil {
-		return nil, err
-	}
-	allresources[SAID2WLIDmapIMeta.GetID()] = SAID2WLIDmapIMeta
+	/*
+		************************************************************************************************************************
+			This code is adding a non valid ID ->
+				(github.com/armosec/rbac-utils v0.0.11): "//SA2WLIDmap/SA2WLIDmap"
+				(github.com/armosec/rbac-utils v0.0.12): "armo.rbac.com/v0beta1//SAID2WLIDmap/SAID2WLIDmap"
+
+			Should be investigated
+		************************************************************************************************************************
+
+			// wrap rbac aggregated objects in IMetadata and add to allresources
+			// TODO - DEPRECATE SA2WLIDmap
+			SA2WLIDmapIMeta, err := rbacutils.SA2WLIDmapIMetadataWrapper(resources.SA2WLIDmap)
+			if err != nil {
+				return nil, err
+			}
+			allresources[SA2WLIDmapIMeta.GetID()] = SA2WLIDmapIMeta
+
+			SAID2WLIDmapIMeta, err := rbacutils.SAID2WLIDmapIMetadataWrapper(resources.SAID2WLIDmap)
+			if err != nil {
+				return nil, err
+			}
+			allresources[SAID2WLIDmapIMeta.GetID()] = SAID2WLIDmapIMeta
+
+	*/
 
 	// convert rbac k8s resources to IMetadata and add to allresources
 	for _, cr := range resources.ClusterRoles.Items {
@@ -62,7 +74,7 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 		if err != nil {
 			return nil, err
 		}
-		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1"
+		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the the correct apiVersion?
 		crIMeta := workloadinterface.NewWorkloadObj(crmap)
 		crIMeta.SetKind("ClusterRole")
 		allresources[crIMeta.GetID()] = crIMeta
@@ -72,7 +84,7 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 		if err != nil {
 			return nil, err
 		}
-		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1"
+		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the the correct apiVersion?
 		crIMeta := workloadinterface.NewWorkloadObj(crmap)
 		crIMeta.SetKind("Role")
 		allresources[crIMeta.GetID()] = crIMeta
@@ -82,7 +94,7 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 		if err != nil {
 			return nil, err
 		}
-		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1"
+		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the the correct apiVersion?
 		crIMeta := workloadinterface.NewWorkloadObj(crmap)
 		crIMeta.SetKind("ClusterRoleBinding")
 		allresources[crIMeta.GetID()] = crIMeta
@@ -92,7 +104,7 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 		if err != nil {
 			return nil, err
 		}
-		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1"
+		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the the correct apiVersion?
 		crIMeta := workloadinterface.NewWorkloadObj(crmap)
 		crIMeta.SetKind("RoleBinding")
 		allresources[crIMeta.GetID()] = crIMeta

cautils/scaninfo.go

@@ -64,9 +64,10 @@ type ScanInfo struct {
 	HostSensor         BoolPtrFlag // Deploy ARMO K8s host sensor to collect data from certain controls
 	Local              bool        // Do not submit results
 	Account            string      // account ID
-	ClusterName        string      // cluster name
-	FrameworkScan      bool        // false if scanning control
-	ScanAll            bool        // true if scan all frameworks
+	// ClusterName        string      // cluster name
+	KubeContext   string // context name
+	FrameworkScan bool   // false if scanning control
+	ScanAll       bool   // true if scan all frameworks
 }
 
 type Getters struct {

clihandler/cmd/scan.go

@@ -35,14 +35,14 @@ var scanCmd = &cobra.Command{
 }
 
 func frameworkInitConfig() {
-	k8sinterface.SetClusterContextName(scanInfo.ClusterName)
+	k8sinterface.SetClusterContextName(scanInfo.KubeContext)
 }
 
 func init() {
 	cobra.OnInitialize(frameworkInitConfig)
 
 	rootCmd.AddCommand(scanCmd)
-	rootCmd.PersistentFlags().StringVarP(&scanInfo.ClusterName, "cluster", "", "", "Cluster name. Default will use the current-context")
+	rootCmd.PersistentFlags().StringVarP(&scanInfo.KubeContext, "--kube-context", "", "", "Kube context. Default will use the current-context")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.ControlsInputs, "controls-config", "", "Path to an controls-config obj. If not set will download controls-config from ARMO management portal")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from ARMO management portal")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Recommended: kube-system,kube-public")

