remove v1 format

adding logs
save policy in file
2026-04-15 06:58:11 +00:00 · 2022-04-10 16:26:59 +03:00 · 2022-04-10 11:55:35 +03:00 · 2022-04-10 09:33:44 +03:00 · 2022-04-07 16:44:56 +03:00
21 changed files with 76 additions and 49 deletions
--- a/README.md
+++ b/README.md
@@ -38,7 +38,7 @@ curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh |

 ## Run:
 ```
-kubescape scan --submit --enable-host-scan
+kubescape scan --submit --enable-host-scan --format-version v2 --verbose
 ```

 <img src="docs/summary.png">
--- a/cmd/scan/control.go
+++ b/cmd/scan/control.go
@@ -94,7 +94,7 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 				logger.L().Fatal(err.Error())
 			}
 			if !scanInfo.VerboseMode {
-				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose' flag for full scan details\n\n", emoji.Detective)
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose'/'-v' flag for detailed resources view\n\n", emoji.Detective)
 			}
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
--- a/cmd/scan/framework.go
+++ b/cmd/scan/framework.go
@@ -106,7 +106,7 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 				logger.L().Fatal(err.Error())
 			}
 			if !scanInfo.VerboseMode {
-				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose' flag for full scan details\n\n", emoji.Detective)
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose'/'-v' flag for detailed resources view\n\n", emoji.Detective)
 			}
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
--- a/cmd/scan/scan.go
+++ b/cmd/scan/scan.go
@@ -72,7 +72,7 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	scanCmd.PersistentFlags().StringVar(&scanInfo.IncludeNamespaces, "include-namespaces", "", "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to ARMO backend. Use this flag if you ran with the '--submit' flag in the past and you do not want to submit your current scan results")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
-	scanCmd.PersistentFlags().BoolVar(&scanInfo.VerboseMode, "verbose", false, "Display all of the input resources and not only failed resources")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.VerboseMode, "verbose", "v", false, "Display all of the input resources and not only failed resources")
 	scanCmd.PersistentFlags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local policy object from default path. If not used will download latest")
 	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.UseFrom, "use-from", nil, "Load local policy object from specified path. If not used will download latest")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to ARMO management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
--- a/core/cautils/getter/armoapi.go
+++ b/core/cautils/getter/armoapi.go
@@ -163,7 +163,6 @@ func (armoAPI *ArmoAPI) GetFramework(name string) (*reporthandling.Framework, er
 	if err = JSONDecoder(respStr).Decode(framework); err != nil {
 		return nil, err
 	}
-	SaveInFile(framework, GetDefaultPath(name+".json"))

 	return framework, err
 }
--- a/core/core/initutils.go
+++ b/core/core/initutils.go
@@ -2,7 +2,6 @@ package core

 import (
 	"fmt"
-	"os"

 	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/kubescape/core/cautils"
@@ -193,7 +192,7 @@ func getConfigInputsGetter(ControlsInputs string, accountID string, downloadRele
 		downloadReleasedPolicy = getter.NewDownloadReleasedPolicy()
 	}
 	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull config inputs, fallback to BE
-		cautils.WarningDisplay(os.Stderr, "Warning: failed to get config inputs from github release, this may affect the scanning results\n")
+		logger.L().Warning("failed to get config inputs from github release, this may affect the scanning results", helpers.Error(err))
 	}
 	return downloadReleasedPolicy
 }
--- a/core/core/scan.go
+++ b/core/core/scan.go
@@ -48,6 +48,11 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 	// Set submit behavior AFTER loading tenant config
 	setSubmitBehavior(scanInfo, tenantConfig)

+	// Do not submit yaml scanning
+	if len(scanInfo.InputPatterns) > 0 {
+		scanInfo.Submit = false
+	}
+
 	if scanInfo.Submit {
 		// submit - Create tenant & Submit report
 		if err := tenantConfig.SetTenant(); err != nil {
--- a/core/pkg/opaprocessor/processorhandlerutils.go
+++ b/core/pkg/opaprocessor/processorhandlerutils.go
@@ -3,7 +3,6 @@ package opaprocessor
 import (
 	"github.com/armosec/kubescape/core/cautils"
 	"github.com/armosec/kubescape/core/cautils/logger"
-	"github.com/armosec/kubescape/core/cautils/logger/helpers"

