Adding support to display k8s Network policy in discover (#210)

cmd/discover.go

@@ -27,7 +27,7 @@ func init() {
 	rootCmd.AddCommand(discoverCmd)
 	discoverCmd.Flags().StringVar(&discoverOptions.GRPC, "gRPC", "", "gRPC server information")
 	discoverCmd.Flags().StringVarP(&discoverOptions.Format, "format", "f", "json", "Format: json or yaml")
-	discoverCmd.Flags().StringVarP(&discoverOptions.Policy, "policy", "p", "kubearmor", "Type of policies to be discovered: cilium or kubearmor")
+	discoverCmd.Flags().StringVarP(&discoverOptions.Policy, "policy", "p", "KubearmorSecurityPolicy", "Type of policies to be discovered: KubearmorSecurityPolicy|CiliumNetworkPolicy|NetworkPolicy")
 	discoverCmd.Flags().StringVarP(&discoverOptions.Namespace, "namespace", "n", "", "Filter by Namespace")
 	discoverCmd.Flags().StringVarP(&discoverOptions.Clustername, "clustername", "c", "", "Filter by Clustername")
 	discoverCmd.Flags().StringVarP(&discoverOptions.Labels, "labels", "l", "", "Filter by policy Label")

discover/discover.go

@@ -17,6 +17,8 @@ import (
 	"github.com/rs/zerolog/log"
 	"sigs.k8s.io/yaml"
 
+	nv1 "k8s.io/api/networking/v1"
+
 	wpb "github.com/accuknox/auto-policy-discovery/src/protobuf/v1/worker"
 	"github.com/accuknox/auto-policy-discovery/src/types"
 	"google.golang.org/grpc"
@@ -77,23 +79,18 @@ func ConvertPolicy(c *k8s.Client, o Options) error {
 		return errors.New("could not connect to the server. Possible troubleshooting:\n- Check if discovery engine is running\n- Create a portforward to discovery engine service using\n\t\033[1mkubectl port-forward -n explorer service/knoxautopolicy --address 0.0.0.0 --address :: 9089:9089\033[0m\n- Configure grpc server information using\n\t\033[1mkarmor log --grpc <info>\033[0m")
 	}
 
-	if o.Policy == "network" {
-		policy := types.CiliumNetworkPolicy{}
-
-		ciliumpolicy := []types.CiliumNetworkPolicy{}
+	if o.Policy == "CiliumNetworkPolicy" {
 
 		if len(response.Ciliumpolicy) > 0 {
 			for _, val := range response.Ciliumpolicy {
-				policy = types.CiliumNetworkPolicy{}
+				policy := types.CiliumNetworkPolicy{}
 
 				err = json.Unmarshal(val.Data, &policy)
 				if err != nil {
 					log.Error().Msg(err.Error())
 					return err
 				}
 
-				ciliumpolicy = append(ciliumpolicy, policy)
-
 				str := ""
 				if o.Format == "json" {
 					arr, _ := json.MarshalIndent(policy, "", "    ")
@@ -110,8 +107,7 @@ func ConvertPolicy(c *k8s.Client, o Options) error {
 				}
 			}
 		}
-	} else if o.Policy == "system" {
-		kubearmorpolicy := []types.KubeArmorPolicy{}
+	} else if o.Policy == "KubearmorSecurityPolicy" {
 
 		if len(response.Kubearmorpolicy) > 0 {
 			for _, val := range response.Kubearmorpolicy {
@@ -123,7 +119,33 @@ func ConvertPolicy(c *k8s.Client, o Options) error {
 					return err
 				}
 
-				kubearmorpolicy = append(kubearmorpolicy, policy)
+				str := ""
+				if o.Format == "json" {
+					arr, _ := json.MarshalIndent(policy, "", "    ")
+					str = fmt.Sprintf("%s\n", string(arr))
+					fmt.Printf("%s", str)
+				} else if o.Format == "yaml" {
+					arr, _ := json.Marshal(policy)
+					yamlarr, _ := yaml.JSONToYAML(arr)
+					str = fmt.Sprintf("%s", string(yamlarr))
+					fmt.Printf("%s---\n", str)
+				} else {
+					fmt.Printf("Currently supported formats are json and yaml\n")
+					break
+				}
+			}
+		}
+	} else if o.Policy == "NetworkPolicy" {
+
+		if len(response.K8SNetworkpolicy) > 0 {
+			for _, val := range response.K8SNetworkpolicy {
+				policy := nv1.NetworkPolicy{}
+
+				err = json.Unmarshal(val.Data, &policy)
+				if err != nil {
+					log.Error().Msg(err.Error())
+					return err
+				}
 
 				str := ""
 				if o.Format == "json" {
@@ -148,12 +170,8 @@ func ConvertPolicy(c *k8s.Client, o Options) error {
 
 // Policy discovers Cilium or KubeArmor policies
 func Policy(c *k8s.Client, o Options) error {
-	if o.Policy == "cilium" {
-		o.Policy = "network"
-	} else if o.Policy == "kubearmor" {
-		o.Policy = "system"
-	} else {
-		log.Error().Msgf("Policy type not recognized.\nCurrently supported policies are cilium and kubearmor\n")
+	if o.Policy != "CiliumNetworkPolicy" && o.Policy != "NetworkPolicy" && o.Policy != "KubearmorSecurityPolicy" {
+		log.Error().Msgf("Policy type not recognized.\nCurrently supported policies are cilium, kubearmor and k8snetpol\n")
 	}
 
 	if err := ConvertPolicy(c, o); err != nil {

go.mod

@@ -11,7 +11,7 @@ replace (
 )
 
 require (
-	github.com/accuknox/auto-policy-discovery/src v0.0.0-20221004060846-9c120a7390e8
+	github.com/accuknox/auto-policy-discovery/src v0.0.0-20221117052812-ce8fb166b71d
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/cilium/cilium v1.10.14
 	github.com/clarketm/json v1.17.1

go.sum

@@ -115,8 +115,8 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdko
 github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA=
 github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8=
-github.com/accuknox/auto-policy-discovery/src v0.0.0-20221004060846-9c120a7390e8 h1:FgHgVCj7+WNkQ5fJ0tbiquLbEPLqeeBqFGRj7baMbRw=
-github.com/accuknox/auto-policy-discovery/src v0.0.0-20221004060846-9c120a7390e8/go.mod h1:R5eU8iW3k7lPwrycZ0zpe4s0X76IpjJxpHCkSyd7CpY=
+github.com/accuknox/auto-policy-discovery/src v0.0.0-20221117052812-ce8fb166b71d h1:5a2urN7udpy1Rq9mDSKVguceC7mHlcBYbGIiMpFFcVw=
+github.com/accuknox/auto-policy-discovery/src v0.0.0-20221117052812-ce8fb166b71d/go.mod h1:/D33+lnnMT27UBbfmOhtPctwrgCmvd82ze00+GeycUs=
 github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=