-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Support initContainers Signed-off-by: David Wertenteil <dwertent@armosec.io> * Adding more statuses Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed iteration Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>
- Loading branch information
Showing
26 changed files
with
2,523 additions
and
403 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
package containerinstance | ||
|
||
import ( | ||
"fmt" | ||
"strings" | ||
|
||
"github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" | ||
"github.com/kubescape/k8s-interface/workloadinterface" | ||
|
||
core1 "k8s.io/api/core/v1" | ||
) | ||
|
||
// GenerateInstanceID generates instance ID from workload | ||
func GenerateInstanceID(w workloadinterface.IWorkload) ([]InstanceID, error) { | ||
if w.GetKind() != "Pod" { | ||
return nil, fmt.Errorf("CreateInstanceID: workload kind must be Pod for create instance ID") | ||
} | ||
|
||
ownerReferences, err := w.GetOwnerReferences() | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
containers, err := w.GetContainers() | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return listInstanceIDs(ownerReferences, containers, w.GetApiVersion(), w.GetNamespace(), w.GetKind(), w.GetName()) | ||
} | ||
|
||
// GenerateInstanceIDFromPod generates instance ID from pod | ||
func GenerateInstanceIDFromPod(pod *core1.Pod) ([]InstanceID, error) { | ||
return listInstanceIDs(pod.GetOwnerReferences(), pod.Spec.Containers, pod.APIVersion, pod.GetNamespace(), pod.Kind, pod.GetName()) | ||
} | ||
|
||
// GenerateInstanceIDFromString generates instance ID from string | ||
// The string format is: apiVersion-<apiVersion>/namespace-<namespace>/kind-<kind>/name-<name>/containerName-<containerName> | ||
func GenerateInstanceIDFromString(input string) (*InstanceID, error) { | ||
|
||
instanceID := &InstanceID{} | ||
|
||
// Split the input string by the field separator "/" | ||
fields := strings.Split(input, helpers.StringFormatSeparator) | ||
if len(fields) != 5 && len(fields) != 6 { | ||
return nil, fmt.Errorf("invalid format: %s", input) | ||
} | ||
|
||
i := 0 | ||
instanceID.apiVersion = strings.TrimPrefix(fields[0], helpers.PrefixApiVersion) | ||
|
||
// if the apiVersion has a group, e.g. apps/v1 | ||
if len(fields) == 6 { | ||
instanceID.apiVersion += helpers.StringFormatSeparator + fields[1] | ||
i += 1 | ||
} | ||
|
||
instanceID.namespace = strings.TrimPrefix(fields[1+i], helpers.PrefixNamespace) | ||
instanceID.kind = strings.TrimPrefix(fields[2+i], helpers.PrefixKind) | ||
instanceID.name = strings.TrimPrefix(fields[3+i], helpers.PrefixName) | ||
instanceID.containerName = strings.TrimPrefix(fields[4+i], prefixContainer) | ||
|
||
if err := validateInstanceID(instanceID); err != nil { | ||
return nil, err | ||
} | ||
|
||
// Check if the input string is valid | ||
if instanceID.GetStringFormatted() != input { | ||
return nil, fmt.Errorf("invalid format: %s", input) | ||
} | ||
|
||
return instanceID, nil | ||
} |
135 changes: 135 additions & 0 deletions
135
instanceidhandler/v1/containerinstance/initializers_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,135 @@ | ||
package containerinstance | ||
|
||
import ( | ||
"encoding/json" | ||
"reflect" | ||
"testing" | ||
|
||
"github.com/kubescape/k8s-interface/instanceidhandler" | ||
"github.com/kubescape/k8s-interface/workloadinterface" | ||
"github.com/stretchr/testify/assert" | ||
core1 "k8s.io/api/core/v1" | ||
) | ||
|
||
// Test_InitInstanceID tests the instance id initialization | ||
