forked from kube-tarian/tarian
/
constraints.go
120 lines (97 loc) · 2.8 KB
/
constraints.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package get
import (
"context"
"fmt"
"os"
"strings"
"github.com/devopstoday11/tarian/pkg/logger"
"github.com/devopstoday11/tarian/pkg/tarianctl/client"
"github.com/devopstoday11/tarian/pkg/tarianctl/util"
"github.com/devopstoday11/tarian/pkg/tarianpb"
"github.com/olekukonko/tablewriter"
cli "github.com/urfave/cli/v2"
"gopkg.in/yaml.v3"
)
func NewGetConstraintsCommand() *cli.Command {
return &cli.Command{
Name: "constraints",
Usage: "Get constraints from the Tarian Server.",
Flags: []cli.Flag{&cli.StringFlag{
Name: "output",
Aliases: []string{"o"},
Usage: "Output format. Valid values: yaml",
Value: "",
}},
Action: func(c *cli.Context) error {
logger := logger.GetLogger(c.String("log-level"), c.String("log-encoding"))
util.SetLogger(logger)
opts := util.ClientOptionsFromCliContext(c)
client, _ := client.NewConfigClient(c.String("server-address"), opts...)
response, err := client.GetConstraints(context.Background(), &tarianpb.GetConstraintsRequest{})
if err != nil {
logger.Fatal(err)
}
outputFormat := c.String("output")
if outputFormat == "" {
table := tablewriter.NewWriter(os.Stdout)
table.SetHeader([]string{"Namespace", "Constraint Name", "Selector", "Allowed Processes", "Allowed Files"})
table.SetColumnSeparator(" ")
table.SetCenterSeparator("-")
table.SetAlignment(tablewriter.ALIGN_LEFT)
for _, c := range response.GetConstraints() {
table.Append([]string{c.GetNamespace(), c.GetName(), matchLabelsToString(c.GetSelector().GetMatchLabels()), allowedProcessesToString(c.GetAllowedProcesses()), allowedFilesToString(c.GetAllowedFiles())})
}
table.Render()
} else if outputFormat == "yaml" {
for _, c := range response.GetConstraints() {
d, err := yaml.Marshal(c)
if err != nil {
return err
}
fmt.Print(string(d))
fmt.Println("---")
}
}
return nil
},
}
}
func matchLabelsToString(labels []*tarianpb.MatchLabel) string {
if len(labels) == 0 {
return ""
}
str := strings.Builder{}
str.WriteString("matchLabels:")
for i, l := range labels {
str.WriteString(l.GetKey())
str.WriteString("=")
str.WriteString(l.GetValue())
if i < len(labels)-1 {
str.WriteString(",")
}
}
return str.String()
}
func allowedProcessesToString(rules []*tarianpb.AllowedProcessRule) string {
str := strings.Builder{}
for i, r := range rules {
str.WriteString("regex:")
str.WriteString(r.GetRegex())
if i < len(rules)-1 {
str.WriteString(",")
}
}
return str.String()
}
func allowedFilesToString(rules []*tarianpb.AllowedFileRule) string {
str := strings.Builder{}
for i, r := range rules {
str.WriteString(r.GetName())
str.WriteString(":")
str.WriteString(r.GetSha256Sum())
if i < len(rules)-1 {
str.WriteString(",")
}
}
return str.String()
}