go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/_motor/discovery/k8s/list_admission_reviews.go (about)

     1  // Copyright (c) Mondoo, Inc.
     2  // SPDX-License-Identifier: BUSL-1.1
     3  
     4  package k8s
     5  
     6  import (
     7  	"bytes"
     8  	"strings"
     9  
    10  	"github.com/pkg/errors"
    11  	"github.com/rs/zerolog/log"
    12  	"go.mondoo.com/cnquery/motor/asset"
    13  	"go.mondoo.com/cnquery/motor/providers"
    14  	"go.mondoo.com/cnquery/motor/providers/k8s"
    15  	"go.mondoo.com/cnquery/motor/providers/k8s/resources"
    16  	admissionv1 "k8s.io/api/admission/v1"
    17  	"k8s.io/apimachinery/pkg/api/meta"
    18  )
    19  
    20  // ListAdmissionReviews list all AdmissionReview resources in the manifest.
    21  func ListAdmissionReviews(
    22  	p k8s.KubernetesProvider,
    23  	connection *providers.Config,
    24  	clusterIdentifier string,
    25  	od *k8s.PlatformIdOwnershipDirectory,
    26  ) ([]*asset.Asset, error) {
    27  	admissionReviews, err := p.AdmissionReviews()
    28  	if err != nil {
    29  		return nil, errors.Wrap(err, "failed to list AdmissionReviews")
    30  	}
    31  
    32  	assets := []*asset.Asset{}
    33  	for i := range admissionReviews {
    34  		aReview := admissionReviews[i]
    35  
    36  		asset, err := assetFromAdmissionReview(aReview, p.Runtime(), connection, clusterIdentifier)
    37  		if err != nil {
    38  			return nil, errors.Wrap(err, "failed to create asset from admission review")
    39  		}
    40  
    41  		log.Debug().Str("connection", asset.Connections[0].Host).Msg("resolved AdmissionReview")
    42  
    43  		assets = append(assets, asset)
    44  	}
    45  
    46  	return assets, nil
    47  }
    48  
    49  func assetFromAdmissionReview(a admissionv1.AdmissionReview, runtime string, connection *providers.Config, clusterIdentifier string) (*asset.Asset, error) {
    50  	// Use the meta from the request object.
    51  	obj, err := resources.ResourcesFromManifest(bytes.NewReader(a.Request.Object.Raw))
    52  	if err != nil {
    53  		log.Error().Err(err).Msg("failed to parse object from admission review")
    54  		return nil, err
    55  	}
    56  	objMeta, err := meta.Accessor(obj[0])
    57  	if err != nil {
    58  		log.Error().Err(err).Msg("could not access object attributes")
    59  		return nil, err
    60  	}
    61  	objType, err := meta.TypeAccessor(&a)
    62  	if err != nil {
    63  		log.Error().Err(err).Msg("could not access object attributes")
    64  		return nil, err
    65  	}
    66  
    67  	objectKind := objType.GetKind()
    68  	platformData, err := createPlatformData(a.Kind, runtime)
    69  	if err != nil {
    70  		return nil, err
    71  	}
    72  	platformData.Version = objType.GetAPIVersion()
    73  	platformData.Build = objMeta.GetResourceVersion()
    74  	platformData.Labels = map[string]string{
    75  		"uid": string(objMeta.GetUID()),
    76  	}
    77  
    78  	assetLabels := objMeta.GetLabels()
    79  	if assetLabels == nil {
    80  		assetLabels = map[string]string{}
    81  	}
    82  	ns := objMeta.GetNamespace()
    83  	var name string
    84  	if ns != "" {
    85  		name = ns + "/" + objMeta.GetName()
    86  		platformData.Labels["namespace"] = ns
    87  	} else {
    88  		name = objMeta.GetName()
    89  	}
    90  
    91  	addMondooAssetLabels(assetLabels, objMeta, objType, clusterIdentifier)
    92  
    93  	asset := &asset.Asset{
    94  		PlatformIds: []string{k8s.NewPlatformWorkloadId(clusterIdentifier, strings.ToLower(objectKind), objMeta.GetNamespace(), objMeta.GetName(), string(objMeta.GetUID()))},
    95  		Name:        name,
    96  		Platform:    platformData,
    97  		Connections: []*providers.Config{connection},
    98  		State:       asset.State_STATE_ONLINE,
    99  		Labels:      assetLabels,
   100  	}
   101  
   102  	return asset, nil
   103  }