diff --git a/go.mod b/go.mod index ee4b3e0b..08ab17c0 100644 --- a/go.mod +++ b/go.mod @@ -1,12 +1,10 @@ module github.com/kubescape/node-agent -go 1.22.7 - -toolchain go1.23.0 +go 1.23.0 require ( - github.com/armosec/armoapi-go v0.0.439 - github.com/armosec/utils-k8s-go v0.0.26 + github.com/armosec/armoapi-go v0.0.470 + github.com/armosec/utils-k8s-go v0.0.30 github.com/cenkalti/backoff/v4 v4.3.0 github.com/cilium/ebpf v0.16.0 github.com/crewjam/rfc5424 v0.1.0 @@ -60,9 +58,9 @@ require ( github.com/acobaugh/osrelease v0.1.0 // indirect github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b // indirect github.com/anchore/go-logger v0.0.0-20240217160628-ee28a485904f // indirect - github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4 // indirect - github.com/anchore/stereoscope v0.0.3-0.20240501181043-2e9894674185 // indirect - github.com/anchore/syft v1.4.1 // indirect + github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f // indirect + github.com/anchore/stereoscope v0.0.3 // indirect + github.com/anchore/syft v1.13.0 // indirect github.com/armosec/gojay v1.2.17 // indirect github.com/armosec/utils-go v0.0.57 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect @@ -74,6 +72,7 @@ require ( github.com/campoy/embedmd v1.0.0 // indirect github.com/cenkalti/backoff v2.2.1+incompatible // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/cilium/cilium v1.16.0 // indirect github.com/containerd/cgroups/v3 v3.0.3 // indirect github.com/containerd/containerd v1.7.22 // indirect github.com/containerd/containerd/api v1.7.19 // indirect @@ -103,8 +102,8 @@ require ( github.com/francoispqt/gojay v1.2.13 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.3 // indirect - github.com/github/go-spdx/v2 v2.2.0 // indirect + github.com/gabriel-vasile/mimetype v1.4.5 // indirect + github.com/github/go-spdx/v2 v2.3.2 // indirect github.com/go-errors/errors v1.5.1 // indirect github.com/go-fonts/liberation v0.3.2 // indirect github.com/go-latex/latex v0.0.0-20231108140139-5c1ce85aa4ea // indirect @@ -145,6 +144,7 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.17.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect + github.com/mackerelio/go-osstat v0.2.5 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect @@ -173,9 +173,10 @@ require ( github.com/opencontainers/image-spec v1.1.0 // indirect github.com/opencontainers/runtime-spec v1.2.0 // indirect github.com/opencontainers/selinux v1.11.0 // indirect - github.com/opentracing/opentracing-go v1.2.0 // indirect + github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect github.com/pelletier/go-toml/v2 v2.2.2 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect + github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect github.com/pierrec/lz4/v4 v4.1.21 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect @@ -185,15 +186,16 @@ require ( github.com/s3rj1k/go-fanotify/fanotify v0.0.0-20240229202106-bca3154da60a // indirect github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect + github.com/sasha-s/go-deadlock v0.3.1 // indirect github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect github.com/seccomp/libseccomp-golang v0.10.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect - github.com/spf13/cast v1.6.0 // indirect + github.com/spf13/cast v1.7.0 // indirect github.com/spf13/cobra v1.8.1 // indirect - github.com/spf13/pflag v1.0.5 // indirect + github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace // indirect github.com/stripe/stripe-go/v74 v74.30.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect - github.com/sylabs/squashfs v0.6.1 // indirect + github.com/sylabs/squashfs v1.0.0 // indirect github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect github.com/therootcompany/xz v1.0.1 // indirect github.com/ulikunitz/xz v0.5.12 // indirect @@ -206,7 +208,6 @@ require ( github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xlab/treeprint v1.2.0 // indirect - github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect go.mongodb.org/mongo-driver v1.15.