Merge pull request #7 from creativice/feature/ingest-more-resources

Add more top-level resources
JupiterOne-Archives · Jul 14, 2021 · 68e724c · 68e724c
2 parents 7f67d6f + f7a52c0
commit 68e724c
Show file tree

Hide file tree

Showing 73 changed files with 14,843 additions and 871 deletions.
diff --git a/docs/jupiterone.md b/docs/jupiterone.md
@@ -74,28 +74,44 @@ https://github.com/JupiterOne/sdk/blob/master/docs/integrations/development.md
 
 The following entities are created:
 
-| Resources             | Entity `_type`    | Entity `_class` |
-| --------------------- | ----------------- | --------------- |
-| Kubernetes Container  | `kube_container`  | `Container`     |
-| Kubernetes Deployment | `kube_deployment` | `Deployment`    |
-| Kubernetes Namespace  | `kube_namespace`  | `Group`         |
-| Kubernetes Node       | `kube_node`       | `Host`          |
-| Kubernetes Pod        | `kube_pod`        | `Task`          |
-| Kubernetes ReplicaSet | `kube_replicaset` | `Deployment`    |
-| Kubernetes Service    | `kube_service`    | `Service`       |
+| Resources              | Entity `_type`      | Entity `_class` |
+| ---------------------- | ------------------- | --------------- |
+| Kubernetes ConfigMap   | `kube_config_map`   | `Configuration` |
+| Kubernetes Container   | `kube_container`    | `Container`     |
+| Kubernetes CronJob     | `kube_cron_job`     | `Task`          |
+| Kubernetes DaemonSet   | `kube_daemon_set`   | `Deployment`    |
+| Kubernetes Deployment  | `kube_deployment`   | `Deployment`    |
+| Kubernetes Job         | `kube_job`          | `Task`          |
+| Kubernetes Namespace   | `kube_namespace`    | `Group`         |
+| Kubernetes Node        | `kube_node`         | `Host`          |
+| Kubernetes Pod         | `kube_pod`          | `Task`          |
+| Kubernetes ReplicaSet  | `kube_replica_set`  | `Deployment`    |
+| Kubernetes Secret      | `kube_secret`       | `Vault`         |
+| Kubernetes Service     | `kube_service`      | `Service`       |
+| Kubernetes StatefulSet | `kube_stateful_set` | `Deployment`    |
 
 ### Relationships
 
 The following relationships are created/mapped:
 
 | Source Entity `_type` | Relationship `_class` | Target Entity `_type` |
 | --------------------- | --------------------- | --------------------- |
-| `kube_deployment`     | **MANAGES**           | `kube_replicaset`     |
+| `kube_cron_job`       | **MANAGES**           | `kube_job`            |
+| `kube_deployment`     | **MANAGES**           | `kube_replica_set`    |
+| `kube_job`            | **MANAGES**           | `kube_pod`            |
+| `kube_namespace`      | **CONTAINS**          | `kube_config_map`     |
+| `kube_namespace`      | **CONTAINS**          | `kube_cron_job`       |
+| `kube_namespace`      | **CONTAINS**          | `kube_daemon_set`     |
 | `kube_namespace`      | **CONTAINS**          | `kube_deployment`     |
+| `kube_namespace`      | **CONTAINS**          | `kube_job`            |
+| `kube_namespace`      | **CONTAINS**          | `kube_replica_set`    |
+| `kube_namespace`      | **CONTAINS**          | `kube_secret`         |
 | `kube_namespace`      | **CONTAINS**          | `kube_service`        |
+| `kube_namespace`      | **CONTAINS**          | `kube_stateful_set`   |
 | `kube_node`           | **HAS**               | `kube_pod`            |
 | `kube_pod`            | **CONTAINS**          | `kube_container`      |
-| `kube_replicaset`     | **MANAGES**           | `kube_pod`            |
+| `kube_replica_set`    | **MANAGES**           | `kube_pod`            |
+| `kube_stateful_set`   | **MANAGES**           | `kube_pod`            |
 
 <!--
 ********************************************************************************