func TestInitInstanceID(t *testing.T) { | ||
wp, err := workloadinterface.NewWorkload([]byte(mockPod)) | ||
if err != nil { | ||
t.Fatalf(err.Error()) | ||
} | ||
insFromWorkload, err := GenerateInstanceID(wp) | ||
if err != nil { | ||
t.Fatalf("can't create instance ID from pod") | ||
} | ||
|
||
p := &core1.Pod{} | ||
if err := json.Unmarshal([]byte(mockPod), p); err != nil { | ||
t.Fatalf(err.Error()) | ||
} | ||
insFromPod, err := GenerateInstanceIDFromPod(p) | ||
if err != nil { | ||
t.Fatalf("can't create instance ID from pod") | ||
} | ||
|
||
assert.NotEqual(t, 0, len(insFromWorkload)) | ||
assert.Equal(t, len(insFromWorkload), len(insFromPod)) | ||
|
||
for i := range insFromWorkload { | ||
compare(t, &insFromWorkload[i], &insFromPod[i]) | ||
} | ||
|
||
insFromString, err := GenerateInstanceIDFromString("apiVersion-v1/namespace-default/kind-Pod/name-nginx/containerName-nginx") //insFromWorkload[0].GetStringFormatted()) | ||
if err != nil { | ||
t.Fatalf("can't create instance ID from string: %s, error: %s", insFromWorkload[0].GetStringFormatted(), err.Error()) | ||
} | ||
compare(t, &insFromWorkload[0], insFromString) | ||
|
||
} | ||
|
||
func compare(t *testing.T, a, b instanceidhandler.IInstanceID) { | ||
assert.Equal(t, a.GetHashed(), b.GetHashed()) | ||
assert.Equal(t, a.GetStringFormatted(), b.GetStringFormatted()) | ||
|
||
assert.Equal(t, a.GetAPIVersion(), b.GetAPIVersion()) | ||
assert.Equal(t, a.GetNamespace(), b.GetNamespace()) | ||
assert.Equal(t, a.GetKind(), b.GetKind()) | ||
assert.Equal(t, a.GetName(), b.GetName()) | ||
assert.Equal(t, a.GetContainerName(), b.GetContainerName()) | ||
} | ||
|
||
func TestGenerateInstanceIDFromString(t *testing.T) { | ||
type args struct { | ||
input string | ||
} | ||
tests := []struct { | ||
name string | ||
args args | ||
want *InstanceID | ||
wantErr bool | ||
}{ | ||
{ | ||
name: "empty input", | ||
args: args{ | ||
input: "", | ||
}, | ||
want: nil, | ||
wantErr: true, | ||
}, | ||
{ | ||
name: "invalid input", | ||
args: args{ | ||
input: "apiVersion-v1/namespace-default/kind-Pod/name-nginx/containerMeme-nginx", | ||
}, | ||
want: nil, | ||
wantErr: true, | ||
}, | ||
{ | ||
name: "invalid input", | ||
args: args{ | ||
input: "apiVersion-v1/namespace-default/kind-Pod/name-n/ginx/containerMeme-n/ginx", | ||
}, | ||
want: nil, | ||
wantErr: true, | ||
}, | ||
{ | ||
name: "valid input - Pod", | ||
args: args{ | ||
input: "apiVersion-v1/namespace-default/kind-Pod/name-nginx/containerName-nginx", | ||
}, | ||
want: &InstanceID{ | ||
apiVersion: "v1", | ||
namespace: "default", | ||
kind: "Pod", | ||
name: "nginx", | ||
containerName: "nginx", | ||
}, | ||
wantErr: false, | ||
}, | ||
{ | ||
name: "valid input - ReplicaSet", | ||
args: args{ | ||
input: "apiVersion-apps/v1/namespace-default/kind-ReplicaSet/name-nginx-1234/containerName-nginx", | ||
}, | ||
want: &InstanceID{ | ||
apiVersion: "apps/v1", | ||
namespace: "default", | ||
kind: "ReplicaSet", | ||
name: "nginx-1234", | ||
containerName: "nginx", | ||
}, | ||
wantErr: false, | ||
}, | ||
} | ||
for _, tt := range tests { | ||
t.Run(tt.name, func(t *testing.T) { | ||
got, err := GenerateInstanceIDFromString(tt.args.input) | ||
if (err != nil) != tt.wantErr { | ||
t.Errorf("GenerateInstanceIDFromString() error = %v, wantErr %v", err, tt.wantErr) | ||
return | ||
} | ||
if got != nil && !reflect.DeepEqual(got, tt.want) { | ||
t.Errorf("GenerateInstanceIDFromString() = %v, want %v", got, tt.want) | ||
} | ||
}) | ||
} | ||
} |
Oops, something went wrong.