diff --git a/artifacts/networkneighborhood/01-example.yaml b/artifacts/networkneighborhood/01-example.yaml index 9f256bee4..0e51dafc0 100644 --- a/artifacts/networkneighborhood/01-example.yaml +++ b/artifacts/networkneighborhood/01-example.yaml @@ -3,7 +3,7 @@ kind: NetworkNeighborhood metadata: name: deployment-nginx annotations: - status: incomplete + kubescape.io/status: ready labels: "kubescape.io/workload-api-group": "apps" "kubescape.io/workload-api-version": "v1" diff --git a/pkg/apis/softwarecomposition/networkpolicy/v2/networkpolicy.go b/pkg/apis/softwarecomposition/networkpolicy/v2/networkpolicy.go index 6acaa3b67..9c0ae883c 100644 --- a/pkg/apis/softwarecomposition/networkpolicy/v2/networkpolicy.go +++ b/pkg/apis/softwarecomposition/networkpolicy/v2/networkpolicy.go @@ -20,10 +20,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -const ( - storageV1ApiVersion = "spdx.softwarecomposition.kubescape.io" -) - func GenerateNetworkPolicy(nn *softwarecomposition.NetworkNeighborhood, knownServers softwarecomposition.IKnownServersFinder, timeProvider metav1.Time) (softwarecomposition.GeneratedNetworkPolicy, error) { if !IsAvailable(nn) { return softwarecomposition.GeneratedNetworkPolicy{}, fmt.Errorf("nn %s/%s status annotation is not ready nor completed", nn.Namespace, nn.Name) @@ -72,7 +68,7 @@ func GenerateNetworkPolicy(nn *softwarecomposition.NetworkNeighborhood, knownSer generatedNetworkPolicy := softwarecomposition.GeneratedNetworkPolicy{ TypeMeta: metav1.TypeMeta{ Kind: "GeneratedNetworkPolicy", - APIVersion: storageV1ApiVersion, + APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: nn.Name, diff --git a/pkg/registry/file/configurationscansummarystorage.go b/pkg/registry/file/configurationscansummarystorage.go index 4d4f9c06f..43cc519d2 100644 --- a/pkg/registry/file/configurationscansummarystorage.go +++ b/pkg/registry/file/configurationscansummarystorage.go @@ -33,7 +33,7 @@ func NewConfigurationScanSummaryStorage(realStore StorageQuerier) storage.Interf } // Get generates and returns a single ConfigurationScanSummary object for a namespace -func (s *ConfigurationScanSummaryStorage) Get(ctx context.Context, key string, opts storage.GetOptions, objPtr runtime.Object) error { +func (s *ConfigurationScanSummaryStorage) Get(ctx context.Context, key string, _ storage.GetOptions, objPtr runtime.Object) error { ctx, span := otel.Tracer("").Start(ctx, "ConfigurationScanSummaryStorage.Get") span.SetAttributes(attribute.String("key", key)) defer span.End() @@ -79,11 +79,11 @@ func (s *ConfigurationScanSummaryStorage) GetList(ctx context.Context, key strin workloadScanSummaryListObjPtr := &softwarecomposition.WorkloadConfigurationScanSummaryList{} // ask for all workloadconfigurationscansummaries in the cluster - if err := s.realStore.GetByCluster(ctx, v1beta1.GroupName, workloadConfigurationScanSummariesResource, workloadScanSummaryListObjPtr); err != nil { + if err := s.realStore.GetList(ctx, "/spdx.softwarecomposition.kubescape.io/"+workloadConfigurationScanSummariesResource, storage.ListOptions{}, workloadScanSummaryListObjPtr); err != nil { return err } - // generate a single configurationScanSummary for the cluster, with an configuration scan summary for each namespace + // generate a single configurationScanSummary for the cluster, with a configuration scan summary for each namespace nsSummaries := buildConfigurationScanSummaryForCluster(*workloadScanSummaryListObjPtr) data, err := json.Marshal(nsSummaries) @@ -103,7 +103,7 @@ func (s *ConfigurationScanSummaryStorage) GetList(ctx context.Context, key strin // buildConfigurationScanSummaryForCluster generates a configuration scan summary list for the cluster, where each item is a configuration scan summary for a namespace func buildConfigurationScanSummaryForCluster(list softwarecomposition.WorkloadConfigurationScanSummaryList) softwarecomposition.ConfigurationScanSummaryList { - // build an map of namespace