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect @@ -224,6 +225,7 @@ require ( go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.starlark.net v0.0.0-20240517230649-3792562d0b7f // indirect go.uber.org/zap v1.27.0 // indirect + go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect golang.org/x/crypto v0.27.0 // indirect golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect golang.org/x/image v0.18.0 // indirect diff --git a/go.sum b/go.sum index c5919ccc..8ffa8e07 100644 --- a/go.sum +++ b/go.sum @@ -74,8 +74,8 @@ github.com/Microsoft/hcsshim v0.12.5/go.mod h1:tIUGego4G1EN5Hb6KC90aDYiUI2dqLSTT github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/acobaugh/osrelease v0.1.0 h1:Yb59HQDGGNhCj4suHaFQQfBps5wyoKLSSX/J/+UifRE= github.com/acobaugh/osrelease v0.1.0/go.mod h1:4bFEs0MtgHNHBrmHCt67gNisnabCRAlzdVasCEGHTWY= -github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls= -github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E= +github.com/adrg/xdg v0.5.0 h1:dDaZvhMXatArP1NPHhnfaQUqWBLBsmx1h1HXQdMoFCY= +github.com/adrg/xdg v0.5.0/go.mod h1:dDdY4M4DF9Rjy4kHPeNL+ilVF+p2lK8IdM9/rTSGcI4= github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY= github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk= github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b h1:slYM766cy2nI3BwyRiyQj/Ud48djTMtMebDqepE95rw= @@ -84,18 +84,18 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/anchore/clio v0.0.0-20240209204744-cb94e40a4f65 h1:u9XrEabKlGPsrmRvAER+kUKkwXiJfLyqGhmOTFsXjX4= -github.com/anchore/clio v0.0.0-20240209204744-cb94e40a4f65/go.mod h1:8Jr7CjmwFVcBPtkJdTpaAGHimoGJGfbExypjzOu87Og= -github.com/anchore/fangs v0.0.0-20231201140849-5075d28d6d8b h1:L/djgY7ZbZ/38+wUtdkk398W3PIBJLkt1N8nU/7e47A= -github.com/anchore/fangs v0.0.0-20231201140849-5075d28d6d8b/go.mod h1:TLcE0RE5+8oIx2/NPWem/dq1DeaMoC+fPEH7hoSzPLo= +github.com/anchore/clio v0.0.0-20240522144804-d81e109008aa h1:pwlAn4O9SBUnlgfa69YcqIynbUyobLVFYu8HxSoCffA= +github.com/anchore/clio v0.0.0-20240522144804-d81e109008aa/go.mod h1:nD3H5uIvjxlfmakOBgtyFQbk5Zjp3l538kxfpHPslzI= +github.com/anchore/fangs v0.0.0-20240903175602-e716ef12c23d h1:ZD4wdCBgJJzJybjTUIEiiupLF7B9H3WLuBTjspBO2Mc= +github.com/anchore/fangs v0.0.0-20240903175602-e716ef12c23d/go.mod h1:Xh4ObY3fmoMzOEVXwDtS1uK44JC7+nRD0n29/1KYFYg= github.com/anchore/go-logger v0.0.0-20240217160628-ee28a485904f h1:qRQCz19ioRN2FtAct4j6Lb3Nl0VolFiuHtYMezGYBn0= github.com/anchore/go-logger v0.0.0-20240217160628-ee28a485904f/go.mod h1:ErB21zunlmQOE/aFPkt4Tv2Q00ttFxPZ2l87gSXxSec= -github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4 h1:SjemQ90fgflz39HG+VMkNfrpUVJpcFW6ZFA3TDXqzBM= -github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4= -github.com/anchore/stereoscope v0.0.3-0.20240501181043-2e9894674185 h1:SuViDJ27nZ+joGdKbAkxAlm7tYMt9NTxTZZ05po4hls= -github.com/anchore/stereoscope v0.0.3-0.20240501181043-2e9894674185/go.mod h1:ckIamHiRMp8iBwWoTtE5Xkt9VQ5QC+6+O4VzwqyZr5Q= -github.com/anchore/syft v1.4.1 h1:4ofNePf3vuEyNZZW7SDmTX9uR/vHYXtHkcLbo27Mtjs= -github.com/anchore/syft v1.4.1/go.mod h1:2N75VGorI/18u2xSRAP/DEaZjjjVHtIXM+hFqSkfOTM= +github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f h1:B/E9ixKNCasntpoch61NDaQyGPDXLEJlL+B9B/PbdbA= +github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4= +github.com/anchore/stereoscope v0.0.3 h1:JRPHySy8S6P+Ff3IDiQ29ap1i8/laUQxDk9K1eFh/2U= +github.com/anchore/stereoscope v0.0.3/go.mod h1:5DJheGPjVRsSqegTB24Zi6SCHnYQnA519yeIG+RG+I4= +github.com/anchore/syft v1.13.0 h1:cS7LBjalHPO5enCEtsyJrCSMAxTEE5BIB2nSmnS9uRQ= +github.com/anchore/syft v1.13.0/go.mod h1:zL9Z5vtq8O+h6RRYo0lyb61NLx00OqcvoVNgk8qoMXA= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= @@ -106,14 +106,14 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/armosec/armoapi-go v0.0.439 h1:IqpxEbVaopgh35JNm61zGHvuzy6YavfAs8PfSD+x9OQ= -github.com/armosec/armoapi-go v0.0.439/go.mod h1:mpok+lZaolcN5XRz/JxpwhfF8nln1OEKnGuvwAN+7Lo= +github.com/armosec/armoapi-go v0.0.470 h1:fT2J7SruNvOR1Q8RQXjiZ0JvNtJxjVUx68rl0X4leFU= +github.com/armosec/armoapi-go v0.0.470/go.mod h1:TruqDSAPgfRBXCeM+Cgp6nN4UhJSbe7la+XDKV2pTsY= github.com/armosec/gojay v1.2.17 h1:VSkLBQzD1c2V+FMtlGFKqWXNsdNvIKygTKJI9ysY8eM= github.com/armosec/gojay v1.2.17/go.mod h1:vuvX3DlY0nbVrJ0qCklSS733AWMoQboq3cFyuQW9ybc= github.com/armosec/utils-go v0.0.57 h1:0RaqexK+t7HeKWfldBv2C1JiLLGuUx9FP0DGWDNRJpg= github.com/armosec/utils-go v0.0.57/go.mod h1:4wfINE8JTQ6EHvSL2jki0Q3/D1j6oDi6sxxrtAEug74= -github.com/armosec/utils-k8s-go v0.0.26 h1:gVSV1mrALyphaesc+JXbx9SfbxLqfgg1KvvC1/0Hfkk= -github.com/armosec/utils-k8s-go v0.0.26/go.mod h1:WL2brx3tszxeSl1yHac0oAVJUg3o22HYh1dPjaSfjXU= +github.com/armosec/utils-k8s-go v0.0.30 