 	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/k8s-interface/workloadinterface"
@@ -116,7 +115,7 @@ func getKubernetesObjects(k8sResources *cautils.K8SResources, allResources map[s
 					for _, groupResource := range groupResources {
 						if k8sObj, ok := (*k8sResources)[groupResource]; ok {
 							if k8sObj == nil {
-								logger.L().Debug("skipping", helpers.String("resource", groupResource))
+								// logger.L().Debug("skipping", helpers.String("resource", groupResource))
 							}
 							for i := range k8sObj {
 								k8sObjects = append(k8sObjects, allResources[k8sObj[i]])
--- a/core/pkg/policyhandler/handlepullpolicies.go
+++ b/core/pkg/policyhandler/handlepullpolicies.go
@@ -5,7 +5,9 @@ import (
 	"strings"

 	"github.com/armosec/kubescape/core/cautils"
+	"github.com/armosec/kubescape/core/cautils/getter"
 	"github.com/armosec/kubescape/core/cautils/logger"
+	"github.com/armosec/kubescape/core/cautils/logger/helpers"
 	"github.com/armosec/opa-utils/reporthandling"
 )

@@ -54,6 +56,11 @@ func (policyHandler *PolicyHandler) getScanPolicies(notification *reporthandling
 			}
 			if receivedFramework != nil {
 				frameworks = append(frameworks, *receivedFramework)
+
+				cache := getter.GetDefaultPath(rule.Name + ".json")
+				if err := getter.SaveInFile(receivedFramework, cache); err != nil {
+					logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err))
+				}
 			}
 		}
 	case reporthandling.KindControl: // Download controls
@@ -67,6 +74,11 @@ func (policyHandler *PolicyHandler) getScanPolicies(notification *reporthandling
 			}
 			if receivedControl != nil {
 				f.Controls = append(f.Controls, *receivedControl)
+
+				cache := getter.GetDefaultPath(rule.Name + ".json")
+				if err := getter.SaveInFile(receivedControl, cache); err != nil {
+					logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err))
+				}
 			}
 		}
 		frameworks = append(frameworks, f)
--- a/core/pkg/resourcehandler/filesloader.go
+++ b/core/pkg/resourcehandler/filesloader.go
@@ -2,7 +2,6 @@ package resourcehandler

 import (
 	"fmt"
-	"os"

 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/armosec/k8s-interface/workloadinterface"
@@ -10,6 +9,8 @@ import (

 	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/kubescape/core/cautils"
+	"github.com/armosec/kubescape/core/cautils/logger"
+	"github.com/armosec/kubescape/core/cautils/logger/helpers"
 )

 // FileResourceHandler handle resources from files and URLs
@@ -38,23 +39,24 @@ func (fileHandler *FileResourceHandler) GetResources(sessionObj *cautils.OPASess
 	workloads := []workloadinterface.IMetadata{}

 	// load resource from local file system
-	w, err := cautils.LoadResourcesFromFiles(fileHandler.inputPatterns)
+	sourceToWorkloads, err := cautils.LoadResourcesFromFiles(fileHandler.inputPatterns)
 	if err != nil {
 		return nil, allResources, nil, err
 	}
-	for source, ws := range w {
+	for source, ws := range sourceToWorkloads {
 		workloads = append(workloads, ws...)
 		for i := range ws {
 			workloadIDToSource[ws[i].GetID()] = source
 		}
 	}
+	logger.L().Debug("files found in local storage", helpers.Int("files", len(sourceToWorkloads)), helpers.Int("workloads", len(workloads)))

 	// load resources from url
-	w, err = loadResourcesFromUrl(fileHandler.inputPatterns)
+	sourceToWorkloads, err = loadResourcesFromUrl(fileHandler.inputPatterns)
 	if err != nil {
 		return nil, allResources, nil, err
 	}
-	for source, ws := range w {
+	for source, ws := range sourceToWorkloads {
 		workloads = append(workloads, ws...)
 		for i := range ws {
 			workloadIDToSource[ws[i].GetID()] = source
@@ -64,6 +66,8 @@ func (fileHandler *FileResourceHandler) GetResources(sessionObj *cautils.OPASess
 	if len(workloads) == 0 {
 		return nil, allResources, nil, fmt.Errorf("empty list of workloads - no workloads found")
 	}
+	logger.L().Debug("files found in git repo", helpers.Int("files", len(sourceToWorkloads)), helpers.Int("workloads", len(workloads)))
+
 	sessionObj.ResourceSource = workloadIDToSource