to workload configuration scan summaries + // build a map of namespace to workload configuration scan summaries perNS := map[string][]softwarecomposition.WorkloadConfigurationScanSummary{} for _, s := range list.Items { perNS[s.Namespace] = append(perNS[s.Namespace], s) diff --git a/pkg/registry/file/generatednetworkpolicy.go b/pkg/registry/file/generatednetworkpolicy.go index b80e1dfc1..420c5c064 100644 --- a/pkg/registry/file/generatednetworkpolicy.go +++ b/pkg/registry/file/generatednetworkpolicy.go @@ -4,7 +4,6 @@ import ( "context" "encoding/json" "fmt" - "github.com/kubescape/go-logger" "github.com/kubescape/go-logger/helpers" "github.com/kubescape/storage/pkg/apis/softwarecomposition" @@ -77,37 +76,35 @@ func (s *GeneratedNetworkPolicyStorage) Get(ctx context.Context, key string, opt // GetList generates and returns a list of GeneratedNetworkPolicy objects for the given namespace func (s *GeneratedNetworkPolicyStorage) GetList(ctx context.Context, key string, _ storage.ListOptions, listObj runtime.Object) error { - // get all network neighborhood on namespace - networkNeighborhoodObjListPtr := &softwarecomposition.NetworkNeighborhoodList{} - generatedNetworkPolicyList := &softwarecomposition.GeneratedNetworkPolicyList{ TypeMeta: metav1.TypeMeta{ APIVersion: StorageV1Beta1ApiVersion, }, } - namespace := getNamespaceFromKey(key) - - if err := s.realStore.GetByNamespace(ctx, softwarecomposition.GroupName, networkNeighborhoodResource, namespace, networkNeighborhoodObjListPtr); err != nil { - return err - } - - knownServersListObjPtr := &softwarecomposition.KnownServerList{} - if err := s.realStore.GetByCluster(ctx, softwarecomposition.GroupName, knownServersResource, knownServersListObjPtr); err != nil { + // get all network neighborhood on namespace + networkNeighborhoodObjListPtr := &softwarecomposition.NetworkNeighborhoodList{} + if err := s.realStore.GetList(ctx, replaceKeyForKind(key, networkNeighborhoodResource), storage.ListOptions{}, networkNeighborhoodObjListPtr); err != nil { return err } - for _, networkNeighborhood := range networkNeighborhoodObjListPtr.Items { - if !networkpolicy.IsAvailable(&networkNeighborhood) { + for _, nn := range networkNeighborhoodObjListPtr.Items { + if !networkpolicy.IsAvailable(&nn) { continue } - generatedNetworkPolicy, err := networkpolicy.GenerateNetworkPolicy(&networkNeighborhood, softwarecomposition.NewKnownServersFinderImpl(knownServersListObjPtr.Items), metav1.Now()) - if err != nil { - return fmt.Errorf("error generating network policy: %w", err) - } - - generatedNetworkPolicyList.Items = append(generatedNetworkPolicyList.Items, generatedNetworkPolicy) - + generatedNetworkPolicyList.Items = append(generatedNetworkPolicyList.Items, softwarecomposition.GeneratedNetworkPolicy{ + TypeMeta: metav1.TypeMeta{ + Kind: "GeneratedNetworkPolicy", + APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: nn.Name, + Namespace: nn.Namespace, + Labels: nn.Labels, + CreationTimestamp: metav1.Now(), + }, + PoliciesRef: []softwarecomposition.PolicyRef{}, + }) } data, err := json.Marshal(generatedNetworkPolicyList) diff --git a/pkg/registry/file/generatednetworkpolicy_test.go b/pkg/registry/file/generatednetworkpolicy_test.go index 7b066dc08..6f99fd2dd 100644 --- a/pkg/registry/file/generatednetworkpolicy_test.go +++ b/pkg/registry/file/generatednetworkpolicy_test.go @@ -49,7 +49,7 @@ func TestGeneratedNetworkPolicyStorage_Get(t *testing.T) { want: &softwarecomposition.GeneratedNetworkPolicy{ TypeMeta: v1.TypeMeta{ Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", + APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", }, ObjectMeta: v1.ObjectMeta{ Name: "toto", @@ -98,7 +98,7 @@ func TestGeneratedNetworkPolicyStorage_Get(t *testing.T) { want: &softwarecomposition.GeneratedNetworkPolicy{ TypeMeta: v1.TypeMeta{ Kind: "GeneratedNetworkPolicy", - APIVersion: "spdx.softwarecomposition.kubescape.io", + APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", }, ObjectMeta: v1.ObjectMeta{ Name: "toto", @@ -151,7 +151,7 @@ func TestGeneratedNetworkPolicyStorage_Get(t *testing.T) { wlObj := &softwarecomposition.NetworkNeighborhood{ TypeMeta: v1.TypeMeta{ Kind: "NetworkNeighborhood", - APIVersion: "spdx.softwarecomposition.kubescape.io", + APIVersion: "spdx.softwarecomposition.kubescape.io/v1beta1", }, ObjectMeta: v1.ObjectMeta{ Name: "toto", diff --git a/pkg/registry/file/vulnerabilitysummarystorage.go b/pkg/registry/file/vulnerabilitysummarystorage.go index 366686088..b6eb63b13 100644 --- a/pkg/registry/file/vulnerabilitysummarystorage.go +++ b/pkg/registry/file/vulnerabilitysummarystorage.go @@ -54,7 +54,7 @@ func buildVulnerabilityScanSummary(vulnerabilityManifestSummaryList softwarecomp // buildConfigurationScanSummaryForCluster generates a vulnerability summary list for the cluster, where each item is a vulnerability summary for a namespace func buildVulnerabilitySummaryForCluster(vulnerabilityManifestSummaryList softwarecomposition.VulnerabilityManifestSummaryList) softwarecomposition.VulnerabilitySummaryList { - // build an map of namespace to workload vulnerability summaries + // build a map of namespace to workload vulnerability summaries mapNamespaceToSummaries := make(map[string][]softwarecomposition.VulnerabilityManifestSummary) for _, vlSummary := range vulnerabilityManifestSummaryList.Items { @@ -90,7 +90,7 @@ func buildVulnerabilitySummaryForCluster(vulnerabilityManifestSummaryList softwa return vulnerabilitySummaryList } -func (s *VulnerabilitySummaryStorage) Get(ctx context.Context, key string, opts storage.GetOptions, objPtr runtime.Object) error { +func (s *VulnerabilitySummaryStorage) Get(ctx context.Context, key string, _ storage.GetOptions, objPtr runtime.Object) error { ctx, span := otel.Tracer("").Start(ctx, "VulnerabilitySummaryStorage.Get") span.SetAttributes(attribute.String("key", key)) defer span.End() @@ -135,11 +135,11 @@ func (s *VulnerabilitySummaryStorage) GetList(ctx context.Context, key string, _ vulnerabilityManifestSummaryListObjPtr := &softwarecomposition.VulnerabilityManifestSummaryList{} // ask for all vulnerabilitySummaries in the cluster - if err := s.realStore.GetByCluster(ctx, v1beta1.GroupName, vulnerabilitySummariesResource, vulnerabilityManifestSummaryListObjPtr); err != nil { + if err := s.realStore.GetList(ctx, "/spdx.softwarecomposition.kubescape.io/"+vulnerabilitySummariesResource, storage.ListOptions{}, vulnerabilityManifestSummaryListObjPtr); err != nil { return err } - // generate a single vulnerabilitySummary for the cluster, with an vulnerability summary for each namespace + // generate a single vulnerabilitySummary for the cluster, with a vulnerability summary for each namespace nsSummaries := buildVulnerabilitySummaryForCluster(*vulnerabilityManifestSummaryListObjPtr) data, err := json.Marshal(nsSummaries) diff --git a/pkg/registry/file/vulnerabilitysummarystorage_test.go b/pkg/registry/file/vulnerabilitysummarystorage_test.go index 25667b91c..8bf2b9aa8 100644 --- a/pkg/registry/file/vulnerabilitysummarystorage_test.go +++ b/pkg/registry/file/vulnerabilitysummarystorage_test.go @@ -186,12 +186,6 @@ func TestVulnSummaryStorageImpl_GetList(t *testing.T) { Name: "any", }, Spec: softwarecomposition.VulnerabilitySummarySpec{ - Severities: softwarecomposition.SeveritySummary{ - Negligible: softwarecomposition.VulnerabilityCounters{ - All: 1, - Relevant: 0, - }, - }, WorkloadVulnerabilitiesObj: []softwarecomposition.VulnerabilitiesObjScope{ { Name: "any", @@ -210,12 +204,6 @@ func TestVulnSummaryStorageImpl_GetList(t *testing.T) { Name: "many", }, Spec: softwarecomposition.VulnerabilitySummarySpec{ - Severities: softwarecomposition.SeveritySummary{ - Critical: softwarecomposition.VulnerabilityCounters{ - All: 1, - Relevant: 0, - }, - }, WorkloadVulnerabilitiesObj: []softwarecomposition.VulnerabilitiesObjScope{ { Kind: "vulnerabilitymanifestsummary",