Update logic corrected for accumulated events in report

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
falcosecurity · Jan 21, 2022 · b9da824 · b9da824
1 parent 675569d
commit b9da824
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 22 deletions.
diff --git a/outputs/policyadapter.go b/outputs/policyadapter.go
@@ -19,6 +19,16 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 )
 
+var report *clusterpolicyreport.ClusterPolicyReport = &clusterpolicyreport.ClusterPolicyReport{
+	ObjectMeta: metav1.ObjectMeta{
+		Name: "dummy-policy-report",
+	},
+	Summary: v1alpha2.PolicyReportSummary{
+		Fail: 0,
+		Warn: 0, //to-do
+	},
+}
+
 func NewPolicyReportClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error) {
 	restConfig, err := rest.InClusterConfig()
 	if err != nil {
@@ -45,22 +55,13 @@ func NewPolicyReportClient(config *types.Configuration, stats *types.Statistics,
 		KubernetesClient: clientset,
 		Crdclient:        crdclient,
 	}, nil
-
 }
 
 // PolicyReportPost creates Policy Report Resource in Kubernetes
 func (c *Client) PolicyReportCreate(falcopayload types.FalcoPayload) {
+	report.Summary.Fail++
 	ats := c.Crdclient.Wgpolicyk8sV1alpha2().ClusterPolicyReports()
-	report := &clusterpolicyreport.ClusterPolicyReport{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "dummy-policy-report",
-		},
-		Summary: v1alpha2.PolicyReportSummary{
-			Fail: 1, //hardcoded for time being; to-do
-		},
-	}
 	report.Results = append(report.Results, newResult(falcopayload))
-
 	_, getErr := ats.Get(context.Background(), report.Name, metav1.GetOptions{})
 	if errors.IsNotFound(getErr) {
 		result, err := ats.Create(context.TODO(), report, metav1.CreateOptions{})
@@ -70,22 +71,17 @@ func (c *Client) PolicyReportCreate(falcopayload types.FalcoPayload) {
 		fmt.Printf("[INFO] :Created policy-report %q.\n", result.GetObjectMeta().GetName())
 	} else {
 		// Update existing Policy Report
-		fmt.Println("[INFO] :updating policy report...")
 		retryErr := retry.RetryOnConflict(retry.DefaultRetry, func() error {
-
 			result, err := ats.Get(context.Background(), report.GetName(), metav1.GetOptions{})
 			if errors.IsNotFound(err) {
 				// This doesnt ever happen even if it is already deleted or not found
 				log.Printf("[ERROR] :%v not found", report.GetName())
 				return nil
 			}
-
 			if err != nil {
 				return err
 			}
-
 			report.SetResourceVersion(result.GetResourceVersion())
-
 			_, updateErr := ats.Update(context.Background(), report, metav1.UpdateOptions{})
 			return updateErr
 		})

diff --git a/res.yaml b/res.yaml
@@ -3,11 +3,11 @@ items:
 - apiVersion: wgpolicyk8s.io/v1alpha2
   kind: ClusterPolicyReport
   metadata:
-    creationTimestamp: "2021-07-23T09:39:37Z"
-    generation: 1
+    creationTimestamp: "2021-07-26T13:35:06Z"
+    generation: 16
     name: dummy-policy-report
-    resourceVersion: "552"
-    uid: 079aedba-9f5e-4d16-afa2-ab197abec908
+    resourceVersion: "1390"
+    uid: 212f815f-919e-456f-8753-788b3f786165
   results:
   - message: |
       Grep private keys or passwords activities found (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline container_id=%container.id container_name=%container.name image=%container.image.repository:%container.image.tag)
@@ -24,11 +24,38 @@ items:
     severity: medium
     source: Falco
     timestamp:
-      nanos: 96459877
-      seconds: 37
+      nanos: 739691631
+      seconds: 49
+  - message: K8s Serviceaccount Created (user=%ka.user.name user=%ka.target.name ns=%ka.target.namespace
+      resp=%ka.response.code decision=%ka.auth.decision reason=%ka.auth.reason)
+    policy: K8s Serviceaccount Created
+    properties:
+      ka.auth.decision: '%ka.auth.decision'
+      ka.auth.reason: '%ka.auth.reason'
+      ka.response.code: '%ka.response.code'
+      ka.target.name: '%ka.target.name'
+      ka.target.namespace: '%ka.target.namespace'
+      ka.user.name: '%ka.user.name'
+    result: fail
+    severity: low
+    source: Falco
+    timestamp:
+      nanos: 741423227
+      seconds: 51
+  - message: Disallowed namespace created (user=%ka.user.name ns=%ka.target.name)
+    policy: Create Disallowed Namespace
+    properties:
+      ka.target.name: '%ka.target.name'
+      ka.user.name: '%ka.user.name'
+    result: fail
+    severity: medium
+    source: Falco
+    timestamp:
+      nanos: 743455923
+      seconds: 55
   summary:
     error: 0
-    fail: 1
+    fail: 3
     pass: 0
     skip: 0
     warn: 0