Skip to content

Commit

Permalink
reduce the usage of k8s client api
Browse files Browse the repository at this point in the history
Signed-off-by: Ankur Kothiwal <ankur.kothiwal@accuknox.com>
  • Loading branch information
Ankurk99 committed Dec 12, 2022
1 parent 9c436a7 commit d5cdf7d
Show file tree
Hide file tree
Showing 10 changed files with 94 additions and 30 deletions.
2 changes: 1 addition & 1 deletion src/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ GIT_INFO := $(shell govvv -flags -pkg $(PKG))
.PHONY: build
build:
@# for build_image -> CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -ldflags '-s -w' -o knoxAutoPolicy main.go
@# for delve -> cd $(CURDIR); go mod tidy; go build -tags debugger -gcflags="all=-N -l" -o knoxAutoPolicy main.go
@# for delve -> cd $(CURDIR); go mod tidy; go build -O -tags debugger -gcflags="all=-N -l -m" -o knoxAutoPolicy main.go
go mod tidy
go build -ldflags "$(GIT_INFO)" -o knoxAutoPolicy main.go

Expand Down
10 changes: 5 additions & 5 deletions src/cluster/clusterResourceHandler.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,13 +66,13 @@ func GetAllClusterResources(cluster string) ([]string, []types.Service, []types.
}

// ExtractPodSvcInfoFromIP -- Extract respective podname/ns/labels from pod/svc ip
func ExtractPodSvcInfoFromIP(ip, clustername string) (string, string, string) {
func ExtractPodSvcInfoFromIP(ip, clustername string, pods []types.Pod, services []types.Service) (string, string, string) {
podSvcName := ip

_, services, _, pods, err := GetAllClusterResources(clustername)
if err != nil {
return podSvcName, "", ""
}
// _, services, _, pods, err := GetAllClusterResources(clustername)
// if err != nil {
// return podSvcName, "", ""
// }

for _, pod := range pods {
if pod.PodIP == ip {
Expand Down
10 changes: 5 additions & 5 deletions src/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -111,12 +111,12 @@ require (
github.com/subosito/gotenv v1.2.0 // indirect
go.uber.org/atomic v1.7.0 // indirect
golang.org/x/crypto v0.1.0 // indirect
golang.org/x/net v0.1.0 // indirect
golang.org/x/net v0.3.0 // indirect
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
golang.org/x/sys v0.1.0 // indirect
golang.org/x/term v0.1.0 // indirect
golang.org/x/text v0.4.0 // indirect
golang.org/x/sync v0.1.0 // indirect
golang.org/x/sys v0.3.0 // indirect
golang.org/x/term v0.3.0 // indirect
golang.org/x/text v0.5.0 // indirect
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect
Expand Down
20 changes: 10 additions & 10 deletions src/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -1073,8 +1073,8 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/net v0.3.0 h1:VWL6FNY2bEEmsGVKabSlHu5Irp34xmMRoqb/9lF9lxk=
golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
Expand Down Expand Up @@ -1105,8 +1105,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
Expand Down Expand Up @@ -1206,14 +1206,14 @@ golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI=
golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
Expand All @@ -1224,8 +1224,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
Expand Down
41 changes: 41 additions & 0 deletions src/libs/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ import (

"github.com/clarketm/json"

"net/http"
"net/http/pprof"

cfg "github.com/accuknox/auto-policy-discovery/src/config"
logger "github.com/accuknox/auto-policy-discovery/src/logging"
"github.com/accuknox/auto-policy-discovery/src/types"
Expand Down Expand Up @@ -159,17 +162,55 @@ func (i *cfgArray) Set(str string) error {
return nil
}

// Manually recreate routes for profiling
func pprofinit() {
pprofServeMux := http.NewServeMux()
pprofServeMux.Handle("/debug/pprof", http.HandlerFunc(pprof.Index))
pprofServeMux.Handle("/debug/pprof/cmdline", http.HandlerFunc(pprof.Cmdline))
pprofServeMux.Handle("/debug/pprof/profile", http.HandlerFunc(pprof.Profile))
pprofServeMux.Handle("/debug/pprof/symbol", http.HandlerFunc(pprof.Symbol))
pprofServeMux.Handle("/debug/pprof/heap", pprof.Handler("heap"))
pprofServeMux.Handle("/debug/pprof/block", pprof.Handler("block"))
pprofServeMux.Handle("/debug/pprof/goroutine", pprof.Handler("goroutine"))
pprofServeMux.Handle("/debug/pprof/threadcreate", pprof.Handler("threadcreate"))

server := &http.Server{
Addr: "localhost:6060",
ReadHeaderTimeout: 90 * time.Second,
ReadTimeout: 90 * time.Second,
WriteTimeout: 90 * time.Second,
Handler: pprofServeMux,
}

go func() {
log.Info().Msgf("Starting pprof... (on port 6060) \n")
err := server.ListenAndServe()
if err != nil {
log.Error().Msg("ListenAndServe: " + err.Error())
}
}()
}

/* configuration file values are final values */
func CheckCommandLineConfig() {
var cmdlineCfg cfgArray

pprofflag := flag.Bool("pprof", false, "enable pprof")
version1 := flag.Bool("v", false, "print version and exit")
version2 := flag.Bool("version", false, "print version and exit")
flag.Var(&cmdlineCfg, "cfg", "Configuration key=val")

configFilePath := flag.String("config-path", "conf/", "conf/")
flag.Parse()

