From 18448f4e4f7d69371e0473a40c234ba702c487b9 Mon Sep 17 00:00:00 2001 From: daemon1024 Date: Fri, 2 Aug 2024 13:31:43 +0530 Subject: [PATCH] feat(probe): send policy data along with policy name in Probe Service Signed-off-by: daemon1024 --- KubeArmor/core/karmorprobedata.go | 29 ++++- KubeArmor/go.mod | 2 +- KubeArmor/go.sum | 4 +- protobuf/policy.pb.go | 173 +++++++++++++++++------------- protobuf/policy.proto | 3 + protobuf/policy_grpc.pb.go | 55 +++++++--- 6 files changed, 170 insertions(+), 96 deletions(-) diff --git a/KubeArmor/core/karmorprobedata.go b/KubeArmor/core/karmorprobedata.go index 05b88ae9f8..8030dcfb1f 100644 --- a/KubeArmor/core/karmorprobedata.go +++ b/KubeArmor/core/karmorprobedata.go @@ -5,11 +5,14 @@ package core import ( "context" + "encoding/json" + "fmt" "github.com/golang/protobuf/ptypes/empty" kl "github.com/kubearmor/KubeArmor/KubeArmor/common" cfg "github.com/kubearmor/KubeArmor/KubeArmor/config" tp "github.com/kubearmor/KubeArmor/KubeArmor/types" + "github.com/kubearmor/KubeArmor/protobuf" pb "github.com/kubearmor/KubeArmor/protobuf" ) @@ -89,15 +92,21 @@ func (dm *KubeArmorDaemon) SetProbeContainerData() ([]string, map[string]*pb.Con for _, ep := range dm.EndPoints { var policyNames []string + var policyData []*protobuf.Policy for _, policy := range ep.SecurityPolicies { policyNames = append(policyNames, policy.Metadata["policyName"]) + policyEventData, err := json.Marshal(policy) + if err == nil { + policyData = append(policyData, &protobuf.Policy{Policy: policyEventData}) + } } containerMap[ep.EndPointName] = &pb.ContainerData{ - PolicyList: policyNames, - PolicyEnabled: int32(ep.PolicyEnabled), + PolicyList: policyNames, + PolicyEnabled: int32(ep.PolicyEnabled), + PolicyListData: policyData, } } dm.EndPointsLock.Unlock() @@ -113,12 +122,23 @@ func (dm *KubeArmorDaemon) SetProbeContainerData() ([]string, map[string]*pb.Con if val, ok := hostMap[hostName]; ok { val.PolicyList = append(val.PolicyList, hp.Metadata["policyName"]) + policyEventData, err := json.Marshal(hp) + if err == nil { + val.PolicyListData = append(val.PolicyListData, &protobuf.Policy{Policy: policyEventData}) + } else { + dm.Logger.Errf(err.Error()) + } + hostMap[hostName] = val } else { - + policyEventData, err := json.Marshal(hp) + if err != nil { + dm.Logger.Errf(err.Error()) + } hostMap[hostName] = &pb.HostSecurityPolicies{ - PolicyList: []string{hp.Metadata["policyName"]}, + PolicyList: []string{hp.Metadata["policyName"]}, + PolicyListData: []*protobuf.Policy{{Policy: policyEventData}}, } } @@ -133,6 +153,7 @@ func (dm *KubeArmorDaemon) SetProbeContainerData() ([]string, map[string]*pb.Con func (p *Probe) GetProbeData(c context.Context, in *empty.Empty) (*pb.ProbeResponse, error) { containerList, containerMap, hostMap := p.GetContainerData() + fmt.Printf("\n\nProbe called : Host Data %v\n\n", hostMap["pop-os"].PolicyListData) res := &pb.ProbeResponse{ ContainerList: containerList, ContainerMap: containerMap, diff --git a/KubeArmor/go.mod b/KubeArmor/go.mod index 583eaa8103..df00c9010b 100644 --- a/KubeArmor/go.mod +++ b/KubeArmor/go.mod @@ -121,7 +121,7 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/KubeArmor/go.sum b/KubeArmor/go.sum index f4d440c004..4b63e846f7 100644 --- a/KubeArmor/go.sum +++ b/KubeArmor/go.sum @@ -341,8 +341,8 @@ gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuB google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ= google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw= google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f h1:RARaIm8pxYuxyNPbBQf5igT7XdOyCNtat1qAT2ZxjU4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= diff --git a/protobuf/policy.pb.go b/protobuf/policy.pb.go index c234106897..9a10263933 100644 --- a/protobuf/policy.pb.go +++ b/protobuf/policy.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.32.0 -// protoc v4.25.3 +// protoc-gen-go v1.33.0 +// protoc v5.27.3 // source: policy.proto package protobuf @@ -182,8 +182,9 @@ type ContainerData struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - PolicyList []string `protobuf:"bytes,1,rep,name=policyList,proto3" json:"policyList,omitempty"` - PolicyEnabled int32 `protobuf:"varint,2,opt,name=policyEnabled,proto3" json:"policyEnabled,omitempty"` + PolicyList []string `protobuf:"bytes,1,rep,name=policyList,proto3" json:"policyList,omitempty"` + PolicyEnabled int32 `protobuf:"varint,2,opt,name=policyEnabled,proto3" json:"policyEnabled,omitempty"` + PolicyListData []*Policy `protobuf:"bytes,3,rep,name=policyListData,proto3" json:"policyListData,omitempty"` } func (x *ContainerData) Reset() { @@ -232,12 +233,20 @@ func (x *ContainerData) GetPolicyEnabled() int32 { return 0 } +func (x *ContainerData) GetPolicyListData() []*Policy { + if x != nil { + return x.PolicyListData + } + return nil +} + type HostSecurityPolicies struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - PolicyList []string `protobuf:"bytes,1,rep,name=policyList,proto3" json:"policyList,omitempty"` + PolicyList []string `protobuf:"bytes,1,rep,name=policyList,proto3" json:"policyList,omitempty"` + PolicyListData []*Policy `protobuf:"bytes,2,rep,name=policyListData,proto3" json:"policyListData,omitempty"` } func (x *HostSecurityPolicies) Reset() { @@ -279,6 +288,13 @@ func (x *HostSecurityPolicies) GetPolicyList() []string { return nil } +func (x *HostSecurityPolicies) GetPolicyListData() []*Policy { + if x != nil { + return x.PolicyListData + } + return nil +} + type ProbeResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -354,60 +370,67 @@ var file_policy_proto_rawDesc = []byte{ 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x20, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, - 0x55, 0x0a, 0x0d, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, - 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, - 0x12, 0x24, 0x0a, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, - 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x45, - 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0x36, 0x0a, 0x14, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, - 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x1e, - 0x0a, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x22, 0xf2, - 0x02, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4c, 0x69, 0x73, - 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, - 0x65, 0x72, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x4b, 0x0a, 0x0c, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x70, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x70, + 0x8d, 0x01, 0x0a, 0x0d, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x44, 0x61, 0x74, + 0x61, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, + 0x74, 0x12, 0x24, 0x0a, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x45, 0x6e, 0x61, 0x62, 0x6c, + 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x36, 0x0a, 0x0e, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, + 0x0e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x61, 0x74, 0x61, 0x22, + 0x6e, 0x0a, 0x14, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x4c, 0x69, 0x73, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x36, 0x0a, 0x0e, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, + 0x0e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x61, 0x74, 0x61, 0x22, + 0xf2, 0x02, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4c, 0x69, + 0x73, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, + 0x6e, 0x65, 0x72, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x4b, 0x0a, 0x0c, 0x63, 0x6f, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x70, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4d, 0x61, + 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, + 0x72, 0x4d, 0x61, 0x70, 0x12, 0x3c, 0x0a, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x4d, 0x61, 0x70, 0x18, + 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, + 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x48, 0x6f, 0x73, + 0x74, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x4d, + 0x61, 0x70, 0x1a, 0x56, 0x0a, 0x11, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4d, + 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2b, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x58, 0x0a, 0x0c, 0x48, 0x6f, + 0x73, 0x74, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, + 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x32, 0x0a, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, + 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x3a, 0x02, 0x38, 0x01, 0x2a, 0x5e, 0x0a, 0x0c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x53, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x10, + 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x65, 0x64, 0x10, 0x01, 0x12, 0x0b, + 0x0a, 0x07, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x4d, + 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x4e, 0x6f, 0x74, + 0x45, 0x78, 0x69, 0x73, 0x74, 0x10, 0x04, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x6e, 0x76, 0x61, 0x6c, + 0x69, 0x64, 0x10, 0x05, 0x32, 0x4d, 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x67, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x62, 0x65, + 0x44, 0x61, 0x74, 0x61, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x15, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x70, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, - 0x4d, 0x61, 0x70, 0x12, 0x3c, 0x0a, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x4d, 0x61, 0x70, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, - 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x48, 0x6f, 0x73, 0x74, - 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x4d, 0x61, - 0x70, 0x1a, 0x56, 0x0a, 0x11, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4d, 0x61, - 