h1:Gj8MJck0jZPSLSq8ZMiRPT3F/laOYQdaLxXKKcjijt4= +github.com/armosec/utils-k8s-go v0.0.30/go.mod h1:t0vvPJhYE+X+bOsaMsD2SzWU7WkJmV2Ltn9hg66AIe8= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA= @@ -153,6 +153,8 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= +github.com/cilium/cilium v1.16.0 h1:5NqA2H/7si4KbiMjzqeH130LTox7F2MrKSrS3lUYUTk= +github.com/cilium/cilium v1.16.0/go.mod h1:u/Hggj4kmmYtLvZ+wG2nppabk7wpAFn09Sm+Bo1kGvo= github.com/cilium/ebpf v0.16.0 h1:+BiEnHL6Z7lXnlGUsXQPPAE7+kenAd4ES8MQ5min0Ok= github.com/cilium/ebpf v0.16.0/go.mod h1:L7u2Blt2jMM/vLAVgjxluxtBKlz3/GWjB0dMOEngfwE= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= @@ -273,11 +275,11 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= -github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= -github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= +github.com/gabriel-vasile/mimetype v1.4.5 h1:J7wGKdGu33ocBOhGy0z653k/lFKLFDPJMG8Gql0kxn4= +github.com/gabriel-vasile/mimetype v1.4.5/go.mod h1:ibHel+/kbxn9x2407k1izTA1S81ku1z/DlgOW2QE0M4= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/github/go-spdx/v2 v2.2.0 h1:yBBLMasHA70Ujd35OpL/OjJOWWVNXcJGbars0GinGRI= -github.com/github/go-spdx/v2 v2.2.0/go.mod h1:hMCrsFgT0QnCwn7G8gxy/MxMpy67WgZrwFeISTn0o6w= +github.com/github/go-spdx/v2 v2.3.2 h1:IfdyNHTqzs4zAJjXdVQfRnxt1XMfycXoHBE2Vsm1bjs= +github.com/github/go-spdx/v2 v2.3.2/go.mod h1:2ZxKsOhvBp+OYBDlsGnUMcchLeo2mrpEBn2L1C+U3IQ= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= @@ -332,8 +334,8 @@ github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= -github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= +github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= +github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM= github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY= @@ -560,6 +562,8 @@ github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhn github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= +github.com/mackerelio/go-osstat v0.2.5 h1:+MqTbZUhoIt4m8qzkVoXUJg1EuifwlAJSk4Yl2GXh+o= +github.com/mackerelio/go-osstat v0.2.5/go.mod h1:atxwWF+POUZcdtR1wnsUcQxTytoHG4uhl2AKKzrOajY= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= @@ -664,8 +668,8 @@ github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc h1: github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc/go.mod h1:8tx1helyqhUC65McMm3x7HmOex8lO2/v9zPuxmKHurs= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= -github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= +github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= +github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= github.com/panjf2000/ants/v2 v2.9.1 h1:Q5vh5xohbsZXGcD6hhszzGqB7jSSc2/CRr3QKIga8Kw= @@ -679,6 +683,8 @@ github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6 github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 h1:q2e307iGHPdTGp0hoxKjt1H5pDo6utceo3dQVK3I5XQ= +github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5/go.mod h1:jvVRKCrJTQWu0XVbaOlby/2lO20uSCHEMzzplHXte1o= github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ= github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -734,6 +740,8 @@ github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6ke github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= +github.com/sasha-s/go-deadlock v0.3.1 h1:sqv7fDNShgjcaxkO0JNcOAlr8B9+cV5Ey/OB71efZx0= +github.com/sasha-s/go-deadlock v0.3.1/go.mod h1:F73l+cr82YSh10GxyRI6qZiCgK64VaZjwesgfQ1/iLM= github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e h1:7q6NSFZDeGfvvtIRwBrU/aegEYJYmvev0cHAwo17zZQ= github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e/go.mod h1:DkpGd78rljTxKAnTDPFqXSGxvETQnJyuSOQwsHycqfs= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= @@ -780,14 +788,15 @@ github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= -github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= +github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace h1:9PNP1jnUjRhfmGMlkXHjYPishpcw4jpSt/V/xYY3FMA= +github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg= @@ -815,8 +824,8 @@ github.com/stripe/stripe-go/v74 v74.30.0/go.mod h1:f9L6LvaXa35ja7eyvP6GQswoaIPaB github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= -github.com/sylabs/squashfs v0.6.1 h1:4hgvHnD9JGlYWwT0bPYNt9zaz23mAV3Js+VEgQoRGYQ= -github.com/sylabs/squashfs v0.6.1/go.mod