From 72e26ab41b79585a638daa2310e79273df079773 Mon Sep 17 00:00:00 2001 From: "Knight, Eddie" Date: Fri, 14 May 2021 09:28:49 -0400 Subject: [PATCH 1/4] newline --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index a711729..de21c1f 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -5,4 +5,4 @@ # Anything relating to the actual probe logic # should be reviewed by this repo's lead maintainer -internal/ @iantivey \ No newline at end of file +internal/ @iantivey From b9ced6c3bb29e4dfe9c4f0eb3b7e2082a4ff0b46 Mon Sep 17 00:00:00 2001 From: "Knight, Eddie" Date: Tue, 15 Jun 2021 14:35:27 -0400 Subject: [PATCH 2/4] Adjusting to use sdk v0.1.6 --- go.mod | 5 +- go.sum | 2 - internal/azure/aks/feature_setup.go | 11 ---- .../encryption-at-rest/feature_setup.go | 24 ++----- .../encryption-at-rest/scenarios.go | 18 ++--- internal/azure/kubernetes/iam/iam.go | 57 ++++++---------- internal/azure/networking/feature_setup.go | 11 ---- internal/common/common.go | 51 ++++++-------- internal/config/config.go | 5 +- internal/connection/connection.go | 66 +++++++++++++++++++ main.go | 7 +- 11 files changed, 128 insertions(+), 129 deletions(-) create mode 100644 internal/connection/connection.go diff --git a/go.mod b/go.mod index 5db590d..f7109c4 100644 --- a/go.mod +++ b/go.mod @@ -6,9 +6,10 @@ require ( github.com/cucumber/godog v0.11.0 github.com/hashicorp/go-hclog v0.15.0 // indirect github.com/markbates/pkger v0.17.1 - github.com/probr/probr-sdk v0.1.1 + github.com/probr/probr-sdk v0.0.0-00010101000000-000000000000 + // github.com/probr/probr-sdk v0.1.5 k8s.io/api v0.19.6 ) // For Development Only -// replace github.com/probr/probr-sdk => ../probr-sdk +replace github.com/probr/probr-sdk => ../probr-sdk diff --git a/go.sum b/go.sum index e23a6d6..926c38a 100644 --- a/go.sum +++ b/go.sum @@ -432,8 +432,6 @@ github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6J github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/probr/probr-sdk v0.1.1 h1:al8a1/Qgw41Dh/2KkpmFdmnotrtzu0g5RiFeAWv73ss= -github.com/probr/probr-sdk v0.1.1/go.mod h1:Cp/BmkTE08Q0Kw+t3YcVn89ZjMuET2sSeEKsYEiYTFQ= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= diff --git a/internal/azure/aks/feature_setup.go b/internal/azure/aks/feature_setup.go index d959f5f..aeedea7 100644 --- a/internal/azure/aks/feature_setup.go +++ b/internal/azure/aks/feature_setup.go @@ -9,8 +9,6 @@ import ( "github.com/probr/probr-pack-aks/internal/common" "github.com/probr/probr-sdk/probeengine" - azureutil "github.com/probr/probr-sdk/providers/azure" - "github.com/probr/probr-sdk/providers/azure/connection" ) type scenarioState struct { @@ -49,15 +47,6 @@ func (probe probeStruct) Path() string { func (probe probeStruct) ProbeInitialize(ctx *godog.TestSuiteContext) { ctx.BeforeSuite(func() { - - scenario.AZConnection = connection.NewAzureConnection( - context.Background(), - azureutil.SubscriptionID(), - azureutil.TenantID(), - azureutil.ClientID(), - azureutil.ClientSecret(), - ) - }) ctx.AfterSuite(func() { diff --git a/internal/azure/kubernetes/encryption-at-rest/feature_setup.go b/internal/azure/kubernetes/encryption-at-rest/feature_setup.go index 9e34161..c63e120 100644 --- a/internal/azure/kubernetes/encryption-at-rest/feature_setup.go +++ b/internal/azure/kubernetes/encryption-at-rest/feature_setup.go @@ -9,13 +9,10 @@ import ( "github.com/probr/probr-pack-aks/internal/common" "github.com/probr/probr-pack-aks/internal/config" + "github.com/probr/probr-pack-aks/internal/connection" "github.com/probr/probr-pack-aks/internal/summary" "github.com/probr/probr-sdk/probeengine" - - azureutil "github.com/probr/probr-sdk/providers/azure" - azureconnection "github.com/probr/probr-sdk/providers/azure/connection" - k8sconnection "github.com/probr/probr-sdk/providers/kubernetes/connection" ) type scenarioState struct { @@ -33,8 +30,7 @@ type probeStruct struct { // Probe ... var Probe probeStruct -var scenario scenarioState // Local container of scenario state -var kConnection k8sconnection.Connection // Provides functionality to interact with Kubernetes +var scenario scenarioState // Local container of scenario state var aksJSON []byte func beforeScenario(s *scenarioState, probeName string, gs *godog.Scenario) { @@ -61,18 +57,6 @@ func (probe probeStruct) Path() string { func (probe probeStruct) ProbeInitialize(ctx *godog.TestSuiteContext) { ctx.BeforeSuite(func() { - - scenario.AZConnection = azureconnection.NewAzureConnection( - context.Background(), - azureutil.SubscriptionID(), - azureutil.TenantID(), - azureutil.ClientID(), - azureutil.ClientSecret(), - ) - - //TODO make this part of the scenario object - kConnection = k8sconnection.NewConnection(config.Vars.ServicePacks.Kubernetes.KubeConfigPath, config.Vars.ServicePacks.Kubernetes.KubeContext, config.Vars.ServicePacks.Kubernetes.ProbeNamespace) - }) ctx.AfterSuite(func() { @@ -120,7 +104,7 @@ func teardown() { //delete any resources you created here //if config.Vars.ServicePacks.Kubernetes.KeepPods == "false" { for _, podName := range scenario.pods { - err := kConnection.DeletePodIfExists(podName, scenario.namespace, Probe.Name()) + err := connection.Kubernetes.DeletePodIfExists(podName, scenario.namespace, Probe.Name()) if err != nil { log.Printf(fmt.Sprintf("[ERROR] Could not retrieve pod from namespace '%s' for deletion: %s", scenario.namespace, err)) } @@ -128,7 +112,7 @@ func teardown() { //} for _, pvcName := range scenario.pvcs { - err := kConnection.DeletePVCIfExists(pvcName, scenario.namespace, Probe.Name()) + err := connection.Kubernetes.DeletePVCIfExists(pvcName, scenario.namespace, Probe.Name()) if err != nil { log.Printf(fmt.Sprintf("[ERROR] Could not retrieve PVC from namespace '%s' for deletion: %s", scenario.namespace, err)) } diff --git a/internal/azure/kubernetes/encryption-at-rest/scenarios.go b/internal/azure/kubernetes/encryption-at-rest/scenarios.go index 781ca13..4de38a7 100644 --- a/internal/azure/kubernetes/encryption-at-rest/scenarios.go +++ b/internal/azure/kubernetes/encryption-at-rest/scenarios.go @@ -7,6 +7,7 @@ import ( "github.com/probr/probr-pack-aks/internal/common" "github.com/probr/probr-pack-aks/internal/config" + "github.com/probr/probr-pack-aks/internal/connection" "github.com/probr/probr-sdk/providers/kubernetes/constructors" "github.com/probr/probr-sdk/utils" ) @@ -32,7 +33,7 @@ func (scenario *scenarioState) aKubernetesClusterIsDeployed() error { config.Vars.ServicePacks.Kubernetes.KubeContext, } - err = kConnection.ClusterIsDeployed() // Must be assigned to 'err' be audited + err = connection.Kubernetes.ClusterIsDeployed() // Must be assigned to 'err' be audited return err } @@ -56,8 +57,8 @@ func (scenario *scenarioState) iCreateAPodWhichDynamicallyCreatesAnAzureDisk() e constructors.AddPVCToPod(podObject, pvcObject) stepTrace.WriteString("Create pod from spec; ") - createdPVCObject, pvcCreationErr := kConnection.CreatePVCFromObject(pvcObject, Probe.Name()) - createdPodObject, podCreationErr := kConnection.CreatePodFromObject(podObject, Probe.Name()) // Pod name is saved to scenario state if successful + createdPVCObject, pvcCreationErr := connection.Kubernetes.CreatePVCFromObject(pvcObject, Probe.Name()) + createdPodObject, podCreationErr := connection.Kubernetes.CreatePodFromObject(podObject, Probe.Name()) // Pod name is saved to scenario state if successful if podCreationErr != nil { return podCreationErr } @@ -72,7 +73,7 @@ func (scenario *scenarioState) iCreateAPodWhichDynamicallyCreatesAnAzureDisk() e } func (scenario *scenarioState) theDiskIsEncryptedUsingCustomerManagedKeys() error { - pvc, err := kConnection.GetPVCFromPVCName(scenario.pvcs[0], scenario.namespace) + pvc, err := connection.Kubernetes.GetPVCFromPVCName(scenario.pvcs[0], scenario.namespace) if err != nil { log.Printf("[DEBUG] Error getting PVC from PVC Name") return err @@ -86,12 +87,12 @@ func (scenario *scenarioState) theDiskIsEncryptedUsingCustomerManagedKeys() erro log.Printf("[DEBUG] PVC Status.Phase: %s; Waiting...", pvc.Status.Phase) time.Sleep(2 * time.Second) - pvc, _ = kConnection.GetPVCFromPVCName(scenario.pvcs[0], scenario.namespace) + pvc, _ = connection.Kubernetes.GetPVCFromPVCName(scenario.pvcs[0], scenario.namespace) } log.Printf("[DEBUG] PVC name is %s. PV name is %s.", scenario.pvcs[0], pvc.Spec.VolumeName) - pv, err := kConnection.GetPVFromPVName(pvc.Spec.VolumeName) + pv, err := connection.Kubernetes.GetPVFromPVName(pvc.Spec.VolumeName) if err != nil { log.Printf("[DEBUG] Error getting PV from PV Name") log.Printf("[DEBUG] PVC trace: %v", pvc) @@ -100,10 +101,10 @@ func (scenario *scenarioState) theDiskIsEncryptedUsingCustomerManagedKeys() erro log.Printf("[DEBUG] Disk URI is %s", pv.Spec.AzureDisk.DataDiskURI) - rgName, diskName := scenario.AZConnection.ParseDiskDetails(pv.Spec.AzureDisk.DataDiskURI) + rgName, diskName := connection.Azure.ParseDiskDetails(pv.Spec.AzureDisk.DataDiskURI) log.Printf("[DEBUG] Disk details are rgName: %s. diskName: %s", rgName, diskName) - azureDisk, err := scenario.AZConnection.GetDisk(rgName, diskName) + azureDisk, err := connection.Azure.GetDisk(rgName, diskName) if err != nil { log.Printf("Error getting disk client") return err @@ -120,7 +121,6 @@ func (scenario *scenarioState) theDiskIsEncryptedUsingCustomerManagedKeys() erro } func (scenario *scenarioState) anAzureKubernetesClusterWeCanReadTheConfigurationOf() (err error) { - aksJSON, err = common.AnAzureKubernetesClusterWeCanReadTheConfigurationOf(scenario.GetScenarioState()) return diff --git a/internal/azure/kubernetes/iam/iam.go b/internal/azure/kubernetes/iam/iam.go index a9b26de..2215a73 100644 --- a/internal/azure/kubernetes/iam/iam.go +++ b/internal/azure/kubernetes/iam/iam.go @@ -2,7 +2,6 @@ package iam import ( - "context" "encoding/json" "fmt" "log" @@ -12,15 +11,13 @@ import ( "github.com/probr/probr-pack-aks/internal/common" "github.com/probr/probr-pack-aks/internal/config" + "github.com/probr/probr-pack-aks/internal/connection" "github.com/probr/probr-pack-aks/internal/summary" "github.com/probr/probr-sdk/audit" "github.com/probr/probr-sdk/probeengine" - azureutil "github.com/probr/probr-sdk/providers/azure" - "github.com/probr/probr-sdk/providers/azure/aks" - azureconnection "github.com/probr/probr-sdk/providers/azure/connection" - "github.com/probr/probr-sdk/providers/kubernetes/connection" + k8sConnection "github.com/probr/probr-sdk/providers/kubernetes/connection" "github.com/probr/probr-sdk/providers/kubernetes/constructors" "github.com/probr/probr-sdk/providers/kubernetes/errors" "github.com/probr/probr-sdk/utils" @@ -41,10 +38,6 @@ type scenarioState struct { // Probe meets the service pack interface for adding the logic from this file var Probe probeStruct var scenario scenarioState -var conn *connection.Conn -var azureK8S *aks.AKS - -//var azConnection azureconnection.Azure // Provides functionality to interact with Azure func (scenario *scenarioState) aKubernetesClusterIsDeployed() error { // Standard auditing logic to ensures panics are also audited @@ -65,7 +58,7 @@ func (scenario *scenarioState) aKubernetesClusterIsDeployed() error { config.Vars.ServicePacks.Kubernetes.KubeContext, } - err = conn.ClusterIsDeployed() // Must be assigned to 'err' be audited + err = connection.Kubernetes.ClusterIsDeployed() // Must be assigned to 'err' be audited return err } @@ -92,7 +85,7 @@ func (scenario *scenarioState) aResourceTypeXCalledYExistsInNamespaceCalledZ(res // TODO: This implementation is coupled to Azure. How should we deal with this when segregating service pack? var foundInNamespace bool - var resource connection.APIResource + var resource k8sConnection.APIResource var findErr error // Validate input switch resourceType { @@ -123,7 +116,7 @@ func (scenario *scenarioState) aResourceTypeXCalledYExistsInNamespaceCalledZ(res payload = struct { CustomResourceType string CustomResourceName string - Resource connection.APIResource + Resource k8sConnection.APIResource }{ CustomResourceType: resourceType, CustomResourceName: resourceName, @@ -254,7 +247,7 @@ func (scenario *scenarioState) anAttemptToObtainAnAccessTokenFromThatPodShouldX( cmd := "curl http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F -H Metadata:true -s" stepTrace.WriteString(fmt.Sprintf("Attempt to run command in the pod: '%s'; ", cmd)) - _, stdOut, _, cmdErr := conn.ExecCommand(cmd, scenario.namespace, podName) + _, stdOut, _, cmdErr := connection.Kubernetes.ExecCommand(cmd, scenario.namespace, podName) // Validate that no internal error occurred during execution of curl command if cmdErr != nil { @@ -318,7 +311,7 @@ func (scenario *scenarioState) iCreateAnAzureIdentityBindingCalledInANondefaultN Namespace string AzureIdentityBindingName string AzureIdentityName string - CreatedAzureIdentityBinding connection.APIResource + CreatedAzureIdentityBinding k8sConnection.APIResource }{ Namespace: probrNameSpace, AzureIdentityBindingName: aibName, @@ -344,7 +337,7 @@ func (scenario *scenarioState) theClusterHasManagedIdentityComponentsDeployed() stepTrace.WriteString(fmt.Sprintf( "Get pods from '%s' namespace; ", identityPodsNamespace)) // look for the mic pods - podList, getErr := conn.GetPodsByNamespace(identityPodsNamespace) + podList, getErr := connection.Kubernetes.GetPodsByNamespace(identityPodsNamespace) if getErr != nil { err = utils.ReformatError("An error occurred when trying to retrieve pods %v", err) @@ -424,7 +417,7 @@ func (scenario *scenarioState) theExecutionOfAXCommandInsideTheMICPodIsY(command identityPodsNamespace := config.Vars.ServicePacks.AKS.ManagedID.IdentityNamespace stepTrace.WriteString(fmt.Sprintf( "Attempt to execute command '%s' in MIC pod '%s'; ", cmd, scenario.micPodName)) - exitCode, stdOut, _, cmdErr := conn.ExecCommand(cmd, identityPodsNamespace, scenario.micPodName) + exitCode, stdOut, _, cmdErr := connection.Kubernetes.ExecCommand(cmd, identityPodsNamespace, scenario.micPodName) // Validate that no internal error occurred during execution of curl command if cmdErr != nil && exitCode == -1 { @@ -482,7 +475,7 @@ func (scenario *scenarioState) checkClusterRBACForAdminRole() error { //this is the role definition name for rolename "Azure Kubernetes Service Cluster Admin Role" roleDefName := "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8" - caRoleAssigned, err := scenario.AZConnection.ClusterHasRoleAssignment(config.Vars.ServicePacks.AKS.ResourceGroupName, config.Vars.ServicePacks.AKS.ClusterName, roleDefName) + caRoleAssigned, err := connection.Azure.ClusterHasRoleAssignment(config.Vars.ServicePacks.AKS.ResourceGroupName, config.Vars.ServicePacks.AKS.ClusterName, roleDefName) if err != nil { return err @@ -510,7 +503,7 @@ func (scenario *scenarioState) checkCannotObtainClusterAdminCredentials() error scenario.Audit.AuditScenarioStep(scenario.CurrentStep, stepTrace.String(), payload, err) }() - _, credsErr := scenario.AZConnection.GetManagedClusterAdminCredentials(config.Vars.ServicePacks.AKS.ResourceGroupName, config.Vars.ServicePacks.AKS.ClusterName) + _, credsErr := connection.Azure.GetManagedClusterAdminCredentials(config.Vars.ServicePacks.AKS.ResourceGroupName, config.Vars.ServicePacks.AKS.ClusterName) if credsErr != nil { log.Printf("[DEBUG] Error trying to get cluster admin credentials: %v", err) @@ -544,18 +537,6 @@ func (probe probeStruct) Path() string { // test handler as part of the init() function. func (probe probeStruct) ProbeInitialize(ctx *godog.TestSuiteContext) { ctx.BeforeSuite(func() { - //conn = connection.Get() - conn = connection.NewConnection(config.Vars.ServicePacks.Kubernetes.KubeConfigPath, config.Vars.ServicePacks.Kubernetes.KubeContext, config.Vars.ServicePacks.Kubernetes.ProbeNamespace) - azureK8S = aks.NewAKS(conn) - - scenario.AZConnection = azureconnection.NewAzureConnection( - context.Background(), - azureutil.SubscriptionID(), - azureutil.TenantID(), - azureutil.ClientID(), - azureutil.ClientSecret(), - ) - //setup AzureIdentity stuff ..?? Or should this be a pre-test setup }) @@ -611,7 +592,7 @@ func beforeScenario(s *scenarioState, probeName string, gs *godog.Scenario) { func afterScenario(scenario scenarioState, probe probeStruct, gs *godog.Scenario, err error) { if config.Vars.ServicePacks.Kubernetes.KeepPods == "false" { for _, podName := range scenario.pods { - err = conn.DeletePodIfExists(podName, scenario.namespace, probe.Name()) + err = connection.Kubernetes.DeletePodIfExists(podName, scenario.namespace, probe.Name()) if err != nil { log.Printf(fmt.Sprintf("[ERROR] Could not retrieve pod from namespace '%s' for deletion: %s", scenario.namespace, err)) } @@ -621,16 +602,16 @@ func afterScenario(scenario scenarioState, probe probeStruct, gs *godog.Scenario } func (scenario *scenarioState) createPodfromObject(podObject *apiv1.Pod) (createdPodObject *apiv1.Pod, err error) { - createdPodObject, err = conn.CreatePodFromObject(podObject, Probe.Name()) + createdPodObject, err = connection.Kubernetes.CreatePodFromObject(podObject, Probe.Name()) if err == nil { scenario.pods = append(scenario.pods, createdPodObject.ObjectMeta.Name) } return } -func azureIdentityExistsInNamespace(azureIdentityName, namespace string) (exists bool, resource connection.APIResource, err error) { +func azureIdentityExistsInNamespace(azureIdentityName, namespace string) (exists bool, resource