Skip to content

Commit f776978

Browse files
nyrahulnyrahul
authoredAug 9, 2022
Merge pull request accuknox#517 from wazir-ahmed/cilium-vm-2
Support for network policy discovery in VMs
2 parents 2d37ef9 + 1c3b1c6 commit f776978

File tree

10 files changed

+206
-28
lines changed

10 files changed

+206
-28
lines changed
 

‎src/cluster/clusterResourceHandler.go

+6-1
Original file line numberDiff line numberDiff line change
@@ -31,13 +31,18 @@ func GetPods(clusterName string) []types.Pod {
3131
}
3232

3333
func GetAllClusterResources(cluster string) ([]string, []types.Service, []types.Endpoint, []types.Pod, error) {
34-
if config.GetCfgClusterInfoFrom() == "k8sclient" { // get from k8s client api
34+
clusterMgmt := config.GetCfgClusterInfoFrom()
35+
36+
if clusterMgmt == "k8sclient" { // get from k8s client api
3537
namespaces := GetNamespacesFromK8sClient()
3638
services := GetServicesFromK8sClient()
3739
endpoints := GetEndpointsFromK8sClient()
3840
pods := GetPodsFromK8sClient()
3941

4042
return namespaces, services, endpoints, pods, nil
43+
} else if clusterMgmt == "kvmservice" {
44+
namespaces, pods := GetResourcesFromKvmService()
45+
return namespaces, nil, nil, pods, nil
4146
} else {
4247
clusterInstance := GetClusterFromClusterName(cluster)
4348
if clusterInstance.ClusterID == 0 { // cluster not onboarded

‎src/cluster/kvmServiceHandler.go

+58
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
package cluster
2+
3+
import (
4+
"encoding/json"
5+
"io/ioutil"
6+
"net/http"
7+
8+
"github.com/accuknox/auto-policy-discovery/src/config"
9+
"github.com/accuknox/auto-policy-discovery/src/libs"
10+
"github.com/accuknox/auto-policy-discovery/src/types"
11+
kt "github.com/kubearmor/KVMService/src/types"
12+
)
13+
14+
func GetResourcesFromKvmService() ([]string, []types.Pod) {
15+
var namespaces []string
16+
var pods []types.Pod
17+
18+
url := config.GetCfgClusterMgmtURL() + "/vmlist"
19+
20+
log.Info().Msgf("http request url: %s", url)
21+
resp, err := http.Get(url)
22+
if err != nil {
23+
log.Error().Msgf("http response error: %s", err.Error())
24+
return nil, nil
25+
}
26+
defer resp.Body.Close()
27+
28+
data, err := ioutil.ReadAll(resp.Body)
29+
if err != nil {
30+
log.Error().Msgf("http response error: %s", err.Error())
31+
return nil, nil
32+
}
33+
34+
var endpoints []kt.KVMSEndpoint
35+
36+
err = json.Unmarshal(data, &endpoints)
37+
if err != nil {
38+
log.Error().Msgf("json unmarshall error: %s", err.Error())
39+
return nil, nil
40+
}
41+
42+
for _, vm := range endpoints {
43+
// add `reserved:host` label to all VMs in the KVMS cluster
44+
newLabels := append(vm.Labels, "reserved:host")
45+
46+
pods = append(pods, types.Pod{
47+
Namespace: vm.Namespace,
48+
PodName: vm.VMName,
49+
Labels: newLabels,
50+
})
51+
52+
if !libs.ContainsElement(namespaces, vm.Namespace) {
53+
namespaces = append(namespaces, vm.Namespace)
54+
}
55+
}
56+
57+
return namespaces, pods
58+
}

‎src/feedconsumer/consumer.go

+8-4
Original file line numberDiff line numberDiff line change
@@ -188,12 +188,16 @@ func (cfc *KnoxFeedConsumer) processNetworkLogMessage(message []byte) error {
188188
return err
189189
}
190190

191-
clusterName := eventMap["cluster_name"]
191+
clusterName, exists := eventMap["cluster_name"]
192192

193193
clusterNameStr := ""
194-
if err := json.Unmarshal(clusterName, &clusterNameStr); err != nil {
195-
log.Error().Stack().Msg(err.Error())
196-
return err
194+
if !exists {
195+
clusterNameStr = "default"
196+
} else {
197+
if err := json.Unmarshal(clusterName, &clusterNameStr); err != nil {
198+
log.Error().Stack().Msg(err.Error())
199+
return err
200+
}
197201
}
198202

199203
flowEvent, exists := eventMap["flow"]

