Skip to content

Commit

Permalink
Merge pull request #359 from Prateeknandle/refractor-recommend
Browse files Browse the repository at this point in the history 
refactor recommend cli
  • Loading branch information
@daemon1024
daemon1024 authored Sep 21, 2023
2 parents 422efb1 + 5a5b66f commit 8824025
Show file tree
Hide file tree
Showing 31 changed files with 1,224 additions and 1,684 deletions.
17 changes: 8 additions & 9 deletions cmd/recommend.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,22 +5,22 @@ package cmd

import (
"github.com/kubearmor/kubearmor-client/recommend"
"github.com/kubearmor/kubearmor-client/recommend/common"
genericpolicies "github.com/kubearmor/kubearmor-client/recommend/engines/generic_policies"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)

var recommendOptions recommend.Options
var recommendOptions common.Options

// recommendCmd represents the recommend command
var recommendCmd = &cobra.Command{
Use: "recommend",
Short: "Recommend Policies",
Long: `Recommend policies based on container image, k8s manifest or the actual runtime env`,
RunE: func(cmd *cobra.Command, args []string) error {
if err := recommend.Recommend(client, recommendOptions); err != nil {
return err
}
return nil
err := recommend.Recommend(client, recommendOptions, genericpolicies.GenericPolicy{})
return err
},
}
var updateCmd = &cobra.Command{
Expand All @@ -29,11 +29,11 @@ var updateCmd = &cobra.Command{
Long: "Updates the local cache of policy-templates ($HOME/.cache/karmor)",
RunE: func(cmd *cobra.Command, args []string) error {

if _, err := recommend.DownloadAndUnzipRelease(); err != nil {
if _, err := genericpolicies.DownloadAndUnzipRelease(); err != nil {
return err
}
log.WithFields(log.Fields{
"Current Version": recommend.CurrentVersion,
"Current Version": genericpolicies.CurrentVersion,
}).Info("policy-templates updated")
return nil
},
Expand All @@ -45,10 +45,9 @@ func init() {

recommendCmd.Flags().StringSliceVarP(&recommendOptions.Images, "image", "i", []string{}, "Container image list (comma separated)")
recommendCmd.Flags().StringSliceVarP(&recommendOptions.Labels, "labels", "l", []string{}, "User defined labels for policy (comma separated)")
recommendCmd.Flags().StringSliceVarP(&recommendOptions.Policy, "policy", "p", recommend.DefaultPoliciesToBeRecommended, "Types of policy that can be recommended: KubeArmorPolicy|KyvernoPolicy (comma separated)")
recommendCmd.Flags().StringVarP(&recommendOptions.Namespace, "namespace", "n", "", "User defined namespace value for policies")
recommendCmd.Flags().StringVarP(&recommendOptions.OutDir, "outdir", "o", "out", "output folder to write policies")
recommendCmd.Flags().StringVarP(&recommendOptions.ReportFile, "report", "r", "report.txt", "report file")
recommendCmd.Flags().StringSliceVarP(&recommendOptions.Tags, "tag", "t", []string{}, "tags (comma-separated) to apply. Eg. PCI-DSS, MITRE")
recommendCmd.Flags().StringVarP(&recommendOptions.Config, "config", "c", recommend.UserHome()+"/.docker/config.json", "absolute path to image registry configuration file")
recommendCmd.Flags().StringVarP(&recommendOptions.Config, "config", "c", common.UserHome()+"/.docker/config.json", "absolute path to image registry configuration file")
}
6 changes: 3 additions & 3 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,17 +55,14 @@ require (
github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20230918061249-1d5b51c449bd
github.com/kubearmor/KubeArmor/deployments v0.0.0-20230918135729-00395f443fa0
github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20230626060245-4f5b8ac4f298
github.com/kyverno/kyverno v1.9.2
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d
github.com/onsi/ginkgo/v2 v2.9.5
github.com/onsi/gomega v1.27.7
golang.org/x/text v0.10.0
k8s.io/api v0.27.3
k8s.io/apiextensions-apiserver v0.27.3
k8s.io/apimachinery v0.27.3
k8s.io/cli-runtime v0.27.1
k8s.io/client-go v0.27.2
k8s.io/utils v0.0.0-20230505201702-9f6742963106
)

require (
Expand Down Expand Up @@ -208,6 +205,7 @@ require (
github.com/klauspost/pgzip v1.2.5 // indirect
github.com/kr/pretty v0.3.1 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/kyverno/kyverno v1.9.2 // indirect
github.com/leodido/go-urn v1.2.3 // indirect
github.com/letsencrypt/boulder v0.0.0-20230426205424-1c7e0fd1d876 // indirect
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
Expand Down Expand Up @@ -318,6 +316,7 @@ require (
golang.org/x/net v0.11.0 // indirect
golang.org/x/oauth2 v0.8.0 // indirect
golang.org/x/term v0.9.0 // indirect
golang.org/x/text v0.10.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.9.1 // indirect
google.golang.org/api v0.122.0 // indirect
Expand All @@ -333,6 +332,7 @@ require (
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
k8s.io/kubectl v0.27.1 // indirect
k8s.io/pod-security-admission v0.27.1 // indirect
k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect
sigs.k8s.io/controller-runtime v0.15.0 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/kustomize/api v0.13.2 // indirect
Expand Down
21 changes: 21 additions & 0 deletions hacks/common.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
// SPDX-License-Identifier: Apache-2.0
// Copyright 2023 Authors of KubeArmor

// Package hacks close the file
package hacks

import (
"os"

log "github.com/sirupsen/logrus"
)

// CloseCheckErr close file
func CloseCheckErr(f *os.File, fname string) {
err := f.Close()
if err != nil {
log.WithFields(log.Fields{
"file": fname,
}).Error("close file failed")
}
}
212 changes: 0 additions & 212 deletions recommend/admissionControllerPolicy.go
View file

This file was deleted.

61 changes: 61 additions & 0 deletions recommend/common/common.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
// SPDX-License-Identifier: Apache-2.0
// Copyright 2023 Authors of KubeArmor

// Package common contains object types used by multiple packages
package common

import (
"os"
"runtime"

pol "github.com/kubearmor/KubeArmor/pkg/KubeArmorController/api/security.kubearmor.com/v1"
)

// Handler interface
var Handler interface{}

// MatchSpec spec to match for defining policy
type MatchSpec struct {
Name string `json:"name" yaml:"name"`
Precondition []string `json:"precondition" yaml:"precondition"`
Description Description `json:"description" yaml:"description"`
Yaml string `json:"yaml" yaml:"yaml"`
Spec pol.KubeArmorPolicySpec `json:"spec,omitempty" yaml:"spec,omitempty"`
}

// Ref for the policy rules
type Ref struct {
Name string `json:"name" yaml:"name"`
URL []string `json:"url" yaml:"url"`
}

// Description detailed description for the policy rule
type Description struct {
Refs []Ref `json:"refs" yaml:"refs"`
Tldr string `json:"tldr" yaml:"tldr"`
Detailed string `json:"detailed" yaml:"detailed"`
}

// Options for karmor recommend
type Options struct {
Images []string
Labels []string
Tags []string
Policy []string
Namespace string
OutDir string
ReportFile string
Config string
}

// UserHome function returns users home directory
func UserHome() string {
if runtime.GOOS == "windows" {
home := os.Getenv("HOMEDRIVE") + os.Getenv("HOMEPATH")
if home == "" {
home = os.Getenv("USERPROFILE")
}
return home
}
return os.Getenv("HOME")
}
Loading

0 comments on commit 8824025

Please sign in to comment.