refactor: Introduce kube.Object as more generic representation of kub…

…e.Workload (#71) Signed-off-by: Daniel Pacak <[email protected]>
aquasecurity · Jun 24, 2020 · 898d422 · 898d422
1 parent 8474833
commit 898d422
Show file tree

Hide file tree

Showing 11 changed files with 247 additions and 164 deletions.
diff --git a/pkg/cmd/commands.go b/pkg/cmd/commands.go
@@ -17,30 +17,30 @@ func SetGlobalFlags(cf *genericclioptions.ConfigFlags, cmd *cobra.Command) {
 	}
 }
 
-func WorkloadFromArgs(namespace string, args []string) (workload kube.Workload, err error) {
+func WorkloadFromArgs(namespace string, args []string) (workload kube.Object, err error) {
 	if len(args) < 1 {
 		err = errors.New("required workload kind and name not specified")
 		return
 	}
 
 	parts := strings.SplitN(args[0], "/", 2)
 	if len(parts) == 1 {
-		workload = kube.Workload{
+		workload = kube.Object{
 			Namespace: namespace,
-			Kind:      kube.WorkloadKindPod,
+			Kind:      kube.KindPod,
 			Name:      parts[0],
 		}
 		return
 	}
-	kind, err := kube.WorkloadKindFromString(parts[0])
+	kind, err := kube.KindFromResource(parts[0])
 	if err != nil {
 		return
 	}
 	if "" == parts[1] {
 		err = errors.New("required workload name is blank")
 		return
 	}
-	workload = kube.Workload{
+	workload = kube.Object{
 		Namespace: namespace,
 		Kind:      kind,
 		Name:      parts[1],

diff --git a/pkg/cmd/root_test.go b/pkg/cmd/root_test.go
@@ -15,180 +15,180 @@ func TestWorkloadFromArgs(t *testing.T) {
 
