Merge pull request #104 from kubescape/resum

Revert some types from "remove summary objects"
kubescape · Mar 26, 2024 · d4a5e23 · d4a5e23
2 parents adf0ad7 + 6bd88c6
commit d4a5e23
Show file tree

Hide file tree

Showing 43 changed files with 4,491 additions and 598 deletions.
diff --git a/artifacts/configurationscansummaries/01-example.yaml b/artifacts/configurationscansummaries/01-example.yaml
@@ -0,0 +1,15 @@
+apiVersion: spdx.softwarecomposition.kubescape.io/v1beta1
+kind: WorkloadConfigurationScanSummary
+metadata:
+  name: workload-config-scan-1
+  namespace: default
+  labels:
+    app: workload-scanner
+spec:
+  severities:
+    critical: 2
+    high: 2
+    medium: 2
+    low: 2
+    unknown: 2
+  controls: {}
diff --git a/artifacts/configurationscansummaries/02-example.yaml b/artifacts/configurationscansummaries/02-example.yaml
@@ -0,0 +1,15 @@
+apiVersion: spdx.softwarecomposition.kubescape.io/v1beta1
+kind: WorkloadConfigurationScanSummary
+metadata:
+  name: workload-config-scan-2
+  namespace: default
+  labels:
+    app: workload-scanner
+spec:
+  severities:
+    critical: 5
+    high: 5
+    medium: 5
+    low: 5
+    unknown: 5
+  controls: {}
diff --git a/artifacts/configurationscansummaries/03-example.yaml b/artifacts/configurationscansummaries/03-example.yaml
@@ -0,0 +1,15 @@
+apiVersion: spdx.softwarecomposition.kubescape.io/v1beta1
+kind: WorkloadConfigurationScanSummary
+metadata:
+  name: workload-config-scan-3
+  namespace: wardle
+  labels:
+    app: workload-scanner
+spec:
+  severities:
+    critical: 5
+    high: 5
+    medium: 5
+    low: 5
+    unknown: 5
+  controls: {}
diff --git a/artifacts/configurationscansummaries/04-example.yaml b/artifacts/configurationscansummaries/04-example.yaml
@@ -0,0 +1,15 @@
+apiVersion: spdx.softwarecomposition.kubescape.io/v1beta1
+kind: WorkloadConfigurationScanSummary
+metadata:
+  name: workload-config-scan-4
+  namespace: wardle
+  labels:
+    app: workload-scanner
+spec:
+  severities:
+    critical: 5
+    high: 5
+    medium: 5
+    low: 5
+    unknown: 5
+  controls: {}
diff --git a/artifacts/vulnerabilitymanifestsummaries/01-example.yaml b/artifacts/vulnerabilitymanifestsummaries/01-example.yaml
@@ -0,0 +1,47 @@
+apiVersion: spdx.softwarecomposition.kubescape.io/v1beta1
+kind: VulnerabilityManifestSummary
+metadata:
+  annotations:
+    kubescape.io/wlid: wlid://cluster-gke_armo-test-clusters_us-central1-c_dwertent-large-node/namespace-kubescape/deployment-storage
+    kubescape.io/image-id: quay.io/kubescape/storage@sha256:12cb1a854e5c287aeb9f227b70b16c35a0dd1981ea1f2b8aea1c1176ea0ba4eb
+    kubescape.io/workload-container-name: apiserver
+    kubescape.io/status: ""
+  labels:
+    kubescape.io/workload-api-group: apps
+    kubescape.io/workload-api-version: v1
+    kubescape.io/workload-namespace: kubescape
+    kubescape.io/workload-kind: Deployment
+    kubescape.io/workload-name: storage
+    kubescape.io/workload-container-name: apiserver
+    kubescape.io/context: filtered 
+  name: kubescape-deployment-storage-apiserver # <namespace>-<kind>-<name>-<container name> 
+  namespace: kubescape
+spec:
+  severities:
+    critical:
+      all: 0
+      relevant: 0
+    high:
+      all: 10
+      relevant: 4
+    low:
+      all: 0
+      relevant: 0
+    medium:
+      all: 2
+      relevant: 1
+    negligible:
+      all: 0
+      relevant: 0
+    unknown:
+      all: 0
+      relevant: 0
+  vulnerabilitiesRef:
+    all:
+      namespace: "kubescape"
+      name: "gke.gcr.io-fluent-bit-gke-exporter-sha256-93014f5d546376de76c21f48bf30a6d1df3db4a413a1c3009c59fe46fa83eee8-83eee8"
+      kind: "vulnerabilitymanifests"
+    relevant: 
+      namespace: "kubescape"
+      name: "kubescape-replicaset-storage-cf988cc64-cd47-4240"
+      kind: "vulnerabilitymanifests"
diff --git a/pkg/apis/softwarecomposition/register.go b/pkg/apis/softwarecomposition/register.go
@@ -53,12 +53,16 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&SBOMSPDXv2p3FilteredList{},
 		&VulnerabilityManifest{},
 		&VulnerabilityManifestList{},
+		&VulnerabilityManifestSummary{},
+		&VulnerabilityManifestSummaryList{},
 		&WorkloadConfigurationScan{},
 		&WorkloadConfigurationScanList{},
 		&WorkloadConfigurationScanSummary{},
 		&WorkloadConfigurationScanSummaryList{},
 		&ConfigurationScanSummary{},
 		&ConfigurationScanSummaryList{},
+		&VulnerabilitySummary{},
+		&VulnerabilitySummaryList{},
 		&ApplicationProfile{},
 		&ApplicationProfileList{},
 		&ApplicationActivity{},