clihandler/cmd/submit.go

@@ -20,7 +20,7 @@ func init() {
 }
 
 func getSubmittedClusterConfig(k8s *k8sinterface.KubernetesApi) (*cautils.ClusterConfig, error) {
-	clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account, scanInfo.ClusterName) // TODO - support none cluster env submit
+	clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account, scanInfo.KubeContext) // TODO - support none cluster env submit
 	if clusterConfig.GetCustomerGUID() != "" {
 		if err := clusterConfig.SetTenant(); err != nil {
 			return clusterConfig, err

clihandler/initcli.go

@@ -44,7 +44,7 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 		}
 	}
 
-	tenantConfig := getTenantConfig(scanInfo.Account, scanInfo.ClusterName, k8s)
+	tenantConfig := getTenantConfig(scanInfo.Account, scanInfo.KubeContext, k8s)
 
 	// Set submit behavior AFTER loading tenant config
 	setSubmitBehavior(scanInfo, tenantConfig)

clihandler/initcliutils.go

@@ -11,9 +11,10 @@ import (
 	"github.com/armosec/kubescape/resourcehandler"
 	"github.com/armosec/kubescape/resultshandling/reporter"
 	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
+	reporterv2 "github.com/armosec/kubescape/resultshandling/reporter/v2"
+
 	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/rbac-utils/rbacscanner"
-	// reporterv2 "github.com/armosec/kubescape/resultshandling/reporter/v2"
 )
 
 // getKubernetesApi
@@ -48,7 +49,8 @@ func getRBACHandler(tenantConfig cautils.ITenantConfig, k8s *k8sinterface.Kubern
 
 func getReporter(tenantConfig cautils.ITenantConfig, submit bool) reporter.IReport {
 	if submit {
-		return reporterv1.NewReportEventReceiver(tenantConfig.GetConfigObj())
+		// return reporterv1.NewReportEventReceiver(tenantConfig.GetConfigObj())
+		return reporterv2.NewReportEventReceiver(tenantConfig.GetConfigObj())
 	}
 	return reporterv1.NewReportMock()
 }

docs/proposals/container-image-vulnerability-adaptor.md

@@ -1,4 +1,4 @@
-# Container image vulnerabilty adaptor interface proposal
+# Container image vulnerability adaptor interface proposal
 
 ## Rationale
 
@@ -6,7 +6,7 @@ source #287
 
 ### Big picture
 
-* Kubescape team planning to create controls which take into account image vulnerabilities, example: looking for public internet facing workloads with critical vulnerabilities. These are seriously effecting the security health of a cluster and therefore we think it is important to cover it. We think that most container registries are/will support image scanning like Harbor and therefore the ability to get information from them is important.
+* Kubescape team is planning to create controls which take into account image vulnerabilities, example: looking for public internet facing workloads with critical vulnerabilities. These are seriously effecting the security health of a cluster and therefore we think it is important to cover it. We think that most container registries are/will support image scanning like Harbor and therefore the ability to get information from them is important.
 * There are information in the image repository which is important for existing controls as well. They are incomplete without it, example see this issue: Non-root containers check is broken #19 . These are not necessarily image vulnerability related. Can be information in the image manifest (like the issue before), but it can be the image BOM related.
 