k8sConnection.APIResource, err error) { - resource, getError := azureK8S.GetIdentityByNameAndNamespace(azureIdentityName, namespace) + resource, getError := connection.AKS.GetIdentityByNameAndNamespace(azureIdentityName, namespace) if getError != nil { if errors.IsStatusCode(404, getError) { exists = false @@ -644,9 +625,9 @@ func azureIdentityExistsInNamespace(azureIdentityName, namespace string) (exists return } -func azureIdentityBindingExistsInNamespace(azureIdentityBindingName, namespace string) (exists bool, resource connection.APIResource, err error) { +func azureIdentityBindingExistsInNamespace(azureIdentityBindingName, namespace string) (exists bool, resource k8sConnection.APIResource, err error) { - resource, getError := azureK8S.GetIdentityBindingByNameAndNamespace(azureIdentityBindingName, namespace) + resource, getError := connection.AKS.GetIdentityBindingByNameAndNamespace(azureIdentityBindingName, namespace) if getError != nil { if errors.IsStatusCode(404, getError) { exists = false @@ -661,9 +642,9 @@ func azureIdentityBindingExistsInNamespace(azureIdentityBindingName, namespace s } // azureCreateAIB creates an AzureIdentityBinding in the cluster -func azureCreateAIB(namespace, aibName, aiName string) (aibResource connection.APIResource, err error) { +func azureCreateAIB(namespace, aibName, aiName string) (aibResource k8sConnection.APIResource, err error) { - resource, createErr := azureK8S.CreateAIB(namespace, aibName, aiName) + resource, createErr := connection.AKS.CreateAIB(namespace, aibName, aiName) if errors.IsStatusCode(409, createErr) { // Already Exists // TODO: Delete and recreate ? createErr = nil diff --git a/internal/azure/networking/feature_setup.go b/internal/azure/networking/feature_setup.go index 91b79b1..bce6734 100644 --- a/internal/azure/networking/feature_setup.go +++ b/internal/azure/networking/feature_setup.go @@ -9,8 +9,6 @@ import ( "github.com/probr/probr-pack-aks/internal/common" "github.com/probr/probr-pack-aks/internal/summary" "github.com/probr/probr-sdk/probeengine" - azureutil "github.com/probr/probr-sdk/providers/azure" - "github.com/probr/probr-sdk/providers/azure/connection" ) type scenarioState struct { @@ -49,15 +47,6 @@ func (probe probeStruct) Path() string { func (probe probeStruct) ProbeInitialize(ctx *godog.TestSuiteContext) { ctx.BeforeSuite(func() { - - scenario.AZConnection = connection.NewAzureConnection( - context.Background(), - azureutil.SubscriptionID(), - azureutil.TenantID(), - azureutil.ClientID(), - azureutil.ClientSecret(), - ) - }) ctx.AfterSuite(func() { diff --git a/internal/common/common.go b/internal/common/common.go index 2b896d3..2a34ad8 100644 --- a/internal/common/common.go +++ b/internal/common/common.go @@ -7,22 +7,21 @@ import ( "strings" "github.com/probr/probr-pack-aks/internal/config" + "github.com/probr/probr-pack-aks/internal/connection" "github.com/probr/probr-sdk/audit" "github.com/probr/probr-sdk/probeengine" "github.com/probr/probr-sdk/probeengine/opa" - "github.com/probr/probr-sdk/providers/azure/connection" "github.com/probr/probr-sdk/utils" ) // ScenarioState is the base struct for handling state across steps in a scenario type ScenarioState struct { - Name string - CurrentStep string - Audit *audit.Scenario - Probe *audit.Probe - Ctx context.Context - Tags map[string]*string - AZConnection connection.Azure + Name string + CurrentStep string + Audit *audit.Scenario + Probe *audit.Probe + Ctx context.Context + Tags