Merge pull request kubearmor#372 from Aryan-sharma11/karmor_systemd

Listing the policies applied on containers in Systemd mode

cmd/probe.go

@@ -35,4 +35,5 @@ func init() {
 	probeCmd.Flags().BoolVar(&probeInstallOptions.Full, "full", false, `If KubeArmor is not running, it deploys a daemonset to have access to more
 information on KubeArmor support in the environment and deletes daemonset after probing`)
 	probeCmd.Flags().StringVarP(&probeInstallOptions.Output, "format", "f", "text", " Format: json or text ")
+	probeCmd.Flags().StringVar(&probeInstallOptions.GRPC, "gRPC", "", "GRPC port ")
 }

go.mod

@@ -23,7 +23,7 @@ require (
 	github.com/docker/docker v23.0.6+incompatible
 	github.com/fatih/color v1.15.0
 	github.com/json-iterator/go v1.1.12
-	github.com/kubearmor/KubeArmor/protobuf v0.0.0-20230918061249-1d5b51c449bd
+	github.com/kubearmor/KubeArmor/protobuf v0.0.0-20231019102803-e4e0e68a457b
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/moby/term v0.0.0-20221205130635-1aeaba878587
 	github.com/olekukonko/tablewriter v0.0.5
@@ -51,11 +51,11 @@ require (
 	github.com/google/go-cmp v0.5.9
 	github.com/google/go-github v17.0.0+incompatible
 	github.com/kubearmor/KVMService/src/types v0.0.0-20220714130113-b0eba8c9ff34
-	github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20230918061249-1d5b51c449bd
-	github.com/kubearmor/KubeArmor/deployments v0.0.0-20230918135729-00395f443fa0
-	github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20230626060245-4f5b8ac4f298
-	github.com/onsi/ginkgo/v2 v2.9.5
-	github.com/onsi/gomega v1.27.7
+	github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20231019102803-e4e0e68a457b
+	github.com/kubearmor/KubeArmor/deployments v0.0.0-20231019102803-e4e0e68a457b
+	github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20231019102803-e4e0e68a457b
+	github.com/onsi/ginkgo/v2 v2.9.7
+	github.com/onsi/gomega v1.27.8
 	k8s.io/api v0.27.3
 	k8s.io/apiextensions-apiserver v0.27.3
 	k8s.io/apimachinery v0.27.3