diff --git a/examples/createConfigMap.yml b/examples/createConfigMap.yml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: game-demo
+data:
+  # property-like keys; each key maps to a simple value
+  player_initial_lives: '3'
+  ui_properties_file_name: 'user-interface.properties'
+
+  # file-like keys
+  game.properties: |
+    enemy.types=aliens,monsters
+    player.maximum-lives=5
+  user-interface.properties: |
+    color.good=purple
+    color.bad=yellow
+    allow.textmode=true
diff --git a/examples/createCronJob.yml b/examples/createCronJob.yml
@@ -0,0 +1,19 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: hello
+spec:
+  schedule: '*/1 * * * *'
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: hello
+              image: busybox
+              imagePullPolicy: IfNotPresent
+              command:
+                - /bin/sh
+                - -c
+                - date; echo Hello from the Kubernetes cluster
+          restartPolicy: OnFailure
diff --git a/examples/createDaemonSet.yml b/examples/createDaemonSet.yml
@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: fluentd-elasticsearch
+  namespace: default
+  labels:
+    k8s-app: fluentd-logging
+spec:
+  selector:
+    matchLabels:
+      name: fluentd-elasticsearch
+  template:
+    metadata:
+      labels:
+        name: fluentd-elasticsearch
+    spec:
+      tolerations:
+        # this toleration is to have the daemonset runnable on master nodes
+        # remove it if your masters can't run pods
+        - key: node-role.kubernetes.io/master
+          operator: Exists
+          effect: NoSchedule
+      containers:
+        - name: fluentd-elasticsearch
+          image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
+          resources:
+            limits:
+              memory: 200Mi
+            requests:
+              cpu: 100m
+              memory: 200Mi
+          volumeMounts:
+            - name: varlog
+              mountPath: /var/log
+            - name: varlibdockercontainers
+              mountPath: /var/lib/docker/containers
+              readOnly: true
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - name: varlog
+          hostPath:
+            path: /var/log
+        - name: varlibdockercontainers
+          hostPath:
+            path: /var/lib/docker/containers
diff --git a/examples/createJob.yml b/examples/createJob.yml
@@ -0,0 +1,13 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: pi
+spec:
+  template:
+    spec:
+      containers:
+        - name: pi
+          image: perl
+          command: ['perl', '-Mbignum=bpi', '-wle', 'print bpi(2000)']
+      restartPolicy: Never
+  backoffLimit: 4
diff --git a/examples/createReplicaSet.yml b/examples/createReplicaSet.yml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+  name: frontend
+  labels:
+    app: guestbook
+    tier: frontend
+spec:
+  # modify replicas according to your case
+  replicas: 3
+  selector:
+    matchLabels:
+      tier: frontend
+  template:
+    metadata:
+      labels:
+        tier: frontend
+    spec:
+      containers:
+        - name: php-redis
+          image: gcr.io/google_samples/gb-frontend:v3
diff --git a/examples/createStatefulSet.yml b/examples/createStatefulSet.yml
@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  labels:
+    app: nginx
+spec:
+  ports:
+    - port: 80
+      name: web
+  clusterIP: None
+  selector:
+    app: nginx
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: web
+spec:
+  selector:
+    matchLabels:
+      app: nginx # has to match .spec.template.metadata.labels
+  serviceName: 'nginx'
+  replicas: 3 # by default is 1
+  template:
+    metadata:
+      labels:
+        app: nginx # has to match .spec.selector.matchLabels
+    spec:
+      terminationGracePeriodSeconds: 10
+      containers:
+        - name: nginx
+          image: k8s.gcr.io/nginx-slim:0.8
+          ports:
+            - containerPort: 80
+              name: web
+          volumeMounts:
+            - name: www
+              mountPath: /usr/share/nginx/html
+  volumeClaimTemplates:
+    - metadata:
+        name: www
+      spec:
+        accessModes: ['ReadWriteOnce']
+        storageClassName: 'my-storage-class'
+        resources:
+          requests:
+            storage: 1Gi
diff --git a/src/getStepStartStates.ts b/src/getStepStartStates.ts
@@ -36,12 +36,24 @@ export default async function getStepStartStates(
       servicesDisabled,
       deploymentsDisabled,
       replicasetsDisabled,
+      statefulsetsDisabled,
+      daemonsetsDisabled,
+      jobsDisabled,
+      cronJobsDisabled,
+      configMapsDisabled,
+      secretsDisabled,
       podsDisabled,
       nodesDisabled,
     ] = await Promise.all([
       getServiceState('services', 'list', client),
       getServiceState('deployments', 'list', client),
       getServiceState('replicasets', 'list', client),
+      getServiceState('statefulsets', 'list', client),
+      getServiceState('daemonsets', 'list', client),
+      getServiceState('jobs', 'list', client),
+      getServiceState('cronjobs', 'list', client),
+      getServiceState('configmaps', 'list', client),
+      getServiceState('secrets', 'list', client),
       getServiceState('pods', 'list', client),
       getServiceState('nodes', 'list', client),
     ]);
@@ -59,6 +71,24 @@ export default async function getStepStartStates(
       [IntegrationSteps.REPLICASETS]: {
         disabled: replicasetsDisabled,
       },
+      [IntegrationSteps.STATEFULSETS]: {
+        disabled: statefulsetsDisabled,
+      },
+      [IntegrationSteps.DAEMONSETS]: {
+        disabled: daemonsetsDisabled,
+      },
+      [IntegrationSteps.JOBS]: {
+        disabled: jobsDisabled,
+      },
+      [IntegrationSteps.CRONJOBS]: {
+        disabled: cronJobsDisabled,
+      },
+      [IntegrationSteps.CONFIGMAPS]: {
+        disabled: configMapsDisabled,
+      },
+      [IntegrationSteps.SECRETS]: {
+        disabled: secretsDisabled,
+      },
       [IntegrationSteps.PODS]: {
         disabled: podsDisabled,
       },