h1:ZwpbPCj0ocIvMy2br6KZmix6Gzh6fsGQcCnydMF+Kx8= +github.com/sylabs/squashfs v1.0.0 h1:xAyMS21ogglkuR5HaY55PCfqY3H32ma9GkasTYo28Zg= +github.com/sylabs/squashfs v1.0.0/go.mod h1:rhWzvgefq1X+R+LZdts10hfMsTg3g74OfGunW8tvg/4= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= @@ -908,6 +917,8 @@ go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= +go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M= +go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= diff --git a/main.go b/main.go index 453fc5cb..34e0318b 100644 --- a/main.go +++ b/main.go @@ -10,8 +10,10 @@ import ( "strings" "syscall" + apitypes "github.com/armosec/armoapi-go/armotypes" "github.com/kubescape/node-agent/pkg/applicationprofilemanager" applicationprofilemanagerv1 "github.com/kubescape/node-agent/pkg/applicationprofilemanager/v1" + cloudmetadata "github.com/kubescape/node-agent/pkg/cloudmetadata" "github.com/kubescape/node-agent/pkg/config" "github.com/kubescape/node-agent/pkg/containerwatcher/v1" "github.com/kubescape/node-agent/pkg/dnsmanager" @@ -211,6 +213,14 @@ func main() { var processManager processmanager.ProcessManagerClient var objCache objectcache.ObjectCache var ruleBindingNotify chan rulebinding.RuleBindingNotify + var cloudMetadata *apitypes.CloudMetadata + + if cfg.EnableRuntimeDetection || cfg.EnableMalwareDetection { + cloudMetadata, err = cloudmetadata.GetCloudMetadata(ctx, k8sClient, nodeName) + if err != nil { + logger.L().Ctx(ctx).Error("error getting cloud metadata", helpers.Error(err)) + } + } if cfg.EnableRuntimeDetection { // create the process manager @@ -235,7 +245,7 @@ func main() { objCache = objectcachev1.NewObjectCache(k8sObjectCache, apc, nnc, dc) // create exporter - exporter := exporters.InitExporters(cfg.Exporters, clusterData.ClusterName, nodeName) + exporter := exporters.InitExporters(cfg.Exporters, clusterData.ClusterName, nodeName, cloudMetadata) // create runtimeDetection managers ruleManager, err = rulemanagerv1.CreateRuleManager(ctx, cfg, k8sClient, ruleBindingCache, objCache, exporter, prometheusExporter, nodeName, clusterData.ClusterName, processManager) @@ -263,7 +273,7 @@ func main() { var malwareManager malwaremanager.MalwareManagerClient if cfg.EnableMalwareDetection { // create exporter - exporter := exporters.InitExporters(cfg.Exporters, clusterData.ClusterName, nodeName) + exporter := exporters.InitExporters(cfg.Exporters, clusterData.ClusterName, nodeName, cloudMetadata) malwareManager, err = malwaremanagerv1.CreateMalwareManager(cfg, k8sClient, nodeName, clusterData.ClusterName, exporter, prometheusExporter) if err != nil { logger.L().Ctx(ctx).Fatal("error creating MalwareManager", helpers.Error(err)) diff --git a/pkg/cloudmetadata/metadata.go b/pkg/cloudmetadata/metadata.go new file mode 100644 index 00000000..b4569734 --- /dev/null +++ b/pkg/cloudmetadata/metadata.go @@ -0,0 +1,406 @@ +package cloudmetadata + +import ( + "context" + "fmt" + "strings" + + apitypes "github.com/armosec/armoapi-go/armotypes" + "github.com/kubescape/k8s-interface/k8sinterface" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +const ( + ProviderAWS = "aws" + ProviderGCP = "gcp" + ProviderAzure = "azure" + ProviderDigitalOcean = "digitalocean" + ProviderOpenStack = "openstack" + ProviderVMware = "vmware" + ProviderAlibaba = "alibaba" + ProviderIBM = "ibm" + ProviderOracle = "oracle" + ProviderLinode = "linode" + ProviderScaleway = "scaleway" + ProviderVultr = "vultr" + ProviderHetzner = "hetzner" + ProviderEquinixMetal = "equinixmetal" // formerly Packet + ProviderExoscale = "exoscale" + ProviderUnknown = "unknown" +) + +// Getapitypes.CloudMetadata retrieves cloud metadata for a given node +func GetCloudMetadata(ctx context.Context, client *k8sinterface.KubernetesApi, nodeName string) (*apitypes.CloudMetadata, error) { + node, err := client.GetKubernetesClient().CoreV1().Nodes().Get(ctx, nodeName, metav1.GetOptions{}) + if err != nil { + return nil, fmt.Errorf("failed to get node %s: %v", nodeName, err) + } + + metadata := &apitypes.CloudMetadata{ + Hostname: node.Name, + } + + // Determine provider and extract metadata + providerID := node.Spec.ProviderID + switch { + case strings.HasPrefix(providerID, "aws://"): + metadata.Provider = ProviderAWS + metadata = extractAWSMetadata(node, metadata) + case strings.HasPrefix(providerID, "gce://"): + metadata.Provider = ProviderGCP + metadata = extractGCPMetadata(node, metadata) + case strings.HasPrefix(providerID, "azure://"): + metadata.Provider = ProviderAzure + metadata = extractAzureMetadata(node, metadata) + case strings.HasPrefix(providerID, "digitalocean://"): + metadata.Provider = ProviderDigitalOcean + metadata = extractDigitalOceanMetadata(node, metadata) + case strings.HasPrefix(providerID, "openstack://"): + metadata.Provider = ProviderOpenStack + metadata = extractOpenstackMetadata(node, metadata) + case strings.HasPrefix(providerID, "vsphere://"): + metadata.Provider = ProviderVMware + metadata = extractVMwareMetadata(node, metadata) + case strings.HasPrefix(providerID, "alicloud://"): + metadata.Provider = ProviderAlibaba + metadata = extractAlibabaMetadata(node, metadata) + case strings.HasPrefix(providerID, "ibm://"): + metadata.Provider = ProviderIBM + metadata = extractIBMMetadata(node, metadata) + case strings.HasPrefix(providerID, "oci://"): + metadata.Provider = ProviderOracle + metadata = extractOracleMetadata(node, metadata) + case strings.HasPrefix(providerID, "linode://"): + metadata.Provider = ProviderLinode + metadata = extractLinodeMetadata(node, metadata) + case strings.HasPrefix(providerID, "scaleway://"): + metadata.Provider = ProviderScaleway + metadata = extractScalewayMetadata(node, metadata) + case strings.HasPrefix(providerID, "vultr://"): + metadata.Provider = ProviderVultr + metadata = extractVultrMetadata(node, metadata) + case strings.HasPrefix(providerID, "hcloud://"): + metadata.Provider = ProviderHetzner + metadata = extractHetznerMetadata(node, metadata) + case strings.HasPrefix(providerID, "equinixmetal://"): + metadata.Provider = ProviderEquinixMetal + metadata = extractEquinixMetalMetadata(node, metadata) + case strings.HasPrefix(providerID, "exoscale://"): + metadata.Provider = ProviderExoscale + metadata = extractExoscaleMetadata(node, metadata) + default: + metadata.Provider = ProviderUnknown + return nil, fmt.Errorf("unknown cloud provider for node %s: %s", nodeName, providerID) + } + + // Extract common metadata from node status + for _, addr := range node.Status.Addresses { + switch addr.Type { + case "InternalIP": + metadata.PrivateIP = addr.Address + case "ExternalIP": + metadata.PublicIP = addr.Address + case "Hostname": + metadata.Hostname = addr.Address + } + } + + return metadata, nil +} + +func extractAWSMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract instance ID from provider ID + // Format: aws:///us-west-2a/i-1234567890abcdef0 + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + // Extract account ID from annotations if available + if accountID, ok := node.Annotations["eks.amazonaws.com/account-id"]; ok { + metadata.AccountID = accountID + } + + return metadata +} + +func extractGCPMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["beta.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract project and instance ID from provider ID + // Format: gce:///project-name/zone/instance-name + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 3 { + metadata.AccountID = parts[3] // project name + metadata.InstanceID = parts[len(parts)-1] + } + + return metadata +} + +func extractAzureMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract subscription ID and resource info from provider ID + // Format: azure:///subscriptions//resourceGroups//providers/Microsoft.Compute/virtualMachineScaleSets/ + if parts := strings.Split(node.Spec.ProviderID, "/"); len(parts) > 3 { + for i, part := range parts { + if part == "subscriptions" && i+1 < len(parts) { + metadata.AccountID = parts[i+1] + } + if part == "virtualMachineScaleSets" && i+1 < len(parts) { + metadata.InstanceID = parts[i+1] + } + } + } + + return metadata +} + +func extractDigitalOceanMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["beta.