go.sum

@@ -940,14 +940,14 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kubearmor/KVMService/src/types v0.0.0-20220714130113-b0eba8c9ff34 h1:DYGyMKCPcwbjcS6BAq43USVLlOnUKL72i/OlH32Ecfs=
 github.com/kubearmor/KVMService/src/types v0.0.0-20220714130113-b0eba8c9ff34/go.mod h1:jH95bvc6gzdHxVdyUAx/MM9q27P9EPQUl13HkBO5mr4=
-github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20230918061249-1d5b51c449bd h1:bylNnIgfJ2SmBbBkY/jdynozcErE8/psmxeKMX8yGrs=
-github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20230918061249-1d5b51c449bd/go.mod h1:6Ha3nBwlgPnTiacKade2jxkkBpOKPmBCizrsJcxn+fw=
-github.com/kubearmor/KubeArmor/deployments v0.0.0-20230918135729-00395f443fa0 h1:Y+YFPdznql0YuDN7BYFUQLHRbJhKG3cSuzCJkLQFIiI=
-github.com/kubearmor/KubeArmor/deployments v0.0.0-20230918135729-00395f443fa0/go.mod h1:9c5VpVVkkto1fPLyCrnZAThQ9lO04mpYNJnfN36UqL0=
-github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20230626060245-4f5b8ac4f298 h1:dx4xNITMAlG4B5/zjoaIUF/QsBGzkkek/SNjSXE3MYc=
-github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20230626060245-4f5b8ac4f298/go.mod h1:e8Jy4rDPf+O/H+ThAlCILTLkAVy3WgKW3SssLQat+RY=
-github.com/kubearmor/KubeArmor/protobuf v0.0.0-20230918061249-1d5b51c449bd h1:3RjcVbIzUQ98D61CUkq9X//koYvbdck7P8AoDTu6bZM=
-github.com/kubearmor/KubeArmor/protobuf v0.0.0-20230918061249-1d5b51c449bd/go.mod h1:u2IBmj/3GtZodhGIPlO0gwNZ+C/dDlxER1BPQfCOEsk=
+github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20231019102803-e4e0e68a457b h1:XmWnvTayMLEwpTz15LL9Qq6ZEb4AK0rb7PngLMHRUTk=
+github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20231019102803-e4e0e68a457b/go.mod h1:7EoQjYGr6xjPCwJPD26bHB9fY6fTepqXJOrg6eT5dqI=
+github.com/kubearmor/KubeArmor/deployments v0.0.0-20231019102803-e4e0e68a457b h1:44jrDRGS7O1ZZOavDOZ+Q/dv+C6FkC2qa5JXNv6I4lY=
+github.com/kubearmor/KubeArmor/deployments v0.0.0-20231019102803-e4e0e68a457b/go.mod h1:9c5VpVVkkto1fPLyCrnZAThQ9lO04mpYNJnfN36UqL0=
+github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20231019102803-e4e0e68a457b h1:AeGpC3f4zEIzNmhejsGkJ+dgRuCsCONdUGTx3FVClcw=
+github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20231019102803-e4e0e68a457b/go.mod h1:LtrnsoV9isTrXx0ClJgKxSJ/gbYmDj9m3pXIjG1yxBg=
+github.com/kubearmor/KubeArmor/protobuf v0.0.0-20231019102803-e4e0e68a457b h1:jJ4yBo4LVx9TCAPm7WqtlOUy0TeC9jRpIJCoT2+CB+Q=
+github.com/kubearmor/KubeArmor/protobuf v0.0.0-20231019102803-e4e0e68a457b/go.mod h1:u2IBmj/3GtZodhGIPlO0gwNZ+C/dDlxER1BPQfCOEsk=
 github.com/kulti/thelper v0.4.0/go.mod h1:vMu2Cizjy/grP+jmsvOFDx1kYP6+PD1lqg4Yu5exl2U=
 github.com/kunwardeep/paralleltest v1.0.2/go.mod h1:ZPqNm1fVHPllh5LPVujzbVz1JN2GhLxSfY+oqUsvG30=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
@@ -1150,8 +1150,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47
 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk=
 github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0=
 github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo=
-github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
-github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k=
+github.com/onsi/ginkgo/v2 v2.9.7 h1:06xGQy5www2oN160RtEZoTvnP2sPhEfePYmCDc2szss=
+github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
@@ -1165,8 +1165,8 @@ github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeR
 github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc=
 github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM=
 github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg=
-github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU=
-github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4=
+github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc=
+github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 github.com/open-policy-agent/cert-controller v0.2.0/go.mod h1:SWS7Ame8oKHF11cDsQCFlULrrOMV5Z59FIGEAF/M6YI=
 github.com/open-policy-agent/frameworks/constraint v0.0.0-20210701194838-1dbe2618668d/go.mod h1:y8wOVfZ6+bEmbhBMnLnFlQrJB9eQpVk+dIDa7YrtocI=

probe/print.go

@@ -114,3 +114,34 @@ func printAnnotatedPods(podData [][]string) {
 	table.SetAutoMergeCellsByColumnIndex([]int{0, 1, 2})
 	table.Render()
 }
+func printContainersSystemd(podData [][]string) {
+	_, err := boldWhite.Printf("Armored Up Containers : \n")
+	if err != nil {
+		color.Red(" Error printing bold text")
+	}
+
+	table := tablewriter.NewWriter(os.Stdout)
+	table.SetHeader([]string{"CONTAINER NAME", "POLICY"})
+	for _, v := range podData {
+		table.Append(v)
+	}
+	table.SetRowLine(true)
+	table.SetAutoMergeCellsByColumnIndex([]int{0, 1})
+	table.Render()
+
+}
+func printHostPolicy(hostPolicy [][]string) {
+	_, err := boldWhite.Printf("Host Policies : \n")
+	if err != nil {
+		color.Red(" Error printing bold text")
+	}
+
+	table := tablewriter.NewWriter(os.Stdout)
+	table.SetHeader([]string{"HOST NAME ", "POLICY"})
+	for _, v := range hostPolicy {
+		table.Append(v)
+	}
+	table.SetRowLine(true)
+	table.SetAutoMergeCellsByColumnIndex([]int{0, 1})
+	table.Render()
+}

probe/probe.go

@@ -25,6 +25,8 @@ import (
 	tp "github.com/kubearmor/KubeArmor/KubeArmor/types"
 	"github.com/kubearmor/kubearmor-client/deployment"
 	"github.com/kubearmor/kubearmor-client/k8s"
+	"google.golang.org/grpc"
+	"google.golang.org/protobuf/types/known/emptypb"
 
 	"golang.org/x/exp/slices"
 	"golang.org/x/mod/semver"
@@ -35,6 +37,7 @@ import (
 
 	"errors"
 
+	pb "github.com/kubearmor/KubeArmor/protobuf"
 	"golang.org/x/sys/unix"
 )
 
