diff --git a/pkg/apis/aquasecurity/v1alpha1/kube_hunter_types.go b/pkg/apis/aquasecurity/v1alpha1/kube_hunter_types.go index ae90e20a3..0bbfdbd78 100644 --- a/pkg/apis/aquasecurity/v1alpha1/kube_hunter_types.go +++ b/pkg/apis/aquasecurity/v1alpha1/kube_hunter_types.go @@ -34,7 +34,7 @@ type KubeHunterReport struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Report KubeHunterOutput `json:"report"` + Report KubeHunterReportData `json:"report"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -47,7 +47,7 @@ type KubeHunterReportList struct { Items []KubeHunterReport `json:"items"` } -type KubeHunterOutput struct { +type KubeHunterReportData struct { UpdateTimestamp metav1.Time `json:"updateTimestamp"` Scanner Scanner `json:"scanner"` Summary KubeHunterSummary `json:"summary"` diff --git a/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go index b67e47249..c8c0aa41c 100644 --- a/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go @@ -470,30 +470,6 @@ func (in *ConfigAuditSummary) DeepCopy() *ConfigAuditSummary { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeHunterOutput) DeepCopyInto(out *KubeHunterOutput) { - *out = *in - in.UpdateTimestamp.DeepCopyInto(&out.UpdateTimestamp) - out.Scanner = in.Scanner - out.Summary = in.Summary - if in.Vulnerabilities != nil { - in, out := &in.Vulnerabilities, &out.Vulnerabilities - *out = make([]KubeHunterVulnerability, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeHunterOutput. -func (in *KubeHunterOutput) DeepCopy() *KubeHunterOutput { - if in == nil { - return nil - } - out := new(KubeHunterOutput) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KubeHunterReport) DeepCopyInto(out *KubeHunterReport) { *out = *in @@ -521,6 +497,30 @@ func (in *KubeHunterReport) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeHunterReportData) DeepCopyInto(out *KubeHunterReportData) { + *out = *in + in.UpdateTimestamp.DeepCopyInto(&out.UpdateTimestamp) + out.Scanner = in.Scanner + out.Summary = in.Summary + if in.Vulnerabilities != nil { + in, out := &in.Vulnerabilities, &out.Vulnerabilities + *out = make([]KubeHunterVulnerability, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeHunterReportData. +func (in *KubeHunterReportData) DeepCopy() *KubeHunterReportData { + if in == nil { + return nil + } + out := new(KubeHunterReportData) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KubeHunterReportList) DeepCopyInto(out *KubeHunterReportList) { *out = *in diff --git a/pkg/kubehunter/model.go b/pkg/kubehunter/model.go index b354ba3be..2a4cc9f9a 100644 --- a/pkg/kubehunter/model.go +++ b/pkg/kubehunter/model.go @@ -5,19 +5,19 @@ import ( "io" "time" - sec "github.com/aquasecurity/starboard/pkg/apis/aquasecurity/v1alpha1" + "github.com/aquasecurity/starboard/pkg/apis/aquasecurity/v1alpha1" "github.com/aquasecurity/starboard/pkg/starboard" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -func toSummary(vulnerabilities []sec.KubeHunterVulnerability) (summary sec.KubeHunterSummary) { +func toSummary(vulnerabilities []v1alpha1.KubeHunterVulnerability) (summary v1alpha1.KubeHunterSummary) { for _, v := range vulnerabilities { switch v.Severity { - case sec.KubeHunterSeverityHigh: + case v1alpha1.KubeHunterSeverityHigh: summary.HighCount++ - case sec.KubeHunterSeverityMedium: + case v1alpha1.KubeHunterSeverityMedium: summary.MediumCount++ - case sec.KubeHunterSeverityLow: + case v1alpha1.KubeHunterSeverityLow: summary.LowCount++ default: summary.UnknownCount++ @@ -26,27 +26,29 @@ func toSummary(vulnerabilities []sec.KubeHunterVulnerability) (summary sec.KubeH return } -func OutputFrom(config Config, reader io.Reader) (report sec.KubeHunterOutput, err error) { +func OutputFrom(config Config, reader io.Reader) (v1alpha1.KubeHunterReportData, error) { imageRef, err := config.GetKubeHunterImageRef() if err != nil { - return report, err + return v1alpha1.KubeHunterReportData{}, err } version, err := starboard.GetVersionFromImageRef(imageRef) if err != nil { - return sec.KubeHunterOutput{}, err + return v1alpha1.KubeHunterReportData{}, err } - report.Scanner = sec.Scanner{ - Name: "kube-hunter", - Vendor: "Aqua Security", - Version: version, + report := v1alpha1.KubeHunterReportData{ + Scanner: v1alpha1.Scanner{ + Name: "kube-hunter", + Vendor: "Aqua Security", + Version: version, + }, } report.UpdateTimestamp = metav1.NewTime(time.Now()) err = json.NewDecoder(reader).Decode(&report) if err != nil { - return + return v1alpha1.KubeHunterReportData{}, err } report.Summary = toSummary(report.Vulnerabilities) - return + return report, nil } diff --git a/pkg/kubehunter/scanner.go b/pkg/kubehunter/scanner.go index 2d605bb8f..81ec3190b 100644 --- a/pkg/kubehunter/scanner.go +++ b/pkg/kubehunter/scanner.go @@ -51,17 +51,17 @@ func NewScanner( } } -func (s *Scanner) Scan(ctx context.Context) (v1alpha1.KubeHunterOutput, error) { +func (s *Scanner) Scan(ctx context.Context) (v1alpha1.KubeHunterReportData, error) { // 1. Prepare descriptor for the Kubernetes Job which will run kube-hunter job, err := s.prepareKubeHunterJob() if err != nil { - return v1alpha1.KubeHunterOutput{}, err + return v1alpha1.KubeHunterReportData{}, err } // 2. Run the prepared Job and wait for its completion or failure err = runner.New().Run(ctx, kube.NewRunnableJob(s.scheme, s.clientset, job)) if err != nil { - return v1alpha1.KubeHunterOutput{}, fmt.Errorf("running kube-hunter job: %w", err) + return v1alpha1.KubeHunterReportData{}, fmt.Errorf("running kube-hunter job: %w", err) } defer func() { @@ -82,7 +82,7 @@ func (s *Scanner) Scan(ctx context.Context) (v1alpha1.KubeHunterOutput, error) { job.Namespace, job.Name) logsStream, err := s.logsReader.GetLogsByJobAndContainerName(ctx, job, kubeHunterContainerName) if err != nil { - return v1alpha1.KubeHunterOutput{}, fmt.Errorf("getting logs: %w", err) + return v1alpha1.KubeHunterReportData{}, fmt.Errorf("getting logs: %w", err) } defer func() { _ = logsStream.Close() diff --git a/pkg/kubehunter/writer.go b/pkg/kubehunter/writer.go index 0ac490a44..f14d4b4da 100644 --- a/pkg/kubehunter/writer.go +++ b/pkg/kubehunter/writer.go @@ -13,7 +13,7 @@ import ( ) type Writer interface { - Write(ctx context.Context, report v1alpha1.KubeHunterOutput, cluster string) error + Write(ctx context.Context, report v1alpha1.KubeHunterReportData, cluster string) error } type writer struct { @@ -26,7 +26,7 @@ func NewWriter(clientset versioned.Interface) Writer { } } -func (w *writer) Write(ctx context.Context, report v1alpha1.KubeHunterOutput, cluster string) error { +func (w *writer) Write(ctx context.Context, report v1alpha1.KubeHunterReportData, cluster string) error { if strings.TrimSpace(cluster) == "" { return errors.New("cluster name must not be blank") } diff --git a/pkg/kubehunter/writer_test.go b/pkg/kubehunter/writer_test.go index 9b08bc04f..d058ee2cd 100644 --- a/pkg/kubehunter/writer_test.go +++ b/pkg/kubehunter/writer_test.go @@ -19,7 +19,7 @@ func TestWriter_Write(t *testing.T) { clientset := fake.NewSimpleClientset() writer := kubehunter.NewWriter(clientset) - err := writer.Write(context.TODO(), v1alpha1.KubeHunterOutput{ + err := writer.Write(context.TODO(), v1alpha1.KubeHunterReportData{ Summary: v1alpha1.KubeHunterSummary{ HighCount: 7, }, @@ -42,7 +42,7 @@ func TestWriter_Write(t *testing.T) { starboard.LabelResourceName: "my-cluster", }, }, - Report: v1alpha1.KubeHunterOutput{ + Report: v1alpha1.KubeHunterReportData{ Summary: v1alpha1.KubeHunterSummary{ HighCount: 7, }, @@ -60,7 +60,7 @@ func TestWriter_Write(t *testing.T) { starboard.LabelResourceName: "my-cluster", }, }, - Report: v1alpha1.KubeHunterOutput{ + Report: v1alpha1.KubeHunterReportData{ Summary: v1alpha1.KubeHunterSummary{ HighCount: 1, }, @@ -68,7 +68,7 @@ func TestWriter_Write(t *testing.T) { }) writer := kubehunter.NewWriter(clientset) - err := writer.Write(context.TODO(), v1alpha1.KubeHunterOutput{ + err := writer.Write(context.TODO(), v1alpha1.KubeHunterReportData{ Summary: v1alpha1.KubeHunterSummary{ HighCount: 3, }, @@ -91,7 +91,7 @@ func TestWriter_Write(t *testing.T) { starboard.LabelResourceName: "my-cluster", }, }, - Report: v1alpha1.KubeHunterOutput{ + Report: v1alpha1.KubeHunterReportData{ Summary: v1alpha1.KubeHunterSummary{ HighCount: 3, },