From 043cb7d626743b71821ef9284ca2456e25b1aa68 Mon Sep 17 00:00:00 2001 From: Pankaj Khushalani Date: Thu, 29 Dec 2022 23:02:19 +0530 Subject: [PATCH 1/6] chore: add ec2 service with DescribeInstances action --- api/v1alpha1/awsadapterconfig_types.go | 11 +++ api/v1alpha1/zz_generated.deepcopy.go | 67 +++++++++++++++ ...security.nirmata.io_awsadapterconfigs.yaml | 17 ++++ controllers/awsadapterconfig_controller.go | 54 +++++++++--- go.mod | 36 ++++---- go.sum | 82 ++++++++++++------- 6 files changed, 209 insertions(+), 58 deletions(-) diff --git a/api/v1alpha1/awsadapterconfig_types.go b/api/v1alpha1/awsadapterconfig_types.go index b2f5e9c..3e5d10c 100644 --- a/api/v1alpha1/awsadapterconfig_types.go +++ b/api/v1alpha1/awsadapterconfig_types.go @@ -63,6 +63,7 @@ type EKSEncryptionConfig struct { type EKSCompute struct { NodeGroups []*EKSNodeGroup `json:"nodeGroups,omitempty"` FargateProfiles []string `json:"fargateProfiles,omitempty"` + Reservations []*Reservation `json:"reservations,omitempty"` } // EKSNodeGroup contains info of the EKS cluster's node group @@ -95,6 +96,16 @@ type EKSNodeGroupUpdateConfig struct { MaxUnavailablePercentage *int32 `json:"maxUnavailablePercentage,omitempty"` } +type Reservation struct { + Instances []*Instance `json:"instances,omitempty"` +} + +type Instance struct { + HttpPutResponseHopLimit *int32 `json:"httpPutResponseHopLimit,omitempty"` + PublicDnsName *string `json:"publicDnsName,omitempty"` + FlowLogs *bool `json:"flowLogs,omitempty"` +} + // EKSNodeGroupResources contains info of ASG and remote access SG for node group type EKSNodeGroupResources struct { AutoScalingGroups []string `json:"autoScalingGroups,omitempty"` diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 2f94bb3..779f307 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -297,6 +297,17 @@ func (in *EKSCompute) DeepCopyInto(out *EKSCompute) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.Reservations != nil { + in, out := &in.Reservations, &out.Reservations + *out = make([]*Reservation, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(Reservation) + (*in).DeepCopyInto(*out) + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSCompute. @@ -705,6 +716,36 @@ func (in *EKSVpcConfig) DeepCopy() *EKSVpcConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Instance) DeepCopyInto(out *Instance) { + *out = *in + if in.HttpPutResponseHopLimit != nil { + in, out := &in.HttpPutResponseHopLimit, &out.HttpPutResponseHopLimit + *out = new(int32) + **out = **in + } + if in.PublicDnsName != nil { + in, out := &in.PublicDnsName, &out.PublicDnsName + *out = new(string) + **out = **in + } + if in.FlowLogs != nil { + in, out := &in.FlowLogs, &out.FlowLogs + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Instance. +func (in *Instance) DeepCopy() *Instance { + if in == nil { + return nil + } + out := new(Instance) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LastPollInfo) DeepCopyInto(out *LastPollInfo) { *out = *in @@ -743,3 +784,29 @@ func (in *PollFailure) DeepCopy() *PollFailure { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Reservation) DeepCopyInto(out *Reservation) { + *out = *in + if in.Instances != nil { + in, out := &in.Instances, &out.Instances + *out = make([]*Instance, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(Instance) + (*in).DeepCopyInto(*out) + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Reservation. +func (in *Reservation) DeepCopy() *Reservation { + if in == nil { + return nil + } + out := new(Reservation) + in.DeepCopyInto(out) + return out +} diff --git a/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml b/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml index bb4d6cc..a5f8730 100644 --- a/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml +++ b/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml @@ -215,6 +215,23 @@ spec: type: object type: object type: array + reservations: + items: + properties: + instances: + items: + properties: + flowLogs: + type: boolean + httpPutResponseHopLimit: + format: int32 + type: integer + publicDnsName: + type: string + type: object + type: array + type: object + type: array type: object createdAt: type: string diff --git a/controllers/awsadapterconfig_controller.go b/controllers/awsadapterconfig_controller.go index 008a04c..26981e9 100644 --- a/controllers/awsadapterconfig_controller.go +++ b/controllers/awsadapterconfig_controller.go @@ -31,7 +31,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/ec2" + "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/aws/aws-sdk-go-v2/service/eks" + "github.com/aws/aws-sdk-go/aws" securityv1alpha1 "github.com/nirmata/kyverno-aws-adapter/api/v1alpha1" ) @@ -84,20 +87,20 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return r.updateLastPollStatusFailure(ctx, objOld, "error occurred while loading aws sdk config", err, &l, time.Now()) } l.Info("AWS SDK config loaded successfully") - svc := eks.NewFromConfig(cfg) + eksClient := eks.NewFromConfig(cfg) + ec2Client := ec2.NewFromConfig(cfg) objNew := objOld.DeepCopy() objNew.Status.EKSCluster = &securityv1alpha1.EKSCluster{} clusterFound := false - - if x, err := svc.ListClusters(context.TODO(), &eks.ListClustersInput{}); err == nil { + if x, err := eksClient.ListClusters(context.TODO(), &eks.ListClustersInput{}); err == nil { if x.NextToken != nil { l.Info("Warning: more than 100 clusters found in the AWS account, fetching only 100") } for _, v := range x.Clusters { - if c, err := svc.DescribeCluster(context.TODO(), &eks.DescribeClusterInput{Name: &v}); err == nil { + if c, err := eksClient.DescribeCluster(context.TODO(), &eks.DescribeClusterInput{Name: &v}); err == nil { if v == *objOld.Spec.Name && strings.ToLower(string(c.Cluster.Status)) != "deleting" { clusterFound = true break @@ -119,7 +122,7 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return r.updateLastPollStatusFailure(ctx, objOld, fmt.Sprintf("could not find cluster '%s' in the given region '%s'", *objOld.Spec.Name, *objOld.Spec.Region), fmt.Errorf("cluster not found"), &l, time.Now()) } - if x, err := svc.DescribeCluster(context.TODO(), &eks.DescribeClusterInput{Name: objOld.Spec.Name}); err == nil { + if x, err := eksClient.DescribeCluster(context.TODO(), &eks.DescribeClusterInput{Name: objOld.Spec.Name}); err == nil { tmpEncConf := []*securityv1alpha1.EKSEncryptionConfig{} for _, encConf := range x.Cluster.EncryptionConfig { tmpEncConf = append(tmpEncConf, &securityv1alpha1.EKSEncryptionConfig{ @@ -181,16 +184,16 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return