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2b, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x58, 0x0a, 0x0c, 0x48, 0x6f, 0x73, - 0x74, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x32, 0x0a, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x2a, 0x5e, 0x0a, 0x0c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x53, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x10, 0x00, - 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x65, 0x64, 0x10, 0x01, 0x12, 0x0b, 0x0a, - 0x07, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x4d, 0x6f, - 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x4e, 0x6f, 0x74, 0x45, - 0x78, 0x69, 0x73, 0x74, 0x10, 0x04, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, - 0x64, 0x10, 0x05, 0x32, 0x4d, 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x67, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x44, - 0x61, 0x74, 0x61, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x15, 0x2e, 0x70, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x32, 0x74, 0x0a, 0x0d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x12, 0x33, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2e, 0x0a, 0x0a, 0x68, 0x6f, 0x73, 0x74, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x62, 0x65, 0x61, 0x72, 0x6d, 0x6f, 0x72, - 0x2f, 0x4b, 0x75, 0x62, 0x65, 0x41, 0x72, 0x6d, 0x6f, 0x72, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x50, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6e, 0x73, 0x65, 0x32, 0x74, 0x0a, 0x0d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x12, 0x33, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, + 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2e, 0x0a, 0x0a, 0x68, 0x6f, 0x73, + 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x62, 0x65, 0x61, 0x72, 0x6d, 0x6f, + 0x72, 0x2f, 0x4b, 0x75, 0x62, 0x65, 0x41, 0x72, 0x6d, 0x6f, 0x72, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x50, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -436,22 +459,24 @@ var file_policy_proto_goTypes = []interface{}{ (*emptypb.Empty)(nil), // 8: google.protobuf.Empty } var file_policy_proto_depIdxs = []int32{ - 0, // 0: policy.response.status:type_name -> policy.PolicyStatus - 6, // 1: policy.ProbeResponse.containerMap:type_name -> policy.ProbeResponse.ContainerMapEntry - 7, // 2: policy.ProbeResponse.hostMap:type_name -> policy.ProbeResponse.HostMapEntry - 3, // 3: policy.ProbeResponse.ContainerMapEntry.value:type_name -> policy.ContainerData - 4, // 4: policy.ProbeResponse.HostMapEntry.value:type_name -> policy.HostSecurityPolicies - 8, // 5: policy.ProbeService.getProbeData:input_type -> google.protobuf.Empty - 2, // 6: policy.PolicyService.containerPolicy:input_type -> policy.policy - 2, // 7: policy.PolicyService.hostPolicy:input_type -> policy.policy - 5, // 8: policy.ProbeService.getProbeData:output_type -> policy.ProbeResponse - 1, // 9: policy.PolicyService.containerPolicy:output_type -> policy.response - 1, // 10: policy.PolicyService.hostPolicy:output_type -> policy.response - 8, // [8:11] is the sub-list for method output_type - 5, // [5:8] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name + 0, // 0: policy.response.status:type_name -> policy.PolicyStatus + 2, // 1: policy.ContainerData.policyListData:type_name -> policy.policy + 2, // 2: policy.HostSecurityPolicies.policyListData:type_name -> policy.policy + 6, // 3: policy.ProbeResponse.containerMap:type_name -> policy.ProbeResponse.ContainerMapEntry + 7, // 4: policy.ProbeResponse.hostMap:type_name -> policy.ProbeResponse.HostMapEntry + 3, // 5: policy.ProbeResponse.ContainerMapEntry.value:type_name -> policy.ContainerData + 4, // 6: policy.ProbeResponse.HostMapEntry.value:type_name -> policy.HostSecurityPolicies + 8, // 7: policy.ProbeService.getProbeData:input_type -> google.protobuf.Empty + 2, // 8: policy.PolicyService.containerPolicy:input_type -> policy.policy + 2, // 9: policy.PolicyService.hostPolicy:input_type -> policy.policy + 5, // 10: policy.ProbeService.getProbeData:output_type -> policy.ProbeResponse + 1, // 11: policy.PolicyService.containerPolicy:output_type -> policy.response + 1, // 12: policy.PolicyService.hostPolicy:output_type -> policy.response + 10, // [10:13] is the sub-list for method output_type + 7, // [7:10] is the sub-list for method input_type + 7, // [7:7] is the sub-list for extension type_name + 7, // [7:7] is the sub-list for extension extendee + 0, // [0:7] is the sub-list for field type_name } func init() { file_policy_proto_init() } diff --git a/protobuf/policy.proto b/protobuf/policy.proto index fc544a7114..5954ccdfbb 100644 --- a/protobuf/policy.proto +++ b/protobuf/policy.proto @@ -26,9 +26,12 @@ message policy { message ContainerData { repeated string policyList = 1; int32 policyEnabled = 2; + repeated policy policyListData = 3; + } message HostSecurityPolicies { repeated string policyList = 1; + repeated policy policyListData = 2; } message ProbeResponse { repeated string