 ### Relation to this proposal
@@ -114,4 +114,63 @@ type IContainerImageVulnerabilityAdaptor interface {
 
 	GetImagesInformation(imageIDs []ContainerImageIdentifier) ([]ContainerImageInformation, error)
 }
+```
+
+
+
+# Integration
+
+# Input
+
+The objects received from the interface will be converted to an Imetadata compatible objects as following
+
+```
+{
+    "apiVersion": "image.vulnscan.com/v1",
+    "kind": "VulnScan",
+    "metadata": {
+        "name": "nginx:latest"
+    },
+    "data": {
+        // returned by the adaptor API (structure like our backend gives for an image 
+    }
+}
+```
+
+
+# Output
+
+The rego results will be a combination of the k8s artifact and the list of relevant CVEs for the control
+
+```
+{
+    "apiVersion": "result.vulnscan.com/v1",
+    "kind": "Pod",
+    "metadata": {
+        "name": "nginx"
+    },
+    "relatedObjects": [
+        {
+            "apiVersion": "v1",
+            "kind": "Pod",
+            "metadata": {
+                "name": "nginx"
+            },
+            "spec": {
+                // podSpec
+            },
+        },
+        {
+            "apiVersion": "container.vulnscan.com/v1",
+            "kind": "VulnScan",
+            "metadata": {
+                "name": "nginx:latest",
+            },
+            "data": {
+                
+                // returned by the adaptor API (structure like our backend gives for an image  
+            }
+        }
+    ]
+}
 ```

go.mod

@@ -3,10 +3,10 @@ module github.com/armosec/kubescape
 go 1.17
 
 require (
-	github.com/armosec/armoapi-go v0.0.40
+	github.com/armosec/armoapi-go v0.0.41
 	github.com/armosec/k8s-interface v0.0.54
-	github.com/armosec/opa-utils v0.0.92
-	github.com/armosec/rbac-utils v0.0.11
+	github.com/armosec/opa-utils v0.0.97
+	github.com/armosec/rbac-utils v0.0.12
 	github.com/armosec/utils-go v0.0.3
 	github.com/briandowns/spinner v1.18.0
 	github.com/enescakir/emoji v1.0.0
@@ -35,6 +35,7 @@ require (
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
+	github.com/armosec/armo-interfaces v0.0.3 // indirect
 	github.com/armosec/utils-k8s-go v0.0.1 // indirect
 	github.com/aws/aws-sdk-go v1.41.11 // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible // indirect

go.sum

@@ -83,21 +83,23 @@ github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hC
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armosec/armo-interfaces v0.0.3 h1:kG4mJIPgWBJvQFDDy8JzdqX3ASbyl8t32IuJYqB31Pk=
+github.com/armosec/armo-interfaces v0.0.3/go.mod h1:7XYefhcBCFYoF5LflCZHWuUHu+JrSJbmzk0zoNv2WlU=
 github.com/armosec/armoapi-go v0.0.2/go.mod h1:vIK17yoKbJRQyZXWWLe3AqfqCRITxW8qmSkApyq5xFs=
 github.com/armosec/armoapi-go v0.0.23/go.mod h1:iaVVGyc23QGGzAdv4n+szGQg3Rbpixn9yQTU3qWRpaw=
-github.com/armosec/armoapi-go v0.0.40 h1:KQRJXFqw95s6cV7HoGgw1x8qrRZ9eNVze//yQbo24Lk=
-github.com/armosec/armoapi-go v0.0.40/go.mod h1:iaVVGyc23QGGzAdv4n+szGQg3Rbpixn9yQTU3qWRpaw=
+github.com/armosec/armoapi-go v0.0.41 h1:iMkaCsME+zhE6vnCOMaqfqc0cp7pste8QFHojeGKfGg=
+github.com/armosec/armoapi-go v0.0.41/go.mod h1:exk1O3rK6V+X8SSyxc06lwb0j9ILQuKAoIdz9hs6Ndw=
 github.com/armosec/k8s-interface v0.0.8/go.mod h1:xxS+V5QT3gVQTwZyAMMDrYLWGrfKOpiJ7Jfhfa0w9sM=
 github.com/armosec/k8s-interface v0.0.37/go.mod h1:vHxGWqD/uh6+GQb9Sqv7OGMs+Rvc2dsFVc0XtgRh1ZU=
 github.com/armosec/k8s-interface v0.0.50/go.mod h1:vHxGWqD/uh6+GQb9Sqv7OGMs+Rvc2dsFVc0XtgRh1ZU=
 github.com/armosec/k8s-interface v0.0.54 h1:1sQeoEZA5bgpXVibXhEiTSeLd3GKY5NkTOeewdgR0Bs=
 github.com/armosec/k8s-interface v0.0.54/go.mod h1:vHxGWqD/uh6+GQb9Sqv7OGMs+Rvc2dsFVc0XtgRh1ZU=