diff --git a/src/index.ts b/src/index.ts
@@ -2,11 +2,17 @@ import { IntegrationConfig, instanceConfigFields } from './config';
 import { validateInvocation } from './validator';
 import { IntegrationInvocationConfig } from '@jupiterone/integration-sdk-core';
 import { namespaceSteps } from './steps/namespaces';
-import { podsSteps } from './steps/pods';
 import { nodeSteps } from './steps/nodes';
 import { serviceSteps } from './steps/services';
 import { deploymentsSteps } from './steps/deployments';
 import { replicaSetsSteps } from './steps/replica-sets';
+import { statefulSetsSteps } from './steps/stateful-sets';
+import { daemonSetsSteps } from './steps/daemon-sets';
+import { jobsSteps } from './steps/jobs';
+import { cronJobsSteps } from './steps/cron-jobs';
+import { configMapsSteps } from './steps/config-maps';
+import { secretsSteps } from './steps/secrets';
+import { podsSteps } from './steps/pods';
 
 import getStepStartStates from './getStepStartStates';
 
@@ -16,10 +22,16 @@ export const invocationConfig: IntegrationInvocationConfig<IntegrationConfig> =
   getStepStartStates,
   integrationSteps: [
     ...namespaceSteps,
+    ...nodeSteps,
     ...serviceSteps,
     ...deploymentsSteps,
     ...replicaSetsSteps,
-    ...nodeSteps,
+    ...statefulSetsSteps,
+    ...daemonSetsSteps,
+    ...jobsSteps,
+    ...cronJobsSteps,
+    ...configMapsSteps,
+    ...secretsSteps,
     ...podsSteps,
   ],
 };
diff --git a/src/kubernetes/clients/apps.ts b/src/kubernetes/clients/apps.ts
@@ -1,5 +1,10 @@
 import * as k8s from '@kubernetes/client-node';
-import { V1DeploymentList, V1ReplicaSetList } from '@kubernetes/client-node';
+import {
+  V1DaemonSetList,
+  V1DeploymentList,
+  V1ReplicaSetList,
+  V1StatefulSetList,
+} from '@kubernetes/client-node';
 import { IntegrationConfig } from '../../config';
 import { Client } from '../client';
 
@@ -60,4 +65,52 @@ export class AppsClient extends Client {
       },
     );
   }
+
+  async iterateStatefulSets(
+    namespace: string,
+    callback: (data: k8s.V1StatefulSet) => Promise<void>,
+  ): Promise<void> {
+    await this.iterateApi(
+      async (nextPageToken) => {
+        return this.client.listNamespacedStatefulSet(
+          namespace,
+          undefined,
+          undefined,
+          nextPageToken,
+          undefined,
+          undefined,
+          this.maxPerPage,
+        );
+      },
+      async (data: V1StatefulSetList) => {
+        for (const statefulSet of data.items || []) {
+          await callback(statefulSet);
+        }
+      },
+    );
+  }
+
+  async iterateDaemonSets(
+    namespace: string,
+    callback: (data: k8s.V1DaemonSet) => Promise<void>,
+  ): Promise<void> {
+    await this.iterateApi(
+      async (nextPageToken) => {
+        return this.client.listNamespacedDaemonSet(
+          namespace,
+          undefined,
+          undefined,
+          nextPageToken,
+          undefined,
+          undefined,
+          this.maxPerPage,
+        );
+      },
+      async (data: V1DaemonSetList) => {
+        for (const daemonSet of data.items || []) {
+          await callback(daemonSet);
+        }
+      },
+    );
+  }
 }
diff --git a/src/kubernetes/clients/authorization.ts b/src/kubernetes/clients/authorization.ts
@@ -3,11 +3,17 @@ import { IntegrationConfig } from '../../config';
 import { Client } from '../client';
 
 export type ResourceType =
+  | 'nodes'
   | 'services'
   | 'deployments'
   | 'replicasets'
-  | 'pods'
-  | 'nodes';
+  | 'statefulsets'
+  | 'daemonsets'
+  | 'jobs'
+  | 'cronjobs'
+  | 'configmaps'
+  | 'secrets'
+  | 'pods';
 export type VerbType = 'list' | 'create';
 
 export class AuthorizationClient extends Client {