 		givenArgs []string
 
-		expectedWorkload kube.Workload
+		expectedWorkload kube.Object
 		expectedError    error
 	}{
 		{
 			name:             "Should return Pod/my-pod when kind is not explicitly specified",
 			givenArgs:        []string{"my-pod"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindPod, Name: "my-pod"},
+			expectedWorkload: kube.Object{Kind: kube.KindPod, Name: "my-pod"},
 		},
 		{
 			name:             "Should return Pod/my-pod when kind is specified as pods",
 			givenArgs:        []string{"pods/my-pod"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindPod, Name: "my-pod"},
+			expectedWorkload: kube.Object{Kind: kube.KindPod, Name: "my-pod"},
 		},
 		{
 			name:             "Should return Pod/my-pod when kind is specified as pod",
 			givenArgs:        []string{"pod/my-pod"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindPod, Name: "my-pod"},
+			expectedWorkload: kube.Object{Kind: kube.KindPod, Name: "my-pod"},
 		},
 		{
 			name:             "Should return Pod/my-pod when kind is specified as po",
 			givenArgs:        []string{"po/my-pod"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindPod, Name: "my-pod"},
+			expectedWorkload: kube.Object{Kind: kube.KindPod, Name: "my-pod"},
 		},
 		{
 			name:             "Should return ReplicaSet/my-rs when kind is specified as replicasets.apps",
 			givenArgs:        []string{"replicasets.apps/my-rs"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindReplicaSet, Name: "my-rs"},
+			expectedWorkload: kube.Object{Kind: kube.KindReplicaSet, Name: "my-rs"},
 		},
 		{
 			name:             "Should return ReplicaSet/my-rs when kind is specified as replicasets",
 			givenArgs:        []string{"replicasets/my-rs"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindReplicaSet, Name: "my-rs"},
+			expectedWorkload: kube.Object{Kind: kube.KindReplicaSet, Name: "my-rs"},
 		},
 		{
 			name:             "Should return ReplicaSet/my-rs when kind is specified as replicaset",
 			givenArgs:        []string{"replicaset/my-rs"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindReplicaSet, Name: "my-rs"},
+			expectedWorkload: kube.Object{Kind: kube.KindReplicaSet, Name: "my-rs"},
 		},
 		{
 			name:             "Should return ReplicaSet/my-rs when kind is specified as rs",
 			givenArgs:        []string{"rs/my-rs"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindReplicaSet, Name: "my-rs"},
+			expectedWorkload: kube.Object{Kind: kube.KindReplicaSet, Name: "my-rs"},
 		},
 		{
 			name:             "Should return ReplicationController/my-rc when kind is specified as replicationcontrollers",
 			givenArgs:        []string{"replicationcontrollers/my-rc"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindReplicationController, Name: "my-rc"},
+			expectedWorkload: kube.Object{Kind: kube.KindReplicationController, Name: "my-rc"},
 		},
 		{
 			name:             "Should return ReplicationController/my-rc when kind is specified as replicationcontroller",
 			givenArgs:        []string{"replicationcontroller/my-rc"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindReplicationController, Name: "my-rc"},
+			expectedWorkload: kube.Object{Kind: kube.KindReplicationController, Name: "my-rc"},
 		},
 		{
 			name:             "Should return ReplicationController/my-rc when kind is specified as rc",
 			givenArgs:        []string{"rc/my-rc"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindReplicationController, Name: "my-rc"},
+			expectedWorkload: kube.Object{Kind: kube.KindReplicationController, Name: "my-rc"},
 		},
 		{
 			name:             "Should return Deployment/my-deployment when kind is specified as deployments.apps",
 			givenArgs:        []string{"deploy/my-deployment"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindDeployment, Name: "my-deployment"},
+			expectedWorkload: kube.Object{Kind: kube.KindDeployment, Name: "my-deployment"},
 		},
 		{
 			name:             "Should return Deployment/my-deployment when kind is specified as deployments",
 			givenArgs:        []string{"deployments/my-deployment"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindDeployment, Name: "my-deployment"},
+			expectedWorkload: kube.Object{Kind: kube.KindDeployment, Name: "my-deployment"},
 		},
 		{
 			name:             "Should return Deployment/my-deployment when kind is specified as deployment",
 			givenArgs:        []string{"deployment/my-deployment"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindDeployment, Name: "my-deployment"},
+			expectedWorkload: kube.Object{Kind: kube.KindDeployment, Name: "my-deployment"},
 		},
 		{
 			name:             "Should return Deployment/my-deployment when kind is specified as deploy",
 			givenArgs:        []string{"deploy/my-deployment"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindDeployment, Name: "my-deployment"},
+			expectedWorkload: kube.Object{Kind: kube.KindDeployment, Name: "my-deployment"},
 		},
 		{
 			name:             "Should return DaemonSet/my-ds when kind is specified as daemonsets.apps",
 			givenArgs:        []string{"daemonsets/my-ds"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindDaemonSet, Name: "my-ds"},
+			expectedWorkload: kube.Object{Kind: kube.KindDaemonSet, Name: "my-ds"},
 		},
 		{
 			name:             "Should return DaemonSet/my-ds when kind is specified as daemonsets",
