diff --git a/outputs/client.go b/outputs/client.go index 1825a6708..c4b99143b 100644 --- a/outputs/client.go +++ b/outputs/client.go @@ -15,6 +15,8 @@ import ( "regexp" "strings" + crdClient "github.com/anushkamittal20/falcoadapter/pkg/generated/v1alpha2/clientset/versioned" + gcpfunctions "cloud.google.com/go/functions/apiv1" "github.com/streadway/amqp" wavefront "github.com/wavefronthq/wavefront-sdk-go/senders" @@ -97,6 +99,7 @@ type Client struct { KubernetesClient kubernetes.Interface RabbitmqClient *amqp.Channel WavefrontSender *wavefront.Sender + Crdclient *crdClient.Clientset } // NewClient returns a new output.Client for accessing the different API. diff --git a/outputs/policyadapter.go b/outputs/policyadapter.go index 77fa2b5b9..cf13b9bac 100644 --- a/outputs/policyadapter.go +++ b/outputs/policyadapter.go @@ -3,51 +3,35 @@ package outputs import ( "context" "fmt" + "log" + "github.com/DataDog/datadog-go/statsd" + "github.com/anushkamittal20/falcoadapter/pkg/apis/wgpolicyk8s.io/v1alpha2" clusterpolicyreport "github.com/anushkamittal20/falcoadapter/pkg/apis/wgpolicyk8s.io/v1alpha2" crdClient "github.com/anushkamittal20/falcoadapter/pkg/generated/v1alpha2/clientset/versioned" + "github.com/falcosecurity/falcosidekick/types" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" - - //"log" - "github.com/DataDog/datadog-go/statsd" - "github.com/anushkamittal20/falcoadapter/pkg/apis/wgpolicyk8s.io/v1alpha2" - "github.com/falcosecurity/falcosidekick/types" "k8s.io/client-go/tools/clientcmd" - // "github.com/google/uuid" ) func NewPolicyReportClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error) { - - if config.PolicyReport.Kubeconfig != "" { - restConfig, err := clientcmd.BuildConfigFromFlags("", config.PolicyReport.Kubeconfig) - if err != nil { - return nil, fmt.Errorf("unable to load kube config file: %v", err) - } - clientset, err := kubernetes.NewForConfig(restConfig) + restConfig, err := rest.InClusterConfig() + if err != nil { + restConfig, err = clientcmd.BuildConfigFromFlags("", config.PolicyReport.Kubeconfig) if err != nil { - return nil, err + fmt.Printf("unable to load kube config file: %v", err) } - return &Client{ - OutputType: "PolicyReport", - Config: config, - Stats: stats, - PromStats: promStats, - StatsdClient: statsdClient, - DogstatsdClient: dogstatsdClient, - KubernetesClient: clientset, - }, nil } - restConfig, err := rest.InClusterConfig() + clientset, err := kubernetes.NewForConfig(restConfig) if err != nil { - return nil, fmt.Errorf("unable to load in-cluster config: %v", err) + return nil, err } - clientset, err := kubernetes.NewForConfig(restConfig) + crdclient, err := crdClient.NewForConfig(restConfig) if err != nil { return nil, err } - return &Client{ OutputType: "PolicyReport", Config: config, @@ -56,6 +40,7 @@ func NewPolicyReportClient(config *types.Configuration, stats *types.Statistics, StatsdClient: statsdClient, DogstatsdClient: dogstatsdClient, KubernetesClient: clientset, + Crdclient: crdclient, }, nil } @@ -63,43 +48,25 @@ func NewPolicyReportClient(config *types.Configuration, stats *types.Statistics, // PolicyReportPost creates Policy Report Resource in Kubernetes func (c *Client) PolicyReportCreate(falcopayload types.FalcoPayload) { //to do - var crdclient *crdClient.Clientset - if c.Config.PolicyReport.Kubeconfig != "" { - restConfig, err := clientcmd.BuildConfigFromFlags("", c.Config.PolicyReport.Kubeconfig) - if err != nil { - fmt.Printf("unable to load kube config file: %v", err) - } - crdclient, err = crdClient.NewForConfig(restConfig) - if err != nil { - fmt.Printf("u %v", err) - } - } - restConfig, err := rest.InClusterConfig() - if err != nil { - fmt.Printf("unable to load in-cluster config: %v", err) - } - crdclient, err = crdClient.NewForConfig(restConfig) - if err != nil { - fmt.Printf("u %v", err) - } - ats := crdclient.Wgpolicyk8sV1alpha2().ClusterPolicyReports() + ats := c.Crdclient.Wgpolicyk8sV1alpha2().ClusterPolicyReports() report := &clusterpolicyreport.ClusterPolicyReport{ ObjectMeta: metav1.ObjectMeta{ Name: "dummy-policy-report", }, Summary: v1alpha2.PolicyReportSummary{ - //Fail: len(controls.Alert), + Fail: 1, }, } report.Results = append(report.Results, newResult(falcopayload)) result, err := ats.Create(context.TODO(), report, metav1.CreateOptions{}) if err != nil { - panic(err) + log.Printf("[ERROR] : %v\n", err) } fmt.Printf("Created policy-report %q.\n", result.GetObjectMeta().GetName()) } +//mapping func newResult(FalcoPayload types.FalcoPayload) *clusterpolicyreport.PolicyReportResult { const PolicyReportSource string = "Falco" var pri string diff --git a/res.yaml b/res.yaml new file mode 100644 index 000000000..22eb7123a --- /dev/null +++ b/res.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +items: +- apiVersion: wgpolicyk8s.io/v1alpha2 + kind: ClusterPolicyReport + metadata: + creationTimestamp: "2021-07-23T06:03:12Z" + generation: 1 + name: dummy-policy-report + resourceVersion: "1179" + uid: b5fa7d30-7c5f-4bef-a1ee-4a0871059eae + results: + - message: | + Grep private keys or passwords activities found (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline container_id=%container.id container_name=%container.name image=%container.image.repository:%container.image.tag) + policy: Search Private Keys or Passwords + properties: + container.id: '%container.id' + container.image.repository: '%container.image.repository' + container.image.tag: '%container.image.tag' + container.name: '%container.name' + proc.cmdline: '%proc.cmdline' + user.loginuid: '%user.loginuid' + user.name: '%user.name' + result: fail + severity: medium + source: Falco + timestamp: + nanos: 391227257 + seconds: 12 + summary: + error: 0 + fail: 1 + pass: 0 + skip: 0 + warn: 0 +kind: List +metadata: + resourceVersion: "" + selfLink: ""