🐛 Fix k8s manifests platformIDs and asset name (#2311)

* 🐛 Fix k8s manifests platformIDs and asset name Fixes #2302 Signed-off-by: Christian Zunker <[email protected]> * 🧹 add test case for platform id --------- Signed-off-by: Christian Zunker <[email protected]> Co-authored-by: Christoph Hartmann <[email protected]>
mondoohq · Oct 22, 2023 · e7b03ba · e7b03ba
1 parent fd54592
commit e7b03ba
Show file tree

Hide file tree

Showing 6 changed files with 1,043 additions and 66 deletions.
diff --git a/providers/k8s/connection/manifest/connection.go b/providers/k8s/connection/manifest/connection.go
@@ -62,17 +62,30 @@ func NewConnection(id uint32, asset *inventory.Asset, opts ...Option) (shared.Co
 	manifest := []byte{}
 	var err error
 
+	clusterName := ""
 	if len(c.manifestContent) > 0 {
 		manifest = c.manifestContent
+		clusterName = "K8s Manifest"
 	} else if c.manifestFile != "" {
 		manifest, err = shared.LoadManifestFile(c.manifestFile)
 		if err != nil {
 			return nil, err
 		}
 		// manifest parent directory name
-		clusterName := shared.ProjectNameFromPath(c.manifestFile)
+		clusterName = shared.ProjectNameFromPath(c.manifestFile)
 		clusterName = "K8s Manifest " + clusterName
 	}
+	// discovered assets pass by here
+	// They already have a name, so do not override it here.
+	if asset.Name == "" {
+		asset.Name = clusterName
+	}
+
+	platformId, err := c.AssetId()
+	if err != nil {
+		return nil, err
+	}
+	asset.PlatformIds = []string{platformId}
 
 	c.ManifestParser, err = shared.NewManifestParser(manifest, c.namespace, "")
 	if err != nil {
@@ -123,11 +136,11 @@ func (c *Connection) AssetId() (string, error) {
 	// the same resource multiple times but it will result in different assets because of the random
 	// file name.
 
-	if len(c.Objects) == 1 {
+	if len(c.Objects) == 1 && c.asset.Platform.Runtime == "k8s-admission" {
 		o, err := meta.Accessor(c.Objects[0])
 		if err == nil {
 			if o.GetUID() != "" {
-				return string(o.GetUID()), nil
+				return shared.NewPlatformId(string(o.GetUID())), nil
 			}
 		}
 	}

diff --git a/providers/k8s/connection/manifest/connection_test.go b/providers/k8s/connection/manifest/connection_test.go
@@ -1,17 +1,53 @@
 // Copyright (c) Mondoo, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 
-package manifest
+package manifest_test
 
-// import (
-// 	"os"
-// 	"testing"
+import (
+	"github.com/stretchr/testify/require"
+	"go.mondoo.com/cnquery/v9/providers"
+	"go.mondoo.com/cnquery/v9/providers-sdk/v1/inventory"
+	"go.mondoo.com/cnquery/v9/providers-sdk/v1/plugin"
+	"go.mondoo.com/cnquery/v9/providers-sdk/v1/testutils"
+	k8s_conf "go.mondoo.com/cnquery/v9/providers/k8s/config"
+	"go.mondoo.com/cnquery/v9/providers/k8s/connection/shared"
+	k8s_provider "go.mondoo.com/cnquery/v9/providers/k8s/provider"
 