 github.com/armosec/opa-utils v0.0.64/go.mod h1:6tQP8UDq2EvEfSqh8vrUdr/9QVSCG4sJfju1SXQOn4c=
-github.com/armosec/opa-utils v0.0.92 h1:RzzORhfLx9Evc2ceFtNRoehxUFzwlvK5iMtR6fLWzZc=
-github.com/armosec/opa-utils v0.0.92/go.mod h1:ZOXYVTtuyrV4TldcfbzgRqP6F9Drlf4hB0zr210OXgM=
+github.com/armosec/opa-utils v0.0.97 h1:KPjRZdsAC9EObo17QxiW+s5KWmF6vNFu+VQSOgFv5uk=
+github.com/armosec/opa-utils v0.0.97/go.mod h1:BNTjeianyXlflJMz3bZM0GimBWqmzirUf1whWR6Os04=
 github.com/armosec/rbac-utils v0.0.1/go.mod h1:pQ8CBiij8kSKV7aeZm9FMvtZN28VgA7LZcYyTWimq40=
-github.com/armosec/rbac-utils v0.0.11 h1:SCiVLqUeV+WGpUsWbOBt6jKkFAd62jztuzB6PIgHz7w=
-github.com/armosec/rbac-utils v0.0.11/go.mod h1:Ex/IdGWhGv9HZq6Hs8N/ApzCKSIvpNe/ETqDfnuyah0=
+github.com/armosec/rbac-utils v0.0.12 h1:uJpMGDyLAX129PrKHp6NPNB6lVRhE0OZIwV6ywzSDrs=
+github.com/armosec/rbac-utils v0.0.12/go.mod h1:Ex/IdGWhGv9HZq6Hs8N/ApzCKSIvpNe/ETqDfnuyah0=
 github.com/armosec/utils-go v0.0.2/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
 github.com/armosec/utils-go v0.0.3 h1:uyQI676yRciQM0sSN9uPoqHkbspTxHO0kmzXhBeE/xU=
 github.com/armosec/utils-go v0.0.3/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=

resultshandling/printer/v2/utils.go

@@ -3,8 +3,8 @@ package v2
 import (
 	"github.com/armosec/k8s-interface/workloadinterface"
 	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
 )
 
 // finalizeV2Report finalize the results objects by copying data from map to lists
@@ -16,7 +16,7 @@ func finalizeReport(opaSessionObj *cautils.OPASessionObj) {
 	}
 
 	if len(opaSessionObj.Report.Resources) == 0 {
-		opaSessionObj.Report.Resources = make([]reporthandlingv2.Resource, len(opaSessionObj.AllResources))
+		opaSessionObj.Report.Resources = make([]reporthandling.Resource, len(opaSessionObj.AllResources))
 		finalizeResources(opaSessionObj.Report.Resources, opaSessionObj.AllResources)
 		opaSessionObj.AllResources = nil
 	}
@@ -30,13 +30,15 @@ func finalizeResults(results []resourcesresults.Result, resourcesResult map[stri
 	}
 }
 
-func finalizeResources(resources []reporthandlingv2.Resource, allResources map[string]workloadinterface.IMetadata) {
+func finalizeResources(resources []reporthandling.Resource, allResources map[string]workloadinterface.IMetadata) {
 	index := 0
 	for resourceID := range allResources {
-		resources[index] = reporthandlingv2.Resource{
-			ResourceID: resourceID,
-			Object:     allResources[resourceID],
+		if obj, ok := allResources[resourceID]; ok {
+			r := *reporthandling.NewResource(obj.GetObject())
+			r.ResourceID = resourceID
+			resources[index] = r
 		}
+
 		index++
 	}
 }

resultshandling/reporter/v1/reporteventreceiver.go

@@ -45,7 +45,7 @@ func (report *ReportEventReceiver) ActionSendReport(opaSessionObj *cautils.OPASe
 		return nil
 	}
 	if report.clusterName == "" {
-		report.message = "WARNING: Failed to publish results. Reason: Unknown cluster name. Run kubescape with the '--cluster <cluster name>' flag"
+		report.message = "WARNING: Failed to publish results. Reason: Unknown cluster name. Run kubescape with the '--kube-context <cluster name>' flag"
 		return nil
 	}
 

resultshandling/reporter/v2/reporteventreceiver.go

@@ -11,6 +11,7 @@ import (
 	"github.com/armosec/kubescape/cautils/getter"
 	uuid "github.com/satori/go.uuid"
 
+	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
 	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
 )
@@ -45,7 +46,7 @@ func (report *ReportEventReceiver) ActionSendReport(opaSessionObj *cautils.OPASe
 		return nil
 	}
 	if report.clusterName == "" {