 			givenArgs:        []string{"daemonsets/my-ds"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindDaemonSet, Name: "my-ds"},
+			expectedWorkload: kube.Object{Kind: kube.KindDaemonSet, Name: "my-ds"},
 		},
 		{
 			name:             "Should return DaemonSet/my-ds when kind is specified as daemonset",
 			givenArgs:        []string{"daemonsets/my-ds"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindDaemonSet, Name: "my-ds"},
+			expectedWorkload: kube.Object{Kind: kube.KindDaemonSet, Name: "my-ds"},
 		},
 		{
 			name:             "Should return DaemonSet/my-ds when kind is specified as ds",
 			givenArgs:        []string{"daemonsets/my-ds"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindDaemonSet, Name: "my-ds"},
+			expectedWorkload: kube.Object{Kind: kube.KindDaemonSet, Name: "my-ds"},
 		},
 		{
 			name:             "Should return StatefulSet/my-sts when kind is specified as statefulsets.apps",
 			givenArgs:        []string{"statefulsets.apps/my-sts"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindStatefulSet, Name: "my-sts"},
+			expectedWorkload: kube.Object{Kind: kube.KindStatefulSet, Name: "my-sts"},
 		},
 		{
 			name:             "Should return StatefulSet/my-sts when kind is specified as statefulsets",
 			givenArgs:        []string{"statefulsets/my-sts"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindStatefulSet, Name: "my-sts"},
+			expectedWorkload: kube.Object{Kind: kube.KindStatefulSet, Name: "my-sts"},
 		},
 		{
 			name:             "Should return StatefulSet/my-sts when kind is specified as statefulset",
 			givenArgs:        []string{"statefulset/my-sts"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindStatefulSet, Name: "my-sts"},
+			expectedWorkload: kube.Object{Kind: kube.KindStatefulSet, Name: "my-sts"},
 		},
 		{
 			name:             "Should return StatefulSet/my-sts when kind is specified as sts",
 			givenArgs:        []string{"sts/my-sts"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindStatefulSet, Name: "my-sts"},
+			expectedWorkload: kube.Object{Kind: kube.KindStatefulSet, Name: "my-sts"},
 		},
 		{
 			name:             "Should return CronJob/my-cj when kind is specified as cronjobs.batch",
 			givenArgs:        []string{"cronjobs.batch/my-cj"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindCronJob, Name: "my-cj"},
+			expectedWorkload: kube.Object{Kind: kube.KindCronJob, Name: "my-cj"},
 		},
 		{
 			name:             "Should return CronJob/my-cj when kind is specified as cronjob.batch",
 			givenArgs:        []string{"cronjob.batch/my-cj"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindCronJob, Name: "my-cj"},
+			expectedWorkload: kube.Object{Kind: kube.KindCronJob, Name: "my-cj"},
 		},
 		{
 			name:             "Should return CronJob/my-cj when kind is specified as cronjobs",
 			givenArgs:        []string{"cronjobs/my-cj"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindCronJob, Name: "my-cj"},
+			expectedWorkload: kube.Object{Kind: kube.KindCronJob, Name: "my-cj"},
 		},
 		{
 			name:             "Should return CronJob/my-cj when kind is specified as cronjob",
 			givenArgs:        []string{"cronjob/my-cj"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindCronJob, Name: "my-cj"},
+			expectedWorkload: kube.Object{Kind: kube.KindCronJob, Name: "my-cj"},
 		},
 		{
 			name:             "Should return CronJob/my-cj when kind is specified as cj",
 			givenArgs:        []string{"cj/my-cj"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindCronJob, Name: "my-cj"},
+			expectedWorkload: kube.Object{Kind: kube.KindCronJob, Name: "my-cj"},
 		},
 		{
 			name:             "Should return Job/my-job when kind is specified as jobs.batch",
 			givenArgs:        []string{"jobs.batch/my-job"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindJob, Name: "my-job"},
+			expectedWorkload: kube.Object{Kind: kube.KindJob, Name: "my-job"},
 		},
 		{
 			name:             "Should return Job/my-job when kind is specified as job.batch",
 			givenArgs:        []string{"job.batch/my-job"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindJob, Name: "my-job"},
+			expectedWorkload: kube.Object{Kind: kube.KindJob, Name: "my-job"},
 		},
 		{
 			name:             "Should return Job/my-job when kind is specified as jobs",
 			givenArgs:        []string{"jobs/my-job"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindJob, Name: "my-job"},
+			expectedWorkload: kube.Object{Kind: kube.KindJob, Name: "my-job"},
 		},
 		{
 			name:             "Should return Job/my-job when kind is specified as job",
 			givenArgs:        []string{"job/my-job"},
-			expectedWorkload: kube.Workload{Kind: kube.WorkloadKindJob, Name: "my-job"},
+			expectedWorkload: kube.Object{Kind: kube.KindJob, Name: "my-job"},
 		},
 		{
 			name:             "Should return error when neither workload kind nor name is specified",
 			givenArgs:        []string{},
-			expectedWorkload: kube.Workload{},
+			expectedWorkload: kube.Object{},
 			expectedError:    errors.New("required workload kind and name not specified"),
 		},
 		{
 			name:             "Should return error when kind is unrecognized",
 			givenArgs:        []string{"xpod/my-pod"},
-			expectedWorkload: kube.Workload{},
-			expectedError:    errors.New("unrecognized workload: xpod"),
+			expectedWorkload: kube.Object{},
+			expectedError:    errors.New("unrecognized resource: xpod"),
 		},
 		{
 			name:          "Should return error when workload name is blank",