-// 	"github.com/stretchr/testify/assert"
-// 	"github.com/stretchr/testify/require"
-// 	"go.mondoo.com/cnquery/v9/motor/providers"
-// 	"go.mondoo.com/cnquery/v9/providers/k8s/connection/shared/resources"
-// )
+	"testing"
+)
+
+func K8s() *providers.Runtime {
+	k8sSchema := testutils.MustLoadSchema(testutils.SchemaProvider{Provider: "k8s"})
+	runtime := providers.Coordinator.NewRuntime()
+	provider := &providers.RunningProvider{
+		Name:   k8s_conf.Config.Name,
+		ID:     k8s_conf.Config.ID,
+		Plugin: k8s_provider.Init(),
+		Schema: k8sSchema,
+	}
+	runtime.Provider = &providers.ConnectedProvider{Instance: provider}
+	runtime.AddConnectedProvider(runtime.Provider)
+	return runtime
+}
+
+func TestPlatformIDDetectionManifest(t *testing.T) {
+	path := "./testdata/deployment.yaml"
+
+	runtime := K8s()
+	err := runtime.Connect(&plugin.ConnectReq{
+		Asset: &inventory.Asset{
+			Connections: []*inventory.Config{{
+				Type: "k8s",
+				Options: map[string]string{
+					shared.OPTION_MANIFEST: path,
+				},
+			}},
+		},
+	})
+	require.NoError(t, err)
+	// verify that the asset object gets the platform id
+	require.Equal(t, "//platformid.api.mondoo.app/runtime/k8s/uid/5c44b3080881cb47faaedf5754099b8b670a85b69861f64692d6323550197b2d", runtime.Provider.Connection.Asset.PlatformIds[0])
+}
 
 // type K8sObjectKindTest struct {
 // 	kind string

diff --git a/providers/k8s/connection/manifest/testdata/deployment.yaml b/providers/k8s/connection/manifest/testdata/deployment.yaml
@@ -0,0 +1,115 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    deployment.kubernetes.io/revision: "4"
+    kubectl.kubernetes.io/last-applied-configuration: |
+      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"mondoo-operator"},"name":"mondoo-operator-controller-manager","namespace":"mondoo-operator"},"spec":{"replicas":1,"selector":{"matchLabels":{"app.kubernetes.io/name":"mondoo-operator"}},"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/default-container":"manager"},"labels":{"app.kubernetes.io/name":"mondoo-operator"}},"spec":{"containers":[{"args":["operator","--health-probe-bind-address=:8081","--metrics-bind-address=:8080","--leader-elect"],"command":["/mondoo-operator"],"image":"ghcr.io/mondoohq/mondoo-operator:v1.0.1","imagePullPolicy":"IfNotPresent","livenessProbe":{"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20},"name":"manager","ports":[{"containerPort":8080,"name":"metrics","protocol":"TCP"}],"readinessProbe":{"httpGet":{"path":"/readyz","port":8081},"initialDelaySeconds":5,"periodSeconds":10},"resources":{"limits":{"cpu":"200m","memory":"60Mi"},"requests":{"cpu":"100m","memory":"35Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true}}],"securityContext":{"runAsNonRoot":true},"serviceAccountName":"mondoo-operator-controller-manager","terminationGracePeriodSeconds":10}}}}
+  creationTimestamp: "2022-08-16T10:31:58Z"
+  generation: 4
+  labels:
+    app.kubernetes.io/name: mondoo-operator
+  name: mondoo-operator-controller-manager
+  namespace: mondoo-operator
+  resourceVersion: "131656394"
+  uid: 3eae16c2-2b55-4048-a84b-03a849d12e40
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: mondoo-operator
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      creationTimestamp: null
+      labels:
+        app.kubernetes.io/name: mondoo-operator
+    spec:
+      affinity: {}
+      containers:
+        - args:
+            - operator
+            - --health-probe-bind-address=:8081
+            - --metrics-bind-address=:8080
+            - --leader-elect
+          command:
+            - /mondoo-operator
+          env:
+            - name: FEATURE_DISCOVER_WORKLOADS
+              value: "1"
+          image: ghcr.io/mondoohq/mondoo-operator:v1.1.1
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 8081
+              scheme: HTTP
+            initialDelaySeconds: 15
+            periodSeconds: 20
+            successThreshold: 1
+            timeoutSeconds: 1
+          name: manager
+          ports:
+            - containerPort: 8080
+              name: metrics
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 8081
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          resources:
+            limits:
+              cpu: 200m
+              memory: 60Mi
+            requests:
+              cpu: 100m
+              memory: 35Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext:
+        runAsNonRoot: true
+      serviceAccount: mondoo-operator-controller-manager
+      serviceAccountName: mondoo-operator-controller-manager
+      terminationGracePeriodSeconds: 10
+status:
+  availableReplicas: 1
+  conditions:
+    - lastTransitionTime: "2022-08-16T10:32:08Z"
+      lastUpdateTime: "2022-08-16T10:32:08Z"
+      message: Deployment has minimum availability.
+      reason: MinimumReplicasAvailable
+      status: "True"
+      type: Available
+    - lastTransitionTime: "2022-08-16T10:31:58Z"
+      lastUpdateTime: "2022-08-17T09:30:22Z"
+      message:
+        ReplicaSet "mondoo-operator-controller-manager-67679dfd98" has successfully
+        progressed.
+      reason: NewReplicaSetAvailable
+      status: "True"
+      type: Progressing
+  observedGeneration: 4
+  readyReplicas: 1
+  replicas: 1
+  updatedReplicas: 1
diff --git a/providers/k8s/connection/shared/connection.go b/providers/k8s/connection/shared/connection.go
@@ -23,6 +23,7 @@ const (
 	OPTION_ADMISSION         = "k8s-admission-review"
 	OPTION_OBJECT_KIND       = "object-kind"
 	OPTION_CONTEXT           = "context"
+	idPrefix                 = "//platformid.api.mondoo.app/runtime/k8s/uid/"
 )
 