map[string]*string //additional variables to hold state goes here } @@ -67,12 +66,6 @@ func OPAProbe(opaFuncName string, aksJSON []byte, scenario *ScenarioState) (err scenario.Audit.AuditScenarioStep(scenario.CurrentStep, stepTrace.String(), payload, err) }() - payload = struct { - Placeholder string - }{ - "placeholder", - } - stepTrace.WriteString(fmt.Sprintf("Use OPA function %s to evaluate this cluster; ", opaFuncName)) err = eval(opaFuncName, aksJSON) @@ -117,32 +110,30 @@ func AnAzureKubernetesClusterWeCanReadTheConfigurationOf(scenario *ScenarioState } scenario.Audit.AuditScenarioStep(scenario.CurrentStep, stepTrace.String(), payload, err) }() + if len(connection.Errors()) > 0 { + payload = connection.Errors() + return nil, utils.ReformatError("Failed to connect to AKS cluster") + } + stepTrace.WriteString("Get the configuration of the AKS cluster; ") payload = struct { - Placeholder string + ResourceGroup string + ClusterName string }{ - "placeholder", + config.Vars.ServicePacks.AKS.ResourceGroupName, + config.Vars.ServicePacks.AKS.ClusterName, } - - stepTrace.WriteString("Get the configuration of the AKS cluster; ") - json, err = getClusterConfigJSON(scenario) - - if err != nil { - log.Printf("Error loading JSON: %v", err) - return - } - - if len(json) == 0 { - err = fmt.Errorf("aksJSON empty") - } return } func getClusterConfigJSON(scenario *ScenarioState) (json []byte, err error) { - json, err = scenario.AZConnection.GetManagedClusterJSON(config.Vars.ServicePacks.AKS.ResourceGroupName, config.Vars.ServicePacks.AKS.ClusterName) + if connection.Azure == nil { + log.Printf("[ERROR] Failed to establish Azure connection.") + } + json, err = connection.Azure.GetManagedClusterJSON(config.Vars.ServicePacks.AKS.ResourceGroupName, config.Vars.ServicePacks.AKS.ClusterName) if err != nil { - log.Printf("Error loading JSON: %v", err) + log.Printf("[ERROR] Failed to load JSON: %v", err) return } diff --git a/internal/config/config.go b/internal/config/config.go index c402ad9..c56b8c7 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -26,9 +26,10 @@ func (ctx *varOptions) Init() (err error) { } sdkConfig.GlobalConfig.VarsFile = ctx.VarsFile sdkConfig.GlobalConfig.Init() - sdkConfig.GlobalConfig.CloudProviders.Azure.SetEnvAndDefaults() + sdkConfig.GlobalConfig.PrepareOutputDirectory("audit", "cucumber") - ctx.ServicePacks.Kubernetes.setEnvAndDefaults() //TODO: !! CHANGE ME !! + sdkConfig.GlobalConfig.CloudProviders.Azure.SetEnvAndDefaults() + ctx.ServicePacks.Kubernetes.setEnvAndDefaults() ctx.ServicePacks.AKS.setEnvAndDefaults() log.Printf("[DEBUG] Config initialized by %s", utils.CallerName(1)) diff --git a/internal/connection/connection.go b/internal/connection/connection.go new file mode 100644 index 0000000..dd23e15 --- /dev/null +++ b/internal/connection/connection.go @@ -0,0 +1,66 @@ +package connection + +import ( + "context" + "log" + + "github.com/probr/probr-pack-aks/internal/config" + azureutil "github.com/probr/probr-sdk/providers/azure" + "github.com/probr/probr-sdk/providers/azure/aks" + azureconnection "github.com/probr/probr-sdk/providers/azure/connection" + "github.com/probr/probr-sdk/providers/kubernetes/connection" +) + +var Kubernetes *connection.Conn +var Azure *azureconnection.AzureConnection +var AKS *aks.AKS +var errStrings []string + +func Init() { + subID, tenantID, clientID, secret, good := validateConfig() + if !good { + log.Printf("[ERROR] Missing required config