mirror of
https://github.com/kubescape/kubescape.git
synced 2026-03-04 10:40:37 +00:00
3e2314a269
* bump version Signed-off-by: David Wertenteil <dwertent@armosec.io> * change default view Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed tests Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed go mod Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>
136 lines
4.1 KiB
Go
136 lines
4.1 KiB
Go
package resourcehandler
|
|
|
|
import (
|
|
"fmt"
|
|
"path/filepath"
|
|
|
|
giturl "github.com/kubescape/go-git-url"
|
|
logger "github.com/kubescape/go-logger"
|
|
"github.com/kubescape/go-logger/helpers"
|
|
"github.com/kubescape/k8s-interface/k8sinterface"
|
|
"github.com/kubescape/k8s-interface/workloadinterface"
|
|
"github.com/kubescape/kubescape/v3/core/cautils"
|
|
"github.com/kubescape/opa-utils/objectsenvelopes"
|
|
)
|
|
|
|
// Clone git repository
|
|
func cloneGitRepo(path *string) (string, error) {
|
|
var clonedDir string
|
|
|
|
// Clone git repository if needed
|
|
gitURL, err := giturl.NewGitAPI(*path)
|
|
if err == nil {
|
|
logger.L().Info("cloning", helpers.String("repository url", gitURL.GetURL().String()))
|
|
cautils.StartSpinner()
|
|
clonedDir, err = cloneRepo(gitURL)
|
|
cautils.StopSpinner()
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to clone git repo '%s', %w", gitURL.GetURL().String(), err)
|
|
}
|
|
|
|
*path = filepath.Join(clonedDir, gitURL.GetPath())
|
|
|
|
}
|
|
return clonedDir, nil
|
|
}
|
|
|
|
func addWorkloadsToResourcesMap(allResources map[string][]workloadinterface.IMetadata, workloads []workloadinterface.IMetadata) {
|
|
for i := range workloads {
|
|
groupVersionResource, err := k8sinterface.GetGroupVersionResource(workloads[i].GetKind())
|
|
if err != nil {
|
|
// TODO - print warning
|
|
continue
|
|
}
|
|
|
|
if k8sinterface.IsTypeWorkload(workloads[i].GetObject()) {
|
|
w := workloadinterface.NewWorkloadObj(workloads[i].GetObject())
|
|
if groupVersionResource.Group != w.GetGroup() || groupVersionResource.Version != w.GetVersion() {
|
|
// TODO - print warning
|
|
continue
|
|
}
|
|
}
|
|
resourceTriplets := k8sinterface.JoinResourceTriplets(groupVersionResource.Group, groupVersionResource.Version, groupVersionResource.Resource)
|
|
if r, ok := allResources[resourceTriplets]; ok {
|
|
allResources[resourceTriplets] = append(r, workloads[i])
|
|
} else {
|
|
allResources[resourceTriplets] = []workloadinterface.IMetadata{workloads[i]}
|
|
}
|
|
}
|
|
}
|
|
|
|
/* unused for now
|
|
func addCommitData(input string, workloadIDToSource map[string]reporthandling.Source) {
|
|
giRepo, err := cautils.NewLocalGitRepository(input)
|
|
if err != nil || giRepo == nil {
|
|
return
|
|
}
|
|
for k := range workloadIDToSource {
|
|
sourceObj := workloadIDToSource[k]
|
|
lastCommit, err := giRepo.GetFileLastCommit(sourceObj.RelativePath)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
sourceObj.LastCommit = reporthandling.LastCommit{
|
|
Hash: lastCommit.SHA,
|
|
Date: lastCommit.Author.Date,
|
|
CommitterName: lastCommit.Author.Name,
|
|
CommitterEmail: lastCommit.Author.Email,
|
|
Message: lastCommit.Message,
|
|
}
|
|
workloadIDToSource[k] = sourceObj
|
|
}
|
|
}
|
|
*/
|
|
|
|
// findScanObjectResource finds the requested k8s object to be scanned in the resources map
|
|
func findScanObjectResource(mappedResources map[string][]workloadinterface.IMetadata, resource *objectsenvelopes.ScanObject) (workloadinterface.IWorkload, error) {
|
|
if resource == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
logger.L().Debug("Single resource scan", helpers.String("resource", resource.GetID()))
|
|
|
|
wls := []workloadinterface.IWorkload{}
|
|
for _, resources := range mappedResources {
|
|
for _, r := range resources {
|
|
if r.GetKind() == resource.GetKind() && r.GetName() == resource.GetName() {
|
|
if resource.GetNamespace() != "" && resource.GetNamespace() != r.GetNamespace() {
|
|
continue
|
|
}
|
|
if resource.GetApiVersion() != "" && resource.GetApiVersion() != r.GetApiVersion() {
|
|
continue
|
|
}
|
|
|
|
if k8sinterface.IsTypeWorkload(r.GetObject()) {
|
|
wl := workloadinterface.NewWorkloadObj(r.GetObject())
|
|
wls = append(wls, wl)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if len(wls) == 0 {
|
|
return nil, fmt.Errorf("k8s resource '%s' not found", getReadableID(resource))
|
|
} else if len(wls) > 1 {
|
|
return nil, fmt.Errorf("more than one k8s resource found for '%s'", getReadableID(resource))
|
|
}
|
|
|
|
return wls[0], nil
|
|
}
|
|
|
|
// TODO: move this to k8s-interface
|
|
func getReadableID(obj *objectsenvelopes.ScanObject) string {
|
|
var ID string
|
|
if obj.GetApiVersion() != "" {
|
|
ID += fmt.Sprintf("%s/", k8sinterface.JoinGroupVersion(k8sinterface.SplitApiVersion(obj.GetApiVersion())))
|
|
}
|
|
|
|
if obj.GetNamespace() != "" {
|
|
ID += fmt.Sprintf("%s/", obj.GetNamespace())
|
|
}
|
|
|
|
ID += fmt.Sprintf("%s/%s", obj.GetKind(), obj.GetName())
|
|
|
|
return ID
|
|
}
|