 	// map all resources: map["/group/version/kind"][]<k8s workloads>
@@ -82,7 +86,7 @@ func (fileHandler *FileResourceHandler) GetResources(sessionObj *cautils.OPASess
 	}

 	if err := fileHandler.registryAdaptors.collectImagesVulnerabilities(k8sResources, allResources, armoResources); err != nil {
-		cautils.WarningDisplay(os.Stderr, "Warning: failed to collect images vulnerabilities: %s\n", err.Error())
+		logger.L().Warning("failed to collect images vulnerabilities", helpers.Error(err))
 	}

 	return k8sResources, allResources, armoResources, nil
--- a/core/pkg/resultshandling/printer/v2/controltable.go
+++ b/core/pkg/resultshandling/printer/v2/controltable.go
@@ -61,21 +61,17 @@ func getRiskScoreColumn(controlSummary reportsummary.IControlSummary, infoToPrin
 }

 func getSeverityColumn(controlSummary reportsummary.IControlSummary) string {
-	// if controlSummary.GetStatus().IsPassed() || controlSummary.GetStatus().IsSkipped() {
-	// 	return " "
-	// }
-	severity := apis.ControlSeverityToString(controlSummary.GetScoreFactor())
-	return color.New(getColor(severity), color.Bold).SprintFunc()(severity)
+	return color.New(getColor(apis.ControlSeverityToInt(controlSummary.GetScoreFactor())), color.Bold).SprintFunc()(apis.ControlSeverityToString(controlSummary.GetScoreFactor()))
 }
-func getColor(controlSeverity string) color.Attribute {
+func getColor(controlSeverity int) color.Attribute {
 	switch controlSeverity {
-	case "Critical":
+	case apis.SeverityCritical:
 		return color.FgRed
-	case "High":
+	case apis.SeverityHigh:
 		return color.FgYellow
-	case "Medium":
+	case apis.SeverityMedium:
 		return color.FgCyan
-	case "Low":
+	case apis.SeverityLow:
 		return color.FgWhite
 	default:
 		return color.FgWhite
--- a/core/pkg/resultshandling/printer/v2/prettyprinter.go
+++ b/core/pkg/resultshandling/printer/v2/prettyprinter.go
@@ -11,6 +11,7 @@ import (
 	"github.com/armosec/kubescape/core/pkg/resultshandling/printer"
 	"github.com/armosec/opa-utils/objectsenvelopes"
 	"github.com/armosec/opa-utils/reporthandling/apis"
+	helpersv1 "github.com/armosec/opa-utils/reporthandling/helpers/v1"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
 	"github.com/enescakir/emoji"
 	"github.com/olekukonko/tablewriter"
@@ -30,16 +31,12 @@ func NewPrettyPrinter(verboseMode bool, formatVersion string) *PrettyPrinter {
 }

 func (prettyPrinter *PrettyPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
-	fmt.Fprintf(prettyPrinter.writer, "\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n")
+	fmt.Fprintf(prettyPrinter.writer, "\n"+getSperator("^")+"\n")

 	sortedControlNames := getSortedControlsNames(opaSessionObj.Report.SummaryDetails.Controls) // ListControls().All())

 	if prettyPrinter.verboseMode {
-		if prettyPrinter.formatVersion == "v1" {
-			prettyPrinter.printResults(&opaSessionObj.Report.SummaryDetails.Controls, opaSessionObj.AllResources, sortedControlNames)
-		} else if prettyPrinter.formatVersion == "v2" {
-			prettyPrinter.resourceTable(opaSessionObj)
-		}
+		prettyPrinter.resourceTable(opaSessionObj)
 	}
 	prettyPrinter.printSummaryTable(&opaSessionObj.Report.SummaryDetails, sortedControlNames)

@@ -183,7 +180,7 @@ func generateFooter(summaryDetails *reportsummary.SummaryDetails) []string {
 }
 func (prettyPrinter *PrettyPrinter) printSummaryTable(summaryDetails *reportsummary.SummaryDetails, sortedControlNames [][]string) {