diff --git a/pkg/apis/softwarecomposition/types.go b/pkg/apis/softwarecomposition/types.go
@@ -175,6 +175,63 @@ type VulnerabilitiesComponents struct {
 	WorkloadVulnerabilitiesObj VulnerabilitiesObjScope
 }
 
+type VulnerabilityManifestSummarySpec struct {
+	Severities      SeveritySummary
+	Vulnerabilities VulnerabilitiesComponents
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// VulnerabilityManifestSummary is a summary of a VulnerabilityManifest.
+type VulnerabilityManifestSummary struct {
+	metav1.TypeMeta
+	metav1.ObjectMeta
+
+	Spec   VulnerabilityManifestSummarySpec
+	Status VulnerabilityManifestStatus
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// VulnerabilityManifestSummaryList is a list of VulnerabilityManifest summaries.
+type VulnerabilityManifestSummaryList struct {
+	metav1.TypeMeta
+	metav1.ListMeta
+
+	Items []VulnerabilityManifestSummary
+}
+
+type VulnerabilitySummarySpec struct {
+	Severities                 SeveritySummary
+	WorkloadVulnerabilitiesObj []VulnerabilitiesObjScope
+}
+
+type VulnerabilitySummaryStatus struct {
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// VulnerabilitySummary is a summary of a vulnerabilities for a given scope.
+type VulnerabilitySummary struct {
+	metav1.TypeMeta
+	metav1.ObjectMeta
+
+	Spec   VulnerabilitySummarySpec
+	Status VulnerabilitySummaryStatus
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// VulnerabilitySummaryList is a list of VulnerabilitySummaries.
+type VulnerabilitySummaryList struct {
+	metav1.TypeMeta
+	metav1.ListMeta
+
+	Items []VulnerabilitySummary
+}
+
 func (c *VulnerabilityCounters) Add(counters *VulnerabilityCounters) {
 	c.All += counters.All
 	c.Relevant += counters.Relevant
@@ -189,6 +246,16 @@ func (s *SeveritySummary) Add(severities *SeveritySummary) {
 	s.Unknown.Add(&severities.Unknown)
 }
 
+func (v *VulnerabilitySummary) Merge(vulnManifestSumm *VulnerabilityManifestSummary) {
+	v.Spec.Severities.Add(&vulnManifestSumm.Spec.Severities)
+	workloadVulnerabilitiesObj := VulnerabilitiesObjScope{
+		Name:      vulnManifestSumm.Name,
+		Namespace: vulnManifestSumm.Namespace,
+		Kind:      "vulnerabilitymanifestsummary",
+	}
+	v.Spec.WorkloadVulnerabilitiesObj = append(v.Spec.WorkloadVulnerabilitiesObj, workloadVulnerabilitiesObj)
+}
+
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 