diff --git a/pkg/find/vulnerabilities/crd/writer.go b/pkg/find/vulnerabilities/crd/writer.go
@@ -23,7 +23,7 @@ func NewWriter(client clientset.Interface) vulnerabilities.Writer {
 	}
 }
 
-func (s *writer) Write(ctx context.Context, workload kube.Workload, reports map[string]starboard.VulnerabilityReport) (err error) {
+func (s *writer) Write(ctx context.Context, workload kube.Object, reports map[string]starboard.VulnerabilityReport) (err error) {
 	for container, report := range reports {
 		err = s.createVulnerability(ctx, workload, container, report)
 		if err != nil {
@@ -33,14 +33,15 @@ func (s *writer) Write(ctx context.Context, workload kube.Workload, reports map[
 	return
 }
 
-func (s *writer) createVulnerability(ctx context.Context, workload kube.Workload, container string, report starboard.VulnerabilityReport) (err error) {
+func (s *writer) createVulnerability(ctx context.Context, workload kube.Object, container string, report starboard.VulnerabilityReport) (err error) {
 	_, err = s.client.AquasecurityV1alpha1().Vulnerabilities(workload.Namespace).Create(ctx, &starboard.Vulnerability{
 		ObjectMeta: meta.ObjectMeta{
 			Name: fmt.Sprintf(uuid.New().String()),
 			Labels: map[string]string{
-				kube.LabelResourceKind:  workload.Kind.String(),
-				kube.LabelResourceName:  workload.Name,
-				kube.LabelContainerName: container,
+				kube.LabelResourceKind:      string(workload.Kind),
+				kube.LabelResourceName:      workload.Name,
+				kube.LabelResourceNamespace: workload.Namespace,
+				kube.LabelContainerName:     container,
 			},
 		},
 		Report: report,

diff --git a/pkg/find/vulnerabilities/scanner.go b/pkg/find/vulnerabilities/scanner.go
@@ -16,6 +16,6 @@ import (
 // ScanByPodSpec scans all container images of the specified Kubernetes workload with the given PodSpec.
 // Returns a map of container names to VulnerabilityReports.
 type Scanner interface {
-	Scan(ctx context.Context, workload kube.Workload) (reports map[string]starboard.VulnerabilityReport, err error)
-	ScanByPodSpec(ctx context.Context, workload kube.Workload, spec core.PodSpec) (reports map[string]starboard.VulnerabilityReport, err error)
+	Scan(ctx context.Context, workload kube.Object) (reports map[string]starboard.VulnerabilityReport, err error)
+	ScanByPodSpec(ctx context.Context, workload kube.Object, spec core.PodSpec) (reports map[string]starboard.VulnerabilityReport, err error)
 }
diff --git a/pkg/find/vulnerabilities/trivy/scanner.go b/pkg/find/vulnerabilities/trivy/scanner.go
@@ -51,7 +51,7 @@ type scanner struct {
 	scanners.Base
 }
 
-func (s *scanner) Scan(ctx context.Context, workload kube.Workload) (reports map[string]sec.VulnerabilityReport, err error) {
+func (s *scanner) Scan(ctx context.Context, workload kube.Object) (reports map[string]sec.VulnerabilityReport, err error) {
 	klog.V(3).Infof("Getting Pod template for workload: %v", workload)
 	podSpec, err := s.pods.GetPodSpecByWorkload(ctx, workload)
 	if err != nil {
@@ -66,7 +66,7 @@ func (s *scanner) Scan(ctx context.Context, workload kube.Workload) (reports map
 	return
 }
 
-func (s *scanner) ScanByPodSpec(ctx context.Context, workload kube.Workload, spec core.PodSpec) (map[string]sec.VulnerabilityReport, error) {
+func (s *scanner) ScanByPodSpec(ctx context.Context, workload kube.Object, spec core.PodSpec) (map[string]sec.VulnerabilityReport, error) {
 	klog.V(3).Infof("Scanning with options: %+v", s.opts)
 	job, err := s.prepareJob(ctx, workload, spec)
 	if err != nil {
@@ -101,7 +101,7 @@ func (s *scanner) ScanByPodSpec(ctx context.Context, workload kube.Workload, spe
 	return s.getScanReportsFor(ctx, job)
 }
 
-func (s *scanner) prepareJob(ctx context.Context, workload kube.Workload, spec core.PodSpec) (*batch.Job, error) {
+func (s *scanner) prepareJob(ctx context.Context, workload kube.Object, spec core.PodSpec) (*batch.Job, error) {
 	credentials, err := s.secrets.GetImagesWithCredentials(ctx, workload.Namespace, spec)
 	if err != nil {
 		return nil, fmt.Errorf("getting docker configs: %w", err)
@@ -179,8 +179,9 @@ func (s *scanner) prepareJob(ctx context.Context, workload kube.Workload, spec c
 			Name:      jobName,
 			Namespace: kube.NamespaceStarboard,
 			Labels: map[string]string{
-				kube.LabelResourceKind: workload.Kind.String(),
-				kube.LabelResourceName: workload.Name,
+				kube.LabelResourceKind:      string(workload.Kind),
+				kube.LabelResourceName:      workload.Name,
+				kube.LabelResourceNamespace: workload.Namespace,
 			},
 		},
 		Spec: batch.JobSpec{
@@ -190,7 +191,7 @@ func (s *scanner) prepareJob(ctx context.Context, workload kube.Workload, spec c
 			Template: core.PodTemplateSpec{
 				ObjectMeta: meta.ObjectMeta{
 					Labels: map[string]string{
-						kube.LabelResourceKind: workload.Kind.String(),
+						kube.LabelResourceKind: string(workload.Kind),
 						kube.LabelResourceName: workload.Name,
 					},
 				},

diff --git a/pkg/find/vulnerabilities/writer.go b/pkg/find/vulnerabilities/writer.go
@@ -8,5 +8,5 @@ import (
 )
 
 type Writer interface {
-	Write(ctx context.Context, workload kube.Workload, reports map[string]starboard.VulnerabilityReport) error
+	Write(ctx context.Context, workload kube.Object, reports map[string]starboard.VulnerabilityReport) error
 }