-	cautils.InfoTextDisplay(prettyPrinter.writer, "\n"+controlListSummary(summaryDetails)+"\n\n")
+	cautils.InfoTextDisplay(prettyPrinter.writer, "\n"+controlCountersForSummary(summaryDetails.NumberOfControls())+"\n\n")

 	summaryTable := tablewriter.NewWriter(prettyPrinter.writer)
 	summaryTable.SetAutoWrapText(false)
@@ -241,6 +238,17 @@ func getControlLink(controlID string) string {
 	return fmt.Sprintf("https://hub.armo.cloud/docs/%s", strings.ToLower(controlID))
 }

-func controlListSummary(summaryDetails *reportsummary.SummaryDetails) string {
-	return fmt.Sprintf("Controls: %d (Failed: %d, Excluded: %d, Skipped: %d)", summaryDetails.NumberOfControls().All(), summaryDetails.NumberOfControls().Failed(), summaryDetails.NumberOfControls().Excluded(), summaryDetails.NumberOfControls().Skipped())
+func controlCountersForSummary(counters reportsummary.ICounters) string {
+	return fmt.Sprintf("Controls: %d (Failed: %d, Excluded: %d, Skipped: %d)", counters.All(), counters.Failed(), counters.Excluded(), counters.Skipped())
+}
+
+func controlCountersForResource(l *helpersv1.AllLists) string {
+	return fmt.Sprintf("Controls: %d (Failed: %d, Excluded: %d)", len(l.All()), len(l.Failed()), len(l.Excluded()))
+}
+func getSperator(sep string) string {
+	s := ""
+	for i := 0; i < 80; i++ {
+		s += sep
+	}
+	return s
 }
--- a/core/pkg/resultshandling/printer/v2/prometheus.go
+++ b/core/pkg/resultshandling/printer/v2/prometheus.go
@@ -39,7 +39,7 @@ func (printer *PrometheusPrinter) generatePrometheusFormat(

 	m := &Metrics{}
 	m.setRiskScores(summaryDetails)
-	m.setResourcesCounters(resources, results)
+	// m.setResourcesCounters(resources, results)

 	return m
 }
--- a/core/pkg/resultshandling/printer/v2/resourcetable.go
+++ b/core/pkg/resultshandling/printer/v2/resourcetable.go
@@ -29,16 +29,18 @@ func (prettyPrinter *PrettyPrinter) resourceTable(opaSessionObj *cautils.OPASess
 		if !ok {
 			continue
 		}
-		fmt.Fprintf(prettyPrinter.writer, "\n#######################################################################################################\n")
+		fmt.Fprintf(prettyPrinter.writer, "\n"+getSperator("#")+"\n\n")

 		if source, ok := opaSessionObj.ResourceSource[resourceID]; ok {
 			fmt.Fprintf(prettyPrinter.writer, "Source: %s\n", source)
 		}
-		fmt.Fprintf(prettyPrinter.writer, "%s/%s, Name: %s", resource.GetApiVersion(), resource.GetKind(), resource.GetName())
+		fmt.Fprintf(prettyPrinter.writer, "ApiVersion: %s\n", resource.GetApiVersion())
+		fmt.Fprintf(prettyPrinter.writer, "Kind: %s\n", resource.GetKind())
+		fmt.Fprintf(prettyPrinter.writer, "Name: %s\n", resource.GetName())
 		if resource.GetNamespace() != "" {
-			fmt.Fprintf(prettyPrinter.writer, ", Namespace: %s", resource.GetNamespace())
+			fmt.Fprintf(prettyPrinter.writer, "Namespace: %s\n", resource.GetNamespace())
 		}
-		fmt.Fprintf(prettyPrinter.writer, "\n\n")
+		fmt.Fprintf(prettyPrinter.writer, "\n"+controlCountersForResource(result.ListControlsIDs(nil))+"\n\n")

 		summaryTable := tablewriter.NewWriter(prettyPrinter.writer)
 		summaryTable.SetAutoWrapText(true)
--- a/core/pkg/resultshandling/printer/v2/utils.go
+++ b/core/pkg/resultshandling/printer/v2/utils.go
@@ -26,7 +26,7 @@ func DataToJson(data *cautils.OPASessionObj) *reporthandlingv2.PostureReport {
 	report.Results = make([]resourcesresults.Result, len(data.ResourcesResult))
 	finalizeResults(report.Results, data.ResourcesResult)