diff --git a/pkg/apis/softwarecomposition/types_test.go b/pkg/apis/softwarecomposition/types_test.go
@@ -4,8 +4,144 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+func Test_VulnerabilitySummaryMerge(t *testing.T) {
+	tests := []struct {
+		fullVulnSumm         *VulnerabilitySummary
+		vulnManifestSumm     *VulnerabilityManifestSummary
+		expectedFullVulnSumm *VulnerabilitySummary
+	}{
+		{
+			fullVulnSumm: &VulnerabilitySummary{
+				Spec: VulnerabilitySummarySpec{
+					Severities: SeveritySummary{
+						Critical: VulnerabilityCounters{
+							All:      10,
+							Relevant: 3,
+						},
+						High: VulnerabilityCounters{
+							All:      10,
+							Relevant: 3,
+						},
+						Medium: VulnerabilityCounters{
+							All:      10,
+							Relevant: 3,
+						},
+						Low: VulnerabilityCounters{
+							All:      10,
+							Relevant: 3,
+						},
+						Negligible: VulnerabilityCounters{
+							All:      10,
+							Relevant: 3,
+						},
+						Unknown: VulnerabilityCounters{
+							All:      10,
+							Relevant: 3,
+						},
+					},
+					WorkloadVulnerabilitiesObj: []VulnerabilitiesObjScope{},
+				},
+			},
+			vulnManifestSumm: &VulnerabilityManifestSummary{
+				ObjectMeta: v1.ObjectMeta{
+					Name:      "aaa",
+					Namespace: "bbb",
+				},
+				TypeMeta: v1.TypeMeta{
+					Kind: "vulnerabilitymanifestsummary",
+				},
+				Spec: VulnerabilityManifestSummarySpec{
+					Severities: SeveritySummary{
+						Critical: VulnerabilityCounters{
+							All:      10,
+							Relevant: 3,
+						},
+						High: VulnerabilityCounters{
+							All:      10,
+							Relevant: 3,
+						},
+						Medium: VulnerabilityCounters{
+							All:      10,
+							Relevant: 3,
+						},
+						Low: VulnerabilityCounters{
+							All:      10,
+							Relevant: 3,
+						},
+						Negligible: VulnerabilityCounters{
+							All:      10,
+							Relevant: 3,
+						},
+						Unknown: VulnerabilityCounters{
+							All:      10,
+							Relevant: 3,
+						},
+					},
+					Vulnerabilities: VulnerabilitiesComponents{
+						ImageVulnerabilitiesObj: VulnerabilitiesObjScope{
+							Name:      "aaa",
+							Namespace: "bbb",
+							Kind:      "any",
+						},
+						WorkloadVulnerabilitiesObj: VulnerabilitiesObjScope{
+							Name:      "ccc",
+							Namespace: "ddd",
+							Kind:      "many",
+						},
+					},
+				},
+			},
+			expectedFullVulnSumm: &VulnerabilitySummary{
+				Spec: VulnerabilitySummarySpec{
+					Severities: SeveritySummary{
+						Critical: VulnerabilityCounters{
+							All:      20,
+							Relevant: 6,
+						},
+						High: VulnerabilityCounters{
+							All:      20,
+							Relevant: 6,
+						},
+						Medium: VulnerabilityCounters{
+							All:      20,
+							Relevant: 6,
+						},
+						Low: VulnerabilityCounters{
+							All:      20,
+							Relevant: 6,
+						},
+						Negligible: VulnerabilityCounters{
+							All:      20,
+							Relevant: 6,
+						},
+						Unknown: VulnerabilityCounters{
+							All:      20,
+							Relevant: 6,
+						},
+					},
+					WorkloadVulnerabilitiesObj: []VulnerabilitiesObjScope{
+						VulnerabilitiesObjScope{
+							Name:      "aaa",
+							Namespace: "bbb",
+							Kind:      "vulnerabilitymanifestsummary",
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run("", func(t *testing.T) {
+			tt.fullVulnSumm.Merge(tt.vulnManifestSumm)
+			assert.Equal(t, tt.expectedFullVulnSumm, tt.fullVulnSumm)
+		})
+	}
+}
+
 func Test_VulnerabilityCountersAdd(t *testing.T) {
 	tests := []struct {
 		vulnSeverities                   SeveritySummary

diff --git a/pkg/apis/softwarecomposition/v1beta1/register.go b/pkg/apis/softwarecomposition/v1beta1/register.go
@@ -55,12 +55,16 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&SBOMSPDXv2p3FilteredList{},
 		&VulnerabilityManifest{},
 		&VulnerabilityManifestList{},
+		&VulnerabilityManifestSummary{},
+		&VulnerabilityManifestSummaryList{},
 		&WorkloadConfigurationScan{},
 		&WorkloadConfigurationScanList{},
 		&WorkloadConfigurationScanSummary{},
 		&WorkloadConfigurationScanSummaryList{},
 		&ConfigurationScanSummary{},
 		&ConfigurationScanSummaryList{},
+		&VulnerabilitySummary{},
+		&VulnerabilitySummaryList{},
 		&ApplicationProfile{},
 		&ApplicationProfileList{},
 		&ApplicationActivity{},