feat(os_scanner): added policy 4.5 check implementation via os processor

scanner/openstack/go.mod

@@ -8,4 +8,9 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 )
 
-require golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
+require github.com/vektah/gqlparser/v2 v2.5.11 // indirect
+
+require (
+	github.com/Khan/genqlient v0.7.0
+	golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
+)

scanner/openstack/go.sum

@@ -1,3 +1,5 @@
+github.com/Khan/genqlient v0.7.0 h1:GZ1meyRnzcDTK48EjqB8t3bcfYvHArCUUvgOwpz1D4w=
+github.com/Khan/genqlient v0.7.0/go.mod h1:HNyy3wZvuYwmW3Y7mkoQLZsa/R5n5yIRajS1kPBvSFM=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -12,6 +14,8 @@ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVs
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/vektah/gqlparser/v2 v2.5.11 h1:JJxLtXIoN7+3x6MBdtIP59TP1RANnY7pXOaDnADQSf8=
+github.com/vektah/gqlparser/v2 v2.5.11/go.mod h1:1rCcfwB2ekJofmluGWXMSEnPMZgbxzwj6FaZ/4OT8Cc=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

scanner/openstack/main.go

@@ -1,11 +1,13 @@
 // SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
 // SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
 	"fmt"
 	"os"
 
+	"github.com/cloudoperators/heureka/scanner/openstack/processor"
 	"github.com/cloudoperators/heureka/scanner/openstack/scanner"
 	"github.com/kelseyhightower/envconfig"
 	log "github.com/sirupsen/logrus"
@@ -46,17 +48,35 @@ func main() {
 		log.WithError(err).Fatal("Error while reading env config for scanner")
 	}
 
-	opScanner := scanner.NewScanner(scannerCfg)
+	var processorsCfg processor.Config
+	err = envconfig.Process("openstack", &processorsCfg)
+	if err != nil {
+		log.WithError(err).Fatal("Error while reading env config for processor")
+	}
+
+	osScanner := scanner.NewScanner(scannerCfg)
+	osProcessor := processor.NewProcessor(processorsCfg)
 
-	service, err := opScanner.Setup()
+	service, err := osScanner.Setup()
 	if err != nil {
 		log.WithError(err).Fatal("Error during scanner setup")
 	}
 
-	results, err := opScanner.GetServers(service)
+	servers, err := osScanner.GetServers(service)
 	if err != nil {
 		log.WithError(err).Fatal("Error during scanner get servers")
 	}
 
+	fmt.Print("Servers: \n")
+	fmt.Print(servers)
+	fmt.Print("\n\n")
+
+	results, err := osProcessor.ProcessServers(servers)
+	if err != nil {
+		log.WithError(err).Fatal("Error during processor process servers")
+	}
+
+	fmt.Print("Results: \n")
 	fmt.Print(results)
+	fmt.Print("\n\n")
 }

scanner/openstack/processor/config.go

@@ -0,0 +1,8 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package processor
+
+type Config struct {
+	HeurekaUrl string `envconfig:"HEUREKA_URL" required:"true" json:"-"`
+}

scanner/openstack/processor/processor.go

@@ -2,3 +2,60 @@
 // SPDX-License-Identifier: Apache-2.0
 
 package processor
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/Khan/genqlient/graphql"
+	"github.com/gophercloud/gophercloud/openstack/compute/v2/servers"
+)
+
+type Processor struct {
+	Client *graphql.Client
+}
+
+func NewProcessor(cfg Config) *Processor {
+	httpClient := http.Client{}
+	gClient := graphql.NewClient(cfg.HeurekaUrl, &httpClient)
+	return &Processor{
+		Client: &gClient,
+	}
+}
+
+func (p *Processor) ProcessServers(serverList []servers.Server) ([]map[string]interface{}, error) {
+	// This function processes the list of servers and checks if they are compliant with policy 4.5
+
+	output := []map[string]interface{}{}
+
+	for _, server := range serverList {
+
+		imgName := server.Metadata["image_name"]
+
+		resultObj := map[string]interface{}{
+			"server_name":       server.Name,
+			"server_image_name": imgName,
+		}
+
+		if policy4dot5Check(imgName) {
+			resultObj["result"] = "compliant"
+		} else {
+			resultObj["result"] = "non-compliant"
+		}
+
+		output = append(output, resultObj)
+	}
+
+	return output, nil
+}
+
+func policy4dot5Check(img_name string) bool {
+	// This is a temporary hardcoded implementation of policy 4.5 for the OpenStack scanner PoC
+	// This function will be replaced by the actual implementation of policy checks in the future
+	// Policy 4.5 checks that the image name contains either "gardenlinux" or "SAP-compliant"
+
+	if strings.Contains(img_name, "gardenlinux") || strings.Contains(img_name, "SAP-compliant") {
+		return true
+	}
+	return false
+}