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract droplet ID from provider ID + // Format: digitalocean:///droplet-id + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + return metadata +} + +func extractOpenstackMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract instance ID from provider ID + // Format: openstack:///instance-id + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + // Extract project ID if available + if projectID, ok := node.Labels["project.openstack.org/project-id"]; ok { + metadata.AccountID = projectID + } + + return metadata +} + +func extractVMwareMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract VM UUID from provider ID + // Format: vsphere:///vm-uuid + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + // Extract datacenter info if available + if dc, ok := node.Labels["vsphere.kubernetes.io/datacenter"]; ok { + metadata.Region = dc + } + + return metadata +} + +func extractAlibabaMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract instance ID from provider ID + // Format: alicloud:///instance-id + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + // Extract account ID if available + if accountID, ok := node.Labels["alibabacloud.com/account-id"]; ok { + metadata.AccountID = accountID + } + + return metadata +} + +func extractIBMMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract instance ID from provider ID + // Format: ibm:///instance-id + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + // Extract account ID if available + if accountID, ok := node.Labels["ibm-cloud.kubernetes.io/account-id"]; ok { + metadata.AccountID = accountID + } + + return metadata +} + +func extractOracleMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract OCID from provider ID + // Format: oci:///ocid + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + // Extract compartment ID if available + if compartmentID, ok := node.Labels["oci.oraclecloud.com/compartment-id"]; ok { + metadata.AccountID = compartmentID + } + + return metadata +} + +func extractLinodeMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract Linode ID from provider ID + // Format: linode:///linode-id + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + return metadata +} + +func extractScalewayMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract instance ID from provider ID + // Format: scaleway:///instance-id + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + // Extract organization ID if available + if orgID, ok := node.Labels["scaleway.com/organization-id"]; ok { + metadata.AccountID = orgID + } + + return metadata +} + +func extractVultrMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract instance ID from provider ID + // Format: vultr:///instance-id + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + return metadata +} + +func extractHetznerMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract server ID from provider ID + // Format: hcloud:///server-id + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + // Extract project ID if available + if projectID, ok := node.Labels["hcloud.hetzner.cloud/project-id"]; ok { + metadata.AccountID = projectID + } + + return metadata +} + +func extractEquinixMetalMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract device ID from provider ID + // Format: equinixmetal:///device-id + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + // Extract project ID if available + if projectID, ok := node.Labels["metal.equinix.com/project-id"]; ok { + metadata.AccountID = projectID + } + + return metadata +} + +func extractExoscaleMetadata(node *corev1.Node, metadata *apitypes.CloudMetadata) *apitypes.CloudMetadata { + // Extract from labels + metadata.InstanceType = node.Labels["node.kubernetes.io/instance-type"] + metadata.Region = node.Labels["topology.kubernetes.io/region"] + metadata.Zone = node.Labels["topology.kubernetes.io/zone"] + + // Extract instance ID from provider ID + // Format: exoscale:///instance-id + parts := strings.Split(node.Spec.ProviderID, "/") + if len(parts) > 0 { + metadata.InstanceID = parts[len(parts)-1] + } + + // Extract organization ID if available + if orgID, ok := node.Labels["exoscale.com/organization-id"]; ok { + metadata.AccountID = orgID + } + + return metadata +} diff --git a/pkg/exporters/exporters_bus.go b/pkg/exporters/exporters_bus.go index 5ff8c9f8..a747f3ec 100644 --- a/pkg/exporters/exporters_bus.go +++ b/pkg/exporters/exporters_bus.go @@ -3,6 +3,7 @@ package exporters import ( "os" + "github.com/armosec/armoapi-go/armotypes" "github.com/kubescape/node-agent/pkg/malwaremanager" "github.com/kubescape/node-agent/pkg/ruleengine" @@ -27,7 +28,7 @@ type ExporterBus struct { } // InitExporters initializes all exporters. -func InitExporters(exportersConfig ExportersConfig, clusterName string, nodeName string) *ExporterBus { +func InitExporters(exportersConfig ExportersConfig, clusterName string, nodeName string, cloudMetadata *armotypes.CloudMetadata) *ExporterBus { var exporters []Exporter for _, url := range exportersConfig.AlertManagerExporterUrls { alertMan := InitAlertManagerExporter(url) @@ -35,7 +36,7 @@ func InitExporters(exportersConfig ExportersConfig, clusterName string, nodeName exporters = append(exporters, alertMan) } } - stdoutExp := InitStdoutExporter(exportersConfig.StdoutExporter) + stdoutExp := InitStdoutExporter(exportersConfig.StdoutExporter, cloudMetadata) if stdoutExp != nil { exporters = append(exporters, stdoutExp) } @@ -54,7 +55,7 @@ func InitExporters(exportersConfig ExportersConfig, clusterName string, nodeName } } if exportersConfig.HTTPExporterConfig != nil { - httpExp, err := InitHTTPExporter(*exportersConfig.HTTPExporterConfig, clusterName, nodeName) + httpExp, err := InitHTTPExporter(*exportersConfig.HTTPExporterConfig, clusterName, nodeName, cloudMetadata) if err != nil { logger.L().Error("failed to initialize http exporter", helpers.Error(err)) } diff --git a/pkg/exporters/http_exporter.go b/pkg/exporters/http_exporter.go index bbb681fe..82fc80dd 100644 --- a/pkg/exporters/http_exporter.go +++ b/pkg/exporters/http_exporter.go @@ -43,6 +43,7 @@ type HTTPExporter struct { alertCountLock sync.Mutex alertCountStart time.Time alertLimitNotified bool + cloudMetadata *apitypes.CloudMetadata } type HTTPAlertsList struct { @@ -52,8 +53,9 @@ type HTTPAlertsList struct { } type HTTPAlertsListSpec struct { - Alerts []apitypes.RuntimeAlert `json:"alerts"` - ProcessTree apitypes.ProcessTree `json:"processTree"` + Alerts []apitypes.RuntimeAlert `json:"alerts"` + ProcessTree apitypes.ProcessTree `json:"processTree"` + CloudMetadata apitypes.CloudMetadata `json:"cloudMetadata"` } func (config *HTTPExporterConfig) Validate() error { @@ -78,7 +80,7 @@ func (config *HTTPExporterConfig) Validate() error { } // InitHTTPExporter initializes an HTTPExporter with the given URL, headers, timeout, and method -func InitHTTPExporter(config HTTPExporterConfig, clusterName string, nodeName string) (*HTTPExporter, error) { +func InitHTTPExporter(config HTTPExporterConfig, clusterName string, nodeName string, cloudMetadata *apitypes.CloudMetadata) (*HTTPExporter, error) { if err := config.Validate(); err != nil { return nil, err } @@ -90,6 +92,7 @@ func InitHTTPExporter(config HTTPExporterConfig, clusterName string, nodeName st httpClient: &http.Client{ Timeout: time.Duration(config.TimeoutSeconds) * time.Second, }, + cloudMetadata: cloudMetadata, }, nil } @@ -141,9 +144,17 @@ func (exporter *HTTPExporter) SendRuleAlert(failedRule ruleengine.RuleFailure) { func (exporter *HTTPExporter) sendInAlertList(httpAlert apitypes.RuntimeAlert, processTree apitypes.ProcessTree) { // create the HTTPAlertsListSpec struct // TODO: accumulate alerts and send them in a batch + var cloudMetadata apitypes.CloudMetadata + if exporter.cloudMetadata == nil { + cloudMetadata = apitypes.CloudMetadata{} + } else { + cloudMetadata = *exporter.cloudMetadata + } + httpAlertsListSpec := HTTPAlertsListSpec{ - Alerts: []apitypes.RuntimeAlert{httpAlert}, - ProcessTree: processTree, + Alerts: []apitypes.RuntimeAlert{httpAlert}, + ProcessTree: processTree, + CloudMetadata: cloudMetadata, } // create the HTTPAlertsList struct httpAlertsList := HTTPAlertsList{ diff --git a/pkg/exporters/http_exporter_test.go b/pkg/exporters/http_exporter_test.go index f80b5422..60313392 100644 --- a/pkg/exporters/http_exporter_test.go +++ b/pkg/exporters/http_exporter_test.go @@ -33,7 +33,7 @@ func TestSendRuleAlert(t *testing.T) { // Create an HTTPExporter with the mock server URL exporter, err := InitHTTPExporter(HTTPExporterConfig{ URL: server.URL, - }, "", "") + }, "", "", nil) assert.NoError(t, err) // Create a mock rule failure @@ -96,7 +96,7 @@ func TestSendRuleAlertRateReached(t *testing.T) { exporter, err := InitHTTPExporter(HTTPExporterConfig{ URL: server.URL, MaxAlertsPerMinute: 1, - }, "", "") + }, "", "", nil) assert.NoError(t, err) // Create a mock rule failure @@ -162,7 +162,7 @@ func TestSendMalwareAlertHTTPExporter(t *testing.T) { // Create an HTTPExporter with the mock server URL exporter, err := InitHTTPExporter(HTTPExporterConfig{ URL: server.URL, - }, "", "") + }, "", "", nil) assert.NoError(t, err) // Create a mock malware description @@ -234,13 +234,13 @@ func TestSendMalwareAlertHTTPExporter(t *testing.T) { func TestValidateHTTPExporterConfig(t *testing.T) { // Test