@@ -75,10 +78,44 @@ func PrintProbeResult(c *k8s.Client, o Options) error {
 		}
 	}
 	if isSystemdMode() {
-		err := probeSystemdMode()
+		kd, err := probeSystemdMode()
 		if err != nil {
 			return err
 		}
+		policyData, err := getPolicyData(o)
+		if err != nil {
+			return err
+		}
+		armoredContainers, containerMap := getArmoredContainerData(policyData.ContainerList, policyData.ContainerMap)
+		hostPolicyData := getHostPolicyData(policyData)
+		if o.Output == "json" {
+			probeData := map[string]interface{}{"Probe Data": map[string]interface{}{
+				"Host":              kd,
+				"HostPolicies":      policyData.HostMap,
+				"ArmoredContainers": containerMap,
+			},
+			}
+			out, err := json.Marshal(probeData)
+			if err != nil {
+				return err
+			}
+			fmt.Println(string(out))
+		} else {
+
+			color.Green("\nFound KubeArmor running in Systemd mode \n\n")
+
+			_, err := boldWhite.Printf("Host : \n")
+			if err != nil {
+				color.Red(" Error")
+			}
+			printKubeArmorProbeOutput(kd)
+			if len(policyData.HostMap) > 0 {
+				printHostPolicy(hostPolicyData)
+			}
+			printContainersSystemd(armoredContainers)
+
+		}
+
 		return nil
 	}
 	isRunning, daemonsetStatus := isKubeArmorRunning(c, o)
@@ -544,34 +581,104 @@ func isSystemdMode() bool {
 	if err != nil {
 		return false
 	}
-	color.Green("\nFound KubeArmor running in Systemd mode \n\n")
 	return true
 }
 
-func probeSystemdMode() error {
+func probeSystemdMode() (KubeArmorProbeData, error) {
 	jsonFile, err := os.Open("/tmp/karmorProbeData.cfg")
 	if err != nil {
 		log.Println(err)
-		return err
+		return KubeArmorProbeData{}, err
 	}
 
 	buf, err := io.ReadAll(jsonFile)
 	if err != nil {
 		log.Println("an error occured when reading file", err)
-		return err
-	}
-	_, err = boldWhite.Printf("Host : \n")
-	if err != nil {
-		color.Red(" Error")
+		return KubeArmorProbeData{}, err
 	}
+
 	var kd KubeArmorProbeData
 	var json = jsoniter.ConfigCompatibleWithStandardLibrary
 	err = json.Unmarshal(buf, &kd)
 	if err != nil {
-		return err
+		return KubeArmorProbeData{}, err
 	}
-	printKubeArmorProbeOutput(kd)
-	return nil
+	return kd, nil
+}
+
+func getPolicyData(o Options) (*pb.ProbeResponse, error) {
+	gRPC := ""
+
+	if o.GRPC != "" {
+		gRPC = o.GRPC
+	} else {
+		if val, ok := os.LookupEnv("KUBEARMOR_SERVICE"); ok {
+			gRPC = val
+		} else {
+			gRPC = "localhost:32767"
+		}
+	}
+	conn, err := grpc.Dial(gRPC, grpc.WithInsecure())
+	if err != nil {
+		return nil, err
+	}
+	client := pb.NewProbeServiceClient(conn)
+
+	resp, err := client.GetProbeData(context.Background(), &emptypb.Empty{})
+	if err != nil {
+		fmt.Println(err)
+		return nil, err
+	}
+
+	return resp, nil
+
+}
+func getArmoredContainerData(containerList []string, containerMap map[string]*pb.ContainerData) ([][]string, map[string][]string) {
+
+	var data [][]string
+	for _, containerName := range containerList {
+
+		if _, ok := containerMap[containerName]; ok {
+			if containerMap[containerName].PolicyEnabled == 1 {
+				for _, policyName := range containerMap[containerName].PolicyList {
+					data = append(data, []string{containerName, policyName})
+				}
+			}
+		} else {
+			data = append(data, []string{containerName, ""})
+		}
+
+	}
+	mp := make(map[string][]string)
+
+	for _, v := range data {
+
+		if val, exists := mp[v[0]]; exists {
+
+			val = append(val, v[1])
+			mp[v[0]] = val
+
+		} else {
+			mp[v[0]] = []string{v[1]}
+		}
+
+	}
+
+	return data, mp
+
+}
+func getHostPolicyData(policyData *pb.ProbeResponse) [][]string {
+
+	var data [][]string
+	for k, v := range policyData.HostMap {
+
+		for _, policy := range v.PolicyList {
+			data = append(data, []string{k, policy})
+		}
+
+	}
+	return data
+
 }
 
 func getAnnotatedPodLabels(m map[string]string) mapset.Set[string] {

probe/types.go

@@ -9,6 +9,7 @@ type Options struct {
 	Namespace string
 	Full      bool
 	Output    string
+	GRPC      string
 }
 
 // KubeArmorProbeData structure definition