-	report.Resources = finalizeResources(report.Results, data.AllResources)
+	report.Resources = finalizeResources(report.Results, data.AllResources, data.ResourceSource)

 	return &report
 }
@@ -62,13 +62,15 @@ func mapInfoToPrintInfo(controls reportsummary.ControlSummaries) []infoStars {
 	return infoToPrintInfo
 }

-func finalizeResources(results []resourcesresults.Result, allResources map[string]workloadinterface.IMetadata) []reporthandling.Resource {
+func finalizeResources(results []resourcesresults.Result, allResources map[string]workloadinterface.IMetadata, resourcesSource map[string]string) []reporthandling.Resource {
 	resources := make([]reporthandling.Resource, 0)
 	for i := range results {
 		if obj, ok := allResources[results[i].ResourceID]; ok {
-			r := *reporthandling.NewResource(obj.GetObject())
-			r.ResourceID = results[i].ResourceID
-			resources = append(resources, r)
+			resource := *reporthandling.NewResourceIMetadata(obj)
+			if r, ok := resourcesSource[results[i].ResourceID]; ok {
+				resource.SetSource(&reporthandling.Source{Path: r})
+			}
+			resources = append(resources, resource)
 		}
 	}
 	return resources
--- a/docs/summary.png
+++ b/docs/summary.png
--- a/httphandler/README.md
+++ b/httphandler/README.md
@@ -12,7 +12,7 @@ Running `kubescape` will start up a webserver on port `8080` which will serve th
 * DELETE `/v1/results` - Delete kubescape scan results from storage. ~If empty will delete latest results~ (not supported)
 * * query `id=<string>`: Delete ID of specific results 
 * * query `all`: Delete all cached results
-* GET/POST `/metrics` - will trigger cluster scan. will respond with prometheus metrics once they have been scanned. This will respond 503 if the scan failed.
+* GET/POST `/v1/metrics` - will trigger cluster scan. will respond with prometheus metrics once they have been scanned. This will respond 503 if the scan failed.
 * `/livez` - will respond 200 is server is alive
 * `/readyz` - will respond 200 if server can receive requests 

--- a/httphandler/examples/prometheus/ks-deployment.yaml
+++ b/httphandler/examples/prometheus/ks-deployment.yaml
@@ -89,7 +89,8 @@ spec:
            port: 8080
          initialDelaySeconds: 3
          periodSeconds: 3
-        image: quay.io/armosec/kubescape:prometheus.v2
+        image: quay.io/armosec/kubescape:latest
+        imagePullPolicy: Always
        env:
        - name: KS_DEFAULT_CONFIGMAP_NAMESPACE
          valueFrom:
--- a/httphandler/examples/prometheus/podmonitor.yaml
+++ b/httphandler/examples/prometheus/podmonitor.yaml
@@ -11,6 +11,6 @@ spec:
      app: kubescape
  podMetricsEndpoints:
  - port: http
-    # path: v1
+    path: /v1/metrics
    interval: 120s
    scrapeTimeout: 100s
--- a/httphandler/listener/setup.go
+++ b/httphandler/listener/setup.go
@@ -17,7 +17,7 @@ import (
 const (
 	scanPath              = "/v1/scan"
 	resultsPath           = "/v1/results"
-	prometheusMmeticsPath = "/metrics"
+	prometheusMmeticsPath = "/v1/metrics"
 	livePath              = "/livez"
 	readyPath             = "/readyz"
 )
--- a/install.sh
+++ b/install.sh
@@ -54,6 +54,6 @@ echo -e "\033[0m"
 $KUBESCAPE_EXEC version
 echo

-echo -e "\033[35mUsage: $ $KUBESCAPE_EXEC scan --submit --enable-host-scan  --verbose"
+echo -e "\033[35mUsage: $ $KUBESCAPE_EXEC scan --submit --enable-host-scan --format-version v2 --verbose"

 echo -e "\033[0m"
Author	SHA1	Message	Date
David Wertenteil	0cfdabd25a	remove v1 format	2022-04-10 16:26:59 +03:00
David Wertenteil	8b6cb6c5d8	adding logs	2022-04-10 11:55:35 +03:00
David Wertenteil	3df3b7766c	save policy in file	2022-04-10 09:33:44 +03:00
David Wertenteil	0d83654197	update resource table	2022-04-07 16:44:56 +03:00