case: URL is empty - _, err := InitHTTPExporter(HTTPExporterConfig{}, "", "") + _, err := InitHTTPExporter(HTTPExporterConfig{}, "", "", nil) assert.Error(t, err) // Test case: URL is not empty exp, err := InitHTTPExporter(HTTPExporterConfig{ URL: "http://localhost:9093", - }, "cluster", "node") + }, "cluster", "node", nil) assert.NoError(t, err) assert.Equal(t, "POST", exp.config.Method) assert.Equal(t, 5, exp.config.TimeoutSeconds) @@ -258,7 +258,7 @@ func TestValidateHTTPExporterConfig(t *testing.T) { Headers: map[string]string{ "Authorization": "Bearer token", }, - }, "", "") + }, "", "", nil) assert.NoError(t, err) assert.Equal(t, "PUT", exp.config.Method) assert.Equal(t, 2, exp.config.TimeoutSeconds) @@ -269,6 +269,6 @@ func TestValidateHTTPExporterConfig(t *testing.T) { _, err = InitHTTPExporter(HTTPExporterConfig{ URL: "http://localhost:9093", Method: "DELETE", - }, "", "") + }, "", "", nil) assert.Error(t, err) } diff --git a/pkg/exporters/stdout_exporter.go b/pkg/exporters/stdout_exporter.go index 64770dc3..e138b2e6 100644 --- a/pkg/exporters/stdout_exporter.go +++ b/pkg/exporters/stdout_exporter.go @@ -3,6 +3,7 @@ package exporters import ( "os" + apitypes "github.com/armosec/armoapi-go/armotypes" "github.com/kubescape/node-agent/pkg/malwaremanager" "github.com/kubescape/node-agent/pkg/ruleengine" @@ -10,10 +11,11 @@ import ( ) type StdoutExporter struct { - logger *log.Logger + logger *log.Logger + cloudmetadata *apitypes.CloudMetadata } -func InitStdoutExporter(useStdout *bool) *StdoutExporter { +func InitStdoutExporter(useStdout *bool, cloudmetadata *apitypes.CloudMetadata) *StdoutExporter { if useStdout == nil { useStdout = new(bool) *useStdout = os.Getenv("STDOUT_ENABLED") != "false" @@ -27,7 +29,8 @@ func InitStdoutExporter(useStdout *bool) *StdoutExporter { logger.SetOutput(os.Stderr) return &StdoutExporter{ - logger: logger, + logger: logger, + cloudmetadata: cloudmetadata, } } @@ -39,6 +42,7 @@ func (exporter *StdoutExporter) SendRuleAlert(failedRule ruleengine.RuleFailure) "RuntimeProcessDetails": failedRule.GetRuntimeProcessDetails(), "RuntimeK8sDetails": failedRule.GetRuntimeAlertK8sDetails(), "RuleID": failedRule.GetRuleId(), + "CloudMetadata": exporter.cloudmetadata, }).Error(failedRule.GetBaseRuntimeAlert().AlertName) } @@ -50,5 +54,6 @@ func (exporter *StdoutExporter) SendMalwareAlert(malwareResult malwaremanager.Ma "RuntimeProcessDetails": malwareResult.GetRuntimeProcessDetails(), "RuntimeK8sDetails": malwareResult.GetRuntimeAlertK8sDetails(), "RuleID": "R3000", + "CloudMetadata": exporter.cloudmetadata, }).Error(malwareResult.GetBasicRuntimeAlert().AlertName) } diff --git a/pkg/exporters/stdout_exporter_test.go b/pkg/exporters/stdout_exporter_test.go index e9d1f935..ca415e7f 100644 --- a/pkg/exporters/stdout_exporter_test.go +++ b/pkg/exporters/stdout_exporter_test.go @@ -13,42 +13,42 @@ import ( func TestInitStdoutExporter(t *testing.T) { // Test when useStdout is nil useStdout := new(bool) - exporter := InitStdoutExporter(nil) + exporter := InitStdoutExporter(nil, nil) assert.NotNil(t, exporter) // Test when useStdout is true useStdout = new(bool) *useStdout = true - exporter = InitStdoutExporter(useStdout) + exporter = InitStdoutExporter(useStdout, nil) assert.NotNil(t, exporter) assert.NotNil(t, exporter.logger) // Test when useStdout is false useStdout = new(bool) *useStdout = false - exporter = InitStdoutExporter(useStdout) + exporter = InitStdoutExporter(useStdout, nil) assert.Nil(t, exporter) // Test when STDOUT_ENABLED environment variable is set to "false" os.Setenv("STDOUT_ENABLED", "false") - exporter = InitStdoutExporter(nil) + exporter = InitStdoutExporter(nil, nil) assert.Nil(t, exporter) // Test when STDOUT_ENABLED environment variable is set to "true" os.Setenv("STDOUT_ENABLED", "true") - exporter = InitStdoutExporter(nil) + exporter = InitStdoutExporter(nil, nil) assert.NotNil(t, exporter) assert.NotNil(t, exporter.logger) // Test when STDOUT_ENABLED environment variable is not set os.Unsetenv("STDOUT_ENABLED") - exporter = InitStdoutExporter(nil) + exporter = InitStdoutExporter(nil, nil) assert.NotNil(t, exporter) assert.NotNil(t, exporter.logger) } func TestStdoutExporter_SendAlert(t *testing.T) { - exporter := InitStdoutExporter(nil) + exporter := InitStdoutExporter(nil, nil) assert.NotNil(t, exporter) exporter.SendRuleAlert(&ruleengine.GenericRuleFailure{