change labels and annotations

Signed-off-by: rcohen <rcohen@armosec.io>
kubescape · Mar 28, 2023 · 1a371ed · 1a371ed
1 parent 098f43f
commit 1a371ed
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 16 deletions.
diff --git a/pkg/conthandler/container_main_handler.go b/pkg/conthandler/container_main_handler.go
@@ -193,7 +193,7 @@ func (ch *ContainerHandler) handleContainerRunningEvent(contEvent v1.ContainerEv
 		containerAggregator: CreateAggregator(getShortContainerID(contEvent.GetContainerID())),
 		snifferTicker:       createTicker(),
 		event:               contEvent,
-		sbomClient:          sbom.CreateSBOMStorageClient(ch.storageClient, contEvent.GetInstanceID()),
+		sbomClient:          sbom.CreateSBOMStorageClient(ch.storageClient, contEvent.GetK8SWorkloadID(), contEvent.GetImageID(), contEvent.GetInstanceID()),
 		syncChannel: map[string]chan error{
 			StepGetSBOM:         make(chan error, 10),
 			StepEventAggregator: make(chan error, 10),

diff --git a/pkg/sbom/sbom.go b/pkg/sbom/sbom.go
@@ -16,6 +16,8 @@ type SBOMStructure struct {
 	storageClient SBOMStorageClient
 	SBOMData      SBOMFormat
 	firstReport   bool
+	imageID       string
+	wlid          string
 	instanceID    instanceidhandler.IInstanceID
 }
 
@@ -30,14 +32,16 @@ func init() {
 	errorsOfSBOM[DataAlreadyExist] = errors.New(DataAlreadyExist)
 }
 
-func CreateSBOMStorageClient(sc storageclient.StorageClient, instanceID instanceidhandler.IInstanceID) *SBOMStructure {
+func CreateSBOMStorageClient(sc storageclient.StorageClient, wlid, imageID string, instanceID instanceidhandler.IInstanceID) *SBOMStructure {
 	return &SBOMStructure{
 		storageClient: SBOMStorageClient{
 			client: sc,
 		},
 		SBOMData:    v1.CreateSBOMDataSPDXVersionV040(),
 		firstReport: true,
 		instanceID:  instanceID,
+		wlid:        wlid,
+		imageID:     imageID,
 	}
 }
 
@@ -64,7 +68,7 @@ func (sc *SBOMStructure) FilterSBOM(sbomFileRelevantMap map[string]bool) error {
 func (sc *SBOMStructure) StoreFilterSBOM(instanceID string) error {
 	if sc.firstReport || sc.SBOMData.IsNewRelevantSBOMDataExist() {
 		sc.SBOMData.StoreFilteredSBOMName(instanceID)
-		sc.SBOMData.StoreMetadata(sc.instanceID)
+		sc.SBOMData.StoreMetadata(sc.wlid, sc.imageID, sc.instanceID)
 		data := sc.SBOMData.GetFilterSBOMData()
 		err := sc.storageClient.client.PostData(instanceID, data)
 		if err != nil {

diff --git a/pkg/sbom/sbom_format_interface.go b/pkg/sbom/sbom_format_interface.go
@@ -10,5 +10,5 @@ type SBOMFormat interface {
 	IsSBOMAlreadyExist() bool
 	AddResourceVersionIfNeeded(string)
 	StoreFilteredSBOMName(string)
-	StoreMetadata(instanceID instanceidhandler.IInstanceID)
+	StoreMetadata(wlidData, imageID string, instanceID instanceidhandler.IInstanceID)
 }
diff --git a/pkg/sbom/sbom_test.go b/pkg/sbom/sbom_test.go
@@ -12,7 +12,7 @@ const (
 )
 
 func TestGetSBOM(t *testing.T) {
-	SBOMClient := CreateSBOMStorageClient(storageclient.CreateSBOMStorageHttpClientMock(), &instanceidhandler.InstanceID{})
+	SBOMClient := CreateSBOMStorageClient(storageclient.CreateSBOMStorageHttpClientMock(), "", "", &instanceidhandler.InstanceID{})
 	err := SBOMClient.GetSBOM(storageclient.NGINX)
 	if err != nil {
 		t.Fatalf("fail to get sbom")
@@ -21,7 +21,7 @@ func TestGetSBOM(t *testing.T) {
 }
 
 func TestFilterSBOM(t *testing.T) {
-	SBOMClient := CreateSBOMStorageClient(storageclient.CreateSBOMStorageHttpClientMock(), &instanceidhandler.InstanceID{})
+	SBOMClient := CreateSBOMStorageClient(storageclient.CreateSBOMStorageHttpClientMock(), "", "", &instanceidhandler.InstanceID{})
 	err := SBOMClient.GetSBOM(storageclient.NGINX)
 	if err != nil {
 		t.Fatalf("fail to get sbom")
@@ -36,7 +36,7 @@ func TestFilterSBOM(t *testing.T) {
 }
 