vars") + return // Do not attempt connection without required values + } + Kubernetes = connection.NewConnection( + config.Vars.ServicePacks.Kubernetes.KubeConfigPath, + config.Vars.ServicePacks.Kubernetes.KubeContext, + config.Vars.ServicePacks.Kubernetes.ProbeNamespace, + ) + AKS = aks.NewAKS(Kubernetes) + Azure = azureconnection.NewAzureConnection( + context.Background(), + subID, + tenantID, + clientID, + secret, + ) + for i, conn := range []interface{}{Kubernetes, AKS, Azure} { + if conn == nil { + log.Printf("[ERROR] Failed initialization (%v)", i) + } + } +} + +func validateConfig() (subID, tenantID, clientID, secret string, good bool) { + subID, subErr := azureutil.SubscriptionID() + tenantID, tenErr := azureutil.TenantID() + clientID, cliErr := azureutil.ClientID() + secret, secErr := azureutil.ClientSecret() + + for _, e := range []error{subErr, tenErr, cliErr, secErr} { + if e != nil { + errStrings = append(errStrings, e.Error()) + } + } + if errStrings != nil { + return + } + good = true + return +} + +// Error reformats a collection of any errors encountered during connection +func Errors() []string { + return errStrings +} diff --git a/main.go b/main.go index 3971aee..1289cd7 100644 --- a/main.go +++ b/main.go @@ -10,8 +10,8 @@ import ( "syscall" "github.com/probr/probr-pack-aks/internal/config" - //"github.com/probr/probr-pack-kubernetes/internal/connection" - "github.com/probr/probr-pack-aks/internal/summary" //TODO: + "github.com/probr/probr-pack-aks/internal/connection" + "github.com/probr/probr-pack-aks/internal/summary" "github.com/probr/probr-pack-aks/pack" audit "github.com/probr/probr-sdk/audit" @@ -121,10 +121,9 @@ func ProbrCoreLogic() (err error) { defer sdkConfig.GlobalConfig.CleanupTmp() setupCloseHandler() // Sigterm protection config.Vars.Init() + connection.Init() summary.State = audit.NewSummaryState(ServicePackName) - //connection.Connect() - store := probeengine.NewProbeStore(ServicePackName, config.Vars.Tags(), &summary.State) s, err := store.RunAllProbes(pack.GetProbes()) if err != nil { From 0b52260921f055df02c4f1d17d412268aceee935 Mon Sep 17 00:00:00 2001 From: "Knight, Eddie" Date: Wed, 16 Jun 2021 06:09:20 -0400 Subject: [PATCH 3/4] Updating go mod to sdk v0.1.6 --- go.mod | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f7109c4..3d488ff 100644 --- a/go.mod +++ b/go.mod @@ -6,10 +6,9 @@ require ( github.com/cucumber/godog v0.11.0 github.com/hashicorp/go-hclog v0.15.0 // indirect github.com/markbates/pkger v0.17.1 - github.com/probr/probr-sdk v0.0.0-00010101000000-000000000000 - // github.com/probr/probr-sdk v0.1.5 + github.com/probr/probr-sdk v0.1.6 k8s.io/api v0.19.6 ) // For Development Only -replace github.com/probr/probr-sdk => ../probr-sdk +// replace github.com/probr/probr-sdk => ../probr-sdk From 7a86f507d552a09e2314894a422e3a4535ef94f0 Mon Sep 17 00:00:00 2001 From: "Knight, Eddie" Date: Wed, 16 Jun 2021 06:18:52 -0400 Subject: [PATCH 4/4] Go mod tidy --- go.sum | 2 ++ 1 file changed, 2 insertions(+) diff --git a/go.sum b/go.sum index 926c38a..2da42e8 100644 --- a/go.sum +++ b/go.sum @@ -432,6 +432,8 @@ github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6J github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= +github.com/probr/probr-sdk v0.1.6 h1:NSv106oUtCOXCbj6tuDvEvsmiL8uHoxakWgVbC/C4Js= +github.com/probr/probr-sdk v0.1.6/go.mod h1:Cp/BmkTE08Q0Kw+t3YcVn89ZjMuET2sSeEKsYEiYTFQ= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=