r.updateLastPollStatusFailure(ctx, objOld, "error fetching cluster details", err, &l, time.Now()) } - if x, err := svc.ListFargateProfiles(context.TODO(), &eks.ListFargateProfilesInput{ClusterName: objOld.Spec.Name}); err == nil { + if x, err := eksClient.ListFargateProfiles(context.TODO(), &eks.ListFargateProfilesInput{ClusterName: objOld.Spec.Name}); err == nil { objNew.Status.EKSCluster.Compute.FargateProfiles = x.FargateProfileNames } else { l.Error(err, "error listing fargate profiles") return r.updateLastPollStatusFailure(ctx, objOld, "error listing fargate profiles", err, &l, time.Now()) } - if x, err := svc.ListNodegroups(context.TODO(), &eks.ListNodegroupsInput{ClusterName: objOld.Spec.Name}); err == nil { + if x, err := eksClient.ListNodegroups(context.TODO(), &eks.ListNodegroupsInput{ClusterName: objOld.Spec.Name}); err == nil { for _, v := range x.Nodegroups { - if y, err := svc.DescribeNodegroup(context.TODO(), &eks.DescribeNodegroupInput{ClusterName: objOld.Spec.Name, NodegroupName: &v}); err == nil { + if y, err := eksClient.DescribeNodegroup(context.TODO(), &eks.DescribeNodegroupInput{ClusterName: objOld.Spec.Name, NodegroupName: &v}); err == nil { objNew.Status.EKSCluster.Compute.NodeGroups = []*securityv1alpha1.EKSNodeGroup{} var launchTemplate *securityv1alpha1.EC2LaunchTemplate if y.Nodegroup.LaunchTemplate != nil { @@ -275,14 +278,14 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return r.updateLastPollStatusFailure(ctx, objOld, "error listing nodegroups", err, &l, time.Now()) } - if x, err := svc.ListAddons(context.TODO(), &eks.ListAddonsInput{ClusterName: objOld.Spec.Name}); err == nil { + if x, err := eksClient.ListAddons(context.TODO(), &eks.ListAddonsInput{ClusterName: objOld.Spec.Name}); err == nil { objNew.Status.EKSCluster.Addons = x.Addons } else { l.Error(err, "error listing addons") return r.updateLastPollStatusFailure(ctx, objOld, "error listing addons", err, &l, time.Now()) } - if x, err := svc.ListIdentityProviderConfigs(context.TODO(), &eks.ListIdentityProviderConfigsInput{ClusterName: objOld.Spec.Name}); err == nil { + if x, err := eksClient.ListIdentityProviderConfigs(context.TODO(), &eks.ListIdentityProviderConfigsInput{ClusterName: objOld.Spec.Name}); err == nil { objNew.Status.EKSCluster.IdentityProviderConfigs = []*string{} for _, v := range x.IdentityProviderConfigs { objNew.Status.EKSCluster.IdentityProviderConfigs = append(objNew.Status.EKSCluster.IdentityProviderConfigs, v.Name) @@ -304,6 +307,37 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req l.Error(err, "error updating status") } } + + if x, err := ec2Client.DescribeInstances(context.TODO(), &ec2.DescribeInstancesInput{ + Filters: []types.Filter{ + { + Name: aws.String("tag:aws:eks:cluster-name"), + Values: []string{ + *objOld.Spec.Name, + }, + }, + }, + }, + ); err != nil { + for _, r := range x.Reservations { + tmpRes := []*securityv1alpha1.Reservation{} + for _, i := range r.Instances { + tmpIn := []*securityv1alpha1.Instance{} + tmpIn = append(tmpIn, &securityv1alpha1.Instance{ + PublicDnsName: i.PublicDnsName, + HttpPutResponseHopLimit: i.MetadataOptions.HttpPutResponseHopLimit, + }) + tmpRes = append(tmpRes, &securityv1alpha1.Reservation{ + Instances: tmpIn, + }) + } + objNew.Status.EKSCluster.Compute.Reservations = tmpRes + } + } else { + l.Error(err, "error occurred while fetching EC2 instances") + return r.updateLastPollStatusFailure(ctx, objOld, "error occurred while fetching EC2 instances", err, &l, time.Now()) + } + return ctrl.Result{RequeueAfter: r.RequeueInterval}, nil } diff --git a/go.mod b/go.mod index e359239..be60f58 100644 --- a/go.mod +++ b/go.mod @@ -6,10 +6,10 @@ require ( github.com/aws/aws-sdk-go-v2/config v1.17.8 github.com/aws/aws-sdk-go-v2/service/eks v1.22.1 github.com/go-logr/logr v1.2.3 - github.com/google/go-cmp v0.5.8 - github.com/onsi/ginkgo/v2 v2.1.4 - github.com/onsi/gomega v1.19.0 - k8s.io/apimachinery v0.25.0 + github.com/google/go-cmp v0.5.9 + github.com/onsi/ginkgo/v2 v2.4.0 + github.com/onsi/gomega v1.23.0 + k8s.io/apimachinery v0.26.0 k8s.io/client-go v0.25.0 sigs.k8s.io/controller-runtime v0.13.0 ) @@ -24,17 +24,19 @@ require ( github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect - github.com/aws/aws-sdk-go-v2 v1.16.16 // indirect + github.com/aws/aws-sdk-go v1.44.169 + github.com/aws/aws-sdk-go-v2 v1.17.3 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.12.21 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.17 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.23 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.17 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17 // indirect + github.com/aws/aws-sdk-go-v2/service/ec2 v1.77.0 + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.11.23 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.6 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.16.19 // indirect - github.com/aws/smithy-go v1.13.3 // indirect + github.com/aws/smithy-go v1.13.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect @@ -71,24 +73,24 @@ require ( go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.21.0 // indirect golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect - golang.org/x/net v0.0.0-20220906165146-f3363e06e74c // indirect + golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 // indirect golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect - golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect - golang.org/x/text v0.3.8 // indirect + golang.org/x/sys v0.3.0 // indirect + golang.org/x/term v0.3.0 // indirect + golang.org/x/text v0.5.0 // indirect golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.28.0 // indirect + google.golang.org/protobuf v1.28.