-		report.message = "WARNING: Failed to publish results. Reason: Unknown cluster name. Run kubescape with the '--cluster <cluster name>' flag"
+		report.message = "WARNING: Failed to publish results. Reason: Unknown cluster name. Run kubescape with the '--kube-context <cluster name>' flag"
 		return nil
 	}
 	opaSessionObj.Report.ReportID = uuid.NewV4().String()
@@ -77,27 +78,21 @@ func (report *ReportEventReceiver) prepareReport(postureReport *reporthandlingv2
 
 	reportCounter := 0
 
-	// send results
-	if err := report.sendResults(host, postureReport, &reportCounter); err != nil {
-		return err
-	}
-	reportCounter++
-
 	// send resources
-	if err := report.sendResources(host, postureReport, &reportCounter); err != nil {
+	if err := report.sendResources(host, postureReport, &reportCounter, false); err != nil {
 		return err
 	}
 	reportCounter++
 
-	// send framework results
-	if err := report.sendSummary(host, postureReport, &reportCounter); err != nil {
+	// send results
+	if err := report.sendResults(host, postureReport, &reportCounter, true); err != nil {
 		return err
 	}
 
 	return nil
 }
 
-func (report *ReportEventReceiver) sendResources(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int) error {
+func (report *ReportEventReceiver) sendResources(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int, isLastReport bool) error {
 	splittedPostureReport := setSubReport(postureReport)
 	counter := 0
 
@@ -116,7 +111,7 @@ func (report *ReportEventReceiver) sendResources(host string, postureReport *rep
 			*reportCounter++
 
 			// delete resources
-			splittedPostureReport.Resources = []reporthandlingv2.Resource{}
+			splittedPostureReport.Resources = []reporthandling.Resource{}
 
 			// restart counter
 			counter = 0
@@ -126,10 +121,10 @@ func (report *ReportEventReceiver) sendResources(host string, postureReport *rep
 		splittedPostureReport.Resources = append(splittedPostureReport.Resources, v)
 	}
 
-	return report.sendReport(host, splittedPostureReport, *reportCounter, false)
+	return report.sendReport(host, splittedPostureReport, *reportCounter, isLastReport)
 }
 
-func (report *ReportEventReceiver) sendResults(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int) error {
+func (report *ReportEventReceiver) sendResults(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int, isLastReport bool) error {
 	splittedPostureReport := setSubReport(postureReport)
 	counter := 0
 
@@ -158,16 +153,14 @@ func (report *ReportEventReceiver) sendResults(host string, postureReport *repor
 		splittedPostureReport.Results = append(splittedPostureReport.Results, v)
 	}
 
-	return report.sendReport(host, splittedPostureReport, *reportCounter, false)
+	return report.sendReport(host, splittedPostureReport, *reportCounter, isLastReport)
 }
 
-func (report *ReportEventReceiver) sendSummary(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int) error {
-	splittedPostureReport := setSubReport(postureReport)
-	splittedPostureReport.SummaryDetails = postureReport.SummaryDetails
-
-	return report.sendReport(host, splittedPostureReport, *reportCounter, true)
-}
 func (report *ReportEventReceiver) sendReport(host string, postureReport *reporthandlingv2.PostureReport, counter int, isLastReport bool) error {
+	postureReport.PaginationInfo = reporthandlingv2.PaginationMarks{
+		ReportNumber: counter,
+		IsLastReport: isLastReport,
+	}
 	reqBody, err := json.Marshal(postureReport)
 	if err != nil {
 		return fmt.Errorf("in 'sendReport' failed to json.Marshal, reason: %v", err)