containerList = 1; diff --git a/protobuf/policy_grpc.pb.go b/protobuf/policy_grpc.pb.go index 199cca9a9b..399fb317f4 100644 --- a/protobuf/policy_grpc.pb.go +++ b/protobuf/policy_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.3.0 -// - protoc v4.25.3 +// - protoc-gen-go-grpc v1.5.1 +// - protoc v5.27.3 // source: policy.proto package protobuf @@ -16,8 +16,8 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 const ( ProbeService_GetProbeData_FullMethodName = "/policy.ProbeService/getProbeData" @@ -39,8 +39,9 @@ func NewProbeServiceClient(cc grpc.ClientConnInterface) ProbeServiceClient { } func (c *probeServiceClient) GetProbeData(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*ProbeResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(ProbeResponse) - err := c.cc.Invoke(ctx, ProbeService_GetProbeData_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, ProbeService_GetProbeData_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -49,18 +50,22 @@ func (c *probeServiceClient) GetProbeData(ctx context.Context, in *emptypb.Empty // ProbeServiceServer is the server API for ProbeService service. // All implementations should embed UnimplementedProbeServiceServer -// for forward compatibility +// for forward compatibility. type ProbeServiceServer interface { GetProbeData(context.Context, *emptypb.Empty) (*ProbeResponse, error) } -// UnimplementedProbeServiceServer should be embedded to have forward compatible implementations. -type UnimplementedProbeServiceServer struct { -} +// UnimplementedProbeServiceServer should be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedProbeServiceServer struct{} func (UnimplementedProbeServiceServer) GetProbeData(context.Context, *emptypb.Empty) (*ProbeResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetProbeData not implemented") } +func (UnimplementedProbeServiceServer) testEmbeddedByValue() {} // UnsafeProbeServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to ProbeServiceServer will @@ -70,6 +75,13 @@ type UnsafeProbeServiceServer interface { } func RegisterProbeServiceServer(s grpc.ServiceRegistrar, srv ProbeServiceServer) { + // If the following call pancis, it indicates UnimplementedProbeServiceServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&ProbeService_ServiceDesc, srv) } @@ -129,8 +141,9 @@ func NewPolicyServiceClient(cc grpc.ClientConnInterface) PolicyServiceClient { } func (c *policyServiceClient) ContainerPolicy(ctx context.Context, in *Policy, opts ...grpc.CallOption) (*Response, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(Response) - err := c.cc.Invoke(ctx, PolicyService_ContainerPolicy_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, PolicyService_ContainerPolicy_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -138,8 +151,9 @@ func (c *policyServiceClient) ContainerPolicy(ctx context.Context, in *Policy, o } func (c *policyServiceClient) HostPolicy(ctx context.Context, in *Policy, opts ...grpc.CallOption) (*Response, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(Response) - err := c.cc.Invoke(ctx, PolicyService_HostPolicy_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, PolicyService_HostPolicy_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -148,15 +162,18 @@ func (c *policyServiceClient) HostPolicy(ctx context.Context, in *Policy, opts . // PolicyServiceServer is the server API for PolicyService service. // All implementations should embed UnimplementedPolicyServiceServer -// for forward compatibility +// for forward compatibility. type PolicyServiceServer interface { ContainerPolicy(context.Context, *Policy) (*Response, error) HostPolicy(context.Context, *Policy) (*Response, error) } -// UnimplementedPolicyServiceServer should be embedded to have forward compatible implementations. -type UnimplementedPolicyServiceServer struct { -} +// UnimplementedPolicyServiceServer should be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedPolicyServiceServer struct{} func (UnimplementedPolicyServiceServer) ContainerPolicy(context.Context, *Policy) (*Response, error) { return nil, status.Errorf(codes.Unimplemented, "method ContainerPolicy not implemented") @@ -164,6 +181,7 @@ func (UnimplementedPolicyServiceServer) ContainerPolicy(context.Context, *Policy func (UnimplementedPolicyServiceServer) HostPolicy(context.Context, *Policy) (*Response, error) { return nil, status.Errorf(codes.Unimplemented, "method HostPolicy not implemented") } +func (UnimplementedPolicyServiceServer) testEmbeddedByValue() {} // UnsafePolicyServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to PolicyServiceServer will @@ -173,6 +191,13 @@ type UnsafePolicyServiceServer interface { } func RegisterPolicyServiceServer(s grpc.ServiceRegistrar, srv PolicyServiceServer) { + // If the following call pancis, it indicates UnimplementedPolicyServiceServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&PolicyService_ServiceDesc, srv) }