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/api v0.25.0 // indirect k8s.io/apiextensions-apiserver v0.25.0 // indirect k8s.io/component-base v0.25.0 // indirect - k8s.io/klog/v2 v2.70.1 // indirect - k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect - k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect + k8s.io/klog/v2 v2.80.1 // indirect + k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect + k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect diff --git a/go.sum b/go.sum index 619283f..3ee8a0f 100644 --- a/go.sum +++ b/go.sum @@ -73,32 +73,41 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/aws/aws-sdk-go-v2 v1.16.16 h1:M1fj4FE2lB4NzRb9Y0xdWsn2P0+2UHVxwKyOa4YJNjk= +github.com/aws/aws-sdk-go v1.44.169 h1:+UAazxZwfcuCVtJ6LVR1hX+EJW6BPsFFAZERhOtFNrM= +github.com/aws/aws-sdk-go v1.44.169/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v1.16.16/go.mod h1:SwiyXi/1zTUZ6KIAmLK5V5ll8SiURNUYOqTerZPaF9k= +github.com/aws/aws-sdk-go-v2 v1.17.3 h1:shN7NlnVzvDUgPQ+1rLMSxY8OWRNDRYtiqe0p/PgrhY= +github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2/config v1.17.8 h1:b9LGqNnOdg9vR4Q43tBTVWk4J6F+W774MSchvKJsqnE= github.com/aws/aws-sdk-go-v2/config v1.17.8/go.mod h1:UkCI3kb0sCdvtjiXYiU4Zx5h07BOpgBTtkPu/49r+kA= github.com/aws/aws-sdk-go-v2/credentials v1.12.21 h1:4tjlyCD0hRGNQivh5dN8hbP30qQhMLBE/FgQR1vHHWM= github.com/aws/aws-sdk-go-v2/credentials v1.12.21/go.mod h1:O+4XyAt4e+oBAoIwNUYkRg3CVMscaIJdmZBOcPgJ8D8= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.17 h1:r08j4sbZu/RVi+BNxkBJwPMUYY3P8mgSDuKkZ/ZN1lE= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.17/go.mod h1:yIkQcCDYNsZfXpd5UX2Cy+sWA1jPgIhGTw9cOBzfVnQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.23 h1:s4g/wnzMf+qepSNgTvaQQHNxyMLKSawNhKCPNy++2xY= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.23/go.mod h1:2DFxAQ9pfIRy0imBCJv+vZ2X6RKxves6fbnEuSry6b4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.17 h1:/K482T5A3623WJgWT8w1yRAFK4RzGzEl7y39yhtn9eA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 h1:I3cakv2Uy1vNmmhRQmFptYDxOvBnwCdNwyw63N0RaRU= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27/go.mod h1:a1/UpzeyBBerajpnP5nGZa9mGzsBn5cOKxm6NWQsvoI= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.17/go.mod h1:pRwaTYCJemADaqCbUAxltMoHKata7hmB5PjEXeu0kfg= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 h1:5NbbMrIzmUn/TXFqAle6mgrH5m9cOvMLRGL7pnG8tRE= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21/go.mod h1:+Gxn8jYn5k9ebfHEqlhrMirFjSW0v0C9fI+KN5vk2kE= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24 h1:wj5Rwc05hvUSvKuOF29IYb9QrCLjU+rHAy/x/o0DK2c= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24/go.mod h1:jULHjqqjDlbyTa7pfM7WICATnOv+iOhjletM3N0Xbu8= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.77.0 h1:m6HYlpZlTWb9vHuuRHpWRieqPHWlS0mvQ90OJNrG/Nk= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.77.0/go.mod h1:mV0E7631M1eXdB+tlGFIw6JxfsC7Pz7+7Aw15oLVhZw= github.com/aws/aws-sdk-go-v2/service/eks v1.22.1 h1:f07Bk+xMm0Q8PCzvrBg8Bd6m67CTvZSxQWB0H7ZEJOU= github.com/aws/aws-sdk-go-v2/service/eks v1.22.1/go.mod h1:YoafRRQM4SnTFwb49e4LCAel6n99q2DMxkeAfbgvq8s= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17 h1:Jrd/oMh0PKQc6+BowB+pLEwLIgaQF29eYbe7E1Av9Ug= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17/go.mod h1:4nYOrY41Lrbk2170/BGkcJKBhws9Pfn8MG3aGqjjeFI= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 h1:5C6XgTViSb0bunmU57b3CT+MhxULqHH2721FVA+/kDM= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21/go.mod h1:lRToEJsn+DRA9lW4O9L9+/3hjTkUzlzyzHqn8MTds5k= github.com/aws/aws-sdk-go-v2/service/sso v1.11.23 h1:pwvCchFUEnlceKIgPUouBJwK81aCkQ8UDMORfeFtW10= github.com/aws/aws-sdk-go-v2/service/sso v1.11.23/go.mod h1:/w0eg9IhFGjGyyncHIQrXtU8wvNsTJOP0R6PPj0wf80= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.6 h1:OwhhKc1P9ElfWbMKPIbMMZBV6hzJlL2JKD76wNNVzgQ= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.6/go.mod h1:csZuQY65DAdFBt1oIjO5hhBR49kQqop4+lcuCjf2arA= github.com/aws/aws-sdk-go-v2/service/sts v1.16.19 h1:9pPi0PsFNAGILFfPCk8Y0iyEBGc6lu6OQ97U7hmdesg= github.com/aws/aws-sdk-go-v2/service/sts v1.16.19/go.mod h1:h4J3oPZQbxLhzGnk+j9dfYHi5qIOVJ5kczZd658/ydM= -github.com/aws/smithy-go v1.13.3 h1:l7LYxGuzK6/K+NzJ2mC+VvLUbae0sL3bXU//04MkmnA= github.com/aws/smithy-go v1.13.3/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= +github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= +github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -149,7 +158,6 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= @@ -221,8 +229,9 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -307,10 +316,10 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWb github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY= -github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= -github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= -github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= +github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs= +github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= +github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys= +github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -345,7 +354,6 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= @@ -356,13 +364,14 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -426,6 +435,7 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -466,8 +476,10 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220906165146-f3363e06e74c h1:yKufUcDwucU5urd+50/Opbt4AYpqthk7wHpHok8f1lo= -golang.org/x/net v0.0.0-20220906165146-f3363e06e74c/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 h1:Frnccbp+ok2GkUS2tC84yAq/U9Vg+0sIO7aRL3T4Xnc= +golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -496,6 +508,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -552,11 +565,16 @@ golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -565,8 +583,10 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -626,6 +646,7 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -763,8 +784,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -800,19 +821,18 @@ k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0= k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk= k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY= k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E= -k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU= -k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0= +k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg= +k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E= k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8= k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y= k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk= -k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= -k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ= -k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= -k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= -k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4= -k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= +k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= +k8s.io/utils v0.0.0-20221107191617-1a15be271d1d h1:0Smp/HP1OH4Rvhe+4B8nWGERtlqAGSftbSbbmm45oFs= +k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= From d540bbf22fc08ee2dc5905ed181314a2cbf82529 Mon Sep 17 00:00:00 2001 From: Kumar Mallikarjuna Date: Tue, 3 Jan 2023 20:27:28 +0530 Subject: [PATCH 2/6] feat: fix Reservation and add flowLogsEnabled --- api/v1alpha1/awsadapterconfig_types.go | 2 +- api/v1alpha1/zz_generated.deepcopy.go | 5 - ...security.nirmata.io_awsadapterconfigs.yaml | 72 ++++++++++---- ...security.nirmata.io_awsadapterconfigs.yaml | 4 +- controllers/awsadapterconfig_controller.go | 98 +++++++++++-------- 5 files changed, 114 insertions(+), 67 deletions(-) diff --git a/api/v1alpha1/awsadapterconfig_types.go b/api/v1alpha1/awsadapterconfig_types.go index 3e5d10c..212f7ef 100644 --- a/api/v1alpha1/awsadapterconfig_types.go +++ b/api/v1alpha1/awsadapterconfig_types.go @@ -103,7 +103,6 @@ type Reservation struct { type Instance struct { HttpPutResponseHopLimit *int32 `json:"httpPutResponseHopLimit,omitempty"` PublicDnsName *string `json:"publicDnsName,omitempty"` - FlowLogs *bool `json:"flowLogs,omitempty"` } // EKSNodeGroupResources contains info of ASG and remote access SG for node group @@ -155,6 +154,7 @@ type EKSVpcConfig struct { SecurityGroupIDs []string `json:"securityGroupIDs,omitempty"` SubnetIDs []string `json:"subnetIDs,omitempty"` VpcID *string `json:"vpcID,omitempty"` + FlowLogsEnabled bool `json:"flowLogsEnabled,omitempty"` } // EKSNetworking contains networking configuration of the EKS cluster diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 779f307..5aa5910 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -729,11 +729,6 @@ func (in *Instance) DeepCopyInto(out *Instance) { *out = new(string) **out = **in } - if in.FlowLogs != nil { - in, out := &in.FlowLogs, &out.FlowLogs - *out = new(bool) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Instance. diff --git a/charts/kyverno-aws-adapter/crds/security.nirmata.io_awsadapterconfigs.yaml b/charts/kyverno-aws-adapter/crds/security.nirmata.io_awsadapterconfigs.yaml index 81ab068..9a2a450 100644 --- a/charts/kyverno-aws-adapter/crds/security.nirmata.io_awsadapterconfigs.yaml +++ b/charts/kyverno-aws-adapter/crds/security.nirmata.io_awsadapterconfigs.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -38,10 +39,14 @@ spec: description: AWSAdapterConfig is the Schema for the awsadapterconfigs API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -62,7 +67,8 @@ spec: description: AWSAdapterConfigStatus defines the observed state of AWSAdapterConfig properties: eksCluster: - description: 'EKS cluster details fetched from AWS For details of individual fields, refer to AWS SDK docs: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/eks@v1.22.1/types#Cluster' + description: 'EKS cluster details fetched from AWS For details of + individual fields, refer to AWS SDK docs: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/eks@v1.22.1/types#Cluster' properties: addons: items: @@ -73,7 +79,8 @@ spec: certificate: type: string compute: - description: EKSCompute contains node groups and fargate profiles of the EKS cluster + description: EKSCompute contains node groups and fargate profiles + of the EKS cluster properties: fargateProfiles: items: @@ -81,7 +88,8 @@ spec: type: array nodeGroups: items: - description: EKSNodeGroup contains info of the EKS cluster's node group + description: EKSNodeGroup contains info of the EKS cluster's + node group properties: amiReleaseVersion: type: string @@ -96,7 +104,8 @@ spec: type: integer healthIssues: items: - description: EKSNodeGroupHealthIssue contains info of any health issue in the EKS cluster's node group + description: EKSNodeGroupHealthIssue contains info + of any health issue in the EKS cluster's node group properties: code: type: string @@ -117,7 +126,8 @@ spec: type: string type: object launchTemplate: - description: EC2LaunchTemplate contains launch template info the EKS cluster's node group + description: EC2LaunchTemplate contains launch template + info the EKS cluster's node group properties: id: type: string @@ -133,7 +143,9 @@ spec: nodeRole: type: string remoteAccessConfig: - description: EKSNodeGroupRemoteAccessConfig contains remote access configuration of the EKS cluster's node group + description: EKSNodeGroupRemoteAccessConfig contains + remote access configuration of the EKS cluster's node + group properties: ec2SSHKey: type: string @@ -143,7 +155,8 @@ spec: type: array type: object resources: - description: EKSNodeGroupResources contains info of ASG and remote access SG for node group + description: EKSNodeGroupResources contains info of + ASG and remote access SG for node group properties: autoScalingGroups: items: @@ -153,7 +166,8 @@ spec: type: string type: object scalingConfig: - description: EKSNodeGroupScalingConfig contains scaling configuration of the EKS cluster's node group + description: EKSNodeGroupScalingConfig contains scaling + configuration of the EKS cluster's node group properties: desiredSize: format: int32 @@ -177,7 +191,8 @@ spec: type: object taints: items: - description: EKSNodeGroupTaint contains info of taints in the EKS cluster's node group + description: EKSNodeGroupTaint contains info of taints + in the EKS cluster's node group properties: effect: type: string @@ -188,7 +203,8 @@ spec: type: object type: array updateConfig: - description: EKSNodeGroupUpdateConfig contains number/percentage of node groups that can be updated in parallel + description: EKSNodeGroupUpdateConfig contains number/percentage + of node groups that can be updated in parallel properties: maxUnavailable: format: int32 @@ -199,12 +215,28 @@ spec: type: object type: object type: array + reservations: + items: + properties: + instances: + items: + properties: + httpPutResponseHopLimit: + format: int32 + type: integer + publicDnsName: + type: string + type: object + type: array + type: object + type: array type: object createdAt: type: string encryptionConfig: items: - description: EKSEncryptionConfig contains encryption configuration of the EKS cluster + description: EKSEncryptionConfig contains encryption configuration + of the EKS cluster properties: keyARN: type: string @@ -241,7 +273,8 @@ spec: name: type: string networking: - description: EKSNetworking contains networking configuration of the EKS cluster + description: EKSNetworking contains networking configuration of + the EKS cluster properties: ipFamily: type: string @@ -250,7 +283,8 @@ spec: serviceIPv6CIDR: type: string vpc: - description: EKSVpcConfig contains VPC configuration of the EKS cluster + description: EKSVpcConfig contains VPC configuration of the + EKS cluster properties: clusterSecurityGroupID: type: string @@ -258,6 +292,8 @@ spec: type: boolean endpointPublicAccess: type: boolean + flowLogsEnabled: + type: boolean publicAccessCIDRs: items: type: string @@ -294,10 +330,12 @@ spec: - status type: object lastPollInfo: - description: Information on when the adapter last tried to fetch the EKS cluster details + description: Information on when the adapter last tried to fetch the + EKS cluster details properties: failure: - description: PollFailure contains the Error and relevant Message if got Failure in last poll + description: PollFailure contains the Error and relevant Message + if got Failure in last poll properties: error: type: string diff --git a/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml b/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml index a5f8730..9a2a450 100644 --- a/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml +++ b/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml @@ -221,8 +221,6 @@ spec: instances: items: properties: - flowLogs: - type: boolean httpPutResponseHopLimit: format: int32 type: integer @@ -294,6 +292,8 @@ spec: type: boolean endpointPublicAccess: type: boolean + flowLogsEnabled: + type: boolean publicAccessCIDRs: items: type: string diff --git a/controllers/awsadapterconfig_controller.go b/controllers/awsadapterconfig_controller.go index 26981e9..05bcc76 100644 --- a/controllers/awsadapterconfig_controller.go +++ b/controllers/awsadapterconfig_controller.go @@ -131,36 +131,50 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req }) } - objNew.Status.EKSCluster = &securityv1alpha1.EKSCluster{ - CreatedAt: x.Cluster.CreatedAt.String(), - Endpoint: x.Cluster.Endpoint, - ID: x.Cluster.Id, - Name: x.Cluster.Name, - PlatformVersion: x.Cluster.PlatformVersion, - Region: objOld.Spec.Region, - RoleArn: x.Cluster.RoleArn, - Status: string(x.Cluster.Status), - KubernetesVersion: x.Cluster.Version, - Arn: x.Cluster.Arn, - Certificate: x.Cluster.CertificateAuthority.Data, - EncryptionConfig: tmpEncConf, - Networking: &securityv1alpha1.EKSNetworking{ - VPC: &securityv1alpha1.EKSVpcConfig{ - ClusterSecurityGroupID: x.Cluster.ResourcesVpcConfig.ClusterSecurityGroupId, - EndpointPrivateAccess: x.Cluster.ResourcesVpcConfig.EndpointPrivateAccess, - EndpointPublicAccess: x.Cluster.ResourcesVpcConfig.EndpointPublicAccess, - PublicAccessCIDRs: x.Cluster.ResourcesVpcConfig.PublicAccessCidrs, - SecurityGroupIDs: x.Cluster.ResourcesVpcConfig.SecurityGroupIds, - SubnetIDs: x.Cluster.ResourcesVpcConfig.SubnetIds, - VpcID: x.Cluster.ResourcesVpcConfig.VpcId, + if describeFlowLogsOutput, err := ec2Client.DescribeFlowLogs(context.TODO(), &ec2.DescribeFlowLogsInput{Filter: []types.Filter{ + { + Name: aws.String("resource-id"), + Values: []string{ + *x.Cluster.ResourcesVpcConfig.VpcId, }, - ServiceIPv4CIDR: x.Cluster.KubernetesNetworkConfig.ServiceIpv4Cidr, - ServiceIPv6CIDR: x.Cluster.KubernetesNetworkConfig.ServiceIpv6Cidr, - IPFamily: string(x.Cluster.KubernetesNetworkConfig.IpFamily), }, - Compute: &securityv1alpha1.EKSCompute{}, - Logging: &securityv1alpha1.EKSLogging{}, - Tags: x.Cluster.Tags, + }}); err == nil { + objNew.Status.EKSCluster = &securityv1alpha1.EKSCluster{ + CreatedAt: x.Cluster.CreatedAt.String(), + Endpoint: x.Cluster.Endpoint, + ID: x.Cluster.Id, + Name: x.Cluster.Name, + PlatformVersion: x.Cluster.PlatformVersion, + Region: objOld.Spec.Region, + RoleArn: x.Cluster.RoleArn, + Status: string(x.Cluster.Status), + KubernetesVersion: x.Cluster.Version, + Arn: x.Cluster.Arn, + Certificate: x.Cluster.CertificateAuthority.Data, + EncryptionConfig: tmpEncConf, + Networking: &securityv1alpha1.EKSNetworking{ + VPC: &securityv1alpha1.EKSVpcConfig{ + ClusterSecurityGroupID: x.Cluster.ResourcesVpcConfig.ClusterSecurityGroupId, + EndpointPrivateAccess: x.Cluster.ResourcesVpcConfig.EndpointPrivateAccess, + EndpointPublicAccess: x.Cluster.ResourcesVpcConfig.EndpointPublicAccess, + PublicAccessCIDRs: x.Cluster.ResourcesVpcConfig.PublicAccessCidrs, + SecurityGroupIDs: x.Cluster.ResourcesVpcConfig.SecurityGroupIds, + SubnetIDs: x.Cluster.ResourcesVpcConfig.SubnetIds, + VpcID: x.Cluster.ResourcesVpcConfig.VpcId, + FlowLogsEnabled: len(describeFlowLogsOutput.FlowLogs) != 0, + }, + ServiceIPv4CIDR: x.Cluster.KubernetesNetworkConfig.ServiceIpv4Cidr, + ServiceIPv6CIDR: x.Cluster.KubernetesNetworkConfig.ServiceIpv6Cidr, + IPFamily: string(x.Cluster.KubernetesNetworkConfig.IpFamily), + }, + Compute: &securityv1alpha1.EKSCompute{}, + Logging: &securityv1alpha1.EKSLogging{}, + Tags: x.Cluster.Tags, + } + } else { + msg := "error occurred while fetching VPC flow logs" + l.Error(err, msg) + return r.updateLastPollStatusFailure(ctx, objOld, msg, err, &l, time.Now()) } for _, v := range x.Cluster.Logging.ClusterLogging { @@ -295,19 +309,6 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return r.updateLastPollStatusFailure(ctx, objOld, "error listing identity provider configs", err, &l, time.Now()) } - currentPollTimestamp := time.Now() - objNew.Status.LastPollInfo = securityv1alpha1.LastPollInfo{ - Timestamp: &metav1.Time{Time: currentPollTimestamp}, - Status: PollSuccess, - } - - if !cmp.Equal(objNew.Status.EKSCluster, objOld.Status.EKSCluster) { - objNew.Status.LastUpdatedTimestamp = &metav1.Time{Time: currentPollTimestamp} - if err := r.Status().Update(ctx, objNew); err != nil { - l.Error(err, "error updating status") - } - } - if x, err := ec2Client.DescribeInstances(context.TODO(), &ec2.DescribeInstancesInput{ Filters: []types.Filter{ { @@ -318,7 +319,7 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req }, }, }, - ); err != nil { + ); err == nil { for _, r := range x.Reservations { tmpRes := []*securityv1alpha1.Reservation{} for _, i := range r.Instances { @@ -338,6 +339,19 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return r.updateLastPollStatusFailure(ctx, objOld, "error occurred while fetching EC2 instances", err, &l, time.Now()) } + currentPollTimestamp := time.Now() + objNew.Status.LastPollInfo = securityv1alpha1.LastPollInfo{ + Timestamp: &metav1.Time{Time: currentPollTimestamp}, + Status: PollSuccess, + } + + if !cmp.Equal(objNew.Status.EKSCluster, objOld.Status.EKSCluster) { + objNew.Status.LastUpdatedTimestamp = &metav1.Time{Time: currentPollTimestamp} + if err := r.Status().Update(ctx, objNew); err != nil { + l.Error(err, "error updating status") + } + } + return ctrl.Result{RequeueAfter: r.RequeueInterval}, nil } From ba10c0d7037ebc957ca1b7a30119fb12aafd7d53 Mon Sep 17 00:00:00 2001 From: Kumar Mallikarjuna Date: Wed, 4 Jan 2023 18:35:49 +0530 Subject: [PATCH 3/6] feat: add ECRRepository and AccountData --- api/v1alpha1/awsadapterconfig_types.go | 20 ++++- api/v1alpha1/zz_generated.deepcopy.go | 81 +++++++++++++++++++ ...security.nirmata.io_awsadapterconfigs.yaml | 22 +++++ ...security.nirmata.io_awsadapterconfigs.yaml | 22 +++++ controllers/awsadapterconfig_controller.go | 61 +++++++++++++- go.mod | 4 +- go.sum | 4 + 7 files changed, 208 insertions(+), 6 deletions(-) diff --git a/api/v1alpha1/awsadapterconfig_types.go b/api/v1alpha1/awsadapterconfig_types.go index 212f7ef..0695827 100644 --- a/api/v1alpha1/awsadapterconfig_types.go +++ b/api/v1alpha1/awsadapterconfig_types.go @@ -30,6 +30,13 @@ type AWSAdapterConfigSpec struct { Region *string `json:"region"` } +// AccountData contains the AWS Account details +type AccountData struct { + ID *string `json:"id,omitempty"` + InspectorEnabledEC2 *bool `json:"inspectorEnabledEC2,omitempty"` + InspectorEnabledECR *bool `json:"inspectorEnabledECR,omitempty"` +} + // EKSCluster contains the EKS cluster's details type EKSCluster struct { ID *string `json:"id,omitempty"` @@ -53,6 +60,13 @@ type EKSCluster struct { Tags map[string]string `json:"tags,omitempty"` } +// ECRRepository contains container repository details +type ECRRepository struct { + RepositoryName *string `json:"repositoryName,omitempty"` + RepositoryUri *string `json:"repositoryUri,omitempty"` + ImageTagMutable *bool `json:"imageTagMutable,omitempty"` +} + // EKSEncryptionConfig contains encryption configuration of the EKS cluster type EKSEncryptionConfig struct { KeyARN *string `json:"keyARN,omitempty"` @@ -154,7 +168,7 @@ type EKSVpcConfig struct { SecurityGroupIDs []string `json:"securityGroupIDs,omitempty"` SubnetIDs []string `json:"subnetIDs,omitempty"` VpcID *string `json:"vpcID,omitempty"` - FlowLogsEnabled bool `json:"flowLogsEnabled,omitempty"` + FlowLogsEnabled *bool `json:"flowLogsEnabled,omitempty"` } // EKSNetworking contains networking configuration of the EKS cluster @@ -193,10 +207,12 @@ type AWSAdapterConfigStatus struct { LastUpdatedTimestamp *metav1.Time `json:"lastUpdatedTimestamp,omitempty"` // Information on when the adapter last tried to fetch the EKS cluster details LastPollInfo LastPollInfo `json:"lastPollInfo"` + AccountData *AccountData `json:"accountData,omitempty"` // EKS cluster details fetched from AWS // For details of individual fields, refer to AWS SDK docs: // https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/eks@v1.22.1/types#Cluster - EKSCluster *EKSCluster `json:"eksCluster,omitempty"` + EKSCluster *EKSCluster `json:"eksCluster,omitempty"` + ECRRepositories []*ECRRepository `json:"ecrRepositories,omitempty"` } //+kubebuilder:object:root=true diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 5aa5910..30d39f1 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -117,11 +117,27 @@ func (in *AWSAdapterConfigStatus) DeepCopyInto(out *AWSAdapterConfigStatus) { *out = (*in).DeepCopy() } in.LastPollInfo.DeepCopyInto(&out.LastPollInfo) + if in.AccountData != nil { + in, out := &in.AccountData, &out.AccountData + *out = new(AccountData) + (*in).DeepCopyInto(*out) + } if in.EKSCluster != nil { in, out := &in.EKSCluster, &out.EKSCluster *out = new(EKSCluster) (*in).DeepCopyInto(*out) } + if in.ECRRepositories != nil { + in, out := &in.ECRRepositories, &out.ECRRepositories + *out = make([]*ECRRepository, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(ECRRepository) + (*in).DeepCopyInto(*out) + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAdapterConfigStatus. @@ -134,6 +150,36 @@ func (in *AWSAdapterConfigStatus) DeepCopy() *AWSAdapterConfigStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccountData) DeepCopyInto(out *AccountData) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.InspectorEnabledEC2 != nil { + in, out := &in.InspectorEnabledEC2, &out.InspectorEnabledEC2 + *out = new(bool) + **out = **in + } + if in.InspectorEnabledECR != nil { + in, out := &in.InspectorEnabledECR, &out.InspectorEnabledECR + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccountData. +func (in *AccountData) DeepCopy() *AccountData { + if in == nil { + return nil + } + out := new(AccountData) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EC2LaunchTemplate) DeepCopyInto(out *EC2LaunchTemplate) { *out = *in @@ -164,6 +210,36 @@ func (in *EC2LaunchTemplate) DeepCopy() *EC2LaunchTemplate { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ECRRepository) DeepCopyInto(out *ECRRepository) { + *out = *in + if in.RepositoryName != nil { + in, out := &in.RepositoryName, &out.RepositoryName + *out = new(string) + **out = **in + } + if in.RepositoryUri != nil { + in, out := &in.RepositoryUri, &out.RepositoryUri + *out = new(string) + **out = **in + } + if in.ImageTagMutable != nil { + in, out := &in.ImageTagMutable, &out.ImageTagMutable + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ECRRepository. +func (in *ECRRepository) DeepCopy() *ECRRepository { + if in == nil { + return nil + } + out := new(ECRRepository) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EKSCluster) DeepCopyInto(out *EKSCluster) { *out = *in @@ -704,6 +780,11 @@ func (in *EKSVpcConfig) DeepCopyInto(out *EKSVpcConfig) { *out = new(string) **out = **in } + if in.FlowLogsEnabled != nil { + in, out := &in.FlowLogsEnabled, &out.FlowLogsEnabled + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSVpcConfig. diff --git a/charts/kyverno-aws-adapter/crds/security.nirmata.io_awsadapterconfigs.yaml b/charts/kyverno-aws-adapter/crds/security.nirmata.io_awsadapterconfigs.yaml index 9a2a450..eeff74e 100644 --- a/charts/kyverno-aws-adapter/crds/security.nirmata.io_awsadapterconfigs.yaml +++ b/charts/kyverno-aws-adapter/crds/security.nirmata.io_awsadapterconfigs.yaml @@ -66,6 +66,28 @@ spec: status: description: AWSAdapterConfigStatus defines the observed state of AWSAdapterConfig properties: + accountData: + description: AccountData contains the AWS Account details + properties: + id: + type: string + inspectorEnabledEC2: + type: boolean + inspectorEnabledECR: + type: boolean + type: object + ecrRepositories: + items: + description: ECRRepository contains container repository details + properties: + imageTagMutable: + type: boolean + repositoryName: + type: string + repositoryUri: + type: string + type: object + type: array eksCluster: description: 'EKS cluster details fetched from AWS For details of individual fields, refer to AWS SDK docs: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/eks@v1.22.1/types#Cluster' diff --git a/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml b/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml index 9a2a450..eeff74e 100644 --- a/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml +++ b/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml @@ -66,6 +66,28 @@ spec: status: description: AWSAdapterConfigStatus defines the observed state of AWSAdapterConfig properties: + accountData: + description: AccountData contains the AWS Account details + properties: + id: + type: string + inspectorEnabledEC2: + type: boolean + inspectorEnabledECR: + type: boolean + type: object + ecrRepositories: + items: + description: ECRRepository contains container repository details + properties: + imageTagMutable: + type: boolean + repositoryName: + type: string + repositoryUri: + type: string + type: object + type: array eksCluster: description: 'EKS cluster details fetched from AWS For details of individual fields, refer to AWS SDK docs: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/eks@v1.22.1/types#Cluster' diff --git a/controllers/awsadapterconfig_controller.go b/controllers/awsadapterconfig_controller.go index 05bcc76..d7486cc 100644 --- a/controllers/awsadapterconfig_controller.go +++ b/controllers/awsadapterconfig_controller.go @@ -33,7 +33,12 @@ import ( "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/aws/aws-sdk-go-v2/service/ecr" + ecrTypes "github.com/aws/aws-sdk-go-v2/service/ecr/types" "github.com/aws/aws-sdk-go-v2/service/eks" + "github.com/aws/aws-sdk-go-v2/service/inspector2" + inspector2Types "github.com/aws/aws-sdk-go-v2/service/inspector2/types" + "github.com/aws/aws-sdk-go-v2/service/sts" "github.com/aws/aws-sdk-go/aws" securityv1alpha1 "github.com/nirmata/kyverno-aws-adapter/api/v1alpha1" ) @@ -73,7 +78,7 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return ctrl.Result{}, nil } - if objOld.Status != (securityv1alpha1.AWSAdapterConfigStatus{}) { + if !isStatusVacuous(&objOld.Status) { if metav1.Now().Time.Before(objOld.Status.LastPollInfo.Timestamp.Add(r.RequeueInterval)) { return ctrl.Result{}, nil } @@ -87,13 +92,37 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return r.updateLastPollStatusFailure(ctx, objOld, "error occurred while loading aws sdk config", err, &l, time.Now()) } l.Info("AWS SDK config loaded successfully") - eksClient := eks.NewFromConfig(cfg) + + stsClient := sts.NewFromConfig(cfg) ec2Client := ec2.NewFromConfig(cfg) + ecrClient := ecr.NewFromConfig(cfg) + eksClient := eks.NewFromConfig(cfg) + inspector2Client := inspector2.NewFromConfig(cfg) objNew := objOld.DeepCopy() objNew.Status.EKSCluster = &securityv1alpha1.EKSCluster{} + objNew.Status.AccountData = &securityv1alpha1.AccountData{} clusterFound := false + + if callerIdentity, err := stsClient.GetCallerIdentity(ctx, &sts.GetCallerIdentityInput{}); err == nil && callerIdentity.Account != nil { + objNew.Status.AccountData.ID = callerIdentity.Account + + x, err := inspector2Client.BatchGetAccountStatus(ctx, &inspector2.BatchGetAccountStatusInput{AccountIds: []string{*callerIdentity.Account}}) + if err == nil { + objNew.Status.AccountData.InspectorEnabledEC2 = aws.Bool(x.Accounts[0].ResourceState.Ec2.Status == inspector2Types.StatusEnabled) + objNew.Status.AccountData.InspectorEnabledECR = aws.Bool(x.Accounts[0].ResourceState.Ecr.Status == inspector2Types.StatusEnabled) + } else { + msg := "error occurred while fetching inspector data" + l.Error(err, msg) + return r.updateLastPollStatusFailure(ctx, objOld, msg, err, &l, time.Now()) + } + } else { + msg := "error occurred while fetching account id" + l.Error(err, msg) + return r.updateLastPollStatusFailure(ctx, objOld, msg, err, &l, time.Now()) + } + if x, err := eksClient.ListClusters(context.TODO(), &eks.ListClustersInput{}); err == nil { if x.NextToken != nil { l.Info("Warning: more than 100 clusters found in the AWS account, fetching only 100") @@ -161,7 +190,7 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req SecurityGroupIDs: x.Cluster.ResourcesVpcConfig.SecurityGroupIds, SubnetIDs: x.Cluster.ResourcesVpcConfig.SubnetIds, VpcID: x.Cluster.ResourcesVpcConfig.VpcId, - FlowLogsEnabled: len(describeFlowLogsOutput.FlowLogs) != 0, + FlowLogsEnabled: aws.Bool(len(describeFlowLogsOutput.FlowLogs) != 0), }, ServiceIPv4CIDR: x.Cluster.KubernetesNetworkConfig.ServiceIpv4Cidr, ServiceIPv6CIDR: x.Cluster.KubernetesNetworkConfig.ServiceIpv6Cidr, @@ -339,6 +368,24 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return r.updateLastPollStatusFailure(ctx, objOld, "error occurred while fetching EC2 instances", err, &l, time.Now()) } + if x, err := ecrClient.DescribeRepositories(ctx, &ecr.DescribeRepositoriesInput{}); err == nil { + repositories := []*securityv1alpha1.ECRRepository{} + + for _, r := range x.Repositories { + repositories = append(repositories, &securityv1alpha1.ECRRepository{ + RepositoryName: r.RepositoryName, + RepositoryUri: r.RepositoryUri, + ImageTagMutable: aws.Bool(r.ImageTagMutability == ecrTypes.ImageTagMutabilityMutable), + }) + } + + objNew.Status.ECRRepositories = repositories + } else { + msg := "error occurred while fetching ECR repositories data" + l.Error(err, msg) + return r.updateLastPollStatusFailure(ctx, objOld, msg, err, &l, time.Now()) + } + currentPollTimestamp := time.Now() objNew.Status.LastPollInfo = securityv1alpha1.LastPollInfo{ Timestamp: &metav1.Time{Time: currentPollTimestamp}, @@ -376,3 +423,11 @@ func (r *AWSAdapterConfigReconciler) updateLastPollStatusFailure(ctx context.Con return ctrl.Result{RequeueAfter: r.RequeueInterval}, nil } + +func isStatusVacuous(status *securityv1alpha1.AWSAdapterConfigStatus) bool { + return (status.LastUpdatedTimestamp == nil && + status.LastPollInfo == securityv1alpha1.LastPollInfo{} && + status.AccountData == nil && + status.EKSCluster == nil && + (len(status.ECRRepositories) == 0)) +} diff --git a/go.mod b/go.mod index be60f58..cc5f7c5 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,9 @@ go 1.19 require ( github.com/aws/aws-sdk-go-v2/config v1.17.8 + github.com/aws/aws-sdk-go-v2/service/ecr v1.17.25 github.com/aws/aws-sdk-go-v2/service/eks v1.22.1 + github.com/aws/aws-sdk-go-v2/service/inspector2 v1.10.0 github.com/go-logr/logr v1.2.3 github.com/google/go-cmp v0.5.9 github.com/onsi/ginkgo/v2 v2.4.0 @@ -35,7 +37,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.11.23 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.6 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.16.19 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.16.19 github.com/aws/smithy-go v1.13.