 type ConnectionType string
@@ -63,56 +64,6 @@ type ResourceResult struct {
 	AllNs     bool
 }
 
-func getPlatformInfo(objectKind string, runtime string) *inventory.Platform {
-	// We need this at two places (discovery and provider)
-	// Here it is needed for the transport and this is what is shown on the cli
-	platformData := &inventory.Platform{
-		Family:  []string{"k8s", "k8s-workload"},
-		Kind:    "k8s-object",
-		Runtime: runtime,
-	}
-	switch objectKind {
-	case "pod":
-		platformData.Name = "k8s-pod"
-		platformData.Title = "Kubernetes Pod"
-		return platformData
-	case "cronjob":
-		platformData.Name = "k8s-cronjob"
-		platformData.Title = "Kubernetes CronJob"
-		return platformData
-	case "statefulset":
-		platformData.Name = "k8s-statefulset"
-		platformData.Title = "Kubernetes StatefulSet"
-		return platformData
-	case "deployment":
-		platformData.Name = "k8s-deployment"
-		platformData.Title = "Kubernetes Deployment"
-		return platformData
-	case "job":
-		platformData.Name = "k8s-job"
-		platformData.Title = "Kubernetes Job"
-		return platformData
-	case "replicaset":
-		platformData.Name = "k8s-replicaset"
-		platformData.Title = "Kubernetes ReplicaSet"
-		return platformData
-	case "daemonset":
-		platformData.Name = "k8s-daemonset"
-		platformData.Title = "Kubernetes DaemonSet"
-		return platformData
-	case "ingress":
-		platformData.Name = "k8s-ingress"
-		platformData.Title = "Kubernetes Ingress"
-		return platformData
-	case "namespace":
-		platformData.Name = "k8s-namespace"
-		platformData.Title = "Kubernetes Namespace"
-		return platformData
-	}
-
-	return nil
-}
-
 func sliceToPtrSlice[T any](items []T) []*T {
 	ptrItems := make([]*T, 0, len(items))
 	for i := range items {
@@ -122,7 +73,7 @@ func sliceToPtrSlice[T any](items []T) []*T {
 }
 
 func NewPlatformId(assetId string) string {
-	return "//platformid.api.mondoo.app/runtime/k8s/uid/" + assetId
+	return idPrefix + assetId
 }
 
 func NewWorkloadPlatformId(clusterIdentifier, workloadType, namespace, name, uid string) string {
@@ -143,7 +94,7 @@ func NewWorkloadPlatformId(clusterIdentifier, workloadType, namespace, name, uid
 
 func NewNamespacePlatformId(clusterIdentifier, name, uid string) string {
 	if clusterIdentifier == "" {
-		return fmt.Sprintf("//platformid.api.mondoo.app/runtime/k8s/namespace/%s", name)
+		return fmt.Sprintf("%snamespace/%s", idPrefix, name)
 	}
 
 	return fmt.Sprintf("%s/namespace/%s/uid/%s", clusterIdentifier, name, uid)