fix :update spec version model (#131)

* fix: update spec version model

Signed-off-by: chenk <hen.keinan@gmail.com>

* fix: update spec version model

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: support config and spec version flags

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: auto detect cluster platform type version

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: auto detect cluster platform type version

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: auto detect cluster platform type version

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: auto detect cluster platform type version

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: compress and decode node-config

Signed-off-by: chenk <hen.keinan@gmail.com>

* chore: command yaml lint

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: compress and decode node-config

Signed-off-by: chenk <hen.keinan@gmail.com>

* test: update node command test

Signed-off-by: chenk <hen.keinan@gmail.com>

* test: compress and encode helper

Signed-off-by: chenk <hen.keinan@gmail.com>

* fix: update job args

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: command id generator support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: command id generator support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: command id generator support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: command id generator support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: command id generator support

Signed-off-by: chenk <hen.keinan@gmail.com>

* trivy-operator-v0.21.2

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: command id generator support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: command id generator support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: command id generator support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: command id generator support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: command id generator support

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>

.github/workflows/build.yaml

@@ -80,3 +80,80 @@ jobs:
         uses: codecov/codecov-action@v4
         with:
           files: ./coverage.txt
+  e2e-testing:
+    name: Run end to end testing
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_CLI_EXPERIMENTAL: enabled
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Available platforms
+        run: echo ${{ steps.buildx.outputs.platforms }}
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Release snapshot
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          version: v1.7.0
+          args: release -f=goreleaser-e2e.yaml --snapshot --skip-publish --rm-dist
+      - name: Install kind and create cluster
+        run: >
+          curl -Lo ./kind https://kind.sigs.k8s.io/dl/${{ env.KIND_VERSION
+          }}/kind-linux-amd64
+
+          chmod +x ./kind
+
+          sudo mv ./kind /usr/local/bin/kind
+
+          kind create cluster
+
+          curl -LO https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl
+
+          sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+      - name: Test connection to Kubernetes cluster
+        run: |
+          kubectl cluster-info
+          kubectl wait --for=condition=Ready nodes --all --timeout=300s
+          kubectl describe node
+      - name: Load node-collector image to cluster
+        run: >
+
+          echo "tagging image with e2e tag"
+
+          docker tag ghcr.io/aquasecurity/node-collector:${{ github.sha }}-amd64 ghcr.io/aquasecurity/node-collector:e2e
+
+          echo "saving image to tar file"
+
+          docker save -o node-collector.tar ghcr.io/aquasecurity/node-collector:e2e
+
+          sleep 5
+
+          echo "loading image to kind cluster"
+
+          kind load image-archive node-collector.tar
+
+      - name: Install JQ Tool
+        uses: mbround18/install-jq@v1
+
+      - name: Run node-collector job
+        run: >
+
+          kubectl apply -f ./tests/e2e/job.yaml
+
+          kubectl wait --for=condition=Complete --timeout=30s job/node-collector
+
+          kubectl logs job/node-collector > full-actual-node-collector-output.txt
+
+          jq -r .info full-actual-node-collector-output.txt > actual-node-collector-output.txt
+
+          echo "compare node collector actual vs expected logs"
+
+          diff -a --suppress-common-lines -y actual-node-collector-output.txt ./tests/e2e/expected-node-collector-output.txt

cm.yaml

@@ -0,0 +1 @@
+QlpoOTFBWSZTWTIucbMAABZfgFAQRgMAECEgTAA/L98gIACVRE01BmpoyaaaAY1BqYin6aJlGT1MTTaTCARuNrygA6IGVuG8RMaNlo+YWhYItG6LCB0+CwTRq9vpCbTs9now4qGE6hai+iDRFTLkKJCLkkNmOE5ir+ZTQoJsLO5JSatWBFxjWci+uAxb09lBmCUGgLzKJPUafi7kinChIGRc42Y=

docs/spec-design.md

@@ -133,29 +133,13 @@ When Trivy downloads the checks database, it includes the following folder struc
            |- kubernetes
       |- commands
            |- kubernetes  
+           |- config
 ```
 
 ### Preparing commands data for compliance report as input for node-colector
 
 When the Trivy command is executed: `trivy k8s --compliance k8s-cis`, the relevant compliance specification will be parsed based on the spec name `k8s-cis` and `k8s_version`. It will build a list of command files to be passed to the node-collector, which will parse and execute them, returning the appropriate output.
 
-### Auto detecting spec name and version
-
-In cases where the specification name and version have not been specified, Trivy-Kubernetes will automatically detect the platform type and version.
- Based on this detection, the relevant specification will be identified according to the mapping data included in the configuration file.
-
-mapping config example:
-
-```yaml
-k8s:
-  - op: "="
-    cluster_version: "1.21"
-    spec: k8s-cis-1.21.0
-  - op: ">"
-    cluster_version: "1.21"
-    spec: k8s-cis-1.23.0
-```
-
 
 ### Preparing commands data for cluster infra assessments
 

go.mod

@@ -6,6 +6,7 @@ toolchain go1.22.3
 
 require (
 	github.com/Masterminds/semver v1.5.0
+	github.com/dsnet/compress v0.0.1
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.9.0

go.sum

@@ -17,6 +17,9 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dsnet/compress v0.0.1 h1:PlZu0n3Tuv04TzpfPbrnI0HW/YwodEXDS+oPKahKF0Q=
+github.com/dsnet/compress v0.0.1/go.mod h1:Aw8dCMJ7RioblQeTqt88akK31OvO8Dhf5JflhBbQEHo=
+github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -85,6 +88,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
+github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@@ -144,6 +149,7 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
 github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
 github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

goreleaser-e2e.yaml

@@ -0,0 +1,58 @@
+release:
+  draft: false
+  prerelease: auto
+env:
+  - GO111MODULE=on
+  - CGO_ENABLED=0
+before:
+  hooks:
+    - go mod download
+builds:
+  - id: node-collector
+    main: ./cmd/node-collector/main.go
+    binary: node-collector
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+    goarm:
+      - "7"
+archives:
+  - name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
+    builds:
+      - node-collector
+checksum:
+  name_template: "checksums.txt"
+snapshot:
+  name_template: "{{ .FullCommit }}"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs'
+      - '^test'
+      - '^release'
+dockers:
+  - image_templates:
+      - "ghcr.io/aquasecurity/node-collector:{{ .Version }}-amd64"
+    use: buildx
+    goos: linux
+    dockerfile: build/node-collector/Dockerfile
+    goarch: amd64
+    ids:
+      - node-collector
+    build_flag_templates:
+      - "--label=org.opencontainers.image.title=node-collector"
+      - "--label=org.opencontainers.image.description=collect node info"
+      - "--label=org.opencontainers.image.vendor=Aqua Security"
+      - "--label=org.opencontainers.image.version={{ .Version }}"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.source=https://github.com/aquasecurity/node-collector"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/node-collector/v{{ .Version }}/"
+      - "--platform=linux/amd64"
+docker_manifests:
+  - name_template: "ghcr.io/aquasecurity/node-collector:{{ .Version }}"
+    image_templates:
+      - "ghcr.io/aquasecurity/node-collector:{{ .Version }}-amd64"