 func TestStoreFilterSBOM(t *testing.T) {
-	SBOMClient := CreateSBOMStorageClient(storageclient.CreateSBOMStorageHttpClientMock(), &instanceidhandler.InstanceID{})
+	SBOMClient := CreateSBOMStorageClient(storageclient.CreateSBOMStorageHttpClientMock(), "", "", &instanceidhandler.InstanceID{})
 	err := SBOMClient.GetSBOM(storageclient.NGINX)
 	if err != nil {
 		t.Fatalf("fail to get sbom")
@@ -55,7 +55,7 @@ func TestStoreFilterSBOM(t *testing.T) {
 }
 
 func TestStoreFilterSBOMFailure(t *testing.T) {
-	SBOMClient := CreateSBOMStorageClient(storageclient.CreateStorageHttpClientFailureMock(), &instanceidhandler.InstanceID{})
+	SBOMClient := CreateSBOMStorageClient(storageclient.CreateStorageHttpClientFailureMock(), "", "", &instanceidhandler.InstanceID{})
 	err := SBOMClient.GetSBOM(storageclient.NGINX)
 	if err != nil {
 		t.Fatalf("fail to get sbom")

diff --git a/pkg/sbom/v1/sbom_spdx_storage_format.go b/pkg/sbom/v1/sbom_spdx_storage_format.go
@@ -4,19 +4,30 @@ import (
 	"fmt"
 	"sync"
 
+	"github.com/armosec/utils-k8s-go/wlid"
+	"github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
 	instanceidhandler "github.com/kubescape/k8s-interface/instanceidhandler"
 	spdxv1beta1 "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/validation"
 )
 
 const (
 	// CreatorType should be one of "Person", "Organization", or "Tool"
-	Organization              = "Organization"
-	Tool                      = "Tool"
-	Person                    = "Person"
-	KubescapeOrganizationName = "Kubescape"
-	KubescapeNodeAgentName    = "KubescapeNodeAgent"
-	RelationshipContainType   = "CONTAINS"
+	labelPrefix                 = "kubescape.io"
+	Organization                = "Organization"
+	Tool                        = "Tool"
+	Person                      = "Person"
+	KubescapeOrganizationName   = "Kubescape"
+	KubescapeNodeAgentName      = "KubescapeNodeAgent"
+	RelationshipContainType     = "CONTAINS"
+	namespaceLabelKey           = "/workload-namespace"
+	kindLabelKey                = "/workload-kind"
+	nameLabelKey                = "/workload-name"
+	containerNameLabelKey       = "/workload-conatienr-name"
+	imageIDKeyForAnnotations    = "imageID"
+	instanceIDKeyForAnnotations = "instanceID"
 )
 
 type SBOMData struct {
@@ -128,14 +139,38 @@ func (sbom *SBOMData) StoreFilteredSBOMName(name string) {
 	sbom.filteredSpdxData.ObjectMeta.SetName(name)
 }
 
-func (sbom *SBOMData) StoreMetadata(instanceID instanceidhandler.IInstanceID) {
-	labels := instanceID.GetLabels()
+func (sbom *SBOMData) StoreMetadata(wlidData string, imageID string, instanceID instanceidhandler.IInstanceID) {
+	labels := map[string]string{
+		namespaceLabelKey:     wlid.GetNamespaceFromWlid(wlidData),
+		kindLabelKey:          wlid.GetKindFromWlid(wlidData),
+		nameLabelKey:          wlid.GetNameFromWlid(wlidData),
+		containerNameLabelKey: instanceID.GetContainerName(),
+	}
 	for i := range labels {
 		if labels[i] == "" {
 			delete(labels, i)
+		} else {
+			errs := validation.IsValidLabelValue(labels[i])
+			if len(errs) != 0 {
+				logger.L().Debug("label is not valid", helpers.String("label", labels[i]))
+				for j := range errs {
+					logger.L().Debug("label err description", helpers.String("Err: ", errs[j]))
+				}
+				delete(labels, i)
+			}
 		}
 	}
 	sbom.filteredSpdxData.ObjectMeta.SetLabels(labels)
+
+	annotations := make(map[string]string)
+	if imageID != "" {
+		annotations[imageIDKeyForAnnotations] = imageID
+	}
+	instanceIDString := instanceID.GetStringFormatted()
+	if instanceIDString != "" {
+		annotations[instanceIDKeyForAnnotations] = instanceIDString
+	}
+	sbom.filteredSpdxData.ObjectMeta.SetAnnotations(annotations)
 }
 
 func (sc *SBOMData) AddResourceVersionIfNeeded(resourceVersion string) {