‎src/go.mod

+36-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,8 @@ require (
1414
github.com/confluentinc/confluent-kafka-go v1.6.1
1515
github.com/go-sql-driver/mysql v1.5.0
1616
github.com/golang/protobuf v1.5.2
17-
github.com/google/go-cmp v0.5.6
17+
github.com/google/go-cmp v0.5.8
18+
github.com/kubearmor/KVMService/src/types v0.0.0-20220714130113-b0eba8c9ff34
1819
github.com/kubearmor/KubeArmor/protobuf v0.0.0-20220504043216-6451e04be58b
1920
github.com/mattn/go-sqlite3 v1.14.12
2021
github.com/robfig/cron v1.2.0
@@ -32,28 +33,62 @@ require (
3233

3334
require (
3435
cloud.google.com/go v0.99.0 // indirect
36+
github.com/PuerkitoBio/purell v1.1.1 // indirect
37+
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
38+
github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d // indirect
39+
github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
40+
github.com/beorn7/perks v1.0.1 // indirect
41+
github.com/blang/semver/v4 v4.0.0 // indirect
42+
github.com/cespare/xxhash/v2 v2.1.2 // indirect
3543
github.com/davecgh/go-spew v1.1.1 // indirect
3644
github.com/fsnotify/fsnotify v1.5.1 // indirect
3745
github.com/go-logr/logr v1.2.0 // indirect
46+
github.com/go-ole/go-ole v1.2.4 // indirect
47+
github.com/go-openapi/analysis v0.19.16 // indirect
48+
github.com/go-openapi/errors v0.19.9 // indirect
49+
github.com/go-openapi/jsonpointer v0.19.5 // indirect
50+
github.com/go-openapi/jsonreference v0.19.5 // indirect
51+
github.com/go-openapi/loads v0.20.0 // indirect
52+
github.com/go-openapi/runtime v0.19.26 // indirect
53+
github.com/go-openapi/spec v0.20.3 // indirect
54+
github.com/go-openapi/strfmt v0.20.0 // indirect
55+
github.com/go-openapi/swag v0.19.14 // indirect
56+
github.com/go-openapi/validate v0.20.1 // indirect
57+
github.com/go-stack/stack v1.8.0 // indirect
3858
github.com/gogo/protobuf v1.3.2 // indirect
3959
github.com/google/gofuzz v1.2.0 // indirect
4060
github.com/googleapis/gnostic v0.5.5 // indirect
4161
github.com/hashicorp/hcl v1.0.0 // indirect
4262
github.com/imdario/mergo v0.3.12 // indirect
63+
github.com/josharian/intern v1.0.0 // indirect
4364
github.com/json-iterator/go v1.1.12 // indirect
4465
github.com/magiconair/properties v1.8.5 // indirect
66+
github.com/mailru/easyjson v0.7.6 // indirect
67+
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
68+
github.com/miekg/dns v1.1.41 // indirect
4569
github.com/mitchellh/mapstructure v1.4.3 // indirect
4670
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
4771
github.com/modern-go/reflect2 v1.0.2 // indirect
72+
github.com/opentracing/opentracing-go v1.2.0 // indirect
4873
github.com/pelletier/go-toml v1.9.4 // indirect
74+
github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect
4975
github.com/pmezard/go-difflib v1.0.0 // indirect
76+
github.com/prometheus/client_golang v1.9.0 // indirect
77+
github.com/prometheus/client_model v0.2.1-0.20200623203004-60555c9708c7 // indirect
78+
github.com/prometheus/common v0.15.0 // indirect
79+
github.com/prometheus/procfs v0.2.0 // indirect
80+
github.com/sasha-s/go-deadlock v0.2.1-0.20190427202633-1595213edefa // indirect
81+
github.com/shirou/gopsutil/v3 v3.21.2 // indirect
82+
github.com/sirupsen/logrus v1.7.0 // indirect
5083
github.com/spf13/afero v1.6.0 // indirect
5184
github.com/spf13/cast v1.4.1 // indirect
5285
github.com/spf13/jwalterweatherman v1.1.0 // indirect
5386
github.com/spf13/pflag v1.0.5 // indirect
5487
github.com/subosito/gotenv v1.2.0 // indirect
88+
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect
5589
golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect
5690
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
91+
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
5792
golang.org/x/sys v0.0.0-20211210111614-af8b64212486 // indirect
5893
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
5994
golang.org/x/text v0.3.7 // indirect

0 commit comments

Comments
 (0)
Please sign in to comment.