command crd

pkg/command/crds/crd-status-subresource.yaml

@@ -0,0 +1,62 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: operatorcommands.kubescape.io
+spec:
+  group: kubescape.io
+  names:
+    plural: operatorcommands
+    singular: operatorcommand
+    kind: OperatorCommand
+    shortNames:
+      - opcmd
+  scope: Cluster
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                args:
+                  type: object
+                  additionalProperties: true
+                commandType:
+                  type: string
+                designators:
+                  type: array
+                  items:
+                    type: object
+                    additionalProperties: true 
+                guid:
+                  type: string
+            status:
+              type: object
+              properties:
+                completed:
+                  type: boolean
+                completedAt:
+                  type: string
+                  format: date-time
+                error:
+                  type: object
+                  properties:
+                    errorCode:
+                      type: integer
+                    message:
+                      type: string
+                    reason:
+                      type: string
+                started:
+                  type: boolean
+                startedAt:
+                  type: string
+                  format: date-time
+      subresources:
+        status: {}
+  conversion:
+    strategy: None

pkg/command/crds/crd.yaml

@@ -0,0 +1,55 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: operatorcommands.kubescape.io
+spec:
+  group: kubescape.io
+  names:
+    kind: OperatorCommand
+    plural: operatorcommands
+    singular: operatorcommand
+    shortNames:
+      - opcmd
+  scope: Cluster
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+      schema:
+        # schema used for validation
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                guid:
+                  type: string
+                commandType:
+                  type: string
+                designators:
+                  type: array
+                  items:
+                args:
+                  type: object
+                  additionalProperties: true
+            status:
+              started:
+                type: boolean
+              startedAt:
+                allOf:
+                  - $ref: '#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time'
+              completed:
+                type: boolean
+              completedAt:
+                allOf:
+                  - $ref: '#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time'
+              error:
+                type: object
+                properties:
+                  reason:
+                    type: string
+                  message:
+                    type: string
+                  errorCode:
+                    type: integer

pkg/command/types/api.go

@@ -0,0 +1,7 @@
+package types
+
+const (
+	OperatorCommandGroup  string = "kubescape.io"
+	OperatorCommandKind   string = "OperatorCommand"
+	OperatorCommandPlural string = "operatorcommands"
+)

pkg/command/types/v1alpha1/README.md

@@ -0,0 +1,10 @@
+# OperatorCommand
+
+The OperatorCommand CRD is designed to enable the execution of various actions within the cluster and reporting their status back to the backend. This CRD serves as a central mechanism for triggering and managing actions, replacing the functionality previously provided by the gateway and kollector.
+
+How it Works
+
+1. Creation: The backend creates a Command CRD instance, specifying the desired action and any necessary parameters for the action.
+2. Synchronization: The Synchronizer, responsible for two-way communication, receives the Command CRD from the backend and saves it in the cluster.
+3. Execution: The designated component in the cluster, identifies the new command via a watcher on the Kubernetes API, processes the Command CRD and performs the requested action within the cluster.
+4. Status Reporting: Upon completion, the component updates the command CRD resource with the status of the action, providing information about success or failure, any relevant details, and potentially updating the Command CRD. The synchronizer, watching over the command CRD, will send it back to the backend for further processing.

pkg/command/types/v1alpha1/api.go

@@ -0,0 +1,16 @@
+package v1alpha1
+
+import (
+	"github.com/kubescape/backend/pkg/command/types"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+const (
+	OperatorCommandVersion string = "v1"
+)
+
+var SchemaGroupVersionResource = schema.GroupVersionResource{
+	Group:    types.OperatorCommandGroup,
+	Version:  OperatorCommandVersion,
+	Resource: types.OperatorCommandPlural,
+}

pkg/command/types/v1alpha1/types.go

@@ -0,0 +1,51 @@
+package v1alpha1
+
+import (
+	"time"
+
+	"github.com/armosec/armoapi-go/identifiers"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type OperatorCommandList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []OperatorCommand `json:"items"`
+}
+
+type OperatorCommand struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   OperatorCommandSpec   `json:"spec,omitempty"`
+	Status OperatorCommandStatus `json:"status,omitempty"`
+}
+
+type OperatorCommandSpec struct {
+	GUID           string `json:"guid"`                     // GUID is a unique identifier for the command
+	CommandType    string `json:"commandType"`              // CommandType is the type of the command
+	CommandVersion string `json:"commandVersion,omitempty"` // CommandVersion is the version of the command
+	Labels         map[string]string              `json:"labels,omitempty"`       // Labels are the labels for the command
+	Designators    []identifiers.PortalDesignator `json:"designators,omitempty"` // Designators are the designators for the command
+	Body           []byte                         `json:"body,omitempty"`        // Body is the body of the command
+	TTL            time.Duration                  `json:"ttl,omitempty"`         // TTL is the time to live for the command
+	Args           map[string]interface{}         `json:"args,omitempty"`        // Args are the arguments for the command
+	CommandIndex   *int                           `json:"commandIndex,omitempty"` // CommandIndex is the index of the command in the sequence
+	CommandCount   *int                           `json:"commandCount,omitempty"` // CommandCount is the total number of commands in the sequence
+}
+
+type OperatorCommandStatus struct {
+	Started     bool                        `json:"started"`               // Started indicates if the command has started
+	StartedAt   *metav1.Time                `json:"startedAt,omitempty"`   // StartedAt is the time at which the command was started
+	Completed   bool                        `json:"completed"`             // Completed indicates if the command has completed
+	CompletedAt *metav1.Time                `json:"completedAt,omitempty"` // CompletedAt is the time at which the command was completed
+	Executer    string                      `json:"executer,omitempty"`    // Executer is the entity that executed the command
+	Error       *OperatorCommandStatusError `json:"error,omitempty"`       // Error is the error that occurred during the execution of the command (if any)
+}
+
+type OperatorCommandStatusError struct {
+	Reason    string `json:"reason,omitempty"`    // reason for the error (optional)
+	Message   string `json:"message,omitempty"`   // error message (optional)
+	ErrorCode int    `json:"errorCode,omitempty"` // error code (optional)
+}