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect diff --git a/go.sum b/go.sum index 3ee8a0f..5ddeb0b 100644 --- a/go.sum +++ b/go.sum @@ -94,8 +94,12 @@ github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24 h1:wj5Rwc05hvUSvKuOF29IYb9QrCL github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24/go.mod h1:jULHjqqjDlbyTa7pfM7WICATnOv+iOhjletM3N0Xbu8= github.com/aws/aws-sdk-go-v2/service/ec2 v1.77.0 h1:m6HYlpZlTWb9vHuuRHpWRieqPHWlS0mvQ90OJNrG/Nk= github.com/aws/aws-sdk-go-v2/service/ec2 v1.77.0/go.mod h1:mV0E7631M1eXdB+tlGFIw6JxfsC7Pz7+7Aw15oLVhZw= +github.com/aws/aws-sdk-go-v2/service/ecr v1.17.25 h1:1bido4Jtd8CG9JcheRITQMQ820RE6mw+ool5ln9jbtY= +github.com/aws/aws-sdk-go-v2/service/ecr v1.17.25/go.mod h1:9yGOFsa2OcdyePojE89xNGtdBusTyc8ocjpiuFtFc0g= github.com/aws/aws-sdk-go-v2/service/eks v1.22.1 h1:f07Bk+xMm0Q8PCzvrBg8Bd6m67CTvZSxQWB0H7ZEJOU= github.com/aws/aws-sdk-go-v2/service/eks v1.22.1/go.mod h1:YoafRRQM4SnTFwb49e4LCAel6n99q2DMxkeAfbgvq8s= +github.com/aws/aws-sdk-go-v2/service/inspector2 v1.10.0 h1:F7M3ahO584qQU6yqD+gfPF2LrBeaytbYmLDks0hBtTw= +github.com/aws/aws-sdk-go-v2/service/inspector2 v1.10.0/go.mod h1:/QsVqJ/J9mmPWc0RD68wd49ZROMlVT6FEOGfZx7Bbhc= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17/go.mod h1:4nYOrY41Lrbk2170/BGkcJKBhws9Pfn8MG3aGqjjeFI= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 h1:5C6XgTViSb0bunmU57b3CT+MhxULqHH2721FVA+/kDM= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21/go.mod h1:lRToEJsn+DRA9lW4O9L9+/3hjTkUzlzyzHqn8MTds5k= From 6e2434b1a4881f4dd71119367ea55cc55d3a33a9 Mon Sep 17 00:00:00 2001 From: Kumar Mallikarjuna Date: Wed, 4 Jan 2023 18:55:06 +0530 Subject: [PATCH 4/6] chore: update getting_started.md --- docs/getting_started.md | 48 +++++++++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/docs/getting_started.md b/docs/getting_started.md index a546fbf..ac5d328 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -20,31 +20,43 @@ cat >my-policy.json < Date: Wed, 4 Jan 2023 19:19:56 +0530 Subject: [PATCH 5/6] chore: mask account id --- docs/getting_started.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/getting_started.md b/docs/getting_started.md index ac5d328..362ba30 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -40,11 +40,11 @@ cat >my-policy.json < Date: Thu, 5 Jan 2023 14:53:12 +0530 Subject: [PATCH 6/6] chore: refactor and handle missed errors --- controllers/awsadapterconfig_controller.go | 57 ++++++++++++++-------- 1 file changed, 36 insertions(+), 21 deletions(-) diff --git a/controllers/awsadapterconfig_controller.go b/controllers/awsadapterconfig_controller.go index d7486cc..90d0c40 100644 --- a/controllers/awsadapterconfig_controller.go +++ b/controllers/awsadapterconfig_controller.go @@ -105,22 +105,37 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req clusterFound := false - if callerIdentity, err := stsClient.GetCallerIdentity(ctx, &sts.GetCallerIdentityInput{}); err == nil && callerIdentity.Account != nil { + callerIdentity, err := stsClient.GetCallerIdentity(ctx, &sts.GetCallerIdentityInput{}) + if err != nil || callerIdentity.Account == nil { + if callerIdentity.Account == nil { + err = fmt.Errorf("callerIdentity nil") + } + + msg := "error occurred while fetching account id" + l.Error(err, msg) + return r.updateLastPollStatusFailure(ctx, objOld, msg, err, &l, time.Now()) + } else { objNew.Status.AccountData.ID = callerIdentity.Account - x, err := inspector2Client.BatchGetAccountStatus(ctx, &inspector2.BatchGetAccountStatusInput{AccountIds: []string{*callerIdentity.Account}}) - if err == nil { - objNew.Status.AccountData.InspectorEnabledEC2 = aws.Bool(x.Accounts[0].ResourceState.Ec2.Status == inspector2Types.StatusEnabled) - objNew.Status.AccountData.InspectorEnabledECR = aws.Bool(x.Accounts[0].ResourceState.Ecr.Status == inspector2Types.StatusEnabled) - } else { + x, err := inspector2Client.BatchGetAccountStatus(ctx, &inspector2.BatchGetAccountStatusInput{ + AccountIds: []string{ + *callerIdentity.Account, + }, + }) + if err != nil || len(x.Accounts) == 0 { + if len(x.Accounts) == 0 { + err = fmt.Errorf("empty Accounts array") + } + msg := "error occurred while fetching inspector data" l.Error(err, msg) return r.updateLastPollStatusFailure(ctx, objOld, msg, err, &l, time.Now()) + } else { + objNew.Status.AccountData.InspectorEnabledEC2 = + aws.Bool(x.Accounts[0].ResourceState.Ec2.Status == inspector2Types.StatusEnabled) + objNew.Status.AccountData.InspectorEnabledECR = + aws.Bool(x.Accounts[0].ResourceState.Ecr.Status == inspector2Types.StatusEnabled) } - } else { - msg := "error occurred while fetching account id" - l.Error(err, msg) - return r.updateLastPollStatusFailure(ctx, objOld, msg, err, &l, time.Now()) } if x, err := eksClient.ListClusters(context.TODO(), &eks.ListClustersInput{}); err == nil { @@ -338,7 +353,7 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return r.updateLastPollStatusFailure(ctx, objOld, "error listing identity provider configs", err, &l, time.Now()) } - if x, err := ec2Client.DescribeInstances(context.TODO(), &ec2.DescribeInstancesInput{ + x, err := ec2Client.DescribeInstances(context.TODO(), &ec2.DescribeInstancesInput{ Filters: []types.Filter{ { Name: aws.String("tag:aws:eks:cluster-name"), @@ -347,8 +362,11 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req }, }, }, - }, - ); err == nil { + }) + if err != nil { + l.Error(err, "error occurred while fetching EC2 instances") + return r.updateLastPollStatusFailure(ctx, objOld, "error occurred while fetching EC2 instances", err, &l, time.Now()) + } else { for _, r := range x.Reservations { tmpRes := []*securityv1alpha1.Reservation{} for _, i := range r.Instances { @@ -363,12 +381,13 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req } objNew.Status.EKSCluster.Compute.Reservations = tmpRes } - } else { - l.Error(err, "error occurred while fetching EC2 instances") - return r.updateLastPollStatusFailure(ctx, objOld, "error occurred while fetching EC2 instances", err, &l, time.Now()) } - if x, err := ecrClient.DescribeRepositories(ctx, &ecr.DescribeRepositoriesInput{}); err == nil { + if x, err := ecrClient.DescribeRepositories(ctx, &ecr.DescribeRepositoriesInput{}); err != nil { + msg := "error occurred while fetching ECR repositories data" + l.Error(err, msg) + return r.updateLastPollStatusFailure(ctx, objOld, msg, err, &l, time.Now()) + } else { repositories := []*securityv1alpha1.ECRRepository{} for _, r := range x.Repositories { @@ -380,10 +399,6 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req } objNew.Status.ECRRepositories = repositories - } else { - msg := "error occurred while fetching ECR repositories data" - l.Error(err, msg) - return r.updateLastPollStatusFailure(ctx, objOld, msg, err, &l, time.Now()) } currentPollTimestamp := time.Now()