Store summary cr objects (#142)

* store workload name in the summary object Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * change error Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * get name from instance id Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * should return err Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add to test desired input Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * change the summary object name Signed-off-by: rcohencyberarmor <rcohen@armosec.io> --------- Signed-off-by: rcohencyberarmor <rcohen@armosec.io> Co-authored-by: rcohencyberarmor <rcohen@armosec.io>
kubescape · Aug 17, 2023 · f064d25 · f064d25
1 parent de8de4d
commit f064d25
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 21 deletions.
diff --git a/repositories/apiserver.go b/repositories/apiserver.go
@@ -2,6 +2,7 @@ package repositories
 
 import (
 	"context"
+	"fmt"
 	"strconv"
 	"time"
 
@@ -26,6 +27,7 @@ import (
 
 const (
 	vulnerabilityManifestSummaryKindPlural string = "vulnerabilitymanifests"
+	vulnSummaryContNameFormat              string = "%s-%s-%s" // "<kind>-<name>-<container-name>"
 )
 
 // APIServerStore implements both CVERepository and SBOMRepository with in-cluster storage (apiserver) to be used for production
@@ -309,16 +311,16 @@ func enrichSummaryManifestObjectLabels(ctx context.Context, labels map[string]st
 	return enrichedLabels, nil
 }
 
-func getCVESummaryK8sResourceName(ctx context.Context) (string, error) {
+func GetCVESummaryK8sResourceName(ctx context.Context) (string, error) {
 	workload, ok := ctx.Value(domain.WorkloadKey{}).(domain.ScanCommand)
 	if !ok {
 		return "", domain.ErrCastingWorkload
 	}
-	instanceID, err := instanceidhandler.GenerateInstanceIDFromString(workload.InstanceID)
-	if err != nil {
-		return "", err
-	}
-	return instanceID.GetSlug()
+	kind := wlid.GetKindFromWlid(workload.Wlid)
+	name := wlid.GetNameFromWlid(workload.Wlid)
+	contName := workload.ContainerName
+
+	return fmt.Sprintf(vulnSummaryContNameFormat, kind, name, contName), nil
 }
 
 func (a *APIServerStore) storeCVESummary(ctx context.Context, cve domain.CVEManifest, withRelevancy bool) error {
@@ -339,7 +341,7 @@ func (a *APIServerStore) storeCVESummary(ctx context.Context, cve domain.CVEMani
 	if err != nil {
 		return err
 	}
-	summaryK8sResourceName, err := getCVESummaryK8sResourceName(ctx)
+	summaryK8sResourceName, err := GetCVESummaryK8sResourceName(ctx)
 	if err != nil {
 		return err
 	}

diff --git a/repositories/apiserver_test.go b/repositories/apiserver_test.go
@@ -596,39 +596,45 @@ func TestAPIServerStore_getCVESummaryK8sResourceName(t *testing.T) {
 	}{
 		{
 			workload: domain.ScanCommand{
-				InstanceID: "apiVersion-apps/v1/namespace-default/kind-ReplicaSet/name-nginx-77b4fdf86c/containerName-nginx",
+				Wlid:          "wlid://cluster-aaa/deployment-default/deployment-nginx",
+				ContainerName: "nginx",
 			},
-			expRes: "default-replicaset-nginx-77b4fdf86c-6e03-a89e",
+			expRes: "Deployment-nginx-nginx",
 		},
 		{
 			workload: domain.ScanCommand{
-				InstanceID: "apiVersion-apps/v1/namespace-kubescape/kind-ReplicaSet/name-otel-collector-76bb986488/containerName-otel-collector",
+				Wlid:          "wlid://cluster-aaa/deployment-default/deployment-nginx",
+				ContainerName: "nginx",
 			},
-			expRes: "kubescape-replicaset-otel-collector-76bb986488-6d83-cca3",
+			expRes: "Deployment-nginx-nginx",
 		},
 		{
 			workload: domain.ScanCommand{
-				InstanceID: "apiVersion-apps/v1/namespace-kubescape/kind-ReplicaSet/name-gateway-66967b649/containerName-gateway",
+				Wlid:          "wlid://cluster-aaa/deployment-kubescape/deployment-kubescape",
+				ContainerName: "kubescape",
 			},
-			expRes: "kubescape-replicaset-gateway-66967b649-495e-df93",
+			expRes: "Deployment-kubescape-kubescape",
 		},
 		{
 			workload: domain.ScanCommand{
-				InstanceID: "apiVersion-apps/v1/namespace-kubescape/kind-StatefulSet/name-kollector/containerName-kollector",
+				Wlid:          "wlid://cluster-aaa/namespace-kubescape/deployment-kubevuln",
+				ContainerName: "kubevuln",
 			},
-			expRes: "kubescape-statefulset-kollector-c1be-77d8",
+			expRes: "Deployment-kubevuln-kubevuln",
 		},
 		{
 			workload: domain.ScanCommand{
-				InstanceID: "apiVersion-apps/v1/namespace-kubescape/kind-ReplicaSet/name-kubescape-5d4bf4589c/containerName-kubescape",
+				Wlid:          "wlid://cluster-aaa/namespace-kubescape/deployment-operator",
+				ContainerName: "operator",
 			},
-			expRes: "kubescape-replicaset-kubescape-5d4bf4589c-7b8d-5074",
+			expRes: "Deployment-operator-operator",
 		},
 		{
 			workload: domain.ScanCommand{
-				InstanceID: "apiVersion-apps/v1/namespace-kubescape/kind-ReplicaSet/name-kubevuln-65bfbfdcdd/containerName-kubevuln",
+				Wlid:          "wlid://cluster-aaa/namespace-kube-system/pod-etcd-control-plane",
+				ContainerName: "etcd-control-plane",
 			},
-			expRes: "kubescape-replicaset-kubevuln-65bfbfdcdd-9730-b4bb",
+			expRes: "Pod-etcd-control-plane-etcd-control-plane",
 		},
 	}
 
@@ -643,14 +649,14 @@ func TestAPIServerStore_getCVESummaryK8sResourceName(t *testing.T) {
 
 	for i := range tests {
 		ctx := context.WithValue(context.Background(), domain.WorkloadKey{}, tests[i].workload)
-		name, err := getCVESummaryK8sResourceName(ctx)
+		name, err := GetCVESummaryK8sResourceName(ctx)
 		assert.Equal(t, err, nil)
 		assert.Equal(t, tests[i].expRes, name)
 	}
 
 	for i := range testsErrorCases {
 		ctx := context.WithValue(context.Background(), domain.WorkloadKey{}, testsErrorCases[i].notWorkload)
-		name, err := getCVESummaryK8sResourceName(ctx)
+		name, err := GetCVESummaryK8sResourceName(ctx)
 		assert.NotEqual(t, err, nil)
 		assert.Equal(t, err, testsErrorCases[i].err)
 		assert.Equal(t, name, "")