/
operatorscaninfo.go
107 lines (92 loc) · 2.68 KB
/
operatorscaninfo.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package cautils
import (
"errors"
"github.com/armosec/armoapi-go/apis"
"github.com/armosec/utils-k8s-go/wlid"
apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
utilsmetav1 "github.com/kubescape/opa-utils/httpserver/meta/v1"
)
type OperatorSubCommand string
const (
ScanCommand OperatorSubCommand = "scan"
ScanConfigCommand OperatorSubCommand = "config"
ScanVulnerabilitiesCommand OperatorSubCommand = "vulnerabilities"
KubescapeScanV1 string = "scanV1"
)
type VulnerabilitiesScanInfo struct {
IncludeNamespaces []string
ClusterName string
}
type ConfigScanInfo struct {
ExcludedNamespaces []string
IncludedNamespaces []string
HostScanner bool
Frameworks []string // Load frameworks for config scan
}
type OperatorInfo struct {
Subcommands []OperatorSubCommand
OperatorScanInfo
}
type OperatorConnector interface {
StartPortForwarder() error
StopPortForwarder()
GetPortForwardLocalhost() string
}
type OperatorScanInfo interface {
GetRequestPayload() *apis.Commands
ValidatePayload(*apis.Commands) error
}
func (v *VulnerabilitiesScanInfo) ValidatePayload(commands *apis.Commands) error {
return nil
}
func (v *VulnerabilitiesScanInfo) GetRequestPayload() *apis.Commands {
var commands []apis.Command
clusterName := v.ClusterName
if len(v.IncludeNamespaces) == 0 {
wildWlid := wlid.GetWLID(clusterName, "", "", "")
command := apis.Command{
CommandName: apis.TypeScanImages,
WildWlid: wildWlid,
}
commands = append(commands, command)
} else {
for i := range v.IncludeNamespaces {
wildWlid := wlid.GetWLID(clusterName, v.IncludeNamespaces[i], "", "")
command := apis.Command{
CommandName: apis.TypeScanImages,
WildWlid: wildWlid,
}
commands = append(commands, command)
}
}
return &apis.Commands{
Commands: commands,
}
}
func (c *ConfigScanInfo) ValidatePayload(commands *apis.Commands) error {
if len(c.IncludedNamespaces) != 0 && len(c.ExcludedNamespaces) != 0 {
return errors.New("invalid arguments: include-namespaces and exclude-namespaces can't pass together to the CLI")
}
return nil
}
func (c *ConfigScanInfo) GetRequestPayload() *apis.Commands {
if len(c.Frameworks) == 0 {
c.Frameworks = append(c.Frameworks, "all")
}
return &apis.Commands{
Commands: []apis.Command{
{
CommandName: apis.TypeRunKubescape,
Args: map[string]interface{}{
KubescapeScanV1: utilsmetav1.PostScanRequest{
ExcludedNamespaces: c.ExcludedNamespaces,
IncludeNamespaces: c.IncludedNamespaces,
TargetType: apisv1.KindFramework,
TargetNames: c.Frameworks,
HostScanner: &c.HostScanner,
},
},
},
},
}
}