resultshandling/reporter/v2/reporteventreceiverutils.go

@@ -15,7 +15,8 @@ func (report *ReportEventReceiver) initEventReceiverURL() {
 
 	urlObj.Scheme = "https"
 	urlObj.Host = getter.GetArmoAPIConnector().GetReportReceiverURL()
-	urlObj.Path = "/k8s/postureReport"
+	urlObj.Path = "/k8s/v2/postureReport"
+
 	q := urlObj.Query()
 	q.Add("customerGUID", uuid.FromStringOrNil(report.customerGUID).String())
 	q.Add("clusterName", report.clusterName)
@@ -27,7 +28,7 @@ func (report *ReportEventReceiver) initEventReceiverURL() {
 
 func hostToString(host *url.URL, reportID string) string {
 	q := host.Query()
-	q.Add("reportID", reportID) // TODO - do we add the reportID?
+	q.Add("reportGUID", reportID) // TODO - do we add the reportID?
 	host.RawQuery = q.Encode()
 	return host.String()
 }
@@ -38,6 +39,11 @@ func setSubReport(postureReport *reporthandlingv2.PostureReport) *reporthandling
 		ClusterName:          postureReport.ClusterName,
 		ReportID:             postureReport.ReportID,
 		ReportGenerationTime: postureReport.ReportGenerationTime,
+		SummaryDetails:       postureReport.SummaryDetails,
+		Attributes:           postureReport.Attributes,
+		ClusterCloudProvider: postureReport.ClusterCloudProvider,
+		JobID:                postureReport.JobID,
+		ClusterAPIServerInfo: postureReport.ClusterAPIServerInfo,
 	}
 }
 func iMetaToResource(obj workloadinterface.IMetadata) *reporthandling.Resource {

resultshandling/reporter/v2/utils.go

@@ -5,8 +5,8 @@ import (
 
 	"github.com/armosec/k8s-interface/workloadinterface"
 	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
 )
 
 // finalizeV2Report finalize the results objects by copying data from map to lists
@@ -19,7 +19,7 @@ func finalizeReport(opaSessionObj *cautils.OPASessionObj) {
 	}
 
 	if len(opaSessionObj.Report.Resources) == 0 {
-		opaSessionObj.Report.Resources = make([]reporthandlingv2.Resource, len(opaSessionObj.AllResources))
+		opaSessionObj.Report.Resources = make([]reporthandling.Resource, len(opaSessionObj.AllResources))
 		finalizeResources(opaSessionObj.Report.Resources, opaSessionObj.AllResources)
 		opaSessionObj.AllResources = nil
 	}
@@ -33,13 +33,15 @@ func finalizeResults(results []resourcesresults.Result, resourcesResult map[stri
 	}
 }
 
-func finalizeResources(resources []reporthandlingv2.Resource, allResources map[string]workloadinterface.IMetadata) {
+func finalizeResources(resources []reporthandling.Resource, allResources map[string]workloadinterface.IMetadata) {
 	index := 0
 	for resourceID := range allResources {
-		resources[index] = reporthandlingv2.Resource{
-			ResourceID: resourceID,
-			Object:     allResources[resourceID],
+		if obj, ok := allResources[resourceID]; ok {
+			r := *reporthandling.NewResource(obj.GetObject())
+			r.ResourceID = resourceID
+			resources[index] = r
 		}
+
 		index++
 	}
 }

resultshandling/results.go

@@ -35,11 +35,13 @@ func (resultsHandler *ResultsHandler) HandleResults(scanInfo *cautils.ScanInfo)
 
 	// TODO - get score from table
 	var score float32 = 0
-	for i := range opaSessionObj.PostureReport.FrameworkReports {
-		score += opaSessionObj.PostureReport.FrameworkReports[i].Score
+	if opaSessionObj.PostureReport != nil {
+		for i := range opaSessionObj.PostureReport.FrameworkReports {
+			score += opaSessionObj.PostureReport.FrameworkReports[i].Score
+		}
+		score /= float32(len(opaSessionObj.PostureReport.FrameworkReports))
+		resultsHandler.printerObj.Score(score)
 	}
-	score /= float32(len(opaSessionObj.PostureReport.FrameworkReports))
-	resultsHandler.printerObj.Score(score)
 
 	return score
 }