// Reset default routes (removing access to profiling)
http.DefaultServeMux = http.NewServeMux()

// enable pprof profiling if enabled
if *pprofflag {
pprofinit()
}

if *version1 || *version2 {
os.Exit(0)
}
Expand Down
4 changes: 2 additions & 2 deletions src/libs/dbHandler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ func TestInsertNetworkPolicies(t *testing.T) {
).WillReturnResult(sqlmock.NewResult(0, 1))

nfe := []types.KnoxNetworkPolicy{
types.KnoxNetworkPolicy{
{
Kind: "kind",
},
}
Expand Down Expand Up @@ -132,7 +132,7 @@ func TestInsertNetworkPoliciesSQLite(t *testing.T) {
).WillReturnResult(sqlmock.NewResult(0, 1))

nfe := []types.KnoxNetworkPolicy{
types.KnoxNetworkPolicy{
{
Kind: "kind",
},
}
Expand Down
9 changes: 8 additions & 1 deletion src/observability/summarizer.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,14 @@ func extractNetworkInfoFromSystemLog(netLog pb.Log) (string, string, string, str
resslice := strings.Split(netLog.Resource, " ")
for _, locres := range resslice {
if strings.Contains(locres, "remoteip") {
ip, destLabel, destNs = cluster.ExtractPodSvcInfoFromIP(strings.Split(locres, "=")[1], netLog.ClusterName)
_, services, _, pods, err := cluster.GetAllClusterResources(netLog.ClusterName)
if err != nil {
ip = strings.Split(locres, "=")[1]
destLabel = ""
destNs = ""
} else {
ip, destLabel, destNs = cluster.ExtractPodSvcInfoFromIP(strings.Split(locres, "=")[1], netLog.ClusterName, pods, services)
}
}
if strings.Contains(locres, "port") {
port = strings.Split(locres, "=")[1]
Expand Down
18 changes: 17 additions & 1 deletion src/plugin/kubearmor.go
Original file line number Diff line number Diff line change
Expand Up @@ -556,6 +556,12 @@ func ConvertKubeArmorNetLogToKnoxNetLog(kaNwLogs []*pb.Log) []types.KnoxNetworkL

results := []types.KnoxNetworkLog{}

var destPod, destLabels, destNs string
var services []types.Service
var pods []types.Pod
var err error
existingClustername := ""

for _, kalog := range kaNwLogs {
var ip, port string
locKnoxLog := types.KnoxNetworkLog{
Expand Down Expand Up @@ -590,13 +596,23 @@ func ConvertKubeArmorNetLogToKnoxNetLog(kaNwLogs []*pb.Log) []types.KnoxNetworkL
continue
}

destPod, destLabels, destNs := cluster.ExtractPodSvcInfoFromIP(ip, kalog.ClusterName)
if existingClustername != kalog.ClusterName {
_, services, _, pods, err = cluster.GetAllClusterResources(kalog.ClusterName)
if err != nil {
destPod = ip
destLabels = ""
destNs = ""
}
existingClustername = kalog.ClusterName
}

destPod, destLabels, destNs = cluster.ExtractPodSvcInfoFromIP(ip, kalog.ClusterName, pods, services)
if ip != destPod && strings.Contains(destPod, "pod") {
locKnoxLog.DstPodName = strings.Split(destPod, "/")[1]
locKnoxLog.DstReservedLabels = strings.Split(destLabels, ",")
locKnoxLog.DstNamespace = destNs
}

locKnoxLog.DstIP = ip
locKnoxLog.DstPort, _ = strconv.Atoi(port)
locKnoxLog.SynFlag = true
Expand Down
8 changes: 4 additions & 4 deletions src/systempolicy/deduplicator.go
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ func UpdateProcessOperation(newPolicy types.KnoxSystemPolicy, existingPolicies [

if src != "" {
matchDirs.FromSource = []types.KnoxFromSource{
types.KnoxFromSource{
{
Path: src,
},
}
Expand All @@ -143,7 +143,7 @@ func UpdateProcessOperation(newPolicy types.KnoxSystemPolicy, existingPolicies [

if src != "" {
matchPaths.FromSource = []types.KnoxFromSource{
types.KnoxFromSource{
{
Path: src,
},
}
Expand Down Expand Up @@ -264,7 +264,7 @@ func UpdateFileOperation(newPolicy types.KnoxSystemPolicy, existingPolicies []ty

if src != "" {
matchDirs.FromSource = []types.KnoxFromSource{
types.KnoxFromSource{
{
Path: src,
},
}
Expand All @@ -282,7 +282,7 @@ func UpdateFileOperation(newPolicy types.KnoxSystemPolicy, existingPolicies []ty

if src != "" {
matchPaths.FromSource = []types.KnoxFromSource{
types.KnoxFromSource{
{
Path: src,
},
}
Expand Down
2 changes: 1 addition & 1 deletion src/systempolicy/helperFunctions.go
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ func GetWPFSSources() []string {

var fromSource []string

for wpfs, _ := range res {
for wpfs := range res {
if wpfs.FromSource != "" && wpfs.Namespace == types.PolicyDiscoveryVMNamespace {
fromSource = append(fromSource, wpfs.FromSource)
}
Expand Down

0 comments on commit d5cdf7d

Please sign in to comment.